last executing test programs: 3.555892575s ago: executing program 2 (id=1006): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x3c, r0, 0x9, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}}, 0x0) 3.551977545s ago: executing program 2 (id=1007): setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) 3.538373565s ago: executing program 2 (id=1008): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000480)=""/74, 0x4a) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x1380, &(0x7f0000003700)=ANY=[]) 2.416720973s ago: executing program 4 (id=1028): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='illinois\x00', 0x9) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) shutdown(r0, 0x1) 2.380020163s ago: executing program 4 (id=1029): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) 2.255093644s ago: executing program 4 (id=1032): r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x200}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r1, 0x8040942d, 0x0) 2.028684948s ago: executing program 3 (id=1035): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @void, @value}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 1.328441249s ago: executing program 1 (id=1043): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newtaction={0x6c, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0xf454, 0x800000, 0x20000008, 0x8001, 0x8}}, @TCA_DEF_DATA={0x9, 0x3, ')$)+\x00'}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}}, 0x0) 1.25991749s ago: executing program 1 (id=1045): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f000000b400)="2b84fcc191c5ef9e72ba48f67bcdfab2288361f286885f9823743e1c6eeb8d94f6bf3f31b5654428b53cd509858f5d120bf223b3effb7fd63656d9f0c8cb92b225dfbc645e7b9cbbe11d0d6fceac014a49ef1c30f7a2b94462e86772d4b16f348807d94add44597319000ce5d0db2681acf6da900816f955220fe69040dedc789ea8db5ae99f057a3431fe7a95954e1cfcb2c3ef47af27dee58a4705a58a9a54efbef77b2457f40dcec0467d5458fc316f0f83b19242233da1164428f221cee1bf1e7db3130df03be6c70a820ce9997b2758900b9e8ac16ecf8f76a50f3f6fb38c7bb8b413b672d1525c04f869eca3c1aa2ea7ed8736d4ceb85047b1ebf04ab3837542154df5936a8411ed7688f2d6b5002b55951d9cc1f71d5b2f6f2cfa169f7f21af84c670ccc1eea628242920de72edd34d06d07e0793f5afa47a9f35a8f561a90b2f92f8808184c5863158f06b10ab493c2e825842ba2d50ba0c7eada044df7cadf7bab9f66087a07e8bbbdd07e62a3fd3f5c889d672022c699a853d568eaf0a4c107e1c4f985f5235c2f5374c1de9372899ba3cede18ee9b6556ed8e36f5e1f4d6a607f06115ea099d8df83bbca5420e9ea33531899462a6a497c8485ef0f534792ce1e3fbe1f34467b95f8fc388142d71ea832b9d60dc763cfc8e207d6e266b334e72c5cc2919646aea13c8d5cde42e6fc8f69dff416f332ee4ab2255625d8b05f9d075bbe597588b501c6af9e59c422446075547d251e706d0e859f860683807ca8ca8b9c1d530fb5be26fa709b32106a547ccfa6f03798eb6844792be4f05c56165b3ca2f48270010566a33ac74e2e1139b567e49a954f0283f0e99795a80acef472f6b474764736da785fc9c8406e33801a5219d4c5bced764971fea66a71895b0db18baed835ee29e34f6281d2bd3b0bfef386ee3842fe8d88ea72fca69c861556f8cefe9b5985026f232c5f7a50440c19c468f9c5136e8a4eb844d12e6ac72e8cc6329953103a24a30532e5e9e450a8c87362ce06c5875972719be15c9dc0beaeacee080b41f96517fe0388a555fbe30f0b424cd89bec393c907d1bd6bd0b538377aeb45d70874646e39465a88a43a2c044fcd59d9d7bd7cfa76ebcd777355150b13b452fa17c56a801c6de978e1e076a395a2b93f81ef42ed986ec53e72321c74d2103f42f01d70c0524598cdde38deb2af4f23c335bf14f1a26af09647b07cd20ebf5870bd7f559a5e9c3ea3e276ab569130fa4e57331f118deea77c534a44cdc40c0fdeae60d55bb5ed1f370410862a0a73b5252d523d1d8b10b8c0250348c80774b746a9beef99995bc39d51fdf5711251fb9a8d732a3b402a90c720bfe03794c097751ce4b9134e383a523325004fec95e02ed95787a32b43c32fa636cf860d3b403c9bbbea68f5ad309f557fcab8f3ad8be61b0d248865d23d510b67bea2069e2e6b17b6ff506e49d04c0f15e6c1dbed91fa6ed0bcb36f3e7ad3b5861e27f64311b193373d40729b194f520670b26be03a9ff6a5e5e7fe32c92cb764b642ccaf172429a5a828ab8c8d34f768d00bb641435e37ab3fc622bfc09eb7bebe9aa846a7af23422a0ed73ebd24dc4f15b4a450a65f41a5d94e0ac6d4367e7f2f65286671e59a49a2b61b311fae119b173f3cc7758e8532a8680a04e2e49879d44049529ac53583cc60ba0003a9e3c059b701a0c9b77ed8bd8902e3ec607c991d60c869b66ef8350916c7c421840f225501d4d11c664c717bd90db4df42e7f3f0290ada193f11778c8ddb387fa6e05625f7e4e0bf7015644a8198c006f900aaef57a8dd631436320f574e6d7731a1dcf3f52192ff6543bc92739d81207cbef7d259eb711e95aca9011fd1cdcccfde320d5444d6bf7a272a6e56fe9864e54b4ce13f92ec945a264815d620889828daf8557a678a38d5e7cd7ebffa58e86dea3fa05af70c185bc2ac19790c7d3874c8e3c30e67f2107f5c904ca0faa4a63079e15a2968f75ace24bc35e5bbf43fc626e512b507d1a603d4dd373b24d07f81e02e0fe95f6c1a75ac05f2faad92c2c12d773c839f6d15c0745a856edbba965b5a609258766a218726c4731c253187dee727ffae91b2a81da2074687056f3084ce53f0290dd4bfcac711cd31b62cebd3636e1e0aacbfff46915e9517ae9408a4aa292e2d7c9c37692f050dd3ed5c6d58e6f62c01a99467f097506d4f71df3497e1820498b5c9080c4a0cdfe0abc7d363a1cf47ceefcbaff7fd245c2c63a4ed62f6adc81a8f95134b36019353f42f27ca5515f5e4ed1ed2bf574ac07ba85de9a380899a5c1895f5508ce71ddcf9caa4f773c0f18c3888f6772c8f5f88a78750ee0ad70bb95179b3a3b699d0cf3c03e40836fa93b609939751641a9424287520f72add27df642f05dfb98cf5d2c7b21576eac039b62aa2ca5210ebcc15aa7e318a7fec01d4ca371c4912ae596c9d98df729a702546b91cb9732d00128dd2f977f64e068d181513a8426744cd51c8151d521fe5932cf0735334fd6f79d746a901845d47ae676d377534ca5dbf4f17b23dec6503d02fde4653b631ec8e10c7c9ccd9f1f466e46b6003602590773513a36333ca4683d979d22f548dc5d5dda58b1abb57a1f84298f90ab17f89b23754d35bddc91ca5ad0b4f0538bf70832c240b283865446daec2503308e166a21ee92f9f8b70848ecbef07fb390d2f5aab5e2a4763ff561adcfd572e93203d9f314674473f20183b409010f3dade14e0df5790e93f45283a36a2adedbd9979f0b4bcc0adfbef70478f699cf4ed9d283cf03ba02fffa69b1b30b232fe9cfe3a54d892e2e2fa7e42ea69d6dab668d95f4f441143c95953e4999e3e13eaee2f62f5ce8212bf9eeb50cb94f9cb178d1f9e8fe23237970d801fcee2990af90f3ae06a277a197a3efb89cb3dd48307f98f4fbc9b09be0d985d076c568a0fcd7a7ab4f8a3525f98a401e1a2f8a7138da5776c278ca444282197ba6f81ae29acf6665b079bfa816e8e1975ac9502983f9c0004a160cb5d8805f6f74a124932a8344dcd54607881640f3e914617333a40da695eb613fe1db7810d751d3484f7144535ed100673219de92337150a989d4f2bc77c69f2e633e73ddcf822bae5a36c29ec6178e4fe8f5b3e454b1d1755756d450869f5991296643e8589dc50255eed71c4baf536bae0a793c0981753b9a8ba2b1c5db30c5fe3d0fdd179fc4be38a8e6cf2ba2e8b47f54c0043f7aaa331d5754ef8b3972e43a319da6c03303fb3ff9ac10a1571479447be81ddc9c5e985635d19eb07061495aba3ea1afd6e8574e0cc2a97e8bc5a33d9209808724e25734372fa8a9d42dbacca55d6ba8f09c81c5f55e4fa34cdefa1b1a638172ae75005016e9a55e0324e450c15bbd5c7ed19cc87dd09e9cf53b9130949ed19d71728589cf8ea10cbde1c3a356b56039575a177469a667ae083c9c7515181c7815e8716b44ba20b1bcab5818decf58b2b79bdf3935ebeb579a3bed63201b05a82a52df9eadc2baa7f9dace016b7c082b2e9df77988e4ebbaa88dec8a221d4b30445cb681087faa12f565360f24496f9db7504aae83bda68bb9ef970a71301060cca9c5cd7656c81e389762c312491387e2e5d512f831eb8e97843eee1aef95ab39299cca8ed37e93705bcf7b447551ce8fa882c83f05b444fdf990788a6123d055735602b499589e73ccd9dfd22748c92008c495e21925d805bc4fe5c6931378623f38323dc75737a16f02748cf3657d60d806afe10998ac017ac57bf3b01459105b19cd4715c59966a5d671091a6e4762da1282617639f097f307bc2e97d47b69e2cc4f4ec01d2926d281def82e93c37130ca0b3aab1fd12b7c546f01bf67b37b08c46333f6eb356ea7f1c5e4808a79494ee60922f19e8fee0063e5425e651c8ca2d09b862f7ad61ce86fc80232f59c048cab28c55cde7b135c974feeb77de0ee60da1ea040356c2be753d67e4fff938c7b03fb90151de0ac887f5777f79dc459583d2be649b88be828aea531024733713b7e8ba2ab1e2ee6dc09d9f5807fd243cb420e6bf1ca8f75c3f7cd876878c29413acffe884c5fa86274c2da0d767c37453251be9d1a55e4aeaf680836c54467b5d7f32df4d69af4b1ab47d5ca9cf02dcf92e3c8080ba080d4ad47fba9560eb4267a9258ff194505e09e2687b89a1932ab90e49b10a1f0e1e51bfac1a993fc417eaa7c2ae9e63690720ee9c4279a042397180e1f5e00a22f50fcc15cabe1ce58418d04134d192e071ffd78664b51dfcebcfd8b597c3fe5c71b1a4b99ba398bd77a4163a41eddd8312b85e84e01fab0a8575f8f0e2e60e9a276c75751f4669357ccd9a0f0a8b98d0a8194b74f183f729e56b19b1bd4abc16ba7b8aebd47f22cb6250d1c50fd2046019d4b3d0c37d338c8f28bd870b4cbd13931cec2d23641e36238e79c6cc117d837e0dce69fe97c9456b59e12255b1a2fd91e8eb5e76b45e4aa849651e4cd5603ce289d8116f19188e7018280d055de1da0a1a95f9f2ae785faa5fc16e4135c5b8019ec35ee0dd65b65e98695ebfe790071c37e9b590c453c29bef4ef163d6e225ca6d3785402e12a103501de58906d504d90a947b8fa8f7011a3f2162ea8e8c0b9cbb8bc0c6df182c419ee51857f96bf8864771e0a0d3fc7fd6fe513a2cd1b4964f786ed2516f1f01a043f465fa5e160456949757b373e31c3a5080329c02b73a177bdb773586fae53d4031cd05f6c106779adf2ff47bfd4178cc753ca35cdaaa171d60cc493a9baf6e33eb58f48aa82049889cb602b81a38193b5083e4e9c7d1702b6cdae5a0450c97fdad1a07017ea86ad2e34cb9fd2a55c06f55713772914f85104062561479b8a2e5744c6704604865902f0a13b74c8acaefa4cab8238cc8b713f48b797281bc2bed6d2d600bc43a7bf96b4ac759a0f9c90b9852e384e2162f6865898cf887c716c00a38c309352d0fc1edbbf294758dff8382fc33f2b5201f8d87f1245faad3fa487ca2e2a5969a56713a465526ca5a94eac37509eb4aca0168b0ed6a42662739e54702454cdfd2e80f25896c903336ec4805a2035ec81e254430dad154b51c8ebb317512a625ad4ae491a635526c7ffd0d82659f98d732064e2043e41177e91051820dffa1b84b5cbbd7fb70e2f81253846d2d45d20dbbd9a80c7cd5aec39fad112b3369f384ee3ee6a18c214fd5c1da320db7a69fd126c2b646d4cfb12710c1da2013bbf4894bca0ffb15e179e0db0874ab841e6c657a1d1861f2884743dbb28777af1676371fe4a34118ef97a8a44aa5b4393edd8e4347496369e2909f0c53ab2eed04868273ff1ac7dc3deb4230117cde570d234618b7e8d25dd40b22e6a62790885a14cdbf3bb5877a9f9cbf5432bcb7bdd7a75d983819d01b23bbdc29f3fe49835d99f26602ea1e41b1be04021687d6abd92871aa401f9565b77e323787092d8fa9d863a128b9bfbf82c955d05cb01e1c039fb2c268d5a457854e7fad1de325d95f0a915d79772ec117e1914ee7618baedfb43808c4ca8e286b8fe3985648e9688c5cd6634f7100c0f0b8cbfeef2e43c736212d9b6a195ed7131b3413020b0013ad67a549c0a1e63a50cdf2a0dd3716c46f969ea0692adc454f7c284e0ef4cca00ec78daf02b9ce64aba27f5c16030a5c98de48a84b517e27b935a440a2f7bfbb3bbc86f9152a961c670de6607ba91c656095d50884407c1ef1b6a3e51685c8465c6e6baba9e6f3e6152195ecd54af149ace6dd84d32f4000ec2059ea42a0e917c99ce1d992a4649775c4b4a6348b512c083fb021cf6774ab3939861ac321bf9ab40f55816c2edb88f92d0c32ba090561825ef9832fb0abe41f2d9c5018d85300c19a390833a21bfa7e50a81398e0592fc4a9d492c62a6599047e09ca342f64d0fbbe872017e953fab99fc6cfe05ceaecc7547bfba87f4cd114a6d559ba20a4566e5bce787ffbc093297f9a322084719fac8599ab97e1e5ca4bc8b703f15f44166628e1fa5b40264c28478f7cd27c2211731c8266570f36a4126e412d6e4236744f1dcd868fecdda0768ff77e72b0af665a0de348b05bff66cd8f1ea73a9cbcd859e9e19f1880555d97d192ac59c209e7b2c2e889c40ad87b2e59fd48744cf907c0e406c2281447309895c5a38ff6da28f458df2923f50e462814d00852627955b38ab3b03b9744b2967c6a9797a179cdbdfa270c693e8baf931c13b2594b915f764f1e3438b62a4b81de82cf0ccf962ba81e33722104be3fb55b7a9c12e264b7c9b710d67de46b165708801f510bdb3ef86c69c740ad4f0b79ecd64dd90eeb93c52af6a4b5683fcf9a6976310ad83ca8f5201d364d245346e2a82db816465dd1a93de21323c6a2fcacdd179e647d0e24ca9e30a5c5ea6991dc0be0e5c4bce4ae6e4980d1d857cf275ddd6d305cb10a6c957db837a0edc3f0bcaaa2f98a72c35ccdff56a3ea96965033bf2ffbdf51612b6ef8894bc9f4c6a4dabf1fa1a1266218ae3f71eb43936e841dadb6144c7ea892e6088c5113a63b00663dd6679b4fb116e57b51f554b91276540e754cb26ec8d9eb889337f0b7b635693a62801c5fe8d53c29a6d0f35c25a1d12908e8fc4b943d4653d4f16479b7176cdac8c470f6e75fc789f7c617859c33036a01af27630f6cf67ad8e03ef290a550dd23434111a58f4d4eedd5f61b354938851e9156de6f6df2bead2554614d5efc37b98f0a5dd8fd432e2851d9691ed1978bbcc5986f76227a7ed0a83e8860a77bb5a74bcec94e09e351be488f18e52230a2dbc141afa9ac03ea4529512529e3ce32372751000778c864f538336181ec7056ddc37dfc116fe167abee85cf61e219eac2205b2467c75450f3e58cf041eeec693cf21dc338d63431a6c9fa7a3881f35fdb245683f3f8afb38f1c3df146b28f5dbb48174ab50c24c8c30251541fdf0572b6afe96e4722c3cd27abb845154d07fbe7bc4226479b9725b26bdaccd853face727d35f65355214c15fc06aba950ad317d58bb4b1edbb8a7b31bbc25ccc448d4735312a1b8c2f7aa2a147782a42622ba75bae5badf628a745b571482cbc9654c3778dde83ee5bd10f3e6dc7facce3c7f07c65fa089801c77a14a5697a9d42c1127cea8fd2640da8a544d8daa9fb7affbd5f956a90847764c19fff5de245e0e07efb5cf2d436ed6f98efb9190f4c44d446441008da9fc99e69a435c86a763959d0ef30adbcdbbadc47bcfb527cc0ebf3089279d6a48326584f6b8d0f5811efacd4f00ae0272a61fb4037f20c9a1955e609037d560f0897568ea2f0901e1025d325646bbdba7820c7a6cae98e7a4539f346e95014a9ab61a4d18f1a07eeaef0d269c88e2a53ef6da0910f5fe4950f601b0e2befbde89395dae9d28a242ac108d839918a76c6104560a9c07d4ce9b21d2bd2125c2da7ba44a8ae21acc2eb80e61843a911ace901b8c31454eb439239cf26e3434c3722684389102575f939618a8054378bc4600500a143db8d0f2cbac3f2ec04f31b76a1dbab36b92401d4ff095d33f170afb39559564210f1b2a275ce32d9946933f9a352d841fe35cdeeff1fb07d46e9fd88bed2bc13873ac7b583eee5163a76380fe48397d6cb95815ce47c3667c57f1eb742b8324cc86d0b518b1c0d68e90af57ae759065dd54a44aad6fc89588e138ddd9b8ed6ba01d908bee52593af5d442cd4b89eab769f17df9cabe3d6254cab96912ee070e33a5e1e26dd6594918ba4b1a7b732781d20a7036ca4355dcd43841efd638ececcadb19e9f43c6d48ccb1635c7985cc1a0ced5bf3ada194886d0a940afd3e7172359a5fe17bbf0a48407db8626927403e9c201a8c8c1d6a65eb6a2b16c748d04e8d090309e34449265dfec3db22b8f8be2ff9de9cb61381b282d2f0ea7961c8e4c7e315e54472aa0a8e24d1ea5ec4caf1bc3691e6f38da81ba5762fd2255846206bfb6208ad2c7003cd330f2859a864cc0c8e0b5550854f161f0ba58ac0d9d28ecbfa63f7cc7e439960d201f932ea779d24c264f51327b9b08b5ebef2c6856f1f606fe5990efbb42cd7886fe2da729f88aefda438ee83ef682effb01089f84d65871e194a0789eec78af234019b7773fdc6039a630067a3a84ac7bcbdc19b282b00f3d411cc29a3e514aa9931784ca1d61cd4dcfbec516ec48f878c0adf850039c8a4d500464dd5021e6e552fc1188c8a63d6194ad189e6a6d02323f758443050349a696a828dce4d23e748b44f25f76d76304baf1a70c7e23f046b24df79c294c503c879bd89d1a2d845ad6b8ec3ecaaff9411cdf3a5f6e59ca9f26105eaf50f40706fb483e6fbdd5068e955565ee94977cb8ff9215531b47b8a7a107964bca285dc81d6028fb4106650c20fa77b8c3e200b17b3e7625282b16ace3a4fc84f99ac3fec8c52f75452f61e9e5828f3098f02bd4ed48a0a02889b7761fbcf0534d7fc5b78fc76ddd453109180af58c276ba1fdf33e892cbf06b1f7bdda82c1f9c408397b8b315c03d3239f91f6a335201067fa53d818194bf2cc74d8873ea65b841f4ad5fcb4d458c6499d255d893c93d6a2b469e9fbe84af29cdd7d7671ec926bf2f45b886202ad3ff611c3e9f6a80c5035ba4d134aed86aa38665d61fed3c11c149901940ec87b99393a261e5aaac94ce8121f7761a52113ead6c50aaaa003621455f758d8dfdee3763540b5c89462991305afdfcd2ee4be6477b7fb09d26ac77527ad5733d6b7c8fb33e659cc87222ec9c637937ea844136e2563b3c706f5f542136f05b25926ce1a782552cff19b90bcf3d26e01afa13fac925f0c3b16f13758b65c6fb00fb0dd0bcaaa0bba334d2406607b1c881c6f4f45fb51b41882b5141b483d70067d565503d20751093a4bcc002e88cccdace71c891f7ece5efa3726276653e4b7d35c096b4362f62e689ed663e98e54e4e3daeba6349e2ded1e02fc4884491a629ad4c3a1c01d873df91c6ecc3caa8b8edc4d21dc61dda003a93abc6f62fb69d5d52bd7e4e1f974e6c8e132e96268c05925b4c481a20ac406aaae55c7357213ec3f0542fad029c12c2368a99f85ea9461673a4be5b864c64a0ba965e2c99c57f8aa13b6fce9030ced5949422a79e2aefe3044ebb941f6345168b06e8ef64dd37c1bb26197c8fc2ca005d1a5fe83204e4011c78098b9ae45a17f429f97b3ff2a9c715d86462b27b47219ab88a411a5fe75132b0895a36ba1a1f5fd7571de7deb45735d65a4422c5c3bc1469714ccb36be62ba5816bb0b5bc4d9e23e68ffef75dec42f2167e72f5015d8f933741fc439c9557fbe5b0e1532ff671a60e9c1b7945b2b2391be4ce4f93aa1479a4ea4bc2d23721a186bb6faaa05927bd14a837b7dbd792bf60b17e5870e533c992b6c33b137311d7e84cbd69381b424d007dbf6f1da4b1fbfe51a6ff94009a71410a312f6e0c3731a2207846abadbe8f5badfb0e5ca70e97205db9925b6e566bdf103fdce7457f544c1d4a4b01d0be756deb3c0df17779d98e25ef5040df1aa5a880ae7daf789d2f9d486cd396dca367f5fbe5dbf91e1ef54db5e97f66ea140865954783cc49712fc20e0e262196ecd110a05168d9c52cec163c8c0d3838c424b73ba961fc838996cb8b1805e36331c688aa83d275c51cf9c009911385ade92ed0ea526cf8fd9d829ea8dd8f20184eb6ebedae5c03ac5634f7a06aed1d5333a5bc7f1738016222017f07467258166f2884ed17bbc94f9d86a568b2b0a3daa4e3cd4331048588ceaf3880304ca77b2c59e0f90aa7f2e6df2b433bbfb38790aa28b0ea0c0444018f9d9232ffd4eca20396c9d5534b81f8d0fad3624e0f84a4ca2d5b8848769d28e43073923b59a6049912cb321b99b2cc6157393e16bf31cac1e15ed0440c67172c3e6b3020b366eb8d707cedf2b269ee8de02a6d622dffba355d077be67a4d50586aeaf62aafc9728379fb2f31af8c665d382cab110b138ae02f0b9a82f0671a1a08956822b05ea0f932b3bd898cee0845fb3e848734a5e934d7b51bdac212879c9d9279b7e6b504f078c694d98cf96a5b13c8c9c081f149c3c76b0d939cc116c75edaab1c0c9f1350a9179aecf27d84bf87a5c12392be196cf64d51a083a1f4f51ef2662e7f0e320e8b73cc3a9ee0c87ad52dbb75319a370e539bdd4ca74d5ad2b4ec248edfaa0946b8c4dc6351c7064a9b825072838ef12bb87105982572b39a67a6430cee58ac51ded59340245e2fd854e1e1eaac3ed9ce3bc98e7d2f1cc49449a3f6974eca8417c25f0e3f61b119031a80122fc4b3f16cde8aae0d60ce9110200092b41dcbbe49910af27a33115bf778c89498761e1fde529a2afc18e50bbaa94566f612ebc1f04e1a47987467d0f3983e84b8739f7946a1b3523b39057b37e3339b681e1149512ad39af7c3e0218cda537be92ec0c91d561e1e28a5c67a9a1d21c6eff218de1ad477bc666d51fe02ed9b56a85445533817e4c0fce985f71b7b12bdc70705efdff5a0c1241648beeeb5288379a41ce760df65d629238c8e4b197dfb3a9549d8edfa313a294043a38fda654711ac22ddaef327dc0464b3e907b9a2c8d2caa9ee19b0a588b16175103a4fc068f3a0c90d902f120697d5ad1cdf10d5222e92276b23bf34d4366015fbffd77553ba2edf74acc8bc6b12736330a6a55d7fe71c66b78826b3ddf99f59af9bf3824e9238b285db95294379075c058c6b0af3fe3e8ab722a994b5c4aee55652f3d76c2637edada35f2e5e540f9b940f5ec85f381f5f2cf9b38fb614a517835b524095b967d856a65896ba153524389c67d07e2ba291444308754fbda50c23a2b6c832d1f38d090d266f0abccd877c06a845ce1706f54e85fbd56e4ddaf1cbe24a0f99f27cf03ac785017b9346ade55c712ed07a3eb90d6037744f53129de79213e34e8d3bef0da058f7c4c6fa670af26a757153a0bf8386c68e14de71e96370ad8ac66b80d406d46712461c53566a3f2cb5eed801e2c78903eb5c9578ae27f1fccc4a53b8c925bebf8c717b83baf8a0dbfc04235428163d61951fbce979addc2905cff3660d9270093c4c037c42f40742368f3cfae51464a1287967c737345a7e5cf5903d0858e2fc3801e4e173799ff6fa7eaaf0bc0570026d5db00518aeae8f60f823ec10cc0b74619d16d33637a36bf504b3851611f7a15b10ed36912ba1550c78e439c27fa6ed337168a2a0c6dcf82dce55cdb58d57176e078f249e7b14352cfe31b6804be0495e00a7535629af15e577a803c641559b2ff93f73682abfaffd17ff3b07c6538e459ce5199d37f4c3eac340a619f9e218156e3228f869e89db12dd59903f79b6b978b0e647904ee835b51dd6160b40c8528366c6512351f57b03f92f4f953a6feda148021f6f9416ff806ef9d91b72feff9b5b1bf274ac316131da05631d719554da97460c281677ef1d89a9d4427431591edad788c7d43d7bb3a3ff5f8753386b7b05f14e406553f908b97b7983c0827c07e61fadd6351155aa4ad8a6568ce2c6d7fd11345bf540c0f58148aa3a8e2bf526b2c7072d23b25ba974d761af1b720f4c418494c2d86bc48faa77ee0e5294b9308104df903cab", 0x2000, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001100)={0xc0, 0x0, 0x4, [{{0x1, 0x1, 0x3ff, 0xfffffffffffffffa, 0x3, 0xfff, {0x5, 0x870, 0x3ee, 0x3, 0x100, 0x2, 0x1a7a8749, 0x7, 0x1, 0x8000, 0x3, r2, r3, 0xe, 0x400}}, {0x4, 0x2, 0x15, 0x5b8, '.