last executing test programs: 7.042811818s ago: executing program 2 (id=1277): openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$usbmon(&(0x7f0000000000), 0xfffffffffffffffc, 0x101000) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0xe, &(0x7f0000000140)={[{@test_dummy_encryption, 0x3d}, {@test_dummy_encryption}, {@noauto_da_alloc}, {@minixdf}, {@errors_remount}, {@quota}]}, 0x3, 0x44f, &(0x7f0000000380)="$eJzs3MtvG8UfAPDvrpP0+fvFlPLoAwgURMQjadICPXABgcQBJCQ4lGNI0qrUbVATJFpVEBAKR1SJO+KIxF/ACS4IOCFxhTuqVKFcWjgZrb2bOI6dxGkS0/rzkbad2Z31zNezY8/u1A2gZw1lfyQR+yPi94gYrGdXFhiq/3Vr8erk34tXd0dE9a2/klq5m4tXJ4uixXn78sxwGpF+lsSRFvXOXr5yfqJSmb6U50fnLrw/Onv5yrPnLkycnT47fXH81KmTJ8ZeeH78uVXnLgx2Hmd2ys3DH80cPfTaO9femDx97d2fv02K+JviaK3caZVDax18olrt9PX+0/7XkE76utgQOlKKiKy7+mvjfzBKsdx5g/Hqp11tHLCtqrk2h+erwF0siW63AOiO4os+u/8ttp2bfXTfjZfqN0BZ3LfyrX6kL9K8TH/T/e1WGoqI0/P/fJVtsaHnEAAAt+f7bP7zTKv5Xxr3N5T7f76GUo6IeyLiQETcGxEHI+K+iFrZByLiwQ7rb14kWT3/Sa9vKrANyuZ/L+ZrWyvnf2nM1xPlUi1XnwOWoz85c64yfTx/T4ajf1eWH1ujjh9e+e2Ldsca53/ZltVfzAXzdlzv27XynKmJuYnbi3rZjU8iDve1ij9ZWglIIuJQRBzeZB3nnvrmaLtjQzG/Tvxr2IJ1purXEU/W+38+muIvJGuvT47ujsr08dHiqljtl18X3mxX//r9v72y/t/b8vpfir+cNK7XznZex8Ifn7e9p9ns9T+QvF1LD+T7PpyYm7s0FjGQvF5vdOP+8eVzi3xRPot/+Fjr8X8glt+JIxGRXcQPRcTDEfFI3vZHI+KxiDi2Rvw/vfz4e5uPf3tl8U911P/LiYFo3tM6UTr/43crKi13En/W/ydrqeF8z0Y+/zbSrs1dzQAAAHDnSSNifyTpyFI6TUdG6v+G/2DsTSszs3NPn5n54OJU/TcC5ehPiyddgw3PQ8eWbuvr+fE8Xxw/kT83/rK0p5YfmZypTHU7eOhx+9qM/8yfpZan7NrZFgLbyu+1oHcZ/9C7jH/oXcY/9K4W439PN9oB7LxW3/8fd6EdwM5rGv+tl/2Au5L7f+hdxj/0LuMfetLsnlj/R/ISd2YiYitep/iPIJoORdr9ACW2L9HlDyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAt8m8AAAD//1/B5qU=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000240)='vnet_skip_tx_trigger\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x80, 0x0, 0x0, 0x0, @multicast}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.current\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f00000002c0)) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102379, 0x18feb}], 0x1, 0x0, 0x60) r7 = socket$packet(0x11, 0x3, 0x300) r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') dup2(r8, r7) setns(r7, 0x0) 5.230688701s ago: executing program 3 (id=1286): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, 0x0, &(0x7f00000002c0)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) close_range(0xffffffffffffffff, r5, 0x0) syz_clone(0x40a68180, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_usbip_server_init(0x5) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8}, @NFTA_XFRM_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) write$usbip_server(r7, &(0x7f0000000000)=@ret_unlink, 0x30) 3.796524182s ago: executing program 4 (id=1287): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r0, r1, 0x4}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8}, 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r0, r3, 0x26, 0x0, 0x0, @prog_id}, 0x20) r4 = socket(0x1, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r2, &(0x7f0000000240), &(0x7f00000000c0)=@tcp=r4}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r4}, 0x20) 2.226696472s ago: executing program 3 (id=1288): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x4, 0x0, 0x20001100) 1.932025881s ago: executing program 2 (id=1289): r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000040)="0a02000019002551075c0165ff0ffc02800d00030004000500e1000cee020f001a000000", 0x33a) 1.762586633s ago: executing program 3 (id=1292): madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x10) r0 = socket(0x10, 0x803, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000040000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@getchain={0x24, 0x24, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0x0, 0xfff1}}}, 0x24}}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_trace', 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x28) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r4 = syz_pidfd_open(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0xb, 0x0, 0x0) ioctl$BTRFS_IOC_ADD_DEV(r4, 0x5501, &(0x7f00000000c0)={{}, "c4005a51cf48a456fe399e96793568de827d6e3af15928143f77a2c2bf19506fac2c94a8808e7365569e94b6012f452ddbdb4acaadf3199a4fa57eab4549a87e05bb9a155f3d08704dc753cff79d5128dc113e58ecd5a19e0bc7bef139e74acaed4f126be4cc57e22d44a734c7f2c44b2b2dc3ecfb59318827549e5b2679b3cc4f9e5df2bc30b674fb5f8e181e7dab6cc37989c9911a3d5b32ac444ebf78c76d68c313ed1bcaa4bfcdddc200878c72704b48f4cda8c86a41c703694c1e57aaf73751f45d5ed54010c14c30ea8ca2f620ab57b6ad6bdf3263aeab2de44576b10a1040c6cc84fcf2cb5037e025b227baf26e0c5bda231531365c778ef42bc49fd603b98b7b5173f2f1669834e8cd5167092f5d56e6c2623165710ec863179f143dba38551641ea77676773f3a18e97ada500fe448f172e6e714e16079d8233626d4c5c08c9117c5872c5d815ae0d481c25f2cfd2c76c6723e5ee78d5941b7d49e3d123294dd4c04c2691c5d086393047e3fd027daebf2114d1e9da89a36a49f7a411638060e87593ed8e45fb4292ff888e2eb7b776c9428623a34454eb2f11a47b43707e4b161faa8b8dc0d9cb2a0ac253ab41d0172190749ae06af564cabff5a0ba5df004c44138b49d2e17944f6588839fdedcf6ddef583df85490fa3a956e416e02943d56f734c3d3aa8b4898544e8f417c79bb5532b4ab2393c6723488c627a285686a0dac4cd6df370ab806b80f251256cfc058f8c2c2b46dca533048a18315caca12ad5915f077285ffbe1a4b5f46f2af4e45695348200e1f5a57a698acae6b4f6124fc076af5f40c3461e91b2639a84be51abe62d27cde1642731d31ae1264d20a21011bd221f8d0e4fc9835ccb61405e1ba6fcd48b9d3487909f89a0f40f91abfd3d33876b707d908bd2b076d37f5b2e2d530210e3930cf0418c3a7d8d4ac8cd16b4d2b2d4ebf6134c88813a808d82c86a20b7beb6534bb112b374d5b0a2beacb4e37872a2df879ebd568f0b20ce7d4aeb5ef6c960093b8a3d0e0332d821fdd099269364539d876caf78e60232baf7cc26589453666f17f94ac05fc2b752546a9586f9f18288e5944effa6f912709652113377ee14d949842910b0af467706b42d969908840fe55857f526694cdacb7735f2e0bdc49ca50ca57193aec63535f679e1486185bae007a7cd345bf8d7428e1a2881f6d327ee34ef0bbd67b51d25000fc59ed894c001ca327898dc4a3e7c33e20542772f31e7f125eedec11604b6569f051e643bff91d616284d2ea0f25320c22caba4d681781a13bf341dc22f882540aaab75d5bba9bbfe8aa960705d1d903a7ed8b7a14cc18b2ec9d1640ba3b6cf9c2a6cde4f7b23d1eb42fa57d2b2206c6cd6f84a5b7d682a09064e341c844edd3361f2e457a5057e1c3d97916190d9749adbadb70797f1729cc01c6146a23942e245021fe02748e2235582b36df8236c8b25fa94d1ed7e495f0df447b36f609b17526b2c8c43f1ded38f99344f2553fd911deed701d89fdf92ed6368d74f6f09ce2d26a3916f28eda4fac022f043aff14bab96f3841980533b2f935cfe7e40ad9cc77557d50a32a73aa71ae37a0cece6580887608d028b55fa7a1a1cf214098fe13c1a32ee5890e3d2c9a4d23041f89bac353aa1641df4375080b2181555e9667082a35b041645be39a47298b747eed9d127d8d342b620d0ecd2a48a86bd7dbfa04b3cfad62f5b1055b2259dc64b02d27599fff87c8303b47174e3ee66645d1eaaa05d63bad90ef4fdb97d21b478b37c313571d5776495460b57ba25dc2a5def286c8e81a3fdaa3dfb1dfb9deec86aa3629a03b9722bd95a96972a32552ba5d74f03989c73598b3ba0ef19151631ba4cf90d1bcc35c7cd2fecd6c271564df5ed232581417488454f5878f09523ce1b966162808d13a86872ad04bc777544ae4477459d197c6aaecf52e229a6cc94d151e014b589311f8e5bb7eb57605a80c11a7df2110b70735ae34a21e467f7bd8c3f81c1f9dfcf9464365566786b086637717df597c05b45249b04faa2269ca5a3fca2f1797682f24a34c9f70c27b6dd47fe9f6f006c934481524985afeec903f160c4e2c36c2bbe2081ff33733ca17ca2a2d794fd3af80d5a1adcbfa384e1ba851f4a554433e532f321b332d640513c9df326ddaa4691201f94d1b4b82b82f9bb986e00242fce6588d906cd820640a59707cecf78533496fdc49d90effde5769812ae474ef31adb849542ef23359a640eeeadecf273713a46e96c836823012fc190c8d1dd88d965fbe11074da36375c11fedc648160b55b8b8bc830b72a6f98b1396a72d96f06fab40ddd4729dc162d30e8a34c4041cc22fd62eb501fa685ae7d53376cca12e40f53edd0ae8abbb666c75a6ca8658b4ef8810931158868afb757831d14e81cdadc995fcb98e2da29300480ca03494f81b59985dbe3da8634a3c4a00626d08d6f1f997ccd63a1a103d292d29cdf15b2c4bca2f34ba406a47d9a184ed712356257ec45aa9a8ed8b8daca20f6a2edb1494a2af100000000000000006f1bfeb0edfdb1f10b66753f3fe900b95be3aafbfb5e2976de8b2c6b485243770da0cdc8f4d7384b6f39817f5661429442b20cab08cc28cf814ebf10d7ad4de140241ec169d70781524127a9454e5f1ee9fd5652818683a2f7ff0b11c8fea2ff7398e01df48c8eb62123f2630d561470003d020f4cc8923654fcf65d400ed0792af6bf1876099951e938adc275f47b9ba178b8ae3e9b295fab66c144ad8ad2fd29bced367833b76b2f0ded8dfead5dfccfc9ba2d658688abeb41f53eaf6efa82e5947f8d7a6e1010517032443507f5bd419317324000ca02e49db1cb985f8f11149496bfe54629f3f759c3100e0ab50c95446fd390a87b884930763ac810bdcdaee81b64343b955eba24d34d816bcf3eb5df1b6b44317e033a9015640942da607e3ea61727b97eab7511ff680dc5f4e54fa19e07c0023152272edc066010e661de98f73f913bc04983b325ff62134b41081dce65528af69b5206f9522b3e09f78dea218621e60f5ca9c58212526d96aace431133528b8a5354b213ef4883ef271e488bf629284c277843202bf7a41dbe2616e8338ab14f83bd6da1d1c4a4b50b6372564187a497036f2040f77c099bd0d98d3e4eebd4bf433360c518fc965e966642a22a335f3a9688336bd254dc9fe32632d4c1599c6b72fca290d9cae38548f4ad5d2a165053b7d392276d81ff26e97ebcfa210eddc832240de22bbfc6623929aa2d8bad6c41db54e2125063f9153e98b2316ae5e9d51a3a9efe5a81242f7045dbafa8db63cafad19e32b767dcd5adfd5e5459dce45c71f61a18a3e6a7de43bd61d6015fac48dcecb60795e02b30dc04cc4a408abc2dee10a97fb387a229ba5c07cebc63037c0102c846393b2bf865db38e51ce44b5cede8d530cb6496e5a34b9b0b060b8bd6f98cd53169518a1732d92af494c351f8ce753754f7d944865de345d8520a9232a1c5e516e61f23c39e09bac5d7c70a478e0b7a3208f61f090f69b9ab33da7a8ae16626c3d26f11065fd46851eff2c5968f937e90abe02555cad9e54b4bcaf3ee55aba96406cd457e27c1ad5b9cc640afff1d94d7d5f854fd50a66bf37355c548f840129ae0d81dc23202e4d7921236172d1c4920c1bf5e7bfad21740acd8f5fa278b6de2336276e271045d0ef0a9a566ae988269cb16f7eee941941d3a9f05d754cbb92a27ad9cb374872c3566a9db35920d63f0cfa69ef8dfc41f307f7c1f1ae712e3f6001e57e1de99777212ede107b692182c507b168c77a3824f0cd663f6d2ffe73e3d90587b3444e9a3cb093ddefd2869db927938ecf6cbd16a85d0849b7c829a37b70b24868e7ab1aa2adc012d85a8bf374225281b50882a40e6bed667f0538d8c85768cc9d8537bedfebe64cddf937a150c565e3824a75f5e7a173fed0ed3b3aa8750fde47ce1c219d5fc1977abc24c7a28aa8251e29a17eee3405d4c1f1f5e8b53df9425d6dde4b9de4715097c58062a977637b42974a40f0bf24dcca060871b759e5f42a12da7d89a494468f6c91c47ac17e7bfd61e62872541fd5d3941c0f0ebca3de06ca63cb52b186737fc61ade4eaed0fd