last executing test programs: 15m2.66949899s ago: executing program 1 (id=771): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000006"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 15m2.199957583s ago: executing program 1 (id=773): mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x110, 0x29, 0x4, {0x4, 0x1f, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x6f, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b"}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x38, {0x1, 0xc, 0x7a, 0x8001, [0x5, 0x9, 0x4, 0x6, 0x4, 0xb]}}, @ra={0x5, 0x2, 0xa7e}, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x11, "e80ee304ecb784ec4655260cecea14e498"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x48, 0x29, 0x36, {0x5e, 0x5, '\x00', [@generic={0xff}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8}, @generic={0x1, 0x4, "2bdb86d1"}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x1f0}}], 0x1, 0x810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 15m1.896593251s ago: executing program 1 (id=775): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() getrlimit(0x2, &(0x7f0000000040)) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prlimit64(0x0, 0xd, 0x0, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000002d80)={0x0, 0x0, &(0x7f0000002d40)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000203010200000000000000000000000009000200000000470200000008000340000000000800010001"], 0x30}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004941}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) sendmsg$nl_route(r4, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x5}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) 14m59.536578235s ago: executing program 1 (id=782): bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) close(0x3) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1}, 0xc) 14m59.503581295s ago: executing program 1 (id=783): mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x110, 0x29, 0x4, {0x4, 0x1f, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x6f, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b"}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x38, {0x1, 0xc, 0x7a, 0x8001, [0x5, 0x9, 0x4, 0x6, 0x4, 0xb]}}, @ra={0x5, 0x2, 0xa7e}, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x11, "e80ee304ecb784ec4655260cecea14e498"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x48, 0x29, 0x36, {0x5e, 0x5, '\x00', [@generic={0xff}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8}, @generic={0x1, 0x4, "2bdb86d1"}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x1f0}}], 0x1, 0x810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14m59.344629429s ago: executing program 1 (id=786): sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000200)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1018e58, &(0x7f00000005c0)={[{@nogrpid}, {@noblock_validity}, {@quota}, {@max_batch_time={'max_batch_time', 0x3d, 0x9}}, {@nodiscard}, {@stripe={'stripe', 0x3d, 0x4}}, {@noauto_da_alloc}]}, 0x6, 0x648, &(0x7f0000001740)="$eJzs3c9rG9kdAPDvSJZjJ2mdlFKa0FJDDwmU2FYamraXOumhOQQaaA6l9BAT26mJ8oPYgdoNxIEeWmihlF5LyaX/wN6X3Pe2LOzubc8L2WXJsrvsLtEyo5Ety5KtOJaUeD4fkPXem5He+2r0NG9m/KQACmsy/VOKOBHx/FoSMdGy7Gg0Fk7m6z375MH19JZEvf67j5NI8rLm+kl+fyTPjEXE2xcjvlPeXu/y6trNuVq94WHEdOXW3enl1bUzS7fmbizcWLhdPfvzc+dnflE9V92XOI/k95cu//YH//zrn362+E7tTBKzcbXyl/loi2O/TMZkPM9DbC0fiYjzaaLD6/K6OQAhFFo5fz9WIuJ7MRHlLNcwEUv/GGrjgL6qlyPqQEEl+j8UVHMc0Dy27+04+GqfRyWD8/RC4wBoe/wjjXMjMZYdGx1+lrQcGY1k5zaO7UP9aR1fPzj53/QWW85DfL6xdUb2oZ5u1h9FxPc7xZ9kbTuWRZrGX9rSjiQiZiJiNG/fr1+iDUlLuh/nYXay1/hLETGb36flF/dY/2RbvkP8/dz8ABTUkwv5jnw9zW3u/9KxR3P8E9vGP41rQ+37rr3oYf/XV93Hf839/Vh2jrzUtiNOxyxXOj9lpb3gg79f+ne3+lvHf+ktrb85FhyEp48iTrbF/7c02Hz8k8afdNj+6SrXZnur4zfvfnSp27Jhx19/HHGq4/HP5qg0TU2vbL0+OZ4vq56rTi8u1RZmGn871vHmW3/8f7f6e4j/4T6F2lG6/Q93ib9l+5faH5e+Jnd7rOONK49vdVt2dNf4Sx+OJo3jzdG85M9zKyv3qhGjyeV8lcaFrKz87M5taa7TfI40/tM/7tz/t7z/H219nvHmR2YP7v7+5rNuy3bb/vW2a8dZ2Wby+baFLyiNf3737b+t/6dl/9rIdXuLHsr+fvaH+z/sVv9O8Y+/ZGwAAAAAAABQNKXsGmxSmtpIl0pTU435st+Nw6XaneWVnyzeuX97PuJ09v+QlVLzSvdEI5+k+Wr+/7DN/Nm2/E8j4nhE/Kc8nuWnrt+pzQ87eAAAAAAAAAAAAAAAAAAAAHhFHMnn/zd/p/rTcmP+P1AQfmEMikv/h+LK+v+2n3gCisD+H4pL/4fi0v+huPR/KC79H4pL/4fi0v+huPR/AAAAADiQjv/oyftJRKz/cjy7pUbzZWYEwcFWGXYDgKEpD7sBwNBsXPo32IfC6Wn8/2X+5YD9bw4wBEmnwmxwUN+58z/p+EgAAAAAAAAAAAAAoA9Oneg8/z/ZZW7A2MBaCPSLaX9QXC8x/99XB8Brzlf/Q3Ht8fu/fG0YHCC7zeLver7P/H8AAAAAAAAAAAAAGJij2S0pTTXmApfTu6mpiG9FxLGoJItLtYWZiPh2RLxXrhxK89WNR5s9DAAAAAAAAAAAAAAAAAAAAPtheXXt5lyttnCvNfHVtpKhJ0ajj1U0fwV1AOH8Kl7wUZEM/gUfj4iNkkrEi7a5f4lD+du20zqz0dvzjCyvriVf1DNjEevx6gTYMa4hJXb96Bjt6wcTAAAAAAAAAAAAAAAAAAAUUMvc485O/m/ALQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAwdv8/f/+JCoL95aHHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Hr6JgAA//+ccD/D") socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'bridge0\x00'}) sendmmsg$unix(r3, &(0x7f0000000540)=[{{&(0x7f00000000c0)=@file={0x1, './cgroup.cpu/cpuset.cpus/file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x80}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) 14m42.926277563s ago: executing program 32 (id=786): sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000200)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1018e58, &(0x7f00000005c0)={[{@nogrpid}, {@noblock_validity}, {@quota}, {@max_batch_time={'max_batch_time', 0x3d, 0x9}}, {@nodiscard}, {@stripe={'stripe', 0x3d, 0x4}}, {@noauto_da_alloc}]}, 0x6, 0x648, &(0x7f0000001740)="$eJzs3c9rG9kdAPDvSJZjJ2mdlFKa0FJDDwmU2FYamraXOumhOQQaaA6l9BAT26mJ8oPYgdoNxIEeWmihlF5LyaX/wN6X3Pe2LOzubc8L2WXJsrvsLtEyo5Ety5KtOJaUeD4fkPXem5He+2r0NG9m/KQACmsy/VOKOBHx/FoSMdGy7Gg0Fk7m6z375MH19JZEvf67j5NI8rLm+kl+fyTPjEXE2xcjvlPeXu/y6trNuVq94WHEdOXW3enl1bUzS7fmbizcWLhdPfvzc+dnflE9V92XOI/k95cu//YH//zrn362+E7tTBKzcbXyl/loi2O/TMZkPM9DbC0fiYjzaaLD6/K6OQAhFFo5fz9WIuJ7MRHlLNcwEUv/GGrjgL6qlyPqQEEl+j8UVHMc0Dy27+04+GqfRyWD8/RC4wBoe/wjjXMjMZYdGx1+lrQcGY1k5zaO7UP9aR1fPzj53/QWW85DfL6xdUb2oZ5u1h9FxPc7xZ9kbTuWRZrGX9rSjiQiZiJiNG/fr1+iDUlLuh/nYXay1/hLETGb36flF/dY/2RbvkP8/dz8ABTUkwv5jnw9zW3u/9KxR3P8E9vGP41rQ+37rr3oYf/XV93Hf839/Vh2jrzUtiNOxyxXOj9lpb3gg79f+ne3+lvHf+ktrb85FhyEp48iTrbF/7c02Hz8k8afdNj+6SrXZnur4zfvfnSp27Jhx19/HHGq4/HP5qg0TU2vbL0+OZ4vq56rTi8u1RZmGn871vHmW3/8f7f6e4j/4T6F2lG6/Q93ib9l+5faH5e+Jnd7rOONK49vdVt2dNf4Sx+OJo3jzdG85M9zKyv3qhGjyeV8lcaFrKz87M5taa7TfI40/tM/7tz/t7z/H219nvHmR2YP7v7+5rNuy3bb/vW2a8dZ2Wby+baFLyiNf3737b+t/6dl/9rIdXuLHsr+fvaH+z/sVv9O8Y+/ZGwAAAAAAABQNKXsGmxSmtpIl0pTU435st+Nw6XaneWVnyzeuX97PuJ09v+QlVLzSvdEI5+k+Wr+/7DN/Nm2/E8j4nhE/Kc8nuWnrt+pzQ87eAAAAAAAAAAAAAAAAAAAAHhFHMnn/zd/p/rTcmP+P1AQfmEMikv/h+LK+v+2n3gCisD+H4pL/4fi0v+huPR/KC79H4pL/4fi0v+huPR/AAAAADiQjv/oyftJRKz/cjy7pUbzZWYEwcFWGXYDgKEpD7sBwNBsXPo32IfC6Wn8/2X+5YD9bw4wBEmnwmxwUN+58z/p+EgAAAAAAAAAAAAAoA9Oneg8/z/ZZW7A2MBaCPSLaX9QXC8x/99XB8Brzlf/Q3Ht8fu/fG0YHCC7zeLver7P/H8AAAAAAAAAAAAAGJij2S0pTTXmApfTu6mpiG9FxLGoJItLtYWZiPh2RLxXrhxK89WNR5s9DAAAAAAAAAAAAAAAAAAAAPtheXXt5lyttnCvNfHVtpKhJ0ajj1U0fwV1AOH8Kl7wUZEM/gUfj4iNkkrEi7a5f4lD+du20zqz0dvzjCyvriVf1DNjEevx6gTYMa4hJXb96Bjt6wcTAAAAAAAAAAAAAAAAAAAUUMvc485O/m/ALQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAwdv8/f/+JCoL95aHHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Hr6JgAA//+ccD/D") socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'bridge0\x00'}) sendmmsg$unix(r3, &(0x7f0000000540)=[{{&(0x7f00000000c0)=@file={0x1, './cgroup.cpu/cpuset.cpus/file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x80}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) 4.07806294s ago: executing program 2 (id=3478): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000540)="43210098") 3.928676764s ago: executing program 4 (id=3480): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r8 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r3, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1}, 0x4) 3.400717158s ago: executing program 4 (id=3486): r0 = creat(&(0x7f0000000080)='./file0\x00', 0xdafbe5d6891b6e0) r1 = inotify_init1(0x80000) inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x20000000) write$binfmt_elf32(r0, &(0x7f0000000280)=ANY=[@ANYRESOCT=r0], 0x69) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000a532cb00"/28], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4) sendmsg$unix(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), r8) sendmsg$WG_CMD_GET_DEVICE(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r9, 0x301, 0x70bd2c, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40080c0}, 0x20040000) 2.368638625s ago: executing program 4 (id=3489): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x2a, 0x8001, 0x2, 0x6, 0x6, 0x5, 0x3, 0x200, 0xfffffffb}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24004800}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0x1}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x30004001}, 0x4008800) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.295109308s ago: executing program 3 (id=3490): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x8000}, 0x8) 2.22013566s ago: executing program 0 (id=3491): unshare(0x22020400) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xce, 0x0, 0x0) 2.120754812s ago: executing program 3 (id=3492): r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) fcntl$notify(r0, 0x402, 0x40000029) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) r4 = pidfd_getfd(r3, r3, 0x0) setns(r4, 0x66020000) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 2.035214835s ago: executing program 0 (id=3493): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@noload}, {@stripe={'stripe', 0x3d, 0xdc}}, {@nomblk_io_submit}, {@noload}, {@abort}, {@auto_da_alloc}]}, 0xff, 0x459, &(0x7f00000004c0)="$eJzs3MtvVNUfAPDvvTMtlMev/Sk+QNAqGomPlpbnwg1GExeamOgC46q2hSADVVoTIUTRBS4NiXvj0sS/wJVujLoycat7Q0IMG9DEZMy9c28ZhpnSoQODzOeTXDhn7pne873nnplzz5mZAAbWePZPErEpIn6LiNFG9voC443/rl4+O/vX5bOzSdTrb/yZ5OWuXD47WxYtn7exkanXi/y6Nsc9/3bETK02f6rITy6deG9y8fSZ54+dmDk6f3T+5PTBg3v37BjeP72vJ3FmcV3Z9tHC9q2vvHXhtdnDF9756ZusvpuK/c1x9MjIeOPstvVUjw/Wb5ub0km1jxWhK5WIyJprKO//o1GJkeV9o/Hyp32tHHBb1ev1erv358K5OnAPS6LfNQD6o3yjz+5/y+0ODT3uCpcORbx/oBH/1WJr7KlGWpQZarm/7aXxiDh87u8vsy1uzzwEAMB1vjsUEc+1G/+l8WBTuf8VayhjEfH/iLgvIu6PiC0R8UBEXvahiHi4y+O3rpDcOP5JL95SYKuUjf9eKNa2lsd//9Tz+AtjlSK3OY9/KDlyrDa/uzgnu2JoXZafWuEY37/06+ed9jWP/7ItO345FmxIL1ZbJujmZpZm1hj2skufRGyrtsSfS6JcxkkiYmtEbOvqL1+7wzj2zNfbO5W6efwr6ME6U/2riKcb7X8uWuIvJR3XJ6cO7J/eN7k+avO7J8ur4kY//3L+9U7HX1P8PZC1/4bW6z+3HP9Ysj5i8fSZ4/l67WK0rhDf1PnfP+t4T3Or1/9w8maeHi4e+3BmaenUVMRw8uqNj09fe26RrzbHv2tnu/jT/DWujPaRiMgu4h0R8WhEPFbU/fGIeCIidq4Q/48vPvlu9/GvMCvfQ1n8czdr/2hu/+4TleM/fNt9/KWs/ffmqV3FI6t5/VttBddy7gAAAOC/Is0/A5+kE8vpNJ2YaHyGf0tsSGsLi0vPHln44ORc47PyYzGUljNdo03zoVPF3HCZn27J7ynmjb+ojOT5idmF2ly/g4cBt7FD/8/8Uel37YDbzve1YHDp/zC49H8YXPo/DC79HwZXu/7/cR/qAdx53v9hcOn/MLj0fxhc+j8MpI7fjU/X9JV/iXs+EWn3z6pGX+ucrPTDECN3xVltk6iu+scsbjGxru2ufr8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Ma/AQAA//+nZunQ") prlimit64(0x0, 0xe, 0x0, 0x0) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) 2.001743996s ago: executing program 3 (id=3494): syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x2, 0x48) write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='b *:2 m'], 0x9) 1.995205576s ago: executing program 4 (id=3495): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c", 0x17}], 0x1}}], 0x1, 0x2090) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14020000", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf250100030008000100010000000c0004800500030080ff00000800020001"], 0x214}, 0x1, 0x0, 0x0, 0x1}, 0x48084) 1.84440528s ago: executing program 2 (id=3496): r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$NL80211_CMD_SET_MAC_ACL(r0, &(0x7f0000001140)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001100)={0x0, 0x170}, 0x1, 0x0, 0x0, 0x4044801}, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000440)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000180)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)="81b60ff1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, &(0x7f00000004c0)=[{0x0, 0x2, {0x1, 0xff, 0x2}, {0x2, 0x1}, 0x2, 0xfc}], 0x20) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newtfilter={0x24, 0x11, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x74, r3, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050) quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000901, 0x0, 0x0) 1.83726791s ago: executing program 0 (id=3497): r0 = creat(&(0x7f0000000080)='./file0\x00', 0xdafbe5d6891b6e0) r1 = inotify_init1(0x80000) inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x20000000) write$binfmt_elf32(r0, &(0x7f0000000280)=ANY=[@ANYRESOCT=r0], 0x69) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000a532cb00"/28], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4) sendmsg$unix(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), r8) sendmsg$WG_CMD_GET_DEVICE(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r9, 0x301, 0x70bd2c, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40080c0}, 0x20040000) 1.806222031s ago: executing program 3 (id=3498): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x9) write$binfmt_aout(r0, &(0x7f0000000500)=ANY=[], 0xff2e) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) read(r0, &(0x7f0000000080)=""/1, 0x1) 1.741659463s ago: executing program 4 (id=3499): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_adjtime(0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) bpf$PROG_LOAD(0x5, 0x0, 0x0) ptrace$getregset(0x4204, r3, 0x2, 0x0) r4 = socket$inet(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd700003f4ff0000000000000000000000000000000000ff02000000000000000000000000000100000000000000000a00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000fcffffffff7f400002000000000000080000000000000000"], 0xfc}}, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=ANY=[@ANYBLOB="0213000e02"], 0x10}}, 0x4000050) 1.036707321s ago: executing program 2 (id=3500): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bridge_slave_0\x00', 0x0}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a32, 0xc000, 0x7, 0x337}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRES32=r1, @ANYBLOB="000000000000000010010c"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) 906.519765ms ago: executing program 2 (id=3501): unshare(0x22020400) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xce, 0x0, 0x0) 791.881868ms ago: executing program 2 (id=3502): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$notify(r0, 0x402, 0x40000029) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, 0x0, 0x0) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) r4 = pidfd_getfd(r3, r3, 0x0) setns(r4, 0x66020000) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 765.598099ms ago: executing program 0 (id=3503): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x8000}, 0x8) 714.048581ms ago: executing program 4 (id=3504): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000540)="43210098") 656.688082ms ago: executing program 3 (id=3505): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x2a, 0x8001, 0x2, 0x6, 0x6, 0x5, 0x3, 0x200, 0xfffffffb}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24004800}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0x1}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x30004001}, 0x4008800) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 565.853285ms ago: executing program 2 (id=3506): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000cc0)}], 0x1) pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x3) unshare(0x22020600) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, 'syzkaller1\x00'}}, 0x1e) mprotect(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x4) syz_mount_image$ext4(&(0x7f00000009c0)='ext4\x00', &(0x7f0000000540)='./file0\x00', 0x800718, &(0x7f0000000200)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x48d, &(0x7f0000000a00)="$eJzs281rHOUfAPDvTLJJ++tL8qv1pbVqtAhBMWnSqj14USqIVBT0UI8x2ZbQbSNNFFuLTUU8CVLQs3gU/Qu8iSDqSfDqyZMUivbS1lNkZmeSTbp5odlk0+7nAzP7PDPP5nm+eebl2Xl2A+hYA9kqidgZEX9ERF89u7jAQP3l5vWL47euXxxPYm7uzb+TvNyN6xfHy6Ll+3YUmcE0Iv0kKSpZbPr8hdNjtVr1XJEfnjnz7vD0+QvPvH9m7FT1VPXs6NGjRw6PPP/c6LMtiTOL68b+j6YO7Hvl7SuvjZ+48s4v32Xt3Vnsb4yjVQaywP+Zyy3d92SrK2uzXfm6N18n3W1uDGvWFRFZd1Xy878vumKh8/ri5Y/b2jhgQ2X3pt7ld8/OAfewJNZastJwzQDufuWNPvv8Wy6bMOzYMq69WP8AlMV9s1jqe7ojLcpU5j/ftt5ARJyY/ferbIkNeg4BANDos/Evj/dEb3x469tXs7FH3/yeNB7IX//M17uLOZT+iPh/ROyJiPsiYm9E3B+Rl30wIh5aZ3tuH/+kV9f5J1eUjf9eKOa2Fo//ytFf9HcVuV15/JXk5GSteqj4nwxGpTfLj6xQxw/Hfv98uX2N479syeovx4JFO652L3lANzE2MxaV9US94NrliP3dzeJP5mcCkojYFxH759+1pgme3WVi8qlvDixXaPX4V9CCeaa5r7PwZrP4Z2NJ/KWkcX5y8rb5yeFtUaseGi6Pitv9+tunbyxX/7rib4Fr1fprQ/8vLdKfNM7XTre2/js8/tOe5K36PHPRUR+MzcycG4noSY7nG3uKsvn20YX3lvmyfHb8Dx5sfv7viYUKHo6I7CB+JCIejYjHirY/HhFPRMTBFWL8+aXV44+0Tf1/OWKi6fVv/vhf0v/nL5wuL40LW1ZMdJ3+6fvl6l9b/x/JU4PFlvz6t4pmzelu0uQ7/b8BAADA3STNvwOfpEPz6TQdGqp/h39v/C+tTU3PPH1y6r2zE/XvyvdHJS2fdPUVz0Nrk7XqSDJb/MVKcixq1dHiWXH5vPRw8dz4i67teX5ofKo20ebYodPtWOb8z/zV1e7WARtse9Otoz2b3hCgDZbOo6eLs5deDxcDuFf5vTZ0rlXO/3Sz2gFsPvd/6FzNzv9LS/LmAuDe5P4Pncv5Dx0q/bHdLQDayP0fOtKqP95vT2Jb45aelQv3bJE2tyyxVTslT0SUiXRLtEdigxLtvjIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0xn8BAAD//1be2cI=") bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x21, 0x5, 0x9, 0x9, 0x40, 0xffffffffffffffff, 0x5, '\x00', r2, r1, 0x3, 0x4}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_ext={0x1c, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x8, 0x45, &(0x7f0000000480)=""/69, 0x41100, 0x1, '\x00', r2, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1d58a, r3, 0x0, &(0x7f00000009c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x5}, 