last executing test programs: 17.989684351s ago: executing program 0 (id=427): rt_sigprocmask(0x2, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8) r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x5, &(0x7f0000000400)={0x2, 0xffffffff, 0x1ff}) tkill(r0, 0x16) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 17.694629128s ago: executing program 0 (id=428): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='westwood', 0x8) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030000000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x4000000) 17.010901397s ago: executing program 3 (id=432): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000481000/0x1000)=nil) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000488000/0x4000)=nil, &(0x7f00003a5000/0x4000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00004fc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f00001c6000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) 16.907600491s ago: executing program 0 (id=433): memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f0000000100)='\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='map_files\x00') readlinkat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000540)=""/76, 0x4c) 16.693943131s ago: executing program 3 (id=435): r0 = epoll_create1(0x80000) r1 = socket$unix(0x1, 0x1, 0x0) close(r1) socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa0028000}) 16.596474299s ago: executing program 0 (id=436): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x1800700, &(0x7f0000000340)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@dax_never}, {@max_batch_time={'max_batch_time', 0x3d, 0x8000000000000001}}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0) chroot(&(0x7f0000000440)='./file0/../file0/../file0/../file0\x00') pivot_root(&(0x7f0000000000)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000100)='./file0\x00') 16.392013898s ago: executing program 3 (id=438): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) setxattr$trusted_overlay_origin(&(0x7f0000000180)='./file0\x00', &(0x7f0000000000), 0x0, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a302f328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d1ae7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abfde85f1124e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9caa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13766204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edce6c85cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000440)={&(0x7f0000000340)={0x50, 0x0, 0x4, {0x7, 0x28, 0x0, 0x8010, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x10, 0xfb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f00000007c0)="a2e2a159075e75837324ab175a58f1f5800ae8a07763cd2d8bc6652904a07970a0af80b38c34708c1bb11cbab8f2382ac68467f71abf12b4adf620243dfebaceeaad8d7673e10b5a828f5d54fc3f81e04bce5a3a3a3b24d0927d7c29c7bfc031b2ddb33d76ad6609ed094845c149b16d46e07c79116dad6f2cd20650f3ee6f8bf2912d3a618219f033ce7bdf62e4e4ab3b8513deb1316b858bcdc1d42eca81ddb684d3fd6b28def22b4e556cdfbf155242b36fef20e3f8329f2be22a0a9b4fa8198140284edc8bca7e626a57beb5fba36d4870b60ee19ddcd8bedf5a660f7d2c6ed11eec46428cf7791a6990796090e473ba7a91c1e384dc43ea5b27ee50c0a6bb6eda84c68628300ab62d05cd4c303f2f3fe112ee6010262f671a2f9ee391974f20eddf984891420404708f6f2a3cae26f32a76e3cc2821347f9c3a45698b2e50033deb5363787d8a8e5b91c58f1e509f22255dda8a49678cb2bd751ded5207110c8291fe4c1fbce1d5c3d34e20a482fb39280aa61697a7b6b56372633211630cef287623eb7ba9dbbaa2a6bea801a5187e980d0f72bed914f8f3f46e57719c241dc8cfcb80ff170feb562d81863c11021f7a153805822e8862a3e55ba16791503e278dfe65b0327ab56782cca69958e069bfc64c8ffc3988dc5b5ea8af3eaf18c46773123f63688196c62fed1f423a7f838d8c247e1fb214febc6fb95e2602c9177148029c1d11f80feb224e31b5ab9686a16d5e5859069c30329c71bf55e06d35d3620712b05a2cdb960802143ac4eac665337c8c03a60131d61589ebfd6ce014143a22c3c81a1bd75440bb1c6d9bda38f3ad3f6103042deb2a1ffbdaa0c132417c2cbb4f0dbc8b37c918ce0ee2d212f9acf9f4cc79aa8246fec873c79044327cecb53e17a2b259d3701b649c5cd8e874e7423635a029a0fbdfe0a57876eb52a6f50bef1acc4169724cef34f038bd6a7f57030bef5092958b141ded42b7eeefb65df0c39e0f6f37d0a8652e0d0fae71ccb738fbacd5dc0480065a703c328cea0da4204865802f0704bcbd438c5a7a342ba218a47dc4ef36436af4fa6ffcf9bf5281f8b402714b01696b9c2ecfb069b53807922cfbcebd3dda39f6bd9ddace2dd7aef04aea22d7690787f1516d63c229ddece143a5ee89190c36fd188040a89608b3ab7508847dc06bc250761ad071265ba5d61ea6a00b0576fe43917cc22809b5bdb93467920ebb5af1f86c2c19cf0113536a8dcc763d24a66668fc5fa53b7400d84541860f7eaef3d66ef2af76b7385cf2d0816738d732f60db684f0caaddc26603aa6aeb32ab7fb8ca470c4c9160e7803d095388259f326e869dd87f849c9ec11564f2aac3267595f623d92c5b32817c003065a46c6259b430b9740701b9e9a43db247756b096a727c40371e14a0b821ab392073f9427faf82b15b5297f97fdfb6d99a395d4da8d71ec7b3781ff183967b9fe3631f9aea44fc63d966001a7dcc606f7dc2d4973a45c059c57f6ba38ec9efb804723abb3c4652fa0901c7b879150fe21a70e701fdf3c241c5bbbc02c2395d72a95bb987b7cda7cae9d1c998898a4a8723bb8981af0984c74472859afab221b128d6e2e3eeef763b8c10d8605d4755a7d3d26a219bbaf697c362490f8583355d1452c11af85095f59ef1b57cb4c971494498254ae8637c9d2f28ca5e5cfd49f9ca9b3e116e21b887f1085fb588aa5be1fa3f50d90bd3fb678bf590a4376e60522c9d52f796621d22aced6f72f14cdff1aa90da09995b7a7a8f419598f86dc7910c4a0f6ac7687cc3d7a5d34f0008e09ce5f48a80774ea2d1b4e7293feee01065dea352b60efaa5e2e332670b5762a2b580da668ca560a7dd34c44d1cd5f14c1b2ccb832c979ffcd41cfe4e0c7dc0de66100762aaf6f82a8bcfb0a51a72aaaf47be59744b389d3369318547b12ad1c4ada9ce0bc02e619094b5f07d1d2902ad0a341f8f57354e756ea4e1655305e9b6d053465d736c6df48d01b843764f1b6b9006bc740af4fb8c7e9bddeba99ab03a85e55c2ed7c72d5807a296042b27023b5bb345587cbadc9c845951b965aa28908062eb76e3c07da87b599e0870fabf5328b96e119b4f7253b161ef14c0a1cbb278c314784234fd41481a1850f5422e44e6753803f96a74c3c9872a1f580f0c08328c4ee57f2391af89106916bacf3d0244251b83bcfefddc7b414983b8010445131091c9c84bf51e8f1f4e64e87767931859fd4cb040d62a1be4468e26c103a3839087d4fdaf13e033f2319ef62e2909feda0949e25a89a985de57aa14ea298439811ba71d124754e6e14176db47a671a810b958f6151ad569fab60afae999622acd18a6b9ad05984aee1094e41ce591bb428e0199c9bf680d9ed970cc8b5efd7600edce61feb73d423a57d0bdd2e832e3e19ee3e6a57ee841d96c2e9db571996f173cd707864fa3e106eeeca417cbe9b95755df65c336a9349c320e55b84067270b239fbd46360a1723aaeeaa53d718c6db842f70a2caf2d049df8515beb377998e9a82fc6cd701f2e241787c5548f5d2cdba504390ec29a081601e9f652b2f0c8375f49f80ea556870e1edbb16615671a07399502a6917cb6c7eb1662557594da93406d61bbb50a96d79df869488a4bfcd9ff2ac562bd7b7d9c580af0f1eb5fff36489b1210d6b6e6d079799050a8f52dcd3c1a617c83a4819485cce3dfa5c028277460e56bcf80a3e47d2d0ec35a49ee640454e5999d9b5392c1d02b4fb5ba1b2b5390891f44b27be33e3e3672a96bbdf7528f70f22207ed78208fb8fa795eca1fd6f02483603ae32568957a0527bcd7ea6841c45fbbe58d27c41f29dce9c3d0fb4c93bc3c7b3bafcefb84d7123e06de37f2e84a8d2b4a5e51f44796a9e6d0e22fa6bf6ae0ac295664dfabc27fa1f2aded7073dc9096b6b449ba71294e5c968be449e10c14957833e99e1195eb843d87a95113401e4abb74795b28f76d8ea198628c5ce4d7ba131d3cd63f3847a3dce85bd2d615aef74e7c37cd1de82accb20feb30f263e05a4f810f0805fec1152eb0b871178bf0d88bca7e0bfa89d5a1d9ff496ac1d9b364749868e20d435d102b5ffcf3786e480d8dc40bc7e93e49fb94526cb4de45239ddcbf6c8224b3bbefa35bb0c9793923b7a298f6858de0ceb6427d776924b3e541901c04e5d50a2015fa6960ae3842d1da00e543d4162e1128d48e625602111ee369c6967505ee82f79eecb014e92fb3bd552846dac439c7e99e15ba1d11d3be624fefdc5cd27619d724ead06d11165864cac0194eba02db1593667b5ee9d8d7cfa724a314fbeee7e9f20be9dba61476a7df3b53cefa959c5ef4efc0a42677a1bfbcf52263006569f9fb5adb5996889304beb0168e322b6fc03cc6918a99a485cd267294be92717787f88db4f06a00257a636683f8fe57b1b2dd650f016a2630466099e959bd619f3dbce138df6d676b2f1b3c847f4562b9f2eabe9f6a55342452a36562033032c895f86d52967940039e1b79177772159e1aeed9a44cdc8a0fda9d72116f16dd88c4e310b991cba0368ac324a1d1c8b4afe03d22ddc094a311527ee46371e3d9895a173892b63b9caeb936fc8767a154a43d13c940409d087465393967841037e333a69667498d04f5c64fc70f6b15ccef77a143c1c19294769348ef29aec8c02a98ed7dcfbc224893bc5ccee8c23dd7d8abbaed587d98e290b256ad37d8a60cd3a23c2be2a8efb3a2eb1e0dea6af9a94b39dc2b019ac37735bd5b238fc250b2cc626e2a360567293b3c81702c06e8e0ce0d13ddd696fc7e969ead4c04948eeadbee3987b622428870ebbbd9f511512aef40d51e6d94c345227e4d5813c3b88c0595db4591767f032c72cfdb3280eb5afe7ba5e49d44fa599a52202a811c75342acccba74bbbd7cd629aa51b7e0cf9ec7f62c32d7a7a6b7e05ab232c07ae1525c4db403a16562fdcb09f1789ac4caf2dd51dad83ed70fc5e398b79a37fac1a5c434798c393ba7ac1bf17fe2fbef465dfed25b01d008cfd734685e254ace47535e1eae101f2f904646f77788cc43fdddae8fe264fd3d2cd402cfc82f344eeb1c0cf76986a0241ad4b9fe5da9d87fb126df572b8f748f37bae15f2dafa6abce013807024ad9912b01cdb007d75724ac52cc75fc8ea881fdd3ef8e361248428f4d0cac019fcb97daa732675d9011bfe2a2a48cfdef92cdd99e3482ce0dd3df577ba24eb9bb178031d5749e12e64e645ee284d425c6cd02a1b05d152e5649ac5f263e1f7085ad407451fd3feb8a423807426e60832daa9b5e20714c3348e753c6d98293b43fc0ce8e2d6ad20e7a7ab4c10ce18af9ae0a56b8a532f5404798ddc7e78c2ce8aff1a66b0fffd5404901af1c1b97732213c0f7044899c5d8a109fd5d2eda3d13569afcb2d34fd09aa8426759825151f0cbfc2869c16b6ed5bdbfda71966340037b8060f6f7cfa63f90a5ae54355fde23fd9ab9f4a22b1d91e42219832f6a09c091f41d6f7717464b9ea667f88d08b22b4e56e2ca727af24f0a6243b0befc4b4dd98a6ab6870fa55b14ae7c100cd7c84ae717a525f3a257c2310dac10afecd85fbc0a11b903cce663acb48369fc2f300179c4b3c7a5314a505be2637f7bb8abc6c92713754574152c2116a82a5c071f5d5dff0d086dbbd814abd39b16b4f151f8fe9fdeb3e52f3cf9c29a0c6665dd9ff5ab190d02d0555fb78fa6b63d91664f3f52b57256fb7c6ff2f37fa79367df467b3284414c04b521e7f86ad9026ec8643d96cf8e73da7244179081c98c1525067ffb0e41a4932e02135b1323b9a5d01555a2215f1634db5cd770728add4ef83e2832428026ea807740778b67542879d96a5d39325610a39af08dd3786771f1b51b909ac3f493df656b965cedcb46aba6c24a6de7390169f28b0b4e60115f4eeea03b16a74ec956d7d48f5389881d04314efb0b3279dff20ff1aab0ced2f0070857d44b41dc9a52ea961a487284a203218aeb1affc595653921b7709eb63bf1b53a6f4b24f754c3aa277473a5e5370818af18e5c9a43ac51978365bb64dbb41ff418bbc697ce867fd4add91f17808b4874b0d2b5ae2777e6845f5e405a8b2758c05fc555722a4009ab63c9fcecdd1874fcc287308a3494490bc3a20721b70cf4b81d8322dbee526a58d0ee448931eb8d94630b99c7f1f752c7c8e1fe4309b30c9b36008ea04592a1ba4705e4a72697be0de29d8bd9026cfd0b05226a782ebababed3b543d7affd67c3bfa8b209741bf151bb68d4d9734747a1dadfda6702ca89c62ce62d7b894704fa04ae5c00674af425a20ac0d9f0e7f96688a3db7cee7fb283ed9b50fd494ed83e413c443ee3d09c7aa5be1aac8e3d0ae893c72410f8d642e7fd1ddd5624087b44393fb214db2773f8eb4d9f1bc070a2ebec5e083b2ccff52ffc6ce0bcd5682975a85e27c662a83a1ab5bad656bd9dedb99ff510bed9748c6011fc0e30013c1deb428696381516e3c453d1fcaac96c93ccbdcd4ca2ad4e0d4adcb257b665f21694c8fc537271cd2b83a21b6e612de121068270b5abe60aeae845f4dcc6cc46f2cbc13444d75a6da601c68d25fe580c92d1f2417f1b241aff713626b24b25558a7d92b3b39064b5fd942bcc9c807ed33ee0ccdb41745cc582f002a0831d0b53687d520d1a75c40320e4e942d890c83f147c022c5b31f0eb2c784acb0d2e82f85b00df3f191d048b16585681c1b10783fee11c79c2bb5eff21568351fe64ea8594c34d62a3d87ab242668ddb906e6dc3312bf82040c809c91177a956c28cb12deeeae125f78a0b6fe4e5e0af947ebcf5684320b44b57c7d32db75f69d8a0fc02464e5e261e5bde0c8c3a11c1f9678655cf38634c72f9f7306989b9062072f6040e0a13f72c9f122ed9ffd9394d9b62b7899afa83602f2691c1443e68b23de8acb5cfe0a18736372f7f9bbafaa2043eb3ca522a028ecffeb32d05c61cff503f62b7f59bee2e5c339917c1f866b1e6df6f604d1f99d46a9c586d1b174ea78bd3e82c0fcf1065725fe95ae6fc9b6774155e1b315e50512428d19e56e478e31e236af95c81e7d481c8aef80e16d5a5109a8004602349b748d8bf4ae90e995870ae6e46be8ace8237d74f50ddbf572a71ab31266fa228c9a5a203796f4dbb5619b572be35da5520a812fdefb482692fb273aa94768ebda2e60abdf3d28030acddcd9434aa7f64f32f28644dd276791667de06eada168236173121f38a57ef171d700299097716604d206b2855d75921e0e399effb691c32586e085ed56cbaf522048c2c32f8214ac3d760ac77ff15bf86dad56654c5f15f61aac38f9198c92ba4415b9e0dd8c03aa4e5e17780d6c3c6c9bcd32e74c3e790dcab41e3f374501c17d8f503284a730c4637c8db103685afd56df5efae7f85bc4c7c4ad1a0dad86234ba0829dd66a228ab91cfd365e309773b2ab53ceb9e0002f89cc8202e35c820ca6525fd9613d6d91bfdd55376b6ab1ad744ed4f1299cb43defd5940537d427536c514af797cbd9e8ea9c2e763b1264c1f59caeec162358611933e76397f8f98b2abceab73b5a7dba6712016495341e1b361cc7650234220512e49bad02474dd00ec73ca383db95bb0ca74888165e85d85e1a22e9229b8de6a1732e3d2ab99e5d30ed184d12060a73dc852ed3e850038b1186cd04de74479119705180be1d8b6bc892123c57be34c3e6e37fea1529131b1f9119302594ab932d44f6b3186f736bdcdcadd426cef86a30b8441bd2cc1ec7fce628ffdacaba233d7f90d1979e8c3978123c4d05006bbf37bfce58c9a7ddda0e7855a53dff472265ebfd49a82e359b69de1abd7dacc5c3692b3891994e6ae0039c6731c30e84076736bf06ac45d36edc071fc1f23ff3da3c8573f3ceee5b78a94e1460dcacee1c7604818ccdb9444708a522670a836b74ebf8c4d8c0f249f3332af2fcebc6cefb365bc0924e3acb29022a78a001fa67af7a17f277a284fe6893113e26d61075ffdb444e3d53cbc0212f79fd808e74a61f06706e6653bdb4c587da247128fc346b1fbbb246d6f31de06464d174fb2da73a175e4d88f84f73f94c374fc3a47b1fb7d5f62c155916aafa2b4931a0b18ba98d99dfda4438aa8d71956bdc6475f9f48f5ac695aad7722e4f00bfb94881ff66f7a9483700d2f396f9e6ce8778ac1af6866b70b8d7d56c5211efb869333141a985808d640ab5d48ad1689cc566ebe6ba8077776a6fd69b1fd86f53deebe903c2e783f4f7b26f07332a4e3b0207ba4e04bbaed9af71a1550197292bebeacb0f279729633adfcd552d06e26c63ec470ab2f5316e0bb83542fef05592f4542a49688ed88b932bfcffd83f67d72ba24cc63857751e1d2a4bd9d85ac9ee18c5f2aff9508c09ca795fc88dc5bdce6613b3e6d5cf52fdd4065f4d48df7272816fdba6a6ab8d1110578af50e53fd2bd9d3a92d22ca1eb30b5fc0362f72c078dad39f3a262c5f2e8e3273eeeef9045e22544c4f624af0c80cf50dc707be5eadb8fe6a807dd104899a8dfadafd3fd5ddc487ccd9807067fac8e51e5e5f5f9bf90adf36e0eeed69eb5addf0f88771b2f8e88ec7dcd4c6da87408c6a294067ae1670fc35e450fb38cb933d3bf5631cce9853b9b69326f06714c68f40fb40bb4c7a780708260d4c7b6d3279297f2f100f7ed119da12219d8316bcd30df2f096d50d19e1991cde1c207a0f95069022f29cbcc4c762be50dfb587924f61d06eb44687a92de230a064ecf901dc18974281a8de4ee572d0bc7f650d968832a40f966ae03560971f5bc1c817d694f8a9407c0a656f6d369aa1dcf75db35e82461e108e75cbebde10ccacd2012aade4ce9eb293fe9fa0e4053a01609d5be20e44001e7301deb0d8f25e78cb6f2e50b2b29c9f98832ee1eaaefb8d9cc6d0717118bb61a4a742bfb5740397ceb583b13482479b96dbccbf5a4698c4e385f0b3e49be2a2cae4a99a0a716a7ea6a4cb7936f7aad5d38a7ae6f63a63abb1de666aaf5a4463dc77e0e5a91d8ad0489e259982e7f52789d3f32421feac68bd244517d58b811ec878a2025b8397b21af72162b788c46923aa73f5c843ad55938ad9e630167892566ba8addb25a5d4c4ad3a0156a50aacff488f537be6fc4f4e9c7ab3311a3e6bbd84b919e4aa77e5e29fed53ed6faae1f2dedc8c7b4a149d3fc3d00be7f7a9960f0ec999b69f197a589a79a05e6a8585f7ba1808a2167841baff3b6687cd195890acc49250ed65c60b3b16abaa9c09cddce9158297aeb1a176af758dadfb921f1229e2fa88814a889ead1e5b668f7ca88d8e8afbece83e225ada0553f753f5081461af6be98072e7e361c87492c394e6f0ed38f5d97cbc6b36a3a9d9403eb609838c78e567640b78354c5c6135ac9a1a31910fadbf399df2db018333f7d237812094a32a0500dc064407f236106d0d4407b0f779ef304a62396b738b9bf7f0727fa496a9ea293ee62126c815eb9333472aba255f40f2260ce99b3c8afc97504717774f8789792367bc8105a422502a4dea8eae932c1637fb0c9f72eb56edf68fff0cb06599596635174f58d6ac1afa3652d3c62c58077edf01fad9eb80bd2ecc0d90d80a49427b554accdb440dda4eb236ef8237630d5ccad391c3494faa2274ae1249bca1f37079c95d446e26fe779c74719719953a6e41d6520b9091849ffb2e596a691cb98510337587fa1296168906b41293612381d3853f43c6b8a2d217e8dfae01e837f587ca55045c9becde5e9ca26e638452e1a83f05cddd79f11e4eb18450b511c2d16ca85ec2c7c63f7dde6ced440d709dd5cf9c44bbe6d1f30fd828b15b01fb49aee11704d4aa8346cdd40cea8b8cd44dd4e0b48781676020070fbf0bafce6cdbd26eab1f34cf72f1beea1b0a9b718635e1e08bf1a8eb3fb36ef2b69c90fa16b3c852e22e022a742b472a2a630288a946aef9bff13588fd24ad40a1fb719151fddc338c3bfc20808b5a1e049cf453e13591c9e1c5700c6e3c460c46eff976d1daf34f6ab0f5a0a8fa9c15437a9ec4f6b690b04d99592c65d094869b4e1b4db8beb4c6dc4ff269fb270a87b536621c7f850b400f7eec0fb72bfea735cb466370d6e99d1e9beafe62c260bef10e5235b0a9e97c274fe2b2482dfbe0787facf6f4cedb80555d51345ce6a99bcd4c703d9d5ff52c36bda2ba1bcb4792300c493d8de385b92154c95eaa76da00c551a7248ea7a4e594b0de24d94950415085cff2e0efc60a3d10f8c7140a3a3890ceb95f07facead703e432c91aa72ef7ece249082624c35e88e37b9483cf776a3be16703a6125f1be55b9ae2274adb6cec11cecb1e82cc0107807112c206bd80ac75ab293880ac5ceb8c6f8c7e0c2618554147dcd149d4e5af769a25c988a308ae583158d19d5ffdeddac5c9e9f7a8b2203d0381e6cfba80f967005375006e75a616a7345278db6b1b63b831719e318288d30ab5efada