5dd1eb4b8e2d2ebb689741fb354c8bbdc9092f68a156952395585113d78254ec826ba49204d76b8dcd854c4cf942c50c38ad5f8db2bf032d5eced178b25e56f9b39961aea03785119cab42fffbbbeaa15f0c21511f441fd72ab25014dbe5a35dfe295486e0d2e5803304deff8736e1d8df7886e4725321bc450c68459f01b5b3014735e81f989945e59b4c5e367976e90124e9cf422cc0f0d624627ab83ccd65ac7c1b91424672ebb3d91d932994c6e215a9d60efb6ed87eb579951668273e9a38f9089179459d2f670a21bd999a97c968891c59402d188dc601ef033fb9af3291b8778f2a38d379913a02d2215f2960f80847afe4d65f1fc7bcd1995e83fc88d87d799af0bf16060780efc8dbd08b041d8c2f646ca18ea18d3d295e172b344b6aea8d2a2620b6379c5c368459fee07bfcc83c83acaf3dc67755bbe8fe58b1a39051ef2327b30c886a0a5183e38c199e32365cb8194deade3262ea5ffa559b789da10f2948e135ce5858e1b016c153b14795a085b5bef350f95487a3f748afa943179d87a1e8828edc33804c2ea49979074fe162a8a36689286c390585d9f83645be3b921c4a6678b8ffd7edfb7a85265d5796ce4f12595b364fcc81b58c267beaa85dd47ad8c55783fe526d6dd0e3cc1f70a7e88d6f826b18aeab8282ff8e2a13ee8f03fab41be97af13c87883f87e6f0bdda04deebc05e35b601a55cc984478a997725d3faab2101cd9596c757c659e6b6c9178f620fbdcb87e399404f4bcd9b57dd1013818e58a785bed0a7fd1f5e5e355816ceba6745a42e10a145c87aedede2e0bed7bc75015a8354ba95a226c87df41d41e4ae368c4e84e8a032c48977601d71eae547f95375746e1f9c86135481bd09a08fee04db26b96cc9327bbde61cec27a56d114cc0e6459170e6cc44d846a2a55046b505e14dbdac32aa759e5d0268fe819a3dc503247b6c24c1607b4742671f5ad63c21812b1904b3c39ec8734fb1ee77a124a29c50154f53c89754f5e4719cc0279c851a63fc33e16f2393e5134568b78126b5680664fcd1fbf9d88f4efdadc120bbb4f21ddd7bf4c445a534631c5f2c4b51d7842743493b4a13bb99f160987284bc7960aaa6d40dbe05e20f42ff48425d1c8166b7fd457d33d808b456b7b11d3d3c1f445a9698ee8a473fb116c5c4824fa224088fa6f031f07f2972e62592d59536dc4cbe3c1cb33e922b0f35f79f1df10ab43e1d3e5dc480bdd8a7039f71ee9c73f976809ec2853ad0c18e4f0ee73fd1361591375d3db6c822e7baae597fc454aae7b426922e9fd9a87fe52a25d5cd03434d7ffb9f319fbeb403c0836f2117cf851bf7660ecb567a6cd918e85190683c1c0a79da1cd92b8527400008f047a436a4859be0e7b9469c6830a81d81f93ea8ba1b614de4386296089c9b34f4b8116ae7afedd43f6a82abf4302e4d8a9fba0b87347df1f5bb676f496bf29bf9ea9e3ea4bd1dd3f3d4feb7609f96424f35035b5a13fd6efd0441dea1c1f17feae7d5a1ef77aa05537fc87cc2021c92d5cbbbd159258a45972e112e123e306ef0daa36e1ff069be815c5d0b74b6b41c6d5b76c04057de0a43c2e40b04fc11b60f0f1e7ff0b88fb600d79e03cc8b73fed0af95601acca"}) socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000180)=0x7, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x7, 0x10001}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TIOCSTI(0xffffffffffffffff, 0x80047437, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffffbb, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="00010000", @ANYRES16, @ANYBLOB="c88845e7e05ae52d00009300000008001317"], 0x1c}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00'}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b28, &(0x7f0000000000)={'wlan1\x00'}) 1.750068438s ago: executing program 4 (id=1294): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, &(0x7f0000000080)=0xfff) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00') read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020) 1.629762612s ago: executing program 2 (id=1295): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 1.516143788s ago: executing program 2 (id=1296): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0xa, [@var={0x8, 0x0, 0x0, 0xe, 0x3, 0x7}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f]}}, &(0x7f0000000300)=""/187, 0x32, 0xbb, 0x1}, 0x20) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000440)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r1 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x10, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000100)='dummy0\x00', 0x10) setsockopt$inet_int(r3, 0x0, 0x13, &(0x7f0000000040)=0x7, 0x4) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000180)="08001efbb07d586e", 0x8}], 0x1, 0x0, 0x0, 0x60000000}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000010000000000000604000000002e"], 0x0, 0x28}, 0x20) creat(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000380)='syzkaller\x00'}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x69) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_GET_TSC(0x43, 0x0) prctl$PR_MCE_KILL(0x43, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc1004110, &(0x7f0000000040)={0x0, "8dd2356a9ebb85c49090d8e7251a8f47261a8f4797bf8ba7ff669b27d2af3ae0d402a46e4e967621c2c9fd4f42a31536849f6717859f6717c7862a799260eda3"}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) syz_emit_ethernet(0x122, &(0x7f00000003c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x1e, 0x4, 0x0, 0x0, 0x114, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x7, 0x50, [@broadcast]}, @lsrr={0x83, 0x27, 0x68, [@rand_addr=0x64010102, @loopback, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x42}, @remote, @multicast1, @empty, @local, @private=0xa010100]}, @lsrr={0x83, 0xb, 0x55, [@rand_addr=0x64010102, @broadcast]}, @timestamp={0x44, 