last executing test programs: 4.949713914s ago: executing program 4 (id=598): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="024068a4e7679ffdbe27d632768df5a5", 0x10}], 0x1}, 0x44151) recvmmsg(r1, 0x0, 0x0, 0x2160, 0x0) 4.866473399s ago: executing program 4 (id=599): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = socket(0x400000000010, 0x2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40008000}, 0x4000) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 4.804909558s ago: executing program 4 (id=601): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000180)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q") prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0)) 3.635642278s ago: executing program 1 (id=615): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r3, 0x0, 0x0) 3.63494212s ago: executing program 3 (id=616): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) setresuid(0x0, 0xee01, 0x0) r5 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f00000000c0)={0xfffffffd, 0x7fffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x13, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @fallback=0x2c}, 0x94) openat(0xffffffffffffff9c, 0x0, 0x242, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) 2.939772258s ago: executing program 2 (id=621): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xe, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x3, 0xf], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 2.783163426s ago: executing program 3 (id=622): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'veth0_to_team\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 2.771034962s ago: executing program 1 (id=623): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r4, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}}}, 0x108) 2.75145895s ago: executing program 2 (id=624): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="024068a4e7679ffdbe27d632768df5a5", 0x10}], 0x1}, 0x44151) recvmmsg(r1, 0x0, 0x0, 0x2160, 0x0) 2.624387066s ago: executing program 2 (id=626): socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000240)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000000000000000000000000007037ef21cd08ba66e68fea804b2ac35647ce7ebd623eb83c78be424ad31b90ff35750a8c92dbcafe4aea1e500f8a908f3c767788e4f7c412f217", @ANYRES32=0x0, @ANYBLOB], 0x48) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={0x0}, 0x1, 0x0, 0x0, 0x40001}, 0x0) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) recvfrom$llc(r0, 0x0, 0x0, 0x40010001, 0x0, 0x0) listen(r0, 0xd) 2.62113297s ago: executing program 3 (id=627): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[], 0x80}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) 2.258463747s ago: executing program 4 (id=629): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40008000}, 0x4000) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 2.093303423s ago: executing program 4 (id=632): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) setresuid(0x0, 0xee01, 0x0) r5 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f00000000c0)={0xfffffffd, 0x7fffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x13, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @fallback=0x2c}, 0x94) openat(0xffffffffffffff9c, 0x0, 0x242, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) 2.080217023s ago: executing program 0 (id=633): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r3, 0x0, 0x0) 1.671671037s ago: executing program 1 (id=634): shutdown(0xffffffffffffffff, 0x0) socket$packet(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x54, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {}, {0xfff2, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'dummy0\x00'}, @TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}}]}}]}, 0x54}}, 0x20040054) 1.658441652s ago: executing program 3 (id=635): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xe, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x3, 0xf], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 1.614122599s ago: executing program 1 (id=636): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000400)='./file3\x00', 0x1210858, &(0x7f0000000040)=ANY=[], 0xfd, 0x1d1, &(0x7f0000000440)="$eJzslj2v0lAYx//nlBQwGhNHFwdJ1MHSFjUuJLI4OZj4QhxMJFIJUsRAByEx6Cdwd3Nw9wuY6OqHMOiiC04615yXliOhCNwL3OQ+v4Sn/1POy9PnNP9TEARxbPn+7c8k/l39UQBwEiXk9f2f1qwPN/p/Lfx6+fnWzfqbh++/5CdOcdGccbz6+jkAn2oWonTsv6NL+noXPNX3wHFJ6zoYHK0fgeO+1gEYHmj91NA90d9xnrTDwHncC5tCuCJ4IvgiVObzm75maBr5MeP/wXDUaYRh0N+i+F/9pjWOqpGfuV8OVLauUT8PHJ7WFTDc0fo68kltVEmM5z+bm81vLX1+G9uuiEhljVFnTmVulQ1gszQAdlh7j1f6ld3mO5QhLEiR7OiOV9+BQO5IpLGG2GQvPt5QY5I78Vi1ZZ/TGRPG4xWXsLFR5VN/it8xXDD8SVnJW3nUlKPu8/JgOLrc7jZaQSt45vuVa+4V173ql6URqbjE/4rSn07M5l94JglsZuNFI4r6nopp21dxkeNy6X8cF8+rtnBTe27egqGZ/nF5ld7b+ZCZPUEQxP44ByY9WfpyIvRpAuNb9/YecyQIgiAIgiAIgiAI4mD8DQAA//80kEvd") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) chdir(&(0x7f0000000000)='./file0\x00') 1.469607346s ago: executing program 2 (id=637): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="024068a4e7679ffdbe27d632768df5a5", 0x10}], 0x1}, 0x44151) recvmmsg(r1, &(0x7f00000009c0), 0x0, 0x2160, 0x0) 1.467806681s ago: executing program 3 (id=638): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'veth0_to_team\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(0x0, r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 1.398577537s ago: executing program 2 (id=639): accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000200)=0x1c, 0x800) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40042) unshare(0x22020600) socket$igmp6(0xa, 0x3, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) shutdown(r0, 0x1) 1.331747911s ago: executing program 2 (id=640): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000180)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q") prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0)) 1.214332735s ago: executing program 4 (id=641): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f00000001c0)="f14a18f6", 0x4) sendfile(r2, r0, 0x0, 0x40001) sendfile(r2, r1, 0x0, 0x7ffff000) syz_clone(0x400a1400, 0x0, 0x0, 0x0, 0x0, 0x0) 1.201334893s ago: executing program 0 (id=642): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x2}]}}}, {0x10, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0) 1.11771257s ago: executing program 0 (id=643): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1/\x00\x82q\xee\xe5\xa0\xbd\xc2\x98#YP\xee\x9c2G\xf0\x81x\x97'}, 0x30) socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6400000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000004018000780050003001f0000000c00018008000140ffffffff05000500020000000500010006"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff0800"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 966.29777ms ago: executing program 0 (id=644): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r4, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}}}, 0x108) 521.653232ms ago: executing program 1 (id=645): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40008000}, 0x4000) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 102.038524ms ago: executing program 1 (id=646): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[], 0x80}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) 54.890184ms ago: executing program 0 (id=647): shutdown(0xffffffffffffffff, 0x0) socket$packet(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x54, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {}, {0xfff2, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'dummy0\x00'}, @TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}}]}}]}, 0x54}}, 0x20040054) 19.878924ms ago: executing program 3 (id=648): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000feffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000000)=r2, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newlink={0x20, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4804}}, 0x20}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0) 0s ago: executing program 0 (id=649): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xe, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x3, 0xf], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.243' (ED25519) to the list of known hosts. [ 31.279884][ T6537] cgroup: Unknown subsys name 'net' [ 31.421252][ T6537] cgroup: Unknown subsys name 'cpuset' [ 31.423282][ T6537] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 31.539324][ T6537] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 33.639161][ T6555] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 33.640927][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 33.641415][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 33.641569][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 33.645290][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 33.645383][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 33.648581][ T6558] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 33.650809][ T6561] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 33.651167][ T6561] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 33.651272][ T6561] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 33.655113][ T6561] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 33.655191][ T6561] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 33.655384][ T6561] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 33.655859][ T6561] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 33.656117][ T6561] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 33.656351][ T6561] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 33.656751][ T6561] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 33.658366][ T6561] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 33.659148][ T6561] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 33.659368][ T6561] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 33.659688][ T6561] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 33.660768][ T6561] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 33.662322][ T6124] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 33.662610][ T6124] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 33.663422][ T6124] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 33.830805][ T6547] chnl_net:caif_netlink_parms(): no params data found [ 33.837957][ T6557] chnl_net:caif_netlink_parms(): no params data found [ 33.840934][ T6550] chnl_net:caif_netlink_parms(): no params data found [ 33.905413][ T6547] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.905809][ T6547] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.906250][ T6547] bridge_slave_0: entered allmulticast mode [ 33.906945][ T6547] bridge_slave_0: entered promiscuous mode [ 33.908180][ T6549] chnl_net:caif_netlink_parms(): no params data found [ 33.921499][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.922714][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.923945][ T6557] bridge_slave_0: entered allmulticast mode [ 33.925343][ T6557] bridge_slave_0: entered promiscuous mode [ 33.928640][ T6547] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.929645][ T6547] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.929730][ T6547] bridge_slave_1: entered allmulticast mode [ 33.931407][ T6547] bridge_slave_1: entered promiscuous mode [ 33.936893][ T6548] chnl_net:caif_netlink_parms(): no params data found [ 33.941500][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.941530][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.941588][ T6557] bridge_slave_1: entered allmulticast mode [ 33.941993][ T6557] bridge_slave_1: entered promiscuous mode [ 33.959583][ T6547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.960482][ T6547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.967667][ T6557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.969408][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.969488][ T6550] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.969581][ T6550] bridge_slave_0: entered allmulticast mode [ 33.969981][ T6550] bridge_slave_0: entered promiscuous mode [ 33.970676][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.970692][ T6550] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.970749][ T6550] bridge_slave_1: entered allmulticast mode [ 33.971352][ T6550] bridge_slave_1: entered promiscuous mode [ 33.990662][ T6547] team0: Port device team_slave_0 added [ 33.999272][ T6557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.008115][ T6547] team0: Port device team_slave_1 added [ 34.010861][ T6550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.011807][ T6550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.031265][ T6550] team0: Port device team_slave_0 added [ 34.031979][ T6550] team0: Port device team_slave_1 added [ 34.035441][ T6557] team0: Port device team_slave_0 added [ 34.037218][ T6557] team0: Port device team_slave_1 added [ 34.049217][ T6547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.049238][ T6547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.049251][ T6547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.067501][ T6549] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.067620][ T6549] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.067970][ T6549] bridge_slave_0: entered allmulticast mode [ 34.068391][ T6549] bridge_slave_0: entered promiscuous mode [ 34.069669][ T6547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.069677][ T6547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.069692][ T6547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.078685][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.078695][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.078707][ T6550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.079243][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.079249][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.079264][ T6550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.084161][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.084170][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.084180][ T6557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.084503][ T6549] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.084600][ T6549] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.085128][ T6549] bridge_slave_1: entered allmulticast mode [ 34.085554][ T6549] bridge_slave_1: entered promiscuous mode [ 34.093611][ T6548] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.093645][ T6548] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.093720][ T6548] bridge_slave_0: entered allmulticast mode [ 34.094153][ T6548] bridge_slave_0: entered promiscuous mode [ 34.095846][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.095855][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.095871][ T6557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.107322][ T6547] hsr_slave_0: entered promiscuous mode [ 34.107655][ T6547] hsr_slave_1: entered promiscuous mode [ 34.117083][ T6549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.117214][ T6548] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.117274][ T6548] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.117322][ T6548] bridge_slave_1: entered allmulticast mode [ 34.118077][ T6548] bridge_slave_1: entered promiscuous mode [ 34.132865][ T6549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.141951][ T6550] hsr_slave_0: entered promiscuous mode [ 34.142256][ T6550] hsr_slave_1: entered promiscuous mode [ 34.142421][ T6550] debugfs: 'hsr0' already exists in 'hsr' [ 34.142461][ T6550] Cannot create hsr debugfs directory [ 34.147277][ T6557] hsr_slave_0: entered promiscuous mode [ 34.147571][ T6557] hsr_slave_1: entered promiscuous mode [ 34.147748][ T6557] debugfs: 'hsr0' already exists in 'hsr' [ 34.147758][ T6557] Cannot create hsr debugfs directory [ 34.156058][ T6548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.158578][ T6548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.169335][ T6549] team0: Port device team_slave_0 added [ 34.177748][ T6548] team0: Port device team_slave_0 added [ 34.179384][ T6549] team0: Port device team_slave_1 added [ 34.190421][ T6548] team0: Port device team_slave_1 added [ 34.211436][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.212149][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.212170][ T6549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.212722][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.212731][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.212744][ T6549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.228253][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.228280][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.228293][ T6548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.229108][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.229114][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.229122][ T6548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.238131][ T6549] hsr_slave_0: entered promiscuous mode [ 34.238406][ T6549] hsr_slave_1: entered promiscuous mode [ 34.238587][ T6549] debugfs: 'hsr0' already exists in 'hsr' [ 34.238599][ T6549] Cannot create hsr debugfs directory [ 34.293358][ T6548] hsr_slave_0: entered promiscuous mode [ 34.293657][ T6548] hsr_slave_1: entered promiscuous mode [ 34.293814][ T6548] debugfs: 'hsr0' already exists in 'hsr' [ 34.293823][ T6548] Cannot create hsr debugfs directory [ 34.354586][ T6547] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 34.357451][ T6547] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 34.366874][ T6547] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 34.376332][ T6547] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 34.396652][ T6550] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 34.398992][ T6550] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 34.402896][ T6550] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 34.405369][ T6550] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 34.420783][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.420828][ T6550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.421055][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.421085][ T6550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.427395][ T6547] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.427437][ T6547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.427497][ T6547] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.427520][ T6547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.435216][ T6557] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 34.438515][ T6557] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 34.447916][ T6557] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 34.450473][ T6557] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 34.473952][ T6548] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 34.476458][ T6548] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 34.479215][ T6548] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 34.482897][ T6548] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 34.493058][ T6547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.507004][ T6547] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.508996][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.509038][ T6557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.509105][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.509127][ T6557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.517123][ T6548] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.517156][ T6548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.517228][ T6548] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.517261][ T6548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.524201][ T4826] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.525994][ T4826] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.527596][ T4826] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.529496][ T4826] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.531351][ T4826] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.536019][ T4826] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.537799][ T4826] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.548345][ T4826] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.548384][ T4826] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.562637][ T6550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.566085][ T6550] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.576665][ T4826] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.576704][ T4826] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.586207][ T6557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.588210][ T6549] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 34.592694][ T6549] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 34.594835][ T6549] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 34.597249][ T6549] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 34.608457][ T6557] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.617596][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.617639][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.624355][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.624396][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.631992][ T6548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.638958][ T6550] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.638996][ T6550] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.647008][ T6549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.651019][ T6547] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.654433][ T1958] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.654474][ T1958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.662371][ T6548] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.667129][ T6557] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.668213][ T6557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.674424][ T6549] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.693075][ T1958] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.693123][ T1958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.695734][ T1958] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.695763][ T1958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.707115][ T6549] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.708903][ T6549] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.720632][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.720681][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.731373][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.731509][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.767826][ T6550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.797544][ T6557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.822289][ T6547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.826126][ T6549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.833364][ T6550] veth0_vlan: entered promiscuous mode [ 34.836166][ T6550] veth1_vlan: entered promiscuous mode [ 34.842778][ T6550] veth0_macvtap: entered promiscuous mode [ 34.852877][ T6548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.862210][ T6550] veth1_macvtap: entered promiscuous mode [ 34.868989][ T6557] veth0_vlan: entered promiscuous mode [ 34.880467][ T6547] veth0_vlan: entered promiscuous mode [ 34.884672][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.888871][ T6557] veth1_vlan: entered promiscuous mode [ 34.898328][ T6557] veth0_macvtap: entered promiscuous mode [ 34.899268][ T6557] veth1_macvtap: entered promiscuous mode [ 34.904390][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.916221][ T6547] veth1_vlan: entered promiscuous mode [ 34.917532][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.917719][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.917741][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.917759][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.924267][ T6547] veth0_macvtap: entered promiscuous mode [ 34.925141][ T6547] veth1_macvtap: entered promiscuous mode [ 34.927970][ T6547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.928813][ T6547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.932316][ T4826] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.932740][ T4826] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.933121][ T4826] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.933511][ T4826] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.959484][ T6548] veth0_vlan: entered promiscuous mode [ 34.978385][ T6549] veth0_vlan: entered promiscuous mode [ 34.982688][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.986554][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.992855][ T6548] veth1_vlan: entered promiscuous mode [ 34.998082][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.998748][ T6549] veth1_vlan: entered promiscuous mode [ 35.002672][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.016066][ T42] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.016232][ T6649] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.016264][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.016272][ T6649] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.016291][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.016301][ T6649] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.021909][ T4826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.021918][ T4826] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.039239][ T6549] veth0_macvtap: entered promiscuous mode [ 35.052588][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.052619][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.055904][ T6549] veth1_macvtap: entered promiscuous mode [ 35.062503][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.071867][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.078955][ T41] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.079027][ T41] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.079060][ T41] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.079087][ T41] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.088233][ T6548] veth0_macvtap: entered promiscuous mode [ 35.092381][ T6550] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 35.100694][ T6548] veth1_macvtap: entered promiscuous mode [ 35.106070][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.111615][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.113182][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.136922][ T6666] loop0: detected capacity change from 0 to 2048 [ 35.157873][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.169501][ T6649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.171046][ T6649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.181384][ T6666] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 35.216955][ T6667] loop1: detected capacity change from 0 to 32768 [ 35.225382][ T6667] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2 (6667) [ 35.231721][ T41] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.231828][ T41] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.231850][ T41] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.231864][ T41] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.246257][ T6667] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 35.246384][ T6667] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 35.246418][ T6667] BTRFS info (device loop1): disk space caching is enabled [ 35.246469][ T6667] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 35.276881][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.276914][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.313305][ T6684] loop2: detected capacity change from 0 to 4096 [ 35.337865][ T6667] BTRFS info (device loop1): rebuilding free space tree [ 35.357007][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.357045][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.363239][ T6667] BTRFS info (device loop1): disabling free space tree [ 35.364577][ T6667] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 35.364606][ T6667] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 35.397049][ T6649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.397077][ T6649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.408096][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.408125][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.469494][ T6547] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 35.489059][ T6675] loop0: detected capacity change from 0 to 32768 [ 35.578086][ T6675] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 35.759962][ T52] Bluetooth: hci3: command tx timeout [ 35.760225][ T52] Bluetooth: hci4: command tx timeout [ 35.760537][ T52] Bluetooth: hci0: command tx timeout [ 35.760693][ T52] Bluetooth: hci1: command tx timeout [ 35.761565][ T6555] Bluetooth: hci2: command tx timeout [ 35.858068][ T6675] XFS (loop0): Ending clean mount [ 35.894874][ T6695] loop4: detected capacity change from 0 to 32768 [ 35.948788][ T6550] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 35.957257][ T6707] syzkaller0: entered promiscuous mode [ 35.957291][ T6707] syzkaller0: entered allmulticast mode [ 35.971097][ T6695] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 35.977172][ T6707] tipc: Started in network mode [ 35.977197][ T6707] tipc: Node identity , cluster identity 4711 [ 35.977205][ T6707] tipc: Failed to obtain node identity [ 35.977216][ T6707] tipc: Enabling of bearer rejected, failed to enable media [ 35.981891][ T6695] allowing incompatible features above 0.0: (unknown version) [ 35.983327][ T6695] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 35.986052][ T6695] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 35.987656][ T6695] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 35.989294][ T6695] bcachefs (loop4): Version upgrade required: [ 35.989294][ T6695] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 35.989294][ T6695] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 35.989294][ T6695] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 36.000643][ T6695] bcachefs (loop4): dropping and reconstructing all alloc info [ 36.008690][ T6695] bcachefs (loop4): accounting_read... done [ 36.052605][ T6695] bcachefs (loop4): alloc_read... done [ 36.052710][ T6695] bcachefs (loop4): snapshots_read... done [ 36.053013][ T6695] bcachefs (loop4): done starting filesystem [ 36.106050][ T6689] loop3: detected capacity change from 0 to 40427 [ 36.118811][ T6689] F2FS-fs (loop3): build fault injection rate: 771 [ 36.121312][ T6689] F2FS-fs (loop3): invalid crc value [ 36.157615][ T6689] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 36.165927][ T6549] bcachefs (loop4): shutting down [ 36.168698][ T6689] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 36.224178][ T6549] bcachefs (loop4): shutdown complete [ 36.288943][ T6548] syz-executor: attempt to access beyond end of device [ 36.288943][ T6548] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 36.295645][ T6548] CPU: 1 UID: 0 PID: 6548 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 36.295667][ T6548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 36.295672][ T6548] Call trace: [ 36.295676][ T6548] show_stack+0x2c/0x3c (C) [ 36.295693][ T6548] __dump_stack+0x30/0x40 [ 36.295704][ T6548] dump_stack_lvl+0xd8/0x12c [ 36.295711][ T6548] dump_stack+0x1c/0x28 [ 36.295717][ T6548] f2fs_handle_critical_error+0x34c/0x4b8 [ 36.295725][ T6548] f2fs_stop_checkpoint+0x5c/0x70 [ 36.295733][ T6548] f2fs_write_end_io+0x768/0xa70 [ 36.295739][ T6548] bio_endio+0x804/0x840 [ 36.295745][ T6548] submit_bio_noacct+0x158/0x176c [ 36.295750][ T6548] submit_bio+0x3b4/0x550 [ 36.295755][ T6548] f2fs_submit_write_bio+0x13c/0x324 [ 36.295760][ T6548] __submit_merged_bio+0x254/0x704 [ 36.295766][ T6548] __submit_merged_write_cond+0x23c/0x4ac [ 36.295771][ T6548] f2fs_write_data_pages+0x1d28/0x2634 [ 36.295777][ T6548] do_writepages+0x270/0x468 [ 36.295785][ T6548] filemap_fdatawrite+0x14c/0x1f4 [ 36.295791][ T6548] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 36.295796][ T6548] f2fs_write_checkpoint+0x690/0x16a0 [ 36.295801][ T6548] kill_f2fs_super+0x21c/0x584 [ 36.295807][ T6548] deactivate_locked_super+0xc4/0x12c [ 36.295814][ T6548] deactivate_super+0xe0/0x100 [ 36.295821][ T6548] cleanup_mnt+0x31c/0x3ac [ 36.295826][ T6548] __cleanup_mnt+0x20/0x30 [ 36.295830][ T6548] task_work_run+0x1dc/0x260 [ 36.295836][ T6548] do_notify_resume+0x174/0x1f4 [ 36.295843][ T6548] el0_svc+0xb8/0x180 [ 36.295849][ T6548] el0t_64_sync_handler+0x84/0x12c [ 36.295855][ T6548] el0t_64_sync+0x198/0x19c [ 36.295880][ T6548] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 36.377628][ T6729] loop2: detected capacity change from 0 to 1024 [ 36.381287][ T6729] ======================================================= [ 36.381287][ T6729] WARNING: The mand mount option has been deprecated and [ 36.381287][ T6729] and is ignored by this kernel. Remove the mand [ 36.381287][ T6729] option from the mount to silence this warning. [ 36.381287][ T6729] ======================================================= [ 36.419061][ T6729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 36.441637][ T6734] loop3: detected capacity change from 0 to 1024 [ 36.446339][ T6729] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 36.450367][ T6729] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 36.450386][ T6729] EXT4-fs (loop2): This should not happen!! Data will be lost [ 36.450386][ T6729] [ 36.450393][ T6729] EXT4-fs (loop2): Total free blocks count 0 [ 36.450400][ T6729] EXT4-fs (loop2): Free/Dirty block details [ 36.450410][ T6729] EXT4-fs (loop2): free_blocks=4293918720 [ 36.450420][ T6729] EXT4-fs (loop2): dirty_blocks=16 [ 36.450426][ T6729] EXT4-fs (loop2): Block reservation details [ 36.450431][ T6729] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 36.480598][ T6734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 36.484388][ T6734] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 4: comm syz.3.12: lblock 4 mapped to illegal pblock 4 (length 1) [ 36.488239][ T6734] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 117 [ 36.488287][ T6734] EXT4-fs (loop3): This should not happen!! Data will be lost [ 36.488287][ T6734] [ 36.491845][ T6734] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.12: lblock 4 mapped to illegal pblock 4 (length 1) [ 36.499200][ T6729] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.13: Freeing blocks not in datazone - block = 0, count = 16 [ 36.516373][ T6649] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 36.520958][ T6548] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 36.574144][ T6740] loop2: detected capacity change from 0 to 2048 [ 36.586745][ T6740] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 36.617727][ T6743] syz.3.14 uses obsolete (PF_INET,SOCK_PACKET) [ 36.628136][ T6742] loop2: detected capacity change from 0 to 1024 [ 36.628500][ T6742] EXT4-fs: Ignoring removed oldalloc option [ 36.628786][ T6742] EXT4-fs: Ignoring removed bh option [ 36.655101][ T6742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.801590][ T6724] syzkaller0: entered promiscuous mode [ 36.802982][ T6724] syzkaller0: entered allmulticast mode [ 37.091257][ T6753] loop1: detected capacity change from 0 to 40427 [ 37.113411][ T6753] F2FS-fs (loop1): invalid crc value [ 37.142624][ T6753] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 37.142952][ T6753] F2FS-fs (loop1): Start checkpoint disabled! [ 37.152707][ T6753] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 37.164971][ T6753] syz.1.18: attempt to access beyond end of device [ 37.164971][ T6753] loop1: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 37.175618][ T15] kworker/u8:1: attempt to access beyond end of device [ 37.175618][ T15] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 37.175903][ T15] CPU: 1 UID: 0 PID: 15 Comm: kworker/u8:1 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 37.175916][ T15] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 37.175921][ T15] Workqueue: writeback wb_workfn (flush-7:1) [ 37.175940][ T15] Call trace: [ 37.175942][ T15] show_stack+0x2c/0x3c (C) [ 37.175954][ T15] __dump_stack+0x30/0x40 [ 37.175962][ T15] dump_stack_lvl+0xd8/0x12c [ 37.175967][ T15] dump_stack+0x1c/0x28 [ 37.175973][ T15] f2fs_handle_critical_error+0x34c/0x4b8 [ 37.175980][ T15] f2fs_stop_checkpoint+0x5c/0x70 [ 37.175990][ T15] f2fs_write_end_io+0x768/0xa70 [ 37.175998][ T15] bio_endio+0x804/0x840 [ 37.176007][ T15] submit_bio_noacct+0x158/0x176c [ 37.176012][ T15] submit_bio+0x3b4/0x550 [ 37.176017][ T15] f2fs_submit_write_bio+0x13c/0x324 [ 37.176023][ T15] __submit_merged_bio+0x254/0x704 [ 37.176028][ T15] __submit_merged_write_cond+0x23c/0x4ac [ 37.176034][ T15] f2fs_write_data_pages+0x1d28/0x2634 [ 37.176040][ T15] do_writepages+0x270/0x468 [ 37.176047][ T15] __writeback_single_inode+0x15c/0x13e8 [ 37.176053][ T15] writeback_sb_inodes+0x55c/0xe40 [ 37.176060][ T15] wb_writeback+0x3cc/0xd70 [ 37.176065][ T15] wb_workfn+0x338/0xdc0 [ 37.176071][ T15] process_one_work+0x7e8/0x155c [ 37.176076][ T15] worker_thread+0x958/0xed8 [ 37.176081][ T15] kthread+0x5fc/0x75c [ 37.176088][ T15] ret_from_fork+0x10/0x20 [ 37.176118][ T15] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 37.580571][ T6759] loop1: detected capacity change from 0 to 32768 [ 37.632991][ T6759] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 37.703725][ T6770] loop3: detected capacity change from 0 to 32768 [ 37.712587][ T4826] (kworker/u8:6,4826,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2 [ 37.772207][ T6555] Bluetooth: hci1: command tx timeout [ 37.773392][ T6555] Bluetooth: hci0: command tx timeout [ 37.773428][ T6555] Bluetooth: hci4: command tx timeout [ 37.773447][ T6555] Bluetooth: hci3: command tx timeout [ 37.776695][ T6124] Bluetooth: hci2: command tx timeout [ 37.882363][ T6547] ocfs2: Unmounting device (7,1) on (node local) [ 37.895364][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.962954][ T6770] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 37.983754][ T6770] XFS (loop3): Ending clean mount [ 37.995089][ T6770] XFS (loop3): Quotacheck needed: Please wait. [ 37.997633][ T6788] loop2: detected capacity change from 0 to 1024 [ 38.019180][ T6788] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 38.021688][ T6770] XFS (loop3): Quotacheck: Done. [ 38.031965][ T6788] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 4: comm syz.2.25: lblock 4 mapped to illegal pblock 4 (length 1) [ 38.037915][ T6788] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 117 [ 38.037961][ T6788] EXT4-fs (loop2): This should not happen!! Data will be lost [ 38.037961][ T6788] [ 38.038600][ T6788] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 4: comm syz.2.25: lblock 4 mapped to illegal pblock 4 (length 1) [ 38.068047][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 38.078281][ T6548] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 38.159352][ T6786] loop1: detected capacity change from 0 to 40427 [ 38.163728][ T6786] F2FS-fs (loop1): build fault injection rate: 771 [ 38.164473][ T6786] F2FS-fs (loop1): invalid crc value [ 38.177619][ T6795] loop2: detected capacity change from 0 to 2048 [ 38.186283][ T6795] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 38.195845][ T6786] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 38.198699][ T6786] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 38.224898][ T6800] syzkaller0: entered promiscuous mode [ 38.226028][ T6800] syzkaller0: entered allmulticast mode [ 38.231018][ T6800] tipc: Started in network mode [ 38.232058][ T6800] tipc: Node identity , cluster identity 4711 [ 38.233399][ T6800] tipc: Failed to obtain node identity [ 38.234555][ T6800] tipc: Enabling of bearer rejected, failed to enable media [ 38.278599][ T6547] syz-executor: attempt to access beyond end of device [ 38.278599][ T6547] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 38.280322][ T6547] CPU: 0 UID: 0 PID: 6547 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 38.280351][ T6547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 38.280358][ T6547] Call trace: [ 38.280361][ T6547] show_stack+0x2c/0x3c (C) [ 38.280377][ T6547] __dump_stack+0x30/0x40 [ 38.280386][ T6547] dump_stack_lvl+0xd8/0x12c [ 38.280392][ T6547] dump_stack+0x1c/0x28 [ 38.280397][ T6547] f2fs_handle_critical_error+0x34c/0x4b8 [ 38.280405][ T6547] f2fs_stop_checkpoint+0x5c/0x70 [ 38.280412][ T6547] f2fs_write_end_io+0x768/0xa70 [ 38.280418][ T6547] bio_endio+0x804/0x840 [ 38.280425][ T6547] submit_bio_noacct+0x158/0x176c [ 38.280430][ T6547] submit_bio+0x3b4/0x550 [ 38.280434][ T6547] f2fs_submit_write_bio+0x13c/0x324 [ 38.280440][ T6547] __submit_merged_bio+0x254/0x704 [ 38.280445][ T6547] __submit_merged_write_cond+0x23c/0x4ac [ 38.280451][ T6547] f2fs_write_data_pages+0x1d28/0x2634 [ 38.280457][ T6547] do_writepages+0x270/0x468 [ 38.280464][ T6547] filemap_fdatawrite+0x14c/0x1f4 [ 38.280471][ T6547] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 38.280475][ T6547] f2fs_write_checkpoint+0x690/0x16a0 [ 38.280480][ T6547] kill_f2fs_super+0x21c/0x584 [ 38.280486][ T6547] deactivate_locked_super+0xc4/0x12c [ 38.280493][ T6547] deactivate_super+0xe0/0x100 [ 38.280500][ T6547] cleanup_mnt+0x31c/0x3ac [ 38.280505][ T6547] __cleanup_mnt+0x20/0x30 [ 38.280509][ T6547] task_work_run+0x1dc/0x260 [ 38.280516][ T6547] do_notify_resume+0x174/0x1f4 [ 38.280522][ T6547] el0_svc+0xb8/0x180 [ 38.280528][ T6547] el0t_64_sync_handler+0x84/0x12c [ 38.280534][ T6547] el0t_64_sync+0x198/0x19c [ 38.280542][ T6547] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 38.437137][ T6814] loop0: detected capacity change from 0 to 4096 [ 38.438800][ T6814] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.444224][ T6814] EXT4-fs (loop0): Test dummy encryption mode enabled [ 38.466635][ T6814] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.492170][ T6816] netlink: 84 bytes leftover after parsing attributes in process `syz.1.31'. [ 38.506312][ T6809] loop4: detected capacity change from 0 to 32768 [ 38.524780][ T6823] loop1: detected capacity change from 0 to 2048 [ 38.535807][ T6823] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 38.535907][ T6823] UDF-fs: Scanning with blocksize 512 failed [ 38.548427][ T6823] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 38.552796][ T6809] JBD2: Ignoring recovery information on journal [ 38.572472][ T6809] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 38.628462][ T6830] loop1: detected capacity change from 0 to 16 [ 38.641186][ T6830] erofs (device loop1): mounted with root inode @ nid 36. [ 38.730892][ T6809] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = [ 38.730961][ T6809] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 38.730980][ T6809] OCFS2: File system is now read-only. [ 38.730990][ T6809] (syz.4.33,6809,1):ocfs2_assign_bh:2417 ERROR: status = -30 [ 38.731006][ T6809] (syz.4.33,6809,1):ocfs2_inode_lock_full_nested:2512 ERROR: status = -30 [ 38.731021][ T6809] (syz.4.33,6809,1):ocfs2_fiemap:761 ERROR: status = -30 [ 38.750072][ T6549] ocfs2: Unmounting device (7,4) on (node local) [ 39.237521][ T6839] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 39.266859][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.287445][ T6843] loop4: detected capacity change from 0 to 2048 [ 39.300725][ T6843] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 39.322876][ T6848] loop2: detected capacity change from 0 to 2048 [ 39.327190][ T6848] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 39.399668][ T6845] loop0: detected capacity change from 0 to 40427 [ 39.402931][ T6845] F2FS-fs (loop0): build fault injection rate: 771 [ 39.405847][ T6845] F2FS-fs (loop0): invalid crc value [ 39.421744][ T6845] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 39.424189][ T6845] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 39.638759][ T6550] syz-executor: attempt to access beyond end of device [ 39.638759][ T6550] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 39.638816][ T6550] CPU: 0 UID: 0 PID: 6550 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 39.638828][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 39.638834][ T6550] Call trace: [ 39.638838][ T6550] show_stack+0x2c/0x3c (C) [ 39.638852][ T6550] __dump_stack+0x30/0x40 [ 39.638858][ T6550] dump_stack_lvl+0xd8/0x12c [ 39.638864][ T6550] dump_stack+0x1c/0x28 [ 39.638869][ T6550] f2fs_handle_critical_error+0x34c/0x4b8 [ 39.638877][ T6550] f2fs_stop_checkpoint+0x5c/0x70 [ 39.638884][ T6550] f2fs_write_end_io+0x768/0xa70 [ 39.638891][ T6550] bio_endio+0x804/0x840 [ 39.638898][ T6550] submit_bio_noacct+0x158/0x176c [ 39.638903][ T6550] submit_bio+0x3b4/0x550 [ 39.638908][ T6550] f2fs_submit_write_bio+0x13c/0x324 [ 39.638914][ T6550] __submit_merged_bio+0x254/0x704 [ 39.638919][ T6550] __submit_merged_write_cond+0x23c/0x4ac [ 39.638925][ T6550] f2fs_write_data_pages+0x1d28/0x2634 [ 39.638931][ T6550] do_writepages+0x270/0x468 [ 39.638939][ T6550] filemap_fdatawrite+0x14c/0x1f4 [ 39.638947][ T6550] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 39.638952][ T6550] f2fs_write_checkpoint+0x690/0x16a0 [ 39.638957][ T6550] kill_f2fs_super+0x21c/0x584 [ 39.638963][ T6550] deactivate_locked_super+0xc4/0x12c [ 39.638971][ T6550] deactivate_super+0xe0/0x100 [ 39.638978][ T6550] cleanup_mnt+0x31c/0x3ac [ 39.638983][ T6550] __cleanup_mnt+0x20/0x30 [ 39.638988][ T6550] task_work_run+0x1dc/0x260 [ 39.638994][ T6550] do_notify_resume+0x174/0x1f4 [ 39.639001][ T6550] el0_svc+0xb8/0x180 [ 39.639008][ T6550] el0t_64_sync_handler+0x84/0x12c [ 39.639013][ T6550] el0t_64_sync+0x198/0x19c [ 39.662234][ T6550] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 39.742547][ T6863] loop2: detected capacity change from 0 to 32768 [ 39.746387][ T6863] XFS: noikeep mount option is deprecated. [ 39.829100][ T6863] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 39.850175][ T52] Bluetooth: hci3: command tx timeout [ 39.851222][ T52] Bluetooth: hci4: command tx timeout [ 39.852108][ T52] Bluetooth: hci0: command tx timeout [ 39.853564][ T52] Bluetooth: hci1: command tx timeout [ 39.854674][ T6124] Bluetooth: hci2: command tx timeout [ 39.866450][ T6863] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 39.885921][ T6863] XFS (loop2): Starting recovery (logdev: internal) [ 39.902206][ T6863] XFS (loop2): Ending recovery (logdev: internal) [ 39.934930][ T6557] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 40.078622][ T6882] syzkaller0: entered promiscuous mode [ 40.082716][ T6882] syzkaller0: entered allmulticast mode [ 40.089942][ T6882] tipc: Started in network mode [ 40.089968][ T6882] tipc: Node identity , cluster identity 4711 [ 40.089992][ T6882] tipc: Failed to obtain node identity [ 40.092783][ T6882] tipc: Enabling of bearer rejected, failed to enable media [ 40.204649][ T6884] loop0: detected capacity change from 0 to 32768 [ 40.213268][ T6884] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 40.225535][ T6884] XFS (loop0): Ending clean mount [ 40.229094][ T6884] XFS (loop0): Quotacheck needed: Please wait. [ 40.251076][ T6884] XFS (loop0): Quotacheck: Done. [ 40.262500][ T6901] loop4: detected capacity change from 0 to 2048 [ 40.272246][ T6901] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 40.287626][ T6550] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 40.353554][ T6905] loop4: detected capacity change from 0 to 256 [ 40.354280][ T6905] vfat: Unknown parameter 'uoi_xlate' [ 40.731830][ T6918] loop1: detected capacity change from 0 to 256 [ 40.747387][ T6918] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.815402][ T6916] loop0: detected capacity change from 0 to 40427 [ 40.821057][ T6916] F2FS-fs (loop0): build fault injection rate: 771 [ 40.821730][ T6916] F2FS-fs (loop0): invalid crc value [ 40.848958][ T6916] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 40.853288][ T6916] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 40.885845][ T6550] syz-executor: attempt to access beyond end of device [ 40.885845][ T6550] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 40.885907][ T6550] CPU: 0 UID: 0 PID: 6550 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 40.885917][ T6550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 40.885922][ T6550] Call trace: [ 40.885924][ T6550] show_stack+0x2c/0x3c (C) [ 40.885938][ T6550] __dump_stack+0x30/0x40 [ 40.885944][ T6550] dump_stack_lvl+0xd8/0x12c [ 40.885949][ T6550] dump_stack+0x1c/0x28 [ 40.885954][ T6550] f2fs_handle_critical_error+0x34c/0x4b8 [ 40.885961][ T6550] f2fs_stop_checkpoint+0x5c/0x70 [ 40.885968][ T6550] f2fs_write_end_io+0x768/0xa70 [ 40.885975][ T6550] bio_endio+0x804/0x840 [ 40.885982][ T6550] submit_bio_noacct+0x158/0x176c [ 40.885987][ T6550] submit_bio+0x3b4/0x550 [ 40.885992][ T6550] f2fs_submit_write_bio+0x13c/0x324 [ 40.885998][ T6550] __submit_merged_bio+0x254/0x704 [ 40.886004][ T6550] __submit_merged_write_cond+0x23c/0x4ac [ 40.886009][ T6550] f2fs_write_data_pages+0x1d28/0x2634 [ 40.886016][ T6550] do_writepages+0x270/0x468 [ 40.886023][ T6550] filemap_fdatawrite+0x14c/0x1f4 [ 40.886030][ T6550] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 40.886035][ T6550] f2fs_write_checkpoint+0x690/0x16a0 [ 40.886040][ T6550] kill_f2fs_super+0x21c/0x584 [ 40.886046][ T6550] deactivate_locked_super+0xc4/0x12c [ 40.886054][ T6550] deactivate_super+0xe0/0x100 [ 40.886061][ T6550] cleanup_mnt+0x31c/0x3ac [ 40.886066][ T6550] __cleanup_mnt+0x20/0x30 [ 40.886071][ T6550] task_work_run+0x1dc/0x260 [ 40.886077][ T6550] do_notify_resume+0x174/0x1f4 [ 40.886084][ T6550] el0_svc+0xb8/0x180 [ 40.886091][ T6550] el0t_64_sync_handler+0x84/0x12c [ 40.886096][ T6550] el0t_64_sync+0x198/0x19c [ 40.886384][ T6550] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 41.267626][ T6938] loop2: detected capacity change from 0 to 512 [ 41.274810][ T6938] EXT4-fs (loop2): Test dummy encryption mode enabled [ 41.325666][ T6938] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 41.327768][ T6938] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 41.330289][ T6940] loop4: detected capacity change from 0 to 2048 [ 41.339166][ T6938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.345533][ T6940] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 41.417858][ T6945] loop4: detected capacity change from 0 to 1024 [ 41.433689][ T6945] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 41.436167][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.438216][ T6945] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: block 4: comm syz.4.71: lblock 4 mapped to illegal pblock 4 (length 1) [ 41.446000][ T6945] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 117 [ 41.446065][ T6945] EXT4-fs (loop4): This should not happen!! Data will be lost [ 41.446065][ T6945] [ 41.447071][ T6945] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 4: comm syz.4.71: lblock 4 mapped to illegal pblock 4 (length 1) [ 41.473782][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 41.657008][ T6959] loop2: detected capacity change from 0 to 128 [ 41.678645][ T6959] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 41.698125][ T6964] loop4: detected capacity change from 0 to 1024 [ 41.698501][ T6964] EXT4-fs: Ignoring removed oldalloc option [ 41.698512][ T6964] EXT4-fs: Ignoring removed bh option [ 41.713633][ T6557] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.721369][ T6964] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.863557][ T6973] loop0: detected capacity change from 0 to 16 [ 41.869433][ T6973] erofs (device loop0): mounted with root inode @ nid 36. [ 41.888637][ T6968] loop1: detected capacity change from 0 to 32768 [ 41.940296][ T6124] Bluetooth: hci2: command tx timeout [ 41.940335][ T6124] Bluetooth: hci1: command tx timeout [ 41.940364][ T6124] Bluetooth: hci0: command tx timeout [ 41.940382][ T6124] Bluetooth: hci4: command tx timeout [ 41.940398][ T6124] Bluetooth: hci3: command tx timeout [ 42.241586][ T6968] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names [ 42.246200][ T6968] allowing incompatible features above 0.0: (unknown version) [ 42.247977][ T6968] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 42.251831][ T6968] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 42.253483][ T6968] bcachefs (loop1): initializing new filesystem [ 42.257277][ T6968] bcachefs (loop1): going read-write [ 42.285752][ T6993] loop3: detected capacity change from 0 to 256 [ 42.287578][ T6987] syzkaller0: entered promiscuous mode [ 42.287610][ T6987] syzkaller0: entered allmulticast mode [ 42.291064][ T6968] bcachefs (loop1): marking superblocks [ 42.304923][ T6968] bcachefs (loop1): initializing freespace [ 42.309444][ T6968] bcachefs (loop1): done initializing freespace [ 42.313494][ T6968] bcachefs (loop1): reading snapshots table [ 42.314923][ T6968] bcachefs (loop1): reading snapshots done [ 42.316220][ T6993] FAT-fs (loop3): Directory bread(block 64) failed [ 42.316255][ T6993] FAT-fs (loop3): Directory bread(block 65) failed [ 42.316280][ T6993] FAT-fs (loop3): Directory bread(block 66) failed [ 42.316292][ T6993] FAT-fs (loop3): Directory bread(block 67) failed [ 42.316311][ T6993] FAT-fs (loop3): Directory bread(block 68) failed [ 42.316322][ T6993] FAT-fs (loop3): Directory bread(block 69) failed [ 42.316340][ T6993] FAT-fs (loop3): Directory bread(block 70) failed [ 42.316350][ T6993] FAT-fs (loop3): Directory bread(block 71) failed [ 42.316369][ T6993] FAT-fs (loop3): Directory bread(block 72) failed [ 42.316378][ T6993] FAT-fs (loop3): Directory bread(block 73) failed [ 42.345513][ T6968] bcachefs (loop1): done starting filesystem [ 42.353036][ T6968] bcachefs (loop1): going read-only [ 42.354597][ T6968] bcachefs (loop1): finished waiting for writes to stop [ 42.394347][ T6968] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2 [ 42.421651][ T6968] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 2 [ 42.431060][ T6968] bcachefs (loop1): clean shutdown complete, journal seq 3 [ 42.435965][ T6968] bcachefs (loop1): marking filesystem clean [ 42.439053][ T6995] loop3: detected capacity change from 0 to 2048 [ 42.454175][ T6995] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 42.459109][ T6996] bcachefs (loop1): going read-write [ 42.511242][ T6547] bcachefs (loop1): shutting down [ 42.511270][ T6547] bcachefs (loop1): going read-only [ 42.511287][ T6547] bcachefs (loop1): finished waiting for writes to stop [ 42.538331][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.541965][ T6547] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 42.542086][ T6547] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3 [ 42.544369][ T6547] bcachefs (loop1): clean shutdown complete, journal seq 4 [ 42.544726][ T6547] bcachefs (loop1): marking filesystem clean [ 42.586968][ T6547] bcachefs (loop1): shutdown complete [ 42.715444][ T7007] netlink: 84 bytes leftover after parsing attributes in process `syz.4.87'. [ 42.976495][ T7015] tipc: Started in network mode [ 42.977532][ T7015] tipc: Node identity 2a03b7b88a32, cluster identity 4711 [ 42.979379][ T7015] tipc: Enabled bearer , priority 0 [ 43.015065][ T7012] tipc: Resetting bearer [ 43.047331][ T7010] tipc: Disabling bearer [ 43.246938][ T7025] usb usb8: usbfs: process 7025 (syz.2.90) did not claim interface 0 before use [ 43.422338][ T7027] loop0: detected capacity change from 0 to 2048 [ 43.425806][ T7027] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 43.574424][ T7031] loop0: detected capacity change from 0 to 40427 [ 43.577194][ T7031] F2FS-fs (loop0): invalid crc value [ 43.591920][ T7031] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 43.592122][ T7031] F2FS-fs (loop0): Start checkpoint disabled! [ 43.592688][ T7031] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 43.596833][ T7031] F2FS-fs (loop0): Stopped filesystem due to reason: 0 [ 43.805138][ T7042] loop0: detected capacity change from 0 to 1024 [ 43.807239][ T7042] EXT4-fs: Ignoring removed oldalloc option [ 43.808375][ T7042] EXT4-fs: Ignoring removed bh option [ 43.832030][ T7042] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.893708][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.977670][ T7049] loop0: detected capacity change from 0 to 4096 [ 44.049051][ T7049] ntfs3(loop0): Failed to initialize $Extend/$ObjId. [ 44.351776][ T7053] loop0: detected capacity change from 0 to 256 [ 44.360090][ T7053] vfat: Unknown parameter 'uoi_xlate' [ 44.408764][ T7057] loop3: detected