0x94) 429.838428ms ago: executing program 0 (id=3507): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000025c0)}, 0x40012100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81ffffffffb9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 100.746557ms ago: executing program 3 (id=3508): r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x810, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x4, 0x9, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0x9, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0xcd, 0xfe}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000240)={0xa, 0x10001}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000140), 0x0) syz_open_dev$evdev(&(0x7f0000000340), 0x104, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x28, {0x28, 0xe, "417ed7e7ab5d453fbee3b61ea83064f14237aea0796360fc2308b403941384b7c9ef9ba7fc67"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 0 (id=3509): syz_init_net_socket$x25(0x9, 0x5, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) socket$key(0xf, 0x3, 0x2) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)={'enc=', 'oaep', ' hash=', {'blake2s-224-generic\x00'}}, 0x0, 0x0) r4 = dup(0xffffffffffffffff) ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, 0x0) setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f00000000c0)={0x0, 0x5}, 0x8) r5 = socket$nl_route(0x10, 0x3, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001000010025bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000080004000024000008001b"], 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x0) fcntl$getown(r0, 0x9) kernel console output (not intermixed with test programs): attributes in process `syz.0.1494'. [ 596.910757][T10940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1521'. [ 596.941056][T10940] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1521'. [ 599.905229][T10956] overlayfs: missing 'lowerdir' [ 600.716918][T10967] fuse: Bad value for 'fd' [ 608.949934][T11000] overlayfs: missing 'lowerdir' [ 611.939188][T11025] fuse: Bad value for 'fd' [ 613.461111][T11035] overlayfs: missing 'lowerdir' [ 617.582203][T11069] overlayfs: missing 'lowerdir' [ 618.345846][T11047] overlayfs: failed to clone upperpath [ 618.402179][T11076] overlayfs: failed to clone upperpath [ 621.296192][T11091] fuse: Bad value for 'fd' [ 623.077010][T11099] xt_hashlimit: size too large, truncated to 1048576 [ 623.084213][T11099] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 624.857080][T11121] overlayfs: missing 'lowerdir' [ 627.550099][T11149] bridge0: port 2(bridge_slave_1) entered disabled state [ 627.559063][T11149] bridge0: port 1(bridge_slave_0) entered disabled state [ 627.567942][T11149] bridge0: entered allmulticast mode [ 628.589828][T11158] fuse: Bad value for 'fd' [ 633.527680][T11186] overlayfs: missing 'lowerdir' [ 637.930470][T11221] fuse: Bad value for 'fd' [ 642.308145][T11238] overlayfs: missing 'lowerdir' [ 646.378741][T11265] overlayfs: missing 'lowerdir' [ 649.022952][T11268] fuse: Bad value for 'fd' [ 654.968401][T11295] overlayfs: missing 'lowerdir' [ 655.267623][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 657.902623][T11298] fuse: Bad value for 'fd' [ 658.446562][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.020175][T11612] overlayfs: failed to clone lowerpath [ 688.748308][T11646] overlayfs: failed to clone lowerpath [ 693.035306][T11691] overlayfs: failed to clone lowerpath [ 694.284045][T11689] overlayfs: failed to clone upperpath [ 696.126396][T11726] overlayfs: failed to clone lowerpath [ 697.796261][T11743] xt_TPROXY: Can be used only with -p tcp or -p udp [ 697.809238][T11743] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1791'. [ 699.706052][T11759] overlayfs: failed to clone lowerpath [ 702.875156][T11781] xt_TPROXY: Can be used only with -p tcp or -p udp [ 702.886580][T11781] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1803'. [ 702.986273][T11785] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1805'. [ 704.434965][T11801] overlayfs: failed to clone lowerpath [ 708.128449][T11837] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1815'. [ 709.543583][T11847] xt_TPROXY: Can be used only with -p tcp or -p udp [ 709.556415][T11847] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1817'. [ 712.722625][T11891] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1824'. [ 713.321070][T11894] overlayfs: failed to clone lowerpath [ 713.570220][T11901] xt_TPROXY: Can be used only with -p tcp or -p udp [ 713.582953][T11901] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1826'. [ 717.149948][T11927] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1835'. [ 717.529394][T11934] xt_TPROXY: Can be used only with -p tcp or -p udp [ 717.542115][T11934] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1836'. [ 720.769080][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 720.775532][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.122850][T12243] overlayfs: failed to clone lowerpath [ 759.175177][T12291] overlayfs: failed to clone lowerpath [ 760.205645][T12300] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 763.914082][T12342] overlayfs: failed to clone lowerpath [ 768.335640][T12384] overlayfs: failed to clone upperpath [ 774.502789][T12441] xt_TPROXY: Can be used only with -p tcp or -p udp [ 774.510774][T12441] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2009'. [ 777.887722][T12482] xt_TPROXY: Can be used only with -p tcp or -p udp [ 777.895553][T12482] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2023'. [ 781.488863][T12519] xt_TPROXY: Can be used only with -p tcp or -p udp [ 781.496844][T12519] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2038'. [ 785.539500][T12567] overlayfs: failed to resolve './file0': -2 [ 786.396884][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 786.403700][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.541835][T12890] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 818.899573][T12919] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 827.320134][T13006] xt_TPROXY: Can be used only with -p tcp or -p udp [ 829.251058][T13000] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2219'. [ 833.622219][T13059] xt_TPROXY: Can be used only with -p tcp or -p udp [ 833.662924][T13059] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2232'. [ 837.391674][T13099] xt_TPROXY: Can be used only with -p tcp or -p udp [ 837.399591][T13099] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2246'. [ 842.572783][T13132] overlayfs: failed to clone lowerpath [ 843.760741][T13151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 843.770583][T13151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 843.781190][T13151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 843.797141][T13151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 843.808257][T13151] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 843.815711][T13151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 843.830678][T13140] xt_TPROXY: Can be used only with -p tcp or -p udp [ 843.838469][T13140] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2262'. [ 843.851116][ T7932] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.047820][ T7932] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.175723][ T7932] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.307518][ T7932] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.162871][T13148] chnl_net:caif_netlink_parms(): no params data found [ 846.062722][ T5085] Bluetooth: hci0: command tx timeout [ 846.267208][T13148] bridge0: port 1(bridge_slave_0) entered blocking state [ 846.325486][T13148] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.368141][T13148] bridge_slave_0: entered allmulticast mode [ 846.419510][T13148] bridge_slave_0: entered promiscuous mode [ 846.566371][T13190] overlayfs: failed to clone lowerpath [ 846.712572][T13148] bridge0: port 2(bridge_slave_1) entered blocking state [ 847.011908][T13148] bridge0: port 2(bridge_slave_1) entered disabled state [ 847.173871][T13148] bridge_slave_1: entered allmulticast mode [ 847.234032][T13148] bridge_slave_1: entered promiscuous mode [ 847.502592][T13148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 847.582246][T13148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 848.089510][T13148] team0: Port device team_slave_0 added [ 848.146010][T13148] team0: Port device team_slave_1 added [ 848.297376][ T5085] Bluetooth: hci0: command tx timeout [ 848.522048][T13148] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 848.529096][T13148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 848.720377][T13148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 848.773857][T13148] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 848.889496][T13148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 848.986085][T13148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 849.511888][T13148] hsr_slave_0: entered promiscuous mode [ 849.537220][T13148] hsr_slave_1: entered promiscuous mode [ 849.543865][T13148] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 849.589077][T13148] Cannot create hsr debugfs directory [ 849.702676][ T7932] hsr_slave_0: left promiscuous mode [ 849.737027][ T7932] hsr_slave_1: left promiscuous mode [ 849.977404][ T7932] veth1_macvtap: left promiscuous mode [ 849.983046][ T7932] veth0_macvtap: left promiscuous mode [ 850.089064][T13232] overlayfs: failed to clone lowerpath [ 850.215452][ T7932] veth1_vlan: left promiscuous mode [ 850.489399][ T7932] veth0_vlan: left promiscuous mode [ 850.507788][ T5085] Bluetooth: hci0: command tx timeout [ 852.052159][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 852.058664][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 852.741264][ T5085] Bluetooth: hci0: command tx timeout [ 853.830411][ T7932] bond0 (unregistering): Released all slaves [ 854.639531][T13270] overlayfs: failed to clone lowerpath [ 855.142009][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.173684][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.184075][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.194403][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.204899][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.215732][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.225806][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.447696][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.458338][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 855.468879][T13280] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 856.457095][T13148] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 856.653155][T13148] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 856.668206][T13148] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 856.682517][T13148] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 857.031500][T13148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 857.108986][T13148] 8021q: adding VLAN 0 to HW filter on device team0 [ 857.180279][ T7912] bridge0: port 1(bridge_slave_0) entered blocking state [ 857.187543][ T7912] bridge0: port 1(bridge_slave_0) entered forwarding state [ 857.211650][ T7912] bridge0: port 2(bridge_slave_1) entered blocking state [ 857.218922][ T7912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 859.442133][T13330] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2302'. [ 859.504212][T13330] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2302'. [ 859.943912][T13339] netlink: 'syz.0.2304': attribute type 6 has an invalid length. [ 860.139250][T13148] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 860.271443][T13344] netlink: 'syz.0.2306': attribute type 10 has an invalid length. [ 860.527690][T13344] macvlan1: entered allmulticast mode [ 860.553070][T13344] veth1_vlan: entered allmulticast mode [ 860.591729][T13344] team0: Port device macvlan1 added [ 861.063852][T13148] veth0_vlan: entered promiscuous mode [ 861.149504][T13148] veth1_vlan: entered promiscuous mode [ 861.272632][T13148] veth0_macvtap: entered promiscuous mode [ 861.320226][T13148] veth1_macvtap: entered promiscuous mode [ 861.372414][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 861.393926][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.425076][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 861.460102][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.482311][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 861.509768][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.541177][T13148] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 861.581233][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.610558][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.636401][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.668917][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.693916][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.729743][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.755249][T13148] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 861.786391][T13148] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 861.799984][T13148] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 861.809568][T13148] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 861.823816][T13148] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.035637][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 862.070267][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 862.159711][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 862.178745][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 863.765636][T13379] loop3: detected capacity change from 0 to 32768 [ 863.766643][T13151] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 863.803872][T13151] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 863.817904][T13151] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 863.835136][T13151] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 863.857868][T13151] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 863.870436][T13151] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 863.974819][T13379] XFS (loop3): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 864.160730][ T7912] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 864.344011][T13379] XFS (loop3): Starting recovery (logdev: internal) [ 864.385226][ T7912] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 864.500113][T13379] XFS (loop3): Ending recovery (logdev: internal) [ 864.660195][ T7912] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 864.887348][ T7912] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 865.216627][T13148] XFS (loop3): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 865.463696][T13403] chnl_net:caif_netlink_parms(): no params data found [ 866.133411][ T5085] Bluetooth: hci2: command tx timeout [ 867.307691][T13477] x_tables: duplicate underflow at hook 3 [ 868.096184][T13403] bridge0: port 1(bridge_slave_0) entered blocking state [ 868.103587][T13403] bridge0: port 1(bridge_slave_0) entered disabled state [ 868.111108][T13403] bridge_slave_0: entered allmulticast mode [ 868.118902][T13403] bridge_slave_0: entered promiscuous mode [ 868.127707][T13403] bridge0: port 2(bridge_slave_1) entered blocking state [ 868.135147][T13403] bridge0: port 2(bridge_slave_1) entered disabled state [ 868.142573][T13403] bridge_slave_1: entered allmulticast mode [ 868.149994][T13403] bridge_slave_1: entered promiscuous mode [ 868.157647][T13483] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2333'. [ 868.331127][ T5085] Bluetooth: hci2: command tx timeout [ 869.199452][T13403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 869.264501][T13403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 869.491178][T13403] team0: Port device team_slave_0 added [ 869.508520][T13403] team0: Port device team_slave_1 added [ 869.735118][T13403] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 869.742161][T13403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 869.769513][T13403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 869.906570][T13403] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 869.935078][T13403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 870.008590][T13403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 870.051889][T13510] netlink: 'syz.2.2343': attribute type 8 has an invalid length. [ 870.064194][T13510] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2343'. [ 870.512493][ T5085] Bluetooth: hci2: command tx timeout [ 871.302621][T13403] hsr_slave_0: entered promiscuous mode [ 871.343976][T13403] hsr_slave_1: entered promiscuous mode [ 871.365425][T13403] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 871.399105][T13403] Cannot create hsr debugfs directory [ 872.215240][T13554] xt_TPROXY: Can be used only with -p tcp or -p udp [ 872.223120][T13554] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2354'. [ 872.237767][ T7912] hsr_slave_0: left promiscuous mode [ 872.274071][ T7912] hsr_slave_1: left promiscuous mode [ 872.312510][ T7912] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 872.359600][ T7912] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 872.418378][ T7912] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 872.466740][ T7912] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 872.523273][ T7912] bridge_slave_1: left allmulticast mode [ 872.562190][ T7912] bridge_slave_1: left promiscuous mode [ 872.602056][ T7912] bridge0: port 2(bridge_slave_1) entered disabled state [ 872.640871][ T7912] bridge_slave_0: left allmulticast mode [ 872.646632][ T7912] bridge_slave_0: left promiscuous mode [ 872.677541][ T7912] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.735210][ T5085] Bluetooth: hci2: command tx timeout [ 872.775540][ T7912] veth1_macvtap: left promiscuous mode [ 872.815082][ T7912] veth0_macvtap: left promiscuous mode [ 872.833155][ T7912] veth1_vlan: left allmulticast mode [ 872.860801][ T7912] veth1_vlan: left promiscuous mode [ 872.876163][ T7912] veth0_vlan: left promiscuous mode [ 873.363820][T13567] loop3: detected capacity change from 0 to 4096 [ 873.394848][T13567] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 873.524489][ T7912] team0 (unregistering): Port device macvlan1 removed [ 874.290139][ T7912] team0 (unregistering): Port device team_slave_1 removed [ 874.375149][ T7912] team0 (unregistering): Port device team_slave_0 removed [ 874.463159][ T7912] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 874.550541][ T7912] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 875.632265][ T7912] bond0 (unregistering): Released all slaves [ 875.771655][T13565] netlink: 'syz.4.2357': attribute type 1 has an invalid length. [ 875.779481][T13565] netlink: 'syz.4.2357': attribute type 4 has an invalid length. [ 875.812786][T13565] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.2357'. [ 876.070145][T13586] fuse: Bad value for 'fd' [ 876.744222][T13403] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 876.792432][T13403] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 877.796599][T13403] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 877.870422][T13403] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 878.232800][T13403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 878.290430][T13403] 8021q: adding VLAN 0 to HW filter on device team0 [ 878.333115][ T7914] bridge0: port 1(bridge_slave_0) entered blocking state [ 878.340422][ T7914] bridge0: port 1(bridge_slave_0) entered forwarding state [ 878.372404][T13623] loop3: detected capacity change from 0 to 4096 [ 878.400090][T13623] EXT4-fs: inline encryption not supported [ 878.459583][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 878.466862][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 878.498985][T13623] EXT4-fs (loop3): Test dummy encryption mode enabled [ 878.543377][T13623] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 878.565298][T13623] System zones: 0-5 [ 878.584948][T13623] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 878.653877][T13403] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 879.048147][T13623] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 879.967990][T13403] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 880.483554][T13638] fscrypt (loop3): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 880.535975][T13638] overlayfs: upper fs does not support tmpfile. [ 880.614602][T13667] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2380'. [ 880.633424][T13638] fscrypt (loop3): Error allocating 'xts(aes)' transform: -4 [ 880.656332][T13403] veth0_vlan: entered promiscuous mode [ 880.726847][T13403] veth1_vlan: entered promiscuous mode [ 880.914526][T13403] veth0_macvtap: entered promiscuous mode [ 880.949765][T13403] veth1_macvtap: entered promiscuous mode [ 881.018265][T13403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 881.059321][T13403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 881.069235][T13403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 881.133959][T13403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 881.143861][T13403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 881.201733][T13403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 881.242888][T13403] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 881.304048][T13403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 881.379789][T13403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 881.405966][T13403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 881.453942][T13403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 881.497353][T13403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 881.522178][T13403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 881.573566][T13403] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 881.638260][T13403] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.680952][T13403] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.726485][T13403] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.746314][T13403] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.059622][ T7912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.106443][ T7912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.175401][ T7922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.196103][ T7922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.200223][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 882.345205][T13705] loop3: detected capacity change from 0 to 512 [ 882.373817][T13705] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 882.492679][T13705] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.2388: bg 0: block 104: invalid block bitmap [ 882.565299][T13705] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 882.675964][T13705] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.2388: invalid indirect mapped block 1 (level 1) [ 882.736306][T13705] EXT4-fs (loop3): 1 truncate cleaned up [ 882.774163][T13705] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 882.798584][T13721] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2390'. [ 882.974628][T13724] overlayfs: overlapping lowerdir path [ 883.436615][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 883.753016][T13740] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2394'. [ 883.815477][T13739] loop0: detected capacity change from 0 to 4096 [ 883.840635][T13739] EXT4-fs: inline encryption not supported [ 883.882923][T13739] EXT4-fs (loop0): Test dummy encryption mode enabled [ 883.911485][T13739] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 883.988047][T13739] System zones: 0-5 [ 883.999476][T13739] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 884.844553][T13759] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 885.422645][T13765] overlayfs: overlapping lowerdir path [ 886.903447][T13403] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 887.960630][T13806] overlayfs: failed to clone lowerpath [ 889.363761][T13816] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2419'. [ 889.408892][T13826] loop3: detected capacity change from 0 to 512 [ 889.468970][T13826] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 889.500071][ T7932] Bluetooth: hci3: Frame reassembly failed (-84) [ 889.509164][T13826] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 889.572165][ T7932] Bluetooth: hci3: Frame reassembly failed (-84) [ 889.637463][T13826] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present [ 889.679133][T13826] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 889.696377][T13826] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.2422: Failed to acquire dquot type 1 [ 889.712544][T13826] EXT4-fs (loop3): Remounting filesystem read-only [ 889.823610][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 890.039199][T13844] loop3: detected capacity change from 0 to 512 [ 890.075243][T13844] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 890.142422][T13844] EXT4-fs error (device loop3): xattr_find_entry:337: inode #15: comm syz.3.2426: corrupted xattr entries [ 890.174550][T13844] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 890.225688][T13844] EXT4-fs (loop3): 1 truncate cleaned up [ 890.248345][T13844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 891.628080][ T5085] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 892.645835][T13838] loop0: detected capacity change from 0 to 40427 [ 892.682408][T13838] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 892.734959][T13838] F2FS-fs (loop0): invalid crc value [ 892.779031][T13838] F2FS-fs (loop0): Found nat_bits in checkpoint [ 892.798192][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 893.304780][T13888] loop3: detected capacity change from 0 to 512 [ 893.328199][T13888] EXT4-fs: Ignoring removed orlov option [ 893.347222][T13888] EXT4-fs (loop3): Test dummy encryption mode enabled [ 893.358993][T13888] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 893.406688][T13888] EXT4-fs (loop3): 1 truncate cleaned up [ 893.421956][T13888] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 894.969240][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 895.232637][T13910] loop3: detected capacity change from 0 to 2048 [ 895.329066][T13910] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 895.400025][T13913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2445'. [ 898.787071][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 901.596737][T13151] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 901.619401][T13151] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 901.629592][T13151] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 901.642677][T13151] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 901.651955][T13151] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 901.659348][T13151] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 903.264221][T13982] chnl_net:caif_netlink_parms(): no params data found [ 903.632559][T13982] bridge0: port 1(bridge_slave_0) entered blocking state [ 903.665042][T13982] bridge0: port 1(bridge_slave_0) entered disabled state [ 903.698162][T13982] bridge_slave_0: entered allmulticast mode [ 903.745103][T13982] bridge_slave_0: entered promiscuous mode [ 903.759765][T14013] loop3: detected capacity change from 0 to 128 [ 903.771187][T13982] bridge0: port 2(bridge_slave_1) entered blocking state [ 903.794201][T13982] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.854064][T13151] Bluetooth: hci5: command tx timeout [ 904.008380][T14015] xt_TPROXY: Can be used only with -p tcp or -p udp [ 904.020882][T14015] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2473'. [ 904.260706][T13982] bridge_slave_1: entered allmulticast mode [ 904.520758][T13982] bridge_slave_1: entered promiscuous mode [ 904.604426][T13982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 904.626458][T13982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 904.943118][T13982] team0: Port device team_slave_0 added [ 905.201918][T13982] team0: Port device team_slave_1 added [ 905.509810][ T28] audit: type=1800 audit(1777479409.224:28): pid=14013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2476" name="bus" dev="loop3" ino=1048607 res=0 errno=0 [ 905.631686][T14024] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2478'. [ 905.680614][T13982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 905.687668][T13982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 905.723793][T13982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 905.819557][T13982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 905.826590][T13982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 905.914982][T13982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 905.928279][T14029] program syz.0.2481 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 906.076345][T13151] Bluetooth: hci5: command tx timeout [ 906.107808][T13982] hsr_slave_0: entered promiscuous mode [ 906.114818][T13982] hsr_slave_1: entered promiscuous mode [ 906.128846][T13982] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 906.136484][T13982] Cannot create hsr debugfs directory [ 906.818758][T14045] xt_TPROXY: Can be used only with -p tcp or -p udp [ 906.829286][T14045] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2484'. [ 907.437495][T13982] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 908.297956][ T5085] Bluetooth: hci5: command tx timeout [ 908.386299][T13982] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 908.702389][T13982] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 908.784913][T14055] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2488'. [ 908.896381][T13982] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 909.090442][T14057] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2489'. [ 909.122772][T14057] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2489'. [ 909.150455][T14057] net_ratelimit: 1452 callbacks suppressed [ 909.150472][T14057] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 909.482537][T13982] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 909.503728][T13982] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 910.868031][ T5085] Bluetooth: hci5: command tx timeout [ 911.430086][T13982] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 911.462821][T13982] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 911.766851][T13982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 911.863620][T13982] 8021q: adding VLAN 0 to HW filter on device team0 [ 911.895320][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 911.902603][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 911.936998][ T7932] bridge0: port 2(bridge_slave_1) entered blocking state [ 911.944251][ T7932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 911.979602][T14081] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2497'. [ 912.864914][T13982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 913.318547][T13982] veth0_vlan: entered promiscuous mode [ 913.338252][T14094] xt_TPROXY: Can be used only with -p tcp or -p udp [ 913.378908][T13982] veth1_vlan: entered promiscuous mode [ 913.401990][T14092] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2493'. [ 913.484532][T13982] veth0_macvtap: entered promiscuous mode [ 913.526426][T13982] veth1_macvtap: entered promiscuous mode [ 913.596676][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.632994][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 913.822719][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.854846][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 913.897576][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.924597][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.256566][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 914.464303][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.621550][T13982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 914.668600][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 914.721791][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.762968][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 914.802240][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.822996][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 914.845142][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.865528][T13982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 914.886471][T13982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.908755][T13982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 914.961937][T13982] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 914.998125][T13982] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.006912][T13982] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.040851][T13982] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.334625][ T7932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 915.370081][ T7932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 915.388827][ T7912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 915.420054][ T7912] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 917.206167][T14131] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2511'. [ 918.146668][T14133] loop3: detected capacity change from 0 to 512 [ 918.156864][T14133] ext2: Unknown parameter 'permit_directio' [ 918.366011][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 918.372901][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 919.847303][T14147] xt_TPROXY: Can be used only with -p tcp or -p udp [ 919.909410][T14147] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2514'. [ 919.990247][ T2969] nci: nci_rsp_packet: unknown rsp opcode 0x6 [ 922.019231][T14176] loop2: detected capacity change from 0 to 4096 [ 922.033279][T14176] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 923.015482][T14150] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 924.039945][T14199] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2530'. [ 925.706590][T14213] xt_TPROXY: Can be used only with -p tcp or -p udp [ 925.728844][T14213] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2528'. [ 925.769323][T14212] loop3: detected capacity change from 0 to 4096 [ 925.796559][T14212] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 926.091956][T14221] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2534'. [ 926.448545][T14225] loop7: detected capacity change from 0 to 7 [ 927.377039][T14239] loop3: detected capacity change from 0 to 512 [ 927.389791][T14239] ext2: Unknown parameter 'permit_directio' [ 931.017447][T14280] xt_TPROXY: Can be used only with -p tcp or -p udp [ 931.044211][T14280] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2549'. [ 931.317072][T14287] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 931.884740][T14292] overlayfs: missing 'lowerdir' [ 932.500936][T14300] loop3: detected capacity change from 0 to 1024 [ 932.562518][T14300] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 932.663951][T14300] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 932.880089][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 