0x10, 0x62, 0x0, 0x4, [0x6, 0x100, 0xaf3]}, @ssrr={0x89, 0xf, 0x3e, [@multicast1, @multicast1, @remote]}, @timestamp_prespec={0x44, 0xc, 0x52, 0x3, 0x3, [{@broadcast, 0x81}]}]}}, {0x4e20, 0x4e22, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, '\x00', '\x00', '\x00', {'\x00', "00000000100000000000000000000001"}}}}}}}, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0) 1.492058307s ago: executing program 1 (id=1297): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000e84cec470000ba000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x41, 0x6, 0x2, 0x0, 0x1}, 0x48) 1.296406304s ago: executing program 4 (id=1299): syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000180)=@v1={0x0, @aes256, 0x0, @desc1}) mkdirat(r0, &(0x7f0000000280)='./file0\x00', 0x0) r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c99064bbd27b2aa77459cff33a3a98350f1af9d51ed5bef3d63520d260804d0"}, 0x48, 0xfffffffffffffffd) keyctl$setperm(0x5, r1, 0x0) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00') 1.191601862s ago: executing program 1 (id=1300): openat$capi20(0xffffffffffffff9c, 0x0, 0x111102, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f00000004c0)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x1f, 0x0, 0x0, r1}, [@IFA_LOCAL={0x8, 0x2, @broadcast}]}, 0x20}}, 0x0) 1.189524993s ago: executing program 4 (id=1301): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) 1.117976185s ago: executing program 0 (id=1302): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x4, 0x0, 0x20001100) 1.09323962s ago: executing program 4 (id=1303): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) linkat(r0, &(0x7f0000000300)='./file1\x00', r0, &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 1.019108886s ago: executing program 1 (id=1304): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r2) lsetxattr$system_posix_acl(&(0x7f00000003c0)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f0000000280)={{}, {}, [], {0x4, 0x5}, [{}, {}], {0x10, 0x1}}, 0x34, 0x0) lchown(&(0x7f0000000340)='./bus\x00', r1, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') 962.977168ms ago: executing program 0 (id=1305): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000003400)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000004280)=ANY=[@ANYBLOB="1402000026000100000000000000000003"], 0x214}], 0x1}, 0x0) 702.133299ms ago: executing program 1 (id=1306): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 643.155379ms ago: executing program 0 (id=1307): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="1c0000001a005f0014f9f50700090900810080ffffff000000000000", 0x1c) 642.304497ms ago: executing program 3 (id=1308): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) read$midi(r0, 0x0, 0x0) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100) readv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/100, 0x64}], 0x2) 605.612672ms ago: executing program 1 (id=1309): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, &(0x7f0000000080)=0xfff) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00') read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020) 394.014188ms ago: executing program 0 (id=1310): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000e84cec470000ba000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x41, 0x6, 0x2, 0x0, 0x1}, 0x48) 369.615074ms ago: executing program 3 (id=1311): syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000180)=@v1={0x0, @aes256, 0x0, @desc1}) mkdirat(r0, &(0x7f0000000280)='./file0\x00', 0x0) r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c99064bbd27b2aa77459cff33a3a98350f1af9d51ed5bef3d63520d260804d0"}, 0x48, 0xfffffffffffffffd) keyctl$setperm(0x5, r1, 0x0) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00') 336.872326ms ago: executing program 2 (id=1312): r0 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000680)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f00000000c0)="3a38fc557412", 0x0, 0xfffffbfc, 0x0, 0x0, 0x0}) 316.49076ms ago: executing program 4 (id=1313): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={r1, 0x0, 0x30}, &(0x7f00000001c0)=0x18) 179.557053ms ago: executing program 1 (id=1314): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f0000000800)=ANY=[@ANYBLOB="000046dce4122393df69e33fce4c41ffff000000000000000000000000000000fa0061233d0ab8dfac"], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r1, 0x0) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 153.795177ms ago: executing program 0 (id=1315): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x4, 0x0, 0x20001100) 38.873304ms ago: executing program 3 (id=1316): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x11}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9c1288ee7b80141}, 0x90) 20.469212ms ago: executing program 0 (id=1317): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000003400)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000004280)=ANY=[@ANYBLOB="1402000026000100000000000000000003"], 