capacity change from 0 to 64 [ 45.138087][ T7071] loop2: detected capacity change from 0 to 4096 [ 45.142610][ T7071] EXT4-fs: Ignoring removed mblk_io_submit option [ 45.204422][ T7071] EXT4-fs (loop2): Test dummy encryption mode enabled [ 45.207636][ T7071] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.500919][ T7084] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-ce" [ 46.142537][ T7092] syzkaller0: entered promiscuous mode [ 46.142572][ T7092] syzkaller0: entered allmulticast mode [ 46.254808][ T7093] usb usb8: usbfs: process 7093 (syz.1.108) did not claim interface 0 before use [ 46.445402][ T7092] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 46.460837][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.645342][ T7105] loop3: detected capacity change from 0 to 16 [ 46.652643][ T7105] erofs (device loop3): mounted with root inode @ nid 36. [ 48.199824][ T7138] syzkaller0: entered promiscuous mode [ 48.199852][ T7138] syzkaller0: entered allmulticast mode [ 48.205776][ T7138] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 48.238006][ T7114] loop2: detected capacity change from 0 to 40427 [ 48.243463][ T7114] F2FS-fs (loop2): build fault injection rate: 771 [ 48.246392][ T7114] F2FS-fs (loop2): invalid crc value [ 48.262675][ T7114] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 48.264057][ T7114] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 48.833565][ T7165] netlink: 12 bytes leftover after parsing attributes in process `syz.4.132'. [ 48.981738][ T7180] Zero length message leads to an empty skb [ 48.993989][ T7165] netlink: 'syz.4.132': attribute type 178 has an invalid length. [ 49.457099][ T7184] loop1: detected capacity change from 0 to 40427 [ 49.462158][ T7184] F2FS-fs (loop1): build fault injection rate: 771 [ 49.464482][ T7184] F2FS-fs (loop1): invalid crc value [ 49.489057][ T7184] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 49.491145][ T7184] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 49.594425][ T7194] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 49.594451][ T7194] IPv6: NLM_F_CREATE should be set when creating new route [ 49.601191][ T11] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 49.749581][ T11] usb 1-1: Using ep0 maxpacket: 16 [ 49.752889][ T7200] loop3: detected capacity change from 0 to 40427 [ 49.754061][ T11] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 49.756777][ T11] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 49.758608][ T7200] F2FS-fs (loop3): invalid crc value [ 49.763936][ T11] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 49.765597][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.767258][ T11] usb 1-1: Product: syz [ 49.772648][ T11] usb 1-1: Manufacturer: syz [ 49.772675][ T11] usb 1-1: SerialNumber: syz [ 49.783318][ T7200] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 49.789204][ T7200] F2FS-fs (loop3): Start checkpoint disabled! [ 49.792784][ T7200] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 49.844502][ T7179] kworker/u8:8: attempt to access beyond end of device [ 49.844502][ T7179] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 49.844555][ T7179] CPU: 1 UID: 0 PID: 7179 Comm: kworker/u8:8 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 49.844572][ T7179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 49.844578][ T7179] Workqueue: writeback wb_workfn (flush-7:3) [ 49.844595][ T7179] Call trace: [ 49.844598][ T7179] show_stack+0x2c/0x3c (C) [ 49.844608][ T7179] __dump_stack+0x30/0x40 [ 49.844614][ T7179] dump_stack_lvl+0xd8/0x12c [ 49.844619][ T7179] dump_stack+0x1c/0x28 [ 49.844624][ T7179] f2fs_handle_critical_error+0x34c/0x4b8 [ 49.844631][ T7179] f2fs_stop_checkpoint+0x5c/0x70 [ 49.844638][ T7179] f2fs_write_end_io+0x768/0xa70 [ 49.844644][ T7179] bio_endio+0x804/0x840 [ 49.844651][ T7179] submit_bio_noacct+0x158/0x176c [ 49.844656][ T7179] submit_bio+0x3b4/0x550 [ 49.844660][ T7179] f2fs_submit_write_bio+0x13c/0x324 [ 49.844666][ T7179] __submit_merged_bio+0x254/0x704 [ 49.844672][ T7179] __submit_merged_write_cond+0x23c/0x4ac [ 49.844677][ T7179] f2fs_write_data_pages+0x1d28/0x2634 [ 49.844683][ T7179] do_writepages+0x270/0x468 [ 49.844690][ T7179] __writeback_single_inode+0x15c/0x13e8 [ 49.844697][ T7179] writeback_sb_inodes+0x55c/0xe40 [ 49.844703][ T7179] wb_writeback+0x3cc/0xd70 [ 49.844709][ T7179] wb_workfn+0x338/0xdc0 [ 49.844715][ T7179] process_one_work+0x7e8/0x155c [ 49.844720][ T7179] worker_thread+0x958/0xed8 [ 49.844725][ T7179] kthread+0x5fc/0x75c [ 49.844731][ T7179] ret_from_fork+0x10/0x20 [ 49.846019][ T7179] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 50.138471][ T11] usb 1-1: 0:2 : does not exist [ 50.142287][ T11] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 50.163315][ T11] usb 1-1: USB disconnect, device number 2 [ 50.184282][ T6567] udevd[6567]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 50.378639][ T7231] netlink: 4 bytes leftover after parsing attributes in process `syz.3.153'. [ 50.392734][ T7220] loop1: detected capacity change from 0 to 40427 [ 50.394631][ T7220] F2FS-fs (loop1): build fault injection rate: 771 [ 50.395694][ T7220] F2FS-fs (loop1): invalid crc value [ 50.418172][ T7220] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 50.420401][ T7220] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 50.592657][ T7240] syzkaller0: entered promiscuous mode [ 50.592687][ T7240] syzkaller0: entered allmulticast mode [ 50.597131][ T7240] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 50.987223][ T7242] loop2: detected capacity change from 0 to 40427 [ 50.994451][ T7242] F2FS-fs (loop2): invalid crc value [ 51.011274][ T7242] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 51.016639][ T7242] F2FS-fs (loop2): Start checkpoint disabled! [ 51.020627][ T7242] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 51.060298][ T1958] kworker/u8:5: attempt to access beyond end of device [ 51.060298][ T1958] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 51.060359][ T1958] CPU: 1 UID: 0 PID: 1958 Comm: kworker/u8:5 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 51.060371][ T1958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 51.060376][ T1958] Workqueue: writeback wb_workfn (flush-7:2) [ 51.060394][ T1958] Call trace: [ 51.060397][ T1958] show_stack+0x2c/0x3c (C) [ 51.060408][ T1958] __dump_stack+0x30/0x40 [ 51.060414][ T1958] dump_stack_lvl+0xd8/0x12c [ 51.060418][ T1958] dump_stack+0x1c/0x28 [ 51.060423][ T1958] f2fs_handle_critical_error+0x34c/0x4b8 [ 51.060430][ T1958] f2fs_stop_checkpoint+0x5c/0x70 [ 51.060438][ T1958] f2fs_write_end_io+0x768/0xa70 [ 51.060444][ T1958] bio_endio+0x804/0x840 [ 51.060451][ T1958] submit_bio_noacct+0x158/0x176c [ 51.060456][ T1958] submit_bio+0x3b4/0x550 [ 51.060460][ T1958] f2fs_submit_write_bio+0x13c/0x324 [ 51.060466][ T1958] __submit_merged_bio+0x254/0x704 [ 51.060471][ T1958] __submit_merged_write_cond+0x23c/0x4ac [ 51.060477][ T1958] f2fs_write_data_pages+0x1d28/0x2634 [ 51.060483][ T1958] do_writepages+0x270/0x468 [ 51.060490][ T1958] __writeback_single_inode+0x15c/0x13e8 [ 51.060497][ T1958] writeback_sb_inodes+0x55c/0xe40 [ 51.060503][ T1958] wb_writeback+0x3cc/0xd70 [ 51.060509][ T1958] wb_workfn+0x338/0xdc0 [ 51.060514][ T1958] process_one_work+0x7e8/0x155c [ 51.060519][ T1958] worker_thread+0x958/0xed8 [ 51.060524][ T1958] kthread+0x5fc/0x75c [ 51.060530][ T1958] ret_from_fork+0x10/0x20 [ 51.060538][ T1958] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 51.224100][ T7269] tipc: Started in network mode [ 51.225361][ T7269] tipc: Node identity , cluster identity 4711 [ 51.226479][ T7269] tipc: Failed to obtain node identity [ 51.227432][ T7269] tipc: Enabling of bearer rejected, failed to enable media [ 51.234069][ T7267] loop4: detected capacity change from 0 to 2048 [ 51.238663][ T7267] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 51.329293][ T7275] loop2: detected capacity change from 0 to 16 [ 51.338184][ T7275] erofs (device loop2): mounted with root inode @ nid 36. [ 51.702593][ T7284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.705078][ T7284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.897034][ T7288] loop0: detected capacity change from 0 to 40427 [ 51.902862][ T7288] F2FS-fs (loop0): invalid crc value [ 52.053518][ T7288] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 52.056949][ T7288] F2FS-fs (loop0): Start checkpoint disabled! [ 52.062584][ T7288] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 52.069452][ T7288] syz.0.173: attempt to access beyond end of device [ 52.069452][ T7288] loop0: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 52.083746][ T15] kworker/u8:1: attempt to access beyond end of device [ 52.083746][ T15] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 52.085104][ T15] CPU: 0 UID: 0 PID: 15 Comm: kworker/u8:1 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 52.085120][ T15] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 52.085126][ T15] Workqueue: writeback wb_workfn (flush-7:0) [ 52.085148][ T15] Call trace: [ 52.085152][ T15] show_stack+0x2c/0x3c (C) [ 52.085165][ T15] __dump_stack+0x30/0x40 [ 52.085172][ T15] dump_stack_lvl+0xd8/0x12c [ 52.085178][ T15] dump_stack+0x1c/0x28 [ 52.085183][ T15] f2fs_handle_critical_error+0x34c/0x4b8 [ 52.085191][ T15] f2fs_stop_checkpoint+0x5c/0x70 [ 52.085198][ T15] f2fs_write_end_io+0x768/0xa70 [ 52.085205][ T15] bio_endio+0x804/0x840 [ 52.085212][ T15] submit_bio_noacct+0x158/0x176c [ 52.085217][ T15] submit_bio+0x3b4/0x550 [ 52.085222][ T15] f2fs_submit_write_bio+0x13c/0x324 [ 52.085227][ T15] __submit_merged_bio+0x254/0x704 [ 52.085233][ T15] __submit_merged_write_cond+0x23c/0x4ac [ 52.085239][ T15] f2fs_write_data_pages+0x1d28/0x2634 [ 52.085245][ T15] do_writepages+0x270/0x468 [ 52.085252][ T15] __writeback_single_inode+0x15c/0x13e8 [ 52.085259][ T15] writeback_sb_inodes+0x55c/0xe40 [ 52.085265][ T15] wb_writeback+0x3cc/0xd70 [ 52.085275][ T15] wb_workfn+0x338/0xdc0 [ 52.085282][ T15] process_one_work+0x7e8/0x155c [ 52.085288][ T15] worker_thread+0x958/0xed8 [ 52.085294][ T15] kthread+0x5fc/0x75c [ 52.085300][ T15] ret_from_fork+0x10/0x20 [ 52.085898][ T15] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 52.164269][ T7300] loop4: detected capacity change from 0 to 2048 [ 52.185142][ T7300] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 52.433927][ T7314] loop0: detected capacity change from 0 to 1024 [ 52.530878][ T7314] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 52.576938][ T1958] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm kworker/u8:5: lblock 0 mapped to illegal pblock 0 (length 1) [ 52.583594][ T1958] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 52.583965][ T1958] EXT4-fs (loop0): This should not happen!! Data will be lost [ 52.583965][ T1958] [ 52.586345][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 53.076899][ T7336] loop1: detected capacity change from 0 to 40427 [ 53.098291][ T7336] F2FS-fs (loop1): invalid crc value [ 53.122170][ T7341] loop4: detected capacity change from 0 to 16 [ 53.125055][ T7336] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 53.125618][ T7336] F2FS-fs (loop1): Start checkpoint disabled! [ 53.125873][ T7341] erofs (device loop4): mounted with root inode @ nid 36. [ 53.130304][ T7336] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 53.141407][ T7336] syz.1.188: attempt to access beyond end of device [ 53.141407][ T7336] loop1: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 53.235043][ T1958] kworker/u8:5: attempt to access beyond end of device [ 53.235043][ T1958] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 53.235146][ T1958] CPU: 0 UID: 0 PID: 1958 Comm: kworker/u8:5 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 53.235168][ T1958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 53.235177][ T1958] Workqueue: writeback wb_workfn (flush-7:1) [ 53.235195][ T1958] Call trace: [ 53.235198][ T1958] show_stack+0x2c/0x3c (C) [ 53.235209][ T1958] __dump_stack+0x30/0x40 [ 53.235217][ T1958] dump_stack_lvl+0xd8/0x12c [ 53.235223][ T1958] dump_stack+0x1c/0x28 [ 53.235228][ T1958] f2fs_handle_critical_error+0x34c/0x4b8 [ 53.235237][ T1958] f2fs_stop_checkpoint+0x5c/0x70 [ 53.235244][ T1958] f2fs_write_end_io+0x768/0xa70 [ 53.235250][ T1958] bio_endio+0x804/0x840 [ 53.235257][ T1958] submit_bio_noacct+0x158/0x176c [ 53.235262][ T1958] submit_bio+0x3b4/0x550 [ 53.235267][ T1958] f2fs_submit_write_bio+0x13c/0x324 [ 53.235275][ T1958] __submit_merged_bio+0x254/0x704 [ 53.235281][ T1958] __submit_merged_write_cond+0x23c/0x4ac [ 53.235287][ T1958] f2fs_write_data_pages+0x1d28/0x2634 [ 53.235293][ T1958] do_writepages+0x270/0x468 [ 53.235300][ T1958] __writeback_single_inode+0x15c/0x13e8 [ 53.235307][ T1958] writeback_sb_inodes+0x55c/0xe40 [ 53.235313][ T1958] wb_writeback+0x3cc/0xd70 [ 53.235319][ T1958] wb_workfn+0x338/0xdc0 [ 53.235325][ T1958] process_one_work+0x7e8/0x155c [ 53.235331][ T1958] worker_thread+0x958/0xed8 [ 53.235336][ T1958] kthread+0x5fc/0x75c [ 53.235342][ T1958] ret_from_fork+0x10/0x20 [ 53.235375][ T1958] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 53.328767][ T7353] syzkaller0: entered promiscuous mode [ 53.328798][ T7353] syzkaller0: entered allmulticast mode [ 53.332145][ T7353] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 53.498160][ T7363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.198'. [ 53.594900][ T7367] loop1: detected capacity change from 0 to 1024 [ 53.595260][ T7367] EXT4-fs: Ignoring removed oldalloc option [ 53.598773][ T7367] EXT4-fs: Ignoring removed bh option [ 53.783108][ T7367] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.920982][ T7373] loop3: detected capacity change from 0 to 40427 [ 53.929930][ T7373] F2FS-fs (loop3): invalid crc value [ 53.942873][ T7373] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 53.945164][ T7373] F2FS-fs (loop3): Start checkpoint disabled! [ 53.948024][ T7373] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 53.965656][ T7373] syz.3.201: attempt to access beyond end of device [ 53.965656][ T7373] loop3: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 53.987579][ T1958] kworker/u8:5: attempt to access