#&--[!:}:@*,]%%+}\xef&['}}]}, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) getdents64(r4, 0x0, 0x0) 1.095925673s ago: executing program 3 (id=1049): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) 1.095620243s ago: executing program 0 (id=1050): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', 0x0, 0x0, 0x1) 1.095321923s ago: executing program 3 (id=1051): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) eventfd2(0x7, 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) listen(r2, 0x6) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f0000000000), 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@newqdisc={0xa0, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x70, 0x2, {{0x6, 0x2, 0x0, 0x2, 0xffffffff}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd}}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x200, 0x5, 0x4, 0xff, 0x9, 0x8}}, @TCA_NETEM_RATE64={0xc, 0x8, 0xc1160cbda5ab1ab}, @TCA_NETEM_DELAY_DIST={0xe, 0x2, "5b85af55d0f081299a5e"}]}}}]}, 0xa0}}, 0x0) sendmsg$inet(r1, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) 520.917272ms ago: executing program 2 (id=1052): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10) connect$inet(r0, &(0x7f00000008c0)={0x2, 0x4e21, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 509.543082ms ago: executing program 2 (id=1053): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000000)="66b8008000000f23d00f21f866353000000e0f23f8660fe98515a30f353e6764360f79d5f33e0f0091000084cdd221918e30260f01c966214d96ea0a4a3b00", 0x3f}], 0x1, 0x73, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 447.645233ms ago: executing program 1 (id=1054): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x24, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 413.214003ms ago: executing program 4 (id=1055): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil) mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil) munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000) munmap(&(0x7f000060f000/0x4000)=nil, 0x4000) madvise(&(0x7f0000492000/0x2000)=nil, 0x2000, 0x12) munmap(&(0x7f0000694000/0x3000)=nil, 0x3000) mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000, 0x0, &(0x7f0000ee0000/0x3000)=nil) munmap(&(0x7f0000ba0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e29000/0x1000)=nil, 0x1000) madvise(&(0x7f0000ad2000/0x4000)=nil, 0x4000, 0x10) munmap(&(0x7f0000b04000/0x4000)=nil, 0x4000) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f000046b000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil) mremap(&(0x7f0000ccc000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000b0e000/0x2000)=nil) mremap(&(0x7f0000ce8000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f00007ce000/0x2000)=nil) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) 412.407093ms ago: executing program 2 (id=1056): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc5001, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 360.064504ms ago: executing program 4 (id=1057): r0 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}], 0xb4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x441, 0x6, 0x0, 0x0, 0x2004cb, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2000], 0x0, 0x200306}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 357.357144ms ago: executing program 1 (id=1058): socket(0x400000000010, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x200dc91, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 321.425525ms ago: executing program 1 (id=1059): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x6) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x10) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf4fffff7, 0x12, r1, 0x0) write$tun(r0, &(0x7f0000000600)={@void, @val={0x1, 0x3, 0xffff, 0x9, 0xfeff, 0xff0c}, @mpls={[], @ipv4=@udp={{0x5, 0x4, 0x3, 0x5, 0x2c, 0x68, 0x0, 0x9, 0x11, 0x0, @remote, @multicast2}, {0x4e20, 0x4e21, 0x18, 0x0, @wg=@data={0x4, 0x7b8dd026, 0x1ff}}}}}, 0x36) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1f}}, 0x3c) 310.548985ms ago: executing program 4 (id=1060): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x19) 252.885376ms ago: executing program 0 (id=1061): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={0x20, 0x1, 0x8, 0x401, 0x0, 0x0, {0x1, 0x0, 0x9}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x4) 252.680526ms ago: executing program 1 (id=1062): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x50) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(0xffffffffffffffff) 176.914877ms ago: executing program 32 (id=1062): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x50) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(0xffffffffffffffff) 175.162647ms ago: executing program 0 (id=1064): r0 = socket(0x200000000000011, 0x2, 0x0) sendmmsg(r0, &(0x7f0000001b00)=[{{&(0x7f0000000100)=@tipc=@name={0x1e, 0x2, 0x0, {{0x43, 0x3}, 0x4}}, 0x80, 0x0}}], 0x1, 0x8000) 174.250867ms ago: executing program 3 (id=1065): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$cgroup2(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x141010, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0) 96.034918ms ago: executing program 0 (id=1066): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000005010040"]) 95.897698ms ago: executing program 3 (id=1067): memfd_create(&(0x7f0000000200)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x3, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 83.349738ms ago: executing program 0 (id=1068): r0 = socket$inet(0x2, 0x80001, 0x84) r1 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) bind$inet(r0, &(0x7f0000000180)={0x2, 0xc620, @local}, 0x10) 45.475769ms ago: executing program 0 (id=1069): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x6, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x180d, 0x80000000, 0x9, 0x0, 0x0, 0xffff82ee, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x80, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) readv(r1, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1) 0s ago: executing program 3 (id=1070): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x655c, 0x2, 0x1ffffffe, 0x9, 0x800}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) kernel console output (not intermixed with test programs): syz.3.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0972edf169 code=0x7ffc0000 [ 390.993334][ T30] audit: type=1326 audit(1743697383.678:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 391.016697][ T337] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 391.026676][ T337] usb 2-1: config 0 has no interface number 0 [ 391.045153][ T337] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 391.065044][ T30] audit: type=1326 audit(1743697383.678:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 391.109419][ T4320] loop3: detected capacity change from 0 to 40427 [ 391.118221][ T30] audit: type=1326 audit(1743697383.678:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 391.131385][ T337] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 391.143904][ T30] audit: type=1326 audit(1743697383.678:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 391.164853][ T337] usb 2-1: config 0 interface 41 has no altsetting 0 [ 391.181682][ T30] audit: type=1326 audit(1743697383.678:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 391.204830][ T30] audit: type=1326 audit(1743697383.678:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 391.228008][ T30] audit: type=1326 audit(1743697383.678:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 391.383106][ T4328] loop0: detected capacity change from 0 to 512 [ 391.419688][ T4328] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 391.500000][ T4328] EXT4-fs (loop0): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 391.518765][ T4328] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 391.747740][ T4320] F2FS-fs (loop3): Found nat_bits in checkpoint [ 392.291012][ T4320] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 392.380603][ T4320] F2FS-fs (loop3): Inconsistent error blkaddr:5633, sit bitmap:0 [ 392.388355][ T4320] CPU: 0 PID: 4320 Comm: syz.3.812 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 392.397980][ T4320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 392.407873][ T4320] Call Trace: [ 392.410993][ T4320] [ 392.413769][ T4320] dump_stack_lvl+0x151/0x1c0 [ 392.418287][ T4320] ? io_uring_drop_tctx_refs+0x190/0x190 [ 392.423750][ T4320] ? arch_stack_walk+0xf3/0x140 [ 392.428440][ T4320] dump_stack+0x15/0x20 [ 392.432432][ T4320] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 392.437656][ T4320] f2fs_map_blocks+0x1622/0x3ab0 [ 392.442411][ T4320] ? __stack_depot_save+0x34/0x470 [ 392.447365][ T4320] ? f2fs_do_map_lock+0x70/0x70 [ 392.452062][ T4320] ? debug_smp_processor_id+0x17/0x20 [ 392.457254][ T4320] ? try_charge_memcg+0x213/0x1550 [ 392.462200][ T4320] f2fs_mpage_readpages+0xc9a/0x21a0 [ 392.467321][ T4320] ? __mem_cgroup_uncharge_list+0x8b/0x150 [ 392.472971][ T4320] ? dquot_release_reservation_block+0xa0/0xa0 [ 392.479045][ T4320] ? __this_cpu_preempt_check+0x13/0x20 [ 392.484422][ T4320] ? __pagevec_lru_add+0xcde/0xd70 [ 392.489376][ T4320] f2fs_readahead+0xfd/0x250 [ 392.493792][ T4320] ? blk_start_plug+0x5a/0x170 [ 392.498394][ T4320] read_pages+0x15e/0xb00 [ 392.502561][ T4320] ? lru_cache_add+0x279/0x540 [ 392.507162][ T4320] ? page_cache_ra_unbounded+0xa50/0xa50 [ 392.512625][ T4320] ? add_to_page_cache_lru+0x225/0x2c0 [ 392.517920][ T4320] ? add_to_page_cache_locked+0x40/0x40 [ 392.523301][ T4320] ? futex_wait+0x9a0/0x9a0 [ 392.527643][ T4320] ? wp_page_copy+0x13f9/0x1b00 [ 392.532329][ T4320] page_cache_ra_unbounded+0x7ed/0xa50 [ 392.537627][ T4320] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 392.543960][ T4320] ondemand_readahead+0x9c8/0xfa0 [ 392.548821][ T4320] ? handle_pte_fault+0x7f1/0x28f0 [ 392.553888][ T4320] ? page_cache_sync_ra+0x4d0/0x4d0 [ 392.558912][ T4320] ? fault_around_bytes_set+0xc0/0xc0 [ 392.564129][ T4320] ? cgroup_rstat_updated+0xe5/0x370 [ 392.569260][ T4320] page_cache_sync_ra+0x2e9/0x4d0 [ 392.574102][ T4320] ? force_page_cache_ra+0x420/0x420 [ 392.579221][ T4320] ? do_handle_mm_fault+0x1807/0x2400 [ 392.584434][ T4320] f2fs_readdir+0x52d/0xba0 [ 392.588777][ T4320] ? f2fs_fill_dentries+0xd60/0xd60 [ 392.593804][ T4320] ? avc_policy_seqno+0x1b/0x70 [ 392.598490][ T4320] ? __kasan_check_read+0x11/0x20 [ 392.603353][ T4320] ? security_file_permission+0x86/0xb0 [ 392.608737][ T4320] iterate_dir+0x265/0x600 [ 392.613010][ T4320] ? f2fs_fill_dentries+0xd60/0xd60 [ 392.618035][ T4320] __se_sys_getdents64+0x1c1/0x460 [ 392.622980][ T4320] ? __x64_sys_getdents64+0x90/0x90 [ 392.628001][ T4320] ? filldir+0x680/0x680 [ 392.632082][ T4320] ? __kasan_check_write+0x14/0x20 [ 392.637025][ T4320] ? switch_fpu_return+0x15f/0x2e0 [ 392.641986][ T4320] __x64_sys_getdents64+0x7b/0x90 [ 392.646835][ T4320] x64_sys_call+0x5ae/0x9a0 [ 392.651178][ T4320] do_syscall_64+0x3b/0xb0 [ 392.655439][ T4320] ? clear_bhb_loop+0x35/0x90 [ 392.659939][ T4320] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 392.665666][ T4320] RIP: 0033:0x7f0972edf169 [ 392.669931][ T4320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.689449][ T4320] RSP: 002b:00007f0971549038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 392.697696][ T4320] RAX: ffffffffffffffda RBX: 00007f09730f7fa0 RCX: 00007f0972edf169 [ 392.705505][ T4320] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 392.713317][ T4320] RBP: 00007f0972f602a0 R08: 0000000000000000 R09: 0000000000000000 [ 392.721127][ T4320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.728935][ T4320] R13: 0000000000000000 R14: 00007f09730f7fa0 R15: 00007ffeecd752d8 [ 392.736754][ T4320] [ 392.747441][ T4320] F2FS-fs (loop3): Inconsistent error blkaddr:5633, sit bitmap:0 [ 392.768621][ T4320] CPU: 1 PID: 4320 Comm: syz.3.812 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 392.778308][ T4320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 392.788208][ T4320] Call Trace: [ 392.791330][ T4320] [ 392.794102][ T4320] dump_stack_lvl+0x151/0x1c0 [ 392.798618][ T4320] ? io_uring_drop_tctx_refs+0x190/0x190 [ 392.804090][ T4320] dump_stack+0x15/0x20 [ 392.808199][ T4320] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 392.813406][ T4320] f2fs_get_read_data_page+0x50f/0x850 [ 392.818691][ T4320] ? f2fs_get_block+0x1b0/0x1b0 [ 392.823377][ T4320] ? force_page_cache_ra+0x420/0x420 [ 392.828500][ T4320] f2fs_find_data_page+0x19c/0x420 [ 392.833443][ T4320] f2fs_readdir+0x53a/0xba0 [ 392.837795][ T4320] ? f2fs_fill_dentries+0xd60/0xd60 [ 392.842817][ T4320] ? avc_policy_seqno+0x1b/0x70 [ 392.847506][ T4320] ? __kasan_check_read+0x11/0x20 [ 392.852363][ T4320] ? security_file_permission+0x86/0xb0 [ 392.857747][ T4320] iterate_dir+0x265/0x600 [ 392.861997][ T4320] ? f2fs_fill_dentries+0xd60/0xd60 [ 392.867035][ T4320] __se_sys_getdents64+0x1c1/0x460 [ 392.871986][ T4320] ? __x64_sys_getdents64+0x90/0x90 [ 392.877013][ T4320] ? filldir+0x680/0x680 [ 392.881097][ T4320] ? __kasan_check_write+0x14/0x20 [ 392.886041][ T4320] ? switch_fpu_return+0x15f/0x2e0 [ 392.890992][ T4320] __x64_sys_getdents64+0x7b/0x90 [ 392.895848][ T4320] x64_sys_call+0x5ae/0x9a0 [ 392.900190][ T4320] do_syscall_64+0x3b/0xb0 [ 392.904437][ T4320] ? clear_bhb_loop+0x35/0x90 [ 392.908953][ T4320] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 392.914678][ T4320] RIP: 0033:0x7f0972edf169 [ 392.919050][ T4320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.938495][ T4320] RSP: 002b:00007f0971549038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 392.946733][ T4320] RAX: ffffffffffffffda RBX: 00007f09730f7fa0 RCX: 00007f0972edf169 [ 392.954545][ T4320] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 392.962353][ T4320] RBP: 00007f0972f602a0 R08: 0000000000000000 R09: 0000000000000000 [ 392.970169][ T4320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.977976][ T4320] R13: 0000000000000000 R14: 00007f09730f7fa0 R15: 00007ffeecd752d8 [ 392.985792][ T4320] [ 392.988817][ T337] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 393.290267][ T294] attempt to access beyond end of device [ 393.290267][ T294] loop3: rw=2049, want=45112, limit=40427 [ 393.332770][ T337] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.340860][ T337] usb 2-1: Product: syz [ 393.347926][ T337] usb 2-1: config 0 descriptor?? [ 393.354097][ T4346] loop1: detected capacity change from 0 to 256 [ 393.367350][ T337] usb 2-1: can't set config #0, error -71 [ 393.374130][ T337] usb 2-1: USB disconnect, device number 15 [ 393.388157][ T4346] exfat: Deprecated parameter 'namecase' [ 393.393661][ T4346] exfat: Bad value for 'uid' [ 393.955450][ T4356] loop2: detected capacity change from 0 to 512 [ 394.079197][ T4356] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 395.072412][ T4356] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 395.090791][ T4356] ext4 filesystem being mounted at /147/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 396.073863][ T4370] loop1: detected capacity change from 0 to 512 [ 397.028404][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 397.028420][ T30] audit: type=1326 audit(1743697389.718:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4374 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 397.043123][ T4377] loop3: detected capacity change from 0 to 256 [ 397.158050][ T4370] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 397.198846][ T4373] loop0: detected capacity change from 0 to 512 [ 397.277239][ T4377] exfat: Deprecated parameter 'namecase' [ 397.283162][ T4377] exfat: Bad value for 'uid' [ 397.299719][ T4370] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 397.318524][ T4370] ext4 filesystem being mounted at /152/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 397.330623][ T4373] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 397.872908][ T30] audit: type=1326 audit(1743697390.388:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4374 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 398.017256][ T30] audit: type=1326 audit(1743697390.588:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4374 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 398.452373][ T30] audit: type=1326 audit(1743697390.588:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4374 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 398.515543][ T4373] EXT4-fs (loop0): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 398.533893][ T4373] ext4 filesystem being mounted at /175/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 399.403495][ T4395] loop2: detected capacity change from 0 to 512 [ 399.791343][ T4395] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 