last executing test programs: 18.802164015s ago: executing program 0 (id=1270): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @empty}, 0x10) process_vm_writev(r0, &(0x7f00000004c0), 0x0, 0x0, 0x0, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000180)=@gcm_256={{0x304}, "37472a4452e219e0", "9425f400ed4769823930617831c320e288cbed7e493b42cd2f9b1f53f3e0681c", "8e0a10b2", "c7fe327b7c843779"}, 0x38) sendto$inet6(r4, &(0x7f0000000240)="c62ee5d6a89f", 0x6, 0x8040, 0x0, 0x0) 12.902518591s ago: executing program 4 (id=1282): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, 0x0, 0xc2010) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) inotify_init() r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$video4linux(0x0, 0x7, 0x2000) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sndseq(0xffffffffffffff9c, 0x0, 0x800) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) mount(0x0, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, &(0x7f0000000400)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r2 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r2, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}, 0x24) sendmsg$inet(r2, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) recvfrom$rxrpc(r2, 0x0, 0x0, 0xe8ce25b3ffff0000, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000280), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x40effe, 0x2, 0x2}) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000180)={0xffffffffffffffff, 0x1, 0x5, 0x0, 0x7}, 0xc) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x801) 11.621413842s ago: executing program 2 (id=1284): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r0, 0xee01, 0x0) keyctl$get_security(0x11, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=@allocspi={0x148, 0x16, 0x20, 0x70bd2a, 0x25dfdbfb, {{{@in=@multicast2, @in6=@empty, 0x4e22, 0x8, 0x4e24, 0x10, 0xa, 0x20, 0x20, 0x6, 0x0, 0xee01}, {@in=@multicast2, 0x4d4, 0x32}, @in=@remote, {0xaf7, 0x1, 0xfffffffffffffffc, 0xc, 0x800, 0x1fc00000, 0x5, 0x2b}, {0x3a00000, 0x3, 0x9, 0xffff}, {0x88000000, 0xe55, 0x3}, 0x70bd2b, 0x0, 0x2, 0x4, 0x7f, 0xe6}, 0xcffa, 0xf8}, [@algo_auth={0x4d, 0x1, {{'crct10dif\x00'}, 0x28, "5e8b6a88fb"}}]}, 0x148}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=@report={0xb4, 0x20, 0x300, 0x70bd27, 0x25dfdbfc, {0x2b, {@in=@private=0xa010100, @in=@private=0xa010102, 0x4e23, 0x8000, 0x4e22, 0x7f, 0x2, 0xa0, 0x80, 0x3c}}, [@etimer_thresh={0x8, 0xc, 0x5}, @algo_aead={0x4d, 0x12, {{'seqiv(aegis128l)\x00'}, 0x8, 0xa0, '3'}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x6}, @etimer_thresh={0x8, 0xc, 0x5}]}, 0xb4}, 0x1, 0x0, 0x0, 0x40000}, 0x810) timer_settime(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000d, 0x13, r4, 0xc5e66000) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r5, 0xc0405665, &(0x7f00000001c0)={0x0, 0x2}) ioctl$VIDIOC_DQEVENT(r3, 0x80885659, 0x0) 11.347760286s ago: executing program 0 (id=1286): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000180)=ANY=[], 0x27) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair(0x8, 0x80000, 0x7, 0x0) socket$igmp6(0xa, 0x3, 0x2) syz_io_uring_setup(0x235, 0x0, 0x0, &(0x7f0000000280)) bind$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) setgroups(0x0, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x10) syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x800) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000040)='pstore\x00', 0x4, 0x0) 9.85997275s ago: executing program 0 (id=1287): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000080)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") socket$nl_netfilter(0x10, 0x3, 0xc) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$inet(0x2, 0x80000, 0xfffffffd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) 9.738835902s ago: executing program 2 (id=1289): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000400), 0x2) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x1, 0x8, 0xb}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r6, 0xffffffffffffffff, 0x7}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r6, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r5}, 0x20) sendto$inet6(r5, &(0x7f0000000040), 0x0, 0x24004090, 0x0, 0x0) ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x8000}) close_range(r0, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 8.708692819s ago: executing program 2 (id=1290): setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000003d40), 0x4) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, 0x0, 0x0) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) sendto(r0, 0x0, 0x0, 0x4008, 0x0, 0x0) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0505405, &(0x7f0000000600)={0x1, 0x0, 0x0, 0x3}) 8.707323279s ago: executing program 3 (id=1291): socket$alg(0x26, 0x5, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="380000002000010000000000000200f402000000000000000000130000000008000600008000000000000000cee513faf2ec5d80d12e34d8d661b3b213e3bba1e49be59dd48bd7c5d8cb7db0a2933715054fe0d5d331e7957c7f0e8e9842d2e95c96568d3b0507fe1cb656faf405486a229b99aa5c57946e942fe60ee9c2d8bdf842f7e17877ef1c3ec6debdf414a14210aaf0e8909967eee8be93216fbc53b9840be42e36a96e6c5257cf56b4ba963138b47e15ec"], 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x40c0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) setresuid(0xee01, 0xee00, 0x0) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) chmod(&(0x7f0000000180)='./file0\x00', 0xc) shutdown(r1, 0x2) 8.678853599s ago: executing program 4 (id=1292): socket$alg(0x26, 0x5, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="380000002000010000000000000200f402000000000000000000130000000008000600008000000000000000cee513faf2ec5d80d12e34d8d661b3b213e3bba1e49be59dd48bd7c5d8cb7db0a2933715054fe0d5d331e7957c7f0e8e9842d2e95c96568d3b0507fe1cb656faf405486a229b99aa5c57946e942fe60ee9c2d8bdf842f7e17877ef1c3ec6debdf414a14210aaf0e8909967eee8be93216fbc53b9840be42e36a96e6c5257cf56b4ba963138b47e15ec"], 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x40c0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) setresuid(0xee01, 0xee00, 0x0) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) chmod(&(0x7f0000000180)='./file0\x00', 0xc) shutdown(r1, 0x2) 8.61814382s ago: executing program 1 (id=1293): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x81}, 0x18) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24008804) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20050800) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x14, 0x4, 0x65bf, 0x9, 0x0, 0x1, 0xcafe}, 0x50) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 7.844360283s ago: executing program 1 (id=1294): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000773) write$uinput_user_dev(r0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8b, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x488c0}, 0x4000080) ioctl$UI_DEV_CREATE(r0, 0x5501) lseek(0xffffffffffffffff, 0x3, 0x1) socket$can_j1939(0x1d, 0x2, 0x7) syz_mount_image$udf(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x14, &(0x7f0000002440)=ANY=[], 0xff, 0xc19, &(0x7f0000002140)="$eJzs3VFsXeddAPD/d2zHToq2S9ek3Yim2yJ1IWPBdtamlSfRUGMxlrWmjjegPPQmvimXOPaV7XRpBVt46gNImCEhJIaEhIYqHiYjtAd4GhISrxbaG0IKYypFCOk+rNoLWtA597vxteM0IY5jJ/n9pOR/7jn/75zvfN/pOeee754mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIX/rl06Njaa9rAQDcT6/MvDY67voPAI+Us77/AwAAAAAAAAAAAADAfpeiiA8ixdeOdtIb1eeukTOthctXZienti92MFUlB6r88s/I2PjJzz/3/KkXevGjy99rn4xXZ86err+8eKm91Fxebs7VZxda5xfnmne8hp2W3+p41QD1Sxcvz124sFwfP3Fy0+IrtfeHHztSmzg19vrhXu7s5NTUTF/O4NBdb/0mt3rD40AUcSFSXHzvg9SIiCJ23ha3OXZ228FqJ45XOzE7OVXtyHyrsbBSLpzuNUQRUesr9FKvje5DX+xIPeJqWf2ywsfL3ZtpN5Ya5+ab9enG0kprpbW4MJ26tU1VehEvpIh2RHSGb17dUBTx9Ujx7rc66VxEDPTa4bPVi8G3r0+xC/t4BwYjojYUsV48AH22jw1HEd+JFN/8xmicz+1aNduzEV8u45GIy2W8FrFaxk9HpPIAeSLiw22OJx4sg1HEH0SKH0100lyv76vzypmv1L+4cGGxL7d3Xrnr60M+V+z59eF+2ufnppEoolGd8Tvp7m92AAAAAADYf4r440jx9PePpXb0jym2Ft6sn22cm+8+Fe49+6/nUtevX79eS904muN0ju0cV3Ncy3G9jLGxglqRy+c4nWM7x9Uc13Jcz7GTY20gl89xOsd2jqs5ruW4nmMnx9pgLp/j9GBVs6vt/Hk1x7Uc13PsDO5FPwEAAAAAAADArR2MIr4aKZ79hbeq94qjei/94xOnXjvxq/3vjD91m/WUuSciYq24s3dyD+TXAafTdEp79A4x3ff/fi+///f7t0sFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeakUU8UykeOu7nRQpIuoRb0Q3Xhve69oBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3wkgq4sNI8adfGqk+rxcRvxkRP+kuHozr99re7i8AAAAAAAAAPJRSEW9Himde66RaRFypvT/82JHaxKmx1w8PxECkMqU//9WZs6frLy9eai81l5ebc/XZhdb5xbnmnW5u5Exr4fKV2cmpXdmZ2zq4y/U/OPLyYvvtpdabv72y7fJDI6fPLa8sNc5vvzgORhFR759zvKrw7ORUVen5VmOhKjqd7rTGAAAAAAAAADwKhlIRP4kU7/71ezfGnQe7Y/6DW3O//YWIIk9P5vHnG8PQ1e8GPlb9bqA7/fGJU782/qn+6W2HrI9XA+r12cmpqZm+2YNDN6eO5O2O7myX6VP2/0qk+MO/qKen87zN/T9wI/fbv7vR31e3rugWff7/6P9NPd7r/5/um1duM6Ui/jZS/MyvPxVPV/U8FDf9ZiLnfSlS/Mba0ZwXB8q8Z/Lyx6u/Ry605pujZe6VSPGPlzfnPptzP7GRO3an7fqgKPv/mUjx37+1dqNtcv/nHtjotf7+/9TWo2Pn/b/tf/+P982r5e3+7L3ZdSJi+e13Ljbm55tLj+LEwP6oxt5P/NmebL13PtgnjbAPJ+Lq3m19j09M3Bfl9f+rkeIf/uRfb9zv5Ov/T0V1W7Vx//fjr29c/ye2rmiXrv+f6Js3ke9GhgYjRlYutYeejBhZfvudz7UuNd5svtlcOHnqxefHR18cGz05dKB3c7cxtXXLN32/eRSV/f87keI7P/ib+Eyet/n+b/v7/0NbV7RL/f9E37xDm+5Xdrzr5P7/30jxz5Pfi2N53kfd//e+/x/LN+E37s93qf8P982rvuN9LOLn+uYdOxzx0H0pAwAAgHsspSK+l8dTR28znvpPkeKd//r5nJeOlHkv5eW16u+RVxYXPnd6fn7xfGOlcW6+WZ9pN843y7I/jBSdvzoao1FEiqIaX+2NN3fHeDfGYv8lUrz4K0fzdrpjsb1nU09s5I6VuScixR+9sjm39xzj8EbueJn7b5Fi7PXtc49s5J4sc/8zUvz4z+u93ENl7hdy7pMbuSfOL87P7UK3AAAAAADAjgylIp6PFH9/cjD1nm/fye8/b3rovUu//3uyb97cfXpfZfuW8j/cBeDhUV7/j5XXtl/8yxtj+Zuv/xvvyfRf/7fq/3cDbjV9N9f/2r3ZTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHTooiFiPF14520rXh8nPXyJnWwuUrs5NT2xc7mKqSA1V++WdkbPzk5597/tQLvfjR5e+1T8arM2dP119evNReai4vN+fqswut84tzzTtew07Lb3W8aoD6pYuX5y5ciBg/cXLT4iu194cfO1KbODX2+uFe7uzk1NRMX87g0F1v/Sa9fi22zD8QRfxPpLj43gfp34fz8h22xW2Ond12MIr4u4god2J2cqrakflWY2GlXDjd1xC1vkIv9droPvTFjtQjrpbVLyt8vNy9mXZjqXFuvlmfbiyttFZaiwvTqVvbVKUX8UKKaEdEZ/jm1Q1FEUOR4t1vddIPhiMGeu3w2VdmXhsdv0UlRjYmtx5Q98lgRNSGItaLB6DP9rHhKOK5SPHNb4zGfwx327VqtmcjvlzGIxGXy3gtYrWMn45I5QHyRMSH2xxPPFgGo4jHI8WPJjrph8O576vzypmv1L+4cGGxL7d3Xnngrw/30z4/N41EER/EPqkMAAAAAAD3UBFPRYqnv38sVeODx2cnp65n9bONc/Pdx/q9Z//1XKpcXEvdOJrjdI7tHFdzXMtxPcdOjrUil89xOsd2jqs5ruW4nmMnx9pALp/jdI7tHFdzXMtxPcdOjrXBXD7H6RzbOa7muJbjeo6dwb3sLwAAAAAAAIDtFVHEZyLFW9/tpOvD3QHeN6Ibr3m/76H3fwEAAP//F35MkQ==") truncate(&(0x7f0000000080)='./file2\x00', 0x7f) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x4886) 7.806305724s ago: executing program 0 (id=1295): r0 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x404002, 0x58) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x8000) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4080) sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x40, r6, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000800}, 0x4800) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7}) 6.107569731s ago: executing program 3 (id=1296): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000180)=@gcm_256={{0x304}, "37472a4452e219e0", "9425f400ed4769823930617831c320e288cbed7e493b42cd2f9b1f53f3e0681c", "8e0a10b2", "c7fe327b7c843779"}, 0x38) sendto$inet6(r4, &(0x7f0000000240)="c62ee5d6a89f", 0x6, 0x8040, 0x0, 0x0) 5.892459035s ago: executing program 2 (id=1297): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000180)=ANY=[], 0x27) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair(0x8, 0x80000, 0x7, 0x0) socket$igmp6(0xa, 0x3, 0x2) syz_io_uring_setup(0x235, 0x0, 0x0, &(0x7f0000000280)) bind$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) setgroups(0x0, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x10) syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x800) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x4, 0x0) 5.719974257s ago: executing program 1 (id=1298): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000400), 0x2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x1, 0x8, 0xb}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r5, 0xffffffffffffffff, 0x7}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r4}, 0x20) sendto$inet6(r4, &(0x7f0000000040), 0x0, 0x24004090, 0x0, 0x0) r6 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) fcntl$addseals(r6, 0x409, 0x7) ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000}) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 3.942060686s ago: executing program 3 (id=1299): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) pipe2(0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000980)) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, 0x0) 3.936872867s ago: executing program 1 (id=1300): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x4ee6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x80, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x94) syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000480)=@assoc_value, &(0x7f0000000040)=0x8) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}, {{&(0x7f0000000400)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10, 0x0}}], 0x3, 0x0) 3.933488397s ago: executing program 4 (id=1301): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) getrlimit(0xe, &(0x7f00000000c0)) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r4) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}}) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r7, 0x4b3a, 0x1) ioctl$TCXONC(r7, 0x4b3a, 0x2) bind$inet6(r3, 0x0, 0x0) unshare(0x26020480) r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r8) syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x4000, 0xffffffff}, &(0x7f00000003c0), &(0x7f0000000140)) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 3.885692658s ago: executing program 2 (id=1302): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x4ee6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x80, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x94) r3 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) write$binfmt_script(r4, 0x0, 0x0) r5 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r5, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}, {{&(0x7f0000000400)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10, 0x0}}], 0x3, 0x0) 3.321329947s ago: executing program 2 (id=1303): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, 0x0, 0xc2010) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) inotify_init() r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$video4linux(0x0, 0x7, 0x2000) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sndseq(0xffffffffffffff9c, 0x0, 0x800) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) mount(0x0, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, &(0x7f0000000400)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r2 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r2, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}, 0x24) sendmsg$inet(r2, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) recvfrom$rxrpc(r2, 0x0, 0x0, 0xe8ce25b3ffff0000, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000280), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x40effe, 0x2, 0x2}) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000180)={0xffffffffffffffff, 0x1, 0x5, 0x0, 0x7}, 0xc) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x801) 3.263137197s ago: executing program 4 (id=1304): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x81}, 0x18) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24008804) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20050800) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x14, 0x4, 0x65bf, 0x9, 0x0, 0x1, 0xcafe}, 0x50) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 3.048552681s ago: executing program 1 (id=1305): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_setup(0x6, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x58, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x58}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000000201f7ffffff3f050000000000000008"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200fffe4c0004802800018007000100637400001c000280080001400000000208000240000000ff000003000000000020000180070001006374000014000280080002400000000d080004400000000c0900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002000)={0x2020}, 0x2020) r5 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r5, 0x800c5012, &(0x7f0000000040)) 3.026380742s ago: executing program 3 (id=1306): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r0, 0xee01, 0x0) keyctl$get_security(0x11, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=@allocspi={0x148, 0x16, 0x20, 0x70bd2a, 0x25dfdbfb, {{{@in=@multicast2, @in6=@empty, 0x4e22, 0x8, 0x4e24, 0x10, 0xa, 0x20, 0x20, 0x6, 0x0, 0xee01}, {@in=@multicast2, 0x4d4, 0x32}, @in=@remote, {0xaf7, 0x1, 0xfffffffffffffffc, 0xc, 0x800, 0x1fc00000, 0x5, 0x2b}, {0x3a00000, 0x3, 0x9, 0xffff}, {0x88000000, 0xe55, 0x3}, 0x70bd2b, 0x0, 0x2, 0x4, 0x7f, 0xe6}, 0xcffa, 0xf8}, [@algo_auth={0x4d, 0x1, {{'crct10dif\x00'}, 0x28, "5e8b6a88fb"}}]}, 0x148}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=@report={0xb4, 0x20, 0x300, 0x70bd27, 0x25dfdbfc, {0x2b, {@in=@private=0xa010100, @in=@private=0xa010102, 0x4e23, 0x8000, 0x4e22, 0x7f, 0x2, 0xa0, 0x80, 0x3c}}, [@etimer_thresh={0x8, 0xc, 0x5}, @algo_aead={0x4d, 0x12, {{'seqiv(aegis128l)\x00'}, 0x8, 0xa0, '3'}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x6}, @etimer_thresh={0x8, 0xc, 0x5}]}, 0xb4}, 0x1, 0x0, 0x0, 0x40000}, 0x810) timer_settime(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000d, 0x13, r4, 0xc5e66000) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r5, 0xc0405665, &(0x7f00000001c0)={0x0, 0x2}) ioctl$VIDIOC_DQEVENT(r3, 0x80885659, 0x0) 2.454133061s ago: executing program 4 (id=1307): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000200)={[{@journal_dev}, {@nouid32}]}, 0xfe, 0x269, &(0x7f0000000780)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x50) socket$inet6(0x10, 0x3, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040), 0x0, 0x0, 0x0) llistxattr(&(0x7f0000000280)='./file1\x00', 0x0, 0x7) 1.393540328s ago: executing program 0 (id=1308): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000773) write$uinput_user_dev(r0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8b, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x488c0}, 0x4000080) ioctl$UI_DEV_CREATE(r0, 0x5501) lseek(0xffffffffffffffff, 0x3, 0x1) socket$can_j1939(0x1d, 0x2, 0x7) syz_mount_image$udf(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x14, &(0x7f0000002440)=ANY=[], 0xff, 