932.993091][T14311] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 933.321291][T14311] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.978852][T14311] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.241883][T14311] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.472241][T14331] netlink: 436 bytes leftover after parsing attributes in process `syz.0.2569'. [ 935.474930][T14311] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 935.485336][T14331] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2569'. [ 935.548591][T14311] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 935.598662][T14311] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 935.639095][T14311] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 935.949216][T14340] usb usb7: usbfs: process 14340 (syz.0.2573) did not claim interface 0 before use [ 936.034202][T14341] overlay: Unknown parameter '/' [ 937.670900][T14390] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2590'. [ 937.776899][T14393] overlay: Unknown parameter '/' [ 938.613258][T14415] loop3: detected capacity change from 0 to 512 [ 938.620926][T14415] EXT4-fs: Ignoring removed nobh option [ 938.707079][T14415] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 938.740458][T14415] EXT4-fs (loop3): group descriptors corrupted! [ 938.910070][T14423] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2604'. [ 938.930751][T14423] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2604'. [ 938.971923][T14423] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 938.981639][T14423] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 938.990870][T14423] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 939.000611][T14423] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 939.086681][T14428] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2605'. [ 939.674960][T14446] overlay: Unknown parameter '/' [ 940.403974][T14449] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2612'. [ 940.873368][T14465] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2618'. [ 946.587144][T14493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2625'. [ 951.282607][T14530] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2635'. [ 952.693581][T14550] loop2: detected capacity change from 0 to 128 [ 953.247847][T14562] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2646'. [ 956.173739][T14579] loop2: detected capacity change from 0 to 128 [ 956.209690][T14579] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 956.250173][T14579] ext4 filesystem being mounted at /34/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 956.506661][T14592] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2655'. [ 956.630105][T13982] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 956.648954][T14593] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2650'. [ 958.310046][T14617] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2663'. [ 959.132156][T14628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2666'. [ 959.766925][T14643] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2672'. [ 961.403691][T14657] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2676'. [ 962.008660][T14675] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2681'. [ 965.028795][T14698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2688'. [ 965.178948][T14701] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2690'. [ 966.506072][T14730] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2701'. [ 966.636375][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b8ff800: rx timeout, send abort [ 967.170765][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801df79000: rx timeout, send abort [ 967.180631][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b8ff800: abort rx timeout. Force session deactivation [ 967.485360][T14751] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2710'. [ 967.713432][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801df79000: abort rx timeout. Force session deactivation [ 969.220582][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805ce24c00: rx timeout, send abort [ 969.515362][T14786] loop2: detected capacity change from 0 to 1024 [ 969.544555][T14786] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 969.662166][T14786] EXT4-fs error (device loop2): ext4_ext_check_inode:530: inode #3: comm syz.2.2721: pblk 67 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 969.750565][T14786] EXT4-fs error (device loop2): ext4_quota_enable:7147: comm syz.2.2721: Bad quota inode: 3, type: 0 [ 969.762008][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880222fb400: rx timeout, send abort [ 969.770575][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805ce24c00: abort rx timeout. Force session deactivation [ 969.797436][T14786] EXT4-fs warning (device loop2): ext4_enable_quotas:7188: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 969.863170][T14786] EXT4-fs (loop2): mount failed [ 970.011927][T14797] tipc: Enabling of bearer rejected, failed to enable media [ 970.296413][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880222fb400: abort rx timeout. Force session deactivation [ 974.046004][T14856] overlayfs: failed to clone lowerpath [ 974.500050][T14861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2743'. [ 974.639509][T13151] Bluetooth: hci0: command 0x0406 tx timeout [ 976.184521][T14893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2755'. [ 977.272128][T14908] loop2: detected capacity change from 0 to 1024 [ 977.299619][T14908] EXT4-fs: Ignoring removed orlov option [ 977.317355][T14908] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (4096), stripe is disabled [ 977.329420][T14908] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 977.338579][T14908] EXT4-fs (loop2): orphan cleanup on readonly fs [ 977.353950][T14908] EXT4-fs error (device loop2): __ext4_get_inode_loc:4496: comm syz.2.2760: Invalid inode table block 0 in block_group 0 [ 977.370900][T14908] EXT4-fs (loop2): Remounting filesystem read-only [ 977.401753][T14908] Quota error (device loop2): write_blk: dquota write failed [ 977.433056][T14908] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 977.465975][T14908] EXT4-fs (loop2): 1 truncate cleaned up [ 977.540740][T14908] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 977.818272][T13982] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 978.714879][T14922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2765'. [ 979.896096][T14944] overlayfs: failed to clone lowerpath [ 980.104799][T14947] loop3: detected capacity change from 0 to 128 [ 980.141668][T14947] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 980.183782][T14947] ext4 filesystem being mounted at /116/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 980.400902][T13148] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 980.664862][T14956] syzkaller0: entered promiscuous mode [ 980.670425][T14956] syzkaller0: entered allmulticast mode [ 982.461275][T14976] loop3: detected capacity change from 0 to 128 [ 982.484781][T14483] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 982.542223][T14976] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 982.625796][T14976] ext4 filesystem being mounted at /120/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 982.628311][T14483] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 982.745125][T14983] overlayfs: failed to clone lowerpath [ 983.054736][T13148] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 983.110234][T14985] fido_id[14985]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 983.366702][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 983.373138][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 983.445700][T14995] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2793'. [ 984.500998][T15007] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2797'. [ 984.743946][T15015] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2800'. [ 984.971446][T15020] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2804'. [ 985.380844][T15034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2808'. [ 986.394696][T15053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2815'. [ 986.587538][T15055] syzkaller0: entered promiscuous mode [ 986.612304][T15055] syzkaller0: entered allmulticast mode [ 987.249053][T15068] tipc: Started in network mode [ 987.273245][T15068] tipc: Node identity eedb85b7bbee, cluster identity 4711 [ 987.297947][T15068] tipc: Enabled bearer , priority 0 [ 987.323598][T15068] syzkaller0: entered promiscuous mode [ 987.329169][T15068] syzkaller0: entered allmulticast mode [ 987.442850][T15071] tipc: Resetting bearer [ 987.459310][T15073] netlink: 'syz.3.2823': attribute type 1 has an invalid length. [ 987.482434][T15073] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.2823'. [ 987.508686][T15067] tipc: Resetting bearer [ 987.559350][T15067] tipc: Disabling bearer [ 988.221300][T15101] loop3: detected capacity change from 0 to 128 [ 988.278059][T15101] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 988.355975][T15101] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 989.339880][T15110] netlink: 'syz.3.2836': attribute type 1 has an invalid length. [ 989.360731][T15110] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.2836'. [ 991.301166][T15142] netlink: 'syz.4.2850': attribute type 1 has an invalid length. [ 991.328368][T15142] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.2850'. [ 991.357343][T15144] bridge0: port 1(bridge_slave_0) entered disabled state [ 992.025940][T15161] tipc: Enabling of bearer rejected, failed to enable media [ 993.226250][T15178] netlink: 'syz.0.2862': attribute type 1 has an invalid length. [ 993.254968][T15178] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.2862'. [ 993.298881][T15180] bridge0: port 1(bridge_slave_0) entered disabled state [ 994.392125][T15198] tipc: Enabled bearer , priority 0 [ 994.407443][T15198] syzkaller0: entered promiscuous mode [ 994.415432][T15198] syzkaller0: entered allmulticast mode [ 994.444404][T15198] tipc: Resetting bearer [ 994.468582][T15200] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2870'. [ 994.533789][T15196] tipc: Resetting bearer [ 994.578162][T15196] tipc: Disabling bearer [ 994.924269][T15212] netlink: 'syz.0.2875': attribute type 1 has an invalid length. [ 994.939173][T15212] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.2875'. [ 994.959321][T15214] loop2: detected capacity change from 0 to 128 [ 994.966157][T15211] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2874'. [ 995.033133][T15214] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 995.080917][T15214] ext4 filesystem being mounted at /82/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 995.385869][T13982] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 995.466512][T15225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2879'. [ 996.344266][T15225] team0: Failed to send options change via netlink (err -105) [ 996.352355][T15225] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 996.363507][T15225] team0: Port device team_slave_0 removed [ 996.531038][T13151] Bluetooth: hci2: command 0x0406 tx timeout [ 996.710039][T15242] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2882'. [ 996.952316][T15247] netlink: 'syz.4.2885': attribute type 1 has an invalid length. [ 996.970738][T15247] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.2885'. [ 999.729053][T15273] netlink: 'syz.2.2895': attribute type 1 has an invalid length. [ 999.749458][T15273] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.2895'. [ 999.817091][T15278] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2894'. [ 1002.310463][T15309] netlink: 'syz.3.2906': attribute type 1 has an invalid length. [ 1002.323963][T15309] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.2906'. [ 1002.806934][T15316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2908'. [ 1003.009185][T15300] loop2: detected capacity change from 0 to 40427 [ 1003.051999][T15300] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x7ffff [ 1003.074759][T15300] F2FS-fs (loop2): invalid crc value [ 1003.093064][T15300] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1003.233593][T15300] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1003.890781][T13982] syz-executor: attempt to access beyond end of device [ 1003.890781][T13982] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1003.925012][T13982] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1003.988292][T15339] netlink: 'syz.3.2915': attribute type 1 has an invalid length. [ 1004.007206][T15339] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.2915'. [ 1006.604689][T15366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2917'. [ 1006.771078][T15373] netlink: 'syz.0.2927': attribute type 1 has an invalid length. [ 1006.778897][T15373] netlink: 6470 bytes leftover after parsing attributes in process `syz.0.2927'. [ 1009.755891][T15406] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2937'. [ 1012.611219][T15439] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2949'. [ 1012.683056][T15440] syzkaller0: entered promiscuous mode [ 1012.700964][T15440] syzkaller0: entered allmulticast mode [ 1012.977113][T15425] loop2: detected capacity change from 0 to 40427 [ 1013.000356][T15425] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x7ffff [ 1013.063989][T15425] F2FS-fs (loop2): invalid crc value [ 1013.077163][T15425] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1013.152405][T15425] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1014.194395][T13982] syz-executor: attempt to access beyond end of device [ 1014.194395][T13982] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1014.214451][T13982] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1015.452201][T15474] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2959'. [ 1016.215626][T15487] syzkaller0: entered promiscuous mode [ 1016.246013][T15487] syzkaller0: entered allmulticast mode [ 1016.280750][T15492] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2962'. [ 1017.313098][T15501] loop3: detected capacity change from 0 to 256 [ 1017.348422][T15501] exfat: Deprecated parameter 'utf8' [ 1017.403883][T15501] exfat: Deprecated parameter 'utf8' [ 1017.442932][T15501] exfat: Deprecated parameter 'utf8' [ 1017.691592][T15501] exfat: Deprecated parameter 'namecase' [ 1017.755935][T15501] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 1019.711705][T15524] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2971'. [ 1019.930482][T15529] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2973'. [ 1020.474572][T15545] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2980'. [ 1022.462949][T15561] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2983'. [ 1022.770261][T15567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2985'. [ 1023.011752][T15578] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2989'. [ 1023.020904][T15578] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2989'. [ 1024.080529][T15586] tipc: Started in network mode [ 1024.085660][T15586] tipc: Node identity 6e7c62b1a86b, cluster identity 4711 [ 1024.093280][T15586] tipc: Enabled bearer , priority 0 [ 1024.101414][T15586] syzkaller0: entered promiscuous mode [ 1024.107453][T15586] syzkaller0: entered allmulticast mode [ 1024.138035][T15586] tipc: Resetting bearer [ 1024.164065][T15585] tipc: Resetting bearer [ 1024.316829][T15585] tipc: Disabling bearer [ 1027.255574][T15609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2996'. [ 1027.345257][T15612] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2998'. [ 1028.061321][T15621] overlayfs: failed to clone lowerpath [ 1028.654259][T15627] tipc: Started in network mode [ 1028.662382][T15627] tipc: Node identity 1677bd544461, cluster identity 4711 [ 1028.687291][T15627] tipc: Enabled bearer , priority 0 [ 1028.706299][T15627] syzkaller0: entered promiscuous mode [ 1028.744072][T15627] syzkaller0: entered allmulticast mode [ 1029.214101][T15627] tipc: Resetting bearer [ 1029.484923][T15626] tipc: Resetting bearer [ 1029.758111][T15626] tipc: Disabling bearer [ 1029.772954][T15639] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3007'. [ 1029.982863][T15645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3008'. [ 1030.742514][T15658] overlayfs: failed to clone lowerpath [ 1031.249356][T15654] loop2: detected capacity change from 0 to 40427 [ 1031.277943][T15654] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x7ffff [ 1031.306292][T15654] F2FS-fs (loop2): invalid crc value [ 1031.478878][T15654] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1031.596321][T15654] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1031.636839][T15670] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3017'. [ 1034.207647][T15687] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3021'. [ 1035.106262][T13151] Bluetooth: hci5: command 0x0406 tx timeout [ 1035.587275][T15701] overlayfs: failed to clone lowerpath [ 1035.985890][T13982] syz-executor: attempt to access beyond end of device [ 1035.985890][T13982] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1036.000850][T13982] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1036.550838][T15707] tipc: Enabled bearer , priority 0 [ 1036.559584][T15707] syzkaller0: entered promiscuous mode [ 1036.565219][T15707] syzkaller0: entered allmulticast mode [ 1036.618846][T15707] tipc: Resetting bearer [ 1036.634729][T15706] tipc: Resetting bearer [ 1036.672622][T15706] tipc: Disabling bearer [ 