460cdab2f9e9f5ee2586b802b970dd91bd3ed1e53a9895370ed14abaf4293123a2c96bbe19a0cfca70620f9932315300b1d260edf2b8fce1c7f527a58ce722603891bea7c54022444e46529fba511fc70af8752b71f18c8ec2d063639f6c842f7f4aa90d6a01a797ecf3cee95455d298051ffaee72c82248fbcce173db21d957670c32f6195c1f78dfccc2cb952e5821d88aa47509ac58151027feb001c9e9523d0692f04ce4f048aaa15a5df13a86d8e157a1ef773123202ae3aa95c78e75f6b5d4f37839ea86daed6c10c5aab3bef5293ff3e29955cb8b30cd1bef99d9456cc82de1082077e5c9a4fe249c897ebd56ab99352f7d29e4a0b8e2dc02cc61216b19f2ade6cc0e7137e7a51cd121d0f0b4cc0b8cd7212620022505802ee494741d0c7e24828e2534aa8a89600fb1bac9f1614c228813ea354665be7d4d41f0e619ecf1d4cae919c384970e57441501f2626fa78dce5ef14ed98a199cc610814aacd5a6e3638e44624b7fc12299244945f046bf2d5b55980d98005c90b5ee133152ed52712f4b5961ce16383d1f112b16f59e24befd11d4a3a1b8ec15f05978b411533d44032f708658da71df233eb97ecee6edd4c7d98645319920715d3ed0f09105f2407903716b6bc0e99d099db25d1366e4282019e46d6649bb90a1480cffe4edb767bd3ad64d423eeed39c19fb0f472b2dd78f2a9525ac88660b114e719b8d7723a0465b9d95bcab703d9ea6447bf739d2c996aeacd0d2bd3bc99aae467e3f0fc3752f33b9a0508d1a88a5bbfe6a73fbea2a81112dafcfdc9e69981e1ea661f107bc27cf63e11ca0d728e092798e9ccb933d57d2030cdbad244ef2a30fec387f4a5a77a854ef6460322c4636ee22f7dba78c1e0c137b611cca7c26c2557cf8c9b26d36fc15627dfa0ff5d2e73123e3354e4073e8484b39b33dddca06338b5f974ccc744d4428e1f81b8bc041693fbf09c858c604ac0f59293de57e8fc2d8ee198feb4ed9812e22356819c5a3117905a100e0b34135ca5728a26d682b6719c41fa9ea317c296d4d330c7725dfa03ec86f922c715982eb6d7a2daee555f35d3c4dce2e24741addc04de2c3fc4bd54a7ce5291317777ecdb0905605f52d1c3b21cc3d5b03712587ce4ece01644e6d3ba77f03a60e750f44e12da8fa228f016b3291dce24b0906e754bdf12ae306db65520b26372951a4049a0f7ce9e551b3d4988f6979f966533ae480ca0560d393c4b843fc218badd8571479f06100dabb0b2f76003a1a4340cdf5fa8cca3de18c56de34ec3a8121316bc82c675d37c3dd5b00e51a09298dabdcd2380a81f2dbf8a5faf7250b2b658c1da30b84d19c518c061565ed3be70a66f78f1a5bc709b7d5b32fad46eb40d6d7192e8ec62df7e8d474565812303c1ca2f3d09f65c18e93426cb7e8cea70c061fdb2629490cc0ae83b181f5b3954bf1efdbb5df4940ed9ec4c2341a228607aab95c76f0cf3002dd4c66507f25a21698d2da8eaa3d5f93b77a3fa215f45d64e7de9bc179df7f49713e42296ee6b0d0e4c24173c00135142d8e489650795c1ce02ea37fcab9127964a258ec85ab7c82c6f750b01a3d1b8039ddab0e6b590018963725e8204a54b3a751d2d47bb92b65355e38e42ef2961d0f452ef719a0815b37e3009a945424d84c87fe47e5e113f9e5125e1caf4557efa1426a26941271eb3c9a877a06770d2502c8311545519cb38044e08dd527db188a8483e1ccf20b380a85d814499682996f34ce7ce21a8de7663945033e749915290cc7a9949886187467ecb71e6d2fd7c21e9203f4b542f4402f01c331a5195e39ee42bb5a5e7999f7f13904e3b4c7d0a077b2ebc405616f88c8db81df0a84d314464217516fe8e34c6339f33107a58b0ad13e4f5c0025c99e551bceddf1054ef9b006b1bb8b581a53c02fbb917ee69b177aba96547e9dc027cdeef1528eb55e4eaf1f3e0598c2e3f184a7f106203238ac750f773bb65c714e2df574b621be9310e2f941d811c7a0747a3f568d1925151e7a77b0c3fbfb8a521f47be9bbf473bb3b1ea097e1d1a75adf9bc5d99893ab9a385daf9901e0bd83e777f08340be7e0b8c770751166d", 0x2000, &(0x7f0000000540)={&(0x7f00000003c0)={0x50, 0x0, 0x40000000, {0x7, 0x2d, 0x4, 0x2402100, 0x8, 0x4, 0x40000005, 0x3, 0x0, 0x0, 0x8, 0x8e60}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16.153788135s ago: executing program 0 (id=439): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0xfffffffc, @mcast2, 0x6}, 0x1c) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000024c0)='net/udplite\x00') readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/169, 0xa9}], 0x1) 15.983556272s ago: executing program 3 (id=441): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x38ad211, 0x0) mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x84000, 0x0) 15.737284507s ago: executing program 3 (id=443): syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file1\x00', 0x1000000, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) mount$overlay(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 15.551596462s ago: executing program 0 (id=444): r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) socket$rxrpc(0x21, 0x2, 0xa) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000000)={&(0x7f0000000140)=[{0x5, 0x200, 0x0, 0x0}, {0xffff, 0x6010, 0x0, 0x0}], 0x2}) 15.042394202s ago: executing program 32 (id=444): r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) socket$rxrpc(0x21, 0x2, 0xa) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000000)={&(0x7f0000000140)=[{0x5, 0x200, 0x0, 0x0}, {0xffff, 0x6010, 0x0, 0x0}], 0x2}) 15.022204765s ago: executing program 3 (id=448): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000240)="f2", 0x1, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) listen(r0, 0x8b25714e) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x4ff3913b, 0xca0, 0xffffffff}, 0x10) 14.799972576s ago: executing program 33 (id=448): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000240)="f2", 0x1, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) listen(r0, 0x8b25714e) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x4ff3913b, 0xca0, 0xffffffff}, 0x10) 8.820024449s ago: executing program 2 (id=485): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x1c4}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 8.070430087s ago: executing program 2 (id=489): socket$kcm(0x2, 0x1000000000000002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18) 6.600882247s ago: executing program 2 (id=497): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070400000900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002"], 0xe0}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 6.222341577s ago: executing program 2 (id=500): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) 5.985730603s ago: executing program 2 (id=503): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000780)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000140)=""/9, 0x9}, {&(0x7f0000000300)=""/225, 0xe1}], 0x2, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0) 4.978484821s ago: executing program 2 (id=512): pipe2(&(0x7f0000000580)={0xffffffffffffffff}, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.504285699s ago: executing program 34 (id=512): pipe2(&(0x7f0000000580)={0xffffffffffffffff}, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.479446449s ago: executing program 4 (id=527): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file2\x00', 0x3) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@volatile}], [], 0x2c}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x81) fsync(r0) 2.33115953s ago: executing program 4 (id=528): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x2, {{0x42, 0x2}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r2, &(0x7f00000000c0)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x2, {{0x42, 0x4}}}, 0x10, 0x0}, 0x4000044) 2.077174315s ago: executing program 4 (id=530): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='yeah', 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x1500) 1.807395238s ago: executing program 1 (id=531): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002440)=ANY=[@ANYBLOB="34000000090605000a00000000000000000000000900020073797a3000000000050001"], 0x34}}, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001240)={0x0, 0x0, 0x0}, 0x0) 1.618237254s ago: executing program 1 (id=532): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) keyctl$session_to_parent(0x12) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) 1.452160722s ago: executing program 1 (id=533): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000040)={0x10000}) 1.089171275s ago: executing program 4 (id=534): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)={0x14, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4000010) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 731.534298ms ago: executing program 4 (id=535): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x403, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd4000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f00000001c0)="f081550000a000000f0048180045000fbe252e8a094d36420f705626002e660f3a176a4b00b9800000c00f3267420f01c30f5966ba2c0cb8c087678eef66ba470f080ced45c194710a000000058a3bc4827dbcae009008f2", 0x58}], 0x1, 0x2b, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x2d, &(0x7f0000000000)=[@cr4={0x1, 0x9a0}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 533.143754ms ago: executing program 1 (id=536): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x2045}}) io_uring_enter(r1, 0x133d, 0x0, 0x8, 0x0, 0x0) ioctl$FE_SET_FRONTEND(r0, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x2, @qam={0x5, 0x1c, 0x1}}) 404.880806ms ago: executing program 1 (id=537): r0 = socket(0x2, 0x80805, 0x0) close(0x3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1e, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}]}, &(0x7f0000000640)=0x10) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) 209.131798ms ago: executing program 4 (id=538): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r0, &(0x7f0000000540)=""/88, 0x58) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 0s ago: executing program 1 (id=539): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x789}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000180)={&(0x7f00004ca000/0x1000)=nil, 0x1000}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. [ 84.121216][ T5816] cgroup: Unknown subsys name 'net' [ 84.240312][ T5816] cgroup: Unknown subsys name 'cpuset' [ 84.249700][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.918710][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.148196][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.158217][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.166654][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.179478][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.190717][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.290698][ T5151] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.299882][ T5151] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.308903][ T5151] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.317347][ T5151] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.325942][ T5151] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.376762][ T5151] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.385382][ T5151] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.393344][ T5151] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.404699][ T5151] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.413314][ T5151] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.451265][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.461014][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.469421][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.491589][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.500916][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.510249][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.518933][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.527681][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.528907][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.542987][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.091357][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 89.270306][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 89.440297][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 89.470996][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.478871][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.486433][ T5828] bridge_slave_0: entered allmulticast mode [ 89.494467][ T5828] bridge_slave_0: entered promiscuous mode [ 89.558726][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.566195][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.573528][ T5828] bridge_slave_1: entered allmulticast mode [ 89.582029][ T5828] bridge_slave_1: entered promiscuous mode [ 89.590076][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 89.624128][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 89.713887][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.721375][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.728970][ T5833] bridge_slave_0: entered allmulticast mode [ 89.737029][ T5833] bridge_slave_0: entered promiscuous mode [ 89.752132][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.790528][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.798060][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.805412][ T5833] bridge_slave_1: entered allmulticast mode [ 89.814170][ T5833] bridge_slave_1: entered promiscuous mode [ 89.829647][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.976247][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.983650][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.991120][ T5838] bridge_slave_0: entered allmulticast mode [ 89.999379][ T5838] bridge_slave_0: entered promiscuous mode [ 90.019015][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.034825][ T5828] team0: Port device team_slave_0 added [ 90.052282][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.060404][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.067908][ T5838] bridge_slave_1: entered allmulticast mode [ 90.075858][ T5838] bridge_slave_1: entered promiscuous mode [ 90.112731][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.126438][ T5828] team0: Port device team_slave_1 added [ 90.233353][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.240979][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.248658][ T5836] bridge_slave_0: entered allmulticast mode [ 90.257005][ T5836] bridge_slave_0: entered promiscuous mode [ 90.267876][ T5829] Bluetooth: hci0: command tx timeout [ 90.300574][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.308162][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.315615][ T5840] bridge_slave_0: entered allmulticast mode [ 90.323594][ T5840] bridge_slave_0: entered promiscuous mode [ 90.336982][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.351693][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.361583][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.369200][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.376667][ T5836] bridge_slave_1: entered allmulticast mode [ 90.384958][ T5836] bridge_slave_1: entered promiscuous mode [ 90.395151][ T5833] team0: Port device team_slave_0 added [ 90.403355][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.410593][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.436641][ T5829] Bluetooth: hci1: command tx timeout [ 90.442474][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.455860][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.463491][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.470908][ T5840] bridge_slave_1: entered allmulticast mode [ 90.479160][ T5840] bridge_slave_1: entered promiscuous mode [ 90.506963][ T5829] Bluetooth: hci2: command tx timeout [ 90.535368][ T5833] team0: Port device team_slave_1 added [ 90.542794][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.549825][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.575802][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.586486][ T5829] Bluetooth: hci4: command tx timeout [ 90.592624][ T5829] Bluetooth: hci3: command tx timeout [ 90.666839][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.680753][ T5838] team0: Port device team_slave_0 added [ 90.692505][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.721430][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.734053][ T5838] team0: Port device team_slave_1 added [ 90.744278][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.756600][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.763610][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.789881][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.847325][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.854330][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.880749][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.984466][ T5828] hsr_slave_0: entered promiscuous mode [ 90.992150][ T5828] hsr_slave_1: entered promiscuous mode [ 91.002960][ T5840] team0: Port device team_slave_0 added [ 91.010859][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.017933][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.043966][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.058857][ T5836] team0: Port device team_slave_0 added [ 91.097894][ T5840] team0: Port device team_slave_1 added [ 91.105256][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.112290][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.138263][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.153835][ T5836] team0: Port device team_slave_1 added [ 91.189719][ T5833] hsr_slave_0: entered promiscuous mode [ 91.197182][ T5833] hsr_slave_1: entered promiscuous mode [ 91.204160][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 91.210573][ T5833] Cannot create hsr debugfs directory [ 91.297067][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.304047][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.330112][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.359186][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.366226][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.392528][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.418402][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.425383][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.451752][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.497866][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.504972][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.530979][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.599711][ T5838] hsr_slave_0: entered promiscuous mode [ 91.607122][ T5838] hsr_slave_1: entered promiscuous mode [ 91.614110][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 91.619937][ T5838] Cannot create hsr debugfs directory [ 91.840508][ T5836] hsr_slave_0: entered promiscuous mode [ 91.847919][ T5836] hsr_slave_1: entered promiscuous mode [ 91.854742][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 91.860574][ T5836] Cannot create hsr debugfs directory [ 91.873288][ T5840] hsr_slave_0: entered promiscuous mode [ 91.880892][ T5840] hsr_slave_1: entered promiscuous mode [ 91.888039][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 91.893795][ T5840] Cannot create hsr debugfs directory [ 91.949466][ T43] cfg80211: failed to load regulatory.db [ 92.347608][ T5829] Bluetooth: hci0: command tx timeout [ 92.420252][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.434295][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.480663][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.507085][ T5829] Bluetooth: hci1: command tx timeout [ 92.518289][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.586342][ T5829] Bluetooth: hci2: command tx timeout [ 92.592585][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.612906][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.625973][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.642144][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.666585][ T5841] Bluetooth: hci4: command tx timeout [ 92.672257][ T5829] Bluetooth: hci3: command tx timeout [ 92.792952][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.821278][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.834692][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.848400][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.988150][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.023581][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.037269][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.062519][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.117370][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.172348][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.180083][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.208954][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.237476][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.264517][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.284954][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.326444][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.334051][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.360436][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.402357][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.409580][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.420341][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.427573][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.481064][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.488233][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.653797][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.709476][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.770228][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.809445][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.816710][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.883187][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.909222][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.916486][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.958635][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.965899][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.022858][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.030127][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.062140][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.200664][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.250199][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.268770][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.275969][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.316397][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.362936][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.370216][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.432297][ T5829] Bluetooth: hci0: command tx timeout [ 94.588173][ T5829] Bluetooth: hci1: command tx timeout [ 94.667178][ T5829] Bluetooth: hci2: command tx timeout [ 94.748230][ T5829] Bluetooth: hci3: command tx timeout [ 94.754240][ T5841] Bluetooth: hci4: command tx timeout [ 94.790658][ T5828] veth0_vlan: entered promiscuous mode [ 94.910055][ T5828] veth1_vlan: entered promiscuous mode [ 94.957904][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.022444][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.103963][ T5833] veth0_vlan: entered promiscuous mode [ 95.140483][ T5828] veth0_macvtap: entered promiscuous mode [ 95.163236][ T5828] veth1_macvtap: entered promiscuous mode [ 95.215355][ T5833] veth1_vlan: entered promiscuous mode [ 95.279904][ T5838] veth0_vlan: entered promiscuous mode [ 95.298293][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.317129][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.345005][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.381849][ T5838] veth1_vlan: entered promiscuous mode [ 95.399697][ T5836] veth0_vlan: entered promiscuous mode [ 95.414342][ T117] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.424308][ T117] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.448961][ T5833] veth0_macvtap: entered promiscuous mode [ 95.457268][ T117] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.468576][ T117] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.499040][ T5833] veth1_macvtap: entered promiscuous mode [ 95.549343][ T5836] veth1_vlan: entered promiscuous mode [ 95.616754][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.655562][ T5840] veth0_vlan: entered promiscuous mode [ 95.680912][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.702638][ T5838] veth0_macvtap: entered promiscuous mode [ 95.739146][ T117] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.780394][ T5838] veth1_macvtap: entered promiscuous mode [ 95.793640][ T117] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.802839][ T117] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.814665][ T5840] veth1_vlan: entered promiscuous mode [ 95.837908][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.851054][ T117] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.861729][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.895768][ T5836] veth0_macvtap: entered promiscuous mode [ 95.953984][ T5836] veth1_macvtap: entered promiscuous mode [ 95.979920][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.019498][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.030095][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.033164][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.078767][ T83] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.088325][ T83] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.136056][ T83] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.146418][ T83] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.176038][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.193604][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.216644][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.294620][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.325447][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.380000][ T5840] veth0_macvtap: entered promiscuous mode [ 96.398469][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.418344][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.457240][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.472918][ T5840] veth1_macvtap: entered promiscuous mode [ 96.502610][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.511577][ T5841] Bluetooth: hci0: command tx timeout [ 96.531501][ T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.549809][ T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.667197][ T5841] Bluetooth: hci1: command tx timeout [ 96.675851][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.691685][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.709486][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.746446][ T5841] Bluetooth: hci2: command tx timeout [ 96.753939][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.826888][ T5829] Bluetooth: hci3: command tx timeout [ 96.832458][ T5841] Bluetooth: hci4: command tx timeout [ 96.957773][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.967638][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.968054][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.984182][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.009016][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.018129][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.068139][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.092455][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.203616][ T117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.240239][ T117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.469228][ T117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.509556][ T117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.688154][ T117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.741152][ T117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.079311][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.118591][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.286887][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.450065][ T5990] loop4: detected capacity change from 0 to 2048 [ 99.485207][ T5990] ======================================================= [ 99.485207][ T5990] WARNING: The mand mount option has been deprecated and [ 99.485207][ T5990] and is ignored by this kernel. Remove the mand [ 99.485207][ T5990] option from the mount to silence this warning. [ 99.485207][ T5990] ======================================================= [ 99.639692][ T5990] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 99.731024][ T5990] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.901835][ T5981] loop1: detected capacity change from 0 to 32768 [ 99.971612][ T5981] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.16 (5981) [ 100.144967][ T5981] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 100.193330][ T5981] BTRFS info (device loop1): using crc32c checksum algorithm [ 100.268182][ T5997] netlink: 'syz.4.22': attribute type 4 has an invalid length. [ 100.288495][ T5986] loop0: detected capacity change from 0 to 32768 [ 100.305834][ T5997] netlink: 'syz.4.22': attribute type 4 has an invalid length. [ 100.450855][ T5981] BTRFS info (device loop1): enabling ssd optimizations [ 100.492918][ T5981] BTRFS info (device loop1): turning on flush-on-commit [ 100.511727][ T29] audit: type=1800 audit(1773312677.260:2): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file1" dev="loop0" ino=7 res=0 errno=0 [ 100.554830][ T5981] BTRFS info (device loop1): enabling free space tree [ 100.593125][ T5981] BTRFS info (device loop1): enabling auto defrag [ 100.605183][ T5981] BTRFS info (device loop1): use lzo compression, level 1 [ 100.613840][ T5981] BTRFS info (device loop1): max_inline set to 4096 [ 101.164883][ T5828] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 101.196377][ T6025] GUP no longer grows the stack in syz.3.28 (6025): 200000011000-200000018000 (20000000e000) [ 101.233889][ T6025] CPU: 1 UID: 0 PID: 6025 Comm: syz.3.28 Not tainted syzkaller #0 PREEMPT(full) [ 101.233926][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 101.233951][ T6025] Call Trace: [ 101.233963][ T6025] [ 101.233972][ T6025] dump_stack_lvl+0xe8/0x150 [ 101.234012][ T6025] __get_user_pages+0x2378/0x2720 [ 101.234057][ T6025] ? mtree_load+0x12a/0x780 [ 101.234091][ T6025] get_user_pages_remote+0x2f6/0xab0 [ 101.234119][ T6025] ? __pfx_mtree_load+0x10/0x10 [ 101.234147][ T6025] ? __pfx_get_user_pages_remote+0x10/0x10 [ 101.234175][ T6025] ? __access_remote_vm+0xa3/0x6f0 [ 101.234206][ T6025] ? __access_remote_vm+0x42c/0x6f0 [ 101.234241][ T6025] __access_remote_vm+0x222/0x6f0 [ 101.234292][ T6025] ? __pfx___access_remote_vm+0x10/0x10 [ 101.234327][ T6025] ? alloc_pages_noprof+0x13b/0x2a0 [ 101.234356][ T6025] proc_pid_cmdline_read+0x419/0x7f0 [ 101.234390][ T6025] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 101.234421][ T6025] ? rw_verify_area+0x2a6/0x4d0 [ 101.234446][ T6025] vfs_readv+0x587/0x840 [ 101.234475][ T6025] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 101.234506][ T6025] ? __pfx_vfs_readv+0x10/0x10 [ 101.234548][ T6025] ? __fget_files+0x2a/0x420 [ 101.234581][ T6025] ? __fget_files+0x3a0/0x420 [ 101.234609][ T6025] ? __fget_files+0x2a/0x420 [ 101.234646][ T6025] __x64_sys_preadv+0x19f/0x2a0 [ 101.234674][ T6025] ? __pfx___x64_sys_preadv+0x10/0x10 [ 101.234708][ T6025] do_syscall_64+0x14d/0xf80 [ 101.234732][ T6025] ? trace_irq_disable+0x3b/0x150 [ 101.234757][ T6025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.234779][ T6025] ? clear_bhb_loop+0x40/0x90 [ 101.234806][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.234826][ T6025] RIP: 0033:0x7f3fd739c799 [ 101.234855][ T6025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 101.234872][ T6025] RSP: 002b:00007f3fd81b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 101.234900][ T6025] RAX: ffffffffffffffda RBX: 00007f3fd7615fa0 RCX: 00007f3fd739c799 [ 101.234915][ T6025] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000003 [ 101.234926][ T6025] RBP: 00007f3fd7432c99 R08: 0000000000006a76 R09: 0000000000000000 [ 101.234939][ T6025] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 101.234950][ T6025] R13: 00007f3fd7616038 R14: 00007f3fd7615fa0 R15: 00007fff19540598 [ 101.234980][ T6025] [ 101.893890][ T990] IPVS: starting estimator thread 0... [ 101.968453][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.016207][ T6036] IPVS: using max 33 ests per chain, 79200 per kthread [ 102.134780][ T6040] netlink: 'syz.4.33': attribute type 1 has an invalid length. [ 102.178799][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 102.209240][ T10] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 102.236465][ T10] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 102.265240][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 102.299474][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 