0xc19, &(0x7f0000002140)="$eJzs3VFsXeddAPD/d2zHToq2S9ek3Yim2yJ1IWPBdtamlSfRUGMxlrWmjjegPPQmvimXOPaV7XRpBVt46gNImCEhJIaEhIYqHiYjtAd4GhISrxbaG0IKYypFCOk+rNoLWtA597vxteM0IY5jJ/n9pOR/7jn/75zvfN/pOeee754mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIX/rl06Njaa9rAQDcT6/MvDY67voPAI+Us77/AwAAAAAAAAAAAADAfpeiiA8ixdeOdtIb1eeukTOthctXZienti92MFUlB6r88s/I2PjJzz/3/KkXevGjy99rn4xXZ86err+8eKm91Fxebs7VZxda5xfnmne8hp2W3+p41QD1Sxcvz124sFwfP3Fy0+IrtfeHHztSmzg19vrhXu7s5NTUTF/O4NBdb/0mt3rD40AUcSFSXHzvg9SIiCJ23ha3OXZ228FqJ45XOzE7OVXtyHyrsbBSLpzuNUQRUesr9FKvje5DX+xIPeJqWf2ywsfL3ZtpN5Ya5+ab9enG0kprpbW4MJ26tU1VehEvpIh2RHSGb17dUBTx9Ujx7rc66VxEDPTa4bPVi8G3r0+xC/t4BwYjojYUsV48AH22jw1HEd+JFN/8xmicz+1aNduzEV8u45GIy2W8FrFaxk9HpPIAeSLiw22OJx4sg1HEH0SKH0100lyv76vzypmv1L+4cGGxL7d3Xrnr60M+V+z59eF+2ufnppEoolGd8Tvp7m92AAAAAADYf4r440jx9PePpXb0jym2Ft6sn22cm+8+Fe49+6/nUtevX79eS904muN0ju0cV3Ncy3G9jLGxglqRy+c4nWM7x9Uc13Jcz7GTY20gl89xOsd2jqs5ruW4nmMnx9pgLp/j9GBVs6vt/Hk1x7Uc13PsDO5FPwEAAAAAAADArR2MIr4aKZ79hbeq94qjei/94xOnXjvxq/3vjD91m/WUuSciYq24s3dyD+TXAafTdEp79A4x3ff/fi+///f7t0sFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeakUU8UykeOu7nRQpIuoRb0Q3Xhve69oBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3wkgq4sNI8adfGqk+rxcRvxkRP+kuHozr99re7i8AAAAAAAAAPJRSEW9Himde66RaRFypvT/82JHaxKmx1w8PxECkMqU//9WZs6frLy9eai81l5ebc/XZhdb5xbnmnW5u5Exr4fKV2cmpXdmZ2zq4y/U/OPLyYvvtpdabv72y7fJDI6fPLa8sNc5vvzgORhFR759zvKrw7ORUVen5VmOhKjqd7rTGAAAAAAAAADwKhlIRP4kU7/71ezfGnQe7Y/6DW3O//YWIIk9P5vHnG8PQ1e8GPlb9bqA7/fGJU782/qn+6W2HrI9XA+r12cmpqZm+2YNDN6eO5O2O7myX6VP2/0qk+MO/qKen87zN/T9wI/fbv7vR31e3rugWff7/6P9NPd7r/5/um1duM6Ui/jZS/MyvPxVPV/U8FDf9ZiLnfSlS/Mba0ZwXB8q8Z/Lyx6u/Ry605pujZe6VSPGPlzfnPptzP7GRO3an7fqgKPv/mUjx37+1dqNtcv/nHtjotf7+/9TWo2Pn/b/tf/+P982r5e3+7L3ZdSJi+e13Ljbm55tLj+LEwP6oxt5P/NmebL13PtgnjbAPJ+Lq3m19j09M3Bfl9f+rkeIf/uRfb9zv5Ov/T0V1W7Vx//fjr29c/ye2rmiXrv+f6Js3ke9GhgYjRlYutYeejBhZfvudz7UuNd5svtlcOHnqxefHR18cGz05dKB3c7cxtXXLN32/eRSV/f87keI7P/ib+Eyet/n+b/v7/0NbV7RL/f9E37xDm+5Xdrzr5P7/30jxz5Pfi2N53kfd//e+/x/LN+E37s93qf8P982rvuN9LOLn+uYdOxzx0H0pAwAAgHsspSK+l8dTR28znvpPkeKd//r5nJeOlHkv5eW16u+RVxYXPnd6fn7xfGOlcW6+WZ9pN843y7I/jBSdvzoao1FEiqIaX+2NN3fHeDfGYv8lUrz4K0fzdrpjsb1nU09s5I6VuScixR+9sjm39xzj8EbueJn7b5Fi7PXtc49s5J4sc/8zUvz4z+u93ENl7hdy7pMbuSfOL87P7UK3AAAAAADAjgylIp6PFH9/cjD1nm/fye8/b3rovUu//3uyb97cfXpfZfuW8j/cBeDhUV7/j5XXtl/8yxtj+Zuv/xvvyfRf/7fq/3cDbjV9N9f/2r3ZTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHTooiFiPF14520rXh8nPXyJnWwuUrs5NT2xc7mKqSA1V++WdkbPzk5597/tQLvfjR5e+1T8arM2dP119evNReai4vN+fqswut84tzzTtew07Lb3W8aoD6pYuX5y5ciBg/cXLT4iu194cfO1KbODX2+uFe7uzk1NRMX87g0F1v/Sa9fi22zD8QRfxPpLj43gfp34fz8h22xW2Ond12MIr4u4god2J2cqrakflWY2GlXDjd1xC1vkIv9droPvTFjtQjrpbVLyt8vNy9mXZjqXFuvlmfbiyttFZaiwvTqVvbVKUX8UKKaEdEZ/jm1Q1FEUOR4t1vddIPhiMGeu3w2VdmXhsdv0UlRjYmtx5Q98lgRNSGItaLB6DP9rHhKOK5SPHNb4zGfwx327VqtmcjvlzGIxGXy3gtYrWMn45I5QHyRMSH2xxPPFgGo4jHI8WPJjrph8O576vzypmv1L+4cGGxL7d3Xnngrw/30z4/N41EER/EPqkMAAAAAAD3UBFPRYqnv38sVeODx2cnp65n9bONc/Pdx/q9Z//1XKpcXEvdOJrjdI7tHFdzXMtxPcdOjrUil89xOsd2jqs5ruW4nmMnx9pALp/jdI7tHFdzXMtxPcdOjrXBXD7H6RzbOa7muJbjeo6dwb3sLwAAAAAAAIDtFVHEZyLFW9/tpOvD3QHeN6Ibr3m/76H3fwEAAP//F35MkQ==") truncate(&(0x7f0000000080)='./file2\x00', 0x7f) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x4886) 987.699335ms ago: executing program 3 (id=1309): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000400), 0x2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x1, 0x8, 0xb}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r5, 0xffffffffffffffff, 0x7}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r4}, 0x20) sendto$inet6(r4, &(0x7f0000000040), 0x0, 0x24004090, 0x0, 0x0) ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x8000}) close_range(r0, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 981.762405ms ago: executing program 1 (id=1310): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x4ee6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x80, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x94) syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000480)=@assoc_value, &(0x7f0000000040)=0x8) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}, {{&(0x7f0000000400)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10, 0x0}}], 0x3, 0x0) 502.249092ms ago: executing program 4 (id=1311): socket$alg(0x26, 0x5, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="380000002000010000000000000200f402000000000000000000130000000008000600008000000000000000cee513faf2ec5d80d12e34d8d661b3b213e3bba1e49be59dd48bd7c5d8cb7db0a2933715054fe0d5d331e7957c7f0e8e9842d2e95c96568d3b0507fe1cb656faf405486a229b99aa5c57946e942fe60ee9c2d8bdf842f7e17877ef1c3ec6debdf414a14210aaf0e8909967eee8be93216fbc53b9840be42e36a96e6c5257cf56b4ba963138b47e15ec"], 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x40c0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) chmod(&(0x7f0000000180)='./file0\x00', 0xc) shutdown(r1, 0x2) 416.991584ms ago: executing program 0 (id=1312): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000180)=ANY=[], 0x27) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair(0x8, 0x80000, 0x7, 0x0) socket$igmp6(0xa, 0x3, 0x2) syz_io_uring_setup(0x235, 0x0, 0x0, &(0x7f0000000280)) bind$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) setgroups(0x0, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x10) syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x800) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x4, 0x0) 0s ago: executing program 3 (id=1313): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r0, 0xee01, 0x0) keyctl$get_security(0x11, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=@allocspi={0x148, 0x16, 0x20, 0x70bd2a, 0x25dfdbfb, {{{@in=@multicast2, @in6=@empty, 0x4e22, 0x8, 0x4e24, 0x10, 0xa, 0x20, 0x20, 0x6, 0x0, 0xee01}, {@in=@multicast2, 0x4d4, 0x32}, @in=@remote, {0xaf7, 0x1, 0xfffffffffffffffc, 0xc, 0x800, 0x1fc00000, 0x5, 0x2b}, {0x3a00000, 0x3, 0x9, 0xffff}, {0x88000000, 0xe55, 0x3}, 0x70bd2b, 0x0, 0x2, 0x4, 0x7f, 0xe6}, 0xcffa, 0xf8}, [@algo_auth={0x4d, 0x1, {{'crct10dif\x00'}, 0x28, "5e8b6a88fb"}}]}, 0x148}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=@report={0xb4, 0x20, 0x300, 0x70bd27, 0x25dfdbfc, {0x2b, {@in=@private=0xa010100, @in=@private=0xa010102, 0x4e23, 0x8000, 0x4e22, 0x7f, 0x2, 0xa0, 0x80, 0x3c}}, [@etimer_thresh={0x8, 0xc, 0x5}, @algo_aead={0x4d, 0x12, {{'seqiv(aegis128l)\x00'}, 0x8, 0xa0, '3'}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x6}, @etimer_thresh={0x8, 0xc, 0x5}]}, 0xb4}, 0x1, 0x0, 0x0, 0x40000}, 0x810) timer_settime(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000d, 0x13, r4, 0xc5e66000) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000040)={0x2, 0x1, @raw_data=[0x8, 0xe, 0x9, 0x809, 0x5, 0xb, 0xf199, 0x6, 0x40, 0x7, 0x5, 0x4, 0xfffffff7, 0x4, 0xff, 0x7]}) ioctl$VIDIOC_DQEVENT(r3, 0x80885659, 0x0) kernel console output (not intermixed with test programs): ][ T4351] and is ignored by this kernel. Remove the mand [ 78.548515][ T4351] option from the mount to silence this warning. [ 78.548515][ T4351] ======================================================= [ 78.705498][ T4351] EXT4-fs (loop2): orphan cleanup on readonly fs [ 78.715535][ T4351] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.16: bg 0: block 248: padding at end of block bitmap is not set [ 78.732155][ T4351] Quota error (device loop2): write_blk: dquota write failed [ 78.740496][ T4351] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 78.750532][ T4351] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.16: Failed to acquire dquot type 1 [ 78.766704][ T4351] EXT4-fs (loop2): 1 truncate cleaned up [ 78.774853][ T4351] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 80.033006][ T4363] Cannot find set identified by id 0 to match [ 80.907329][ C1] sched: RT throttling activated [ 81.268687][ T4362] loop4: detected capacity change from 0 to 262144 [ 81.360392][ T4362] F2FS-fs (loop4): invalid crc value [ 81.459153][ T4374] loop2: detected capacity change from 0 to 16 [ 81.472121][ T4362] F2FS-fs (loop4): Found nat_bits in checkpoint [ 81.543037][ T4362] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 81.575941][ T4374] erofs: (device loop2): mounted with root inode @ nid 36. [ 81.888091][ T4382] Zero length message leads to an empty skb [ 82.690264][ T26] audit: type=1800 audit(1753800220.422:2): pid=4374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.21" name="file1" dev="loop2" ino=86 res=0 errno=0 [ 82.788666][ T4376] block nbd1: NBD_DISCONNECT [ 84.495349][ T4376] block nbd1: Disconnected due to user request. [ 84.554063][ T4376] block nbd1: shutting down sockets [ 85.292613][ T4396] loop1: detected capacity change from 0 to 512 [ 85.678963][ T4396] EXT4-fs (loop1): orphan cleanup on readonly fs [ 85.711624][ T4396] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.28: bg 0: block 248: padding at end of block bitmap is not set [ 85.729483][ T4396] Quota error (device loop1): write_blk: dquota write failed [ 85.737954][ T4396] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 85.748079][ T4396] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.28: Failed to acquire dquot type 1 [ 85.761396][ T4396] EXT4-fs (loop1): 1 truncate cleaned up [ 85.788244][ T4396] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 86.877134][ T1108] cfg80211: failed to load regulatory.db [ 87.472620][ T4419] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.671647][ T4430] loop1: detected capacity change from 0 to 512 [ 88.782694][ T4430] EXT4-fs (loop1): Test dummy encryption mode enabled [ 89.347728][ T4437] netlink: 'syz.0.38': attribute type 12 has an invalid length. [ 90.451672][ T4443] netlink: 44 bytes leftover after parsing attributes in process `syz.0.40'. [ 90.659504][ T4430] EXT4-fs (loop1): Can't change test_dummy_encryption on remount [ 90.768698][ T4452] loop2: detected capacity change from 0 to 512 [ 91.230457][ T4458] loop0: detected capacity change from 0 to 16 [ 91.341990][ T4452] EXT4-fs (loop2): orphan cleanup on readonly fs [ 91.371661][ T4452] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.42: bg 0: block 248: padding at end of block bitmap is not set [ 91.422122][ T4452] Quota error (device loop2): write_blk: dquota write failed [ 91.430613][ T4452] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 91.441032][ T4452] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.42: Failed to acquire dquot type 1 [ 91.480913][ T4452] EXT4-fs (loop2): 1 truncate cleaned up [ 91.494274][ T4452] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 91.653984][ T4458] erofs: (device loop0): mounted with root inode @ nid 36. [ 91.791080][ T26] audit: type=1800 audit(1753800229.522:3): pid=4458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.41" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 91.810423][ C1] vkms_vblank_simulate: vblank timer overrun [ 92.524789][ T4473] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 93.189613][ T4477] loop4: detected capacity change from 0 to 64 [ 94.818685][ T4190] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 95.407687][ T4190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.490369][ T4190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.641204][ T4190] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 95.651049][ T4190] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.664106][ T4190] usb 1-1: config 0 descriptor?? [ 96.683657][ T4190] usbhid 1-1:0.0: can't add hid device: -22 [ 96.769261][ T4190] usbhid: probe of 1-1:0.0 failed with error -22 [ 96.919728][ T4190] usb 1-1: USB disconnect, device number 2 [ 97.104041][ T4505] bridge0: port 3(syz_tun) entered blocking state [ 97.111117][ T4505] bridge0: port 3(syz_tun) entered disabled state [ 97.131160][ T4505] device syz_tun entered promiscuous mode [ 97.141130][ T4505] bridge0: port 3(syz_tun) entered blocking state [ 97.148145][ T4505] bridge0: port 3(syz_tun) entered forwarding state [ 97.821497][ T4511] loop0: detected capacity change from 0 to 512 [ 98.091969][ T4511] EXT4-fs (loop0): orphan cleanup on readonly fs [ 98.133798][ T4511] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.55: bg 0: block 248: padding at end of block bitmap is not set [ 98.172895][ T4511] Quota error (device loop0): write_blk: dquota write failed [ 98.180920][ T4511] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 98.191706][ T4511] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.55: Failed to acquire dquot type 1 [ 98.226232][ T4511] EXT4-fs (loop0): 1 truncate cleaned up [ 98.242100][ T4511] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 103.969620][ T4545] loop3: detected capacity change from 0 to 262144 [ 104.080578][ T4550] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 104.135167][ T4545] F2FS-fs (loop3): invalid crc value [ 104.167128][ T4545] F2FS-fs (loop3): Found nat_bits in checkpoint [ 104.205995][ T4545] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 111.112120][ T4604] loop3: detected capacity change from 0 to 262144 [ 111.225379][ T4604] F2FS-fs (loop3): invalid crc value [ 111.359700][ T4604] F2FS-fs (loop3): Found nat_bits in checkpoint [ 111.417919][ T4604] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 112.312171][ T4619] overlayfs: unrecognized mount option "measure" or missing value [ 117.225408][ T4663] "syz.2.93" (4663) uses obsolete ecb(arc4) skcipher [ 118.826253][ T4676] loop4: detected capacity change from 0 to 40427 [ 119.029599][ T4676] F2FS-fs (loop4): Found nat_bits in checkpoint [ 119.084909][ T4676] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 119.108604][ T4676] attempt to access beyond end of device [ 119.108604][ T4676] loop4: rw=2049, want=45104, limit=40427 [ 119.313660][ T4182] attempt to access beyond end of device [ 119.313660][ T4182] loop4: rw=2049, want=45112, limit=40427 [ 120.769390][ T4199] Bluetooth: hci4: link tx timeout [ 120.775206][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.785478][ T4199] Bluetooth: hci4: link tx timeout [ 120.790752][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.798595][ T4199] Bluetooth: hci4: link tx timeout [ 120.803803][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.811659][ T4199] Bluetooth: hci4: link tx timeout [ 120.816961][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.825364][ T4199] Bluetooth: hci4: link tx timeout [ 120.830712][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.838549][ T4199] Bluetooth: hci4: link tx timeout [ 120.843776][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.851904][ T4199] Bluetooth: hci4: link tx timeout [ 120.857147][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.864957][ T4199] Bluetooth: hci4: link tx timeout [ 120.870169][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.877942][ T4199] Bluetooth: hci4: link tx timeout [ 120.883148][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.890939][ T4199] Bluetooth: hci4: link tx timeout [ 120.896174][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.905262][ T4199] Bluetooth: hci4: link tx timeout [ 120.910503][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.918252][ T4199] Bluetooth: hci4: link tx timeout [ 120.923481][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.931193][ T4199] Bluetooth: hci4: link tx timeout [ 120.936389][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.944209][ T4199] Bluetooth: hci4: link tx timeout [ 120.949455][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.957183][ T4199] Bluetooth: hci4: link tx timeout [ 120.962425][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.970189][ T4199] Bluetooth: hci4: link tx timeout [ 120.975384][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.983203][ T4199] Bluetooth: hci4: link tx timeout [ 120.988438][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.996199][ T4199] Bluetooth: hci4: link tx timeout [ 121.001555][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 121.011924][ T4199] Bluetooth: hci4: link tx timeout [ 121.017148][ T4199] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 121.427802][ T4701] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem [ 121.813895][ T4687] loop1: detected capacity change from 0 to 32768 [ 122.807985][ T1108] Bluetooth: hci4: command 0x0406 tx timeout [ 123.627391][ T4722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.108'. [ 123.688156][ T4717] sctp: [Deprecated]: syz.3.106 (pid 4717) Use of int in max_burst socket option deprecated. [ 123.688156][ T4717] Use struct sctp_assoc_value instead [ 125.248823][ T4739] loop0: detected capacity change from 0 to 512 [ 125.280706][ T4739] EXT4-fs (loop0): Test dummy encryption mode enabled [ 125.304257][ T4739] EXT4-fs (loop0): Can't change test_dummy_encryption on remount [ 125.340199][ T4739] 9pnet: Insufficient options for proto=fd [ 127.952821][ T1110] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 128.237457][ T1110] usb 4-1: Using ep0 maxpacket: 16 [ 128.443434][ T4763] loop4: detected capacity change from 0 to 512 [ 128.619375][ T4763] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.644121][ T4763] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.745725][ T4763] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 128.772670][ T4763] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 128.815882][ T4763] EXT4-fs (loop4): This should not happen!! Data will be lost [ 128.815882][ T4763] [ 128.857706][ T4763] EXT4-fs (loop4): Total free blocks count 0 [ 128.863922][ T4763] EXT4-fs (loop4): Free/Dirty block details [ 128.899767][ T4763] EXT4-fs (loop4): free_blocks=65280 [ 128.903413][ T1110] usb 4-1: unable to get BOS descriptor or descriptor too short [ 128.919517][ T4763] EXT4-fs (loop4): dirty_blocks=33 [ 128.943744][ T4780] loop3: detected capacity change from 0 to 256 [ 128.953862][ T4763] EXT4-fs (loop4): Block reservation details [ 128.961769][ T4763] EXT4-fs (loop4): i_reserved_data_blocks=33 [ 128.978901][ T1110] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 128.995383][ T1110] usb 4-1: can't read configurations, error -71 [ 129.015177][ T4781] loop0: detected capacity change from 0 to 512 [ 129.027141][ T4780] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 129.116908][ T4781] EXT4-fs (loop0): Test dummy encryption mode enabled [ 129.154499][ T26] audit: type=1800 audit(1753800266.882:4): pid=4780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.123" name="file1" dev="loop3" ino=1048590 