1036.899302][T15717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3030'. [ 1036.998582][T15720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3026'. [ 1039.752459][T15751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3040'. [ 1040.771058][T15758] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3041'. [ 1040.942825][T15760] tipc: Enabled bearer , priority 0 [ 1040.991670][T15760] syzkaller0: entered promiscuous mode [ 1041.007001][T15760] syzkaller0: entered allmulticast mode [ 1041.082978][T15760] tipc: Resetting bearer [ 1041.401866][T15759] tipc: Resetting bearer [ 1041.447568][T15759] tipc: Disabling bearer [ 1043.673135][T15782] overlayfs: failed to clone lowerpath [ 1043.695246][T15781] loop3: detected capacity change from 0 to 128 [ 1043.788052][ T28] audit: type=1800 audit(1777479538.645:29): pid=15781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3049" name="file2" dev="loop3" ino=1048614 res=0 errno=0 [ 1043.981772][T15787] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3050'. [ 1044.052306][T15789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3051'. [ 1044.213122][T15793] netlink: 436 bytes leftover after parsing attributes in process `syz.2.3053'. [ 1044.235711][T15793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3053'. [ 1044.413561][T15797] tipc: Enabled bearer , priority 0 [ 1044.428795][T15797] syzkaller0: entered promiscuous mode [ 1044.443944][T15797] syzkaller0: entered allmulticast mode [ 1044.479140][T15797] tipc: Resetting bearer [ 1044.490211][T15796] tipc: Resetting bearer [ 1044.519178][T15796] tipc: Disabling bearer [ 1048.854895][T15824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3061'. [ 1049.931988][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1049.938418][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 1051.080629][T15833] netlink: 436 bytes leftover after parsing attributes in process `syz.2.3064'. [ 1051.085548][T15834] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3063'. [ 1051.138790][T15833] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3064'. [ 1052.534867][T15851] tipc: Enabling of bearer rejected, failed to enable media [ 1053.366245][T15871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3073'. [ 1053.765768][T15855] loop3: detected capacity change from 0 to 40427 [ 1053.772564][T15874] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3074'. [ 1053.810729][T15855] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 1053.852789][T15855] F2FS-fs (loop3): invalid crc value [ 1053.879497][T15855] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1054.705750][T15855] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1054.981207][T15889] netlink: 436 bytes leftover after parsing attributes in process `syz.0.3077'. [ 1055.006837][T15889] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3077'. [ 1057.488271][T15909] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3084'. [ 1058.576802][T15918] bridge0: port 1(bridge_slave_0) entered disabled state [ 1062.081874][T15957] bridge0: port 1(bridge_slave_0) entered disabled state [ 1062.147222][T15939] loop3: detected capacity change from 0 to 40427 [ 1062.180600][T15939] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 1062.286673][T15939] F2FS-fs (loop3): invalid crc value [ 1062.376871][T15939] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1062.526787][T15939] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1066.281188][T15988] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.527780][T16031] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.812365][T16036] syzkaller0: entered promiscuous mode [ 1068.839935][T16036] syzkaller0: entered allmulticast mode [ 1069.679672][T16057] bridge0: port 1(bridge_slave_0) entered disabled state [ 1069.890524][T16064] syzkaller0: entered promiscuous mode [ 1069.907326][T16064] syzkaller0: entered allmulticast mode [ 1070.260410][T16068] overlayfs: failed to clone lowerpath [ 1071.782610][T16088] bridge0: port 1(bridge_slave_0) entered disabled state [ 1073.598456][T16102] fuse: Bad value for 'fd' [ 1074.126953][ T788] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1074.603213][ T788] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1074.715401][ T788] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1074.874740][ T788] usb 1-1: Product: syz [ 1074.900721][ T788] usb 1-1: Manufacturer: syz [ 1074.921469][ T788] usb 1-1: SerialNumber: syz [ 1075.822884][T16117] loop3: detected capacity change from 0 to 64 [ 1075.845844][ T788] usb 1-1: can't set config #1, error -71 [ 1075.937734][ T788] usb 1-1: USB disconnect, device number 2 [ 1076.165853][T16124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3158'. [ 1077.221267][T16136] syzkaller0: entered promiscuous mode [ 1077.240514][T16136] syzkaller0: entered allmulticast mode [ 1077.590603][T16142] loop2: detected capacity change from 0 to 512 [ 1077.692368][T16142] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1077.757916][T16142] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1077.959793][T13982] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1077.978898][T16153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3168'. [ 1079.095066][T16152] loop3: detected capacity change from 0 to 131072 [ 1079.448941][T16152] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1079.508774][T16152] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1080.144786][ T28] audit: type=1804 audit(1777479572.615:30): pid=16175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3166" name="/newroot/197/file1/bus" dev="loop3" ino=10 res=1 errno=0 [ 1080.252841][T16175] F2FS-fs (loop3): access invalid blkaddr:0 [ 1080.259100][T16175] CPU: 1 PID: 16175 Comm: syz.3.3166 Not tainted syzkaller #0 [ 1080.266615][T16175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1080.276742][T16175] Call Trace: [ 1080.280060][T16175] [ 1080.283023][T16175] dump_stack_lvl+0x18c/0x250 [ 1080.287753][T16175] ? show_regs_print_info+0x20/0x20 [ 1080.293012][T16175] ? __up_read+0x2b6/0x6b0 [ 1080.297511][T16175] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1080.302938][T16175] sanity_check_extent_cache+0xfc/0x1f0 [ 1080.308620][T16175] f2fs_iget+0x33c5/0x47e0 [ 1080.313130][T16175] f2fs_lookup+0x37f/0x780 [ 1080.317591][T16175] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1080.323703][T16175] ? from_kuid+0x45e/0x680 [ 1080.328186][T16175] ? make_vfsuid+0x51/0xb0 [ 1080.332663][T16175] ? inode_permission+0xf3/0x480 [ 1080.337651][T16175] ? bpf_lsm_inode_create+0x9/0x10 [ 1080.342803][T16175] ? security_inode_create+0xb7/0x100 [ 1080.348222][T16175] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1080.354351][T16175] path_openat+0x10e4/0x3230 [ 1080.359042][T16175] ? do_filp_open+0x430/0x430 [ 1080.363765][T16175] do_filp_open+0x1f5/0x430 [ 1080.368308][T16175] ? vfs_tmpfile+0x490/0x490 [ 1080.372985][T16175] ? preempt_schedule_common+0x82/0xc0 [ 1080.378504][T16175] ? _raw_spin_unlock+0x3a/0x40 [ 1080.383403][T16175] ? alloc_fd+0x58f/0x630 [ 1080.387803][T16175] do_sys_openat2+0x134/0x1d0 [ 1080.392527][T16175] ? do_sys_open+0xe0/0xe0 [ 1080.396992][T16175] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1080.403024][T16175] ? lock_chain_count+0x20/0x20 [ 1080.407923][T16175] __x64_sys_open+0x11f/0x140 [ 1080.412671][T16175] do_syscall_64+0x55/0xa0 [ 1080.417133][T16175] ? clear_bhb_loop+0x40/0x90 [ 1080.421854][T16175] ? clear_bhb_loop+0x40/0x90 [ 1080.426602][T16175] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1080.432556][T16175] RIP: 0033:0x7f31dd19cdd9 [ 1080.437021][T16175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1080.456684][T16175] RSP: 002b:00007f31de0ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1080.465171][T16175] RAX: ffffffffffffffda RBX: 00007f31dd416270 RCX: 00007f31dd19cdd9 [ 1080.473219][T16175] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 1080.481232][T16175] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1080.489246][T16175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1080.497267][T16175] R13: 00007f31dd416308 R14: 00007f31dd416270 R15: 00007ffdb4b563a8 [ 1080.505299][T16175] [ 1080.511400][T16175] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1080.875509][T16175] F2FS-fs (loop3): access invalid blkaddr:0 [ 1080.881620][T16175] CPU: 1 PID: 16175 Comm: syz.3.3166 Not tainted syzkaller #0 [ 1080.889152][T16175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1080.899421][T16175] Call Trace: [ 1080.902734][T16175] [ 1080.905701][T16175] dump_stack_lvl+0x18c/0x250 [ 1080.910447][T16175] ? show_regs_print_info+0x20/0x20 [ 1080.915710][T16175] ? __up_read+0x2b6/0x6b0 [ 1080.920226][T16175] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1080.925660][T16175] sanity_check_extent_cache+0xfc/0x1f0 [ 1080.931296][T16175] f2fs_iget+0x33c5/0x47e0 [ 1080.935830][T16175] f2fs_lookup+0x37f/0x780 [ 1080.940294][T16175] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1080.946408][T16175] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1080.951585][T16175] ? __init_waitqueue_head+0xa9/0x150 [ 1080.957034][T16175] __lookup_slow+0x2a1/0x400 [ 1080.961765][T16175] ? lookup_one_len+0x2e0/0x2e0 [ 1080.966743][T16175] ? try_to_unlazy+0x34c/0x5a0 [ 1080.971581][T16175] ? down_read+0x1ac/0x2e0 [ 1080.976052][T16175] lookup_slow+0x53/0x70 [ 1080.980351][T16175] walk_component+0x2be/0x3f0 [ 1080.985079][T16175] ? path_lookupat+0x15c/0x440 [ 1080.989908][T16175] path_lookupat+0x169/0x440 [ 1080.994573][T16175] filename_lookup+0x228/0x560 [ 1080.999409][T16175] ? hashlen_string+0x110/0x110 [ 1081.004345][T16175] ? lockdep_hardirqs_on+0x98/0x150 [ 1081.009634][T16175] ? strncpy_from_user+0x197/0x2d0 [ 1081.014807][T16175] ? getname_flags+0x20a/0x500 [ 1081.019642][T16175] user_path_at_empty+0x42/0x60 [ 1081.024562][T16175] __se_sys_mount+0x2a8/0x3d0 [ 1081.029290][T16175] ? __x64_sys_mount+0xc0/0xc0 [ 1081.034110][T16175] ? __x64_sys_mount+0x20/0xc0 [ 1081.038922][T16175] do_syscall_64+0x55/0xa0 [ 1081.043370][T16175] ? clear_bhb_loop+0x40/0x90 [ 1081.048083][T16175] ? clear_bhb_loop+0x40/0x90 [ 1081.052794][T16175] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1081.058724][T16175] RIP: 0033:0x7f31dd19cdd9 [ 1081.063165][T16175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1081.082798][T16175] RSP: 002b:00007f31de0ac028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1081.091249][T16175] RAX: ffffffffffffffda RBX: 00007f31dd416270 RCX: 00007f31dd19cdd9 [ 1081.099250][T16175] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 1081.107255][T16175] RBP: 00007f31dd232d69 R08: 0000200000000080 R09: 0000000000000000 [ 1081.115256][T16175] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 1081.123251][T16175] R13: 00007f31dd416308 R14: 00007f31dd416270 R15: 00007ffdb4b563a8 [ 1081.131261][T16175] [ 1081.135797][T16175] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1081.432417][T16173] tipc: Enabled bearer , priority 0 [ 1081.497163][T15043] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 1081.551811][T16178] F2FS-fs (loop3): access invalid blkaddr:0 [ 1081.557838][T16178] CPU: 1 PID: 16178 Comm: syz.3.3166 Not tainted syzkaller #0 [ 1081.565331][T16178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1081.575519][T16178] Call Trace: [ 1081.578833][T16178] [ 1081.581797][T16178] dump_stack_lvl+0x18c/0x250 [ 1081.586544][T16178] ? show_regs_print_info+0x20/0x20 [ 1081.591796][T16178] ? lock_chain_count+0x20/0x20 [ 1081.596698][T16178] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1081.602387][T16178] ? lockdep_hardirqs_on+0x98/0x150 [ 1081.607637][T16178] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1081.613064][T16178] sanity_check_extent_cache+0xfc/0x1f0 [ 1081.618667][T16178] f2fs_iget+0x33c5/0x47e0 [ 1081.623170][T16178] f2fs_lookup+0x37f/0x780 [ 1081.627630][T16178] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1081.633743][T16178] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1081.638910][T16178] ? __init_waitqueue_head+0xa9/0x150 [ 1081.644347][T16178] __lookup_slow+0x2a1/0x400 [ 1081.648995][T16178] ? lookup_one_len+0x2e0/0x2e0 [ 1081.653925][T16178] lookup_slow+0x53/0x70 [ 1081.658208][T16178] walk_component+0x2be/0x3f0 [ 1081.662925][T16178] ? path_lookupat+0x15c/0x440 [ 1081.667743][T16178] path_lookupat+0x169/0x440 [ 1081.672396][T16178] filename_lookup+0x228/0x560 [ 1081.677223][T16178] ? hashlen_string+0x110/0x110 [ 1081.682172][T16178] ? strncpy_from_user+0x197/0x2d0 [ 1081.687332][T16178] ? getname_flags+0x20a/0x500 [ 1081.692148][T16178] user_path_at_empty+0x42/0x60 [ 1081.697045][T16178] do_fchmodat+0xde/0x1e0 [ 1081.701440][T16178] ? do_faccessat+0xd00/0xd00 [ 1081.706159][T16178] ? syscall_enter_from_user_mode+0x25/0x80 [ 1081.712092][T16178] __x64_sys_chmod+0x62/0x70 [ 1081.716743][T16178] do_syscall_64+0x55/0xa0 [ 1081.721204][T16178] ? clear_bhb_loop+0x40/0x90 [ 1081.725929][T16178] ? clear_bhb_loop+0x40/0x90 [ 1081.730651][T16178] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1081.736594][T16178] RIP: 0033:0x7f31dd19cdd9 [ 1081.741050][T16178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1081.760710][T16178] RSP: 002b:00007f31de06a028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 1081.769177][T16178] RAX: ffffffffffffffda RBX: 00007f31dd416450 RCX: 00007f31dd19cdd9 [ 1081.777193][T16178] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 1081.785199][T16178] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1081.793208][T16178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1081.801220][T16178] R13: 00007f31dd4164e8 R14: 00007f31dd416450 R15: 00007ffdb4b563a8 [ 1081.809258][T16178] [ 1081.814139][T16178] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1081.857376][T16176] F2FS-fs (loop3): access invalid blkaddr:0 [ 1081.863465][T16176] CPU: 1 PID: 16176 Comm: syz.3.3166 Not tainted syzkaller #0 [ 1081.870966][T16176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1081.881067][T16176] Call Trace: [ 1081.884394][T16176] [ 1081.887366][T16176] dump_stack_lvl+0x18c/0x250 [ 1081.892122][T16176] ? show_regs_print_info+0x20/0x20 [ 1081.897392][T16176] ? lock_chain_count+0x20/0x20 [ 1081.902299][T16176] ? lockdep_hardirqs_on+0x98/0x150 [ 1081.907546][T16176] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1081.912982][T16176] sanity_check_extent_cache+0xfc/0x1f0 [ 1081.918594][T16176] f2fs_iget+0x33c5/0x47e0 [ 1081.923086][T16176] f2fs_lookup+0x37f/0x780 [ 1081.927568][T16176] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1081.933685][T16176] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1081.938854][T16176] ? __init_waitqueue_head+0xa9/0x150 [ 1081.944276][T16176] __lookup_slow+0x2a1/0x400 [ 1081.948918][T16176] ? lookup_one_len+0x2e0/0x2e0 [ 1081.953833][T16176] ? try_to_unlazy+0x34c/0x5a0 [ 1081.958648][T16176] ? down_read+0x1ac/0x2e0 [ 1081.963104][T16176] lookup_slow+0x53/0x70 [ 1081.967398][T16176] walk_component+0x2be/0x3f0 [ 1081.972131][T16176] ? path_lookupat+0x15c/0x440 [ 1081.976944][T16176] path_lookupat+0x169/0x440 [ 1081.981585][T16176] filename_lookup+0x228/0x560 [ 1081.986441][T16176] ? hashlen_string+0x110/0x110 [ 1081.991386][T16176] ? strncpy_from_user+0x197/0x2d0 [ 1081.996567][T16176] ? getname_flags+0x20a/0x500 [ 1082.001396][T16176] user_path_at_empty+0x42/0x60 [ 1082.006290][T16176] do_fchmodat+0xde/0x1e0 [ 1082.010669][T16176] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1082.016365][T16176] ? do_faccessat+0xd00/0xd00 [ 1082.021099][T16176] __x64_sys_chmod+0x62/0x70 [ 1082.025739][T16176] do_syscall_64+0x55/0xa0 [ 1082.030190][T16176] ? clear_bhb_loop+0x40/0x90 [ 1082.034949][T16176] ? clear_bhb_loop+0x40/0x90 [ 1082.039684][T16176] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1082.045623][T16176] RIP: 0033:0x7f31dd19cdd9 [ 1082.050077][T16176] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1082.069755][T16176] RSP: 002b:00007f31de08b028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 1082.078209][T16176] RAX: ffffffffffffffda RBX: 00007f31dd416360 RCX: 00007f31dd19cdd9 [ 1082.086221][T16176] RDX: 0000000000000000 RSI: 00000000000003dc RDI: 0000200000000100 [ 1082.094255][T16176] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1082.102270][T16176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1082.110298][T16176] R13: 00007f31dd4163f8 R14: 00007f31dd416360 R15: 00007ffdb4b563a8 [ 1082.118333][T16176] [ 1082.122697][T16176] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1082.237835][T16173] tipc: Resetting bearer [ 1082.364205][T16171] tipc: Disabling bearer [ 1084.285289][T16205] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3178'. [ 1086.794585][T16226] tipc: Enabling of bearer rejected, failed to enable media [ 1087.092141][T16237] syzkaller0: entered promiscuous mode [ 1087.107780][T16237] syzkaller0: entered allmulticast mode [ 1087.437034][T16247] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3188'. [ 1090.847176][T16273] tipc: Enabled bearer , priority 0 [ 1090.879519][T16273] syzkaller0: entered promiscuous mode [ 1090.889301][T16273] syzkaller0: entered allmulticast mode [ 1090.946941][T16278] syzkaller0: entered promiscuous mode [ 1090.952492][T16278] syzkaller0: entered allmulticast mode [ 1090.970142][T16273] tipc: Resetting bearer [ 1091.073514][T16268] tipc: Resetting bearer [ 1091.158731][T16268] tipc: Disabling bearer [ 1091.315054][T16288] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3199'. [ 1091.704294][T16297] loop3: detected capacity change from 0 to 1024 [ 1091.764654][T16297] EXT4-fs: inline encryption not