beyond end of device [ 53.987579][ T1958] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 53.987636][ T1958] CPU: 0 UID: 0 PID: 1958 Comm: kworker/u8:5 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 53.987650][ T1958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 53.987655][ T1958] Workqueue: writeback wb_workfn (flush-7:3) [ 53.987672][ T1958] Call trace: [ 53.987674][ T1958] show_stack+0x2c/0x3c (C) [ 53.987685][ T1958] __dump_stack+0x30/0x40 [ 53.987691][ T1958] dump_stack_lvl+0xd8/0x12c [ 53.987696][ T1958] dump_stack+0x1c/0x28 [ 53.987700][ T1958] f2fs_handle_critical_error+0x34c/0x4b8 [ 53.987707][ T1958] f2fs_stop_checkpoint+0x5c/0x70 [ 53.987714][ T1958] f2fs_write_end_io+0x768/0xa70 [ 53.987720][ T1958] bio_endio+0x804/0x840 [ 53.987727][ T1958] submit_bio_noacct+0x158/0x176c [ 53.987732][ T1958] submit_bio+0x3b4/0x550 [ 53.987736][ T1958] f2fs_submit_write_bio+0x13c/0x324 [ 53.987742][ T1958] __submit_merged_bio+0x254/0x704 [ 53.987747][ T1958] __submit_merged_write_cond+0x23c/0x4ac [ 53.987753][ T1958] f2fs_write_data_pages+0x1d28/0x2634 [ 53.987759][ T1958] do_writepages+0x270/0x468 [ 53.987766][ T1958] __writeback_single_inode+0x15c/0x13e8 [ 53.987772][ T1958] writeback_sb_inodes+0x55c/0xe40 [ 53.987778][ T1958] wb_writeback+0x3cc/0xd70 [ 53.987784][ T1958] wb_workfn+0x338/0xdc0 [ 53.987789][ T1958] process_one_work+0x7e8/0x155c [ 53.987795][ T1958] worker_thread+0x958/0xed8 [ 53.987799][ T1958] kthread+0x5fc/0x75c [ 53.987805][ T1958] ret_from_fork+0x10/0x20 [ 53.987813][ T1958] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 54.201683][ T7390] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 54.283990][ T7393] tipc: Started in network mode [ 54.284023][ T7393] tipc: Node identity , cluster identity 4711 [ 54.284045][ T7393] tipc: Failed to obtain node identity [ 54.284058][ T7393] tipc: Enabling of bearer rejected, failed to enable media [ 54.417267][ T6547] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.826048][ T7395] loop2: detected capacity change from 0 to 40427 [ 54.835321][ T7395] F2FS-fs (loop2): build fault injection rate: 771 [ 54.837749][ T7395] F2FS-fs (loop2): invalid crc value [ 54.893101][ T7395] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 54.924979][ T7398] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.940576][ T7395] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 55.037049][ T7409] usb usb8: usbfs: process 7409 (syz.3.211) did not claim interface 0 before use [ 55.335476][ T7416] netlink: 'syz.1.215': attribute type 10 has an invalid length. [ 55.341603][ T7416] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.343208][ T7416] bond0: (slave team0): Enslaving as an active interface with an up link [ 55.408233][ T7423] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 56.215710][ T7435] syzkaller0: entered promiscuous mode [ 56.216864][ T7435] syzkaller0: entered allmulticast mode [ 56.506019][ T7442] loop1: detected capacity change from 0 to 1024 [ 56.573664][ T7442] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 56.598538][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.607788][ T7442] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 117 [ 56.607828][ T7442] EXT4-fs (loop1): This should not happen!! Data will be lost [ 56.607828][ T7442] [ 56.622082][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.630030][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.632231][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.633116][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.633304][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.633423][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.633536][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.633660][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 56.633765][ T7442] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.222: lblock 4 mapped to illegal pblock 4 (length 1) [ 57.341282][ T41] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 117 [ 57.342138][ T41] EXT4-fs (loop1): This should not happen!! Data will be lost [ 57.342138][ T41] [ 57.343798][ T6547] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 57.667641][ T7464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.229'. [ 57.764680][ T7474] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 58.017097][ T7470] usb usb8: usbfs: process 7470 (syz.1.230) did not claim interface 0 before use [ 58.129432][ T7489] loop2: detected capacity change from 0 to 2048 [ 58.144800][ T7489] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 58.208090][ T7495] netlink: 25 bytes leftover after parsing attributes in process `syz.2.240'. [ 58.677764][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.246'. [ 58.726801][ T7524] netlink: 'syz.2.251': attribute type 1 has an invalid length. [ 58.734248][ T7523] loop4: detected capacity change from 0 to 2048 [ 58.737998][ T7523] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 58.994059][ T7524] 8021q: adding VLAN 0 to HW filter on device bond1 [ 59.064745][ T7529] bond1: (slave wlan0): Enslaving as an active interface with a down link [ 59.068925][ T7524] vlan2: entered allmulticast mode [ 59.070094][ T7524] veth1: entered allmulticast mode [ 59.071892][ T7524] veth1: entered promiscuous mode [ 59.073508][ T7524] veth1: left promiscuous mode [ 59.075476][ T7524] bond1: (slave vlan2): making interface the new active one [ 59.076961][ T7524] bond1: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 59.079789][ T7524] veth1: entered promiscuous mode [ 59.080271][ T7524] vlan2: entered promiscuous mode [ 59.080605][ T7524] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 59.149931][ T7538] netlink: 84 bytes leftover after parsing attributes in process `syz.3.255'. [ 59.659188][ T7554] usb usb8: usbfs: process 7554 (syz.2.258) did not claim interface 0 before use [ 60.022981][ T7552] loop1: detected capacity change from 0 to 40427 [ 60.033721][ T7552] F2FS-fs (loop1): build fault injection rate: 771 [ 60.035354][ T7552] F2FS-fs (loop1): invalid crc value [ 60.091475][ T7562] loop3: detected capacity change from 0 to 2048 [ 60.096049][ T7562] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 60.214600][ T7559] loop4: detected capacity change from 0 to 40427 [ 60.226309][ T7559] F2FS-fs (loop4): invalid crc value [ 60.332963][ T7552] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 60.336425][ T7559] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 60.338843][ T7559] F2FS-fs (loop4): Start checkpoint disabled! [ 60.345401][ T7552] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 60.348860][ T7559] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 60.356050][ T7559] syz.4.261: attempt to access beyond end of device [ 60.356050][ T7559] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 60.368751][ T6649] kworker/u8:7: attempt to access beyond end of device [ 60.368751][ T6649] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 60.368802][ T6649] CPU: 1 UID: 0 PID: 6649 Comm: kworker/u8:7 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 60.368814][ T6649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 60.368821][ T6649] Workqueue: writeback wb_workfn (flush-7:4) [ 60.368840][ T6649] Call trace: [ 60.368843][ T6649] show_stack+0x2c/0x3c (C) [ 60.368853][ T6649] __dump_stack+0x30/0x40 [ 60.368859][ T6649] dump_stack_lvl+0xd8/0x12c [ 60.368864][ T6649] dump_stack+0x1c/0x28 [ 60.368869][ T6649] f2fs_handle_critical_error+0x34c/0x4b8 [ 60.368877][ T6649] f2fs_stop_checkpoint+0x5c/0x70 [ 60.368885][ T6649] f2fs_write_end_io+0x768/0xa70 [ 60.368891][ T6649] bio_endio+0x804/0x840 [ 60.368897][ T6649] submit_bio_noacct+0x158/0x176c [ 60.368902][ T6649] submit_bio+0x3b4/0x550 [ 60.368907][ T6649] f2fs_submit_write_bio+0x13c/0x324 [ 60.368913][ T6649] __submit_merged_bio+0x254/0x704 [ 60.368918][ T6649] __submit_merged_write_cond+0x23c/0x4ac [ 60.368924][ T6649] f2fs_write_data_pages+0x1d28/0x2634 [ 60.368930][ T6649] do_writepages+0x270/0x468 [ 60.368937][ T6649] __writeback_single_inode+0x15c/0x13e8 [ 60.368943][ T6649] writeback_sb_inodes+0x55c/0xe40 [ 60.368950][ T6649] wb_writeback+0x3cc/0xd70 [ 60.368955][ T6649] wb_workfn+0x338/0xdc0 [ 60.368961][ T6649] process_one_work+0x7e8/0x155c [ 60.368966][ T6649] worker_thread+0x958/0xed8 [ 60.368971][ T6649] kthread+0x5fc/0x75c [ 60.368978][ T6649] ret_from_fork+0x10/0x20 [ 60.368985][ T6649] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 60.423241][ T6547] syz-executor: attempt to access beyond end of device [ 60.423241][ T6547] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 60.423302][ T6547] CPU: 0 UID: 0 PID: 6547 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 60.423315][ T6547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 60.423321][ T6547] Call trace: [ 60.423324][ T6547] show_stack+0x2c/0x3c (C) [ 60.423338][ T6547] __dump_stack+0x30/0x40 [ 60.423344][ T6547] dump_stack_lvl+0xd8/0x12c [ 60.423349][ T6547] dump_stack+0x1c/0x28 [ 60.423354][ T6547] f2fs_handle_critical_error+0x34c/0x4b8 [ 60.423362][ T6547] f2fs_stop_checkpoint+0x5c/0x70 [ 60.423370][ T6547] f2fs_write_end_io+0x768/0xa70 [ 60.423376][ T6547] bio_endio+0x804/0x840 [ 60.423382][ T6547] submit_bio_noacct+0x158/0x176c [ 60.423387][ T6547] submit_bio+0x3b4/0x550 [ 60.423392][ T6547] f2fs_submit_write_bio+0x13c/0x324 [ 60.423397][ T6547] __submit_merged_bio+0x254/0x704 [ 60.423403][ T6547] __submit_merged_write_cond+0x23c/0x4ac [ 60.423409][ T6547] f2fs_write_data_pages+0x1d28/0x2634 [ 60.423415][ T6547] do_writepages+0x270/0x468 [ 60.423422][ T6547] filemap_fdatawrite+0x14c/0x1f4 [ 60.423429][ T6547] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 60.423434][ T6547] f2fs_write_checkpoint+0x690/0x16a0 [ 60.423439][ T6547] kill_f2fs_super+0x21c/0x584 [ 60.423444][ T6547] deactivate_locked_super+0xc4/0x12c [ 60.423452][ T6547] deactivate_super+0xe0/0x100 [ 60.423458][ T6547] cleanup_mnt+0x31c/0x3ac [ 60.423463][ T6547] __cleanup_mnt+0x20/0x30 [ 60.423468][ T6547] task_work_run+0x1dc/0x260 [ 60.423474][ T6547] do_notify_resume+0x174/0x1f4 [ 60.423480][ T6547] el0_svc+0xb8/0x180 [ 60.423487][ T6547] el0t_64_sync_handler+0x84/0x12c [ 60.423492][ T6547] el0t_64_sync+0x198/0x19c [ 60.444656][ T6547] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 60.990394][ T7596] netlink: 84 bytes leftover after parsing attributes in process `syz.1.267'. [ 61.467818][ T7605] tipc: Started in network mode [ 61.467854][ T7605] tipc: Node identity 72c6246eb01b, cluster identity 4711 [ 61.468473][ T7604] loop3: detected capacity change from 0 to 2048 [ 61.471363][ T7605] tipc: Enabled bearer , priority 0 [ 61.477076][ T7605] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 61.482626][ T7604] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 61.485750][ T7605] tipc: Resetting bearer [ 61.496035][ T7603] tipc: Disabling bearer [ 61.524800][ T7607] loop3: detected capacity change from 0 to 1024 [ 61.538396][ T7609] loop4: detected capacity change from 0 to 4096 [ 61.538832][ T7609] EXT4-fs: Ignoring removed mblk_io_submit option [ 61.545806][ T7607] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 61.547534][ T7609] EXT4-fs (loop4): Test dummy encryption mode enabled [ 61.560932][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.564771][ T7607] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 117 [ 61.567246][ T7607] EXT4-fs (loop3): This should not happen!! Data will be lost [ 61.567246][ T7607] [ 61.572354][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.575083][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.577620][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.580437][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.583236][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.587397][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.590735][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.594441][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.594652][ T7607] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 4: comm syz.3.275: lblock 4 mapped to illegal pblock 4 (length 1) [ 61.596934][ T7609] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.394195][ T7615] loop2: detected capacity change from 0 to 40427 [ 62.421293][ T7615] F2FS-fs (loop2): build fault injection rate: 771 [ 62.425368][ T7615] F2FS-fs (loop2): invalid crc value [ 62.440953][ T6548] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 62.506973][ T7615] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 62.511812][ T7615] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 62.555351][ T6557] syz-executor: attempt to access beyond end of device [ 62.555351][ T6557] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 62.555401][ T6557] CPU: 1 UID: 0 PID: 6557 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 62.555411][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 62.555416][ T6557] Call trace: [ 62.555418][ T6557] show_stack+0x2c/0x3c (C) [ 62.555431][ T6557] __dump_stack+0x30/0x40 [ 62.555437][ T6557] dump_stack_lvl+0xd8/0x12c [ 62.555443][ T6557] dump_stack+0x1c/0x28 [ 62.555447][ T6557] f2fs_handle_critical_error+0x34c/0x4b8 [ 62.555456][ T6557] f2fs_stop_checkpoint+0x5c/0x70 [ 62.555463][ T6557] f2fs_write_end_io+0x768/0xa70 [ 62.555470][ T6557] bio_endio+0x804/0x840 [ 62.555477][ T6557] submit_bio_noacct+0x158/0x176c [ 62.555482][ T6557] submit_bio+0x3b4/0x550 [ 62.555487][ T6557] f2fs_submit_write_bio+0x13c/0x324 [ 62.555493][ T6557] __submit_merged_bio+0x254/0x704 [ 62.555498][ T6557] __submit_merged_write_cond+0x23c/0x4ac [ 62.555504][ T6557] f2fs_write_data_pages+0x1d28/0x2634 [ 62.555510][ T6557] do_writepages+0x270/0x468 [ 62.555518][ T6557] filemap_fdatawrite+0x14c/0x1f4 [ 62.555525][ T6557] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 62.555530][ T6557] f2fs_write_checkpoint+0x690/0x16a0 [ 62.555535][ T6557] kill_f2fs_super+0x21c/0x584 [ 62.555541][ T6557] deactivate_locked_super+0xc4/0x12c [ 62.555549][ T6557] deactivate_super+0xe0/0x100 [ 62.555555][ T6557] cleanup_mnt+0x31c/0x3ac [ 62.555566][ T6557] __cleanup_mnt+0x20/0x30 [ 62.555571][ T6557] task_work_run+0x1dc/0x260 [ 62.555579][ T6557] do_notify_resume+0x174/0x1f4 [ 62.555586][ T6557] el0_svc+0xb8/0x180 [ 62.555594][ T6557] el0t_64_sync_handler+0x84/0x12c [ 62.555600][ T6557] el0t_64_sync+0x198/0x19c [ 62.555618][ T6557] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 62.838642][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.649910][ T7651] netlink: 84 bytes leftover after parsing attributes in process `syz.2.282'. [ 64.098506][ T7668] loop2: detected capacity change from 0 to 4096 [ 64.101425][ T7668] EXT4-fs: Ignoring removed mblk_io_submit option [ 64.102670][ T7671] syzkaller1: entered promiscuous mode [ 64.102711][ T7671] syzkaller1: entered allmulticast mode [ 64.106673][ T7668] EXT4-fs (loop2): Test dummy encryption mode enabled [ 64.117532][ T7668] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.164474][ T7664] loop1: detected capacity change from 0 to 40427 [ 64.168621][ T7664] F2FS-fs (loop1): build fault injection rate: 771 [ 64.172270][ T7664] F2FS-fs (loop1): invalid crc value [ 64.200841][ T7664] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 64.208693][ T7664] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 64.236058][ T6547] syz-executor: attempt to access beyond end of device [ 64.236058][ T6547] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 64.236112][ T6547] CPU: 0 UID: 0 PID: 6547 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 64.236122][ T6547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 64.236128][ T6547] Call trace: [ 64.236131][ T6547] show_stack+0x2c/0x3c (C) [ 64.236145][ T6547] __dump_stack+0x30/0x40 [ 64.236152][ T6547] dump_stack_lvl+0xd8/0x12c [ 64.236157][ T6547] dump_stack+0x1c/0x28 [ 64.236162][ T6547] f2fs_handle_critical_error+0x34c/0x4b8 [ 64.236169][ T6547] f2fs_stop_checkpoint+0x5c/0x70 [ 64.236177][ T6547] f2fs_write_end_io+0x768/0xa70 [ 64.236183][ T6547] bio_endio+0x804/0x840 [ 64.236189][ T6547] submit_bio_noacct+0x158/0x176c [ 64.236194][ T6547] submit_bio+0x3b4/0x550 [ 64.236199][ T6547] f2fs_submit_write_bio+0x13c/0x324 [ 64.236204][ T6547] __submit_merged_bio+0x254/0x704 [ 64.236210][ T6547] __submit_merged_write_cond+0x23c/0x4ac [ 64.236215][ T6547] f2fs_write_data_pages+0x1d28/0x2634 [ 64.236221][ T6547] do_writepages+0x270/0x468 [ 64.236228][ T6547] filemap_fdatawrite+0x14c/0x1f4 [ 64.236235][ T6547] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 64.236240][ T6547] f2fs_write_checkpoint+0x690/0x16a0 [ 64.236245][ T6547] kill_f2fs_super+0x21c/0x584 [ 64.236250][ T6547] deactivate_locked_super+0xc4/0x12c [ 64.236258][ T6547] deactivate_super+0xe0/0x100 [ 64.236264][ T6547] cleanup_mnt+0x31c/0x3ac [ 64.236269][ T6547] __cleanup_mnt+0x20/0x30 [ 64.236274][ T6547] task_work_run+0x1dc/0x260 [ 64.236280][ T6547] do_notify_resume+0x174/0x1f4 [ 64.236286][ T6547] el0_svc+0xb8/0x180 [ 64.236292][ T6547] el0t_64_sync_handler+0x84/0x12c [ 64.236298][ T6547] el0t_64_sync+0x198/0x19c [ 64.236305][ T6547] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 64.492014][ T26] cfg80211: failed to load regulatory.db [ 64.520494][ T2411] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.521995][ T2411] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.133427][ T7692] loop1: detected capacity change from 0 to 2048 [ 65.137197][ T7692] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 65.174153][ T7700] tipc: Enabling of bearer rejected, failed to enable media [ 65.248654][ T7709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.248857][ T7709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.301675][ T7737] loop1: detected capacity change from 0 to 2048 [ 66.309133][ T7737] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 66.334093][ T7739] tipc: Enabling of bearer rejected, failed to enable media [ 66.344688][ T7734] netlink: 84 bytes leftover after parsing attributes in process `syz.3.314'. [ 66.815001][ T7761] tipc: Enabled bearer , priority 0 [ 66.816869][ T7761] syzkaller0: entered promiscuous mode [ 66.818204][ T7761] syzkaller0: entered allmulticast mode [ 66.835105][ T7761] tipc: Resetting bearer [ 66.837710][ T7759] tipc: Resetting bearer [ 66.844166][ T7759] tipc: Disabling bearer [ 66.866417][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.938874][ T7769] netlink: 165 bytes leftover after parsing attributes in process `syz.2.325'. [ 67.149651][ T11] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 67.300557][ T11] usb 1-1: Using ep0 maxpacket: 16 [ 67.311560][ T11] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 67.311597][ T11] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 67.315778][ T11] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 67.315814][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.315824][ T11] usb 1-1: Product: syz [ 67.315832][ T11] usb 1-1: Manufacturer: syz [ 67.315840][ T11] usb 1-1: SerialNumber: syz [ 67.360533][ T7775] netlink: 84 bytes leftover after parsing attributes in process `syz.4.329'. [ 67.399165][ T7784] tipc: Enabling of bearer rejected, failed to enable media [ 67.756505][ T11] usb 1-1: 0:2 : does not exist [ 67.758775][ T11] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 67.769492][ T11] usb 1-1: USB disconnect, device number 3 [ 67.797512][ T7801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.336'. [ 67.814718][ T6567] udevd[6567]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 67.905589][ T7805] loop4: detected capacity change from 0 to 256 [ 67.907683][ T7805] exfat: Unknown parameter 'fsmagic' [ 69.100441][ T7813] netlink: 84 bytes leftover after parsing attributes in process `syz.3.341'. [ 69.138479][ T7826] tipc: Enabling of bearer rejected, failed to enable media [ 69.286976][ T7841] netlink: 165 bytes leftover after parsing attributes in process `syz.4.346'. [ 69.296946][ T7842] loop0: detected capacity change from 0 to 1024 [ 69.297575][ T7842] EXT4-fs: Ignoring removed oldalloc option [ 69.297588][ T7842] EXT4-fs: Ignoring removed bh option [ 69.311924][ T7842] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.075177][ T7863] loop3: detected capacity change from 0 to 512 [ 70.076822][ T7863] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 70.076864][ T7863] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 70.114936][ T7863] EXT4-fs error (device loop3): xattr_find_entry:333: inode #15: comm syz.3.351: corrupted xattr entries [ 70.134313][ T7863] EXT4-fs (loop3): Remounting filesystem read-only [ 70.134360][ T7863] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 70.134474][ T7863] EXT4-fs (loop3): 1 truncate cleaned up [ 70.134963][ T7863] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.150286][ T7863] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.426203][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.529427][ T7877] tipc: Enabling of bearer rejected, failed to enable media [ 70.853297][ T7888] loop0: detected capacity change from 0 to 256 [ 70.853785][ T7888] exfat: Unknown parameter 'fsmagic' [ 71.749458][ T7906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.359'. [ 71.907276][ T7913] netlink: 165 bytes leftover after parsing attributes in process `syz.3.363'. [ 72.392686][ T7936] loop4: detected capacity change from 0 to 512 [ 72.397027][ T7936] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 72.407316][ T7936] EXT4-fs error (device loop4): xattr_find_entry:333: inode #15: comm syz.4.372: corrupted xattr entries [ 72.411279][ T7936] EXT4-fs (loop4): Remounting filesystem read-only [ 72.413285][ T7936] EXT4-fs (loop4): 1 truncate cleaned up [ 72.414939][ T7936] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.443281][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.474721][ T7943] loop4: detected capacity change from 0 to 1024 [ 72.476439][ T7943] EXT4-fs: Ignoring removed oldalloc option [ 72.477626][ T7943] EXT4-fs: Ignoring removed bh option [ 72.501622][ T7943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.329481][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.405974][ T7979] loop3: detected capacity change from 0 to 40427 [ 73.410704][ T7979] F2FS-fs (loop3): invalid crc value [ 73.414588][ T7986] netlink: 165 bytes leftover after parsing attributes in process `syz.4.388'. [ 73.426420][ T7979] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 73.428270][ T7979] F2FS-fs (loop3): Start checkpoint disabled! [ 73.432261][ T7979] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 73.444855][ T41] kworker/u8:2: attempt to access beyond end of device [ 73.444855][ T41] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 73.444903][ T41] CPU: 1 UID: 0 PID: 41 Comm: kworker/u8:2 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 73.444912][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 73.444917][ T41] Workqueue: writeback wb_workfn (flush-7:3) [ 73.444934][ T41] Call trace: [ 73.444936][ T41] show_stack+0x2c/0x3c (C) [ 73.444947][ T41] __dump_stack+0x30/0x40 [ 73.444955][ T41] dump_stack_lvl+0xd8/0x12c [ 73.444961][ T41] dump_stack+0x1c/0x28 [ 73.444967][ T41] f2fs_handle_critical_error+0x34c/0x4b8 [ 73.444975][ T41] f2fs_stop_checkpoint+0x5c/0x70 [ 73.444982][ T41] f2fs_write_end_io+0x768/0xa70 [ 73.444988][ T41] bio_endio+0x804/0x840 [ 73.444995][ T41] submit_bio_noacct+0x158/0x176c [ 73.445000][ T41] submit_bio+0x3b4/0x550 [ 73.445004][ T41] f2fs_submit_write_bio+0x13c/0x324 [ 73.445010][ T41] __submit_merged_bio+0x254/0x704 [ 73.445015][ T41] __submit_merged_write_cond+0x23c/0x4ac [ 73.445021][ T41] f2fs_write_data_pages+0x1d28/0x2634 [ 73.445027][ T41] do_writepages+0x270/0x468 [ 73.445034][ T41] __writeback_single_inode+0x15c/0x13e8 [ 73.445040][ T41] writeback_sb_inodes+0x55c/0xe40 [ 73.445046][ T41] wb_writeback+0x3cc/0xd70 [ 73.445052][ T41] wb_workfn+0x338/0xdc0 [ 73.445057][ T41] process_one_work+0x7e8/0x155c [ 73.445063][ T41] worker_thread+0x958/0xed8 [ 73.445068][ T41] kthread+0x5fc/0x75c [ 73.445074][ T41] ret_from_fork+0x10/0x20 [ 73.447312][ T41] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 73.513414][ T7990] loop0: detected capacity change from 0 to 16 [ 73.516218][ T7990] erofs (device loop0): mounted with root inode @ nid 36. [ 73.681317][ T1958] vlan2: left promiscuous mode [ 74.063142][ T8017] tipc: Enabling of bearer rejected, failed to enable media [ 74.085810][ T8023] loop0: detected capacity change from 0 to 512 [ 74.087937][ T8023] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 74.093072][ T8023] EXT4-fs error (device loop0): xattr_find_entry:333: inode #15: comm syz.0.401: corrupted xattr entries [ 74.096004][ T8023] EXT4-fs (loop0): Remounting filesystem read-only [ 74.097454][ T8023] EXT4-fs (loop0): 1 truncate cleaned up [ 74.099305][ T8023] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.116972][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.138754][ T8026] loop0: detected capacity change from 0 to 16 [ 74.154295][ T8026] erofs (device loop0): mounted with root inode @ nid 36. [ 74.488803][ T8053] tipc: Enabling of bearer rejected, failed to enable media [ 74.523364][ T8063] loop4: detected capacity change from 0 to 1024 [ 74.523823][ T8063] EXT4-fs: Ignoring removed oldalloc option [ 74.523848][ T8063] EXT4-fs: Ignoring removed bh option [ 74.548325][ T8067] loop3: detected capacity change from 0 to 16 [ 74.550936][ T8067] erofs (device loop3): mounted with root inode @ nid 36. [ 74.553764][ T8063] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.579344][ T8070] netlink: 165 bytes leftover after parsing attributes in process `syz.1.414'. [ 74.691235][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.750735][ T8080] tipc: Started in network mode [ 74.751791][ T8080] tipc: Node identity 1af5fe74e457, cluster identity 4711 [ 74.753287][ T8080] tipc: Enabled bearer , priority 0 [ 74.756148][ T8080] syzkaller0: entered promiscuous mode [ 74.757298][ T8080] syzkaller0: entered allmulticast mode [ 74.768318][ T8080] tipc: Resetting bearer [ 74.779351][ T8079] tipc: Resetting bearer [ 74.784122][ T8079] tipc: Disabling bearer [ 74.895676][ T8090] tipc: Enabling of bearer rejected, failed to enable media [ 74.933508][ T8101] loop2: detected capacity change from 0 to 16 [ 74.937567][ T8101] erofs (device loop2): mounted with root inode @ nid 36. [ 75.237689][ T8106] loop2: detected capacity change from 0 to 1024 [ 75.238043][ T8106] EXT4-fs: Ignoring removed oldalloc option [ 75.238808][ T8106] EXT4-fs: Ignoring removed bh option [ 75.256536][ T8106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.336071][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.436777][ T8127] tipc: Enabled bearer , priority 0 [ 75.439407][ T8127] syzkaller0: entered promiscuous mode [ 75.442996][ T8127] syzkaller0: entered allmulticast mode [ 75.464990][ T8127] tipc: Resetting bearer [ 75.473499][ T8125] tipc: Resetting bearer [ 75.485965][ T8136] loop1: detected capacity change from 0 to 16 [ 75.486729][ T8136] erofs (device loop1): mounted with root inode @ nid 36. [ 75.492409][ T8125] tipc: Disabling bearer [ 75.563815][ T8142] vlan2: entered promiscuous mode [ 75.563853][ T8142] bridge0: entered promiscuous mode [ 75.573731][ T8142] bridge0: port 3(vlan2) entered blocking state [ 75.573788][ T8142] bridge0: port 3(vlan2) entered disabled state [ 75.573851][ T8142] vlan2: entered allmulticast mode [ 75.573859][ T8142] bridge0: entered allmulticast mode [ 75.577228][ T8142] vlan2: left allmulticast mode [ 75.577239][ T8142] bridge0: left allmulticast mode [ 76.124553][ T8152] loop4: detected capacity change from 0 to 1024 [ 76.124913][ T8152] EXT4-fs: Ignoring removed oldalloc option [ 76.124942][ T8152] EXT4-fs: Ignoring removed bh option [ 76.143847][ T8152] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.195119][ T8164] netlink: 165 bytes leftover after parsing attributes in process `syz.1.445'. [ 76.225143][ T8166] netlink: 'syz.0.447': attribute type 1 has an invalid length. [ 76.225185][ T8166] netlink: 224 bytes leftover after parsing attributes in process `syz.0.447'. [ 76.405886][ T8177] loop3: detected capacity change from 0 to 16 [ 76.414888][ T8177] erofs (device loop3): mounted with root inode @ nid 36. [ 76.436689][ T8179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.436874][ T8179] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.500793][ T8186] netlink: 84 bytes leftover after