res=0 errno=0 [ 129.158227][ T4781] EXT4-fs (loop0): Can't change test_dummy_encryption on remount [ 129.338175][ T4781] 9pnet: Insufficient options for proto=fd [ 129.529581][ T4789] loop0: detected capacity change from 0 to 64 [ 132.523038][ T4816] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready [ 132.608720][ T4815] netlink: 4 bytes leftover after parsing attributes in process `syz.4.131'. [ 132.619408][ T4815] netlink: 16 bytes leftover after parsing attributes in process `syz.4.131'. [ 132.817782][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.824105][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.171715][ T4830] netlink: 28 bytes leftover after parsing attributes in process `syz.4.134'. [ 134.339442][ T4843] loop4: detected capacity change from 0 to 512 [ 134.572401][ T4843] EXT4-fs (loop4): orphan cleanup on readonly fs [ 134.690864][ T4843] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.135: bg 0: block 248: padding at end of block bitmap is not set [ 134.730553][ T4843] Quota error (device loop4): write_blk: dquota write failed [ 134.738074][ T4843] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 134.748603][ T4843] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.135: Failed to acquire dquot type 1 [ 134.767192][ T4843] EXT4-fs (loop4): 1 truncate cleaned up [ 135.024250][ T4843] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 135.313949][ T4855] loop4: detected capacity change from 0 to 512 [ 135.387658][ T4855] EXT4-fs (loop4): Test dummy encryption mode enabled [ 135.394816][ T4855] EXT4-fs (loop4): Can't change test_dummy_encryption on remount [ 135.504505][ T4855] 9pnet: Insufficient options for proto=fd [ 135.710104][ T4865] loop4: detected capacity change from 0 to 128 [ 135.807183][ T4865] EXT4-fs (loop4): Test dummy encryption mode enabled [ 135.861563][ T4865] EXT4-fs (loop4): Test dummy encryption mode enabled [ 135.922936][ T4868] loop2: detected capacity change from 0 to 256 [ 135.929747][ T4865] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 135.942083][ T4865] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 137.298004][ T4865] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,nomblk_io_submit,nomblk_io_submit,,errors=continue. Quota mode: none. [ 137.494045][ T4865] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 137.536255][ T4868] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 137.594097][ T26] audit: type=1800 audit(1753800275.322:5): pid=4868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.142" name="file1" dev="loop2" ino=1048591 res=0 errno=0 [ 137.621731][ T4880] vivid-000: disconnect [ 137.752409][ T4882] vivid-000: reconnect [ 139.876906][ T4898] loop3: detected capacity change from 0 to 512 [ 140.378716][ T4898] EXT4-fs (loop3): orphan cleanup on readonly fs [ 140.408149][ T4898] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.147: bg 0: block 248: padding at end of block bitmap is not set [ 140.431802][ T4898] Quota error (device loop3): write_blk: dquota write failed [ 140.439826][ T4898] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 140.450181][ T4898] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.147: Failed to acquire dquot type 1 [ 140.646161][ T4898] EXT4-fs (loop3): 1 truncate cleaned up [ 140.705724][ T4898] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 140.725267][ C0] vkms_vblank_simulate: vblank timer overrun [ 140.740326][ T4904] loop1: detected capacity change from 0 to 512 [ 140.904703][ T4904] EXT4-fs (loop1): Test dummy encryption mode enabled [ 140.912684][ T4904] EXT4-fs (loop1): Can't change test_dummy_encryption on remount [ 141.279364][ T4904] 9pnet: Insufficient options for proto=fd [ 142.077939][ T4911] loop0: detected capacity change from 0 to 1024 [ 142.360532][ T4911] hfsplus: invalid btree extent records (0 size) [ 142.378692][ T4911] hfsplus: failed to load attributes file [ 145.166003][ T4933] loop1: detected capacity change from 0 to 40427 [ 145.231529][ T4935] loop0: detected capacity change from 0 to 256 [ 145.423577][ T4935] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 145.489023][ T4933] F2FS-fs (loop1): Found nat_bits in checkpoint [ 145.564514][ T4940] usb usb1: usbfs: process 4940 (syz.2.160) did not claim interface 0 before use [ 145.577434][ T4933] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 145.578934][ T26] audit: type=1800 audit(1753800283.312:6): pid=4935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.159" name="file1" dev="loop0" ino=1048592 res=0 errno=0 [ 145.616498][ T4933] attempt to access beyond end of device [ 145.616498][ T4933] loop1: rw=2049, want=45104, limit=40427 [ 145.750560][ T4183] attempt to access beyond end of device [ 145.750560][ T4183] loop1: rw=2049, want=45112, limit=40427 [ 147.292899][ T4950] loop2: detected capacity change from 0 to 512 [ 147.370301][ T4950] EXT4-fs (loop2): Test dummy encryption mode enabled [ 147.411600][ T4950] EXT4-fs (loop2): Can't change test_dummy_encryption on remount [ 147.494138][ T4950] 9pnet: Insufficient options for proto=fd [ 150.311921][ T4969] loop1: detected capacity change from 0 to 512 [ 150.447376][ T4969] EXT4-fs (loop1): orphan cleanup on readonly fs [ 150.459196][ T4969] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.162: bg 0: block 248: padding at end of block bitmap is not set [ 150.475836][ T4969] Quota error (device loop1): write_blk: dquota write failed [ 150.483448][ T4969] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 150.493614][ T4969] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.162: Failed to acquire dquot type 1 [ 151.706547][ T4969] EXT4-fs (loop1): 1 truncate cleaned up [ 151.720427][ T4969] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 152.111631][ T4981] loop3: detected capacity change from 0 to 40427 [ 152.134802][ T4973] syz.2.169 sent an empty control message without MSG_MORE. [ 152.296757][ T4981] F2FS-fs (loop3): Found nat_bits in checkpoint [ 152.354076][ T4981] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 152.374614][ T4981] attempt to access beyond end of device [ 152.374614][ T4981] loop3: rw=2049, want=45104, limit=40427 [ 153.737798][ T4186] attempt to access beyond end of device [ 153.737798][ T4186] loop3: rw=2049, want=45112, limit=40427 [ 153.794300][ T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 154.104398][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 154.539835][ T5013] netlink: 'syz.0.171': attribute type 12 has an invalid length. [ 154.687632][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.703951][ T23] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2039, setting to 1024 [ 154.727427][ T23] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 154.759763][ T23] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 154.998319][ T23] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 155.064642][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.349323][ T23] usb 2-1: Product: syz [ 155.467810][ T23] usb 2-1: Manufacturer: syz [ 155.572716][ T23] usb 2-1: SerialNumber: syz [ 155.662472][ T23] usb 2-1: can't set config #1, error -71 [ 155.748784][ T23] usb 2-1: USB disconnect, device number 2 [ 156.016260][ T5030] loop3: detected capacity change from 0 to 512 [ 156.198049][ T5030] EXT4-fs (loop3): Test dummy encryption mode enabled [ 156.210439][ T5030] EXT4-fs (loop3): Can't change test_dummy_encryption on remount [ 157.142150][ T5030] 9pnet: Insufficient options for proto=fd [ 157.187460][ T4248] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 158.760015][ T5053] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem [ 158.907737][ T4248] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 159.565380][ T4248] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.760161][ T5055] process 'syz.4.189' launched './file1' with NULL argv: empty string added [ 159.795689][ T5055] loop4: detected capacity change from 0 to 256 [ 161.129626][ T5055] exfat: Unknown parameter '' [ 161.528312][ T4248] usb 3-1: config 0 descriptor?? [ 161.557473][ T4248] usb 3-1: can't set config #0, error -71 [ 161.564407][ T4248] usb 3-1: USB disconnect, device number 2 [ 162.932869][ T5072] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 165.175159][ T5086] loop1: detected capacity change from 0 to 512 [ 165.370543][ T5072] syz.0.196 (5072) used greatest stack depth: 16544 bytes left [ 165.415673][ T5086] EXT4-fs (loop1): Test dummy encryption mode enabled [ 165.477814][ T5086] EXT4-fs (loop1): Can't change test_dummy_encryption on remount [ 165.568767][ T5096] loop3: detected capacity change from 0 to 512 [ 165.636016][ T5086] 9pnet: Insufficient options for proto=fd [ 165.674440][ T5096] EXT4-fs (loop3): orphan cleanup on readonly fs [ 165.683240][ T5096] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.201: bg 0: block 248: padding at end of block bitmap is not set [ 165.705945][ T5096] Quota error (device loop3): write_blk: dquota write failed [ 165.713655][ T5096] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 165.723719][ T5096] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.201: Failed to acquire dquot type 1 [ 165.736114][ T5096] EXT4-fs (loop3): 1 truncate cleaned up [ 165.742587][ T5096] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 166.212790][ T5106] netlink: 'syz.1.205': attribute type 12 has an invalid length. [ 170.438660][ T5138] loop3: detected capacity change from 0 to 256 [ 170.918083][ T5138] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 171.130729][ T26] audit: type=1800 audit(1753800308.722:7): pid=5138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.214" name="file1" dev="loop3" ino=1048593 res=0 errno=0 [ 172.021427][ T5152] overlayfs: overlapping lowerdir path [ 172.058347][ T5153] loop2: detected capacity change from 0 to 512 [ 174.213525][ T5153] EXT4-fs (loop2): orphan cleanup on readonly fs [ 174.221568][ T5153] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.217: bg 0: block 248: padding at end of block bitmap is not set [ 174.254534][ T5153] Quota error (device loop2): write_blk: dquota write failed [ 174.262319][ T5153] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 174.272920][ T5153] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.217: Failed to acquire dquot type 1 [ 174.292947][ T5153] EXT4-fs (loop2): 1 truncate cleaned up [ 174.299748][ T5153] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 176.207314][ T5178] netlink: 16 bytes leftover after parsing attributes in process `syz.0.223'. [ 176.882288][ T5187] loop2: detected capacity change from 0 to 16 [ 178.637230][ T5193] loop4: detected capacity change from 0 to 512 [ 178.662655][ T5195] loop3: detected capacity change from 0 to 256 [ 178.799260][ T5187] erofs: (device loop2): mounted with root inode @ nid 36. [ 179.152683][ T26] audit: type=1800 audit(1753800316.882:8): pid=5183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.226" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 179.205252][ T5193] EXT4-fs (loop4): Unrecognized mount option "func=FILE_MMAP" or missing value [ 179.368943][ T5195] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 179.777489][ T5202] netlink: 'syz.1.230': attribute type 12 has an invalid length. [ 180.452513][ T26] audit: type=1800 audit(1753800318.182:9): pid=5195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.229" name="file1" dev="loop3" ino=1048594 res=0 errno=0 [ 180.597836][ T5211] loop2: detected capacity change from 0 to 512 [ 180.713485][ T5211] EXT4-fs (loop2): orphan cleanup on readonly fs [ 180.736384][ T5211] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.232: bg 0: block 248: padding at end of block bitmap is not set [ 180.755567][ T5211] Quota error (device loop2): write_blk: dquota write failed [ 180.763418][ T5211] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 180.773466][ T5211] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.232: Failed to acquire dquot type 1 [ 180.786986][ T5211] EXT4-fs (loop2): 1 truncate cleaned up [ 180.797091][ T5211] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 182.501234][ T5228] loop1: detected capacity change from 0 to 512 [ 183.411612][ T5228] EXT4-fs (loop1): Unrecognized mount option "func=FILE_MMAP" or missing value [ 184.303445][ T2302] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 184.324102][ T5240] loop4: detected capacity change from 0 to 1024 [ 184.444621][ T5240] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 184.613564][ T5240] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,nojournal_checksum,barrier=0x0000000000010002,dioread_lock,data_err=ignore,mb_optimize_scan=0x0000000000000000,dioread_nolock,nobarrier,abort,user_xattr,norecovery,errors=remount-ro,. Quota mode: none. [ 184.781333][ T2302] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 184.797096][ T2302] usb 4-1: config 0 has no interface number 0 [ 184.816349][ T2302] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 184.840780][ T2302] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 184.861486][ T2302] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 184.895336][ T5252] loop1: detected capacity change from 0 to 16 [ 184.913459][ T2302] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.941016][ T2302] usb 4-1: config 0 descriptor?? [ 185.190918][ T5236] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 185.761734][ T5252] erofs: (device loop1): mounted with root inode @ nid 36. [ 185.778409][ T26] audit: type=1800 audit(1753800323.512:10): pid=5251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.242" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 185.965554][ T2302] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 186.771341][ T2302] usb 4-1: USB disconnect, device number 4 [ 186.938532][ T5260] loop2: detected capacity change from 0 to 512 [ 187.013377][ T5260] EXT4-fs (loop2): orphan cleanup on readonly fs [ 187.028572][ T5260] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.245: bg 0: block 248: padding at end of block bitmap is not set [ 187.046327][ T5260] Quota error (device loop2): write_blk: dquota write failed [ 187.053917][ T5260] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 187.063941][ T5260] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.245: Failed to acquire dquot type 1 [ 187.123805][ T5260] EXT4-fs (loop2): 1 truncate cleaned up [ 187.131343][ T5260] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 188.438417][ T2302] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 188.514295][ T5272] loop2: detected capacity change from 0 to 256 [ 188.677511][ T2302] usb 5-1: Using ep0 maxpacket: 8 [ 188.734511][ T5272] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 188.902381][ T2302] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 188.913548][ T2302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.934335][ T26] audit: type=1800 audit(1753800326.662:11): pid=5272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.248" name="file1" dev="loop2" ino=1048595 res=0 errno=0 [ 189.380579][ T2302] pvrusb2: Hardware description: Terratec Grabster AV400 [ 189.387903][ T2302] pvrusb2: ********** [ 189.392048][ T2302] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 189.405411][ T2302] pvrusb2: Important functionality might not be entirely working. [ 189.414804][ T2302] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 190.088432][ T2302] pvrusb2: ********** [ 190.199225][ T2426] pvrusb2: Invalid write control endpoint [ 191.377522][ T4298] Bluetooth: hci1: command 0x0406 tx timeout [ 191.391644][ T4298] Bluetooth: hci3: command 0x0406 tx timeout [ 191.686577][ T4298] Bluetooth: hci2: command 0x0406 tx timeout [ 191.693183][ T4298] Bluetooth: hci0: command 0x0406 tx timeout [ 191.732957][ T4298] usb 5-1: USB disconnect, device number 2 [ 191.812882][ T5296] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 191.850469][ T5296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.861739][ T5296] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.893463][ T5296] device bridge_slave_0 left promiscuous mode [ 191.958498][ T2426] pvrusb2: Invalid write control endpoint [ 191.974538][ T5296] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.037117][ T2426] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 192.117891][ T2426] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 192.132238][ T5296] device bridge_slave_1 left promiscuous mode [ 192.143163][ T2426] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 192.187076][ T2426] pvrusb2: Device being rendered inoperable [ 192.215945][ T5296] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.220903][ T2426] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 192.261601][ T2426] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 192.310970][ T5306] loop3: detected capacity change from 0 to 512 [ 192.335344][ T2426] pvrusb2: Attached sub-driver cx25840 [ 192.337466][ T5296] bond0: (slave bond_slave_0): Releasing backup interface [ 192.354406][ T2426] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 192.369426][ T5306] EXT4-fs (loop3): orphan cleanup on readonly fs [ 192.379421][ T5306] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.258: bg 0: block 248: padding at end of block bitmap is not set [ 192.394124][ T2426] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 192.396164][ T5306] Quota error (device loop3): write_blk: dquota write failed [ 192.411812][ T5306] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 192.421749][ T5306] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.258: Failed to acquire dquot type 1 [ 192.438337][ T5306] EXT4-fs (loop3): 1 truncate cleaned up [ 192.444740][ T5306] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 192.502914][ T5296] bond0: (slave bond_slave_1): Releasing backup interface [ 192.840025][ T5296] team0: Port device team_slave_0 removed [ 192.892437][ T5296] team0: Port device team_slave_1 removed [ 192.913280][ T5296] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.927193][ T5296] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.945492][ T5296] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.954532][ T5296] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 193.021757][ T5299] team0: Mode changed to "loadbalance" [ 193.307777][ T4298] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 193.967383][ T4298] usb 5-1: Using ep0 maxpacket: 32 [ 