supported [ 1092.132951][T16297] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1092.723395][T16297] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1092.913320][ T28] audit: type=1800 audit(1777479584.612:31): pid=16297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3203" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 1092.947487][T16297] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: comm syz.3.3203: lblock 0 mapped to illegal pblock 0 (length 1) [ 1092.990643][T16297] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 1093.018592][T16297] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1093.018592][T16297] [ 1093.076138][T16297] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #15: comm syz.3.3203: lblock 0 mapped to illegal pblock 0 (length 1) [ 1093.990736][T16297] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #15: comm syz.3.3203: lblock 0 mapped to illegal pblock 0 (length 1) [ 1094.050016][T16297] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #15: comm syz.3.3203: lblock 0 mapped to illegal pblock 0 (length 1) [ 1094.096896][T16297] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #15: comm syz.3.3203: lblock 0 mapped to illegal pblock 0 (length 1) [ 1094.318716][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1095.858562][T13151] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1095.881078][T13151] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1095.891434][T13151] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1095.905189][T13151] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1095.924500][T13151] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1095.932108][T13151] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1098.174279][T13151] Bluetooth: hci1: command tx timeout [ 1100.398755][T13151] Bluetooth: hci1: command tx timeout [ 1101.871819][T16335] chnl_net:caif_netlink_parms(): no params data found [ 1102.677342][T13151] Bluetooth: hci1: command tx timeout [ 1102.851040][T16391] loop3: detected capacity change from 0 to 512 [ 1102.891443][T16391] EXT4-fs: old and new quota format mixing [ 1103.004141][T16393] loop2: detected capacity change from 0 to 512 [ 1103.070487][ T7924] hsr_slave_0: left promiscuous mode [ 1103.088148][ T7924] hsr_slave_1: left promiscuous mode [ 1103.105816][ T7924] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1103.113325][ T7924] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1103.336825][ T7924] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1103.361262][ T7924] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1103.378169][ T7924] bridge_slave_1: left allmulticast mode [ 1103.391107][ T7924] bridge_slave_1: left promiscuous mode [ 1103.400442][ T7924] bridge0: port 2(bridge_slave_1) entered disabled state [ 1103.600993][ T7924] bridge_slave_0: left allmulticast mode [ 1103.682763][ T7924] bridge_slave_0: left promiscuous mode [ 1103.819801][ T7924] bridge0: port 1(bridge_slave_0) entered disabled state [ 1104.271548][ T7924] veth1_macvtap: left promiscuous mode [ 1104.289075][ T7924] veth0_macvtap: left promiscuous mode [ 1104.374788][ T7924] veth1_vlan: left promiscuous mode [ 1104.391326][ T7924] veth0_vlan: left promiscuous mode [ 1105.920920][T13151] Bluetooth: hci1: command tx timeout [ 1108.379742][ T7924] team0 (unregistering): Port device team_slave_1 removed [ 1108.434306][ T7924] team0 (unregistering): Port device team_slave_0 removed [ 1108.486188][ T7924] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1108.549716][ T7924] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1110.166287][ T7924] bond0 (unregistering): Released all slaves [ 1110.626255][T16335] bridge0: port 1(bridge_slave_0) entered blocking state [ 1110.660063][T16335] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.667375][T16335] bridge_slave_0: entered allmulticast mode [ 1110.721273][T16335] bridge_slave_0: entered promiscuous mode [ 1110.744451][T16335] bridge0: port 2(bridge_slave_1) entered blocking state [ 1110.774759][T16335] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.878855][T16335] bridge_slave_1: entered allmulticast mode [ 1111.059226][T16335] bridge_slave_1: entered promiscuous mode [ 1111.633355][T16335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1111.645871][T16335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1111.755035][ T7926] Bluetooth: hci3: Frame reassembly failed (-84) [ 1111.787670][T16335] team0: Port device team_slave_0 added [ 1111.799274][T16335] team0: Port device team_slave_1 added [ 1111.855056][T16335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1111.866328][T16335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1111.924176][T16335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1111.967530][T16335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1111.985674][T16335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1112.020628][T16442] loop2: detected capacity change from 0 to 512 [ 1112.055265][T16335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1112.128009][ T7924] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.287844][T16335] hsr_slave_0: entered promiscuous mode [ 1112.298629][T16335] hsr_slave_1: entered promiscuous mode [ 1112.312935][ T7924] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.921111][ T7924] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.088121][ T7924] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.914110][T13151] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1114.680514][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1114.686898][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.723502][T16487] loop3: detected capacity change from 0 to 512 [ 1116.820963][T16118] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1118.712086][T16335] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1120.527938][T16335] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1122.504450][T16335] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1122.522773][T16335] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1123.176558][ T7924] hsr_slave_0: left promiscuous mode [ 1123.189678][ T7924] hsr_slave_1: left promiscuous mode [ 1123.201662][ T7924] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1123.329540][ T7924] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1123.362067][ T7924] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1123.427174][ T7924] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1123.466658][ T7924] bridge_slave_1: left allmulticast mode [ 1123.474072][ T7924] bridge_slave_1: left promiscuous mode [ 1123.479976][ T7924] bridge0: port 2(bridge_slave_1) entered disabled state [ 1125.535658][ T7924] bridge_slave_0: left allmulticast mode [ 1125.562938][ T7924] bridge_slave_0: left promiscuous mode [ 1125.591554][ T7924] bridge0: port 1(bridge_slave_0) entered disabled state [ 1125.781219][ T7924] veth1_macvtap: left promiscuous mode [ 1125.786944][ T7924] veth0_macvtap: left promiscuous mode [ 1125.801002][ T7924] veth1_vlan: left promiscuous mode [ 1127.402716][ T7924] team0 (unregistering): Port device team_slave_1 removed [ 1127.468088][ T7924] team0 (unregistering): Port device team_slave_0 removed [ 1127.518983][ T7924] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1127.575472][ T7924] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1127.981809][ T7924] bond0 (unregistering): Released all slaves [ 1128.109694][T16335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1128.140500][T16335] 8021q: adding VLAN 0 to HW filter on device team0 [ 1128.213528][T16335] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1128.226728][T16335] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1128.415561][ T7912] bridge0: port 1(bridge_slave_0) entered blocking state [ 1128.422840][ T7912] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1128.447578][ T7912] bridge0: port 2(bridge_slave_1) entered blocking state [ 1128.454832][ T7912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1128.576191][T16590] loop3: detected capacity change from 0 to 512 [ 1128.656599][T16118] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1129.138870][T16335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1129.719649][T16335] veth0_vlan: entered promiscuous mode [ 1129.742657][T16335] veth1_vlan: entered promiscuous mode [ 1129.824458][T16335] veth0_macvtap: entered promiscuous mode [ 1129.837854][T16335] veth1_macvtap: entered promiscuous mode [ 1129.873007][T16335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.891051][T16335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.904521][T16335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.919730][T16335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.929978][T16335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.941433][T16335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.981805][T16335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1130.003076][T16335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.019358][T16335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.029295][T16335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.040102][T16335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.051097][T16335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.078321][T16335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.109827][T16335] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1130.133165][T16335] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.149643][T16335] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.169759][T16335] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.190334][T16335] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.421997][ T7912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1130.467341][ T7912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1130.586328][ T7926] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1130.605350][ T7926] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1133.513790][T16631] tipc: Enabled bearer , priority 0 [ 1133.542084][T16631] syzkaller0: entered promiscuous mode [ 1133.547633][T16631] syzkaller0: entered allmulticast mode [ 1133.668352][T16630] tipc: Resetting bearer [ 1133.930107][T16630] tipc: Disabling bearer [ 1134.092227][T16640] loop4: detected capacity change from 0 to 512 [ 1134.106342][T16640] ext2: Unknown parameter 'permit_directio' [ 1135.051276][T16650] loop3: detected capacity change from 0 to 512 [ 1136.053339][T16657] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1140.873361][T16691] loop2: detected capacity change from 0 to 512 [ 1140.886281][T16691] ext2: Unknown parameter 'permit_directio' [ 1141.601879][T16695] loop4: detected capacity change from 0 to 512 [ 1142.099746][T14244] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1142.700806][T16702] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1143.275000][T16713] loop3: detected capacity change from 0 to 128 [ 1146.038807][T16726] loop2: detected capacity change from 0 to 1024 [ 1146.097587][T16726] EXT4-fs: inline encryption not supported [ 1146.256076][T16726] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1146.271694][T16726] ext4 filesystem being mounted at /194/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1146.384005][ T28] audit: type=1800 audit(1777479634.621:32): pid=16726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3301" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 1146.448147][T16726] EXT4-fs error (device loop2): ext4_map_blocks:720: inode #15: comm syz.2.3301: lblock 0 mapped to illegal pblock 0 (length 1) [ 1146.704235][T16726] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 1146.887064][T16726] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1146.887064][T16726] [ 1147.201093][T16736] EXT4-fs error (device loop2): ext4_map_blocks:610: inode #15: comm syz.2.3301: lblock 0 mapped to illegal pblock 0 (length 1) [ 1147.290020][T16736] EXT4-fs error (device loop2): ext4_map_blocks:610: inode #15: comm syz.2.3301: lblock 0 mapped to illegal pblock 0 (length 1) [ 1147.354721][T16736] EXT4-fs error (device loop2): ext4_map_blocks:610: inode #15: comm syz.2.3301: lblock 0 mapped to illegal pblock 0 (length 1) [ 1147.410206][T16736] EXT4-fs error (device loop2): ext4_map_blocks:610: inode #15: comm syz.2.3301: lblock 0 mapped to illegal pblock 0 (length 1) [ 1147.419947][T16731] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 1147.553317][T13982] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1148.076584][T16746] loop3: detected capacity change from 0 to 512 [ 1148.089366][T16746] ext2: Unknown parameter 'permit_directio' [ 1148.983965][T16752] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1152.326496][T16781] overlayfs: missing 'lowerdir' [ 1154.803203][T16785] loop2: detected capacity change from 0 to 512 [ 1155.209174][T16786] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3316'. [ 1160.305716][T16820] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3323'. [ 1162.960124][T16833] fuse: Bad value for 'fd' [ 1163.336617][T16835] overlayfs: missing 'lowerdir' [ 1163.797904][T16836] loop2: detected capacity change from 0 to 512 [ 1164.273956][T16838] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3328'. [ 1164.884192][ T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1165.160999][T16849] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1166.340121][T16866] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3337'. [ 1168.189108][T16876] overlayfs: missing 'lowerdir' [ 1169.888788][T16881] loop3: detected capacity change from 0 to 131072 [ 1170.569289][T16890] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1171.100763][T16881] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1171.149066][T16881] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1171.310277][T16901] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3348'. [ 1171.606451][ T28] audit: type=1804 audit(1777479658.240:33): pid=16906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3343" name="/newroot/246/file1/bus" dev="loop3" ino=10 res=1 errno=0 [ 1171.948653][T16906] F2FS-fs (loop3): access invalid blkaddr:0 [ 1171.954763][T16906] CPU: 1 PID: 16906 Comm: syz.3.3343 Not tainted syzkaller #0 [ 1171.962273][T16906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1171.972389][T16906] Call Trace: [ 1171.975717][T16906] [ 1171.978706][T16906] dump_stack_lvl+0x18c/0x250 [ 1171.983451][T16906] ? show_regs_print_info+0x20/0x20 [ 1171.988712][T16906] ? lock_chain_count+0x20/0x20 [ 1171.993624][T16906] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1171.999311][T16906] ? lockdep_hardirqs_on+0x98/0x150 [ 1172.004561][T16906] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1172.009990][T16906] sanity_check_extent_cache+0xfc/0x1f0 [ 1172.015592][T16906] f2fs_iget+0x33c5/0x47e0 [ 1172.020086][T16906] f2fs_lookup+0x37f/0x780 [ 1172.024552][T16906] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1172.030670][T16906] ? lockdep_hardirqs_on+0x98/0x150 [ 1172.035915][T16906] ? make_vfsuid+0x51/0xb0 [ 1172.040393][T16906] ? inode_permission+0xf3/0x480 [ 1172.045375][T16906] ? bpf_lsm_inode_create+0x9/0x10 [ 1172.050528][T16906] ? security_inode_create+0xb7/0x100 [ 1172.055945][T16906] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1172.062064][T16906] path_openat+0x10e4/0x3230 [ 1172.066725][T16906] ? do_filp_open+0x430/0x430 [ 1172.071470][T16906] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1172.077157][T16906] do_filp_open+0x1f5/0x430 [ 1172.081729][T16906] ? vfs_tmpfile+0x490/0x490 [ 1172.086368][T16906] ? preempt_schedule_common+0x82/0xc0 [ 1172.091891][T16906] ? _raw_spin_unlock+0x3a/0x40 [ 1172.096791][T16906] ? alloc_fd+0x58f/0x630 [ 1172.101207][T16906] do_sys_openat2+0x134/0x1d0 [ 1172.105937][T16906] ? do_sys_open+0xe0/0xe0 [ 1172.110412][T16906] ? lock_chain_count+0x20/0x20 [ 1172.115318][T16906] __x64_sys_open+0x11f/0x140 [ 1172.120053][T16906] do_syscall_64+0x55/0xa0 [ 1172.124515][T16906] ? clear_bhb_loop+0x40/0x90 [ 1172.129238][T16906] ? clear_bhb_loop+0x40/0x90 [ 1172.133979][T16906] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1172.139909][T16906] RIP: 0033:0x7f31dd19cdd9 [ 1172.144367][T16906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1172.164023][T16906] RSP: 002b:00007f31de0cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1172.172487][T16906] RAX: ffffffffffffffda RBX: 00007f31dd416180 RCX: 00007f31dd19cdd9 [ 1172.180512][T16906] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 1172.188545][T16906] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1172.196572][T16906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1172.204606][T16906] R13: 00007f31dd416218 R14: 00007f31dd416180 R15: 00007ffdb4b563a8 [ 1172.212640][T16906] [ 1172.216976][T16906] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1172.266958][T16907] F2FS-fs (loop3): access invalid blkaddr:0 [ 1172.272998][T16907] CPU: 1 PID: 16907 Comm: syz.3.3343 Not tainted syzkaller #0 [ 1172.280503][T16907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1172.290598][T16907] Call Trace: [ 1172.293915][T16907] [ 1172.296902][T16907] dump_stack_lvl+0x18c/0x250 [ 1172.301685][T16907] ? show_regs_print_info+0x20/0x20 [ 1172.306954][T16907] ? __up_read+0x2b6/0x6b0 [ 1172.311437][T16907] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1172.316873][T16907] sanity_check_extent_cache+0xfc/0x1f0 [ 1172.322480][T16907] f2fs_iget+0x33c5/0x47e0 [ 1172.326979][T16907] f2fs_lookup+0x37f/0x780 [ 