102.564136][ T6042] loop1: detected capacity change from 0 to 32768 [ 102.578479][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 102.588684][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 102.602135][ T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 102.611532][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.620427][ T6042] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.27 (6042) [ 102.653283][ T6042] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 102.663482][ T6042] BTRFS info (device loop1): using sha256 checksum algorithm [ 102.671194][ T6042] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 102.699020][ T10] usb 1-1: config 0 descriptor?? [ 102.791889][ T6042] BTRFS info (device loop1): rebuilding free space tree [ 102.824581][ T6042] BTRFS info (device loop1): disabling free space tree [ 102.831615][ T6042] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 102.841580][ T6042] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.860830][ T6042] BTRFS info (device loop1): enabling ssd optimizations [ 102.867920][ T6042] BTRFS info (device loop1): turning on async discard [ 102.874755][ T6042] BTRFS info (device loop1): enabling disk space caching [ 102.881886][ T6042] BTRFS info (device loop1): force clearing of disk cache [ 102.890450][ T6042] BTRFS info (device loop1): enabling auto defrag [ 102.897027][ T6042] BTRFS info (device loop1): force zlib compression, level 3 [ 102.961486][ T10] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 103.060762][ T10] usb 1-1: USB disconnect, device number 2 [ 103.148389][ T10] usblp0: removed [ 103.258350][ T5828] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 103.276163][ T13] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 103.538541][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 103.714404][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 103.745571][ T10] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 103.778779][ T10] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 103.814284][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 103.843242][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 103.876449][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 103.891195][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 103.920482][ T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 103.936997][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.987702][ T10] usb 1-1: config 0 descriptor?? [ 104.237095][ T10] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 104.489304][ T6075] loop3: detected capacity change from 0 to 32768 [ 104.524016][ T6075] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.40 (6075) [ 104.595944][ T43] usb 1-1: USB disconnect, device number 3 [ 104.686459][ T6075] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 104.719412][ T6075] BTRFS info (device loop3): using sha256 checksum algorithm [ 104.725843][ T43] usblp0: removed [ 105.015208][ T6075] BTRFS info (device loop3): enabling ssd optimizations [ 105.052217][ T6075] BTRFS info (device loop3): turning on async discard [ 105.059291][ T6075] BTRFS info (device loop3): enabling free space tree [ 105.149056][ T6075] overlayfs: failed to clone lowerpath [ 105.310185][ T5838] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 106.025606][ T6113] netlink: 16 bytes leftover after parsing attributes in process `syz.3.49'. [ 106.146679][ T6114] netlink: 16 bytes leftover after parsing attributes in process `syz.3.49'. [ 106.532041][ T6114] Zero length message leads to an empty skb [ 106.818765][ T6120] loop1: detected capacity change from 0 to 512 [ 106.965528][ T6120] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.51: bad orphan inode 11862016 [ 106.977310][ T6120] loop1: lost filesystem error report for type 5 error -117 [ 106.978291][ C0] EXT4-fs (loop1): initial error at time 1773312683: ext4_orphan_get:1417 [ 106.995651][ C0] EXT4-fs (loop1): last error at time 1773312683: ext4_orphan_get:1417 [ 107.011916][ T6120] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 107.030474][ T6120] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.487477][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 107.586014][ T6134] netlink: 104 bytes leftover after parsing attributes in process `syz.2.56'. [ 107.950853][ T6142] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.851737][ T55] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.970211][ T6145] loop1: detected capacity change from 0 to 32768 [ 108.991145][ T6156] loop2: detected capacity change from 0 to 1024 [ 109.051258][ T55] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.111241][ T6145] XFS (loop1): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 109.130910][ T55] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.212738][ T55] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 109.327189][ T55] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 109.430797][ T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.522198][ T55] usb 4-1: config 0 descriptor?? [ 109.573769][ T6169] loop0: detected capacity change from 0 to 164 [ 109.592261][ T6145] XFS (loop1): Starting recovery (logdev: internal) [ 109.604659][ T6169] iso9660: Unknown parameter 'icharset' [ 109.708968][ T6145] XFS (loop1): Ending recovery (logdev: internal) [ 109.936916][ T6145] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 110.011402][ T6145] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 110.038568][ T55] plantronics 0003:047F:FFFF.0001: reserved main item tag 0xd [ 110.057752][ T6145] XFS (loop1): Unmount and run xfs_repair [ 110.071846][ T6145] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 110.080316][ T6145] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 110.128942][ T6145] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40 .......... ....@ [ 110.150244][ T55] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 110.222427][ T6145] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 110.262501][ T6145] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 110.308364][ T55] usb 4-1: USB disconnect, device number 2 [ 110.351470][ T6145] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 110.399311][ T6145] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 110.419468][ T6176] fido_id[6176]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 110.429684][ T6145] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 110.461074][ T6145] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 110.491766][ T6145] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74 [ 110.601525][ T6145] XFS (loop1): page discard on page ffffea0001a31b00, inode 0x1d06, pos 2048. [ 110.643787][ T6145] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 110.662543][ T6145] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 110.675430][ T6145] XFS (loop1): Unmount and run xfs_repair [ 110.683870][ T6145] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 110.693579][ T6145] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 110.702985][ T6145] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40 .......... ....@ [ 110.712077][ T6145] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 110.741594][ T6145] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 110.750606][ T6145] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 110.759648][ T6145] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 110.775652][ T6145] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 110.784928][ T6145] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 110.795983][ T6145] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74 [ 110.814337][ T6145] XFS (loop1): page discard on page ffffea0001ce7780, inode 0x1d06, pos 4096. [ 110.824252][ T6145] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 110.839447][ T6145] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 110.862583][ T6145] XFS (loop1): Unmount and run xfs_repair [ 110.872862][ T43] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 110.891340][ T6145] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 110.899090][ T6145] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 110.933593][ T6145] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40 .......... ....@ [ 110.960760][ T6145] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 110.993167][ T6145] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 111.010952][ T6145] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 111.034046][ T6145] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 111.054258][ T6145] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 111.067720][ T43] usb 3-1: Using ep0 maxpacket: 16 [ 111.078531][ T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.095050][ T6145] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 111.105897][ T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 111.125232][ T6145] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74 [ 111.143104][ T43] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 111.156524][ T6145] XFS (loop1): page discard on page ffffea0001d8d780, inode 0x1d06, pos 8192. [ 111.167859][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.186842][ T43] usb 3-1: Product: syz [ 111.194673][ T6145] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 111.212493][ T43] usb 3-1: Manufacturer: syz [ 111.223529][ T43] usb 3-1: SerialNumber: syz [ 111.242547][ T6145] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 111.285639][ T43] usb 3-1: 0:2 : does not exist [ 111.293641][ T6145] XFS (loop1): Unmount and run xfs_repair [ 111.317004][ T6145] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 111.339840][ T6145] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 111.359317][ T6145] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40 .......... ....@ [ 111.378950][ T6145] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 111.405187][ T6175] loop4: detected capacity change from 0 to 40427 [ 111.415630][ T6145] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 111.434658][ T6145] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 111.444857][ T6175] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 111.456778][ T6175] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 111.465646][ T6145] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 111.477130][ T6145] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 111.486792][ T6145] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 111.501837][ T6175] F2FS-fs (loop4): invalid crc value [ 111.521498][ T43] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 111.630902][ T6145] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74 [ 111.688966][ T6145] XFS (loop1): page discard on page ffffea00019e4100, inode 0x1d06, pos 16384. [ 111.729918][ T6145] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 111.775416][ T43] usb 3-1: USB disconnect, device number 2 [ 111.795252][ T6145] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 111.846859][ T6182] loop0: detected capacity change from 0 to 40427 [ 111.855113][ T6145] XFS (loop1): Unmount and run xfs_repair [ 111.884575][ T5888] udevd[5888]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 111.910517][ T6145] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 111.921143][ T6182] F2FS-fs (loop0): build fault injection rate: 771 [ 111.931686][ T6175] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 111.949173][ T6182] F2FS-fs (loop0): invalid crc value [ 111.950872][ T6145] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 111.993503][ T6175] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 112.000916][ T6145] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40 .......... ....@ [ 112.020343][ T6175] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 112.039462][ T6145] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 112.050472][ T6145] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 112.061005][ T6145] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 112.070531][ T6145] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 112.092330][ T6145] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 112.123275][ T6145] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 112.157817][ T6145] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74 [ 112.210648][ T6145] XFS (loop1): page discard on page ffffea00019e5000, inode 0x1d06, pos 32768. [ 112.252511][ T6145] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 112.299021][ T6145] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 112.360570][ T6145] XFS (loop1): Unmount and run xfs_repair [ 112.386591][ T6145] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 112.423859][ T6145] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 112.435840][ T6182] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 112.459831][ T6145] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40 .......... ....@ [ 112.488752][ T6182] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 112.491613][ T6145] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 112.542585][ T6145] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 112.562550][ T6145] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 112.581366][ T6145] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 112.606645][ T6145] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 112.627246][ T6145] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 112.652883][ T6145] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x2b0/0x490" at daddr 0x4 len 4 error 74 [ 112.687137][ T6145] XFS (loop1): page discard on page ffffea0001a4b340, inode 0x1d06, pos 65536. [ 112.706510][ T6208] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=10, npages=11 [ 112.719493][ T10] loop1: writeback error on inode 7430, offset 0, sector 14980 [ 112.746365][ T6182] syz.0.70: attempt to access beyond end of device [ 112.746365][ T6182] loop0: rw=2049, sector=45096, nr_sectors = 88 limit=40427 [ 113.224411][ T5828] XFS (loop1): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 113.318974][ T5828] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [ 113.351664][ T5836] syz-executor: attempt to access beyond end of device [ 113.351664][ T5836] loop0: rw=2049, sector=45184, nr_sectors = 8 limit=40427 [ 113.402896][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 113.402924][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 113.402935][ T5836] Call Trace: [ 113.402943][ T5836] [ 113.402951][ T5836] dump_stack_lvl+0xe8/0x150 [ 113.402986][ T5836] f2fs_handle_critical_error+0x37c/0x540 [ 113.403017][ T5836] f2fs_write_end_io+0x1274/0x1740 [ 113.403069][ T5836] __submit_merged_bio+0x256/0x700 [ 113.403122][ T5836] __submit_merged_write_cond+0x3c9/0x4e0 [ 113.403158][ T5836] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 113.403204][ T5836] f2fs_write_data_pages+0x287e/0x34f0 [ 113.403272][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 113.403345][ T5836] ? kernel_text_address+0xa5/0xe0 [ 113.403371][ T5836] ? __kernel_text_address+0xd/0x30 [ 113.403395][ T5836] ? __bfs+0x153/0x290 [ 113.403409][ T5836] ? __pfx_hlock_conflict+0x10/0x10 [ 113.403452][ T5836] ? lockdep_unlock+0x5d/0xd0 [ 113.403476][ T5836] ? __lock_acquire+0x146e/0x2cf0 [ 113.403532][ T5836] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 113.403563][ T5836] do_writepages+0x32e/0x550 [ 113.403600][ T5836] ? do_raw_spin_unlock+0xf5/0x210 [ 113.403632][ T5836] filemap_fdatawrite+0x1e9/0x2f0 [ 113.403662][ T5836] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 113.403740][ T5836] ? do_raw_spin_unlock+0xf5/0x210 [ 113.403772][ T5836] f2fs_sync_dirty_inodes+0x30e/0x860 [ 113.403820][ T5836] f2fs_write_checkpoint+0x9df/0x26a0 [ 113.403893][ T5836] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 113.403973][ T5836] ? kfree+0x1c5/0x640 [ 113.404000][ T5836] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 113.404032][ T5836] kill_f2fs_super+0x314/0x720 [ 113.404071][ T5836] ? __pfx_kill_f2fs_super+0x10/0x10 [ 113.404128][ T5836] ? lockdep_hardirqs_on+0x7a/0x110 [ 113.404168][ T5836] deactivate_locked_super+0xbc/0x130 [ 113.404202][ T5836] cleanup_mnt+0x437/0x4d0 [ 113.404222][ T5836] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.404258][ T5836] task_work_run+0x1d9/0x270 [ 113.404289][ T5836] ? __pfx_task_work_run+0x10/0x10 [ 113.404329][ T5836] exit_to_user_mode_loop+0xed/0x480 [ 113.404358][ T5836] ? rcu_is_watching+0x15/0xb0 [ 113.404384][ T5836] do_syscall_64+0x32d/0xf80 [ 113.404404][ T5836] ? trace_irq_disable+0x3b/0x150 [ 113.404428][ T5836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.404450][ T5836] ? clear_bhb_loop+0x40/0x90 [ 113.404476][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.404497][ T5836] RIP: 0033:0x7f9b9859d9d7 [ 113.404517][ T5836] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 113.404533][ T5836] RSP: 002b:00007ffd501fdd58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 113.404555][ T5836] RAX: 0000000000000000 RBX: 00007f9b98632050 RCX: 00007f9b9859d9d7 [ 113.404568][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd501fde10 [ 113.404580][ T5836] RBP: 00007ffd501fde10 R08: 00007ffd501fee10 R09: 00000000ffffffff [ 113.404592][ T5836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd501feea0 [ 113.404604][ T5836] R13: 00007f9b98632050 R14: 000000000001b8c6 R15: 00007ffd501feee0 [ 113.404641][ T5836] [ 113.489900][ T5836] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 115.328354][ T6270] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.337879][ T6270] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.862513][ T6270] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.911010][ T6270] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.021143][ T6288] loop3: detected capacity change from 0 to 512 [ 116.063127][ T6288] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 116.080809][ T6290] netlink: 'syz.0.92': attribute type 4 has an invalid length. [ 116.107320][ T6290] netlink: 152 bytes leftover after parsing attributes in process `syz.0.92'. [ 116.169086][ T6288] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.215539][ T6288] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 116.408196][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.502376][ T6290] .