399.881950][ T4395] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz.2.827: corrupted in-inode xattr [ 399.894293][ T4395] EXT4-fs (loop2): Remounting filesystem read-only [ 399.903476][ T4395] EXT4-fs (loop2): 1 truncate cleaned up [ 399.909002][ T4395] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 400.726656][ T4384] loop4: detected capacity change from 0 to 40427 [ 401.131089][ T4384] F2FS-fs (loop4): invalid crc value [ 401.146232][ T4413] loop2: detected capacity change from 0 to 512 [ 401.154523][ T4384] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-4) [ 401.188037][ T4413] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 401.222033][ T4413] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 401.240397][ T4413] ext4 filesystem being mounted at /150/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 401.313844][ T4401] loop3: detected capacity change from 0 to 40427 [ 401.399121][ T4401] F2FS-fs (loop3): invalid crc value [ 401.412676][ T4401] F2FS-fs (loop3): Found nat_bits in checkpoint [ 402.671280][ T4424] loop1: detected capacity change from 0 to 512 [ 403.001046][ T4426] loop4: detected capacity change from 0 to 512 [ 407.168732][ T4401] F2FS-fs (loop3): Start checkpoint disabled! [ 408.535748][ T4448] loop4: detected capacity change from 0 to 512 [ 409.312636][ T4450] loop1: detected capacity change from 0 to 512 [ 411.340099][ T4448] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 411.360022][ T4450] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 411.455351][ T4450] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 411.474224][ T4450] ext4 filesystem being mounted at /157/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 411.858659][ T4448] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2219: inode #15: comm syz.4.838: corrupted in-inode xattr [ 411.873497][ T4448] EXT4-fs (loop4): Remounting filesystem read-only [ 411.880706][ T4448] EXT4-fs (loop4): 1 truncate cleaned up [ 411.886234][ T4448] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 412.361309][ T4460] loop3: detected capacity change from 0 to 256 [ 412.504223][ T4458] loop2: detected capacity change from 0 to 40427 [ 412.514530][ T4470] loop1: detected capacity change from 0 to 512 [ 412.658105][ T4471] loop4: detected capacity change from 0 to 40427 [ 412.717122][ T2336] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 412.957798][ T4470] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 412.961141][ T4458] F2FS-fs (loop2): invalid crc value [ 412.970499][ T2336] usb 1-1: Using ep0 maxpacket: 16 [ 412.971034][ T4460] exfat: Deprecated parameter 'namecase' [ 412.977659][ T4458] F2FS-fs (loop2): Found nat_bits in checkpoint [ 412.981106][ T4460] exfat: Bad value for 'uid' [ 412.988531][ T4471] F2FS-fs (loop4): Found nat_bits in checkpoint [ 413.013184][ T4470] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 413.031513][ T4470] ext4 filesystem being mounted at /159/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 413.086130][ T4458] F2FS-fs (loop2): Start checkpoint disabled! [ 413.087619][ T2336] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 413.106352][ T2336] usb 1-1: config 0 has no interface number 0 [ 413.113165][ T2336] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 413.113203][ T4471] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 413.130336][ T4458] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 413.177169][ T2336] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 413.195595][ T2336] usb 1-1: config 0 interface 41 has no altsetting 0 [ 413.258179][ T4458] attempt to access beyond end of device [ 413.258179][ T4458] loop2: rw=2049, want=45104, limit=40427 [ 413.796820][ T4464] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 413.820893][ T4464] CPU: 1 PID: 4464 Comm: syz.4.843 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 413.830549][ T4464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 413.840442][ T4464] Call Trace: [ 413.843565][ T4464] [ 413.846339][ T4464] dump_stack_lvl+0x151/0x1c0 [ 413.850871][ T4464] ? io_uring_drop_tctx_refs+0x190/0x190 [ 413.856320][ T4464] ? arch_stack_walk+0xf3/0x140 [ 413.861012][ T4464] dump_stack+0x15/0x20 [ 413.865000][ T4464] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 413.870214][ T4464] f2fs_map_blocks+0x1622/0x3ab0 [ 413.874984][ T4464] ? __stack_depot_save+0x34/0x470 [ 413.879943][ T4464] ? f2fs_do_map_lock+0x70/0x70 [ 413.884618][ T4464] ? debug_smp_processor_id+0x17/0x20 [ 413.889823][ T4464] ? try_charge_memcg+0x213/0x1550 [ 413.894774][ T4464] f2fs_mpage_readpages+0xc9a/0x21a0 [ 413.899910][ T4464] ? __mem_cgroup_uncharge_list+0x8b/0x150 [ 413.905535][ T4464] ? dquot_release_reservation_block+0xa0/0xa0 [ 413.911521][ T4464] ? __this_cpu_preempt_check+0x13/0x20 [ 413.916899][ T4464] ? __pagevec_lru_add+0xcde/0xd70 [ 413.921848][ T4464] f2fs_readahead+0xfd/0x250 [ 413.926275][ T4464] ? blk_start_plug+0x5a/0x170 [ 413.930874][ T4464] read_pages+0x15e/0xb00 [ 413.935043][ T4464] ? lru_cache_add+0x279/0x540 [ 413.939640][ T4464] ? page_cache_ra_unbounded+0xa50/0xa50 [ 413.945129][ T4464] ? add_to_page_cache_lru+0x225/0x2c0 [ 413.950404][ T4464] ? add_to_page_cache_locked+0x40/0x40 [ 413.955785][ T4464] page_cache_ra_unbounded+0x7ed/0xa50 [ 413.961085][ T4464] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 413.967416][ T4464] ondemand_readahead+0x9c8/0xfa0 [ 413.972273][ T4464] ? handle_pte_fault+0x7f1/0x28f0 [ 413.977067][ T2336] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 413.977227][ T4464] ? page_cache_sync_ra+0x4d0/0x4d0 [ 413.986151][ T2336] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.991112][ T4464] ? fault_around_bytes_set+0xc0/0xc0 [ 413.991143][ T4464] ? cgroup_rstat_updated+0xe5/0x370 [ 414.000959][ T2336] usb 1-1: Product: syz [ 414.004128][ T4464] page_cache_sync_ra+0x2e9/0x4d0 [ 414.009622][ T2336] usb 1-1: Manufacturer: syz [ 414.013327][ T4464] ? force_page_cache_ra+0x420/0x420 [ 414.018376][ T2336] usb 1-1: SerialNumber: syz [ 414.022615][ T4464] ? do_handle_mm_fault+0x1807/0x2400 [ 414.022648][ T4464] f2fs_readdir+0x52d/0xba0 [ 414.034267][ T2336] usb 1-1: config 0 descriptor?? [ 414.037375][ T4464] ? f2fs_fill_dentries+0xd60/0xd60 [ 414.037401][ T4464] ? avc_policy_seqno+0x1b/0x70 [ 414.037424][ T4464] ? __kasan_check_read+0x11/0x20 [ 414.057088][ T4466] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 414.061071][ T4464] ? security_file_permission+0x86/0xb0 [ 414.068166][ T4466] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 414.073216][ T4464] iterate_dir+0x265/0x600 [ 414.084238][ T4464] ? f2fs_fill_dentries+0xd60/0xd60 [ 414.089268][ T4464] __se_sys_getdents64+0x1c1/0x460 [ 414.094217][ T4464] ? __x64_sys_getdents64+0x90/0x90 [ 414.099254][ T4464] ? filldir+0x680/0x680 [ 414.103328][ T4464] ? __kasan_check_write+0x14/0x20 [ 414.108275][ T4464] ? switch_fpu_return+0x15f/0x2e0 [ 414.113225][ T4464] __x64_sys_getdents64+0x7b/0x90 [ 414.118097][ T4464] x64_sys_call+0x5ae/0x9a0 [ 414.122421][ T4464] do_syscall_64+0x3b/0xb0 [ 414.126675][ T4464] ? clear_bhb_loop+0x35/0x90 [ 414.131192][ T4464] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 414.136917][ T4464] RIP: 0033:0x7f669a42e169 [ 414.141174][ T4464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.160612][ T4464] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 414.168857][ T4464] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 414.176677][ T4464] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000008 [ 414.184488][ T4464] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 414.192291][ T4464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.200191][ T4464] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 414.208004][ T4464] [ 414.288675][ T4491] loop1: detected capacity change from 0 to 512 [ 414.301793][ T4464] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 414.309949][ T4464] CPU: 1 PID: 4464 Comm: syz.4.843 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 414.319578][ T4464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 414.329476][ T4464] Call Trace: [ 414.332594][ T4464] [ 414.335374][ T4464] dump_stack_lvl+0x151/0x1c0 [ 414.339888][ T4464] ? io_uring_drop_tctx_refs+0x190/0x190 [ 414.345358][ T4464] ? f2fs_is_valid_blkaddr+0x57e/0x12d0 [ 414.350737][ T4464] ? f2fs_is_valid_blkaddr+0x9c5/0x12d0 [ 414.356119][ T4464] dump_stack+0x15/0x20 [ 414.360113][ T4464] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 414.365320][ T4464] f2fs_get_read_data_page+0x50f/0x850 [ 414.370613][ T4464] ? f2fs_get_block+0x1b0/0x1b0 [ 414.375296][ T4464] ? sysvec_reschedule_ipi+0x8c/0x160 [ 414.380508][ T4464] ? f2fs_find_data_page+0x15f/0x420 [ 414.385629][ T4464] ? f2fs_find_data_page+0x189/0x420 [ 414.390751][ T4464] f2fs_find_data_page+0x19c/0x420 [ 414.395697][ T4464] f2fs_readdir+0x53a/0xba0 [ 414.400036][ T4464] ? f2fs_fill_dentries+0xd60/0xd60 [ 414.405067][ T4464] ? avc_policy_seqno+0x1b/0x70 [ 414.409757][ T4464] ? __kasan_check_read+0x11/0x20 [ 414.414614][ T4464] ? security_file_permission+0x86/0xb0 [ 414.419997][ T4464] iterate_dir+0x265/0x600 [ 414.424248][ T4464] ? f2fs_fill_dentries+0xd60/0xd60 [ 414.429284][ T4464] __se_sys_getdents64+0x1c1/0x460 [ 414.434229][ T4464] ? __x64_sys_getdents64+0x90/0x90 [ 414.439268][ T4464] ? filldir+0x680/0x680 [ 414.443346][ T4464] ? __kasan_check_write+0x14/0x20 [ 414.448289][ T4464] ? switch_fpu_return+0x15f/0x2e0 [ 414.453252][ T4464] __x64_sys_getdents64+0x7b/0x90 [ 414.458104][ T4464] x64_sys_call+0x5ae/0x9a0 [ 414.462438][ T4464] do_syscall_64+0x3b/0xb0 [ 414.466690][ T4464] ? clear_bhb_loop+0x35/0x90 [ 414.471207][ T4464] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 414.476938][ T4464] RIP: 0033:0x7f669a42e169 [ 414.481189][ T4464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.500628][ T4464] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 414.508874][ T4464] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 414.516680][ T4464] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000008 [ 414.524496][ T4464] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 414.532304][ T4464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.540119][ T4464] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 414.547954][ T4464] [ 414.558515][ T4493] loop3: detected capacity change from 0 to 512 [ 418.625081][ T4491] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 418.637504][ T4493] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 418.645744][ T4491] EXT4-fs warning (device loop1): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop1. [ 418.657193][ T4493] EXT4-fs warning (device loop3): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop3. [ 418.711537][ T10] attempt to access beyond end of device [ 418.711537][ T10] loop2: rw=1, want=45224, limit=40427 [ 418.722579][ T2336] dm9601: probe of 1-1:0.41 failed with error -71 [ 418.729329][ T10] attempt to access beyond end of device [ 418.729329][ T10] loop2: rw=1, want=45104, limit=40427 [ 418.741204][ T10] attempt to access beyond end of device [ 418.741204][ T10] loop2: rw=2049, want=40984, limit=40427 [ 418.757079][ T2336] sr9700: probe of 1-1:0.41 failed with error -71 [ 418.763600][ T289] attempt to access beyond end of device [ 418.763600][ T289] loop4: rw=2049, want=45112, limit=40427 [ 418.800319][ T2336] usb 1-1: USB disconnect, device number 21 [ 419.659314][ T4511] loop0: detected capacity change from 0 to 512 [ 420.497592][ T4513] loop2: detected capacity change from 0 to 512 [ 421.202772][ T4515] loop3: detected capacity change from 0 to 512 [ 422.275322][ T4515] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 422.285304][ T4513] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 422.429322][ T4515] EXT4-fs (loop3): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 422.448100][ T4515] ext4 filesystem being mounted at /186/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 422.788243][ T4513] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 422.806954][ T4513] ext4 filesystem being mounted at /154/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 424.682938][ T4537] loop4: detected capacity change from 0 to 512 [ 425.015083][ T4537] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 425.061583][ T4527] loop3: detected capacity change from 0 to 512 [ 425.198523][ T4542] loop1: detected capacity change from 0 to 512 [ 425.239624][ T4542] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 425.257608][ T4527] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 425.328182][ T4527] EXT4-fs (loop3): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 425.346486][ T4527] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 425.364704][ T4537] EXT4-fs (loop4): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 425.383490][ T4537] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 425.468787][ T4542] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 425.487686][ T4542] ext4 filesystem being mounted at /163/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 426.357001][ T30] audit: type=1326 audit(1743697419.038:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.401013][ T30] audit: type=1326 audit(1743697419.038:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.444484][ T30] audit: type=1326 audit(1743697419.038:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.476714][ T30] audit: type=1326 audit(1743697419.038:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.500024][ T30] audit: type=1326 audit(1743697419.038:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.523127][ T30] audit: type=1326 audit(1743697419.038:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.547825][ T30] audit: type=1326 audit(1743697419.038:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.570907][ T30] audit: type=1326 audit(1743697419.038:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.598772][ T30] audit: type=1326 audit(1743697419.088:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.610094][ T4563] 9pnet: Insufficient options for proto=fd [ 426.625043][ T30] audit: type=1326 audit(1743697419.088:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4554 comm="syz.0.861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 426.687752][ T4557] loop2: detected capacity change from 0 to 512 [ 426.757042][ T4557] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 427.223827][ T4572] loop1: detected capacity change from 0 to 512 [ 427.281012][ T4572] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 427.297298][ T675] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 427.321600][ T4557] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 427.340486][ T4557] ext4 filesystem being mounted at /155/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 427.615767][ T4572] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 427.634571][ T4572] ext4 filesystem being mounted at /164/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 428.362586][ T675] usb 1-1: Using ep0 maxpacket: 16 [ 428.527133][ T675] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 428.664544][ T675] usb 1-1: config 0 has no interface number 0 [ 428.679147][ T675] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 428.705797][ T675] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 428.720391][ T675] usb 1-1: config 0 interface 41 has no altsetting 0 [ 429.042743][ T4592] loop4: detected capacity change from 0 to 512 [ 429.091639][ T4592] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 429.153293][ T4592] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2219: inode #15: comm syz.4.870: corrupted in-inode xattr [ 429.166855][ T4592] EXT4-fs (loop4): Remounting filesystem read-only [ 429.176118][ T4592] EXT4-fs (loop4): 1 truncate cleaned up [ 429.181716][ T4592] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 429.327779][ T675] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 429.359827][ T675] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.496728][ T675] usb 1-1: Product: syz [ 429.547807][ T675] usb 1-1: Manufacturer: syz [ 429.588251][ T675] usb 1-1: SerialNumber: syz [ 429.692916][ T675] usb 1-1: config 0 descriptor?? [ 429.757736][ T675] usb 1-1: can't set config #0, error -71 [ 429.836589][ T675] usb 1-1: USB disconnect, device number 22 [ 430.074671][ T4600] loop2: detected capacity change from 0 to 512 [ 430.168030][ T4600] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 430.199069][ T4600] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz.2.873: corrupted in-inode xattr [ 430.247095][ T4600] EXT4-fs (loop2): Remounting filesystem read-only [ 430.256097][ T4600] EXT4-fs (loop2): 1 truncate cleaned up [ 430.267590][ T4600] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 430.330350][ T4597] loop0: detected capacity change from 0 to 40427 [ 430.438054][ T4597] F2FS-fs (loop0): invalid crc value [ 430.467082][ T4597] F2FS-fs (loop0): Found nat_bits in checkpoint [ 430.673429][ T4597] F2FS-fs (loop0): Start checkpoint disabled! [ 430.761323][ T4597] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 430.788720][ T4595] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 430.857552][ T4597] netlink: 12 bytes leftover after parsing attributes in process `syz.0.872'. [ 430.882974][ T4597] attempt to access beyond end of device [ 430.882974][ T4597] loop0: rw=2049, want=45104, limit=40427 [ 430.904869][ T4615] loop1: detected capacity change from 0 to 