194.100859][ T4298] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 194.139140][ T4298] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 194.152618][ T5320] loop0: detected capacity change from 0 to 512 [ 194.182275][ T4298] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 194.195851][ T4298] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 194.210601][ T4298] usb 5-1: config 0 interface 0 has no altsetting 0 [ 194.231455][ T5320] EXT4-fs (loop0): Ignoring removed bh option [ 194.254613][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.260993][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.295438][ T5320] EXT4-fs (loop0): orphan cleanup on readonly fs [ 194.355246][ T5320] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.262: bg 0: block 248: padding at end of block bitmap is not set [ 194.404839][ T5320] Quota error (device loop0): write_blk: dquota write failed [ 194.417530][ T4298] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 194.436485][ T4298] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 194.473959][ T5320] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 194.485365][ T4298] usb 5-1: Product: syz [ 194.490625][ T4298] usb 5-1: Manufacturer: syz [ 194.495489][ T5320] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.262: Failed to acquire dquot type 1 [ 194.507455][ T4298] usb 5-1: SerialNumber: syz [ 194.524288][ T4298] usb 5-1: config 0 descriptor?? [ 194.532310][ T5320] EXT4-fs (loop0): 1 truncate cleaned up [ 195.883620][ T5320] EXT4-fs (loop0): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 195.929980][ T4298] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 196.104395][ T4298] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 196.348405][ T4298] usb 5-1: USB disconnect, device number 3 [ 196.553663][ T4298] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 196.883032][ T5341] loop2: detected capacity change from 0 to 512 [ 196.992123][ T5341] EXT4-fs (loop2): orphan cleanup on readonly fs [ 197.012441][ T5341] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.270: bg 0: block 248: padding at end of block bitmap is not set [ 197.044802][ T5344] loop1: detected capacity change from 0 to 256 [ 197.069560][ T5341] Quota error (device loop2): write_blk: dquota write failed [ 197.077114][ T5341] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 197.087233][ T5341] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.270: Failed to acquire dquot type 1 [ 197.100060][ T5341] EXT4-fs (loop2): 1 truncate cleaned up [ 197.122889][ T5341] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 197.179809][ T5349] loop0: detected capacity change from 0 to 128 [ 197.204524][ T5344] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 197.281218][ T5344] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008) [ 197.304128][ T5344] exFAT-fs (loop1): Filesystem has been set read-only [ 197.320151][ T5344] exFAT-fs (loop1): error, failed to bmap (inode : ffff88805f5c1b60 iblock : 8, err : -5) [ 197.326833][ T5349] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 197.349589][ T5344] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008) [ 197.372358][ T5354] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008) [ 197.423255][ T5349] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.463220][ T5354] exFAT-fs (loop1): error, failed to bmap (inode : ffff88805f5c1b60 iblock : 8, err : -5) [ 197.559036][ T5354] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008) [ 197.611687][ T5354] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008) [ 199.308474][ T5368] netlink: 4 bytes leftover after parsing attributes in process `syz.2.276'. [ 199.411959][ T5373] loop0: detected capacity change from 0 to 16 [ 199.536224][ T5373] erofs: (device loop0): mounted with root inode @ nid 36. [ 199.657623][ T26] audit: type=1800 audit(1753800337.322:12): pid=5373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.275" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 200.232669][ T5375] loop3: detected capacity change from 0 to 256 [ 200.259178][ T5375] exfat: Deprecated parameter 'namecase' [ 200.365523][ T5375] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 200.687589][ T5383] loop1: detected capacity change from 0 to 512 [ 200.773410][ T5383] EXT4-fs (loop1): Ignoring removed bh option [ 200.868463][ T5383] EXT4-fs (loop1): orphan cleanup on readonly fs [ 200.891397][ T5383] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.280: bg 0: block 248: padding at end of block bitmap is not set [ 200.927385][ T5383] Quota error (device loop1): write_blk: dquota write failed [ 200.934875][ T5383] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 200.948902][ T5383] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.280: Failed to acquire dquot type 1 [ 200.997731][ T5383] EXT4-fs (loop1): 1 truncate cleaned up [ 201.006414][ T5389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.282'. [ 201.019166][ T5383] EXT4-fs (loop1): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 201.187694][ T4262] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 201.188418][ T5389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.282'. [ 201.487559][ T4262] usb 4-1: Using ep0 maxpacket: 32 [ 201.628358][ T4262] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.659385][ T4262] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.917631][ T4262] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 202.127842][ T5402] netlink: 28 bytes leftover after parsing attributes in process `syz.2.284'. [ 202.846243][ T4262] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 204.102203][ T4262] usb 4-1: Product: syz [ 204.106488][ T4262] usb 4-1: Manufacturer: syz [ 204.334351][ T4262] usb 4-1: can't set config #4, error -71 [ 204.341540][ T4262] usb 4-1: USB disconnect, device number 5 [ 206.806244][ T5436] loop4: detected capacity change from 0 to 4096 [ 207.458183][ T5447] loop3: detected capacity change from 0 to 512 [ 207.520084][ T5447] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 207.586782][ T5447] EXT4-fs (loop3): invalid journal inode [ 207.615879][ T5447] EXT4-fs (loop3): can't get journal size [ 207.699693][ T5426] loop1: detected capacity change from 0 to 32768 [ 207.790739][ T5447] EXT4-fs (loop3): 1 truncate cleaned up [ 207.823164][ T5447] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 208.216777][ T5426] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.293 (5426) [ 208.237230][ T4182] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 208.277156][ T4182] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 208.322784][ T5426] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 208.364087][ T5426] BTRFS info (device loop1): using free space tree [ 208.401588][ T5426] BTRFS info (device loop1): has skinny extents [ 208.931810][ T5426] BTRFS error (device loop1): open_ctree failed: -12 [ 212.403736][ T5499] loop4: detected capacity change from 0 to 40427 [ 212.629325][ T5508] kAFS: unable to lookup cell '\/' [ 212.744653][ T5499] F2FS-fs (loop4): Found nat_bits in checkpoint [ 215.067763][ T5527] loop1: detected capacity change from 0 to 2048 [ 215.196597][ T5530] loop2: detected capacity change from 0 to 128 [ 215.903708][ T5530] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 215.940695][ T5534] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 215.997453][ T5530] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.481533][ T5553] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 221.490633][ T5553] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 221.517833][ T5553] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 221.664509][ T5553] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 221.688392][ T5553] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 222.575462][ T5553] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 222.781140][ T5561] loop1: detected capacity change from 0 to 40427 [ 222.790778][ T5553] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 222.797219][ T5553] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 222.828227][ T5553] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 224.446396][ T5553] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 224.478574][ T5561] F2FS-fs (loop1): Found nat_bits in checkpoint [ 225.081515][ T5553] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 225.127440][ T5553] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 225.135991][ T5571] loop2: detected capacity change from 0 to 512 [ 225.143760][ T5553] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 225.152076][ T5553] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 225.229773][ T5571] EXT4-fs (loop2): Ignoring removed bh option [ 225.387122][ T5571] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 225.455339][ T5581] loop0: detected capacity change from 0 to 128 [ 225.469754][ T5571] EXT4-fs (loop2): 1 truncate cleaned up [ 225.486833][ T5583] loop4: detected capacity change from 0 to 512 [ 225.495054][ T5571] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 225.556361][ T26] audit: type=1800 audit(1753800363.282:13): pid=5571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.323" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 225.638331][ T5581] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 225.687718][ T5581] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 225.750899][ T5583] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 225.821029][ T5583] EXT4-fs (loop4): invalid journal inode [ 225.856483][ T5583] EXT4-fs (loop4): can't get journal size [ 226.549612][ T5583] EXT4-fs (loop4): 1 truncate cleaned up [ 226.586006][ T5583] EXT4-fs (loop4): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 227.534046][ T5602] loop0: detected capacity change from 0 to 2048 [ 227.634342][ T5602] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 227.649985][ T5602] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 228.760784][ T5612] loop3: detected capacity change from 0 to 40427 [ 229.244687][ T5612] F2FS-fs (loop3): Found nat_bits in checkpoint [ 229.533890][ T5612] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 229.667830][ T5612] attempt to access beyond end of device [ 229.667830][ T5612] loop3: rw=2049, want=45104, limit=40427 [ 229.811797][ T4186] attempt to access beyond end of device [ 229.811797][ T4186] loop3: rw=2049, want=45112, limit=40427 [ 232.894079][ T5640] blk_update_request: I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 232.906367][ T5640] hfsplus: unable to find HFS+ superblock [ 234.979171][ T5649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.342'. [ 235.805115][ T5658] delete_channel: no stack [ 237.603806][ T5676] loop4: detected capacity change from 0 to 512 [ 237.796097][ T5677] loop3: detected capacity change from 0 to 40427 [ 237.983912][ T5676] EXT4-fs (loop4): Test dummy encryption mode enabled [ 238.022958][ T5676] EXT4-fs (loop4): Can't change test_dummy_encryption on remount [ 238.677167][ T4184] Bluetooth: hci4: link tx timeout [ 238.682807][ T4184] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 238.690616][ T4184] Bluetooth: hci4: link tx timeout [ 238.695739][ T4184] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 238.828196][ T5677] F2FS-fs (loop3): Found nat_bits in checkpoint [ 238.929659][ T5677] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 240.727434][ T4241] Bluetooth: hci4: command 0x0406 tx timeout [ 240.986756][ T5701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.357'. [ 243.687087][ T5716] loop2: detected capacity change from 0 to 512 [ 243.761817][ T5716] EXT4-fs (loop2): Test dummy encryption mode enabled [ 244.279101][ T5716] EXT4-fs (loop2): Can't change test_dummy_encryption on remount [ 244.764007][ T5714] netlink: 16 bytes leftover after parsing attributes in process `syz.3.361'. [ 245.672707][ T5744] loop2: detected capacity change from 0 to 256 [ 245.851394][ T5744] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 246.756735][ T26] audit: type=1800 audit(1753800384.482:14): pid=5744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.369" name="file1" dev="loop2" ino=1048597 res=0 errno=0 [ 246.999029][ T4190] Bluetooth: hci4: command 0x0405 tx timeout [ 249.554222][ T5770] netlink: 76 bytes leftover after parsing attributes in process `syz.2.376'. [ 250.592304][ T5774] loop4: detected capacity change from 0 to 512 [ 250.678517][ T5774] EXT4-fs (loop4): Test dummy encryption mode enabled [ 250.715676][ T5774] EXT4-fs (loop4): Can't change test_dummy_encryption on remount [ 250.750969][ T5774] 9pnet: Could not find request transport: fd0x0000000000000003 [ 251.911262][ T5790] loop3: detected capacity change from 0 to 2048 [ 252.634863][ T5797] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 252.750612][ T26] audit: type=1800 audit(1753800390.482:15): pid=5790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.384" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 252.793029][ T5778] loop2: detected capacity change from 0 to 40427 [ 252.829876][ T5790] NILFS (loop3): error -2 truncating bmap (ino=16) [ 252.950504][ T5800] loop4: detected capacity change from 0 to 256 [ 252.960339][ T5778] F2FS-fs (loop2): Found nat_bits in checkpoint [ 253.241816][ T5800] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 253.796596][ T26] audit: type=1800 audit(1753800391.522:16): pid=5800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.386" name="file1" dev="loop4" ino=1048598 res=0 errno=0 [ 254.659530][ T5822] netlink: 16 bytes leftover after parsing attributes in process `syz.1.390'. [ 255.151578][ T5827] netlink: 76 bytes leftover after parsing attributes in process `syz.4.392'. [ 255.620975][ T4184] Bluetooth: hci2: Received unexpected HCI Event 00000000 [ 255.692344][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.700923][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.521597][ T5856] netlink: set zone limit has 8 unknown bytes [ 258.768612][ T5858] loop2: detected capacity change from 0 to 40427 [ 258.924429][ T5858] F2FS-fs (loop2): Found nat_bits in checkpoint [ 259.049862][ T5858] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 259.490398][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.498350][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.300975][ T5874] netlink: 76 bytes leftover after parsing attributes in process `syz.2.405'. [ 265.899130][ T5830] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 265.967809][ T5830] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.444909][ T5909] loop3: detected capacity change from 0 to 40427 [ 267.483764][ T5830] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.512887][ T5830] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.525075][ T5830] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.537028][ T5830] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.548699][ T5909] F2FS-fs (loop3): Found nat_bits in checkpoint [ 267.612573][ T5909] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 267.882674][ T5859] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 269.036666][ T5929] netlink: 76 bytes leftover after parsing attributes in process `syz.2.417'. [ 269.853942][ T5931] netlink: 'syz.4.419': attribute type 12 has an invalid length. [ 270.044266][ T5935] loop3: detected capacity change from 0 to 128 [ 270.101604][ T5935] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 270.215978][ T5935] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.905884][ T5939] netlink: 16 bytes leftover after parsing attributes in process `syz.2.421'. [ 271.326752][ T5946] loop0: detected capacity change from 0 to 512 [ 271.396549][ T5946] EXT4-fs (loop0): Ignoring removed bh option [ 271.441452][ T5946] EXT4-fs (loop0): orphan cleanup on readonly fs [ 271.475876][ T5946] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.423: bg 0: block 248: padding at end of block bitmap is not set [ 271.505975][ T5946] Quota error (device loop0): write_blk: dquota write failed [ 271.587536][ T5946] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 271.608067][ T5946] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.423: Failed to acquire dquot type 1 [ 271.688807][ T5946] EXT4-fs (loop0): 1 truncate cleaned up [ 271.704515][ T5946] EXT4-fs (loop0): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 273.185775][ T5964] loop0: detected capacity change from 0 to 16 [ 273.203713][ T5964] erofs: (device loop0): mounted with root inode @ nid 36. [ 273.217632][ T26] audit: type=1800 audit(1753800410.952:17): pid=5964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.427" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 273.375870][ T5952] loop2: detected capacity change from 0 to 40427 [ 273.447419][ T5952] F2FS-fs (loop2): Found nat_bits in checkpoint [ 273.530414][ T5952] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 273.797856][ T5961] loop4: detected capacity change from 0 to 32768 [ 274.412257][ T4187] attempt to access beyond end of device [ 274.412257][ T4187] loop2: rw=2049, want=45104, limit=40427 [ 274.544237][ T5961] XFS (loop4): Mounting V5 Filesystem [ 275.315658][ T5961] XFS (loop4): Ending clean mount [ 275.856276][ T4182] XFS (loop4): Unmounting Filesystem [ 278.194257][ T5999] loop2: detected capacity change from 0 to 40427 [ 278.324892][ T5999] F2FS-fs (loop2): Found nat_bits in checkpoint [ 278.419941][ T5999] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 278.781146][ T6010] netlink: 'syz.1.438': attribute type 12 has an invalid length. [ 279.664135][ T6020] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 287.017059][ T6058] loop4: detected capacity change from 0 to 128 [ 287.862237][ T6058] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 287.877687][ T6058] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 287.941868][ T6068] loop3: detected capacity change from 0 to 128 [ 288.387270][ T6068] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 288.475099][ T6068] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 290.750780][ T6089] loop3: detected capacity change from 0 to 32768 [ 300.160105][ T6138] loop0: detected capacity change from 0 to 16 [ 300.902164][ T6138] erofs: (device loop0): mounted with root inode @ nid 36. [ 300.917562][ T26] audit: type=1800 audit(1753800438.652:18): pid=6137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.468" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 