1172.331458][T16907] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1172.337575][T16907] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1172.342742][T16907] ? __init_waitqueue_head+0xa9/0x150 [ 1172.348165][T16907] __lookup_slow+0x2a1/0x400 [ 1172.352805][T16907] ? lookup_one_len+0x2e0/0x2e0 [ 1172.357767][T16907] ? try_to_unlazy+0x34c/0x5a0 [ 1172.362575][T16907] ? down_read+0x1ac/0x2e0 [ 1172.367052][T16907] lookup_slow+0x53/0x70 [ 1172.371349][T16907] walk_component+0x2be/0x3f0 [ 1172.376071][T16907] ? path_lookupat+0x15c/0x440 [ 1172.380903][T16907] path_lookupat+0x169/0x440 [ 1172.385561][T16907] filename_lookup+0x228/0x560 [ 1172.390488][T16907] ? hashlen_string+0x110/0x110 [ 1172.395440][T16907] ? strncpy_from_user+0x197/0x2d0 [ 1172.400619][T16907] ? getname_flags+0x20a/0x500 [ 1172.405440][T16907] user_path_at_empty+0x42/0x60 [ 1172.410351][T16907] __se_sys_mount+0x2a8/0x3d0 [ 1172.415080][T16907] ? __x64_sys_mount+0xc0/0xc0 [ 1172.419889][T16907] ? lockdep_hardirqs_on+0x98/0x150 [ 1172.425159][T16907] ? __x64_sys_mount+0x20/0xc0 [ 1172.429963][T16907] do_syscall_64+0x55/0xa0 [ 1172.434422][T16907] ? clear_bhb_loop+0x40/0x90 [ 1172.439147][T16907] ? clear_bhb_loop+0x40/0x90 [ 1172.443876][T16907] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1172.449809][T16907] RIP: 0033:0x7f31dd19cdd9 [ 1172.454275][T16907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1172.473927][T16907] RSP: 002b:00007f31de0ac028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1172.482387][T16907] RAX: ffffffffffffffda RBX: 00007f31dd416270 RCX: 00007f31dd19cdd9 [ 1172.490414][T16907] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 1172.498476][T16907] RBP: 00007f31dd232d69 R08: 0000200000000080 R09: 0000000000000000 [ 1172.506495][T16907] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 1172.514513][T16907] R13: 00007f31dd416308 R14: 00007f31dd416270 R15: 00007ffdb4b563a8 [ 1172.522641][T16907] [ 1172.527353][T16907] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1172.564752][T16906] F2FS-fs (loop3): access invalid blkaddr:0 [ 1172.570809][T16906] CPU: 1 PID: 16906 Comm: syz.3.3343 Not tainted syzkaller #0 [ 1172.578309][T16906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1172.588403][T16906] Call Trace: [ 1172.591756][T16906] [ 1172.594751][T16906] dump_stack_lvl+0x18c/0x250 [ 1172.599514][T16906] ? show_regs_print_info+0x20/0x20 [ 1172.604762][T16906] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1172.610447][T16906] ? f2fs_is_valid_blkaddr+0x6d8/0x1580 [ 1172.616058][T16906] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1172.621487][T16906] sanity_check_extent_cache+0xfc/0x1f0 [ 1172.627091][T16906] f2fs_iget+0x33c5/0x47e0 [ 1172.631607][T16906] f2fs_lookup+0x37f/0x780 [ 1172.636074][T16906] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1172.642192][T16906] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1172.647399][T16906] ? __init_waitqueue_head+0xa9/0x150 [ 1172.652829][T16906] __lookup_slow+0x2a1/0x400 [ 1172.657504][T16906] ? lookup_one_len+0x2e0/0x2e0 [ 1172.662411][T16906] ? try_to_unlazy+0x34c/0x5a0 [ 1172.667223][T16906] ? down_read+0x1ac/0x2e0 [ 1172.671686][T16906] lookup_slow+0x53/0x70 [ 1172.675965][T16906] walk_component+0x2be/0x3f0 [ 1172.680687][T16906] ? path_lookupat+0x15c/0x440 [ 1172.685504][T16906] path_lookupat+0x169/0x440 [ 1172.690156][T16906] filename_lookup+0x228/0x560 [ 1172.695011][T16906] ? hashlen_string+0x110/0x110 [ 1172.699937][T16906] ? strncpy_from_user+0x197/0x2d0 [ 1172.705095][T16906] ? getname_flags+0x20a/0x500 [ 1172.709925][T16906] user_path_at_empty+0x42/0x60 [ 1172.714822][T16906] do_fchmodat+0xde/0x1e0 [ 1172.719198][T16906] ? do_faccessat+0xd00/0xd00 [ 1172.723914][T16906] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1172.729983][T16906] __x64_sys_chmod+0x62/0x70 [ 1172.734620][T16906] do_syscall_64+0x55/0xa0 [ 1172.739074][T16906] ? clear_bhb_loop+0x40/0x90 [ 1172.743791][T16906] ? clear_bhb_loop+0x40/0x90 [ 1172.748540][T16906] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1172.754489][T16906] RIP: 0033:0x7f31dd19cdd9 [ 1172.758948][T16906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1172.778590][T16906] RSP: 002b:00007f31de0cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 1172.787046][T16906] RAX: ffffffffffffffda RBX: 00007f31dd416180 RCX: 00007f31dd19cdd9 [ 1172.795050][T16906] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 1172.803058][T16906] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1172.811066][T16906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1172.819069][T16906] R13: 00007f31dd416218 R14: 00007f31dd416180 R15: 00007ffdb4b563a8 [ 1172.827124][T16906] [ 1172.909328][T16906] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1173.118134][T16908] F2FS-fs (loop3): access invalid blkaddr:0 [ 1173.124381][T16908] CPU: 1 PID: 16908 Comm: syz.3.3343 Not tainted syzkaller #0 [ 1173.131898][T16908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1173.142006][T16908] Call Trace: [ 1173.145318][T16908] [ 1173.148285][T16908] dump_stack_lvl+0x18c/0x250 [ 1173.153030][T16908] ? show_regs_print_info+0x20/0x20 [ 1173.158294][T16908] ? __sanitizer_cov_trace_cmp2+0x90/0x90 [ 1173.164064][T16908] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1173.169497][T16908] sanity_check_extent_cache+0xfc/0x1f0 [ 1173.175103][T16908] f2fs_iget+0x33c5/0x47e0 [ 1173.179605][T16908] f2fs_lookup+0x37f/0x780 [ 1173.184087][T16908] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1173.190230][T16908] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1173.195396][T16908] ? __init_waitqueue_head+0xa9/0x150 [ 1173.200836][T16908] __lookup_slow+0x2a1/0x400 [ 1173.205485][T16908] ? lookup_one_len+0x2e0/0x2e0 [ 1173.210430][T16908] ? try_to_unlazy+0x34c/0x5a0 [ 1173.215253][T16908] ? down_read+0x1ac/0x2e0 [ 1173.219714][T16908] lookup_slow+0x53/0x70 [ 1173.223998][T16908] walk_component+0x2be/0x3f0 [ 1173.228720][T16908] ? path_lookupat+0x15c/0x440 [ 1173.233542][T16908] path_lookupat+0x169/0x440 [ 1173.238191][T16908] filename_lookup+0x228/0x560 [ 1173.243015][T16908] ? hashlen_string+0x110/0x110 [ 1173.247943][T16908] ? strncpy_from_user+0x197/0x2d0 [ 1173.253104][T16908] ? getname_flags+0x20a/0x500 [ 1173.257930][T16908] user_path_at_empty+0x42/0x60 [ 1173.262827][T16908] do_fchmodat+0xde/0x1e0 [ 1173.267205][T16908] ? do_faccessat+0xd00/0xd00 [ 1173.271937][T16908] ? syscall_enter_from_user_mode+0x25/0x80 [ 1173.277888][T16908] __x64_sys_chmod+0x62/0x70 [ 1173.282528][T16908] do_syscall_64+0x55/0xa0 [ 1173.286983][T16908] ? clear_bhb_loop+0x40/0x90 [ 1173.291716][T16908] ? clear_bhb_loop+0x40/0x90 [ 1173.296450][T16908] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1173.302394][T16908] RIP: 0033:0x7f31dd19cdd9 [ 1173.306856][T16908] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1173.326868][T16908] RSP: 002b:00007f31de08b028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 1173.335403][T16908] RAX: ffffffffffffffda RBX: 00007f31dd416360 RCX: 00007f31dd19cdd9 [ 1173.343422][T16908] RDX: 0000000000000000 RSI: 00000000000003dc RDI: 0000200000000100 [ 1173.351439][T16908] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1173.359454][T16908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1173.367470][T16908] R13: 00007f31dd4163f8 R14: 00007f31dd416360 R15: 00007ffdb4b563a8 [ 1173.375507][T16908] [ 1173.380188][T16908] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1173.461878][ T23] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1173.896339][ T23] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1173.956864][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1173.967083][ T23] usb 4-1: Product: syz [ 1173.971310][ T23] usb 4-1: Manufacturer: syz [ 1173.977053][ T23] usb 4-1: SerialNumber: syz [ 1174.762634][ T23] usb 4-1: can't set config #1, error -71 [ 1174.777481][ T23] usb 4-1: USB disconnect, device number 4 [ 1177.600471][T16934] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1177.937409][T16937] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3357'. [ 1178.399993][T16954] loop4: detected capacity change from 0 to 256 [ 1180.979226][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 1180.985754][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 1181.126773][T16975] netlink: 16162 bytes leftover after parsing attributes in process `syz.2.3368'. [ 1181.290419][T16969] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1181.843217][T17000] netlink: 16162 bytes leftover after parsing attributes in process `syz.2.3377'. [ 1184.943884][T17015] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1186.019301][T17025] syzkaller0: entered promiscuous mode [ 1186.025134][T17025] syzkaller0: entered allmulticast mode [ 1187.109869][T17029] loop3: detected capacity change from 0 to 131072 [ 1187.411270][T17031] netlink: 16162 bytes leftover after parsing attributes in process `syz.0.3386'. [ 1187.437609][T17029] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1187.503414][T17029] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1189.015162][ T28] audit: type=1804 audit(1777479674.542:34): pid=17050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3387" name="/newroot/250/file1/bus" dev="loop3" ino=10 res=1 errno=0 [ 1189.167354][T17050] F2FS-fs (loop3): access invalid blkaddr:0 [ 1189.173625][T17050] CPU: 1 PID: 17050 Comm: syz.3.3387 Not tainted syzkaller #0 [ 1189.181150][T17050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1189.191246][T17050] Call Trace: [ 1189.194569][T17050] [ 1189.197554][T17050] dump_stack_lvl+0x18c/0x250 [ 1189.202307][T17050] ? show_regs_print_info+0x20/0x20 [ 1189.207568][T17050] ? __up_read+0x2b6/0x6b0 [ 1189.212027][T17050] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1189.217458][T17050] sanity_check_extent_cache+0xfc/0x1f0 [ 1189.223067][T17050] f2fs_iget+0x33c5/0x47e0 [ 1189.227560][T17050] f2fs_lookup+0x37f/0x780 [ 1189.232021][T17050] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1189.238139][T17050] ? from_kuid+0x7c/0x680 [ 1189.242512][T17050] ? make_vfsuid+0x51/0xb0 [ 1189.247008][T17050] ? inode_permission+0xf3/0x480 [ 1189.252001][T17050] ? bpf_lsm_inode_create+0x9/0x10 [ 1189.257162][T17050] ? security_inode_create+0xb7/0x100 [ 1189.262576][T17050] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1189.268708][T17050] path_openat+0x10e4/0x3230 [ 1189.273379][T17050] ? do_filp_open+0x430/0x430 [ 1189.278112][T17050] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1189.283831][T17050] do_filp_open+0x1f5/0x430 [ 1189.288383][T17050] ? vfs_tmpfile+0x490/0x490 [ 1189.293009][T17050] ? preempt_schedule_common+0x82/0xc0 [ 1189.298545][T17050] ? _raw_spin_unlock+0x3a/0x40 [ 1189.303445][T17050] ? alloc_fd+0x58f/0x630 [ 1189.307842][T17050] do_sys_openat2+0x134/0x1d0 [ 1189.312573][T17050] ? do_sys_open+0xe0/0xe0 [ 1189.317046][T17050] ? lock_chain_count+0x20/0x20 [ 1189.321946][T17050] __x64_sys_open+0x11f/0x140 [ 1189.326857][T17050] do_syscall_64+0x55/0xa0 [ 1189.331332][T17050] ? clear_bhb_loop+0x40/0x90 [ 1189.336056][T17050] ? clear_bhb_loop+0x40/0x90 [ 1189.340782][T17050] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1189.346728][T17050] RIP: 0033:0x7f31dd19cdd9 [ 1189.351191][T17050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1189.370854][T17050] RSP: 002b:00007f31de0cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1189.379332][T17050] RAX: ffffffffffffffda RBX: 00007f31dd416180 RCX: 00007f31dd19cdd9 [ 1189.387352][T17050] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 1189.395397][T17050] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1189.403404][T17050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1189.411413][T17050] R13: 00007f31dd416218 R14: 00007f31dd416180 R15: 00007ffdb4b563a8 [ 1189.419466][T17050] [ 1189.424046][T17050] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1189.479252][T17050] F2FS-fs (loop3): access invalid blkaddr:0 [ 1189.485544][T17050] CPU: 1 PID: 17050 Comm: syz.3.3387 Not tainted syzkaller #0 [ 1189.493055][T17050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1189.503161][T17050] Call Trace: [ 1189.506481][T17050] [ 1189.509459][T17050] dump_stack_lvl+0x18c/0x250 [ 1189.514184][T17050] ? show_regs_print_info+0x20/0x20 [ 1189.519453][T17050] ? __up_read+0x2b6/0x6b0 [ 1189.523907][T17050] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1189.529334][T17050] sanity_check_extent_cache+0xfc/0x1f0 [ 1189.534935][T17050] f2fs_iget+0x33c5/0x47e0 [ 1189.539418][T17050] f2fs_lookup+0x37f/0x780 [ 1189.543878][T17050] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1189.549989][T17050] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1189.555177][T17050] ? __init_waitqueue_head+0xa9/0x150 [ 1189.560602][T17050] __lookup_slow+0x2a1/0x400 [ 1189.565253][T17050] ? lookup_one_len+0x2e0/0x2e0 [ 1189.570165][T17050] ? try_to_unlazy+0x34c/0x5a0 [ 1189.574999][T17050] ? down_read+0x1ac/0x2e0 [ 1189.579456][T17050] lookup_slow+0x53/0x70 [ 1189.583735][T17050] walk_component+0x2be/0x3f0 [ 1189.588450][T17050] ? path_lookupat+0x15c/0x440 [ 1189.593269][T17050] path_lookupat+0x169/0x440 [ 1189.597916][T17050] filename_lookup+0x228/0x560 [ 1189.602741][T17050] ? hashlen_string+0x110/0x110 [ 1189.607676][T17050] ? strncpy_from_user+0x197/0x2d0 [ 1189.612845][T17050] ? getname_flags+0x20a/0x500 [ 1189.617668][T17050] user_path_at_empty+0x42/0x60 [ 1189.622553][T17050] __se_sys_mount+0x2a8/0x3d0 [ 1189.627272][T17050] ? __x64_sys_mount+0xc0/0xc0 [ 1189.632078][T17050] ? __x64_sys_mount+0x20/0xc0 [ 1189.636886][T17050] do_syscall_64+0x55/0xa0 [ 1189.641333][T17050] ? clear_bhb_loop+0x40/0x90 [ 1189.646058][T17050] ? clear_bhb_loop+0x40/0x90 [ 1189.650776][T17050] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1189.656731][T17050] RIP: 0033:0x7f31dd19cdd9 [ 1189.661178][T17050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1189.680829][T17050] RSP: 002b:00007f31de0cd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1189.689301][T17050] RAX: ffffffffffffffda RBX: 00007f31dd416180 RCX: 00007f31dd19cdd9 [ 1189.697315][T17050] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 1189.705340][T17050] RBP: 00007f31dd232d69 R08: 0000200000000080 R09: 0000000000000000 [ 1189.713340][T17050] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 1189.721342][T17050] R13: 00007f31dd416218 R14: 00007f31dd416180 R15: 00007ffdb4b563a8 [ 1189.729365][T17050] [ 1189.733761][T17050] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1189.949983][T17050] F2FS-fs (loop3): access invalid blkaddr:0 [ 1189.956657][T17050] CPU: 1 PID: 17050 Comm: syz.3.3387 Not tainted syzkaller #0 [ 1189.964171][T17050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1189.974281][T17050] Call Trace: [ 1189.977647][T17050] [ 1189.980622][T17050] dump_stack_lvl+0x18c/0x250 [ 1189.985382][T17050] ? show_regs_print_info+0x20/0x20 [ 1189.990664][T17050] ? __up_read+0x2b6/0x6b0 [ 1189.995135][T17050] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1190.000592][T17050] sanity_check_extent_cache+0xfc/0x1f0 [ 1190.006216][T17050] f2fs_iget+0x33c5/0x47e0 [ 1190.010718][T17050] f2fs_lookup+0x37f/0x780 [ 1190.015188][T17050] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1190.021322][T17050] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1190.026503][T17050] ? __init_waitqueue_head+0xa9/0x150 [ 1190.031952][T17050] __lookup_slow+0x2a1/0x400 [ 1190.036620][T17050] ? lookup_one_len+0x2e0/0x2e0 [ 1190.041559][T17050] ? try_to_unlazy+0x34c/0x5a0 [ 1190.046384][T17050] ? down_read+0x1ac/0x2e0 [ 1190.050861][T17050] lookup_slow+0x53/0x70 [ 1190.055154][T17050] walk_component+0x2be/0x3f0 [ 1190.059876][T17050] ? path_lookupat+0x15c/0x440 [ 1190.064711][T17050] path_lookupat+0x169/0x440 [ 1190.069370][T17050] filename_lookup+0x228/0x560 [ 1190.074187][T17050] ? hashlen_string+0x110/0x110 [ 1190.079093][T17050] ? strncpy_from_user+0x197/0x2d0 [ 1190.084230][T17050] ? getname_flags+0x20a/0x500 [ 1190.089040][T17050] user_path_at_empty+0x42/0x60 [ 1190.093918][T17050] do_fchmodat+0xde/0x1e0 [ 1190.098280][T17050] ? do_faccessat+0xd00/0xd00 [ 1190.102991][T17050] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1190.109013][T17050] __x64_sys_chmod+0x62/0x70 [ 1190.113645][T17050] do_syscall_64+0x55/0xa0 [ 1190.118086][T17050] ? clear_bhb_loop+0x40/0x90 [ 1190.122807][T17050] ? clear_bhb_loop+0x40/0x90 [ 1190.127535][T17050] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1190.133461][T17050] RIP: 0033:0x7f31dd19cdd9 [ 1190.137901][T17050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1190.157545][T17050] RSP: 002b:00007f31de0cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 1190.166055][T17050] RAX: ffffffffffffffda RBX: 00007f31dd416180 RCX: 00007f31dd19cdd9 [ 1190.174082][T17050] RDX: 0000000000000000 RSI: 00000000000003dc RDI: 0000200000000100 [ 1190.182103][T17050] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1190.190105][T17050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1190.198109][T17050] R13: 00007f31dd416218 R14: 00007f31dd416180 R15: 00007ffdb4b563a8 [ 1190.206121][T17050] [ 1190.211543][T17050] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1190.451722][T17051] F2FS-fs (loop3): access invalid blkaddr:0 [ 1190.459446][T17051] CPU: 1 PID: 17051 Comm: syz.3.3387 Not tainted syzkaller #0 [ 1190.467037][T17051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1190.477132][T17051] Call Trace: [ 1190.480454][T17051] [ 1190.483427][T17051] dump_stack_lvl+0x18c/0x250 [ 1190.488169][T17051] ? show_regs_print_info+0x20/0x20 [ 1190.493413][T17051] ? lock_chain_count+0x20/0x20 [ 