0x214}], 0x1}, 0x0) 0s ago: executing program 2 (id=1318): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) tee(r0, r3, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 0: Enable large directory feature to access it [ 199.107736][ T7274] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz.1.615: Corrupt directory, running e2fsck is recommended [ 200.044086][ C1] sched: RT throttling activated [ 200.245349][ T5089] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.421023][ T7277] loop0: detected capacity change from 0 to 2048 [ 200.439285][ T7248] loop4: detected capacity change from 0 to 32768 [ 200.459297][ T7248] XFS: attr2 mount option is deprecated. [ 200.510792][ T7277] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.550711][ T7282] loop1: detected capacity change from 0 to 512 [ 200.570074][ T7277] ext4 filesystem being mounted at /root/syzkaller.bopmPx/175/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.632668][ T7248] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/loop4": -EINTR [ 200.818406][ T7277] futex_wake_op: syz.0.624 tries to shift op by -1; fix this program [ 200.846908][ T7277] fs-verity: sha512 using implementation "sha512-avx2" [ 201.232062][ T5088] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.226222][ T7318] loop0: detected capacity change from 0 to 512 [ 202.294564][ T7318] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 202.310814][ T7318] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 202.335034][ T7318] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz.0.634: Corrupt directory, running e2fsck is recommended [ 202.476950][ T7318] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 202.516673][ T7318] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2234: inode #15: comm syz.0.634: corrupted in-inode xattr: invalid ea_ino [ 202.559909][ T7318] EXT4-fs (loop0): Remounting filesystem read-only [ 202.585262][ T7333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.641'. [ 202.600821][ T29] audit: type=1326 audit(1719611599.869:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 202.610245][ T7318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.637197][ T7328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'. [ 202.702099][ T29] audit: type=1326 audit(1719611599.869:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 202.962808][ T7336] loop2: detected capacity change from 0 to 512 [ 203.039493][ T7340] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 203.051584][ T7340] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 203.062262][ T7340] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz.0.634: Corrupt directory, running e2fsck is recommended [ 203.340794][ T29] audit: type=1326 audit(1719611599.869:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 203.674602][ T29] audit: type=1326 audit(1719611599.869:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 203.994806][ T29] audit: type=1326 audit(1719611599.869:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 203.996694][ T5088] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.018141][ T29] audit: type=1326 audit(1719611599.879:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 204.797805][ T29] audit: type=1326 audit(1719611600.019:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 204.867640][ T7345] loop4: detected capacity change from 0 to 256 [ 204.944193][ T29] audit: type=1326 audit(1719611600.019:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7331 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbfe375b99 code=0x7ffc0000 [ 205.402314][ T7366] warning: `syz.0.646' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 205.481659][ T7370] loop0: detected capacity change from 0 to 16 [ 205.572767][ T7370] erofs: (device loop0): mounted with root inode @ nid 36. [ 205.711487][ T7359] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 205.771475][ T7359] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -18 in[46, 4050] out[1851] [ 205.802709][ T7359] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 205.819527][ T7359] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 205.834524][ T7359] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -18 in[46, 4050] out[1851] [ 205.877227][ T7366] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 205.884361][ T7379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.653'. [ 205.916155][ T7359] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 205.977719][ T7366] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -18 in[46, 4050] out[1851] [ 206.042746][ T7366] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 206.043129][ T7383] loop1: detected capacity change from 0 to 512 [ 206.116619][ T7383] ext4: Unknown parameter 'noacl' [ 206.357843][ T7383] loop1: detected capacity change from 0 to 1024 [ 206.449441][ T7383] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 206.640370][ T7395] loop2: detected capacity change from 0 to 2048 [ 206.798582][ T7395] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.568045][ T7395] ext4 filesystem being mounted at /root/syzkaller.hWRwmO/27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 207.804391][ T7406] loop1: detected capacity change from 1024 to 0 [ 207.949286][ T5089] syz-executor: attempt to access beyond end of device [ 207.949286][ T5089] loop1: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 208.015099][ T5089] syz-executor: attempt to access beyond end of device [ 208.015099][ T5089] loop1: rw=524288, sector=12, nr_sectors = 2 limit=0 [ 208.068292][ T5089] syz-executor: attempt to access beyond end of device [ 208.068292][ T5089] loop1: rw=524288, sector=14, nr_sectors = 2 limit=0 [ 208.090685][ T7395] futex_wake_op: syz.2.659 tries to shift op by -1; fix this program [ 208.091194][ T5089] syz-executor: attempt to access beyond end of device [ 208.091194][ T5089] loop1: rw=524288, sector=16, nr_sectors = 2 limit=0 [ 208.131183][ T29] audit: type=1800 audit(1719611605.399:41): pid=7412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.663" name="bus" dev="overlay" ino=1959 res=0 errno=0 [ 208.152671][ T5089] syz-executor: attempt to access beyond end of device [ 208.152671][ T5089] loop1: rw=524288, sector=18, nr_sectors = 2 limit=0 [ 208.175403][ T5089] syz-executor: attempt to access beyond end of device [ 208.175403][ T5089] loop1: rw=524288, sector=20, nr_sectors = 2 limit=0 [ 208.197934][ T7412] evm: overlay not supported [ 208.219417][ T5089] syz-executor: attempt to access beyond end of device [ 208.219417][ T5089] loop1: rw=524288, sector=22, nr_sectors = 2 limit=0 [ 208.252907][ T5089] syz-executor: attempt to access beyond end of device [ 208.252907][ T5089] loop1: rw=524288, sector=24, nr_sectors = 2 limit=0 [ 208.268518][ T5089] syz-executor: attempt to access beyond end of device [ 208.268518][ T5089] loop1: rw=524288, sector=26, nr_sectors = 2 limit=0 [ 208.285321][ T5089] syz-executor: attempt to access beyond end of device [ 208.285321][ T5089] loop1: rw=12288, sector=10, nr_sectors = 2 limit=0 [ 208.307206][ T6597] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.355178][ T5089] EXT4-fs error (device loop1): ext4_get_inode_loc:4495: inode #2: block 5: comm syz-executor: unable to read itable block [ 208.403660][ T5089] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 208.419868][ T7420] loop3: detected capacity change from 0 to 256 [ 208.454283][ T5089] EXT4-fs (loop1): I/O error while writing superblock [ 208.461139][ T5089] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: IO failure [ 208.513765][ T5089] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 208.566621][ T5089] EXT4-fs (loop1): I/O error while writing superblock [ 208.587165][ T5089] EXT4-fs error (device loop1): ext4_dirty_inode:5935: inode #2: comm syz-executor: mark_inode_dirty error [ 208.629416][ T7425] loop0: detected capacity change from 0 to 16 [ 208.650251][ T5089] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 208.674396][ T5089] EXT4-fs (loop1): I/O error while writing superblock [ 208.684997][ T7425] erofs: (device loop0): mounted with root inode @ nid 36. [ 208.722211][ T7425] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 208.725157][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc_noinmem:4480: inode #2: block 5: comm kworker/u8:0: unable to read itable block [ 208.756584][ T11] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 208.756932][ T7430] loop2: detected capacity change from 0 to 128 [ 208.766125][ T11] EXT4-fs (loop1): I/O error while writing superblock [ 208.779895][ T7425] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -18 in[46, 4050] out[1851] [ 208.830506][ T7430] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 208.833020][ T5089] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.867508][ T7425] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 208.922145][ T7425] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 208.934440][ T7425] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -18 in[46, 4050] out[1851] [ 208.942567][ T7435] loop3: detected capacity change from 0 to 1024 [ 208.951285][ T7425] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 208.962429][ T7422] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 208.987767][ T5089] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 209.008595][ T5089] EXT4-fs (loop1): I/O error while writing superblock [ 209.016930][ T7422] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -18 in[46, 4050] out[1851] [ 209.029623][ T7396] Buffer I/O error on dev loop1, logical block 64, lost sync page write [ 209.039730][ T7422] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 209.099241][ T7435] hfsplus: invalid btree flag [ 209.152014][ T7435] hfsplus: failed to load catalog file [ 209.495322][ T1042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.616166][ T1794] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 209.632631][ T1042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.869799][ T1794] usb 4-1: config 0 has an invalid interface number: 216 but max is 0 [ 209.884639][ T1042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.904103][ T1794] usb 4-1: config 0 has no interface number 0 [ 209.913751][ T1794] usb 4-1: config 0 interface 216 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 209.964664][ T1794] usb 4-1: config 0 interface 216 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 209.993371][ T1794] usb 4-1: New USB device found, idVendor=0499, idProduct=1002, bcdDevice=df.d7 [ 210.025176][ T1794] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.042298][ T1042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.053402][ T1794] usb 4-1: Product: syz [ 210.073776][ T1794] usb 4-1: Manufacturer: syz [ 210.078676][ T1794] usb 4-1: SerialNumber: syz [ 210.123398][ T1794] usb 4-1: config 0 descriptor?? [ 210.153131][ T1794] usb 4-1: Interface #216 referenced by multiple IADs [ 210.344648][ T7465] fuse: Bad value for 'fd' [ 210.410921][ T7465] loop0: detected capacity change from 0 to 1024 [ 210.710344][ T29] audit: type=1326 audit(1719611607.979:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7460 comm="syz.0.677" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f975b99 code=0x0 [ 210.879794][ T7426] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 211.221313][ T1794] snd-usb-audio 4-1:0.216: probe with driver snd-usb-audio failed with error -2 [ 211.276039][ T1794] usb 4-1: USB disconnect, device number 4 [ 211.335925][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 211.348656][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 211.359313][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 211.373922][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 211.386496][ T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 211.398391][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 211.438148][ T1042] bridge_slave_1: left allmulticast mode [ 211.448118][ T1042] bridge_slave_1: left promiscuous mode [ 211.457326][ T1042] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.514789][ T7474] netlink: 8 bytes leftover after parsing attributes in process `syz.0.680'. [ 211.530929][ T1042] bridge_slave_0: left allmulticast mode [ 211.549889][ T1042] bridge_slave_0: left promiscuous mode [ 211.571460][ T6103] udevd[6103]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.216/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 211.602423][ T1042] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.000284][ T7486] loop3: detected capacity change from 0 to 512 [ 212.122376][ T7488] blktrace: Concurrent blktraces are not allowed on nbd4 [ 212.469972][ T5141] libceph: connect (1)[c::]:6789 error -101 [ 212.492549][ T5141] libceph: mon0 (1)[c::]:6789 connect error [ 212.651577][ T7501] netlink: 'syz.3.689': attribute type 1 has an invalid length. [ 212.674274][ T7501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.689'. [ 212.788983][ T5141] libceph: connect (1)[c::]:6789 error -101 [ 212.821833][ T5141] libceph: mon0 (1)[c::]:6789 connect error [ 213.079309][ T29] audit: type=1800 audit(1719611610.349:43): pid=7509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.692" name="bus" dev="sda1" ino=1977 res=0 errno=0 [ 213.871334][ T5141] libceph: connect (1)[c::]:6789 error -101 [ 213.993387][ T55] Bluetooth: hci1: command tx timeout [ 214.003753][ T5141] libceph: mon0 (1)[c::]:6789 connect error [ 214.020084][ T1042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 214.050857][ T1042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.082244][ T1042] bond0 (unregistering): Released all slaves [ 214.194039][ T7490] ceph: No mds server is up or the cluster is laggy [ 214.266528][ T7484] dvmrp0: entered allmulticast mode [ 214.679861][ T7527] blktrace: Concurrent blktraces are not allowed on nbd4 [ 214.729088][ T7528] netlink: 'syz.2.700': attribute type 1 has an invalid length. [ 214.775853][ T7528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.700'. [ 215.205607][ T1042] hsr_slave_0: left promiscuous mode [ 215.227974][ T1042] hsr_slave_1: left promiscuous mode [ 215.239189][ T1042] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.279941][ T1042] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.356777][ T1042] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.396764][ T1042] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.486366][ T1042] veth1_macvtap: left promiscuous mode [ 215.492212][ T1042] veth0_macvtap: left promiscuous mode [ 215.499506][ T1042] veth1_vlan: left promiscuous mode [ 215.506941][ T29] audit: type=1800 audit(1719611612.779:44): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.707" name="bus" dev="sda1" ino=1972 res=0 errno=0 [ 215.534396][ T1042] veth0_vlan: left promiscuous mode [ 215.609025][ T7545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.705'. [ 