40427 [ 430.935157][ T331] attempt to access beyond end of device [ 430.935157][ T331] loop0: rw=1, want=45224, limit=40427 [ 430.941483][ T4614] loop4: detected capacity change from 0 to 40427 [ 430.946179][ T331] attempt to access beyond end of device [ 430.946179][ T331] loop0: rw=1, want=45104, limit=40427 [ 430.963601][ T331] attempt to access beyond end of device [ 430.963601][ T331] loop0: rw=2049, want=40984, limit=40427 [ 430.987943][ T4615] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 430.990890][ T4614] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 431.003912][ T4614] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 431.012562][ T4615] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 431.034855][ T4614] F2FS-fs (loop4): Found nat_bits in checkpoint [ 431.035508][ T4615] F2FS-fs (loop1): Found nat_bits in checkpoint [ 431.092808][ T4614] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 431.100047][ T4615] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 431.100078][ T4614] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 431.108904][ T4615] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 431.147225][ T4595] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.160907][ T4595] usb 4-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 431.173803][ T4595] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.259692][ T4610] xt_hashlimit: size too large, truncated to 1048576 [ 431.275527][ T4595] usb 4-1: config 0 descriptor?? [ 431.318209][ T4614] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 431.891174][ T4635] loop2: detected capacity change from 0 to 512 [ 431.941109][ T4634] loop0: detected capacity change from 0 to 512 [ 432.032705][ T4634] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 432.043370][ T4635] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 432.116770][ T4634] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.878: corrupted in-inode xattr [ 432.129472][ T4634] EXT4-fs (loop0): Remounting filesystem read-only [ 432.136454][ T4634] EXT4-fs (loop0): 1 truncate cleaned up [ 432.142016][ T4634] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 432.251931][ T4635] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 432.270812][ T4635] ext4 filesystem being mounted at /159/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 432.828916][ T4614] SELinux: failed to load policy [ 432.837773][ T4613] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 432.847936][ T4613] SELinux: failed to load policy [ 433.030413][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 433.030428][ T30] audit: type=1326 audit(1743697425.718:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4642 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 433.067509][ T30] audit: type=1326 audit(1743697425.748:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4642 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 433.092688][ T30] audit: type=1326 audit(1743697425.748:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4642 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 433.125776][ T30] audit: type=1326 audit(1743697425.748:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4642 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 433.150290][ T30] audit: type=1326 audit(1743697425.748:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4642 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 433.387025][ T4595] usbhid 4-1:0.0: can't add hid device: -71 [ 433.392958][ T4595] usbhid: probe of 4-1:0.0 failed with error -71 [ 433.410041][ T4595] usb 4-1: USB disconnect, device number 14 [ 433.447033][ T6] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 433.462453][ T4661] xt_hashlimit: size too large, truncated to 1048576 [ 433.500841][ T4654] loop4: detected capacity change from 0 to 40427 [ 433.513838][ T4659] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 433.529365][ T4654] F2FS-fs (loop4): invalid crc value [ 433.534832][ T4659] SELinux: failed to load policy [ 433.540626][ T4654] F2FS-fs (loop4): Found nat_bits in checkpoint [ 433.604200][ T4655] loop0: detected capacity change from 0 to 40427 [ 433.617827][ T4654] F2FS-fs (loop4): Start checkpoint disabled! [ 433.634696][ T4654] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 433.670952][ T4655] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 433.694916][ T4655] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 433.703122][ T6] usb 3-1: Using ep0 maxpacket: 16 [ 433.758702][ T4655] F2FS-fs (loop0): Found nat_bits in checkpoint [ 433.827054][ T6] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 433.842770][ T6] usb 3-1: config 0 has no interface number 0 [ 433.864121][ T6] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 433.897846][ T6] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 433.907790][ T4655] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 433.921196][ T4655] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 433.936421][ T6] usb 3-1: config 0 interface 41 has no altsetting 0 [ 433.961102][ T310] attempt to access beyond end of device [ 433.961102][ T310] loop4: rw=1, want=45224, limit=40427 [ 433.985385][ T4650] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 434.001299][ T310] attempt to access beyond end of device [ 434.001299][ T310] loop4: rw=2049, want=40984, limit=40427 [ 434.006499][ T4650] SELinux: failed to load policy [ 434.117049][ T6] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 434.126050][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.139997][ T6] usb 3-1: Product: syz [ 434.147877][ T6] usb 3-1: Manufacturer: syz [ 434.154254][ T6] usb 3-1: SerialNumber: syz [ 434.163320][ T6] usb 3-1: config 0 descriptor?? [ 434.187199][ T4645] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 434.194071][ T4645] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 435.328583][ T6] dm9601: probe of 3-1:0.41 failed with error -71 [ 435.348194][ T6] sr9700: probe of 3-1:0.41 failed with error -71 [ 436.632774][ T4689] loop0: detected capacity change from 0 to 512 [ 437.189645][ T4688] loop1: detected capacity change from 0 to 256 [ 438.442213][ T4691] loop3: detected capacity change from 0 to 512 [ 440.799422][ T4688] exfat: Unknown parameter '' [ 440.912537][ T6] usb 3-1: USB disconnect, device number 22 [ 441.116698][ T30] audit: type=1326 audit(1743697433.798:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.0.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 441.357289][ T30] audit: type=1326 audit(1743697433.828:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.0.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 441.386594][ T30] audit: type=1326 audit(1743697433.828:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.0.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 441.562372][ T4709] loop3: detected capacity change from 0 to 40427 [ 441.614769][ T4709] F2FS-fs (loop3): invalid crc value [ 441.624861][ T4709] F2FS-fs (loop3): Found nat_bits in checkpoint [ 441.654328][ T4712] loop0: detected capacity change from 0 to 256 [ 441.688159][ T4712] exfat: Unknown parameter '' [ 441.750445][ T6] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 441.751468][ T300] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 441.856792][ T4709] F2FS-fs (loop3): Start checkpoint disabled! [ 441.878139][ T4709] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 441.976741][ T4718] xt_hashlimit: size too large, truncated to 1048576 [ 442.044326][ T4720] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 442.094785][ T331] attempt to access beyond end of device [ 442.094785][ T331] loop3: rw=1, want=45224, limit=40427 [ 442.111150][ T4720] SELinux: failed to load policy [ 442.117734][ T45] attempt to access beyond end of device [ 442.117734][ T45] loop3: rw=2049, want=40984, limit=40427 [ 442.187059][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.196758][ T6] usb 3-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 442.205650][ T300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.227010][ T300] usb 2-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 442.235866][ T300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.256969][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.265640][ T6] usb 3-1: config 0 descriptor?? [ 442.270942][ T300] usb 2-1: config 0 descriptor?? [ 442.438666][ T4724] loop0: detected capacity change from 0 to 40427 [ 442.569150][ T4724] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 442.576751][ T4724] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 442.599817][ T4724] F2FS-fs (loop0): Found nat_bits in checkpoint [ 442.652004][ T4724] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 442.659338][ T4724] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 442.748495][ T300] wacom 0003:056A:032B.0025: unknown main item tag 0x1 [ 442.768454][ T6] wacom 0003:056A:032B.0026: unknown main item tag 0x1 [ 442.770849][ T4734] loop4: detected capacity change from 0 to 512 [ 442.781152][ T4723] xt_hashlimit: size too large, truncated to 1048576 [ 442.789583][ T300] wacom 0003:056A:032B.0025: hidraw0: USB HID v0.04 Device [HID 056a:032b] on usb-dummy_hcd.1-1/input0 [ 442.801617][ T6] wacom 0003:056A:032B.0026: hidraw1: USB HID v0.04 Device [HID 056a:032b] on usb-dummy_hcd.2-1/input0 [ 442.860341][ T4734] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 442.890316][ T4734] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2219: inode #15: comm syz.4.902: corrupted in-inode xattr [ 442.916502][ T4734] EXT4-fs (loop4): Remounting filesystem read-only [ 442.930853][ T4734] EXT4-fs (loop4): 1 truncate cleaned up [ 442.942873][ T4734] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 443.604795][ T362] usb 2-1: USB disconnect, device number 16 [ 443.625084][ T1785] usb 3-1: USB disconnect, device number 23 [ 443.744350][ T4743] loop0: detected capacity change from 0 to 40427 [ 443.916392][ T4743] F2FS-fs (loop0): Found nat_bits in checkpoint [ 443.997241][ T4749] loop3: detected capacity change from 0 to 512 [ 444.079633][ T4743] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 444.087577][ T4749] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 444.120586][ T4765] 9pnet: Insufficient options for proto=fd [ 444.143831][ T4743] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 444.158163][ T4743] CPU: 1 PID: 4743 Comm: syz.0.904 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 444.167817][ T4743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 444.177702][ T4743] Call Trace: [ 444.180824][ T4743] [ 444.183602][ T4743] dump_stack_lvl+0x151/0x1c0 [ 444.188119][ T4743] ? io_uring_drop_tctx_refs+0x190/0x190 [ 444.193582][ T4743] ? arch_stack_walk+0xf3/0x140 [ 444.198275][ T4743] dump_stack+0x15/0x20 [ 444.202264][ T4743] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 444.207475][ T4743] f2fs_map_blocks+0x1622/0x3ab0 [ 444.212242][ T4743] ? __stack_depot_save+0x34/0x470 [ 444.217201][ T4743] ? f2fs_do_map_lock+0x70/0x70 [ 444.221883][ T4743] ? debug_smp_processor_id+0x17/0x20 [ 444.227085][ T4743] ? try_charge_memcg+0x213/0x1550 [ 444.232038][ T4743] f2fs_mpage_readpages+0xc9a/0x21a0 [ 444.237164][ T4743] ? __mem_cgroup_uncharge_list+0x8b/0x150 [ 444.242800][ T4743] ? dquot_release_reservation_block+0xa0/0xa0 [ 444.248789][ T4743] ? __this_cpu_preempt_check+0x13/0x20 [ 444.254168][ T4743] ? __pagevec_lru_add+0xcde/0xd70 [ 444.259117][ T4743] f2fs_readahead+0xfd/0x250 [ 444.263537][ T4743] ? blk_start_plug+0x5a/0x170 [ 444.268141][ T4743] read_pages+0x15e/0xb00 [ 444.272307][ T4743] ? lru_cache_add+0x279/0x540 [ 444.276905][ T4743] ? page_cache_ra_unbounded+0xa50/0xa50 [ 444.282370][ T4743] ? add_to_page_cache_lru+0x225/0x2c0 [ 444.287665][ T4743] ? add_to_page_cache_locked+0x40/0x40 [ 444.293049][ T4743] ? futex_wait+0x9a0/0x9a0 [ 444.297385][ T4743] ? wp_page_copy+0x13f9/0x1b00 [ 444.302076][ T4743] page_cache_ra_unbounded+0x7ed/0xa50 [ 444.307373][ T4743] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 444.313705][ T4743] ondemand_readahead+0x9c8/0xfa0 [ 444.318566][ T4743] ? handle_pte_fault+0x7f1/0x28f0 [ 444.323515][ T4743] ? page_cache_sync_ra+0x4d0/0x4d0 [ 444.328546][ T4743] ? fault_around_bytes_set+0xc0/0xc0 [ 444.333751][ T4743] ? cgroup_rstat_updated+0xe5/0x370 [ 444.338873][ T4743] page_cache_sync_ra+0x2e9/0x4d0 [ 444.343733][ T4743] ? force_page_cache_ra+0x420/0x420 [ 444.348856][ T4743] ? do_handle_mm_fault+0x1807/0x2400 [ 444.354069][ T4743] f2fs_readdir+0x52d/0xba0 [ 444.358405][ T4743] ? f2fs_fill_dentries+0xd60/0xd60 [ 444.363437][ T4743] ? avc_policy_seqno+0x1b/0x70 [ 444.368131][ T4743] ? __kasan_check_read+0x11/0x20 [ 444.372986][ T4743] ? security_file_permission+0x86/0xb0 [ 444.378364][ T4743] iterate_dir+0x265/0x600 [ 444.382616][ T4743] ? f2fs_fill_dentries+0xd60/0xd60 [ 444.387652][ T4743] __se_sys_getdents64+0x1c1/0x460 [ 444.392600][ T4743] ? __x64_sys_getdents64+0x90/0x90 [ 444.397629][ T4743] ? filldir+0x680/0x680 [ 444.401731][ T4743] ? __kasan_check_write+0x14/0x20 [ 444.406657][ T4743] ? switch_fpu_return+0x15f/0x2e0 [ 444.411610][ T4743] __x64_sys_getdents64+0x7b/0x90 [ 444.416468][ T4743] x64_sys_call+0x5ae/0x9a0 [ 444.420803][ T4743] do_syscall_64+0x3b/0xb0 [ 444.425057][ T4743] ? clear_bhb_loop+0x35/0x90 [ 444.429567][ T4743] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 444.435295][ T4743] RIP: 0033:0x7fa20667f169 [ 444.439550][ T4743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.458990][ T4743] RSP: 002b:00007fa204ce9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 444.467323][ T4743] RAX: ffffffffffffffda RBX: 00007fa206897fa0 RCX: 00007fa20667f169 [ 444.475132][ T4743] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 444.482943][ T4743] RBP: 00007fa2067002a0 R08: 0000000000000000 R09: 0000000000000000 [ 444.490756][ T4743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.498566][ T4743] R13: 0000000000000000 R14: 00007fa206897fa0 R15: 00007fff84e7eab8 [ 444.506381][ T4743] [ 444.526750][ T4749] EXT4-fs (loop3): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 444.600198][ T30] audit: type=1326 audit(1743697437.288:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415338e169 code=0x7ffc0000 [ 444.623858][ T4743] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 444.641817][ T4743] CPU: 0 PID: 4743 Comm: syz.0.904 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 444.651460][ T4743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 444.661357][ T4743] Call Trace: [ 444.664563][ T4743] [ 444.667341][ T4743] dump_stack_lvl+0x151/0x1c0 [ 444.671853][ T4743] ? io_uring_drop_tctx_refs+0x190/0x190 [ 444.677320][ T4743] dump_stack+0x15/0x20 [ 444.680076][ T4749] ext4 filesystem being mounted at /197/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 444.681309][ T4743] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 444.696595][ T4743] f2fs_get_read_data_page+0x50f/0x850 [ 444.697001][ T30] audit: type=1326 audit(1743697437.288:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f415338e169 code=0x7ffc0000 [ 444.701881][ T4743] ? f2fs_get_block+0x1b0/0x1b0 [ 444.729587][ T4743] ? force_page_cache_ra+0x420/0x420 [ 444.734691][ T4743] f2fs_find_data_page+0x19c/0x420 [ 444.739637][ T4743] f2fs_readdir+0x53a/0xba0 [ 444.743982][ T4743] ? f2fs_fill_dentries+0xd60/0xd60 [ 444.749014][ T4743] ? avc_policy_seqno+0x1b/0x70 [ 444.753696][ T4743] ? __kasan_check_read+0x11/0x20 [ 444.758556][ T4743] ? security_file_permission+0x86/0xb0 [ 444.763955][ T4743] iterate_dir+0x265/0x600 [ 444.768191][ T4743] ? f2fs_fill_dentries+0xd60/0xd60 [ 444.773354][ T4743] __se_sys_getdents64+0x1c1/0x460 [ 444.778303][ T4743] ? __x64_sys_getdents64+0x90/0x90 [ 444.783345][ T4743] ? filldir+0x680/0x680 [ 444.787409][ T4743] ? __kasan_check_write+0x14/0x20 [ 444.791278][ T30] audit: type=1326 audit(1743697437.288:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415338e169 code=0x7ffc0000 [ 444.792349][ T4743] ? switch_fpu_return+0x15f/0x2e0 [ 444.820390][ T4743] __x64_sys_getdents64+0x7b/0x90 [ 444.825249][ T4743] x64_sys_call+0x5ae/0x9a0 [ 444.829591][ T4743] do_syscall_64+0x3b/0xb0 [ 444.833839][ T4743] ? clear_bhb_loop+0x35/0x90 [ 444.838356][ T4743] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 444.844083][ T4743] RIP: 0033:0x7fa20667f169 [ 444.848335][ T4743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.867780][ T4743] RSP: 002b:00007fa204ce9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 444.876021][ T4743] RAX: ffffffffffffffda RBX: 00007fa206897fa0 RCX: 00007fa20667f169 [ 444.883832][ T4743] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 444.891648][ T4743] RBP: 00007fa2067002a0 R08: 0000000000000000 R09: 0000000000000000 [ 444.899452][ T4743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.902535][ T30] audit: type=1326 audit(1743697437.288:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f415338e169 code=0x7ffc0000 [ 444.907261][ T4743] R13: 0000000000000000 R14: 00007fa206897fa0 R15: 00007fff84e7eab8 [ 444.907283][ T4743] [ 444.984096][ T288] attempt to access beyond end of device [ 444.984096][ T288] loop0: rw=2049, want=45112, limit=40427 [ 444.998461][ T30] audit: type=1326 audit(1743697437.288:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415338e169 code=0x7ffc0000 [ 445.022814][ T30] audit: type=1326 audit(1743697437.288:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f415338e169 code=0x7ffc0000 [ 445.090353][ T30] audit: type=1326 audit(1743697437.288:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.1.