parsing attributes in process `syz.0.452'. [ 76.959432][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.002859][ T6128] IPVS: starting estimator thread 0... [ 77.038634][ T8212] loop4: detected capacity change from 0 to 16 [ 77.041959][ T8212] erofs (device loop4): mounted with root inode @ nid 36. [ 77.120015][ T8209] IPVS: using max 69 ests per chain, 165600 per kthread [ 77.135740][ T8221] loop2: detected capacity change from 0 to 512 [ 77.138963][ T8221] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 77.153954][ T8221] EXT4-fs error (device loop2): xattr_find_entry:333: inode #15: comm syz.2.465: corrupted xattr entries [ 77.156443][ T8221] EXT4-fs (loop2): Remounting filesystem read-only [ 77.156567][ T8221] EXT4-fs (loop2): 1 truncate cleaned up [ 77.160102][ T8228] netlink: 84 bytes leftover after parsing attributes in process `syz.1.464'. [ 77.187301][ T8221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.236006][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.419001][ T8244] netlink: 165 bytes leftover after parsing attributes in process `syz.2.471'. [ 77.763006][ T8250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.763188][ T8250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.848060][ T8254] syzkaller0: entered promiscuous mode [ 77.848171][ T8254] syzkaller0: entered allmulticast mode [ 78.647652][ T8277] netlink: 84 bytes leftover after parsing attributes in process `syz.4.479'. [ 78.754597][ T8290] loop1: detected capacity change from 0 to 16 [ 78.764421][ T8290] erofs (device loop1): mounted with root inode @ nid 36. [ 78.815890][ T8293] netlink: 165 bytes leftover after parsing attributes in process `syz.3.487'. [ 79.069574][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 79.219625][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 79.221955][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 79.223875][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 79.226815][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 79.228518][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.230313][ T9] usb 1-1: Product: syz [ 79.230320][ T9] usb 1-1: Manufacturer: syz [ 79.230327][ T9] usb 1-1: SerialNumber: syz [ 79.314501][ T8300] loop2: detected capacity change from 0 to 256 [ 79.316234][ T8300] exfat: Unknown parameter 'fsmagic' [ 79.463130][ T9] usb 1-1: 0:2 : does not exist [ 79.472623][ T9] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 79.492996][ T9] usb 1-1: USB disconnect, device number 4 [ 79.522623][ T6567] udevd[6567]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 79.726309][ T8305] loop3: detected capacity change from 0 to 1024 [ 79.728128][ T8305] EXT4-fs: Ignoring removed oldalloc option [ 79.764537][ T8305] EXT4-fs: Ignoring removed bh option [ 79.817925][ T8305] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.012791][ T8317] netlink: 84 bytes leftover after parsing attributes in process `syz.1.494'. [ 80.092152][ T8324] dvmrp8: entered allmulticast mode [ 80.122138][ T8320] dvmrp8: left allmulticast mode [ 80.614736][ T6548] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.650172][ T8344] netlink: 165 bytes leftover after parsing attributes in process `syz.0.502'. [ 80.905228][ T8356] netlink: 84 bytes leftover after parsing attributes in process `syz.3.506'. [ 80.936360][ T8358] netlink: 3 bytes leftover after parsing attributes in process `syz.2.507'. [ 80.944692][ T8358] batadv1: entered promiscuous mode [ 80.944734][ T8358] batadv1: entered allmulticast mode [ 81.099688][ T8368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.099871][ T8368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.111177][ T8369] netlink: 596 bytes leftover after parsing attributes in process `syz.3.509'. [ 81.274155][ T8382] netlink: 4 bytes leftover after parsing attributes in process `syz.3.514'. [ 81.474701][ T8394] tipc: Enabled bearer , priority 0 [ 81.475048][ T8394] syzkaller0: entered promiscuous mode [ 81.475116][ T8394] syzkaller0: entered allmulticast mode [ 81.481666][ T8394] tipc: Resetting bearer [ 81.487514][ T8395] loop3: detected capacity change from 0 to 256 [ 81.490187][ T8395] exfat: Unknown parameter 'fsmagic' [ 81.555704][ T8392] tipc: Resetting bearer [ 81.564680][ T8392] tipc: Disabling bearer [ 82.373324][ T8421] macvlan1: entered allmulticast mode [ 82.374499][ T8421] veth1_vlan: entered allmulticast mode [ 82.467417][ T8429] netlink: 165 bytes leftover after parsing attributes in process `syz.0.530'. [ 82.483975][ T8431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.484333][ T8431] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.811349][ T8433] syzkaller0: entered promiscuous mode [ 82.811389][ T8433] syzkaller0: entered allmulticast mode [ 82.815485][ T8433] tipc: Enabled bearer , priority 0 [ 82.816499][ T8432] tipc: Resetting bearer [ 83.294166][ T8432] tipc: Disabling bearer [ 83.298599][ T8440] !: renamed from dummy0 (while UP) [ 83.597079][ T8459] tipc: Enabled bearer , priority 0 [ 83.598835][ T8459] syzkaller0: entered promiscuous mode [ 83.599943][ T8459] syzkaller0: entered allmulticast mode [ 83.603703][ T8459] tipc: Resetting bearer [ 83.605958][ T8458] tipc: Resetting bearer [ 83.615038][ T8458] tipc: Disabling bearer [ 83.687736][ T8466] loop4: detected capacity change from 0 to 4096 [ 83.689377][ T8466] EXT4-fs: Ignoring removed mblk_io_submit option [ 83.695464][ T8466] EXT4-fs (loop4): Test dummy encryption mode enabled [ 83.711323][ T8466] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.639443][ T8488] netlink: 165 bytes leftover after parsing attributes in process `syz.2.548'. [ 84.745379][ T8489] tipc: Enabled bearer , priority 0 [ 84.755154][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.757162][ T8487] tipc: Disabling bearer [ 84.787541][ T8499] tipc: Enabled bearer , priority 0 [ 84.790708][ T8499] syzkaller0: entered promiscuous mode [ 84.792212][ T8499] syzkaller0: entered allmulticast mode [ 84.796749][ T8499] tipc: Resetting bearer [ 84.799248][ T8498] tipc: Resetting bearer [ 84.838372][ T8498] tipc: Disabling bearer [ 85.131582][ T8518] !: renamed from dummy0 (while UP) [ 85.139478][ T8520] loop0: detected capacity change from 0 to 4096 [ 85.143680][ T8520] EXT4-fs: Ignoring removed mblk_io_submit option [ 85.149144][ T8520] EXT4-fs (loop0): Test dummy encryption mode enabled [ 85.157099][ T8520] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.373178][ T8527] tipc: Enabled bearer , priority 0 [ 85.377145][ T8526] tipc: Disabling bearer [ 85.456805][ T8529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.567'. [ 85.533313][ T8535] tipc: Enabled bearer , priority 0 [ 85.533643][ T8535] syzkaller0: entered promiscuous mode [ 85.533654][ T8535] syzkaller0: entered allmulticast mode [ 85.550091][ T8535] tipc: Resetting bearer [ 85.585861][ T8534] tipc: Resetting bearer [ 85.603847][ T8537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.571'. [ 85.612457][ T8534] tipc: Disabling bearer [ 85.678808][ T8547] loop1: detected capacity change from 0 to 16 [ 85.694845][ T8547] erofs (device loop1): mounted with root inode @ nid 36. [ 86.184251][ T8558] usb usb8: usbfs: process 8558 (syz.4.578) did not claim interface 0 before use [ 86.301139][ T8559] netlink: 165 bytes leftover after parsing attributes in process `syz.1.577'. [ 86.303528][ T8545] netlink: 'syz.2.575': attribute type 1 has an invalid length. [ 86.303577][ T8545] netlink: 136 bytes leftover after parsing attributes in process `syz.2.575'. [ 86.303586][ T8545] netlink: 'syz.2.575': attribute type 2 has an invalid length. [ 86.303593][ T8545] netlink: 'syz.2.575': attribute type 1 has an invalid length. [ 86.368431][ T8561] tipc: Enabled bearer , priority 0 [ 86.373403][ T8560] tipc: Disabling bearer [ 86.925920][ T8573] loop1: detected capacity change from 0 to 1024 [ 86.926303][ T8573] EXT4-fs: Ignoring removed oldalloc option [ 86.926333][ T8573] EXT4-fs: Ignoring removed bh option [ 86.966431][ T8573] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.107959][ T6547] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.133155][ T8584] loop4: detected capacity change from 0 to 16 [ 87.136675][ T8584] erofs (device loop4): mounted with root inode @ nid 36. [ 87.272297][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.358285][ T8597] tipc: Enabled bearer , priority 0 [ 87.361912][ T8596] tipc: Disabling bearer [ 87.738544][ T8606] usb usb8: usbfs: process 8606 (syz.1.595) did not claim interface 0 before use [ 87.950535][ T8610] loop3: detected capacity change from 0 to 1024 [ 87.951078][ T8610] EXT4-fs: Ignoring removed oldalloc option [ 87.951090][ T8610] EXT4-fs: Ignoring removed bh option [ 87.965611][ T8610] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.050559][ T6548] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.072545][ T8620] loop3: detected capacity change from 0 to 16 [ 88.082347][ T8620] erofs (device loop3): mounted with root inode @ nid 36. [ 88.163268][ T8622] loop4: detected capacity change from 0 to 4096 [ 88.163638][ T8622] EXT4-fs: Ignoring removed mblk_io_submit option [ 88.165781][ T8622] EXT4-fs (loop4): Test dummy encryption mode enabled [ 88.176106][ T8622] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.031661][ T8647] tipc: Started in network mode [ 89.031689][ T8647] tipc: Node identity , cluster identity 4711 [ 89.031954][ T8647] tipc: Failed to obtain node identity [ 89.031978][ T8647] tipc: Enabling of bearer rejected, failed to enable media [ 89.069241][ T8651] loop0: detected capacity change from 0 to 1024 [ 89.072144][ T8651] EXT4-fs: Ignoring removed oldalloc option [ 89.074604][ T8651] EXT4-fs: Ignoring removed bh option [ 89.087296][ T8651] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.276835][ T8659] netlink: 64 bytes leftover after parsing attributes in process `syz.2.614'. [ 89.290391][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.332689][ T8667] loop0: detected capacity change from 0 to 16 [ 89.339761][ T8667] erofs (device loop0): mounted with root inode @ nid 36. [ 90.163475][ T8685] tipc: Started in network mode [ 90.163510][ T8685] tipc: Node identity , cluster identity 4711 [ 90.163533][ T8685] tipc: Failed to obtain node identity [ 90.163551][ T8685] tipc: Enabling of bearer rejected, failed to enable media [ 90.262736][ T8691] netlink: 12 bytes leftover after parsing attributes in process `syz.0.625'. [ 90.568813][ T8700] loop0: detected capacity change from 0 to 1024 [ 90.571323][ T8700] EXT4-fs: Ignoring removed oldalloc option [ 90.572479][ T8700] EXT4-fs: Ignoring removed bh option [ 90.591649][ T8700] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.636081][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.700176][ T6550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.295456][ T8730] loop1: detected capacity change from 0 to 16 [ 91.297534][ T8730] erofs (device loop1): mounted with root inode @ nid 36. [ 91.500325][ T8736] syzkaller0: entered promiscuous mode [ 91.500359][ T8736] syzkaller0: entered allmulticast mode [ 91.592245][ T8741] loop2: detected capacity change from 0 to 4096 [ 91.594029][ T8741] EXT4-fs: Ignoring removed mblk_io_submit option [ 91.602739][ T8741] EXT4-fs (loop2): Test dummy encryption mode enabled [ 91.613909][ T8741] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.703082][ T8744] loop4: detected capacity change from 0 to 1024 [ 91.709002][ T8744] EXT4-fs: Ignoring removed oldalloc option [ 91.710572][ T8744] EXT4-fs: Ignoring removed bh option [ 91.743408][ T8744] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.934618][ T8778] ------------[ cut here ]------------ [ 92.934645][ T8778] verifier bug: not inlined functions bpf_probe_read_kernel_str#115 is missing func(1) [ 92.937753][ T8778] WARNING: CPU: 1 PID: 8778 at kernel/bpf/verifier.c:22840 bpf_check+0x1559c/0x15d8c [ 92.939221][ T8778] Modules linked in: [ 92.939848][ T8778] CPU: 1 UID: 0 PID: 8778 Comm: syz.3.648 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 92.941620][ T8778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 92.943144][ T8778] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 92.944427][ T8778] pc : bpf_check+0x1559c/0x15d8c [ 92.945244][ T8778] lr : bpf_check+0x1559c/0x15d8c [ 92.945975][ T8778] sp : ffff8000a4407480 [ 92.946533][ T8778] x29: ffff8000a4407980 x28: dfff800000000000 x27: 0000000000000006 [ 92.947811][ T8778] x26: 1ffff00012ff9c12 x25: ffff800097fce094 x24: ffff0000d8bc8008 [ 92.949071][ T8778] x23: ffff800097fce090 x22: ffff80008b144200 x21: ffff800092df4000 [ 92.950223][ T8778] x20: ffff800097fce094 x19: 1ffff00012ff9c12 x18: 1fffe000337a0688 [ 92.951348][ T8778] x17: ffff80008f7be000 x16: ffff80008b007230 x15: 0000000000000001 [ 92.952494][ T8778] x14: 1fffe000337a3108 x13: 0000000000000000 x12: 0000000000000000 [ 92.953630][ T8778] x11: 0000000000080000 x10: 0000000000000003 x9 : d3314c857e215d00 [ 92.954871][ T8778] x8 : d3314c857e215d00 x7 : ffff800080491074 x6 : 0000000000000000 [ 92.955959][ T8778] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 92.957135][ T8778] x2 : ffff8000a4407040 x1 : ffff80008b6577c0 x0 : 0000000000000001 [ 92.958290][ T8778] Call trace: [ 92.958743][ T8778] bpf_check+0x1559c/0x15d8c (P) [ 92.959462][ T8778] bpf_prog_load+0xec8/0x13fc [ 92.960141][ T8778] __sys_bpf+0x450/0x628 [ 92.960751][ T8778] __arm64_sys_bpf+0x80/0x98 [ 92.961399][ T8778] invoke_syscall+0x98/0x2b8 [ 92.962071][ T8778] el0_svc_common+0x130/0x23c [ 92.962763][ T8778] do_el0_svc+0x48/0x58 [ 92.963348][ T8778] el0_svc+0x58/0x180 [ 92.963993][ T8778] el0t_64_sync_handler+0x84/0x12c [ 92.964772][ T8778] el0t_64_sync+0x198/0x19c [ 92.965452][ T8778] irq event stamp: 270 [ 92.966031][ T8778] hardirqs last enabled at (269): [] finish_lock_switch+0xb0/0x1c0 [ 92.967532][ T8778] hardirqs last disabled at (270): [] el1_brk64+0x1c/0x48 [ 92.968862][ T8778] softirqs last enabled at (126): [] local_bh_enable+0x10/0x34 [ 92.970285][ T8778] softirqs last disabled at (124): [] local_bh_disable+0x10/0x34 [ 92.971740][ T8778] ---[ end trace 0000000000000000 ]--- [ 93.172418][ T6549] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.229277][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.