302.340157][ T6132] loop2: detected capacity change from 0 to 40427 [ 302.508988][ T6132] F2FS-fs (loop2): Found nat_bits in checkpoint [ 302.713325][ T6132] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 303.667812][ T4187] attempt to access beyond end of device [ 303.667812][ T4187] loop2: rw=2049, want=45104, limit=40427 [ 306.072390][ T6185] loop0: detected capacity change from 0 to 512 [ 306.113740][ T6185] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 306.157945][ T6185] EXT4-fs (loop0): invalid journal inode [ 306.182805][ T6185] EXT4-fs (loop0): can't get journal size [ 306.213314][ T6190] netlink: 8 bytes leftover after parsing attributes in process `syz.3.479'. [ 306.243388][ T6185] EXT4-fs (loop0): 1 truncate cleaned up [ 306.249455][ T6185] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 308.389479][ T6206] loop0: detected capacity change from 0 to 16 [ 308.438026][ T6206] erofs: (device loop0): mounted with root inode @ nid 36. [ 308.536982][ T26] audit: type=1800 audit(1753800446.262:19): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.482" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 309.728556][ T6226] loop1: detected capacity change from 0 to 256 [ 310.091603][ T6226] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 310.237382][ T26] audit: type=1800 audit(1753800447.942:20): pid=6226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.490" name="file1" dev="loop1" ino=1048599 res=0 errno=0 [ 310.298846][ T6213] loop2: detected capacity change from 0 to 40427 [ 310.522312][ T6233] loop3: detected capacity change from 0 to 512 [ 310.910476][ T6233] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 310.927167][ T6233] EXT4-fs (loop3): invalid journal inode [ 310.933402][ T6233] EXT4-fs (loop3): can't get journal size [ 310.948799][ T6233] EXT4-fs (loop3): 1 truncate cleaned up [ 310.965321][ T6233] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 311.053660][ T6213] F2FS-fs (loop2): Found nat_bits in checkpoint [ 314.319058][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.499'. [ 314.474082][ T6272] loop4: detected capacity change from 0 to 128 [ 314.925136][ T6272] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 315.200975][ T6272] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.966252][ T6282] loop2: detected capacity change from 0 to 512 [ 316.075224][ T6282] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 316.097657][ T6282] EXT4-fs (loop2): invalid journal inode [ 316.103461][ T6282] EXT4-fs (loop2): can't get journal size [ 316.298441][ T6282] EXT4-fs (loop2): 1 truncate cleaned up [ 316.314285][ T6282] EXT4-fs (loop2): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 317.002914][ T6296] loop2: detected capacity change from 0 to 16 [ 317.037496][ T6296] erofs: (device loop2): mounted with root inode @ nid 36. [ 317.248599][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.254931][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.117270][ T26] audit: type=1800 audit(1753800455.092:21): pid=6298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.508" name="file1" dev="loop2" ino=86 res=0 errno=0 [ 318.562407][ T6289] loop4: detected capacity change from 0 to 40427 [ 318.620324][ T6289] F2FS-fs (loop4): Found nat_bits in checkpoint [ 322.793329][ T6333] netlink: 16 bytes leftover after parsing attributes in process `syz.3.519'. [ 322.930097][ T6341] loop4: detected capacity change from 0 to 128 [ 325.240358][ T6341] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 325.297548][ T6341] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 326.580463][ T6363] loop0: detected capacity change from 0 to 512 [ 326.884014][ T6363] EXT4-fs (loop0): Ignoring removed bh option [ 326.954864][ T6363] EXT4-fs (loop0): orphan cleanup on readonly fs [ 327.006378][ T6363] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.527: bg 0: block 248: padding at end of block bitmap is not set [ 327.092943][ T6363] Quota error (device loop0): write_blk: dquota write failed [ 327.127353][ T6363] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 327.176471][ T6363] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.527: Failed to acquire dquot type 1 [ 327.353582][ T6363] EXT4-fs (loop0): 1 truncate cleaned up [ 327.381037][ T6376] loop1: detected capacity change from 0 to 128 [ 327.401479][ T6363] EXT4-fs (loop0): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 327.618009][ T6376] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 327.694147][ T6376] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 330.142927][ T6403] loop3: detected capacity change from 0 to 128 [ 330.407102][ T6403] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 330.591947][ T6403] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.495212][ T6437] loop0: detected capacity change from 0 to 512 [ 335.616578][ T6437] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 335.673279][ T6437] EXT4-fs (loop0): invalid journal inode [ 335.710001][ T6437] EXT4-fs (loop0): can't get journal size [ 335.757404][ T6437] EXT4-fs (loop0): 1 truncate cleaned up [ 335.763184][ T6437] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 335.875198][ T6444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.546'. [ 341.564895][ T6471] netlink: 16 bytes leftover after parsing attributes in process `syz.3.553'. [ 341.711776][ T6492] loop1: detected capacity change from 0 to 512 [ 341.822549][ T6492] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 341.857703][ T6492] EXT4-fs (loop1): invalid journal inode [ 341.902244][ T6492] EXT4-fs (loop1): can't get journal size [ 341.939844][ T6492] EXT4-fs (loop1): 1 truncate cleaned up [ 341.946049][ T6492] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 342.623113][ T6502] netlink: 40 bytes leftover after parsing attributes in process `syz.1.561'. [ 342.645674][ T6502] netlink: 3 bytes leftover after parsing attributes in process `syz.1.561'. [ 343.937901][ T6511] loop2: detected capacity change from 0 to 1024 [ 344.562498][ T4427] hfsplus: b-tree write err: -5, ino 4 [ 346.296666][ T6534] loop0: detected capacity change from 0 to 512 [ 346.368480][ T6534] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 346.427799][ T6534] EXT4-fs (loop0): invalid journal inode [ 346.449539][ T6534] EXT4-fs (loop0): can't get journal size [ 346.654411][ T6534] EXT4-fs (loop0): 1 truncate cleaned up [ 346.669472][ T6534] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 348.924536][ T6557] netlink: 16 bytes leftover after parsing attributes in process `syz.3.575'. [ 352.987355][ T6587] loop3: detected capacity change from 0 to 128 [ 353.095777][ T6587] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 353.134903][ T6587] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 354.093906][ T6597] loop2: detected capacity change from 0 to 2048 [ 355.322483][ T6606] loop2: detected capacity change from 0 to 2048 [ 355.889326][ T6606] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 356.009293][ T6606] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 356.032287][ T6606] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 356.070316][ T6606] UDF-fs: Scanning with blocksize 512 failed [ 356.367245][ T6606] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 356.596642][ T6608] netlink: 16 bytes leftover after parsing attributes in process `syz.3.591'. [ 357.495278][ T6628] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 357.522537][ T6628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 357.531026][ T6628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 357.565490][ T6632] loop1: detected capacity change from 0 to 128 [ 358.034895][ T6632] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 358.356991][ T6632] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 358.904277][ T6646] loop0: detected capacity change from 0 to 512 [ 359.767738][ T6646] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrjquota=,,errors=continue. Quota mode: none. [ 360.788564][ T6664] netlink: 16 bytes leftover after parsing attributes in process `syz.3.607'. [ 365.229912][ T6689] loop3: detected capacity change from 0 to 128 [ 365.442902][ T6689] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 366.110030][ T6689] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 366.134203][ T6698] blktrace: Concurrent blktraces are not allowed on loop4 [ 368.329381][ T6721] netlink: 16 bytes leftover after parsing attributes in process `syz.1.620'. [ 372.419583][ T6741] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 375.597524][ T6769] netlink: 16 bytes leftover after parsing attributes in process `syz.4.636'. [ 378.898783][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.905331][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.033613][ T6798] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 380.345661][ T6803] xt_connbytes: Forcing CT accounting to be enabled [ 380.352510][ T6803] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 380.364321][ T6803] xt_bpf: check failed: parse error [ 382.136728][ T6815] netlink: 76 bytes leftover after parsing attributes in process `syz.1.648'. [ 383.000163][ T6826] netlink: 16 bytes leftover after parsing attributes in process `syz.4.650'. [ 383.762124][ T6830] vivid-002: disconnect [ 384.928166][ T6824] vivid-002: reconnect [ 385.393626][ T6836] netlink: 16 bytes leftover after parsing attributes in process `syz.1.653'. [ 397.146570][ T6896] netlink: 16 bytes leftover after parsing attributes in process `syz.4.672'. [ 399.488567][ T6936] overlayfs: overlapping lowerdir path [ 400.389602][ T6953] netlink: 16 bytes leftover after parsing attributes in process `syz.2.686'. [ 401.900603][ T6941] loop3: detected capacity change from 0 to 40427 [ 402.031488][ T6941] F2FS-fs (loop3): Found nat_bits in checkpoint [ 403.595180][ T6984] blk_update_request: I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 403.606809][ T6984] hfsplus: unable to find HFS+ superblock [ 404.235087][ T6981] netlink: 16 bytes leftover after parsing attributes in process `syz.2.692'. [ 405.020914][ T6997] loop0: detected capacity change from 0 to 128 [ 405.087131][ T6997] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 405.223549][ T6997] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 409.382314][ T7041] netlink: 76 bytes leftover after parsing attributes in process `syz.1.709'. [ 409.521922][ T7040] blk_update_request: I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 409.533423][ T7040] hfsplus: unable to find HFS+ superblock [ 410.602291][ T7047] loop0: detected capacity change from 0 to 128 [ 411.161318][ T7047] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 411.176335][ T7047] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 411.855726][ T7070] loop3: detected capacity change from 0 to 512 [ 412.201196][ T7070] EXT4-fs (loop3): orphan cleanup on readonly fs [ 412.209492][ T7070] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.720: bg 0: block 248: padding at end of block bitmap is not set [ 412.225112][ T7070] Quota error (device loop3): write_blk: dquota write failed [ 412.232654][ T7070] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 412.242716][ T7070] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.720: Failed to acquire dquot type 1 [ 412.256985][ T7070] EXT4-fs (loop3): 1 truncate cleaned up [ 412.263378][ T7070] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 412.530475][ T7079] netlink: 40 bytes leftover after parsing attributes in process `syz.0.723'. [ 412.643944][ T7079] netlink: 3 bytes leftover after parsing attributes in process `syz.0.723'. [ 413.270878][ T7094] xt_connbytes: Forcing CT accounting to be enabled [ 413.278525][ T7094] xt_bpf: check failed: parse error [ 414.148391][ T7099] loop3: detected capacity change from 0 to 512 [ 414.259317][ T7099] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=,,errors=continue. Quota mode: none. [ 414.846825][ T7102] netlink: 16 bytes leftover after parsing attributes in process `syz.0.731'. [ 414.873495][ T7081] loop2: detected capacity change from 0 to 40427 [ 415.004137][ T7081] F2FS-fs (loop2): Found nat_bits in checkpoint [ 415.183242][ T7081] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 415.249537][ T7123] loop4: detected capacity change from 0 to 512 [ 415.366827][ T7129] netlink: set zone limit has 8 unknown bytes [ 416.647062][ T4187] attempt to access beyond end of device [ 416.647062][ T4187] loop2: rw=2049, want=45104, limit=40427 [ 416.688899][ T7123] EXT4-fs (loop4): orphan cleanup on readonly fs [ 416.702512][ T7123] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.736: bg 0: block 248: padding at end of block bitmap is not set [ 416.723378][ T7123] Quota error (device loop4): write_blk: dquota write failed [ 416.731429][ T7123] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 416.741738][ T7123] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.736: Failed to acquire dquot type 1 [ 416.770575][ T7123] EXT4-fs (loop4): 1 truncate cleaned up [ 416.779510][ T7123] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 422.781818][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.755'. [ 426.647456][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.766'. [ 427.484860][ T7233] netlink: 16 bytes leftover after parsing attributes in process `syz.0.767'. [ 429.474254][ T7250] loop1: detected capacity change from 0 to 32768 [ 429.871889][ T7254] xt_bpf: check failed: parse error [ 430.801829][ T7260] loop2: detected capacity change from 0 to 256 [ 431.726846][ T7260] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 431.914268][ T26] audit: type=1800 audit(1753800569.642:22): pid=7260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.775" name="file1" dev="loop2" ino=1048600 res=0 errno=0 [ 432.940532][ T7275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.778'. [ 433.623072][ T7282] loop0: detected capacity change from 0 to 128 [ 433.925997][ T7282] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 433.958633][ T7285] netlink: 16 bytes leftover after parsing attributes in process `syz.2.780'. [ 434.073726][ T7282] ext4 filesystem being mounted at /146/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 436.453345][ T7301] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 436.782649][ T7301] xt_connbytes: Forcing CT accounting to be enabled [ 436.789403][ T7301] xt_bpf: check failed: parse error [ 437.737057][ T7319] loop2: detected capacity change from 0 to 256 [ 437.909407][ T7319] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 437.974950][ T26] audit: type=1800 audit(1753800575.702:23): pid=7319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.791" name="file1" dev="loop2" ino=1048601 res=0 errno=0 [ 438.623944][ T7328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.792'. [ 439.291602][ T7325] netlink: 16 bytes leftover after parsing attributes in process `syz.3.793'. [ 440.018118][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.028900][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.058576][ T7348] netlink: set zone limit has 8 unknown bytes [ 441.135074][ T7354] xt_bpf: check failed: parse error [ 442.300499][ T7366] loop3: detected capacity change from 0 to 512 [ 442.377649][ T7366] EXT4-fs (loop3): orphan cleanup on readonly fs [ 442.385857][ T7366] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.802: bg 0: block 248: padding at end of block bitmap is not set [ 442.408927][ T7366] Quota error (device loop3): write_blk: dquota write failed [ 442.416400][ T7366] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 442.426523][ T7366] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.802: Failed to acquire dquot type 1 [ 442.584273][ T7366] EXT4-fs (loop3): 1 truncate cleaned up [ 442.590569][ T7366] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 443.630614][ T7384] loop3: detected capacity change from 0 to 256 [ 444.157659][ T7384] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 444.185808][ T26] audit: type=1800 audit(1753800581.912:24): pid=7384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.805" name="file1" dev="loop3" ino=1048602 res=0 errno=0 [ 445.439226][ T7395] loop0: detected capacity change from 0 to 128 [ 445.608204][ T7395] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 445.652179][ T7395] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 445.848428][ T7398] netlink: 16 bytes leftover after parsing attributes in process `syz.3.809'. [ 447.083914][ T7416] netlink: set zone limit has 8 unknown bytes [ 448.580330][ T7428] loop2: detected capacity change from 0 to 512 [ 448.653439][ T7428] EXT4-fs (loop2): orphan cleanup on readonly fs [ 448.661473][ T7428] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.816: bg 0: block 248: padding at end of block bitmap is not set [ 448.789357][ T7428] Quota error (device loop2): write_blk: dquota write failed [ 448.796900][ T7428] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 448.807614][ T7428] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.816: Failed to acquire dquot type 1 [ 448.827036][ T7428] EXT4-fs (loop2): 1 truncate cleaned up [ 448.833576][ T7428] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 449.078254][ T7434] netlink: 16 bytes leftover after parsing attributes in process `syz.1.817'. [ 454.593009][ T7461] loop2: detected capacity change from 0 to 128 [ 454.898720][ T7465] loop1: detected capacity change from 0 to 2048 [ 455.068148][ T7461] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 455.389123][ T7461] ext4 filesystem being mounted at /174/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 455.588521][ T7465] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 456.199984][ T7475] loop1: detected capacity change from 0 to 512 [ 458.559010][ T7475] EXT4-fs (loop1): orphan cleanup on readonly fs [ 458.566947][ T7475] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.829: bg 0: block 248: padding at end of block bitmap is not set [ 458.586625][ T7475] Quota error (device loop1): write_blk: dquota write failed [ 458.596093][ T7475] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 458.606446][ T7475] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.829: Failed to acquire dquot type 1 [ 458.696264][ T7475] EXT4-fs (loop1): 1 truncate cleaned up [ 459.361901][ T7475] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 460.607429][ T7491] netlink: 16 bytes leftover after parsing attributes in process `syz.3.833'. [ 461.991405][ T7505] loop1: detected capacity change from 0 to 512 [ 462.009163][ T7504] loop4: detected capacity change from 0 to 1024 [ 462.091595][ T7505] EXT4-fs (loop1): Ignoring removed bh option [ 462.169037][ T7505] EXT4-fs (loop1): orphan cleanup on readonly fs [ 462.186515][ T7505] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.837: bg 0: block 248: padding at end of block bitmap is not set [ 462.285745][ T7505] Quota error (device loop1): write_blk: dquota write failed [ 462.312727][ T7505] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 462.387393][ T7505] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.837: Failed to acquire dquot type 1 [ 462.403279][ T7509] loop4: detected capacity change from 0 to 128 [ 462.428667][ T7505] EXT4-fs (loop1): 1 truncate cleaned up [ 462.448544][ T7505] EXT4-fs (loop1): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 462.574404][ T7509] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 462.735369][ T7509] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 464.018118][ T7519] loop0: detected capacity change from 0 to 512 [ 464.121510][ T7519] EXT4-fs (loop0): orphan cleanup on readonly fs [ 464.129599][ T7519] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.842: bg 0: block 248: padding at end of block bitmap is not set [ 464.213305][ T7519] Quota error (device loop0): write_blk: dquota write failed [ 464.220867][ T7519] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 464.231008][ T7519] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.842: Failed to acquire dquot type 1 [ 464.248596][ T7519] EXT4-fs (loop0): 1 truncate cleaned up [ 464.587382][ T7519] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 465.090678][ T7532] loop3: detected capacity change from 0 to 16 [ 465.170303][ T7532] erofs: (device loop3): mounted with root inode @ nid 36. [ 466.101940][ T26] audit: type=1800 audit(1753800603.832:25): pid=7538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.845" name="file1" dev="loop3" ino=86 res=0 errno=0 [ 472.505473][ T26] audit: type=1326 audit(1753800610.232:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.2.854" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f19aa09a9 code=0x0 [ 472.588326][ T7567] loop3: detected capacity change from 0 to 512 [ 472.617583][ T7567] EXT4-fs (loop3): orphan cleanup on readonly fs [ 472.626702][ T7567] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.855: bg 0: block 248: padding at end of block bitmap is not set [ 472.649246][ T7567] Quota error (device loop3): write_blk: dquota write failed [ 472.656757][ T7567] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 472.667272][ T7567] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.855: Failed to acquire dquot type 1 [ 472.689821][ T7567] EXT4-fs (loop3): 1 truncate cleaned up [ 472.709008][ T7567] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 474.647719][ T7581] loop2: detected capacity change from 0 to 512 [ 474.673857][ T7583] syz.3.859 uses obsolete (PF_INET,SOCK_PACKET) [ 474.717777][ T7581] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 474.917632][ T7589] block device autoloading is deprecated and will be removed. [ 478.333573][ T7618] loop2: detected capacity change from 0 to 512 [ 478.348212][ T7617] 9pnet: Could not find request transport: fd00000000000000000000007 [ 478.561447][ T7618] EXT4-fs (loop2): orphan cleanup on readonly fs [ 478.609050][ T7618] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.870: bg 0: block 248: padding at end of block bitmap is not set [ 478.624496][ T7618] Quota error (device loop2): write_blk: dquota write failed [ 478.632082][ T7618] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 478.642152][ T7618] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.870: Failed to acquire dquot type 1 [ 478.655581][ T7618] EXT4-fs (loop2): 1 truncate cleaned up [ 478.668619][ T7618] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 478.990469][ T7614] loop1: detected capacity change from 0 to 40427 [ 479.054052][ T7614] F2FS-fs (loop1): Found nat_bits in checkpoint [ 479.201245][ T7614] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 480.753075][ T7627] loop3: detected capacity change from 0 to 262144 [ 481.053476][ T7636] loop2: detected capacity change from 0 to 512 [ 481.093650][ T4183] attempt to access beyond end of device [ 481.093650][ T4183] loop1: rw=2049, want=45104, limit=40427 [ 481.113605][ T7636] EXT4-fs (loop2): Ignoring removed bh option [ 481.149259][ T7627] F2FS-fs (loop3): invalid crc value [ 481.180487][ T7636] EXT4-fs (loop2): orphan cleanup on readonly fs [ 481.220936][ T7627] F2FS-fs (loop3): Found nat_bits in checkpoint [ 481.255419][ T7636] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.875: bg 0: block 248: padding at end of block bitmap is not set [ 481.327430][ T7627] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 481.379639][ T7636] Quota error (device loop2): write_blk: dquota write failed [ 481.671300][ T7636] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 481.880691][ T7636] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.875: Failed to acquire dquot type 1 [ 482.105806][ T7636] EXT4-fs (loop2): 1 truncate cleaned up [ 482.217584][ T7636] EXT4-fs (loop2): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 482.605753][ T7647] loop0: detected capacity change from 0 to 4096 [ 485.101247][ T7673] loop3: detected capacity change from 0 to 512 [ 485.848990][ T7673] EXT4-fs (loop3): orphan cleanup on readonly fs [ 485.857002][ T7673] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.885: bg 0: block 248: padding at end of block bitmap is not set [ 485.875250][ T7673] Quota error (device loop3): write_blk: dquota write failed [ 485.883419][ T7673] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 485.893454][ T7673] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.885: Failed to acquire dquot type 1 [ 485.933060][ T7673] EXT4-fs (loop3): 1 truncate cleaned up [ 485.988869][ T7673] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 487.291676][ T7693] loop4: detected capacity change from 0 to 512 [ 487.544789][ T7701] netlink: set zone limit has 8 unknown bytes [ 487.603493][ T7693] EXT4-fs (loop4): Ignoring removed bh option [ 488.935777][ T7693] EXT4-fs (loop4): orphan cleanup on readonly fs [ 488.948731][ T7711] netlink: 16 bytes leftover after parsing attributes in process `syz.1.895'. [ 488.995780][ T7693] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.891: bg 0: block 248: padding at end of block bitmap is not set [ 489.042319][ T7683] loop0: detected capacity change from 0 to 40427 [ 489.073839][ T7693] Quota error (device loop4): write_blk: dquota write failed [ 489.414902][ T7718] loop2: detected capacity change from 0 to 40427 [ 490.547386][ T7693] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 490.603909][ T7693] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.891: Failed to acquire dquot type 1 [ 490.622909][ T7693] EXT4-fs (loop4): 1 truncate cleaned up [ 490.630947][ T7693] EXT4-fs (loop4): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 492.368398][ T7718] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 492.376325][ T7718] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 492.387724][ T7718] F2FS-fs (loop2): invalid crc value [ 492.393108][ T7718] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-12) [ 496.594283][ T7742] loop3: detected capacity change from 0 to 32768 [ 496.697604][ T7742] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.903 (7742) [ 497.051470][ T7742] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 497.092845][ T7742] BTRFS info (device loop3): using free space tree [ 497.121921][ T7742] BTRFS info (device loop3): has skinny extents [ 497.178381][ T7745] loop0: detected capacity change from 0 to 32768 [ 497.269303][ T7745] [ 497.269303][ T7745] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 497.269303][ T7745] [ 497.611830][ T7742] BTRFS info (device loop3): enabling ssd optimizations [ 497.668339][ T4191] [ 497.668339][ T4191] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 497.668339][ T4191] [ 497.690134][ T4191] [ 497.690134][ T4191] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 497.690134][ T4191] [ 498.009774][ T7779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.907'. [ 499.590322][ T7788] loop4: detected capacity change from 0 to 512 [ 499.682835][ T7788] EXT4-fs (loop4): Ignoring removed bh option [ 501.460319][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.466661][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.859296][ T7788] EXT4-fs (loop4): orphan cleanup on readonly fs [ 501.876844][ T7788] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.911: bg 0: block 248: padding at end of block bitmap is not set [ 503.376814][ T7788] Quota error (device loop4): write_blk: dquota write failed [ 503.416457][ T7815] loop1: detected capacity change from 0 to 128 [ 503.466402][ T7788] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 503.534755][ T7788] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.911: Failed to acquire dquot type 1 [ 503.638744][ T7788] EXT4-fs (loop4): 1 truncate cleaned up [ 503.644990][ T7788] EXT4-fs (loop4): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 503.761638][ T7818] netlink: 16 bytes leftover after parsing attributes in process `syz.2.918'. [ 503.909091][ T7825] loop4: detected capacity change from 0 to 2048 [ 503.992065][ T7825] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 505.707646][ T7822] loop0: detected capacity change from 0 to 32768 [ 505.771049][ T7822] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.921 (7822) [ 506.765971][ T7822] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 506.868095][ T7822] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 507.033527][ T7822] BTRFS info (device loop0): use zstd compression, level 3 [ 507.069992][ T7822] BTRFS info (device loop0): using free space tree [ 507.226504][ T7854] loop4: detected capacity change from 0 to 2048 [ 507.832562][ T7822] BTRFS info (device loop0): has skinny extents [ 507.908507][ T7854] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 507.957355][ T7853] xt_CT: You must specify a L4 protocol and not use inversions on it [ 508.588777][ T7822] BTRFS error (device loop0): open_ctree failed: -12 [ 508.824967][ T7881] loop4: detected capacity change from 0 to 512 [ 508.906499][ T7881] EXT4-fs (loop4): Ignoring removed bh option [ 508.954259][ T7881] EXT4-fs (loop4): orphan cleanup on readonly fs [ 509.016476][ T7881] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.930: bg 0: block 248: padding at end of block bitmap is not set [ 509.095987][ T7881] Quota error (device loop4): write_blk: dquota write failed [ 509.107287][ T7881] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 509.141703][ T7884] loop0: detected capacity change from 0 to 2048 [ 509.147273][ T7881] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.930: Failed to acquire dquot type 1 [ 509.180725][ T7881] EXT4-fs (loop4): 1 truncate cleaned up [ 509.219485][ T7881] EXT4-fs (loop4): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 509.248713][ T7884] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 509.658387][ T7888] loop1: detected capacity change from 0 to 1764 [ 509.820595][ T7880] loop2: detected capacity change from 0 to 40427 [ 509.916770][ T7880] F2FS-fs (loop2): Found nat_bits in checkpoint [ 510.060922][ T7880] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 511.712788][ T4187] attempt to access beyond end of device [ 511.712788][ T4187] loop2: rw=2049, want=45104, limit=40427 [ 512.322257][ T7914] netlink: 4 bytes leftover after parsing attributes in process `syz.1.941'. [ 512.367330][ T7914] device bridge_slave_1 left promiscuous mode [ 512.373738][ T7914] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.414020][ T7914] device bridge_slave_0 left promiscuous mode [ 512.437572][ T7914] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.466154][ T7890] loop0: detected capacity change from 0 to 32768 [ 512.495132][ T7890] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.934 (7890) [ 512.555091][ T7890] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 512.622211][ T7890] BTRFS info (device loop0): force clearing of disk cache [ 512.654470][ T7890] BTRFS info (device loop0): enabling auto defrag [ 512.713035][ T7890] BTRFS info (device loop0): max_inline at 0 [ 512.733292][ T7890] BTRFS info (device loop0): enabling disk space caching [ 512.831013][ T7890] BTRFS info (device loop0): disk space caching is enabled [ 512.871721][ T7890] BTRFS info (device loop0): has skinny extents [ 513.164999][ T7942] loop1: detected capacity change from 0 to 128 [ 513.590378][ T7890] BTRFS error (device loop0): open_ctree failed: -12 [ 515.470543][ T7959] loop2: detected capacity change from 0 to 32768 [ 515.562065][ T7959] (syz.2.951,7959,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 515.632139][ T7959] (syz.2.951,7959,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 515.746473][ T7959] JBD2: Ignoring recovery information on journal [ 515.918031][ T7966] loop0: detected capacity change from 0 to 40427 [ 515.967058][ T7959] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 516.035271][ T7966] F2FS-fs (loop0): Found nat_bits in checkpoint [ 516.281145][ T7966] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 517.031648][ T4187] ocfs2: Unmounting device (7,2) on (node local) [ 517.179699][ T4191] attempt to access beyond end of device [ 517.179699][ T4191] loop0: rw=2049, want=45104, limit=40427 [ 518.177667][ T7982] netlink: 16 bytes leftover after parsing attributes in process `syz.2.953'. [ 521.472930][ T8013] loop3: detected capacity change from 0 to 4096 [ 521.769276][ T8013] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 521.813530][ T8013] ntfs3: loop3: Failed to load $AttrDef -> 0 [ 522.056566][ T8027] loop1: detected capacity change from 0 to 32768 [ 522.198081][ T8027] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 522.223027][ T26] audit: type=1804 audit(1753800659.952:27): pid=8027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.968" name="/newroot/194/file1/file0" dev="loop1" ino=17058 res=1 errno=0 [ 522.426430][ T4183] ocfs2: Unmounting device (7,1) on (node local) [ 522.671114][ T8020] loop0: detected capacity change from 0 to 40427 [ 522.743990][ T8020] F2FS-fs (loop0): Found nat_bits in checkpoint [ 522.906523][ T8020] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 523.879658][ T4191] attempt to access beyond end of device [ 523.879658][ T4191] loop0: rw=2049, want=45104, limit=40427 [ 525.514861][ T8052] loop1: detected capacity change from 0 to 40427 [ 525.750569][ T8052] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff [ 526.109124][ T8052] F2FS-fs (loop1): invalid crc value [ 526.203952][ T8052] F2FS-fs (loop1): Found nat_bits in checkpoint [ 526.357213][ T8052] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 527.332279][ T8052] F2FS-fs (loop1) : inject no more block in inc_valid_block_count of __allocate_data_block+0x472/0x9e0 [ 527.523959][ T8071] netlink: 76 bytes leftover after parsing attributes in process `syz.4.977'. [ 528.398269][ T8076] device wlan1 entered promiscuous mode [ 528.467002][ T8077] xt_bpf: check failed: parse error [ 529.020768][ T8080] loop3: detected capacity change from 0 to 512 [ 529.037016][ T4183] attempt to access beyond end of device [ 529.037016][ T4183] loop1: rw=2049, want=45112, limit=40427 [ 529.098918][ T8080] EXT4-fs (loop3): Unrecognized mount option "fsuuid=d 6fef [ 529.098918][ T8080] c-155b-9U9a-2c i-5033f538" or missing value [ 529.304617][ T8083] loop4: detected capacity change from 0 to 4096 [ 529.334999][ T8083] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 530.852932][ T8098] loop1: detected capacity change from 0 to 512 [ 531.736343][ T8098] EXT4-fs (loop1): Unrecognized mount option "fsuuid=d 6fef [ 531.736343][ T8098] c-155b-9U9a-2c i-5033f538" or missing value [ 531.781617][ T8102] netlink: 16 bytes leftover after parsing attributes in process `syz.0.987'. [ 534.342085][ T8119] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 535.303547][ T8124] loop4: detected capacity change from 0 to 512 [ 535.496179][ T8129] loop3: detected capacity change from 0 to 512 [ 535.524071][ T8124] EXT4-fs (loop4): Ignoring removed bh option [ 535.605780][ T8124] EXT4-fs (loop4): orphan cleanup on readonly fs [ 535.623571][ T8124] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.991: bg 0: block 248: padding at end of block bitmap is not set [ 535.679646][ T8124] Quota error (device loop4): write_blk: dquota write failed [ 535.688441][ T8124] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 535.701302][ T8124] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.991: Failed to acquire dquot type 1 [ 535.722065][ T8124] EXT4-fs (loop4): 1 truncate cleaned up [ 535.740323][ T8124] EXT4-fs (loop4): mounted filesystem without journal. Opts: bh,nolazytime,noblock_validity,barrier,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 537.425812][ T8153] debugfs: File 'dropped' in directory 'loop6' already present! [ 537.434446][ T8153] debugfs: File 'msg' in directory 'loop6' already present! [ 537.442727][ T8153] debugfs: File 'trace0' in directory 'loop6' already present! [ 539.155390][ T8157] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1001'. [ 539.371582][ T8164] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1003'. [ 540.106706][ T8171] xt_bpf: check failed: parse error [ 540.121359][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1005'. [ 541.703840][ T8186] loop2: detected capacity change from 0 to 512 [ 541.830140][ T8186] EXT4-fs (loop2): orphan cleanup on readonly fs [ 541.839090][ T8186] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1009: bg 0: block 248: padding at end of block bitmap is not set [ 541.855914][ T8186] Quota error (device loop2): write_blk: dquota write failed [ 541.863440][ T8186] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 541.873533][ T8186] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.1009: Failed to acquire dquot type 1 [ 541.893319][ T8186] EXT4-fs (loop2): 1 truncate cleaned up [ 541.901887][ T8186] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 544.725931][ T8197] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 545.001751][ T8201] debugfs: File 'dropped' in directory 'loop2' already present! [ 545.009645][ T8201] debugfs: File 'msg' in directory 'loop2' already present! [ 545.017750][ T8201] debugfs: File 'trace0' in directory 'loop2' already present! [ 547.301192][ T8217] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1018'. [ 549.044635][ T8228] loop3: detected capacity change from 0 to 512 [ 549.100199][ T8228] EXT4-fs (loop3): orphan cleanup on readonly fs [ 549.111915][ T8228] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1021: bg 0: block 248: padding at end of block bitmap is not set [ 549.132721][ T8228] Quota error (device loop3): write_blk: dquota write failed [ 549.140283][ T8228] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 549.150265][ T8228] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.1021: Failed to acquire dquot type 1 [ 549.191218][ T8228] EXT4-fs (loop3): 1 truncate cleaned up [ 549.197986][ T8228] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 550.417241][ T23] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 552.277608][ T23] usb 4-1: not running at top speed; connect to a high speed hub [ 552.288612][ T8249] loop2: detected capacity change from 0 to 128 [ 552.368531][ T23] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 552.399045][ T23] usb 4-1: config 1 has no interface number 1 [ 552.405575][ T23] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 552.578224][ T8249] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,acl,,errors=continue. Quota mode: writeback. [ 552.621530][ T8257] loop1: detected capacity change from 0 to 512 [ 552.624067][ T8234] loop0: detected capacity change from 0 to 32768 [ 552.637399][ T8249] ext4 filesystem being mounted at /217/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 552.656023][ T8249] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.1027: No space for directory leaf checksum. Please run e2fsck -D. [ 552.672011][ T8249] EXT4-fs error (device loop2): __ext4_find_entry:1696: inode #2: comm syz.2.1027: checksumming directory block 0 [ 552.705837][ T8257] EXT4-fs (loop1): Ignoring removed nobh option [ 552.735238][ T8258] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.1027: No space for directory leaf checksum. Please run e2fsck -D. [ 552.751660][ T23] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 552.773452][ T8257] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.1029: iget: bad i_size value: 38620345925642 [ 552.789198][ T8258] EXT4-fs error (device loop2): __ext4_find_entry:1696: inode #2: comm syz.2.1027: checksumming directory block 0 [ 552.790816][ T8257] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.1029: couldn't read orphan inode 15 (err -117) [ 552.818228][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.836482][ T8257] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 552.900699][ T23] usb 4-1: Product: syz [ 552.905104][ T23] usb 4-1: Manufacturer: syz [ 552.949870][ T23] usb 4-1: SerialNumber: syz [ 554.581925][ T8253] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 556.021086][ T23] usb 4-1: 2:1 : no UAC_FORMAT_TYPE desc [ 556.802219][ T8283] loop2: detected capacity change from 0 to 512 [ 557.807638][ T23] usb 4-1: USB disconnect, device number 6 [ 557.864377][ T154] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 557.877368][ T154] EXT4-fs (loop1): This should not happen!! Data will be lost [ 557.877368][ T154] [ 557.887792][ T154] EXT4-fs (loop1): Total free blocks count 0 [ 557.895431][ T154] EXT4-fs (loop1): Free/Dirty block details [ 557.925921][ T8283] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 557.947971][ T154] EXT4-fs (loop1): free_blocks=0 [ 557.992214][ T154] EXT4-fs (loop1): dirty_blocks=3072 [ 558.045520][ T154] EXT4-fs (loop1): Block reservation details [ 558.067716][ T154] EXT4-fs (loop1): i_reserved_data_blocks=3072 [ 558.093334][ T6243] udevd[6243]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 558.253414][ T154] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 1020 with error 28 [ 558.308687][ T154] EXT4-fs (loop1): This should not happen!! Data will be lost [ 558.308687][ T154] [ 559.097879][ T8283] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6 [ 559.423511][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 560.267401][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 560.329952][ T8310] xt_bpf: check failed: parse error [ 560.931022][ T8314] loop2: detected capacity change from 0 to 40427 [ 560.987869][ T23] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 561.001962][ T8315] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1042'. [ 561.031866][ T8314] F2FS-fs (loop2): invalid crc value [ 561.064866][ T8314] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 561.110688][ T8314] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 561.122681][ T8314] F2FS-fs (loop2): Start checkpoint disabled! [ 561.162559][ T23] usb 2-1: can't read configurations, error -61 [ 561.174738][ T8314] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 561.477445][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 561.533560][ T8322] attempt to access beyond end of device [ 561.533560][ T8322] loop2: rw=2049, want=45224, limit=40427 [ 561.878700][ T5730] attempt to access beyond end of device [ 561.878700][ T5730] loop2: rw=2049, want=45232, limit=40427 [ 561.937459][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 562.127373][ T23] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 562.135936][ T23] usb 2-1: can't read configurations, error -71 [ 562.218483][ T23] usb usb2-port1: attempt power cycle [ 562.481884][ T8330] debugfs: File 'trace0' in directory 'loop2' already present! [ 563.242534][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.248984][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.465551][ T8336] netlink: set zone limit has 8 unknown bytes [ 564.877917][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 568.955074][ T8366] xt_bpf: check failed: parse error [ 569.192198][ T8365] loop0: detected capacity change from 0 to 2048 [ 569.377263][ T8368] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 569.538082][ T26] audit: type=1800 audit(1753800707.272:28): pid=8365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1056" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 570.294733][ T8382] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1059'. [ 570.315845][ T8381] loop0: detected capacity change from 0 to 2048 [ 570.498798][ T8381] NILFS (loop0): invalid segment: Inconsistency found [ 570.598912][ T8381] NILFS (loop0): trying rollback from an earlier position [ 570.754059][ T8381] NILFS (loop0): recovery complete [ 570.843851][ T8385] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 571.455887][ T8392] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1063'. [ 572.883630][ T8408] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 574.560632][ T8421] loop1: detected capacity change from 0 to 2048 [ 574.572677][ T8420] device syzkaller0 entered promiscuous mode [ 574.774210][ T8426] debugfs: File 'trace0' in directory 'loop6' already present! [ 575.629832][ T8421] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 575.675665][ T8428] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1072'. [ 576.011938][ T8434] loop4: detected capacity change from 0 to 1024 [ 576.166618][ T9] hfsplus: b-tree write err: -5, ino 4 [ 578.520049][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1077'. [ 580.518070][ T8464] loop0: detected capacity change from 0 to 128 [ 580.900104][ T8464] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 581.227681][ T8464] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 582.128338][ T8476] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1085'. [ 582.228387][ T8482] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1086'. [ 582.562401][ T8489] loop3: detected capacity change from 0 to 128 [ 582.696622][ T8489] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 582.774745][ T8489] ext4 filesystem being mounted at /235/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 585.693264][ T8500] loop1: detected capacity change from 0 to 2048 [ 586.026584][ T8519] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 586.445973][ T8500] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 589.402539][ T8537] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1100'. [ 589.756584][ T8542] loop0: detected capacity change from 0 to 128 [ 590.017556][ T8542] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 590.041961][ T8542] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 595.584005][ T8592] loop1: detected capacity change from 0 to 512 [ 596.613528][ T8592] EXT4-fs (loop1): orphan cleanup on readonly fs [ 596.621657][ T8592] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1115: bg 0: block 248: padding at end of block bitmap is not set [ 596.637221][ T8592] Quota error (device loop1): write_blk: dquota write failed [ 596.644684][ T8592] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 596.654671][ T8592] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.1115: Failed to acquire dquot type 1 [ 596.667851][ T8592] EXT4-fs (loop1): 1 truncate cleaned up [ 596.674902][ T8592] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 596.849752][ T8601] loop0: detected capacity change from 0 to 128 [ 597.080507][ T8601] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 597.306357][ T8601] ext4 filesystem being mounted at /199/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 600.494541][ T8607] netlink: set zone limit has 8 unknown bytes [ 601.920407][ T8622] loop1: detected capacity change from 0 to 128 [ 602.769503][ T8622] VFS: Found a Xenix FS (block size = 1024) on device loop1 [ 603.337192][ T4183] sysv_free_block: flc_count > flc_size [ 603.354356][ T4183] sysv_free_block: flc_count > flc_size [ 603.369833][ T4183] sysv_free_block: flc_count > flc_size [ 603.386684][ T4183] sysv_free_block: flc_count > flc_size [ 603.413298][ T4183] sysv_free_block: flc_count > flc_size [ 603.423877][ T8644] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 603.450228][ C0] vkms_vblank_simulate: vblank timer overrun [ 603.462332][ T4183] sysv_free_block: flc_count > flc_size [ 603.468636][ T4183] sysv_free_block: flc_count > flc_size [ 603.474445][ T4183] sysv_free_block: flc_count > flc_size [ 603.481036][ T4183] sysv_free_block: flc_count > flc_size [ 603.486857][ T4183] sysv_free_block: flc_count > flc_size [ 603.500426][ T4183] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 603.514924][ T8644] CIFS: Unable to determine destination address [ 604.884701][ T8658] loop0: detected capacity change from 0 to 16 [ 604.960691][ T8658] erofs: (device loop0): mounted with root inode @ nid 36. [ 605.001945][ T26] audit: type=1800 audit(1753800742.722:29): pid=8658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1130" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 605.557963][ T8661] netlink: set zone limit has 8 unknown bytes [ 606.422265][ T8676] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1136'. [ 610.092310][ T8695] xt_bpf: check failed: parse error [ 611.863154][ T8716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1146'. [ 614.293114][ T8742] xt_connbytes: Forcing CT accounting to be enabled [ 614.300276][ T8742] xt_bpf: check failed: parse error [ 615.611621][ T8749] loop0: detected capacity change from 0 to 1024 [ 615.704528][ T4314] hfsplus: b-tree write err: -5, ino 4 [ 618.514656][ T8773] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1159'. [ 618.648667][ T8779] debugfs: File 'dropped' in directory 'loop4' already present! [ 618.656504][ T8779] debugfs: File 'msg' in directory 'loop4' already present! [ 618.664580][ T8779] debugfs: File 'trace0' in directory 'loop4' already present! [ 619.705428][ T8791] xt_bpf: check failed: parse error [ 622.596625][ T8811] device syzkaller0 entered promiscuous mode [ 624.331478][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.331604][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.740193][ T8852] loop4: detected capacity change from 0 to 512 [ 627.901823][ T8852] EXT4-fs (loop4): orphan cleanup on readonly fs [ 627.914519][ T8852] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1181: bg 0: block 248: padding at end of block bitmap is not set [ 628.541232][ T8852] Quota error (device loop4): write_blk: dquota write failed [ 628.548938][ T8852] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 628.558986][ T8852] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.1181: Failed to acquire dquot type 1 [ 628.598231][ T8852] EXT4-fs (loop4): 1 truncate cleaned up [ 628.727576][ T8852] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 630.232918][ T8867] loop2: detected capacity change from 0 to 2048 [ 630.720288][ T8878] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 631.430828][ T8867] NILFS (loop2): invalid segment: Inconsistency found [ 631.568366][ T8867] NILFS (loop2): trying rollback from an earlier position [ 631.598812][ T8883] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1188'. [ 632.520689][ T8867] NILFS (loop2): recovery complete [ 632.996089][ T8887] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 633.288894][ T4427] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 633.332123][ T8893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1193'. [ 633.387305][ T8893] device bridge_slave_1 left promiscuous mode [ 633.474401][ T8893] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.710431][ T8893] device bridge_slave_0 left promiscuous mode [ 633.727349][ T8893] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.157579][ T8919] loop3: detected capacity change from 0 to 512 [ 636.237317][ T8919] EXT4-fs (loop3): Ignoring removed nobh option [ 636.288822][ T8919] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.1200: iget: bad i_size value: 38620345925642 [ 636.387766][ T8919] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.1200: couldn't read orphan inode 15 (err -117) [ 636.472529][ T8919] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 638.139797][ T154] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm kworker/u4:2: bg 0: block 5: invalid block bitmap [ 638.224210][ T154] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 638.356460][ T154] EXT4-fs (loop3): This should not happen!! Data will be lost [ 638.356460][ T154] [ 638.393258][ T154] EXT4-fs (loop3): Total free blocks count 0 [ 638.457225][ T154] EXT4-fs (loop3): Free/Dirty block details [ 638.463210][ T154] EXT4-fs (loop3): free_blocks=0 [ 638.566207][ T154] EXT4-fs (loop3): dirty_blocks=2480 [ 638.869317][ T154] EXT4-fs (loop3): Block reservation details [ 638.875590][ T154] EXT4-fs (loop3): i_reserved_data_blocks=2480 [ 639.013592][ T154] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 428 with error 28 [ 639.026715][ T8936] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1204'. [ 639.050575][ T154] EXT4-fs (loop3): This should not happen!! Data will be lost [ 639.050575][ T154] [ 639.058671][ T8938] loop0: detected capacity change from 0 to 2048 [ 639.214859][ T8938] NILFS (loop0): invalid segment: Inconsistency found [ 639.246849][ T8938] NILFS (loop0): trying rollback from an earlier position [ 639.320577][ T8938] NILFS (loop0): recovery complete [ 639.341235][ T8939] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 640.386293][ T8948] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1206'. [ 642.472399][ T8969] loop3: detected capacity change from 0 to 512 [ 643.360813][ T8974] xt_bpf: check failed: parse error [ 644.257734][ T8969] EXT4-fs (loop3): Ignoring removed nobh option [ 644.336467][ T8969] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.1213: iget: bad i_size value: 38620345925642 [ 644.357581][ T8985] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1216'. [ 644.465116][ T8969] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.1213: couldn't read orphan inode 15 (err -117) [ 644.539713][ T8969] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 645.762668][ T5730] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm kworker/u4:15: bg 0: block 5: invalid block bitmap [ 645.847514][ T5730] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1944 with error 28 [ 645.878986][ T8997] loop4: detected capacity change from 0 to 2048 [ 645.886543][ T5730] EXT4-fs (loop3): This should not happen!! Data will be lost [ 645.886543][ T5730] [ 645.954470][ T8998] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1219'. [ 646.686519][ T8997] NILFS (loop4): invalid segment: Inconsistency found [ 646.716495][ T5730] EXT4-fs (loop3): Total free blocks count 0 [ 646.731022][ T8997] NILFS (loop4): trying rollback from an earlier position [ 646.769679][ T5730] EXT4-fs (loop3): Free/Dirty block details [ 646.775639][ T5730] EXT4-fs (loop3): free_blocks=0 [ 646.829400][ T8997] NILFS (loop4): recovery complete [ 646.845026][ T5730] EXT4-fs (loop3): dirty_blocks=1944 [ 646.875115][ T9002] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 646.896136][ T5730] EXT4-fs (loop3): Block reservation details [ 647.437694][ T5730] EXT4-fs (loop3): i_reserved_data_blocks=1944 [ 647.937923][ T9009] overlayfs: missing 'lowerdir' [ 650.493187][ T9023] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 652.829196][ T9045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1232'. [ 654.850380][ T9061] overlayfs: missing 'lowerdir' [ 656.946621][ T9073] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 661.616179][ T9107] xt_connbytes: Forcing CT accounting to be enabled [ 661.622883][ T9107] xt_bpf: check failed: parse error [ 662.611746][ T9114] loop4: detected capacity change from 0 to 128 [ 662.730190][ T9119] overlayfs: missing 'lowerdir' [ 663.915592][ T9114] VFS: Found a Xenix FS (block size = 1024) on device loop4 [ 664.262668][ T4182] sysv_free_block: flc_count > flc_size [ 664.313569][ T4182] sysv_free_block: flc_count > flc_size [ 664.372053][ T4182] sysv_free_block: flc_count > flc_size [ 664.378530][ T4182] sysv_free_block: flc_count > flc_size [ 664.384256][ T4182] sysv_free_block: flc_count > flc_size [ 664.390731][ T4182] sysv_free_block: flc_count > flc_size [ 664.396481][ T4182] sysv_free_block: flc_count > flc_size [ 664.403365][ T4182] sysv_free_block: flc_count > flc_size [ 664.425909][ T4182] sysv_free_block: flc_count > flc_size [ 664.466340][ T4182] sysv_free_block: flc_count > flc_size [ 664.654213][ T4182] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 665.158384][ T9133] loop3: detected capacity change from 0 to 40427 [ 665.233074][ T9136] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1259'. [ 665.268716][ T9133] F2FS-fs (loop3): invalid crc value [ 665.344034][ T9133] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 665.391844][ T9133] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0 [ 665.399818][ T9133] F2FS-fs (loop3): Start checkpoint disabled! [ 665.446583][ T9133] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 666.100023][ T9143] attempt to access beyond end of device [ 666.100023][ T9143] loop3: rw=2049, want=45224, limit=40427 [ 666.666649][ T4314] attempt to access beyond end of device [ 666.666649][ T4314] loop3: rw=2049, want=45232, limit=40427 [ 667.523116][ T9150] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1264'. [ 669.243433][ T9157] xt_bpf: check failed: parse error [ 670.200410][ T9169] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1267'. [ 671.027040][ T9168] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1266'. [ 672.113956][ T9174] netlink: set zone limit has 8 unknown bytes [ 673.165126][ T9175] device bpq0 entered promiscuous mode [ 674.438854][ T9198] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1275'. [ 675.064135][ T9202] xt_bpf: check failed: parse error [ 675.314417][ T9206] loop4: detected capacity change from 0 to 128 [ 676.612153][ T9206] VFS: Found a Xenix FS (block size = 1024) on device loop4 [ 677.283080][ T9212] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1276'. [ 677.295772][ T4182] sysv_free_block: flc_count > flc_size [ 677.327362][ T4182] sysv_free_block: flc_count > flc_size [ 677.332991][ T4182] sysv_free_block: flc_count > flc_size [ 677.367700][ T4182] sysv_free_block: flc_count > flc_size [ 677.373339][ T4182] sysv_free_block: flc_count > flc_size [ 677.402692][ T4182] sysv_free_block: flc_count > flc_size [ 677.422782][ T4182] sysv_free_block: flc_count > flc_size [ 677.442880][ T4182] sysv_free_block: flc_count > flc_size [ 677.449581][ T4182] sysv_free_block: flc_count > flc_size [ 677.467232][ T4182] sysv_free_block: flc_count > flc_size [ 677.540907][ T4182] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 678.494943][ T9227] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1283'. [ 680.438255][ T9244] loop0: detected capacity change from 0 to 512 [ 681.430722][ T9244] EXT4-fs (loop0): Ignoring removed nobh option [ 681.563113][ T9258] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1291'. [ 681.708983][ T9244] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.1287: iget: bad i_size value: 38620345925642 [ 681.722792][ T9244] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.1287: couldn't read orphan inode 15 (err -117) [ 681.735768][ T9244] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 682.409859][ T4314] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm kworker/u4:7: bg 0: block 5: invalid block bitmap [ 682.619246][ T9272] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1292'. [ 684.156359][ T9274] loop1: detected capacity change from 0 to 2048 [ 684.203819][ T9274] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 684.281480][ T4314] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 684.311935][ T4314] EXT4-fs (loop0): This should not happen!! Data will be lost [ 684.311935][ T4314] [ 684.477825][ T4314] EXT4-fs (loop0): Total free blocks count 0 [ 684.508588][ T4314] EXT4-fs (loop0): Free/Dirty block details [ 684.535891][ T4314] EXT4-fs (loop0): free_blocks=0 [ 684.541426][ T4314] EXT4-fs (loop0): dirty_blocks=7564 [ 684.551613][ T4314] EXT4-fs (loop0): Block reservation details [ 684.988110][ T4314] EXT4-fs (loop0): i_reserved_data_blocks=7564 [ 686.077888][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.084254][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.281490][ T4314] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28 [ 686.301570][ T4314] EXT4-fs (loop0): This should not happen!! Data will be lost [ 686.301570][ T4314] [ 688.039030][ T9321] loop4: detected capacity change from 0 to 128 [ 688.846861][ T9321] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 688.872230][ T9321] ext4 filesystem being mounted at /249/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 689.101820][ T9331] loop0: detected capacity change from 0 to 2048 [ 689.467152][ T9331] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 691.307563][ C1] ================================================================== [ 691.316107][ C1] BUG: KASAN: use-after-free in rose_timer_expiry+0x470/0x490 [ 691.323583][ C1] Read of size 2 at addr ffff8880223d002a by task syz.0.1312/9339 [ 691.331384][ C1] [ 691.333714][ C1] CPU: 1 PID: 9339 Comm: syz.0.1312 Not tainted 5.15.189-syzkaller #0 [ 691.341947][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 691.352007][ C1] Call Trace: [ 691.355285][ C1] [ 691.358128][ C1] dump_stack_lvl+0x168/0x230 [ 691.362829][ C1] ? show_regs_print_info+0x20/0x20 [ 691.368023][ C1] ? _printk+0xcc/0x110 [ 691.372175][ C1] ? rose_timer_expiry+0x470/0x490 [ 691.377288][ C1] ? load_image+0x3b0/0x3b0 [ 691.381789][ C1] print_address_description+0x60/0x2d0 [ 691.387333][ C1] ? rose_timer_expiry+0x470/0x490 [ 691.392443][ C1] kasan_report+0xdf/0x130 [ 691.396859][ C1] ? rose_timer_expiry+0x470/0x490 [ 691.401967][ C1] rose_timer_expiry+0x470/0x490 [ 691.406899][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 691.411927][ C1] call_timer_fn+0x16c/0x530 [ 691.416518][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 691.421537][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 691.427515][ C1] ? __run_timers+0x7c0/0x7c0 [ 691.432194][ C1] ? rcu_is_watching+0x11/0xa0 [ 691.436951][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 691.442236][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 691.447429][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 691.452465][ C1] __run_timers+0x525/0x7c0 [ 691.456972][ C1] ? detach_timer+0x2b0/0x2b0 [ 691.461642][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 691.467630][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 691.472480][ C1] ? ktime_get_real_ts64+0x420/0x420 [ 691.477765][ C1] run_timer_softirq+0x63/0xf0 [ 691.482528][ C1] handle_softirqs+0x328/0x820 [ 691.487288][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 691.492134][ C1] ? do_softirq+0x200/0x200 [ 691.496639][ C1] __irq_exit_rcu+0x12f/0x220 [ 691.501314][ C1] ? irq_exit_rcu+0x20/0x20 [ 691.505824][ C1] irq_exit_rcu+0x5/0x20 [ 691.510063][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 691.515715][ C1] [ 691.518653][ C1] [ 691.521589][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 691.527588][ C1] RIP: 0010:debug_check_no_obj_freed+0x131/0x530 [ 691.533927][ C1] Code: 48 b9 eb 83 b5 80 46 86 c8 61 48 0f af c1 48 c1 e8 2f 83 e0 f8 48 8d 9c c0 80 76 26 96 48 8d bc c0 88 76 26 96 48 89 7c 24 10 aa c7 d2 05 48 89 44 24 08 48 89 d8 48 c1 e8 03 48 ba 00 00 00 [ 691.553713][ C1] RSP: 0018:ffffc900031bfa20 EFLAGS: 00000202 [ 691.559792][ C1] RAX: 000000000001de80 RBX: ffffffff96374900 RCX: 61c8864680b583eb [ 691.567765][ C1] RDX: dffffc0000000000 RSI: ffffffff8a0b15c0 RDI: ffffffff96374908 [ 691.575741][ C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ff6e1f [ 691.583712][ C1] R10: fffffbfff1ff6e1f R11: 1ffffffff1ff6e1e R12: ffffc900156d0000 [ 691.591681][ C1] R13: ffffc900152d0000 R14: ffffc900153d8000 R15: 00000000000002f8 [ 691.599678][ C1] __vunmap+0x27e/0xa40 [ 691.603840][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 691.609729][ C1] ? _raw_spin_unlock+0x40/0x40 [ 691.614586][ C1] kcov_mmap+0x89/0x120 [ 691.618738][ C1] mmap_file+0x5d/0xb0 [ 691.622804][ C1] mmap_region+0xd0d/0x15e0 [ 691.627311][ C1] ? security_mmap_addr+0x6e/0x90 [ 691.632340][ C1] do_mmap+0x77a/0xdf0 [ 691.636410][ C1] vm_mmap_pgoff+0x1b2/0x2b0 [ 691.641002][ C1] ? account_locked_vm+0xe0/0xe0 [ 691.645934][ C1] ? __fget_files+0x40f/0x480 [ 691.650609][ C1] ksys_mmap_pgoff+0x542/0x780 [ 691.655372][ C1] ? mmap_region+0x15e0/0x15e0 [ 691.660137][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 691.665344][ C1] do_syscall_64+0x4c/0xa0 [ 691.669763][ C1] ? clear_bhb_loop+0x30/0x80 [ 691.674447][ C1] ? clear_bhb_loop+0x30/0x80 [ 691.679211][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 691.685103][ C1] RIP: 0033:0x7fae4670f9e3 [ 691.689516][ C1] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 691.709117][ C1] RSP: 002b:00007ffed4893388 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 691.717533][ C1] RAX: ffffffffffffffda RBX: 00007fae469372d8 RCX: 00007fae4670f9e3 [ 691.725500][ C1] RDX: 0000000000000003 RSI: 0000000000400000 RDI: 00007fae44114000 [ 691.733466][ C1] RBP: 00007fae46937240 R08: 00000000000000db R09: 0000000000000000 [ 691.741440][ C1] R10: 0000000000000011 R11: 0000000000000246 R12: 00007fae46936fa0 [ 691.749406][ C1] R13: 00007fae46937240 R14: 0000000000001a5e R15: 0000000000000002 [ 691.757477][ C1] [ 691.760489][ C1] [ 691.762803][ C1] Allocated by task 7137: [ 691.767131][ C1] __kasan_kmalloc+0xb5/0xf0 [ 691.771725][ C1] rose_add_node+0x227/0xdb0 [ 691.776309][ C1] rose_rt_ioctl+0x9db/0xe20 [ 691.780891][ C1] rose_ioctl+0x27a/0x790 [ 691.785214][ C1] sock_do_ioctl+0xd3/0x2f0 [ 691.789706][ C1] sock_ioctl+0x4ed/0x6e0 [ 691.794040][ C1] __se_sys_ioctl+0xfa/0x170 [ 691.798628][ C1] do_syscall_64+0x4c/0xa0 [ 691.803045][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 691.808940][ C1] [ 691.811257][ C1] Freed by task 9175: [ 691.815231][ C1] kasan_set_track+0x4b/0x70 [ 691.819819][ C1] kasan_set_free_info+0x1f/0x40 [ 691.824751][ C1] ____kasan_slab_free+0xd5/0x110 [ 691.829770][ C1] slab_free_freelist_hook+0xea/0x170 [ 691.835135][ C1] kfree+0xef/0x2a0 [ 691.838936][ C1] rose_rt_device_down+0x4e2/0x530 [ 691.844041][ C1] rose_device_event+0x5ec/0x680 [ 691.848973][ C1] raw_notifier_call_chain+0xcb/0x160 [ 691.854342][ C1] __dev_notify_flags+0x178/0x2d0 [ 691.859359][ C1] dev_change_flags+0xe3/0x1a0 [ 691.864125][ C1] dev_ifsioc+0x147/0xe70 [ 691.868456][ C1] dev_ioctl+0x55f/0xe50 [ 691.872690][ C1] sock_do_ioctl+0x222/0x2f0 [ 691.877272][ C1] sock_ioctl+0x4ed/0x6e0 [ 691.881598][ C1] __se_sys_ioctl+0xfa/0x170 [ 691.886182][ C1] do_syscall_64+0x4c/0xa0 [ 691.890603][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 691.896576][ C1] [ 691.898892][ C1] The buggy address belongs to the object at ffff8880223d0000 [ 691.898892][ C1] which belongs to the cache kmalloc-512 of size 512 [ 691.912934][ C1] The buggy address is located 42 bytes inside of [ 691.912934][ C1] 512-byte region [ffff8880223d0000, ffff8880223d0200) [ 691.926117][ C1] The buggy address belongs to the page: [ 691.931740][ C1] page:ffffea000088f400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x223d0 [ 691.941984][ C1] head:ffffea000088f400 order:2 compound_mapcount:0 compound_pincount:0 [ 691.950402][ C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 691.958393][ C1] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016841c80 [ 691.966976][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 691.975545][ C1] page dumped because: kasan: bad access detected [ 691.981954][ C1] page_owner tracks the page as allocated [ 691.987659][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4182, ts 66408426728, free_ts 63892790373 [ 692.007710][ C1] get_page_from_freelist+0x1b77/0x1c60 [ 692.013267][ C1] __alloc_pages+0x1e1/0x470 [ 692.017863][ C1] new_slab+0xc0/0x4b0 [ 692.021924][ C1] ___slab_alloc+0x81e/0xdf0 [ 692.026504][ C1] __kmalloc_node_track_caller+0x1fc/0x3a0 [ 692.032306][ C1] pskb_expand_head+0x127/0x10f0 [ 692.037237][ C1] netlink_trim+0x180/0x220 [ 692.041732][ C1] netlink_broadcast_filtered+0x7c/0x1170 [ 692.047445][ C1] nlmsg_notify+0xec/0x1a0 [ 692.051860][ C1] fib_table_insert+0x987/0x1b20 [ 692.056875][ C1] fib_magic+0x2c1/0x390 [ 692.061107][ C1] fib_add_ifaddr+0x389/0x5e0 [ 692.065784][ C1] fib_netdev_event+0x35c/0x480 [ 692.070625][ C1] raw_notifier_call_chain+0xcb/0x160 [ 692.075988][ C1] __dev_notify_flags+0x178/0x2d0 [ 692.081150][ C1] dev_change_flags+0xe3/0x1a0 [ 692.085926][ C1] page last free stack trace: [ 692.090596][ C1] free_unref_page_prepare+0x637/0x6c0 [ 692.096062][ C1] free_unref_page+0x94/0x280 [ 692.100744][ C1] __vunmap+0x8ab/0xa40 [ 692.104897][ C1] kcov_close+0x27/0x50 [ 692.109049][ C1] __fput+0x234/0x930 [ 692.113029][ C1] task_work_run+0x125/0x1a0 [ 692.117616][ C1] exit_to_user_mode_loop+0x10f/0x130 [ 692.122984][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 692.128738][ C1] syscall_exit_to_user_mode+0x16/0x40 [ 692.134204][ C1] do_syscall_64+0x58/0xa0 [ 692.138630][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 692.144530][ C1] [ 692.146851][ C1] Memory state around the buggy address: [ 692.152480][ C1] ffff8880223cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 692.160537][ C1] ffff8880223cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 692.168638][ C1] >ffff8880223d0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 692.176719][ C1] ^ [ 692.182091][ C1] ffff8880223d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 692.190162][ C1] ffff8880223d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 692.198245][ C1] ================================================================== [ 692.206366][ C1] Disabling lock debugging due to kernel taint [ 692.212614][ C1] vkms_vblank_simulate: vblank timer overrun [ 692.218687][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 692.225879][ C1] CPU: 1 PID: 9339 Comm: syz.0.1312 Tainted: G B 5.15.189-syzkaller #0 [ 692.235436][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 692.245499][ C1] Call Trace: [ 692.248791][ C1] [ 692.251643][ C1] dump_stack_lvl+0x168/0x230 [ 692.256314][ C1] ? show_regs_print_info+0x20/0x20 [ 692.261508][ C1] ? load_image+0x3b0/0x3b0 [ 692.266006][ C1] panic+0x2c9/0x7f0 [ 692.269893][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 692.274394][ C1] ? _raw_spin_unlock_irqrestore+0xa5/0x100 [ 692.280286][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 692.286185][ C1] ? _raw_spin_unlock+0x40/0x40 [ 692.291057][ C1] ? print_memory_metadata+0x314/0x400 [ 692.296517][ C1] ? rose_timer_expiry+0x470/0x490 [ 692.301621][ C1] check_panic_on_warn+0x80/0xa0 [ 692.306554][ C1] ? rose_timer_expiry+0x470/0x490 [ 692.311662][ C1] end_report+0x6d/0xf0 [ 692.315814][ C1] kasan_report+0x102/0x130 [ 692.320319][ C1] ? rose_timer_expiry+0x470/0x490 [ 692.325428][ C1] rose_timer_expiry+0x470/0x490 [ 692.330361][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 692.335388][ C1] call_timer_fn+0x16c/0x530 [ 692.340090][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 692.345123][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 692.351219][ C1] ? __run_timers+0x7c0/0x7c0 [ 692.355909][ C1] ? rcu_is_watching+0x11/0xa0 [ 692.360677][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 692.365876][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 692.371072][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 692.376095][ C1] __run_timers+0x525/0x7c0 [ 692.380600][ C1] ? detach_timer+0x2b0/0x2b0 [ 692.385280][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 692.391274][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 692.396126][ C1] ? ktime_get_real_ts64+0x420/0x420 [ 692.401414][ C1] run_timer_softirq+0x63/0xf0 [ 692.406177][ C1] handle_softirqs+0x328/0x820 [ 692.410935][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 692.415784][ C1] ? do_softirq+0x200/0x200 [ 692.420296][ C1] __irq_exit_rcu+0x12f/0x220 [ 692.425051][ C1] ? irq_exit_rcu+0x20/0x20 [ 692.429824][ C1] irq_exit_rcu+0x5/0x20 [ 692.434059][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 692.439714][ C1] [ 692.442642][ C1] [ 692.445565][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 692.451540][ C1] RIP: 0010:debug_check_no_obj_freed+0x131/0x530 [ 692.457866][ C1] Code: 48 b9 eb 83 b5 80 46 86 c8 61 48 0f af c1 48 c1 e8 2f 83 e0 f8 48 8d 9c c0 80 76 26 96 48 8d bc c0 88 76 26 96 48 89 7c 24 10 aa c7 d2 05 48 89 44 24 08 48 89 d8 48 c1 e8 03 48 ba 00 00 00 [ 692.477554][ C1] RSP: 0018:ffffc900031bfa20 EFLAGS: 00000202 [ 692.483621][ C1] RAX: 000000000001de80 RBX: ffffffff96374900 RCX: 61c8864680b583eb [ 692.492205][ C1] RDX: dffffc0000000000 RSI: ffffffff8a0b15c0 RDI: ffffffff96374908 [ 692.500169][ C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ff6e1f [ 692.508136][ C1] R10: fffffbfff1ff6e1f R11: 1ffffffff1ff6e1e R12: ffffc900156d0000 [ 692.516100][ C1] R13: ffffc900152d0000 R14: ffffc900153d8000 R15: 00000000000002f8 [ 692.524077][ C1] __vunmap+0x27e/0xa40 [ 692.528234][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 692.534132][ C1] ? _raw_spin_unlock+0x40/0x40 [ 692.538978][ C1] kcov_mmap+0x89/0x120 [ 692.543128][ C1] mmap_file+0x5d/0xb0 [ 692.547190][ C1] mmap_region+0xd0d/0x15e0 [ 692.551688][ C1] ? security_mmap_addr+0x6e/0x90 [ 692.556709][ C1] do_mmap+0x77a/0xdf0 [ 692.560771][ C1] vm_mmap_pgoff+0x1b2/0x2b0 [ 692.565360][ C1] ? account_locked_vm+0xe0/0xe0 [ 692.570293][ C1] ? __fget_files+0x40f/0x480 [ 692.574967][ C1] ksys_mmap_pgoff+0x542/0x780 [ 692.579727][ C1] ? mmap_region+0x15e0/0x15e0 [ 692.584485][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 692.589677][ C1] do_syscall_64+0x4c/0xa0 [ 692.594085][ C1] ? clear_bhb_loop+0x30/0x80 [ 692.598757][ C1] ? clear_bhb_loop+0x30/0x80 [ 692.603424][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 692.609310][ C1] RIP: 0033:0x7fae4670f9e3 [ 692.613720][ C1] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 692.633336][ C1] RSP: 002b:00007ffed4893388 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 692.641757][ C1] RAX: ffffffffffffffda RBX: 00007fae469372d8 RCX: 00007fae4670f9e3 [ 692.649720][ C1] RDX: 0000000000000003 RSI: 0000000000400000 RDI: 00007fae44114000 [ 692.657688][ C1] RBP: 00007fae46937240 R08: 00000000000000db R09: 0000000000000000 [ 692.665656][ C1] R10: 0000000000000011 R11: 0000000000000246 R12: 00007fae46936fa0 [ 692.673791][ C1] R13: 00007fae46937240 R14: 0000000000001a5e R15: 0000000000000002 [ 692.681757][ C1] [ 692.685088][ C1] Kernel Offset: disabled [ 692.689426][ C1] Rebooting in 86400 seconds..