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415338e169 code=0x7ffc0000 [ 445.213897][ T4768] loop4: detected capacity change from 0 to 40427 [ 445.247108][ T4768] F2FS-fs (loop4): invalid crc value [ 445.262530][ T4768] F2FS-fs (loop4): Found nat_bits in checkpoint [ 445.328981][ T4768] F2FS-fs (loop4): Start checkpoint disabled! [ 445.351195][ T4768] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 445.473065][ T4784] loop2: detected capacity change from 0 to 512 [ 445.530342][ T4784] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 445.555385][ T4784] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz.2.914: corrupted in-inode xattr [ 445.567922][ T4784] EXT4-fs (loop2): Remounting filesystem read-only [ 445.574475][ T4784] EXT4-fs (loop2): 1 truncate cleaned up [ 445.580509][ T4784] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 445.664995][ T45] attempt to access beyond end of device [ 445.664995][ T45] loop4: rw=1, want=45224, limit=40427 [ 445.701246][ T45] attempt to access beyond end of device [ 445.701246][ T45] loop4: rw=2049, want=40984, limit=40427 [ 446.015050][ T4783] loop0: detected capacity change from 0 to 40427 [ 446.084044][ T4783] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 446.103507][ T4783] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 446.114660][ T4783] F2FS-fs (loop0): Found nat_bits in checkpoint [ 446.175071][ T4783] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 446.184369][ T4783] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 446.265555][ T4783] xt_hashlimit: size too large, truncated to 1048576 [ 446.366738][ T4799] loop3: detected capacity change from 0 to 256 [ 446.398097][ T4799] exfat: Unknown parameter '' [ 447.257080][ T300] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 447.390868][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 447.390885][ T30] audit: type=1326 audit(1743697440.078:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.425404][ T362] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 447.433483][ T30] audit: type=1326 audit(1743697440.118:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.456806][ T30] audit: type=1326 audit(1743697440.118:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.480621][ T30] audit: type=1326 audit(1743697440.118:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.507336][ T30] audit: type=1326 audit(1743697440.118:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.530984][ T30] audit: type=1326 audit(1743697440.118:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.585308][ T4823] loop0: detected capacity change from 0 to 512 [ 447.621120][ T4823] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 447.637290][ T300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.648463][ T30] audit: type=1326 audit(1743697440.118:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.676974][ T300] usb 4-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 447.696843][ T300] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.706952][ T4823] EXT4-fs (loop0): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 447.725261][ T4823] ext4 filesystem being mounted at /195/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 447.769837][ T30] audit: type=1326 audit(1743697440.118:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.797324][ T300] usb 4-1: config 0 descriptor?? [ 447.827834][ T30] audit: type=1326 audit(1743697440.178:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.878879][ T30] audit: type=1326 audit(1743697440.188:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4817 comm="syz.4.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 447.914408][ T4822] loop4: detected capacity change from 0 to 40427 [ 448.091332][ T4822] F2FS-fs (loop4): Found nat_bits in checkpoint [ 448.164725][ T4822] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 448.352631][ T300] wacom 0003:056A:032B.0027: unknown main item tag 0x1 [ 448.398091][ T4822] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 448.400663][ T300] wacom 0003:056A:032B.0027: hidraw0: USB HID v0.04 Device [HID 056a:032b] on usb-dummy_hcd.3-1/input0 [ 448.417521][ T4822] CPU: 0 PID: 4822 Comm: syz.4.923 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 448.417579][ T362] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 448.427152][ T4822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 448.427170][ T4822] Call Trace: [ 448.427176][ T4822] [ 448.427185][ T4822] dump_stack_lvl+0x151/0x1c0 [ 448.427214][ T4822] ? io_uring_drop_tctx_refs+0x190/0x190 [ 448.440784][ T362] usb 3-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 448.446596][ T4822] ? bpf_trace_run3+0x123/0x250 [ 448.446634][ T4822] dump_stack+0x15/0x20 [ 448.449990][ T362] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.452499][ T4822] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 448.459163][ T362] usb 3-1: config 0 descriptor?? [ 448.462482][ T4822] f2fs_map_blocks+0x1622/0x3ab0 [ 448.502595][ T4822] ? f2fs_do_map_lock+0x70/0x70 [ 448.507259][ T4822] ? irqentry_exit+0x30/0x40 [ 448.511688][ T4822] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 448.517158][ T4822] f2fs_mpage_readpages+0xc9a/0x21a0 [ 448.522287][ T4822] ? preempt_schedule+0xd9/0xe0 [ 448.526968][ T4822] ? preempt_schedule_common+0xbe/0xf0 [ 448.532266][ T4822] ? dquot_release_reservation_block+0xa0/0xa0 [ 448.538246][ T4822] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 448.543716][ T4822] ? cgroup_rstat_updated+0x37/0x370 [ 448.548838][ T4822] f2fs_readahead+0xfd/0x250 [ 448.553269][ T4822] ? blk_start_plug+0x5a/0x170 [ 448.557868][ T4822] read_pages+0x15e/0xb00 [ 448.562032][ T4822] ? lru_cache_add+0x279/0x540 [ 448.566718][ T4822] ? page_cache_ra_unbounded+0xa50/0xa50 [ 448.572184][ T4822] ? add_to_page_cache_lru+0x225/0x2c0 [ 448.577478][ T4822] ? add_to_page_cache_locked+0x40/0x40 [ 448.582860][ T4822] page_cache_ra_unbounded+0x7ed/0xa50 [ 448.588154][ T4822] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 448.594576][ T4822] ondemand_readahead+0x9c8/0xfa0 [ 448.599438][ T4822] ? sched_clock_cpu+0x18/0x3b0 [ 448.604121][ T4822] ? bpf_trace_run2+0x210/0x210 [ 448.608831][ T4822] ? page_cache_sync_ra+0x4d0/0x4d0 [ 448.613850][ T4822] ? finish_task_switch+0x167/0x7b0 [ 448.618882][ T4822] page_cache_sync_ra+0x2e9/0x4d0 [ 448.623738][ T4822] ? force_page_cache_ra+0x420/0x420 [ 448.628888][ T4822] ? release_firmware_map_entry+0x190/0x190 [ 448.634591][ T4822] ? __bpf_get_stack+0x3e9/0x570 [ 448.639365][ T4822] f2fs_readdir+0x52d/0xba0 [ 448.643708][ T4822] ? f2fs_fill_dentries+0xd60/0xd60 [ 448.648731][ T4822] ? sysvec_reschedule_ipi+0x8c/0x160 [ 448.653942][ T4822] ? __kasan_check_read+0x11/0x20 [ 448.658802][ T4822] ? security_file_permission+0x86/0xb0 [ 448.664185][ T4822] iterate_dir+0x265/0x600 [ 448.668435][ T4822] ? f2fs_fill_dentries+0xd60/0xd60 [ 448.673471][ T4822] __se_sys_getdents64+0x1c1/0x460 [ 448.678420][ T4822] ? __x64_sys_getdents64+0x90/0x90 [ 448.683449][ T4822] ? filldir+0x680/0x680 [ 448.687531][ T4822] ? __kasan_check_write+0x14/0x20 [ 448.692478][ T4822] ? switch_fpu_return+0x15f/0x2e0 [ 448.697426][ T4822] __x64_sys_getdents64+0x7b/0x90 [ 448.702285][ T4822] x64_sys_call+0x5ae/0x9a0 [ 448.706628][ T4822] do_syscall_64+0x3b/0xb0 [ 448.710889][ T4822] ? clear_bhb_loop+0x35/0x90 [ 448.715578][ T4822] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 448.721309][ T4822] RIP: 0033:0x7f669a42e169 [ 448.725560][ T4822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.745130][ T4822] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 448.753368][ T4822] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 448.761178][ T4822] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 448.768996][ T4822] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 448.776798][ T4822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 448.784609][ T4822] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 448.792426][ T4822] [ 449.114435][ T4822] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 449.132074][ T4822] CPU: 1 PID: 4822 Comm: syz.4.923 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 449.141746][ T4822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 449.151625][ T4822] Call Trace: [ 449.154743][ T4822] [ 449.157521][ T4822] dump_stack_lvl+0x151/0x1c0 [ 449.162033][ T4822] ? io_uring_drop_tctx_refs+0x190/0x190 [ 449.167507][ T4822] dump_stack+0x15/0x20 [ 449.171497][ T4822] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 449.176703][ T4822] f2fs_get_read_data_page+0x50f/0x850 [ 449.181997][ T4822] ? f2fs_get_block+0x1b0/0x1b0 [ 449.186688][ T4822] ? force_page_cache_ra+0x420/0x420 [ 449.191803][ T4822] f2fs_find_data_page+0x19c/0x420 [ 449.196757][ T4822] f2fs_readdir+0x53a/0xba0 [ 449.201091][ T4822] ? f2fs_fill_dentries+0xd60/0xd60 [ 449.206116][ T4822] ? sysvec_reschedule_ipi+0x8c/0x160 [ 449.211329][ T4822] ? __kasan_check_read+0x11/0x20 [ 449.216188][ T4822] ? security_file_permission+0x86/0xb0 [ 449.221566][ T4822] iterate_dir+0x265/0x600 [ 449.225820][ T4822] ? f2fs_fill_dentries+0xd60/0xd60 [ 449.230873][ T4822] __se_sys_getdents64+0x1c1/0x460 [ 449.235802][ T4822] ? __x64_sys_getdents64+0x90/0x90 [ 449.240834][ T4822] ? filldir+0x680/0x680 [ 449.244917][ T4822] ? __kasan_check_write+0x14/0x20 [ 449.249862][ T4822] ? switch_fpu_return+0x15f/0x2e0 [ 449.254811][ T4822] __x64_sys_getdents64+0x7b/0x90 [ 449.259669][ T4822] x64_sys_call+0x5ae/0x9a0 [ 449.264011][ T4822] do_syscall_64+0x3b/0xb0 [ 449.268263][ T4822] ? clear_bhb_loop+0x35/0x90 [ 449.272776][ T4822] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 449.278501][ T4822] RIP: 0033:0x7f669a42e169 [ 449.282763][ T4822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 449.302282][ T4822] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 449.310618][ T4822] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 449.318427][ T4822] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 449.326237][ T4822] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 449.334048][ T4822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 449.341862][ T4822] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 449.349678][ T4822] [ 449.365005][ T289] attempt to access beyond end of device [ 449.365005][ T289] loop4: rw=2049, want=45112, limit=40427 [ 449.504349][ T4838] loop1: detected capacity change from 0 to 40427 [ 449.603139][ T4841] loop0: detected capacity change from 0 to 40427 [ 449.613459][ T4838] F2FS-fs (loop1): invalid crc value [ 449.619618][ T4838] F2FS-fs (loop1): Found nat_bits in checkpoint [ 449.653247][ T4838] F2FS-fs (loop1): Start checkpoint disabled! [ 449.659896][ T4838] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 449.717801][ T4841] F2FS-fs (loop0): Found nat_bits in checkpoint [ 449.767144][ T1785] usb 4-1: USB disconnect, device number 15 [ 449.823524][ T310] attempt to access beyond end of device [ 449.823524][ T310] loop1: rw=1, want=45224, limit=40427 [ 449.845367][ T310] attempt to access beyond end of device [ 449.845367][ T310] loop1: rw=2049, want=40984, limit=40427 [ 449.915382][ T4841] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 449.929039][ T4845] loop4: detected capacity change from 0 to 40427 [ 450.033018][ T4855] loop3: detected capacity change from 0 to 512 [ 450.097898][ T4855] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 450.127498][ T4845] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 450.201342][ T4845] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 450.291877][ T4855] EXT4-fs (loop3): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 450.310653][ T4855] ext4 filesystem being mounted at /200/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 451.037943][ T4845] F2FS-fs (loop4): Found nat_bits in checkpoint [ 451.047062][ T362] usbhid 3-1:0.0: can't add hid device: -71 [ 451.052960][ T362] usbhid: probe of 3-1:0.0 failed with error -71 [ 451.177204][ T362] usb 3-1: USB disconnect, device number 24 [ 451.183946][ T4840] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 451.205163][ T4840] CPU: 1 PID: 4840 Comm: syz.0.925 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 451.214814][ T4840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.224710][ T4840] Call Trace: [ 451.227833][ T4840] [ 451.230612][ T4840] dump_stack_lvl+0x151/0x1c0 [ 451.235128][ T4840] ? io_uring_drop_tctx_refs+0x190/0x190 [ 451.240593][ T4840] ? arch_stack_walk+0xf3/0x140 [ 451.245283][ T4840] dump_stack+0x15/0x20 [ 451.249274][ T4840] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 451.254480][ T4840] f2fs_map_blocks+0x1622/0x3ab0 [ 451.259252][ T4840] ? __stack_depot_save+0x34/0x470 [ 451.264211][ T4840] ? f2fs_do_map_lock+0x70/0x70 [ 451.268889][ T4840] ? debug_smp_processor_id+0x17/0x20 [ 451.274091][ T4840] ? try_charge_memcg+0x213/0x1550 [ 451.279041][ T4840] f2fs_mpage_readpages+0xc9a/0x21a0 [ 451.284169][ T4840] ? dquot_release_reservation_block+0xa0/0xa0 [ 451.290151][ T4840] ? workingset_activation+0x3f0/0x3f0 [ 451.295453][ T4840] f2fs_readahead+0xfd/0x250 [ 451.299974][ T4840] ? blk_start_plug+0x5a/0x170 [ 451.304587][ T4840] read_pages+0x15e/0xb00 [ 451.308744][ T4840] ? lru_cache_add+0x279/0x540 [ 451.313339][ T4840] ? page_cache_ra_unbounded+0xa50/0xa50 [ 451.318814][ T4840] ? add_to_page_cache_lru+0x225/0x2c0 [ 451.324108][ T4840] ? add_to_page_cache_locked+0x40/0x40 [ 451.325074][ T4845] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 451.329487][ T4840] page_cache_ra_unbounded+0x7ed/0xa50 [ 451.329521][ T4840] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 451.336341][ T4845] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 451.341635][ T4840] ondemand_readahead+0x9c8/0xfa0 [ 451.341661][ T4840] ? handle_pte_fault+0x7f1/0x28f0 [ 451.361970][ T4845] xt_hashlimit: size too large, truncated to 1048576 [ 451.365072][ T4840] ? page_cache_sync_ra+0x4d0/0x4d0 [ 451.376707][ T4840] ? fault_around_bytes_set+0xc0/0xc0 [ 451.381913][ T4840] ? cgroup_rstat_updated+0xe5/0x370 [ 451.387032][ T4840] page_cache_sync_ra+0x2e9/0x4d0 [ 451.391895][ T4840] ? force_page_cache_ra+0x420/0x420 [ 451.397012][ T4840] ? do_handle_mm_fault+0x1807/0x2400 [ 451.402220][ T4840] f2fs_readdir+0x52d/0xba0 [ 451.406566][ T4840] ? f2fs_fill_dentries+0xd60/0xd60 [ 451.411592][ T4840] ? avc_policy_seqno+0x1b/0x70 [ 451.416276][ T4840] ? __kasan_check_read+0x11/0x20 [ 451.421144][ T4840] ? security_file_permission+0x86/0xb0 [ 451.426520][ T4840] iterate_dir+0x265/0x600 [ 451.430772][ T4840] ? f2fs_fill_dentries+0xd60/0xd60 [ 451.435810][ T4840] __se_sys_getdents64+0x1c1/0x460 [ 451.440759][ T4840] ? __x64_sys_getdents64+0x90/0x90 [ 451.445789][ T4840] ? filldir+0x680/0x680 [ 451.449866][ T4840] ? __kasan_check_write+0x14/0x20 [ 451.454813][ T4840] ? switch_fpu_return+0x15f/0x2e0 [ 451.459763][ T4840] __x64_sys_getdents64+0x7b/0x90 [ 451.464623][ T4840] x64_sys_call+0x5ae/0x9a0 [ 451.468960][ T4840] do_syscall_64+0x3b/0xb0 [ 451.473212][ T4840] ? clear_bhb_loop+0x35/0x90 [ 451.477725][ T4840] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 451.483453][ T4840] RIP: 0033:0x7fa20667f169 [ 451.487711][ T4840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.507157][ T4840] RSP: 002b:00007fa204ce9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 451.515396][ T4840] RAX: ffffffffffffffda RBX: 00007fa206897fa0 RCX: 00007fa20667f169 [ 451.523208][ T4840] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 451.531020][ T4840] RBP: 00007fa2067002a0 R08: 0000000000000000 R09: 0000000000000000 [ 451.538827][ T4840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.546634][ T4840] R13: 0000000000000000 R14: 00007fa206897fa0 R15: 00007fff84e7eab8 [ 451.554620][ T4840] [ 451.747517][ T4840] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 451.759528][ T4840] CPU: 0 PID: 4840 Comm: syz.0.925 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 451.769732][ T4840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.779624][ T4840] Call Trace: [ 451.782745][ T4840] [ 451.785523][ T4840] dump_stack_lvl+0x151/0x1c0 [ 451.790042][ T4840] ? io_uring_drop_tctx_refs+0x190/0x190 [ 451.795518][ T4840] dump_stack+0x15/0x20 [ 451.799503][ T4840] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 451.804710][ T4840] f2fs_get_read_data_page+0x50f/0x850 [ 451.810006][ T4840] ? f2fs_get_block+0x1b0/0x1b0 [ 451.814691][ T4840] ? force_page_cache_ra+0x420/0x420 [ 451.819949][ T4840] f2fs_find_data_page+0x19c/0x420 [ 451.824897][ T4840] f2fs_readdir+0x53a/0xba0 [ 451.829236][ T4840] ? f2fs_fill_dentries+0xd60/0xd60 [ 451.834269][ T4840] ? avc_policy_seqno+0x1b/0x70 [ 451.838955][ T4840] ? __kasan_check_read+0x11/0x20 [ 451.843815][ T4840] ? security_file_permission+0x86/0xb0 [ 451.849195][ T4840] iterate_dir+0x265/0x600 [ 451.853448][ T4840] ? f2fs_fill_dentries+0xd60/0xd60 [ 451.858483][ T4840] __se_sys_getdents64+0x1c1/0x460 [ 451.863438][ T4840] ? __x64_sys_getdents64+0x90/0x90 [ 451.868460][ T4840] ? filldir+0x680/0x680 [ 451.872569][ T4840] ? __kasan_check_write+0x14/0x20 [ 451.877486][ T4840] ? switch_fpu_return+0x15f/0x2e0 [ 451.882436][ T4840] __x64_sys_getdents64+0x7b/0x90 [ 451.887311][ T4840] x64_sys_call+0x5ae/0x9a0 [ 451.891635][ T4840] do_syscall_64+0x3b/0xb0 [ 451.895884][ T4840] ? clear_bhb_loop+0x35/0x90 [ 451.900402][ T4840] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 451.906132][ T4840] RIP: 