`: renamed from bond0 (while UP) [ 116.547287][ T83] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.600216][ T83] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.637715][ T83] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.673782][ T83] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.017058][ T990] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 117.200237][ T990] usb 5-1: Using ep0 maxpacket: 16 [ 117.226456][ T990] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 117.244268][ T990] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 117.262530][ T990] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 117.277410][ T990] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.287471][ T990] usb 5-1: Product: syz [ 117.296296][ T990] usb 5-1: Manufacturer: syz [ 117.302790][ T990] usb 5-1: SerialNumber: syz [ 117.366149][ T990] usb 5-1: 0:2 : does not exist [ 117.565626][ T990] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 117.774041][ T990] usb 5-1: USB disconnect, device number 2 [ 117.940061][ T5888] udevd[5888]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 118.089618][ T5977] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 118.251499][ T5977] usb 4-1: Using ep0 maxpacket: 8 [ 118.267729][ T5977] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 118.293030][ T5977] usb 4-1: config 0 has no interface number 0 [ 118.321785][ T5977] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 118.354406][ T5977] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 118.380967][ T5977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.423899][ T5977] usb 4-1: config 0 descriptor?? [ 118.469520][ T5977] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 118.734857][ T6321] loop0: detected capacity change from 0 to 32768 [ 118.801953][ T6321] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 118.984907][ T6321] XFS (loop0): Ending clean mount [ 119.105519][ T6321] XFS (loop0): Quotacheck needed: Please wait. [ 119.125279][ T6345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.112'. [ 119.260978][ T6321] XFS (loop0): Quotacheck: Done. [ 119.291440][ T6348] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.358900][ T6349] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.629627][ T5836] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 119.752787][ T990] usb 4-1: USB disconnect, device number 3 [ 120.108890][ T6355] netlink: 4 bytes leftover after parsing attributes in process `syz.2.116'. [ 120.153546][ T6355] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.259417][ T6355] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.307511][ T6361] vivid-004: disconnect [ 120.345351][ T6361] vivid-004: reconnect [ 120.490495][ T6365] netlink: 'syz.3.119': attribute type 12 has an invalid length. [ 120.530185][ T6364] option changes via remount are deprecated (pid=6363 comm=syz.0.120) [ 120.539139][ T6365] netlink: 'syz.3.119': attribute type 29 has an invalid length. [ 120.554434][ T6365] netlink: 'syz.3.119': attribute type 1 has an invalid length. [ 120.562956][ T6365] netlink: 'syz.3.119': attribute type 37 has an invalid length. [ 120.583401][ T6365] netlink: 80 bytes leftover after parsing attributes in process `syz.3.119'. [ 120.605082][ T6365] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.718075][ T6369] netlink: 16 bytes leftover after parsing attributes in process `syz.0.122'. [ 121.374501][ T6367] loop4: detected capacity change from 0 to 32768 [ 121.429060][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.128'. [ 121.504053][ T6367] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 121.586876][ T990] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 121.778645][ T990] usb 3-1: Using ep0 maxpacket: 32 [ 121.790479][ T5833] ocfs2: Unmounting device (7,4) on (node local) [ 121.802719][ T990] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 121.840659][ T990] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 121.883089][ T990] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 121.915243][ T990] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 121.938746][ T6397] option changes via remount are deprecated (pid=6395 comm=syz.1.132) [ 121.950775][ T990] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 121.976196][ T990] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 122.022100][ T990] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 122.061749][ T990] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.129807][ T990] usb 3-1: config 0 descriptor?? [ 122.296724][ T6407] netlink: 'syz.1.134': attribute type 9 has an invalid length. [ 122.336165][ T6407] netlink: 'syz.1.134': attribute type 11 has an invalid length. [ 122.350366][ T6407] netlink: 'syz.1.134': attribute type 12 has an invalid length. [ 122.369694][ T6407] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.134'. [ 122.411855][ T990] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 122.433412][ T6407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.134'. [ 122.473616][ T990] usb 3-1: USB disconnect, device number 3 [ 122.515576][ T990] usblp0: removed [ 122.711876][ T6416] netlink: 'syz.1.138': attribute type 9 has an invalid length. [ 122.725722][ T6416] netlink: 'syz.1.138': attribute type 11 has an invalid length. [ 122.740876][ T6416] netlink: 'syz.1.138': attribute type 12 has an invalid length. [ 122.752406][ T6416] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.138'. [ 122.767695][ T6416] netlink: 4 bytes leftover after parsing attributes in process `syz.1.138'. [ 122.942283][ T990] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 123.033009][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.142'. [ 123.122284][ T990] usb 3-1: Using ep0 maxpacket: 32 [ 123.143390][ T990] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 123.169326][ T990] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 123.193540][ T990] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 123.219818][ T990] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 123.230158][ T990] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 123.251509][ T990] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 123.280761][ T990] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 123.307796][ T990] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.339053][ T990] usb 3-1: config 0 descriptor?? [ 123.562566][ T990] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 123.789123][ T6429] loop4: detected capacity change from 0 to 32768 [ 123.824014][ T990] usb 3-1: USB disconnect, device number 4 [ 123.841707][ T6429] [ 123.841707][ T6429] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 123.841707][ T6429] [ 123.870070][ T990] usblp0: removed [ 124.011873][ T6429] ERROR: (device loop4): diWrite: ixpxd invalid [ 124.011873][ T6429] [ 124.056090][ T6429] ERROR: (device loop4): txCommit: [ 124.056090][ T6429] [ 124.094316][ T6429] [ 124.094316][ T6429] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.094316][ T6429] [ 124.135280][ T6429] [ 124.135280][ T6429] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.135280][ T6429] [ 124.200485][ T6429] read_mapping_page failed! [ 124.208900][ T6429] ERROR: (device loop4): txCommit: [ 124.208900][ T6429] [ 124.288352][ T83] ERROR: (device loop4): diWrite: ixpxd invalid [ 124.288352][ T83] [ 124.310112][ T83] ERROR: (device loop4): txCommit: [ 124.310112][ T83] [ 124.330173][ T83] jfs_write_inode: jfs_commit_inode failed! [ 124.359273][ T5833] [ 124.359273][ T5833] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.359273][ T5833] [ 124.388291][ T5833] [ 124.388291][ T5833] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.388291][ T5833] [ 124.791699][ T6458] process 'syz.3.157' launched '/dev/fd/4' with NULL argv: empty string added [ 125.079388][ T6469] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.160'. [ 125.183615][ T804] libceph: connect (1)[c::]:6789 error -101 [ 125.232116][ T804] libceph: mon0 (1)[c::]:6789 connect error [ 125.267488][ T804] libceph: connect (1)[c::]:6789 error -101 [ 125.296535][ T804] libceph: mon0 (1)[c::]:6789 connect error [ 125.572413][ T804] libceph: connect (1)[c::]:6789 error -101 [ 125.601913][ T804] libceph: mon0 (1)[c::]:6789 connect error [ 125.809701][ T6465] ceph: No mds server is up or the cluster is laggy [ 125.830761][ T6492] loop1: detected capacity change from 0 to 1024 [ 126.033685][ T6495] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 126.054808][ T6495] overlayfs: failed to set xattr on upper [ 126.082655][ T6495] overlayfs: ...falling back to redirect_dir=nofollow. [ 126.095477][ T6495] overlayfs: ...falling back to index=off. [ 126.493690][ T6506] loop4: detected capacity change from 0 to 512 [ 126.521482][ T6500] syz.2.171 uses obsolete (PF_INET,SOCK_PACKET) [ 126.547286][ T83] hfsplus: bad catalog file entry [ 126.571006][ T83] hfsplus: b-tree write err: -5, ino 3 [ 126.704351][ T6506] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.732664][ T6506] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 126.862389][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.883343][ T6512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.176'. [ 126.899783][ T6511] veth0_vlan: entered allmulticast mode [ 127.158294][ T6516] 9pnet: p9_errstr2errno: server reported unknown error p [ 127.372798][ T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 127.490993][ T6530] loop0: detected capacity change from 0 to 512 [ 127.546266][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 127.575161][ T10] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.614524][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 127.632180][ T10] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 127.662226][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.724169][ T10] usb 3-1: config 0 descriptor?? [ 127.799281][ T6534] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.186'. [ 127.959971][ T6536] loop0: detected capacity change from 0 to 8192 [ 128.272941][ T10] nzxt-smart2 0003:1E71:2009.0002: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 128.637846][ T6554] capability: warning: `syz.4.193' uses deprecated v2 capabilities in a way that may be insecure [ 128.747224][ T43] usb 3-1: USB disconnect, device number 5 [ 129.668711][ T990] IPVS: starting estimator thread 0... [ 129.792475][ T6570] IPVS: using max 29 ests per chain, 69600 per kthread [ 130.298675][ T6560] loop1: detected capacity change from 0 to 40427 [ 130.314520][ T6560] F2FS-fs: heap/no_heap options were deprecated [ 130.365247][ T6560] F2FS-fs (loop1): Image doesn't support compression [ 130.402229][ T6560] F2FS-fs (loop1): invalid crc value [ 130.684239][ T6560] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 130.713810][ T6560] F2FS-fs (loop1): Start checkpoint disabled! [ 130.804660][ T6560] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 130.827115][ T6560] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 131.088620][ T35] kworker/u8:2: attempt to access beyond end of device [ 131.088620][ T35] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 131.137135][ T35] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 131.137163][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 131.137176][ T35] Workqueue: writeback wb_workfn (flush-7:1) [ 131.137215][ T35] Call Trace: [ 131.137223][ T35] [ 131.137232][ T35] dump_stack_lvl+0xe8/0x150 [ 131.137267][ T35] f2fs_handle_critical_error+0x37c/0x540 [ 131.137300][ T35] f2fs_write_end_io+0x1274/0x1740 [ 131.137353][ T35] __submit_merged_bio+0x256/0x700 [ 131.137386][ T35] __submit_merged_write_cond+0x3c9/0x4e0 [ 131.137422][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 131.137474][ T35] f2fs_write_data_pages+0x287e/0x34f0 [ 131.137546][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.137621][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 131.137660][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 131.137717][ T35] ? unwind_next_frame+0xa5/0x23c0 [ 131.137757][ T35] ? unwind_next_frame+0xa5/0x23c0 [ 131.137777][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.137809][ T35] do_writepages+0x32e/0x550 [ 131.137841][ T35] ? reacquire_held_locks+0x104/0x190 [ 131.137863][ T35] ? writeback_sb_inodes+0x477/0x1a20 [ 131.137896][ T35] __writeback_single_inode+0x133/0x11a0 [ 131.137925][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 131.137957][ T35] writeback_sb_inodes+0x992/0x1a20 [ 131.138014][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 131.138039][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 131.138107][ T35] ? rcu_is_watching+0x15/0xb0 [ 131.138139][ T35] wb_writeback+0x456/0xb70 [ 131.138169][ T35] ? queue_io+0x231/0x4a0 [ 131.138204][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 131.138227][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 131.138271][ T35] wb_workfn+0x414/0xf50 [ 131.138295][ T35] ? look_up_lock_class+0x57/0x110 [ 131.138331][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 131.138357][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 131.138385][ T35] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 131.138435][ T35] ? process_one_work+0x8bb/0x1780 [ 131.138465][ T35] process_one_work+0x9ab/0x1780 [ 131.138520][ T35] ? __pfx_process_one_work+0x10/0x10 [ 131.138547][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 131.138598][ T35] worker_thread+0xb49/0x1140 [ 131.138647][ T35] kthread+0x388/0x470 [ 131.138742][ T35] ? __pfx_worker_thread+0x10/0x10 [ 131.138805][ T35] ? __pfx_kthread+0x10/0x10 [ 131.138833][ T35] ret_from_fork+0x51e/0xb90 [ 131.138866][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 131.138894][ T35] ? __switch_to+0xc7d/0x1450 [ 131.138925][ T35] ? __pfx_kthread+0x10/0x10 [ 131.138951][ T35] ret_from_fork_asm+0x1a/0x30 [ 131.138993][ T35] [ 131.139772][ T35] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 131.529421][ T29] audit: type=1326 audit(1773312707.839:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8839c799 code=0x7fc00000 [ 132.011542][ T29] audit: type=1326 audit(1773312708.327:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5e8839c799 code=0x7fc00000 [ 132.414111][ T6628] loop6: detected capacity change from 0 to 2640 [ 132.431682][ T5888] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.442252][ T5888] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.450151][ T5888] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.458229][ T5888] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.470818][ T5888] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.485625][ T6629] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 132.517205][ T5888] Buffer I/O error on dev loop6, logical block 1, async page read [ 132.526506][ T5888] Dev loop6: unable to read RDB block 8 [ 132.532512][ T5888] Buffer I/O error on dev loop6, logical block 3, async page read [ 132.540580][ T5888] loop6: unable to read partition table [ 132.569022][ T6628] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.591824][ T6628] Buffer I/O error on dev loop6, logical block 0, async page read [ 132.610576][ T6628] ldm_validate_partition_table(): Disk read failed. [ 132.634891][ T6628] Dev loop6: unable to read RDB block 0 [ 132.668055][ T6628] loop6: unable to read partition table [ 132.701150][ T6628] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 132.717121][ T55] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 132.893480][ T55] usb 4-1: Using ep0 maxpacket: 8 [ 132.907147][ T55] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 132.932434][ T55] usb 4-1: config 0 has no interface number 0 [ 132.962513][ T55] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 133.004933][ T55] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 133.047557][ T55] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 133.083064][ T6644] syzkaller1: entered promiscuous mode [ 133.093335][ T55] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 133.096973][ T6644] syzkaller1: entered allmulticast mode [ 133.134875][ T6645] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 133.148988][ T55] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 133.178735][ T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.257644][ T55] usb 4-1: config 0 descriptor?? [ 133.324212][ T55] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 133.353428][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.363010][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.601789][ T6652] input: syz0 as /devices/virtual/input/input6 [ 133.644193][ T55] usb 4-1: USB disconnect, device number 4 [ 133.644416][ C1] ldusb 4-1:0.55: usb_submit_urb failed (-19) [ 133.706495][ T55] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 133.933074][ T6661] netlink: 'syz.0.231': attribute type 22 has an invalid length. [ 134.540427][ T6664] loop0: detected capacity change from 0 to 32768 [ 135.602112][ T6684] loop2: detected capacity change from 0 to 32768 [ 135.671546][ T6684] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.242 (6684) [ 135.726732][ T6692] netlink: 'syz.3.244': attribute type 1 has an invalid length. [ 135.746454][ T6684] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 135.770070][ T6692] netlink: 'syz.3.244': attribute type 4 has an invalid length. [ 135.784694][ T6684] BTRFS info (device loop2): using blake2b checksum algorithm [ 135.805878][ T6692] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.244'. [ 136.025403][ T6684] BTRFS info (device loop2): enabling ssd optimizations [ 136.078441][ T6684] BTRFS info (device loop2): turning on async discard [ 136.089772][ T6709] loop5: detected capacity change from 0 to 7 [ 136.129343][ T6684] BTRFS info (device loop2): enabling free space tree [ 136.143544][ T6684] BTRFS info (device loop2): use zstd compression, level 3 [ 136.156411][ T6709] Dev loop5: unable to read RDB block 7 [ 136.185534][ T6709] loop5: unable to read partition table [ 136.201057][ T29] audit: type=1800 audit(1773312712.499:5): pid=6684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.242" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 136.222996][ T6709] loop5: partition table beyond EOD, truncated [ 136.250438][ T6709] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 136.499083][ T804] libceph: connect (1)[c::]:6789 error -101 [ 136.509503][ T6717] ceph: No mds server is up or the cluster is laggy [ 136.555217][ T804] libceph: mon0 (1)[c::]:6789 connect error [ 136.947951][ T5840] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 137.416355][ T29] audit: type=1326 audit(1773312713.715:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6731 comm="syz.0.255" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9b9859c799 code=0x0 [ 137.502644][ T6740] netlink: 'syz.4.257': attribute type 1 has an invalid length. [ 137.510692][ T6740] netlink: 'syz.4.257': attribute type 4 has an invalid length. [ 137.518976][ T6740] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.257'. [ 137.650087][ T6742] loop4: detected capacity change from 0 to 512 [ 140.164587][ T6806] Illegal XDP return value 2209784946 on prog (id 18) dev syz_tun, expect packet loss! [ 141.272902][ T804] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 141.326600][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 141.452412][ T804] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 141.462148][ T804] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.470779][ T804] usb 4-1: Product: syz [ 141.475512][ T804] usb 4-1: Manufacturer: syz [ 141.480183][ T804] usb 4-1: SerialNumber: syz [ 141.523660][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 141.536221][ T10] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 141.553812][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 141.573782][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 141.607078][ T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 141.623908][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.643838][ T10] usb 2-1: Product: syz [ 141.648091][ T10] usb 2-1: Manufacturer: syz [ 141.652706][ T10] usb 2-1: SerialNumber: syz [ 141.683976][ T10] usb 2-1: 0:2 : does not exist [ 141.903376][ T804] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 141.916115][ T804] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 142.545800][ T10] usb 2-1: USB disconnect, device number 2 [ 142.574888][ T804] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPROTO [ 142.608450][ T804] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 142.627067][ T804] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 142.689837][ T6187] udevd[6187]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 142.718237][ T804] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 142.812422][ T804] usb 4-1: USB disconnect, device number 5 [ 143.283801][ T6841] block nbd2: shutting down sockets [ 143.748997][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 143.928880][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 143.959515][ T10] usb 5-1: config 1 interface 0 has no altsetting 0 [ 143.983391][ T10] usb 5-1: string descriptor 0 read error: -22 [ 143.992612][ T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.40 [ 144.006676][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.117391][ T6873] netlink: 'syz.3.310': attribute type 8 has an invalid length. [ 144.130768][ T6873] netlink: 4 bytes leftover after parsing attributes in process `syz.3.310'. [ 144.155413][ T6873] bond0: entered promiscuous mode [ 144.160977][ T6873] bond_slave_0: entered promiscuous mode [ 144.167414][ T6873] bond_slave_1: entered promiscuous mode [ 144.181446][ T6873] gretap0: entered promiscuous mode [ 144.193886][ T6873] bond0: left promiscuous mode [ 144.200490][ T6873] bond_slave_0: left promiscuous mode [ 144.206544][ T6873] bond_slave_1: left promiscuous mode [ 144.222012][ T6873] gretap0: left promiscuous mode [ 144.444972][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.455222][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.466267][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.473660][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.485815][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.494100][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.504959][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.517365][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.540719][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.553070][ T10] kone 0003:1E7D:2CED.0003: unknown main item tag 0x0 [ 144.574043][ T6882] loop1: detected capacity change from 0 to 128 [ 144.639336][ T6882] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 144.658129][ T10] kone 0003:1E7D:2CED.0003: hidraw0: USB HID v0.05 Device [HID 1e7d:2ced] on usb-dummy_hcd.4-1/input0 [ 144.684284][ T10] kone 0003:1E7D:2CED.0003: couldn't init struct kone_device [ 144.691961][ T10] kone 0003:1E7D:2CED.0003: couldn't install mouse [ 144.703342][ T10] kone 0003:1E7D:2CED.0003: probe with driver kone failed with error -5 [ 144.715708][ T6882] ext4 filesystem being mounted at /47/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 144.725143][ T10] usb 5-1: USB disconnect, device number 3 [ 144.751411][ T5977] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 144.817929][ T6882] EXT4-fs error (device loop1): ext4_check_dx_root:2201: inode #2: comm syz.1.314: Corrupt dir, invalid name for '.', running e2fsck is recommended [ 144.846102][ T6882] EXT4-fs (loop1): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 144.877932][ T6885] fido_id[6885]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 144.942590][ T5977] usb 4-1: Using ep0 maxpacket: 16 [ 144.960357][ T5828] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 144.970110][ T6878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.989483][ T6878] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.989680][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807e649800: rx timeout, send abort [ 145.009691][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807e649800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 145.061679][ T5841] Bluetooth: hci3: Unknown advertising packet type: 0x30 [ 145.062111][ T5841] Bluetooth: hci3: adv larger than maximum supported [ 145.072355][ T5841] Bluetooth: hci3: Malformed LE Event: 0x0d [ 145.086621][ T5977] usb 4-1: unable to get BOS descriptor or descriptor too short [ 145.103551][ T5977] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 145.112537][ T5977] usb 4-1: can't read configurations, error -71 [ 145.381425][ T6893] loop4: detected capacity change from 0 to 512 [ 145.395857][ T6880] loop0: detected capacity change from 0 to 32768 [ 145.405043][ T6893] EXT4-fs (loop4): Test dummy encryption mode enabled [ 145.416471][ T6893] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 145.440626][ T6880] (syz.0.313,6880,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 145.457993][ T6893] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 145.481394][ T6880] (syz.0.313,6880,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 145.506600][ T6893] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.318: bad orphan inode 131083 [ 145.530043][ T6893] loop4: lost filesystem error report for type 5 error -117 [ 145.533120][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 145.547016][ C0] EXT4-fs (loop4): initial error at time 1773312721: ext4_orphan_get:1417 [ 145.555616][ C0] EXT4-fs (loop4): last error at time 1773312721: ext4_orphan_get:1417 [ 145.608791][ T6880] JBD2: Ignoring recovery information on journal [ 145.620957][ T6893] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.695567][ T6893] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 145.878488][ T6880] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 145.967803][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.423911][ T6916] loop5: detected capacity change from 0 to 7 [ 146.739304][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 146.878236][ T5836] ocfs2: Unmounting device (7,0) on (node local) [ 146.943189][ T6916] Dev loop5: unable to read RDB block 7 [ 146.949760][ T10] usb 2-1: config 0 has no interfaces? [ 146.951221][ T6916] loop5: unable to read partition table [ 146.961469][ T6916] loop5: partition table beyond EOD, truncated [ 146.968315][ T6916] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 146.989424][ T10] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 147.024164][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.070498][ T10] usb 2-1: Product: syz [ 147.098344][ T10] usb 2-1: Manufacturer: syz [ 147.104554][ T10] usb 2-1: SerialNumber: syz [ 147.132181][ T10] usb 2-1: config 0 descriptor?? [ 147.250341][ T6931] netlink: 'syz.2.331': attribute type 3 has an invalid length. [ 147.397506][ T6916] I/O error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2 [ 147.424737][ T6916] buffer_io_error: 19 callbacks suppressed [ 147.424755][ T6916] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 147.463507][ T990] usb 2-1: USB disconnect, device number 3 [ 147.639302][ T6945] block nbd4: shutting down sockets [ 148.212008][ T6968] loop4: detected capacity change from 0 to 1024 [ 148.305088][ T6968] hfsplus: b-tree write err: -5, ino 2 [ 148.447639][ T83] hfsplus: b-tree write err: -5, ino 25 [ 148.465705][ T83] hfsplus: b-tree write err: -5, ino 4 [ 148.483454][ T83] hfsplus: b-tree write err: -5, ino 2 [ 148.498843][ T83] hfsplus: b-tree write err: -5, ino 26 [ 148.638265][ T6978] loop4: detected capacity change from 0 to 64 [ 148.786942][ T29] audit: type=1800 audit(1773312725.057:7): pid=6978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.349" name="file1" dev="loop4" ino=22 res=0 errno=0 [ 148.937443][ T6978] syz.4.349: attempt to access beyond end of device [ 148.937443][ T6978] loop4: rw=8423425, sector=57, nr_sectors = 8 limit=64 [ 149.671864][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 149.869982][ T6998] loop0: detected capacity change from 0 to 64 [ 149.885974][ T9] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 149.911131][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.931573][ T9] usb 3-1: Product: syz [ 149.940244][ T6998] hfs: request for non-existent node 65538 in B*Tree [ 149.948766][ T6998] hfs: request for non-existent node 65538 in B*Tree [ 149.955889][ T6998] hfs: fail to find leaf node: node ID 65538 [ 149.961405][ T9] usb 3-1: Manufacturer: syz [ 149.981913][ T9] usb 3-1: SerialNumber: syz [ 150.005668][ T9] usb 3-1: config 0 descriptor?? [ 150.036763][ T9] hub 3-1:0.0: bad descriptor, ignoring hub [ 150.056779][ T9] hub 3-1:0.0: probe with driver hub failed with error -5 [ 150.078536][ T7000] pim6reg: entered allmulticast mode [ 150.093918][ T7000] syz_tun: entered allmulticast mode [ 150.101389][ T7000] pim6reg: left allmulticast mode [ 150.106900][ T7000] syz_tun: left allmulticast mode [ 150.231765][ T9] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 150.340850][ T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 150.371407][ T9] dib0700: firmware download failed at 7 with -22 [ 150.439909][ T9] usb 3-1: USB disconnect, device number 6 [ 151.518909][ T7029] loop2: detected capacity change from 0 to 4096 [ 151.535538][ T7031] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 151.579396][ T7035] input: syz0 as /devices/virtual/input/input7 [ 151.649627][ T5977] hid_parser_main: 4007 callbacks suppressed [ 151.649649][ T5977] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 151.771175][ T5977] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 151.977094][ T5977] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 152.027461][ T5977] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 152.386741][ T7034] hid-generic 0000:0000:0000.0004: pid 7034 passed too short report [ 152.819252][ T7053] netlink: 44 bytes leftover after parsing attributes in process `syz.0.379'. [ 152.872614][ T7053] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.881032][ T7053] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.908086][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.2.378'. [ 152.934385][ T7058] netlink: 44 bytes leftover after parsing attributes in process `syz.0.379'. [ 153.124866][ T7056] team0: Port device team_slave_0 removed [ 153.381179][ T7067] loop0: detected capacity change from 0 to 1024 [ 153.407061][ T7067] EXT4-fs: Ignoring removed nomblk_io_submit option [ 153.459163][ T7067] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.597407][ T29] audit: type=1800 audit(1773312729.860:8): pid=7067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.383" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 153.789973][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.514718][ T7091] loop2: detected capacity change from 0 to 32768 [ 154.526028][ T7091] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.393 (7091) [ 154.626510][ T7091] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 154.636916][ T7091] BTRFS info (device loop2): using xxhash64 checksum algorithm [ 154.644550][ T7091] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 154.803917][ T7091] BTRFS info (device loop2): rebuilding free space tree [ 154.879733][ T7091] BTRFS info (device loop2): disabling free space tree [ 154.886777][ T7091] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 154.897099][ T7091] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 154.921109][ T7091] BTRFS info (device loop2): setting nodatasum [ 154.927401][ T7091] BTRFS info (device loop2): allowing degraded mounts [ 154.934213][ T7091] BTRFS info (device loop2): turning on async discard [ 154.941081][ T7091] BTRFS info (device loop2): enabling disk space caching [ 154.948206][ T7091] BTRFS info (device loop2): force clearing of disk cache [ 154.955362][ T7091] BTRFS info (device loop2): force zlib compression, level 3 [ 155.094099][ T7091] BTRFS info (device loop2): balance: start -s [ 155.111654][ T7091] BTRFS info (device loop2): relocating block group 1048576 flags system [ 155.152335][ T7091] BTRFS info (device loop2): balance: ended with status: 0 [ 155.284277][ T5840] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 155.716619][ T7130] netlink: 68 bytes leftover after parsing attributes in process `syz.0.402'. [ 156.359565][ T7143] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.367378][ T7143] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.004148][ T7148] loop3: detected capacity change from 0 to 32768 [ 157.017838][ T7148] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.409 (7148) [ 157.069887][ T7148] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 157.087384][ T7148] BTRFS info (device loop3): using crc32c checksum algorithm [ 157.095331][ T7148] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 157.168021][ T7148] BTRFS info (device loop3): rebuilding free space tree [ 157.315819][ T7148] BTRFS info (device loop3): disabling free space tree [ 157.326586][ T7148] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 157.342233][ T7148] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 157.365279][ T7148] BTRFS info (device loop3): enabling ssd optimizations [ 157.372454][ T7148] BTRFS info (device loop3): turning on async discard [ 157.380541][ T7148] BTRFS info (device loop3): enabling disk space caching [ 157.387645][ T7148] BTRFS info (device loop3): force clearing of disk cache [ 157.395454][ T7148] BTRFS info (device loop3): use zstd compression, level 3 [ 157.709552][ T7192] loop1: detected capacity change from 0 to 2048 [ 157.790322][ T7192] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 157.854885][ T7192] EXT4-fs error (device loop1): ext4_iget_extra_inode:5028: inode #12: comm syz.1.416: corrupted in-inode xattr: invalid size in ea xattr [ 158.249982][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 158.266725][ T29] audit: type=1800 audit(1773312734.505:9): pid=7148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.409" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 158.397174][ T29] audit: type=1800 audit(1773312734.535:10): pid=7148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.409" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 158.659374][ T7143] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 158.673792][ T5838] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 159.625914][ T1149] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.639548][ T7212] loop3: detected capacity change from 0 to 1024 [ 159.675518][ T1149] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.729078][ T1149] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.776310][ T1149] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.920922][ T7207] loop4: detected capacity change from 0 to 32768 [ 159.949485][ T7207] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.419 (7207) [ 160.052692][ T7207] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 160.097483][ T7207] BTRFS info (device loop4): using blake2b checksum algorithm [ 160.126679][ T7217] hfsplus: xattr search failed [ 160.227135][ T7207] BTRFS info (device loop4): enabling ssd optimizations [ 160.267058][ T7207] BTRFS info (device loop4): turning on async discard [ 160.314040][ T7207] BTRFS info (device loop4): enabling free space tree [ 160.342359][ T7207] BTRFS info (device loop4): use zstd compression, level 3 [ 160.555817][ T29] audit: type=1800 audit(1773312736.763:11): pid=7207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.419" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 160.619229][ T7237] loop2: detected capacity change from 0 to 40427 [ 160.626775][ T7237] F2FS-fs: heap/no_heap options were deprecated [ 160.633301][ T7237] F2FS-fs: heap/no_heap options were deprecated [ 160.662522][ T7237] F2FS-fs (loop2): Image doesn't support compression [ 160.676364][ T7237] F2FS-fs (loop2): invalid crc value [ 160.758478][ T7237] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 160.774143][ T7237] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 161.064764][ T5840] syz-executor: attempt to access beyond end of device [ 161.064764][ T5840] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 161.093795][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 161.093824][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 161.093837][ T5840] Call Trace: [ 161.093845][ T5840] [ 161.093853][ T5840] dump_stack_lvl+0xe8/0x150 [ 161.093889][ T5840] f2fs_handle_critical_error+0x37c/0x540 [ 161.093923][ T5840] f2fs_write_end_io+0x1274/0x1740 [ 161.093975][ T5840] __submit_merged_bio+0x256/0x700 [ 161.094009][ T5840] __submit_merged_write_cond+0x3c9/0x4e0 [ 161.094045][ T5840] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 161.094105][ T5840] f2fs_write_data_pages+0x287e/0x34f0 [ 161.094172][ T5840] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 161.094217][ T5840] ? __pfx_css_rstat_updated+0x10/0x10 [ 161.094282][ T5840] ? mod_memcg_lruvec_state+0x208/0x220 [ 161.094313][ T5840] ? lru_gen_update_size+0x7c7/0xd10 [ 161.094354][ T5840] ? __lock_acquire+0x6b5/0x2cf0 [ 161.094406][ T5840] ? filemap_get_folios_tag+0x118/0x720 [ 161.094438][ T5840] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 161.094469][ T5840] do_writepages+0x32e/0x550 [ 161.094505][ T5840] ? do_raw_spin_unlock+0xf5/0x210 [ 161.094536][ T5840] filemap_fdatawrite+0x1e9/0x2f0 [ 161.094566][ T5840] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 161.094639][ T5840] ? do_raw_spin_unlock+0xf5/0x210 [ 161.094670][ T5840] f2fs_sync_dirty_inodes+0x30e/0x860 [ 161.094718][ T5840] f2fs_write_checkpoint+0x9df/0x26a0 [ 161.094785][ T5840] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 161.094859][ T5840] ? kfree+0x1c5/0x640 [ 161.094887][ T5840] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 161.094917][ T5840] kill_f2fs_super+0x314/0x720 [ 161.094954][ T5840] ? __pfx_kill_f2fs_super+0x10/0x10 [ 161.094998][ T5840] ? lockdep_hardirqs_on+0x7a/0x110 [ 161.095035][ T5840] deactivate_locked_super+0xbc/0x130 [ 161.095068][ T5840] cleanup_mnt+0x437/0x4d0 [ 161.095094][ T5840] ? _raw_spin_unlock_irq+0x23/0x50 [ 161.095130][ T5840] task_work_run+0x1d9/0x270 [ 161.095160][ T5840] ? __pfx_task_work_run+0x10/0x10 [ 161.095198][ T5840] exit_to_user_mode_loop+0xed/0x480 [ 161.095227][ T5840] ? rcu_is_watching+0x15/0xb0 [ 161.095253][ T5840] do_syscall_64+0x32d/0xf80 [ 161.095273][ T5840] ? trace_irq_disable+0x3b/0x150 [ 161.095297][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.095318][ T5840] ? clear_bhb_loop+0x40/0x90 [ 161.095344][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.095365][ T5840] RIP: 0033:0x7f5e8839d9d7 [ 161.095384][ T5840] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 161.095400][ T5840] RSP: 002b:00007ffcfae21198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 161.095422][ T5840] RAX: 0000000000000000 RBX: 00007f5e88432050 RCX: 00007f5e8839d9d7 [ 161.095436][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcfae21250 [ 161.095448][ T5840] RBP: 00007ffcfae21250 R08: 00007ffcfae22250 R09: 00000000ffffffff [ 161.095461][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfae222e0 [ 161.095474][ T5840] R13: 00007f5e88432050 R14: 0000000000027263 R15: 00007ffcfae22320 [ 161.095508][ T5840] [ 161.100044][ T5840] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 161.512801][ T5833] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 162.061199][ T7266] loop0: detected capacity change from 0 to 512 [ 162.105736][ T7266] ext4: Bad value for 'max_batch_time' [ 162.614102][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.656721][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 162.816368][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.834506][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.855135][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.946119][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 163.168127][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 163.258982][ T83] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.381592][ T83] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.689425][ T83] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.765451][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 163.783133][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 163.793760][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 163.802158][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 163.814402][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 163.906752][ T7294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.450'. [ 163.926917][ T83] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.941488][ T7294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.450'. [ 163.962617][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 163.977349][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 163.990230][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 163.998360][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 164.006182][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 164.464853][ T7303] loop4: detected capacity change from 0 to 2048 [ 164.500022][ T7303] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 164.542714][ T7303] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.800243][ T83] bridge_slave_1: left allmulticast mode [ 164.814429][ T83] bridge_slave_1: left promiscuous mode [ 164.840915][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.895092][ T83] bridge_slave_0: left allmulticast mode [ 164.911868][ T83] bridge_slave_0: left promiscuous mode [ 164.925913][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.987069][ T7313] loop4: detected capacity change from 0 to 4096 [ 165.143546][ T7314] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.491643][ T7320] loop2: detected capacity change from 0 to 1024 [ 165.540778][ T7320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.645306][ T29] audit: type=1800 audit(1773312741.890:12): pid=7325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.459" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 165.757753][ T7327] loop1: detected capacity change from 0 to 2048 [ 165.808025][ T83] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.853092][ T83] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.883378][ T83] .` (unregistering): Released all slaves [ 165.889828][ T5829] Bluetooth: hci2: command tx timeout [ 165.915934][ T7332] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.989172][ T5840] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.052783][ T5829] Bluetooth: hci3: command tx timeout [ 166.854595][ T7349] netlink: 44 bytes leftover after parsing attributes in process `syz.4.468'. [ 166.968321][ T7354] loop2: detected capacity change from 0 to 4096 [ 166.991068][ T7354] EXT4-fs (loop2): Test dummy encryption mode enabled [ 167.032144][ T7354] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.055743][ T7296] chnl_net:caif_netlink_parms(): no params data found [ 167.130249][ T7288] chnl_net:caif_netlink_parms(): no params data found [ 167.152486][ T7354] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 167.216023][ T83] hsr_slave_0: left promiscuous mode [ 167.231849][ T83] hsr_slave_1: left promiscuous mode [ 167.245480][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.258690][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.269489][ T5840] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.274423][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.289064][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.343346][ T83] veth1_macvtap: left promiscuous mode [ 167.360314][ T83] veth0_macvtap: left promiscuous mode [ 167.377522][ T83] veth1_vlan: left promiscuous mode [ 167.382970][ T83] veth0_vlan: left promiscuous mode [ 167.451593][ T7366] netlink: 24 bytes leftover after parsing attributes in process `syz.2.471'. [ 167.790193][ T83] team0 (unregistering): Port device team_slave_1 removed [ 167.818167][ T83] team0 (unregistering): Port device team_slave_0 removed [ 167.967989][ T5829] Bluetooth: hci2: command tx timeout [ 168.127153][ T5829] Bluetooth: hci3: command tx timeout [ 168.412651][ T7288] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.420179][ T7288] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.430020][ T7288] bridge_slave_0: entered allmulticast mode [ 168.440203][ T7288] bridge_slave_0: entered promiscuous mode [ 168.450151][ T7288] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.458274][ T7288] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.465644][ T7288] bridge_slave_1: entered allmulticast mode [ 168.486399][ T7288] bridge_slave_1: entered promiscuous mode [ 168.531038][ T5829] Bluetooth: hci5: command 0xfc11 tx timeout [ 168.531636][ T5841] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 168.588525][ T7296] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.596038][ T7296] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.604602][ T7296] bridge_slave_0: entered allmulticast mode [ 168.615571][ T7296] bridge_slave_0: entered promiscuous mode [ 168.625148][ T7296] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.632743][ T7296] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.640330][ T7296] bridge_slave_1: entered allmulticast mode [ 168.648879][ T7296] bridge_slave_1: entered promiscuous mode [ 168.846590][ T7288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.892155][ T7296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.922141][ T7288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.017916][ T7296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.087123][ T83] IPVS: stop unused estimator thread 0... [ 169.138799][ T7288] team0: Port device team_slave_0 added [ 169.153921][ T7288] team0: Port device team_slave_1 added [ 169.269712][ T7296] team0: Port device team_slave_0 added [ 169.296490][ T7296] team0: Port device team_slave_1 added [ 169.391177][ T7417] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 169.439945][ T7200] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 169.477362][ T7417] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.505618][ T7417] bond0 (unregistering): Released all slaves [ 169.614394][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.623517][ T7200] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 169.644187][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.645492][ T7200] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.704682][ T7288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.743788][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.749883][ T7200] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 169.769779][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.787457][ T7200] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.837156][ T7200] usb 5-1: config 0 descriptor?? [ 169.861458][ T7288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.870295][ T7200] hub 5-1:0.0: USB hub found [ 169.951147][ T7296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.959640][ T7296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.005970][ T7296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.050342][ T5841] Bluetooth: hci2: command tx timeout [ 170.070726][ T7200] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 170.175817][ T7439] netlink: 'syz.1.488': attribute type 20 has an invalid length. [ 170.184016][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.1.488'. [ 170.215579][ T5841] Bluetooth: hci3: command tx timeout [ 170.273051][ T83] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.304612][ T7296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.311862][ T7296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.338534][ T7296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.371807][ T7200] hid-generic 0003:046D:C31C.0006: item fetching failed at offset 0/1 [ 170.400406][ T7439] netlink: 'syz.1.488': attribute type 20 has an invalid length. [ 170.401972][ T7200] hid-generic 0003:046D:C31C.0006: probe with driver hid-generic failed with error -22 [ 170.428460][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.1.488'. [ 170.462771][ T35] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.478464][ T35] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.556979][ T83] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.645861][ T35] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.658493][ T7150] usb 5-1: USB disconnect, device number 4 [ 170.665320][ T35] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.769839][ T7288] hsr_slave_0: entered promiscuous mode [ 170.790566][ T7288] hsr_slave_1: entered promiscuous mode [ 170.803640][ T7288] debugfs: 'hsr0' already exists in 'hsr' [ 170.818290][ T7288] Cannot create hsr debugfs directory [ 170.871161][ T83] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.002072][ T7296] hsr_slave_0: entered promiscuous mode [ 171.022113][ T7296] hsr_slave_1: entered promiscuous mode [ 171.029984][ T7296] debugfs: 'hsr0' already exists in 'hsr' [ 171.035782][ T7296] Cannot create hsr debugfs directory [ 171.047739][ T7448] 9pnet: p9_errstr2errno: server reported unknown error 0x0000 [ 171.201801][ T83] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.139329][ T5841] Bluetooth: hci2: command tx timeout [ 172.288868][ T5841] Bluetooth: hci3: command tx timeout [ 172.615946][ T83] bridge_slave_1: left allmulticast mode [ 172.628356][ T83] bridge_slave_1: left promiscuous mode [ 172.645566][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.664959][ T83] bridge_slave_0: left allmulticast mode [ 172.673149][ T83] bridge_slave_0: left promiscuous mode [ 172.679751][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.291211][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 173.318446][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 173.339785][ T83] bond0 (unregistering): Released all slaves [ 173.634860][ T7296] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 173.653439][ T7296] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 173.817270][ T7296] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 173.882513][ T7296] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 174.242398][ T83] hsr_slave_0: left promiscuous mode [ 174.266274][ T83] hsr_slave_1: left promiscuous mode [ 174.276254][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.304526][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.352083][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.386272][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 174.394503][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 174.406730][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 174.417295][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 174.430653][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 174.441120][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 174.476223][ T83] veth1_macvtap: left promiscuous mode [ 174.489706][ T83] veth0_macvtap: left promiscuous mode [ 175.028082][ T83] team0 (unregistering): Port device team_slave_1 removed [ 175.063665][ T83] team0 (unregistering): Port device team_slave_0 removed [ 175.547530][ T7288] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 175.681883][ T7288] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 175.727509][ T7288] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 175.835385][ T7288] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 176.530561][ T5841] Bluetooth: hci4: command tx timeout [ 176.817134][ T7596] netlink: 12 bytes leftover after parsing attributes in process `syz.1.531'. [ 177.011820][ T7601] netlink: 12 bytes leftover after parsing attributes in process `syz.1.532'. [ 177.022336][ T7601] block nbd0: Unsupported socket: should be TCP or UNIX. [ 177.112011][ T7296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.128398][ T7533] chnl_net:caif_netlink_parms(): no params data found [ 177.379751][ T7296] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.395594][ T7533] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.407390][ T7533] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.421669][ T7533] bridge_slave_0: entered allmulticast mode [ 177.433172][ T7533] bridge_slave_0: entered promiscuous mode [ 177.466038][ T7533] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.491804][ T7533] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.503112][ T7533] bridge_slave_1: entered allmulticast mode [ 177.518797][ T7533] bridge_slave_1: entered promiscuous mode [ 177.527059][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.534'. [ 177.616997][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.624299][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.838432][ T7533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.876661][ T7533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.943519][ T6229] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.950863][ T6229] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.197696][ T7533] team0: Port device team_slave_0 added [ 178.223797][ T7288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.234515][ T83] bridge_slave_1: left allmulticast mode [ 178.243583][ T83] bridge_slave_1: left promiscuous mode [ 178.249789][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.266366][ T83] bridge_slave_0: left allmulticast mode [ 178.281300][ T83] bridge_slave_0: left promiscuous mode [ 178.288413][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.611252][ T5841] Bluetooth: hci4: command tx timeout [ 178.642352][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 178.674200][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.709417][ T7643] ------------[ cut here ]------------ [ 178.715767][ T7643] address < vma->vm_start || address + (nr << 12) > vma->vm_end [ 178.715811][ T7643] WARNING: mm/rmap.c:1682 at folio_add_new_anon_rmap+0x5fe/0x14b0, CPU#1: syz.1.539/7643 [ 178.735380][ T7643] Modules linked in: [ 178.740311][ T7643] CPU: 1 UID: 0 PID: 7643 Comm: syz.1.539 Not tainted syzkaller #0 PREEMPT(full) [ 178.749650][ T7643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 178.762154][ T7643] RIP: 0010:folio_add_new_anon_rmap+0x5fe/0x14b0 [ 178.768549][ T7643] Code: 89 f5 4d 8b 36 4c 89 e7 4c 89 f6 e8 ec aa a9 ff 4d 39 f4 73 1a e8 82 a8 a9 ff 4c 8b 74 24 10 49 bc 00 00 00 00 00 fc ff df 90 <0f> 0b 90 eb 5a 44 89 f8 c1 e0 0c 48 98 49 01 c4 49 83 c5 08 4c 89 [ 178.788495][ T7643] RSP: 0018:ffffc900036f75a0 EFLAGS: 00010287 [ 178.795078][ T7643] RAX: ffffffff821d041e RBX: ffffea0001a366c0 RCX: 0000000000080000 [ 178.803236][ T7643] RDX: ffffc90004a3a000 RSI: 000000000004485b RDI: 000000000004485c [ 178.811369][ T7643] RBP: 0000000000000000 R08: ffffea0001a366c7 R09: 1ffffd4000346cd8 [ 178.819391][ T7643] R10: dffffc0000000000 R11: fffff94000346cd9 R12: dffffc0000000000 [ 178.827562][ T7643] R13: ffff8880783be648 R14: ffffea0001a366c8 R15: 0000000000000001 [ 178.835641][ T7643] FS: 00007f3d18dd06c0(0000) GS:ffff88812553e000(0000) knlGS:0000000000000000 [ 178.845017][ T7643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.851764][ T7643] CR2: 0000200000460000 CR3: 0000000059acc000 CR4: 00000000003526f0 [ 178.859783][ T7643] Call Trace: [ 178.863134][ T7643] [ 178.866112][ T7643] mfill_atomic_install_pte+0x578/0x870 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 178.871748][ T7643] ? __pfx_mfill_atomic_install_pte+0x10/0x10 [ 178.877868][ T7643] ? mfill_copy_folio_retry+0x3a3/0x480 [ 178.883622][ T7643] __mfill_atomic_pte+0x3c4/0x5f0 [ 178.889260][ T7643] mfill_atomic_copy+0x4d9/0x1330 [ 178.894412][ T7643] ? __kernel_text_address+0xd/0x30 [ 178.899662][ T7643] ? arch_stack_walk+0xfb/0x150 [ 178.904650][ T7643] ? __pfx_mfill_atomic_copy+0x10/0x10 [ 178.910167][ T7643] userfaultfd_ioctl+0x2b8a/0x4b00 [ 178.915398][ T7643] ? __kasan_slab_free+0x5c/0x80 [ 178.920462][ T7643] ? kfree+0x1c5/0x640 [ 178.924657][ T7643] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 178.930206][ T7643] ? kasan_quarantine_put+0xbb/0x1f0 [ 178.935728][ T7643] ? tomoyo_path_number_perm+0x219/0x630 [ 178.941527][ T7643] ? tomoyo_path_number_perm+0x219/0x630 [ 178.947502][ T7643] ? do_vfs_ioctl+0x1166/0x1530 [ 178.952471][ T7643] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 178.957559][ T7643] ? do_futex+0x333/0x420 [ 178.962081][ T7643] ? __fget_files+0x2a/0x420 [ 178.966739][ T7643] ? __fget_files+0x2a/0x420 [ 178.971498][ T7643] ? __fget_files+0x3a0/0x420 [ 178.976254][ T7643] ? __fget_files+0x2a/0x420 [ 178.980956][ T7643] ? bpf_lsm_file_ioctl+0x9/0x20 [ 178.985934][ T7643] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 178.991588][ T7643] __se_sys_ioctl+0xfc/0x170 [ 178.996229][ T7643] do_syscall_64+0x14d/0xf80 [ 179.000904][ T7643] ? trace_irq_disable+0x3b/0x150 [ 179.006151][ T7643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.012349][ T7643] ? clear_bhb_loop+0x40/0x90 [ 179.018625][ T7643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.025433][ T7643] RIP: 0033:0x7f3d17f9c799 [ 179.029902][ T7643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.049809][ T7643] RSP: 002b:00007f3d18dd0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.058351][ T7643] RAX: ffffffffffffffda RBX: 00007f3d18215fa0 RCX: 00007f3d17f9c799 [ 179.066492][ T7643] RDX: 0000200000000040 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 179.074641][ T7643] RBP: 00007f3d18032c99 R08: 0000000000000000 R09: 0000000000000000 [ 179.082731][ T7643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.090867][ T7643] R13: 00007f3d18216038 R14: 00007f3d18215fa0 R15: 00007ffdf5ebf278 [ 179.098937][ T7643] [ 179.102051][ T7643] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 179.109374][ T7643] CPU: 1 UID: 0 PID: 7643 Comm: syz.1.539 Not tainted syzkaller #0 PREEMPT(full) [ 179.118602][ T7643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 179.128695][ T7643] Call Trace: [ 179.132011][ T7643] [ 179.134975][ T7643] vpanic+0x56c/0xa60 [ 179.139007][ T7643] ? __pfx__printk+0x10/0x10 [ 179.143635][ T7643] ? __pfx_vpanic+0x10/0x10 [ 179.148189][ T7643] ? is_bpf_text_address+0x292/0x2b0 [ 179.153523][ T7643] ? is_bpf_text_address+0x26/0x2b0 [ 179.158778][ T7643] panic+0xc5/0xd0 [ 179.162545][ T7643] ? __pfx_panic+0x10/0x10 [ 179.167106][ T7643] __warn+0x315/0x4f0 [ 179.171120][ T7643] ? folio_add_new_anon_rmap+0x5fe/0x14b0 [ 179.176862][ T7643] ? folio_add_new_anon_rmap+0x5fe/0x14b0 [ 179.182605][ T7643] __report_bug+0x29a/0x540 [ 179.187153][ T7643] ? folio_add_new_anon_rmap+0x5fe/0x14b0 [ 179.192895][ T7643] ? __pfx___report_bug+0x10/0x10 [ 179.197944][ T7643] ? __lock_acquire+0x6b5/0x2cf0 [ 179.202923][ T7643] ? folio_add_new_anon_rmap+0x5fe/0x14b0 [ 179.208664][ T7643] report_bug+0x16a/0x220 [ 179.213022][ T7643] ? folio_add_new_anon_rmap+0x5fe/0x14b0 [ 179.218760][ T7643] ? folio_add_new_anon_rmap+0x600/0x14b0 [ 179.224497][ T7643] handle_bug+0x9c/0x200 [ 179.228766][ T7643] exc_invalid_op+0x1a/0x50 [ 179.233290][ T7643] asm_exc_invalid_op+0x1a/0x20 [ 179.238161][ T7643] RIP: 0010:folio_add_new_anon_rmap+0x5fe/0x14b0 [ 179.244504][ T7643] Code: 89 f5 4d 8b 36 4c 89 e7 4c 89 f6 e8 ec aa a9 ff 4d 39 f4 73 1a e8 82 a8 a9 ff 4c 8b 74 24 10 49 bc 00 00 00 00 00 fc ff df 90 <0f> 0b 90 eb 5a 44 89 f8 c1 e0 0c 48 98 49 01 c4 49 83 c5 08 4c 89 [ 179.264127][ T7643] RSP: 0018:ffffc900036f75a0 EFLAGS: 00010287 [ 179.270214][ T7643] RAX: ffffffff821d041e RBX: ffffea0001a366c0 RCX: 0000000000080000 [ 179.278203][ T7643] RDX: ffffc90004a3a000 RSI: 000000000004485b RDI: 000000000004485c [ 179.286188][ T7643] RBP: 0000000000000000 R08: ffffea0001a366c7 R09: 1ffffd4000346cd8 [ 179.294176][ T7643] R10: dffffc0000000000 R11: fffff94000346cd9 R12: dffffc0000000000 [ 179.302163][ T7643] R13: ffff8880783be648 R14: ffffea0001a366c8 R15: 0000000000000001 [ 179.310159][ T7643] ? folio_add_new_anon_rmap+0xc7e/0x14b0 [ 179.315923][ T7643] mfill_atomic_install_pte+0x578/0x870 [ 179.321500][ T7643] ? __pfx_mfill_atomic_install_pte+0x10/0x10 [ 179.327593][ T7643] ? mfill_copy_folio_retry+0x3a3/0x480 [ 179.333162][ T7643] __mfill_atomic_pte+0x3c4/0x5f0 [ 179.338218][ T7643] mfill_atomic_copy+0x4d9/0x1330 [ 179.343268][ T7643] ? __kernel_text_address+0xd/0x30 [ 179.348505][ T7643] ? arch_stack_walk+0xfb/0x150 [ 179.353403][ T7643] ? __pfx_mfill_atomic_copy+0x10/0x10 [ 179.358890][ T7643] userfaultfd_ioctl+0x2b8a/0x4b00 [ 179.364022][ T7643] ? __kasan_slab_free+0x5c/0x80 [ 179.368976][ T7643] ? kfree+0x1c5/0x640 [ 179.373080][ T7643] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 179.378606][ T7643] ? kasan_quarantine_put+0xbb/0x1f0 [ 179.383925][ T7643] ? tomoyo_path_number_perm+0x219/0x630 [ 179.389581][ T7643] ? tomoyo_path_number_perm+0x219/0x630 [ 179.395232][ T7643] ? do_vfs_ioctl+0x1166/0x1530 [ 179.400116][ T7643] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 179.405166][ T7643] ? do_futex+0x333/0x420 [ 179.409529][ T7643] ? __fget_files+0x2a/0x420 [ 179.414187][ T7643] ? __fget_files+0x2a/0x420 [ 179.418791][ T7643] ? __fget_files+0x3a0/0x420 [ 179.423503][ T7643] ? __fget_files+0x2a/0x420 [ 179.428121][ T7643] ? bpf_lsm_file_ioctl+0x9/0x20 [ 179.433072][ T7643] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 179.438554][ T7643] __se_sys_ioctl+0xfc/0x170 [ 179.443163][ T7643] do_syscall_64+0x14d/0xf80 [ 179.447785][ T7643] ? trace_irq_disable+0x3b/0x150 [ 179.452843][ T7643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.458937][ T7643] ? clear_bhb_loop+0x40/0x90 [ 179.463649][ T7643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.469573][ T7643] RIP: 0033:0x7f3d17f9c799 [ 179.474010][ T7643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.493634][ T7643] RSP: 002b:00007f3d18dd0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.502249][ T7643] RAX: ffffffffffffffda RBX: 00007f3d18215fa0 RCX: 00007f3d17f9c799 [ 179.510252][ T7643] RDX: 0000200000000040 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 179.518254][ T7643] RBP: 00007f3d18032c99 R08: 0000000000000000 R09: 0000000000000000 [ 179.526251][ T7643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.534323][ T7643] R13: 00007f3d18216038 R14: 00007f3d18215fa0 R15: 00007ffdf5ebf278 [ 179.542350][ T7643] [ 179.546244][ T7643] Kernel Offset: disabled [ 179.550586][ T7643] Rebooting in 86400 seconds..