1190.498306][T17051] ? lockdep_hardirqs_on+0x98/0x150 [ 1190.503571][T17051] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 1190.509007][T17051] sanity_check_extent_cache+0xfc/0x1f0 [ 1190.514606][T17051] f2fs_iget+0x33c5/0x47e0 [ 1190.519086][T17051] f2fs_lookup+0x37f/0x780 [ 1190.523565][T17051] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 1190.529684][T17051] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1190.534842][T17051] ? __init_waitqueue_head+0xa9/0x150 [ 1190.540282][T17051] __lookup_slow+0x2a1/0x400 [ 1190.544921][T17051] ? lookup_one_len+0x2e0/0x2e0 [ 1190.549832][T17051] ? try_to_unlazy+0x34c/0x5a0 [ 1190.554636][T17051] ? down_read+0x1ac/0x2e0 [ 1190.559112][T17051] lookup_slow+0x53/0x70 [ 1190.563390][T17051] walk_component+0x2be/0x3f0 [ 1190.568104][T17051] ? path_lookupat+0x15c/0x440 [ 1190.572930][T17051] path_lookupat+0x169/0x440 [ 1190.577578][T17051] filename_lookup+0x228/0x560 [ 1190.582422][T17051] ? hashlen_string+0x110/0x110 [ 1190.587361][T17051] ? strncpy_from_user+0x197/0x2d0 [ 1190.592534][T17051] ? getname_flags+0x20a/0x500 [ 1190.597360][T17051] user_path_at_empty+0x42/0x60 [ 1190.602265][T17051] do_fchmodat+0xde/0x1e0 [ 1190.606647][T17051] ? do_faccessat+0xd00/0xd00 [ 1190.611378][T17051] ? syscall_enter_from_user_mode+0x25/0x80 [ 1190.617345][T17051] __x64_sys_chmod+0x62/0x70 [ 1190.621988][T17051] do_syscall_64+0x55/0xa0 [ 1190.626461][T17051] ? clear_bhb_loop+0x40/0x90 [ 1190.631188][T17051] ? clear_bhb_loop+0x40/0x90 [ 1190.635915][T17051] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1190.641860][T17051] RIP: 0033:0x7f31dd19cdd9 [ 1190.646329][T17051] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1190.665999][T17051] RSP: 002b:00007f31de0ac028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 1190.674456][T17051] RAX: ffffffffffffffda RBX: 00007f31dd416270 RCX: 00007f31dd19cdd9 [ 1190.682466][T17051] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 1190.690473][T17051] RBP: 00007f31dd232d69 R08: 0000000000000000 R09: 0000000000000000 [ 1190.698486][T17051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1190.706508][T17051] R13: 00007f31dd416308 R14: 00007f31dd416270 R15: 00007ffdb4b563a8 [ 1190.714544][T17051] [ 1190.717912][T17051] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 1191.103266][T17056] overlayfs: missing 'lowerdir' [ 1192.265258][T17057] loop4: detected capacity change from 0 to 512 [ 1196.446182][T17072] netlink: 16162 bytes leftover after parsing attributes in process `syz.4.3397'. [ 1198.727826][T17087] overlayfs: missing 'lowerdir' [ 1198.820705][T17087] loop3: detected capacity change from 0 to 512 [ 1199.840932][T17102] netlink: 16162 bytes leftover after parsing attributes in process `syz.3.3408'. [ 1200.063935][T17104] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1200.076917][T17104] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3407'. [ 1202.204379][T17125] overlayfs: missing 'lowerdir' [ 1204.937729][T17144] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1204.945782][T17144] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3417'. [ 1206.099837][T17157] loop3: detected capacity change from 0 to 512 [ 1206.134129][T17157] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1206.197588][T17157] EXT4-fs (loop3): 1 truncate cleaned up [ 1206.249468][T17157] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1206.264108][T17163] netlink: 16162 bytes leftover after parsing attributes in process `syz.0.3428'. [ 1206.451514][T13148] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1208.382430][T17176] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1208.390506][T17176] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3431'. [ 1210.392262][T17198] netlink: 16162 bytes leftover after parsing attributes in process `syz.0.3438'. [ 1211.414902][T17210] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1211.430106][T17210] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3443'. [ 1212.281044][T17218] tipc: Started in network mode [ 1212.286195][T17218] tipc: Node identity 6a616f35b6ce, cluster identity 4711 [ 1212.293517][T17218] tipc: Enabled bearer , priority 0 [ 1212.347858][T17218] tipc: Resetting bearer [ 1212.468355][T17215] tipc: Disabling bearer [ 1212.494424][T17222] netlink: 16162 bytes leftover after parsing attributes in process `syz.0.3449'. [ 1213.195915][T17246] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1213.203962][T17246] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3456'. [ 1213.619945][T17251] netlink: 'syz.3.3459': attribute type 4 has an invalid length. [ 1213.628025][T17251] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.3459'. [ 1214.015476][T17257] tipc: Enabled bearer , priority 0 [ 1214.048350][T17257] tipc: Resetting bearer [ 1214.084589][T17256] tipc: Disabling bearer [ 1214.345882][T17267] program syz.3.3466 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1214.653729][T17274] netlink: 'syz.3.3469': attribute type 4 has an invalid length. [ 1214.665934][T17274] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.3469'. [ 1215.089800][T17283] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1215.097662][T17283] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3470'. [ 1215.496986][T17290] tipc: Enabled bearer , priority 0 [ 1215.527129][T17292] netlink: 484 bytes leftover after parsing attributes in process `syz.4.3476'. [ 1215.635062][T17290] tipc: Resetting bearer [ 1215.726416][T17289] tipc: Disabling bearer [ 1216.290166][T17320] netlink: 484 bytes leftover after parsing attributes in process `syz.0.3485'. [ 1217.245639][T17325] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1217.253515][T17325] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3487'. [ 1217.493773][T17334] tipc: Enabled bearer , priority 0 [ 1217.533764][T17334] tipc: Resetting bearer [ 1217.606713][T17333] tipc: Disabling bearer [ 1217.846155][T17346] netlink: 484 bytes leftover after parsing attributes in process `syz.4.3495'. [ 1218.099802][T17355] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3496'. [ 1218.733756][T17357] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1218.741840][T17357] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3499'. [ 1219.112078][T17373] tipc: Enabled bearer , priority 0 [ 1219.247734][T17376] tipc: Resetting bearer [ 1219.380054][T17371] tipc: Disabling bearer [ 1219.414092][T17380] loop2: detected capacity change from 0 to 512 [ 1219.462244][T17383] netlink: 'syz.0.3507': attribute type 1 has an invalid length. [ 1219.474911][T17383] netlink: 'syz.0.3507': attribute type 4 has an invalid length. [ 1219.507320][T17383] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.3507'. [ 1219.730783][T17380] EXT4-fs warning (device loop2): ext4_xattr_inode_get:546: inode #11: comm syz.2.3506: ea_inode file size=458758 entry size=16777216 [ 1219.935268][T14483] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 1219.975848][T17380] ------------[ cut here ]------------ [ 1219.982044][T17380] EA inode 11 i_nlink=2 [ 1219.995292][T17380] WARNING: CPU: 1 PID: 17380 at fs/ext4/xattr.c:1059 ext4_xattr_inode_update_ref+0x53c/0x590 [ 1220.011087][T17380] Modules linked in: [ 1220.015060][T17380] CPU: 1 PID: 17380 Comm: syz.2.3506 Not tainted syzkaller #0 [ 1220.023359][T17380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1220.033610][T17380] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 1220.040289][T17380] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 35 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 74 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 be f5 3f 08 [ 1220.060243][T17380] RSP: 0018:ffffc900047ef2e0 EFLAGS: 00010246 [ 1220.066423][T17380] RAX: 82b3f6893fd01e00 RBX: 0000000000000002 RCX: 0000000000080000 [ 1220.074821][T17380] RDX: ffffc9000e4cf000 RSI: 000000000007ffff RDI: 0000000000080000 [ 1220.082850][T17380] RBP: ffffc900047ef3d0 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 1220.091172][T17380] R10: dffffc0000000000 R11: ffffed10171e5183 R12: dffffc0000000000 [ 1220.099316][T17380] R13: ffff88805e9b18a8 R14: ffff88805e9b16b0 R15: ffff88805e9b1700 [ 1220.107751][T17380] FS: 00007f57fb1f66c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1220.117892][T17380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1220.124746][T17380] CR2: 000000110c3072bc CR3: 000000005e7ec000 CR4: 00000000003506e0 [ 1220.132862][T17380] Call Trace: [ 1220.136194][T17380] [ 1220.139249][T17380] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 1220.144966][T17380] ? __ext4_journal_ensure_credits+0x30/0x450 [ 1220.151150][T17380] ext4_xattr_inode_dec_ref_all+0x9a6/0x1040 [ 1220.157214][T17380] ? ext4_xattr_delete_inode+0xd10/0xd10 [ 1220.163083][T17380] ? __ext4_journal_ensure_credits+0x450/0x450 [ 1220.169310][T17380] ext4_xattr_delete_inode+0xb3e/0xd10 [ 1220.174893][T17380] ? up_write+0x1c3/0x410 [ 1220.179289][T17380] ? ext4_expand_extra_isize_ea+0x1e80/0x1e80 [ 1220.185594][T17380] ext4_evict_inode+0xaaf/0xea0 [ 1220.190525][T17380] ? _raw_spin_unlock+0x28/0x40 [ 1220.195517][T17380] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 1220.201481][T17380] ? do_raw_spin_unlock+0x121/0x230 [ 1220.206845][T17380] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 1220.212861][T17380] evict+0x4ca/0x8d0 [ 1220.213849][T14483] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1220.217103][T17380] ? proc_nr_inodes+0x230/0x230 [ 1220.233728][T17380] ? do_raw_spin_unlock+0x121/0x230 [ 1220.239298][T17380] ? _raw_spin_unlock+0x28/0x40 [ 1220.244220][T17380] ? iput+0x706/0x920 [ 1220.248370][T17380] ext4_orphan_cleanup+0xbec/0x1420 [ 1220.253654][T17380] ? ext4_orphan_del+0xbf0/0xbf0 [ 1220.258771][T17380] ? ext4_register_li_request+0x183/0x940 [ 1220.264564][T17380] ? errseq_check_and_advance+0x66/0x120 [ 1220.270417][T17380] ext4_fill_super+0x5eea/0x67b0 [ 1220.275503][T17380] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1220.281847][T14483] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 16, setting to 8 [ 1220.281870][T17380] ? __might_sleep+0xe0/0xe0 [ 1220.297185][T17380] ? read_lock_is_recursive+0x20/0x20 [ 1220.302746][T17380] ? snprintf+0xe9/0x140 [ 1220.307104][T17380] ? down_read_killable+0x340/0x340 [ 1220.312517][T17380] ? setup_bdev_super+0x56b/0x660 [ 1220.317628][T17380] get_tree_bdev+0x3f3/0x520 [ 1220.322334][T17380] ? vfs_parse_fs_string+0x170/0x170 [ 1220.327684][T17380] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1220.335128][T17380] ? setup_bdev_super+0x660/0x660 [ 1220.336604][T14483] usb 4-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1220.340197][T17380] ? apparmor_capable+0x137/0x1a0 [ 1220.340231][T17380] ? bpf_lsm_capable+0x9/0x10 [ 1220.363186][T17380] ? security_capable+0x89/0xb0 [ 1220.368106][T17380] vfs_get_tree+0x8c/0x280 [ 1220.372593][T17380] do_new_mount+0x24b/0xa40 [ 1220.377323][T17380] __se_sys_mount+0x2e7/0x3d0 [ 1220.382075][T17380] ? __x64_sys_mount+0xc0/0xc0 [ 1220.386956][T17380] ? lockdep_hardirqs_on+0x98/0x150 [ 1220.392305][T17380] ? __x64_sys_mount+0x20/0xc0 [ 1220.397184][T17380] do_syscall_64+0x55/0xa0 [ 1220.401646][T17380] ? clear_bhb_loop+0x40/0x90 [ 1220.405843][T14483] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1220.406621][T17380] ? clear_bhb_loop+0x40/0x90 [ 1220.417763][T17380] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1220.423720][T17380] RIP: 0033:0x7f57fcf9e04a [ 1220.426622][T14483] usb 4-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 1220.437313][T17380] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1220.458134][T17380] RSP: 002b:00007f57fb1f5e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1220.466867][T17380] RAX: ffffffffffffffda RBX: 00007f57fb1f5ee0 RCX: 00007f57fcf9e04a [ 1220.475012][T17380] RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007f57fb1f5ea0 [ 1220.483115][T17380] RBP: 00002000000009c0 R08: 00007f57fb1f5ee0 R09: 0000000000800718 [ 1220.491263][T17380] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 [ 1220.499313][T17380] R13: 00007f57fb1f5ea0 R14: 000000000000048d R15: 0000200000000200 [ 1220.507436][T17380] [ 1220.510542][T17380] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1220.517875][T17380] CPU: 1 PID: 17380 Comm: syz.2.3506 Not tainted syzkaller #0 [ 1220.525374][T17380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1220.532189][T14483] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1220.543485][T17380] Call Trace: [ 1220.546803][T17380] [ 1220.549763][T17380] dump_stack_lvl+0x18c/0x250 [ 1220.554489][T17380] ? show_regs_print_info+0x20/0x20 [ 1220.559745][T17380] ? load_image+0x420/0x420 [ 1220.564310][T17380] panic+0x2dc/0x730 [ 1220.568260][T17380] ? bpf_jit_dump+0xd0/0xd0 [ 1220.572820][T17380] __warn+0x2e0/0x470 [ 1220.576877][T17380] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 1220.582922][T17380] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 1220.583846][T14483] usb 4-1: config 0 descriptor?? [ 1220.586439][T17388] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1220.601043][T17380] report_bug+0x2be/0x4f0 [ 1220.605451][T17380] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 1220.611497][T17380] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 1220.617525][T17380] ? ext4_xattr_inode_update_ref+0x53e/0x590 [ 1220.623589][T17380] handle_bug+0xcf/0x120 [ 1220.627886][T17380] exc_invalid_op+0x1a/0x50 [ 1220.632423][T17380] asm_exc_invalid_op+0x1a/0x20 [ 1220.637311][T17380] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 1220.643945][T17380] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 35 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 74 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 be f5 3f 08 [ 1220.663618][T17380] RSP: 0018:ffffc900047ef2e0 EFLAGS: 00010246 [ 1220.669731][T17380] RAX: 82b3f6893fd01e00 RBX: 0000000000000002 RCX: 0000000000080000 [ 1220.677727][T17380] RDX: ffffc9000e4cf000 RSI: 000000000007ffff RDI: 0000000000080000 [ 1220.685721][T17380] RBP: ffffc900047ef3d0 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 1220.693727][T17380] R10: dffffc0000000000 R11: ffffed10171e5183 R12: dffffc0000000000 [ 1220.701813][T17380] R13: ffff88805e9b18a8 R14: ffff88805e9b16b0 R15: ffff88805e9b1700 [ 1220.709861][T17380] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 1220.715538][T17380] ? __ext4_journal_ensure_credits+0x30/0x450 [ 1220.721637][T17380] ext4_xattr_inode_dec_ref_all+0x9a6/0x1040 [ 1220.727664][T17380] ? ext4_xattr_delete_inode+0xd10/0xd10 [ 1220.733340][T17380] ? __ext4_journal_ensure_credits+0x450/0x450 [ 1220.739539][T17380] ext4_xattr_delete_inode+0xb3e/0xd10 [ 1220.745034][T17380] ? up_write+0x1c3/0x410 [ 1220.749398][T17380] ? ext4_expand_extra_isize_ea+0x1e80/0x1e80 [ 1220.755520][T17380] ext4_evict_inode+0xaaf/0xea0 [ 1220.760409][T17380] ? _raw_spin_unlock+0x28/0x40 [ 1220.765295][T17380] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 1220.771219][T17380] ? do_raw_spin_unlock+0x121/0x230 [ 1220.776447][T17380] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 1220.782364][T17380] evict+0x4ca/0x8d0 [ 1220.786316][T17380] ? proc_nr_inodes+0x230/0x230 [ 1220.791205][T17380] ? do_raw_spin_unlock+0x121/0x230 [ 1220.796450][T17380] ? _raw_spin_unlock+0x28/0x40 [ 1220.801344][T17380] ? iput+0x706/0x920 [ 1220.805389][T17380] ext4_orphan_cleanup+0xbec/0x1420 [ 1220.810646][T17380] ? ext4_orphan_del+0xbf0/0xbf0 [ 1220.815612][T17380] ? ext4_register_li_request+0x183/0x940 [ 1220.821379][T17380] ? errseq_check_and_advance+0x66/0x120 [ 1220.827058][T17380] ext4_fill_super+0x5eea/0x67b0 [ 1220.832047][T17380] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1220.838319][T17380] ? __might_sleep+0xe0/0xe0 [ 1220.842939][T17380] ? read_lock_is_recursive+0x20/0x20 [ 1220.848350][T17380] ? snprintf+0xe9/0x140 [ 1220.852639][T17380] ? down_read_killable+0x340/0x340 [ 1220.857892][T17380] ? setup_bdev_super+0x56b/0x660 [ 1220.862957][T17380] get_tree_bdev+0x3f3/0x520 [ 1220.867677][T17380] ? vfs_parse_fs_string+0x170/0x170 [ 1220.873031][T17380] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1220.879318][T17380] ? setup_bdev_super+0x660/0x660 [ 1220.884388][T17380] ? apparmor_capable+0x137/0x1a0 [ 1220.889541][T17380] ? bpf_lsm_capable+0x9/0x10 [ 1220.894256][T17380] ? security_capable+0x89/0xb0 [ 1220.899139][T17380] vfs_get_tree+0x8c/0x280 [ 1220.903586][T17380] do_new_mount+0x24b/0xa40 [ 1220.908137][T17380] __se_sys_mount+0x2e7/0x3d0 [ 1220.912873][T17380] ? __x64_sys_mount+0xc0/0xc0 [ 1220.917661][T17380] ? lockdep_hardirqs_on+0x98/0x150 [ 1220.922899][T17380] ? __x64_sys_mount+0x20/0xc0 [ 1220.927690][T17380] do_syscall_64+0x55/0xa0 [ 1220.932145][T17380] ? clear_bhb_loop+0x40/0x90 [ 1220.936847][T17380] ? clear_bhb_loop+0x40/0x90 [ 1220.941555][T17380] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1220.947479][T17380] RIP: 0033:0x7f57fcf9e04a [ 1220.951912][T17380] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1220.971545][T17380] RSP: 002b:00007f57fb1f5e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1220.979991][T17380] RAX: ffffffffffffffda RBX: 00007f57fb1f5ee0 RCX: 00007f57fcf9e04a [ 1220.988004][T17380] RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007f57fb1f5ea0 [ 1220.996016][T17380] RBP: 00002000000009c0 R08: 00007f57fb1f5ee0 R09: 0000000000800718 [ 1221.004013][T17380] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 [ 1221.012005][T17380] R13: 00007f57fb1f5ea0 R14: 000000000000048d R15: 0000200000000200 [ 1221.020011][T17380] [ 1221.023623][T17380] Kernel Offset: disabled [ 1221.028060][T17380] Rebooting in 86400 seconds..