0033:0x7fa20667f169 [ 451.910386][ T4840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.929823][ T4840] RSP: 002b:00007fa204ce9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 451.938069][ T4840] RAX: ffffffffffffffda RBX: 00007fa206897fa0 RCX: 00007fa20667f169 [ 451.945878][ T4840] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 451.953689][ T4840] RBP: 00007fa2067002a0 R08: 0000000000000000 R09: 0000000000000000 [ 451.961513][ T4840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.969317][ T4840] R13: 0000000000000000 R14: 00007fa206897fa0 R15: 00007fff84e7eab8 [ 451.977126][ T4840] [ 452.179537][ T4878] loop1: detected capacity change from 0 to 512 [ 452.212425][ T288] attempt to access beyond end of device [ 452.212425][ T288] loop0: rw=2049, want=45112, limit=40427 [ 452.260495][ T4878] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 452.363580][ T4878] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 452.382324][ T4878] ext4 filesystem being mounted at /178/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 453.044571][ T4886] 9pnet: Insufficient options for proto=fd [ 453.173831][ T30] audit: type=1326 audit(1743697445.858:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 453.225785][ T30] audit: type=1326 audit(1743697445.888:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 453.249268][ T30] audit: type=1326 audit(1743697445.888:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 453.275586][ T30] audit: type=1326 audit(1743697445.888:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 453.328403][ T4895] loop2: detected capacity change from 0 to 512 [ 453.379585][ T4895] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 453.452618][ T30] audit: type=1326 audit(1743697445.888:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 454.310435][ T4895] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 454.329307][ T4895] ext4 filesystem being mounted at /167/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 454.628347][ T30] audit: type=1326 audit(1743697445.888:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 454.798106][ T30] audit: type=1326 audit(1743697445.888:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 454.821634][ T30] audit: type=1326 audit(1743697445.888:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 454.846971][ T30] audit: type=1326 audit(1743697445.938:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 454.872605][ T30] audit: type=1326 audit(1743697445.938:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4889 comm="syz.0.933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa20667f169 code=0x7ffc0000 [ 454.921590][ T4909] loop0: detected capacity change from 0 to 512 [ 454.992524][ T4909] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 456.189686][ T4914] loop2: detected capacity change from 0 to 512 [ 456.198677][ T4919] loop4: detected capacity change from 0 to 512 [ 456.260828][ T4919] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 456.270584][ T4914] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 456.369418][ T4909] EXT4-fs (loop0): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 456.388208][ T4909] ext4 filesystem being mounted at /198/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 456.420768][ T4919] EXT4-fs (loop4): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 456.439466][ T4919] ext4 filesystem being mounted at /188/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 456.828126][ T4914] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 456.846440][ T4914] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 457.045415][ T4905] loop1: detected capacity change from 0 to 40427 [ 457.118778][ T4905] F2FS-fs (loop1): invalid crc value [ 457.146229][ T4905] F2FS-fs (loop1): Found nat_bits in checkpoint [ 457.223601][ T4936] loop3: detected capacity change from 0 to 512 [ 457.267203][ T4905] F2FS-fs (loop1): Start checkpoint disabled! [ 457.273837][ T4905] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 457.939545][ T4942] loop0: detected capacity change from 0 to 512 [ 457.962551][ T4936] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 458.788772][ T4946] loop2: detected capacity change from 0 to 512 [ 458.820092][ T4942] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 458.840322][ T4946] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 458.958988][ T4946] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz.2.945: corrupted in-inode xattr [ 458.973068][ T4936] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2219: inode #15: comm syz.3.943: corrupted in-inode xattr [ 458.986322][ T4946] EXT4-fs (loop2): Remounting filesystem read-only [ 458.993574][ T4936] EXT4-fs (loop3): Remounting filesystem read-only [ 459.001518][ T4936] EXT4-fs (loop3): 1 truncate cleaned up [ 459.007038][ T4936] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 459.032225][ T4946] EXT4-fs (loop2): 1 truncate cleaned up [ 459.037846][ T4946] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 459.453650][ T310] attempt to access beyond end of device [ 459.453650][ T310] loop1: rw=1, want=45224, limit=40427 [ 459.506323][ T4942] EXT4-fs (loop0): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 459.525359][ T4942] ext4 filesystem being mounted at /199/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 459.591631][ T310] attempt to access beyond end of device [ 459.591631][ T310] loop1: rw=2049, want=45240, limit=40427 [ 459.916910][ T30] audit: type=1326 audit(1743697452.598:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 459.952096][ T4965] loop3: detected capacity change from 0 to 512 [ 460.018859][ T30] audit: type=1326 audit(1743697452.638:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 460.088424][ T4965] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 460.097610][ T30] audit: type=1326 audit(1743697452.638:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 460.128543][ T30] audit: type=1326 audit(1743697452.638:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 460.252217][ T30] audit: type=1326 audit(1743697452.638:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 460.311240][ T4965] EXT4-fs (loop3): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 460.334738][ T4965] ext4 filesystem being mounted at /205/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 460.348213][ T30] audit: type=1326 audit(1743697452.638:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 460.371882][ T30] audit: type=1326 audit(1743697452.638:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 460.553957][ T30] audit: type=1326 audit(1743697452.638:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 460.582110][ T30] audit: type=1326 audit(1743697452.638:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 461.535558][ T30] audit: type=1326 audit(1743697452.638:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 461.667002][ T6] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 461.683644][ T4985] loop2: detected capacity change from 0 to 512 [ 461.743203][ T4971] loop4: detected capacity change from 0 to 40427 [ 461.770378][ T4985] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 461.778008][ T4982] loop0: detected capacity change from 0 to 40427 [ 461.788828][ T4985] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 461.807247][ T4985] ext4 filesystem being mounted at /172/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 461.823315][ T4971] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 461.840835][ T4971] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 461.873057][ T4982] F2FS-fs (loop0): Found nat_bits in checkpoint [ 461.883189][ T4971] F2FS-fs (loop4): Found nat_bits in checkpoint [ 461.962832][ T4982] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 461.970345][ T4971] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 461.980425][ T4971] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 462.003939][ T4970] xt_hashlimit: size too large, truncated to 1048576 [ 462.024013][ T4982] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 462.037198][ T4982] CPU: 1 PID: 4982 Comm: syz.0.953 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 462.046837][ T4982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 462.056752][ T4982] Call Trace: [ 462.059859][ T4982] [ 462.062635][ T4982] dump_stack_lvl+0x151/0x1c0 [ 462.067148][ T4982] ? io_uring_drop_tctx_refs+0x190/0x190 [ 462.072614][ T4982] ? arch_stack_walk+0xf3/0x140 [ 462.077305][ T4982] dump_stack+0x15/0x20 [ 462.081297][ T4982] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 462.086503][ T4982] f2fs_map_blocks+0x1622/0x3ab0 [ 462.091276][ T4982] ? __stack_depot_save+0x34/0x470 [ 462.096231][ T4982] ? f2fs_do_map_lock+0x70/0x70 [ 462.097217][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.100913][ T4982] ? debug_smp_processor_id+0x17/0x20 [ 462.100947][ T4982] ? try_charge_memcg+0x213/0x1550 [ 462.118893][ T6] usb 2-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 462.120609][ T4982] f2fs_mpage_readpages+0xc9a/0x21a0 [ 462.134598][ T4982] ? dquot_release_reservation_block+0xa0/0xa0 [ 462.140461][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.140567][ T4982] ? workingset_activation+0x3f0/0x3f0 [ 462.153690][ T4982] f2fs_readahead+0xfd/0x250 [ 462.158114][ T4982] ? blk_start_plug+0x5a/0x170 [ 462.162705][ T4982] read_pages+0x15e/0xb00 [ 462.166873][ T4982] ? lru_cache_add+0x279/0x540 [ 462.171471][ T4982] ? page_cache_ra_unbounded+0xa50/0xa50 [ 462.176941][ T4982] ? add_to_page_cache_lru+0x225/0x2c0 [ 462.182232][ T4982] ? add_to_page_cache_locked+0x40/0x40 [ 462.187624][ T4982] page_cache_ra_unbounded+0x7ed/0xa50 [ 462.192914][ T4982] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 462.198244][ T6] usb 2-1: config 0 descriptor?? [ 462.199244][ T4982] ondemand_readahead+0x9c8/0xfa0 [ 462.208884][ T4982] ? handle_pte_fault+0x7f1/0x28f0 [ 462.213831][ T4982] ? page_cache_sync_ra+0x4d0/0x4d0 [ 462.218863][ T4982] ? fault_around_bytes_set+0xc0/0xc0 [ 462.224071][ T4982] ? cgroup_rstat_updated+0xe5/0x370 [ 462.229190][ T4982] page_cache_sync_ra+0x2e9/0x4d0 [ 462.234048][ T4982] ? force_page_cache_ra+0x420/0x420 [ 462.239169][ T4982] ? do_handle_mm_fault+0x1807/0x2400 [ 462.244380][ T4982] f2fs_readdir+0x52d/0xba0 [ 462.248723][ T4982] ? f2fs_fill_dentries+0xd60/0xd60 [ 462.253754][ T4982] ? avc_policy_seqno+0x1b/0x70 [ 462.258437][ T4982] ? __kasan_check_read+0x11/0x20 [ 462.263298][ T4982] ? security_file_permission+0x86/0xb0 [ 462.268679][ T4982] iterate_dir+0x265/0x600 [ 462.272933][ T4982] ? f2fs_fill_dentries+0xd60/0xd60 [ 462.277968][ T4982] __se_sys_getdents64+0x1c1/0x460 [ 462.282946][ T4982] ? __x64_sys_getdents64+0x90/0x90 [ 462.287945][ T4982] ? filldir+0x680/0x680 [ 462.292027][ T4982] ? __kasan_check_write+0x14/0x20 [ 462.296971][ T4982] ? switch_fpu_return+0x15f/0x2e0 [ 462.301922][ T4982] __x64_sys_getdents64+0x7b/0x90 [ 462.306782][ T4982] x64_sys_call+0x5ae/0x9a0 [ 462.311124][ T4982] do_syscall_64+0x3b/0xb0 [ 462.315373][ T4982] ? clear_bhb_loop+0x35/0x90 [ 462.319885][ T4982] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 462.325614][ T4982] RIP: 0033:0x7fa20667f169 [ 462.329865][ T4982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.349310][ T4982] RSP: 002b:00007fa204ce9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 462.357553][ T4982] RAX: ffffffffffffffda RBX: 00007fa206897fa0 RCX: 00007fa20667f169 [ 462.365361][ T4982] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 462.373176][ T4982] RBP: 00007fa2067002a0 R08: 0000000000000000 R09: 0000000000000000 [ 462.380986][ T4982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.388796][ T4982] R13: 0000000000000000 R14: 00007fa206897fa0 R15: 00007fff84e7eab8 [ 462.396609][ T4982] [ 462.427620][ T4982] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 462.438448][ T4982] CPU: 1 PID: 4982 Comm: syz.0.953 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 462.448084][ T4982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 462.457978][ T4982] Call Trace: [ 462.461104][ T4982] [ 462.463879][ T4982] dump_stack_lvl+0x151/0x1c0 [ 462.468392][ T4982] ? io_uring_drop_tctx_refs+0x190/0x190 [ 462.473861][ T4982] dump_stack+0x15/0x20 [ 462.477848][ T4982] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 462.483071][ T4982] f2fs_get_read_data_page+0x50f/0x850 [ 462.488356][ T4982] ? f2fs_get_block+0x1b0/0x1b0 [ 462.493043][ T4982] ? force_page_cache_ra+0x420/0x420 [ 462.498165][ T4982] f2fs_find_data_page+0x19c/0x420 [ 462.503113][ T4982] f2fs_readdir+0x53a/0xba0 [ 462.507452][ T4982] ? f2fs_fill_dentries+0xd60/0xd60 [ 462.512495][ T4982] ? avc_policy_seqno+0x1b/0x70 [ 462.517182][ T4982] ? __kasan_check_read+0x11/0x20 [ 462.522030][ T4982] ? security_file_permission+0x86/0xb0 [ 462.527409][ T4982] iterate_dir+0x265/0x600 [ 462.531668][ T4982] ? f2fs_fill_dentries+0xd60/0xd60 [ 462.536697][ T4982] __se_sys_getdents64+0x1c1/0x460 [ 462.541665][ T4982] ? __x64_sys_getdents64+0x90/0x90 [ 462.546676][ T4982] ? filldir+0x680/0x680 [ 462.550758][ T4982] ? __kasan_check_write+0x14/0x20 [ 462.555704][ T4982] ? switch_fpu_return+0x15f/0x2e0 [ 462.560748][ T4982] __x64_sys_getdents64+0x7b/0x90 [ 462.565601][ T4982] x64_sys_call+0x5ae/0x9a0 [ 462.569951][ T4982] do_syscall_64+0x3b/0xb0 [ 462.574189][ T4982] ? clear_bhb_loop+0x35/0x90 [ 462.578703][ T4982] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 462.584433][ T4982] RIP: 0033:0x7fa20667f169 [ 462.588688][ T4982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.608131][ T4982] RSP: 002b:00007fa204ce9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 462.616369][ T4982] RAX: ffffffffffffffda RBX: 00007fa206897fa0 RCX: 00007fa20667f169 [ 462.624290][ T4982] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 462.632111][ T4982] RBP: 00007fa2067002a0 R08: 0000000000000000 R09: 0000000000000000 [ 462.639908][ T4982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.647720][ T4982] R13: 0000000000000000 R14: 00007fa206897fa0 R15: 00007fff84e7eab8 [ 462.655547][ T4982] [ 462.677546][ T288] attempt to access beyond end of device [ 462.677546][ T288] loop0: rw=2049, want=45112, limit=40427 [ 462.748359][ T6] wacom 0003:056A:032B.0028: unknown main item tag 0x1 [ 462.757593][ T6] wacom 0003:056A:032B.0028: hidraw0: USB HID v0.04 Device [HID 056a:032b] on usb-dummy_hcd.1-1/input0 [ 463.103521][ T5002] loop2: detected capacity change from 0 to 256 [ 463.915753][ T1970] usb 2-1: USB disconnect, device number 17 [ 464.050693][ T5007] loop3: detected capacity change from 0 to 512 [ 464.133627][ T5007] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 464.302622][ T5007] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2219: inode #15: comm syz.3.957: corrupted in-inode xattr [ 464.315336][ T5007] EXT4-fs (loop3): Remounting filesystem read-only [ 464.322835][ T5007] EXT4-fs (loop3): 1 truncate cleaned up [ 464.328342][ T5007] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 465.134118][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 465.134135][ T30] audit: type=1326 audit(1743697457.818:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.204899][ T30] audit: type=1326 audit(1743697457.818:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.273623][ T30] audit: type=1326 audit(1743697457.818:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.363482][ T30] audit: type=1326 audit(1743697457.818:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.386741][ T30] audit: type=1326 audit(1743697457.818:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.444231][ T30] audit: type=1326 audit(1743697457.818:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.600823][ T5030] loop2: detected capacity change from 0 to 512 [ 465.676676][ T30] audit: type=1326 audit(1743697457.818:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.720127][ T30] audit: type=1326 audit(1743697457.818:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.748720][ T30] audit: type=1326 audit(1743697457.868:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669a42e169 code=0x7ffc0000 [ 465.799143][ T5030] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 465.869523][ T5030] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 465.887963][ T5030] ext4 filesystem being mounted at /175/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 466.021968][ T5027] loop0: detected capacity change from 0 to 40427 [ 466.065234][ T5027] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 466.085988][ T5027] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 466.171346][ T5027] F2FS-fs (loop0): Found nat_bits in checkpoint [ 466.306117][ T5027] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 466.325647][ T5027] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 466.346587][ T5050] loop1: detected capacity change from 0 to 512 [ 466.391005][ T5050] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 466.397332][ T5021] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 466.408398][ T5021] SELinux: failed to load policy [ 466.482920][ T5050] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 466.501266][ T5050] ext4 filesystem being mounted at /184/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 466.676111][ T5046] loop4: detected capacity change from 0 to 40427 [ 466.876826][ T5046] F2FS-fs (loop4): Found nat_bits in checkpoint [ 466.926456][ T5064] netlink: 12 bytes leftover after parsing attributes in process `syz.0.970'. [ 466.958896][ T5046] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 466.967219][ T5053] loop2: detected capacity change from 0 to 40427 [ 466.986530][ T5053] F2FS-fs (loop2): invalid crc value [ 466.993117][ T5053] F2FS-fs (loop2): Found nat_bits in checkpoint [ 467.026833][ T5046] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 467.041989][ T5046] CPU: 0 PID: 5046 Comm: syz.4.966 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 467.051673][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 467.061554][ T5046] Call Trace: [ 467.064678][ T5046] [ 467.067453][ T5046] dump_stack_lvl+0x151/0x1c0 [ 467.071970][ T5046] ? io_uring_drop_tctx_refs+0x190/0x190 [ 467.077434][ T5046] ? arch_stack_walk+0xf3/0x140 [ 467.079744][ T5053] F2FS-fs (loop2): Start checkpoint disabled! [ 467.082125][ T5046] dump_stack+0x15/0x20 [ 467.092019][ T5046] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 467.097224][ T5046] f2fs_map_blocks+0x1622/0x3ab0 [ 467.102011][ T5046] ? __stack_depot_save+0x34/0x470 [ 467.106951][ T5046] ? f2fs_do_map_lock+0x70/0x70 [ 467.111635][ T5046] ? debug_smp_processor_id+0x17/0x20 [ 467.114546][ T5053] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 467.116835][ T5046] ? try_charge_memcg+0x213/0x1550 [ 467.129078][ T5046] f2fs_mpage_readpages+0xc9a/0x21a0 [ 467.134204][ T5046] ? __mem_cgroup_uncharge_list+0x8b/0x150 [ 467.139847][ T5046] ? dquot_release_reservation_block+0xa0/0xa0 [ 467.145831][ T5046] ? __this_cpu_preempt_check+0x13/0x20 [ 467.151213][ T5046] ? __pagevec_lru_add+0xcde/0xd70 [ 467.156159][ T5046] f2fs_readahead+0xfd/0x250 [ 467.160581][ T5046] ? blk_start_plug+0x5a/0x170 [ 467.165186][ T5046] read_pages+0x15e/0xb00 [ 467.169352][ T5046] ? lru_cache_add+0x279/0x540 [ 467.173948][ T5046] ? page_cache_ra_unbounded+0xa50/0xa50 [ 467.179412][ T5046] ? add_to_page_cache_lru+0x225/0x2c0 [ 467.184710][ T5046] ? add_to_page_cache_locked+0x40/0x40 [ 467.190095][ T5046] page_cache_ra_unbounded+0x7ed/0xa50 [ 467.195386][ T5046] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 467.201720][ T5046] ondemand_readahead+0x9c8/0xfa0 [ 467.206576][ T5046] ? handle_pte_fault+0x7f1/0x28f0 [ 467.211525][ T5046] ? page_cache_sync_ra+0x4d0/0x4d0 [ 467.216559][ T5046] ? fault_around_bytes_set+0xc0/0xc0 [ 467.221766][ T5046] ? cgroup_rstat_updated+0xe5/0x370 [ 467.226885][ T5046] page_cache_sync_ra+0x2e9/0x4d0 [ 467.231748][ T5046] ? force_page_cache_ra+0x420/0x420 [ 467.236865][ T5046] ? do_handle_mm_fault+0x1807/0x2400 [ 467.242076][ T5046] f2fs_readdir+0x52d/0xba0 [ 467.246416][ T5046] ? f2fs_fill_dentries+0xd60/0xd60 [ 467.251450][ T5046] ? avc_policy_seqno+0x1b/0x70 [ 467.256134][ T5046] ? __kasan_check_read+0x11/0x20 [ 467.260996][ T5046] ? security_file_permission+0x86/0xb0 [ 467.266378][ T5046] iterate_dir+0x265/0x600 [ 467.270629][ T5046] ? f2fs_fill_dentries+0xd60/0xd60 [ 467.275662][ T5046] __se_sys_getdents64+0x1c1/0x460 [ 467.280614][ T5046] ? __x64_sys_getdents64+0x90/0x90 [ 467.285645][ T5046] ? filldir+0x680/0x680 [ 467.289722][ T5046] ? __kasan_check_write+0x14/0x20 [ 467.294669][ T5046] ? switch_fpu_return+0x15f/0x2e0 [ 467.299618][ T5046] __x64_sys_getdents64+0x7b/0x90 [ 467.304476][ T5046] x64_sys_call+0x5ae/0x9a0 [ 467.308817][ T5046] do_syscall_64+0x3b/0xb0 [ 467.313074][ T5046] ? clear_bhb_loop+0x35/0x90 [ 467.317588][ T5046] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 467.323311][ T5046] RIP: 0033:0x7f669a42e169 [ 467.327570][ T5046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.347008][ T5046] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 467.355253][ T5046] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 467.363068][ T5046] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 467.370875][ T5046] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 467.378683][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.386499][ T5046] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 467.394327][ T5046] [ 467.448184][ T5046] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 467.477015][ T5046] CPU: 1 PID: 5046 Comm: syz.4.966 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 467.486683][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 467.496568][ T5046] Call Trace: [ 467.499690][ T5046] [ 467.502467][ T5046] dump_stack_lvl+0x151/0x1c0 [ 467.506982][ T5046] ? io_uring_drop_tctx_refs+0x190/0x190 [ 467.512449][ T5046] dump_stack+0x15/0x20 [ 467.516440][ T5046] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 467.521652][ T5046] f2fs_get_read_data_page+0x50f/0x850 [ 467.526948][ T5046] ? f2fs_get_block+0x1b0/0x1b0 [ 467.531632][ T5046] ? force_page_cache_ra+0x420/0x420 [ 467.536749][ T5046] f2fs_find_data_page+0x19c/0x420 [ 467.541698][ T5046] f2fs_readdir+0x53a/0xba0 [ 467.546042][ T5046] ? f2fs_fill_dentries+0xd60/0xd60 [ 467.551073][ T5046] ? avc_policy_seqno+0x1b/0x70 [ 467.555761][ T5046] ? __kasan_check_read+0x11/0x20 [ 467.560623][ T5046] ? security_file_permission+0x86/0xb0 [ 467.566003][ T5046] iterate_dir+0x265/0x600 [ 467.570252][ T5046] ? f2fs_fill_dentries+0xd60/0xd60 [ 467.575289][ T5046] __se_sys_getdents64+0x1c1/0x460 [ 467.580240][ T5046] ? __x64_sys_getdents64+0x90/0x90 [ 467.585269][ T5046] ? filldir+0x680/0x680 [ 467.589350][ T5046] ? __kasan_check_write+0x14/0x20 [ 467.594293][ T5046] ? switch_fpu_return+0x15f/0x2e0 [ 467.599242][ T5046] __x64_sys_getdents64+0x7b/0x90 [ 467.604105][ T5046] x64_sys_call+0x5ae/0x9a0 [ 467.608440][ T5046] do_syscall_64+0x3b/0xb0 [ 467.612692][ T5046] ? clear_bhb_loop+0x35/0x90 [ 467.617217][ T5046] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 467.622940][ T5046] RIP: 0033:0x7f669a42e169 [ 467.627191][ T5046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.646628][ T5046] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 467.654874][ T5046] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 467.662683][ T5046] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 467.670496][ T5046] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 467.678307][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.686120][ T5046] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 467.693935][ T5046] [ 467.817350][ T289] attempt to access beyond end of device [ 467.817350][ T289] loop4: rw=2049, want=45112, limit=40427 [ 468.992703][ T310] attempt to access beyond end of device [ 468.992703][ T310] loop2: rw=1, want=45224, limit=40427 [ 469.117332][ T5083] loop0: detected capacity change from 0 to 512 [ 469.168350][ T5083] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 469.245219][ T310] attempt to access beyond end of device [ 469.245219][ T310] loop2: rw=2049, want=45240, limit=40427 [ 469.314590][ T5083] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.972: corrupted in-inode xattr [ 469.328010][ T5083] EXT4-fs (loop0): Remounting filesystem read-only [ 469.335578][ T5083] EXT4-fs (loop0): 1 truncate cleaned up [ 469.341110][ T5083] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 471.232267][ T30] audit: type=1326 audit(1743697463.918:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 471.303255][ T30] audit: type=1326 audit(1743697463.918:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 471.348499][ T30] audit: type=1326 audit(1743697463.918:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 471.397026][ T956] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 471.437031][ T30] audit: type=1326 audit(1743697463.918:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 471.546975][ T30] audit: type=1326 audit(1743697463.918:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 471.578399][ T5111] loop4: detected capacity change from 0 to 512 [ 471.620901][ T30] audit: type=1326 audit(1743697463.918:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 472.057924][ T5111] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 472.110553][ T5117] loop1: detected capacity change from 0 to 256 [ 472.127789][ T30] audit: type=1326 audit(1743697463.918:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 472.153867][ T5111] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2219: inode #15: comm syz.4.974: corrupted in-inode xattr [ 472.165996][ T5111] EXT4-fs (loop4): Remounting filesystem read-only [ 472.173178][ T5111] EXT4-fs (loop4): 1 truncate cleaned up [ 472.178719][ T5111] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,quota,errors=remount-ro,barrier,. Quota mode: writeback. [ 472.293809][ T30] audit: type=1326 audit(1743697463.918:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 472.357047][ T30] audit: type=1326 audit(1743697463.948:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 472.380671][ T5117] exfat: Deprecated parameter 'namecase' [ 472.387462][ T5117] exfat: Bad value for 'uid' [ 472.443786][ T30] audit: type=1326 audit(1743697463.958:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5100 comm="syz.2.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2562b169 code=0x7ffc0000 [ 472.606097][ T5126] loop4: detected capacity change from 0 to 512 [ 472.670190][ T5126] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 472.781047][ T5126] EXT4-fs (loop4): mounted filesystem without journal. Opts: mblk_io_submit,discard,max_dir_size_kb=0x0000000000000007,block_validity,inlinecrypt,,errors=continue. Quota mode: writeback. [ 472.799554][ T5126] ext4 filesystem being mounted at /196/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 472.831328][ T956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 472.847187][ T956] usb 4-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 472.874583][ T956] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.892898][ T956] usb 4-1: config 0 descriptor?? [ 473.686057][ T956] wacom 0003:056A:032B.0029: unknown main item tag 0x1 [ 473.697631][ T956] wacom 0003:056A:032B.0029: hidraw0: USB HID v0.04 Device [HID 056a:032b] on usb-dummy_hcd.3-1/input0 [ 473.897708][ T5136] loop4: detected capacity change from 0 to 40427 [ 473.971022][ T5136] F2FS-fs (loop4): Found nat_bits in checkpoint [ 474.005194][ T5136] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 474.803543][ T4595] usb 4-1: USB disconnect, device number 16 [ 474.829442][ T5153] 9pnet_virtio: no channels available for device syz [ 474.847220][ T5136] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 474.864886][ T5136] CPU: 1 PID: 5136 Comm: syz.4.985 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 474.874545][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 474.878238][ T5157] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 474.884530][ T5136] Call Trace: [ 474.884541][ T5136] [ 474.884550][ T5136] dump_stack_lvl+0x151/0x1c0 [ 474.910653][ T5136] ? io_uring_drop_tctx_refs+0x190/0x190 [ 474.916114][ T5136] ? arch_stack_walk+0xf3/0x140 [ 474.920808][ T5136] dump_stack+0x15/0x20 [ 474.924794][ T5136] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 474.930008][ T5136] f2fs_map_blocks+0x1622/0x3ab0 [ 474.934775][ T5136] ? __stack_depot_save+0x34/0x470 [ 474.939730][ T5136] ? f2fs_do_map_lock+0x70/0x70 [ 474.944407][ T5136] ? debug_smp_processor_id+0x17/0x20 [ 474.949618][ T5136] ? try_charge_memcg+0x213/0x1550 [ 474.954565][ T5136] f2fs_mpage_readpages+0xc9a/0x21a0 [ 474.959683][ T5136] ? __mem_cgroup_uncharge_list+0x8b/0x150 [ 474.965327][ T5136] ? dquot_release_reservation_block+0xa0/0xa0 [ 474.971315][ T5136] ? __this_cpu_preempt_check+0x13/0x20 [ 474.976698][ T5136] ? __pagevec_lru_add+0xcde/0xd70 [ 474.981652][ T5136] f2fs_readahead+0xfd/0x250 [ 474.986064][ T5136] ? blk_start_plug+0x5a/0x170 [ 474.990779][ T5136] read_pages+0x15e/0xb00 [ 474.994947][ T5136] ? lru_cache_add+0x279/0x540 [ 474.999551][ T5136] ? page_cache_ra_unbounded+0xa50/0xa50 [ 475.005014][ T5136] ? add_to_page_cache_lru+0x225/0x2c0 [ 475.010307][ T5136] ? add_to_page_cache_locked+0x40/0x40 [ 475.015687][ T5136] ? futex_wait+0x9a0/0x9a0 [ 475.020032][ T5136] ? wp_page_copy+0x13f9/0x1b00 [ 475.024718][ T5136] page_cache_ra_unbounded+0x7ed/0xa50 [ 475.030023][ T5136] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 475.036346][ T5136] ondemand_readahead+0x9c8/0xfa0 [ 475.041207][ T5136] ? handle_pte_fault+0x7f1/0x28f0 [ 475.046153][ T5136] ? page_cache_sync_ra+0x4d0/0x4d0 [ 475.051190][ T5136] ? fault_around_bytes_set+0xc0/0xc0 [ 475.056392][ T5136] ? cgroup_rstat_updated+0xe5/0x370 [ 475.061525][ T5136] page_cache_sync_ra+0x2e9/0x4d0 [ 475.066373][ T5136] ? force_page_cache_ra+0x420/0x420 [ 475.071499][ T5136] ? do_handle_mm_fault+0x1807/0x2400 [ 475.076707][ T5136] f2fs_readdir+0x52d/0xba0 [ 475.081050][ T5136] ? f2fs_fill_dentries+0xd60/0xd60 [ 475.086080][ T5136] ? avc_policy_seqno+0x1b/0x70 [ 475.090767][ T5136] ? __kasan_check_read+0x11/0x20 [ 475.095627][ T5136] ? security_file_permission+0x86/0xb0 [ 475.101009][ T5136] iterate_dir+0x265/0x600 [ 475.105270][ T5136] ? f2fs_fill_dentries+0xd60/0xd60 [ 475.110292][ T5136] __se_sys_getdents64+0x1c1/0x460 [ 475.115243][ T5136] ? __x64_sys_getdents64+0x90/0x90 [ 475.120274][ T5136] ? filldir+0x680/0x680 [ 475.124353][ T5136] ? __kasan_check_write+0x14/0x20 [ 475.129299][ T5136] ? switch_fpu_return+0x15f/0x2e0 [ 475.134256][ T5136] __x64_sys_getdents64+0x7b/0x90 [ 475.139115][ T5136] x64_sys_call+0x5ae/0x9a0 [ 475.143451][ T5136] do_syscall_64+0x3b/0xb0 [ 475.147699][ T5136] ? clear_bhb_loop+0x35/0x90 [ 475.152225][ T5136] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 475.158050][ T5136] RIP: 0033:0x7f669a42e169 [ 475.162296][ T5136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.181747][ T5136] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 475.189981][ T5136] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 475.197791][ T5136] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 475.205604][ T5136] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 475.213423][ T5136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 475.221228][ T5136] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 475.229043][ T5136] [ 475.257565][ T5136] F2FS-fs (loop4): Inconsistent error blkaddr:5633, sit bitmap:0 [ 475.293147][ T5136] CPU: 0 PID: 5136 Comm: syz.4.985 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 475.302800][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 475.312695][ T5136] Call Trace: [ 475.315815][ T5136] [ 475.318595][ T5136] dump_stack_lvl+0x151/0x1c0 [ 475.323106][ T5136] ? io_uring_drop_tctx_refs+0x190/0x190 [ 475.328580][ T5136] dump_stack+0x15/0x20 [ 475.332570][ T5136] f2fs_is_valid_blkaddr+0xc87/0x12d0 [ 475.337776][ T5136] f2fs_get_read_data_page+0x50f/0x850 [ 475.343066][ T5136] ? f2fs_get_block+0x1b0/0x1b0 [ 475.347759][ T5136] ? force_page_cache_ra+0x420/0x420 [ 475.352878][ T5136] f2fs_find_data_page+0x19c/0x420 [ 475.357823][ T5136] f2fs_readdir+0x53a/0xba0 [ 475.362166][ T5136] ? f2fs_fill_dentries+0xd60/0xd60 [ 475.367196][ T5136] ? avc_policy_seqno+0x1b/0x70 [ 475.371880][ T5136] ? __kasan_check_read+0x11/0x20 [ 475.376758][ T5136] ? security_file_permission+0x86/0xb0 [ 475.382209][ T5136] iterate_dir+0x265/0x600 [ 475.386476][ T5136] ? f2fs_fill_dentries+0xd60/0xd60 [ 475.391520][ T5136] __se_sys_getdents64+0x1c1/0x460 [ 475.396451][ T5136] ? __x64_sys_getdents64+0x90/0x90 [ 475.401489][ T5136] ? filldir+0x680/0x680 [ 475.405568][ T5136] ? __kasan_check_write+0x14/0x20 [ 475.410508][ T5136] ? switch_fpu_return+0x15f/0x2e0 [ 475.415467][ T5136] __x64_sys_getdents64+0x7b/0x90 [ 475.420313][ T5136] x64_sys_call+0x5ae/0x9a0 [ 475.424650][ T5136] do_syscall_64+0x3b/0xb0 [ 475.428902][ T5136] ? clear_bhb_loop+0x35/0x90 [ 475.433416][ T5136] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 475.439143][ T5136] RIP: 0033:0x7f669a42e169 [ 475.443397][ T5136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.462838][ T5136] RSP: 002b:00007f6698a98038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 475.471086][ T5136] RAX: ffffffffffffffda RBX: 00007f669a646fa0 RCX: 00007f669a42e169 [ 475.478897][ T5136] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000003 [ 475.486709][ T5136] RBP: 00007f669a4af2a0 R08: 0000000000000000 R09: 0000000000000000 [ 475.494552][ T5136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 475.502330][ T5136] R13: 0000000000000000 R14: 00007f669a646fa0 R15: 00007ffd99a8a9e8 [ 475.510156][ T5136] [ 475.524543][ T289] attempt to access beyond end of device [ 475.524543][ T289] loop4: rw=2049, want=45112, limit=40427 [ 475.545366][ T5167] xt_hashlimit: size too large, truncated to 1048576 [ 475.666988][ T6] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 476.126970][ T6] usb 1-1: Using ep0 maxpacket: 8 [ 476.198849][ T5198] netlink: 'syz.4.1004': attribute type 12 has an invalid length. [ 476.206494][ T5198] netlink: 'syz.4.1004': attribute type 29 has an invalid length. [ 476.214183][ T5198] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1004'. [ 476.223070][ T5198] netlink: 'syz.4.1004': attribute type 2 has an invalid length. [ 476.230673][ T5198] netlink: 'syz.4.1004': attribute type 3 has an invalid length. [ 476.238220][ T5198] netlink: 35 bytes leftover after parsing attributes in process `syz.4.1004'. [ 476.256991][ T956] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 476.267656][ T6] usb 1-1: config 0 has no interfaces? [ 476.272960][ T6] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 476.282394][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.291586][ T6] usb 1-1: config 0 descriptor?? [ 476.445599][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 476.445617][ T30] audit: type=1400 audit(1743697469.128:612): avc: denied { write } for pid=5207 comm="syz.4.1012" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 476.474067][ T718] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 476.529764][ T314] usb 1-1: USB disconnect, device number 23 [ 476.667036][ T956] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 476.675310][ T956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 476.716981][ T718] usb 3-1: Using ep0 maxpacket: 8 [ 476.777146][ T956] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 476.786079][ T956] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 476.793883][ T956] usb 4-1: Manufacturer: syz [ 476.798892][ T956] usb 4-1: config 0 descriptor?? [ 476.820345][ T30] audit: type=1400 audit(1743697469.508:613): avc: denied { append } for pid=5210 comm="syz.1.1013" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 476.843131][ T718] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 476.859643][ T718] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 476.870868][ T718] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.882340][ T718] usb 3-1: config 0 descriptor?? [ 476.904998][ T30] audit: type=1400 audit(1743697469.588:614): avc: denied { create } for pid=5216 comm="syz.1.1015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 476.949412][ T5217] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 476.960101][ T5217] kvm: pic: non byte read [ 476.964422][ T5217] kvm: pic: level sensitive irq not supported [ 476.964465][ T5217] kvm: pic: non byte read [ 476.974827][ T5217] kvm: pic: level sensitive irq not supported [ 476.974890][ T5217] kvm: pic: non byte read [ 476.985137][ T5217] kvm: pic: level sensitive irq not supported [ 476.985186][ T5217] kvm: pic: non byte read [ 476.995421][ T5217] kvm: pic: level sensitive irq not supported [ 476.995464][ T5217] kvm: pic: non byte read [ 477.005709][ T5217] kvm: pic: level sensitive irq not supported [ 477.005764][ T5217] kvm: pic: non byte read [ 477.041284][ T5221] 9pnet_virtio: no channels available for device syz [ 477.053224][ T30] audit: type=1400 audit(1743697469.738:615): avc: denied { create } for pid=5171 comm="syz.3.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 477.054069][ T956] usb 4-1: USB disconnect, device number 17 [ 477.088994][ T30] audit: type=1400 audit(1743697469.778:616): avc: denied { name_bind } for pid=5222 comm="syz.1.1017" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 477.150644][ T5231] kvm [5230]: vcpu2, guest rIP: 0xfff0 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x2a, nop [ 477.189920][ T5236] process 'syz.1.1022' launched '/dev/fd/3' with NULL argv: empty string added [ 477.199097][ T30] audit: type=1400 audit(1743697469.888:617): avc: denied { execute } for pid=5235 comm="syz.1.1022" dev="tmpfs" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 477.232525][ T30] audit: type=1400 audit(1743697469.888:618): avc: denied { execute_no_trans } for pid=5235 comm="syz.1.1022" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 477.350962][ T30] audit: type=1400 audit(1743697470.038:619): avc: denied { mounton } for pid=5254 comm="syz.0.1031" path="/proc/731/task" dev="proc" ino=27504 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 477.374043][ T30] audit: type=1400 audit(1743697470.068:620): avc: denied { mount } for pid=5254 comm="syz.0.1031" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 477.686980][ T956] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 478.067041][ T956] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 478.135810][ T30] audit: type=1400 audit(1743697470.818:621): avc: denied { ioctl } for pid=5277 comm="syz.0.1037" path="socket:[27900]" dev="sockfs" ino=27900 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 478.257233][ T956] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 478.266527][ T956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.275579][ T956] usb 5-1: Product: syz [ 478.284147][ T956] usb 5-1: Manufacturer: syz [ 478.288986][ T956] usb 5-1: SerialNumber: syz [ 478.309323][ T5288] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 478.557765][ T956] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 22 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 478.758605][ T314] usb 5-1: USB disconnect, device number 22 [ 478.765188][ T314] usblp0: removed [ 479.182947][ T956] usb 3-1: USB disconnect, device number 25 [ 479.237677][ T5321] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 479.245531][ T5321] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 479.288486][ T5324] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1054'. [ 479.316639][ T5324] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5324 comm=syz.1.1054 [ 479.341602][ T5328] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 479.362567][ T5328] kvm: pic: level sensitive irq not supported [ 479.362672][ T5328] kvm: pic: non byte read [ 479.690485][ T5358] input: syz0 as /devices/virtual/input/input128 [ 479.707324][ T5357] ================================================================== [ 479.715226][ T5357] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0xb9d/0x3430 [ 479.723209][ T5357] Read of size 8 at addr ffff88810ec139c0 by task syz.3.1070/5357 [ 479.730841][ T5357] [ 479.733017][ T5357] CPU: 1 PID: 5357 Comm: syz.3.1070 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 [ 479.742735][ T5357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 479.752644][ T5357] Call Trace: [ 479.755752][ T5357] [ 479.758534][ T5357] dump_stack_lvl+0x151/0x1c0 [ 479.763044][ T5357] ? io_uring_drop_tctx_refs+0x190/0x190 [ 479.768510][ T5357] ? panic+0x760/0x760 [ 479.772417][ T5357] print_address_description+0x87/0x3b0 [ 479.777808][ T5357] kasan_report+0x179/0x1c0 [ 479.782139][ T5357] ? tc_setup_flow_action+0xb9d/0x3430 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 479.787433][ T5357] ? tc_setup_flow_action+0xb9d/0x3430 [ 479.792728][ T5357] __asan_report_load8_noabort+0x14/0x20 [ 479.798489][ T5357] tc_setup_flow_action+0xb9d/0x3430 [ 479.803611][ T5357] mall_replace_hw_filter+0x394/0xc20 [ 479.808816][ T5357] ? mall_set_parms+0x4b0/0x4b0 [ 479.813612][ T5357] ? tcf_exts_destroy+0xb0/0xb0 [ 479.818293][ T5357] ? pcpu_memcg_post_alloc_hook+0x1b1/0x260 [ 479.824025][ T5357] ? pcpu_alloc+0xda0/0x13e0 [ 479.828450][ T5357] ? mall_set_parms+0x1c3/0x4b0 [ 479.833264][ T5357] mall_change+0x56e/0x780 [ 479.837518][ T5357] ? mall_get+0xb0/0xb0 [ 479.841509][ T5357] ? tcf_chain_tp_insert_unique+0xa90/0xbb0 [ 479.847239][ T5357] ? nla_strcmp+0xed/0x120 [ 479.851491][ T5357] ? mall_get+0xb0/0xb0 [ 479.855487][ T5357] tc_new_tfilter+0x151a/0x1c00 [ 479.860177][ T5357] ? tcf_gate_entry_destructor+0x20/0x20 [ 479.865640][ T5357] ? security_capable+0x87/0xb0 [ 479.870322][ T5357] ? ns_capable+0x89/0xe0 [ 479.874491][ T5357] ? netlink_net_capable+0x125/0x160 [ 479.879609][ T5357] ? tcf_gate_entry_destructor+0x20/0x20 [ 479.885079][ T5357] rtnetlink_rcv_msg+0x776/0xc40 [ 479.889857][ T5357] ? rtnetlink_bind+0x80/0x80 [ 479.894367][ T5357] ? stack_trace_save+0x1c0/0x1c0 [ 479.899224][ T5357] ? __kernel_text_address+0x9b/0x110 [ 479.904433][ T5357] ? unwind_get_return_address+0x4d/0x90 [ 479.909899][ T5357] ? avc_has_perm_noaudit+0x348/0x430 [ 479.915101][ T5357] ? memcpy+0x56/0x70 [ 479.918926][ T5357] ? avc_has_perm_noaudit+0x2dd/0x430 [ 479.924129][ T5357] ? avc_denied+0x1b0/0x1b0 [ 479.928471][ T5357] ? avc_has_perm+0x16f/0x260 [ 479.932982][ T5357] ? ____kasan_kmalloc+0xed/0x110 [ 479.937845][ T5357] ? avc_has_perm_noaudit+0x430/0x430 [ 479.943049][ T5357] ? x64_sys_call+0x16a/0x9a0 [ 479.947563][ T5357] netlink_rcv_skb+0x1cf/0x410 [ 479.952162][ T5357] ? rtnetlink_bind+0x80/0x80 [ 479.956675][ T5357] ? netlink_ack+0xb10/0xb10 [ 479.961108][ T5357] ? __netlink_lookup+0x37b/0x3a0 [ 479.965962][ T5357] rtnetlink_rcv+0x1c/0x20 [ 479.970216][ T5357] netlink_unicast+0x8df/0xac0 [ 479.974816][ T5357] ? netlink_detachskb+0x90/0x90 [ 479.979593][ T5357] ? security_netlink_send+0x7b/0xa0 [ 479.984710][ T5357] netlink_sendmsg+0xa0a/0xd20 [ 479.989313][ T5357] ? netlink_getsockopt+0x560/0x560 [ 479.994347][ T5357] ? security_socket_sendmsg+0x82/0xb0 [ 479.999636][ T5357] ? netlink_getsockopt+0x560/0x560 [ 480.004671][ T5357] ____sys_sendmsg+0x59e/0x8f0 [ 480.009272][ T5357] ? __sys_sendmsg_sock+0x40/0x40 [ 480.014134][ T5357] ? import_iovec+0xe5/0x120 [ 480.018559][ T5357] ___sys_sendmsg+0x252/0x2e0 [ 480.023073][ T5357] ? __sys_sendmsg+0x260/0x260 [ 480.027672][ T5357] ? check_stack_object+0xf4/0x130 [ 480.032624][ T5357] ? __fdget+0x1bc/0x240 [ 480.036697][ T5357] __se_sys_sendmsg+0x19a/0x260 [ 480.041384][ T5357] ? __x64_sys_sendmsg+0x90/0x90 [ 480.046159][ T5357] ? __kasan_check_write+0x14/0x20 [ 480.051103][ T5357] ? switch_fpu_return+0x15f/0x2e0 [ 480.056053][ T5357] __x64_sys_sendmsg+0x7b/0x90 [ 480.060654][ T5357] x64_sys_call+0x16a/0x9a0 [ 480.064992][ T5357] do_syscall_64+0x3b/0xb0 [ 480.069259][ T5357] ? clear_bhb_loop+0x35/0x90 [ 480.073758][ T5357] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 480.079489][ T5357] RIP: 0033:0x7f0972edf169 [ 480.083741][ T5357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.103205][ T5357] RSP: 002b:00007f0971549038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 480.111428][ T5357] RAX: ffffffffffffffda RBX: 00007f09730f7fa0 RCX: 00007f0972edf169 [ 480.119236][ T5357] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 480.127050][ T5357] RBP: 00007f0972f602a0 R08: 0000000000000000 R09: 0000000000000000 [ 480.134861][ T5357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.142671][ T5357] R13: 0000000000000000 R14: 00007f09730f7fa0 R15: 00007ffeecd752d8 [ 480.150524][ T5357] [ 480.153433][ T5357] [ 480.155601][ T5357] Allocated by task 5357: [ 480.159768][ T5357] ____kasan_kmalloc+0xdb/0x110 [ 480.164455][ T5357] __kasan_kmalloc+0x9/0x10 [ 480.168805][ T5357] __kmalloc+0x13f/0x2c0 [ 480.172880][ T5357] tcf_idr_create+0x5f/0x780 [ 480.177303][ T5357] tcf_idr_create_from_flags+0x5f/0x70 [ 480.182599][ T5357] tcf_gact_init+0x3cd/0x6e0 [ 480.187024][ T5357] tcf_action_init_1+0x50f/0x7f0 [ 480.191794][ T5357] tcf_action_init+0x306/0x840 [ 480.196396][ T5357] tcf_exts_validate+0x236/0x520 [ 480.201169][ T5357] mall_set_parms+0x44/0x4b0 [ 480.205597][ T5357] mall_change+0x495/0x780 [ 480.209847][ T5357] tc_new_tfilter+0x151a/0x1c00 [ 480.214533][ T5357] rtnetlink_rcv_msg+0x776/0xc40 [ 480.219314][ T5357] netlink_rcv_skb+0x1cf/0x410 [ 480.223907][ T5357] rtnetlink_rcv+0x1c/0x20 [ 480.228159][ T5357] netlink_unicast+0x8df/0xac0 [ 480.232760][ T5357] netlink_sendmsg+0xa0a/0xd20 [ 480.237358][ T5357] ____sys_sendmsg+0x59e/0x8f0 [ 480.241961][ T5357] ___sys_sendmsg+0x252/0x2e0 [ 480.246473][ T5357] __se_sys_sendmsg+0x19a/0x260 [ 480.251163][ T5357] __x64_sys_sendmsg+0x7b/0x90 [ 480.255761][ T5357] x64_sys_call+0x16a/0x9a0 [ 480.260102][ T5357] do_syscall_64+0x3b/0xb0 [ 480.264352][ T5357] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 480.270082][ T5357] [ 480.272252][ T5357] Last potentially related work creation: [ 480.277808][ T5357] kasan_save_stack+0x3b/0x60 [ 480.282321][ T5357] __kasan_record_aux_stack+0xd3/0xf0 [ 480.287526][ T5357] kasan_record_aux_stack_noalloc+0xb/0x10 [ 480.293166][ T5357] kvfree_call_rcu+0xb1/0x8b0 [ 480.297681][ T5357] fib_rules_unregister+0x341/0x370 [ 480.302713][ T5357] fib4_rules_exit+0x3b/0x40 [ 480.307140][ T5357] ip_fib_net_exit+0x31b/0x360 [ 480.311742][ T5357] fib_net_exit+0x6d/0x80 [ 480.315907][ T5357] cleanup_net+0x64b/0xc00 [ 480.320161][ T5357] process_one_work+0x6bb/0xc10 [ 480.324846][ T5357] worker_thread+0xad5/0x12a0 [ 480.329360][ T5357] kthread+0x421/0x510 [ 480.333268][ T5357] ret_from_fork+0x1f/0x30 [ 480.337519][ T5357] [ 480.339687][ T5357] Second to last potentially related work creation: [ 480.346114][ T5357] kasan_save_stack+0x3b/0x60 [ 480.350627][ T5357] __kasan_record_aux_stack+0xd3/0xf0 [ 480.355834][ T5357] kasan_record_aux_stack_noalloc+0xb/0x10 [ 480.361478][ T5357] call_rcu+0x123/0x10b0 [ 480.365553][ T5357] neigh_parms_release+0x1e1/0x220 [ 480.370505][ T5357] addrconf_ifdown+0x1844/0x1ae0 [ 480.375275][ T5357] addrconf_notify+0x37d/0xdd0 [ 480.379877][ T5357] raw_notifier_call_chain+0x8c/0xf0 [ 480.385021][ T5357] unregister_netdevice_many+0xe0a/0x17c0 [ 480.390552][ T5357] default_device_exit_batch+0x38a/0x3f0 [ 480.396021][ T5357] cleanup_net+0x6ce/0xc00 [ 480.400268][ T5357] process_one_work+0x6bb/0xc10 [ 480.404957][ T5357] worker_thread+0xad5/0x12a0 [ 480.409557][ T5357] kthread+0x421/0x510 [ 480.413462][ T5357] ret_from_fork+0x1f/0x30 [ 480.417713][ T5357] [ 480.419886][ T5357] The buggy address belongs to the object at ffff88810ec13900 [ 480.419886][ T5357] which belongs to the cache kmalloc-192 of size 192 [ 480.433769][ T5357] The buggy address is located 0 bytes to the right of [ 480.433769][ T5357] 192-byte region [ffff88810ec13900, ffff88810ec139c0) [ 480.447224][ T5357] The buggy address belongs to the page: [ 480.452703][ T5357] page:ffffea00043b04c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ec13 [ 480.462761][ T5357] flags: 0x4000000000000200(slab|zone=1) [ 480.468237][ T5357] raw: 4000000000000200 0000000000000000 0000000800000001 ffff888100042c00 [ 480.476653][ T5357] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 480.485072][ T5357] page dumped because: kasan: bad access detected [ 480.491322][ T5357] page_owner tracks the page as allocated [ 480.496870][ T5357] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4547713012, free_ts 4547692830 [ 480.512497][ T5357] post_alloc_hook+0x1a3/0x1b0 [ 480.517095][ T5357] prep_new_page+0x1b/0x110 [ 480.521431][ T5357] get_page_from_freelist+0x3550/0x35d0 [ 480.526811][ T5357] __alloc_pages+0x27e/0x8f0 [ 480.531240][ T5357] new_slab+0x9a/0x4e0 [ 480.535143][ T5357] ___slab_alloc+0x39e/0x830 [ 480.539570][ T5357] __slab_alloc+0x4a/0x90 [ 480.543737][ T5357] kmem_cache_alloc_trace+0x147/0x270 [ 480.548945][ T5357] kernfs_fop_open+0x324/0xab0 [ 480.553544][ T5357] do_dentry_open+0x81c/0xfd0 [ 480.558076][ T5357] vfs_open+0x73/0x80 [ 480.561874][ T5357] path_openat+0x26f0/0x2f40 [ 480.566300][ T5357] do_filp_open+0x21c/0x460 [ 480.570640][ T5357] do_sys_openat2+0x13f/0x820 [ 480.575154][ T5357] __x64_sys_openat+0x243/0x290 [ 480.579842][ T5357] x64_sys_call+0x6bf/0x9a0 [ 480.584183][ T5357] page last free stack trace: [ 480.588694][ T5357] free_unref_page_prepare+0x7c8/0x7d0 [ 480.593987][ T5357] free_unref_page+0xe8/0x750 [ 480.598502][ T5357] __free_pages+0x61/0xf0 [ 480.602669][ T5357] free_pages+0x7c/0x90 [ 480.606662][ T5357] selinux_genfs_get_sid+0x24d/0x2a0 [ 480.611784][ T5357] inode_doinit_with_dentry+0x8d2/0x1070 [ 480.617254][ T5357] selinux_d_instantiate+0x27/0x40 [ 480.622209][ T5357] security_d_instantiate+0x9f/0x100 [ 480.627317][ T5357] d_splice_alias+0x6d/0x390 [ 480.631742][ T5357] kernfs_iop_lookup+0x29e/0x2f0 [ 480.636520][ T5357] path_openat+0x1194/0x2f40 [ 480.640945][ T5357] do_filp_open+0x21c/0x460 [ 480.645281][ T5357] do_sys_openat2+0x13f/0x820 [ 480.649794][ T5357] __x64_sys_openat+0x243/0x290 [ 480.654484][ T5357] x64_sys_call+0x6bf/0x9a0 [ 480.658826][ T5357] do_syscall_64+0x3b/0xb0 [ 480.663079][ T5357] [ 480.665257][ T5357] Memory state around the buggy address: [ 480.670719][ T5357] ffff88810ec13880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 480.678612][ T5357] ffff88810ec13900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 480.686512][ T5357] >ffff88810ec13980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 480.694407][ T5357] ^ [ 480.700397][ T5357] ffff88810ec13a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 480.708298][ T5357] ffff88810ec13a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 480.716191][ T5357] ================================================================== [ 480.724090][ T5357] Disabling lock debugging due to kernel taint [ 480.858655][ T289] syz-executor (289) used greatest stack depth: 20368 bytes left [ 481.768014][ T310] device bridge_slave_1 left promiscuous mode [ 481.774085][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.781587][ T310] device bridge_slave_0 left promiscuous mode [ 481.787604][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.795472][ T310] device veth1_macvtap left promiscuous mode [ 481.801333][ T310] device veth0_vlan left promiscuous mode [ 483.338047][ T310] device bridge_slave_1 left promiscuous mode [ 483.344123][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.351495][ T310] device bridge_slave_0 left promiscuous mode [ 483.357462][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.365406][ T310] device bridge_slave_1 left promiscuous mode [ 483.371378][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.378672][ T310] device bridge_slave_0 left promiscuous mode [ 483.384608][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.392688][ T310] device veth1_macvtap left promiscuous mode [ 483.398546][ T310] device veth0_vlan left promiscuous mode [ 483.404419][ T310] device veth1_macvtap left promiscuous mode [ 483.410258][ T310] device veth0_vlan left promiscuous mode [ 486.337656][ T10] device bridge_slave_1 left promiscuous mode [ 486.343609][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.350992][ T10] device bridge_slave_0 left promiscuous mode [ 486.357000][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.364754][ T10] device veth1_macvtap left promiscuous mode [ 486.370627][ T10] device veth0_vlan left promiscuous mode