215.817166][ T7550] loop4: detected capacity change from 0 to 764 [ 215.844183][ T7534] loop2: detected capacity change from 0 to 40427 [ 215.852305][ T7550] rock: directory entry would overflow storage [ 215.859267][ T7550] rock: sig=0x4654, size=5, remaining=4 [ 215.879543][ T7534] F2FS-fs (loop2): Invalid log sectorsize (2) [ 215.897315][ T7534] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 215.946827][ T7534] F2FS-fs (loop2): Found nat_bits in checkpoint [ 216.044392][ T55] Bluetooth: hci1: command tx timeout [ 216.154763][ T7534] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 216.189784][ T7534] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 216.403369][ T29] audit: type=1800 audit(1719611613.609:45): pid=7534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.703" name="bus" dev="loop2" ino=10 res=0 errno=0 [ 217.220153][ T7534] bio_check_eod: 15 callbacks suppressed [ 217.220177][ T7534] syz.2.703: attempt to access beyond end of device [ 217.220177][ T7534] loop2: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 217.270044][ T5139] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 217.393579][ T6597] syz-executor: attempt to access beyond end of device [ 217.393579][ T6597] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 217.428229][ T6597] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 217.476598][ T5139] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 217.501433][ T5139] usb 5-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 217.546151][ T5139] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 217.555399][ T5139] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 217.615041][ T5139] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 217.640709][ T5139] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 217.665710][ T5139] usb 5-1: Product: syz [ 217.669962][ T5139] usb 5-1: Manufacturer: syz [ 217.695459][ T5139] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 217.833594][ T7568] syz.0.714 uses obsolete (PF_INET,SOCK_PACKET) [ 217.924933][ T1042] team0 (unregistering): Port device team_slave_1 removed [ 218.078711][ T1042] team0 (unregistering): Port device team_slave_0 removed [ 218.104298][ T55] Bluetooth: hci1: command tx timeout [ 218.916820][ T29] audit: type=1800 audit(1719611616.189:46): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.711" name="file0" dev="sda1" ino=1979 res=0 errno=0 [ 219.021615][ T29] audit: type=1804 audit(1719611616.199:47): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.711" name="/root/syzkaller.hWRwmO/33/file0" dev="sda1" ino=1979 res=1 errno=0 [ 219.126399][ T5141] usb 5-1: USB disconnect, device number 5 [ 219.336187][ T7577] netlink: 'syz.4.715': attribute type 1 has an invalid length. [ 220.184764][ T55] Bluetooth: hci1: command tx timeout [ 220.420660][ T7603] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 220.519344][ T7597] can: request_module (can-proto-3) failed. [ 220.981131][ T7469] chnl_net:caif_netlink_parms(): no params data found [ 220.992843][ T7589] loop4: detected capacity change from 0 to 40427 [ 221.296945][ T7589] F2FS-fs (loop4): extra_attr or flexible_inline_xattr feature is off [ 221.588082][ T7624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.730'. [ 221.674168][ T6103] I/O error, dev loop4, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 222.423531][ T29] audit: type=1800 audit(1719611619.689:48): pid=7650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.736" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 222.444398][ T5098] Bluetooth: hci4: command 0x0406 tx timeout [ 222.450549][ T4488] Bluetooth: hci5: command 0x0406 tx timeout [ 223.086470][ T7469] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.500876][ T7469] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.515243][ T7653] can: request_module (can-proto-3) failed. [ 223.532353][ T7469] bridge_slave_0: entered allmulticast mode [ 223.553050][ T7469] bridge_slave_0: entered promiscuous mode [ 223.614681][ T7661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.736'. [ 223.950241][ T7469] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.153287][ T7469] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.197786][ T7469] bridge_slave_1: entered allmulticast mode [ 224.265052][ T7469] bridge_slave_1: entered promiscuous mode [ 224.613401][ T7669] netlink: 8 bytes leftover after parsing attributes in process `syz.3.742'. [ 224.781355][ T7469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.828558][ T7469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.166296][ T7676] loop3: detected capacity change from 0 to 1024 [ 225.256945][ T7469] team0: Port device team_slave_0 added [ 225.277299][ T7676] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.326564][ T7469] team0: Port device team_slave_1 added [ 225.394270][ T7676] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 225.417010][ T7656] loop0: detected capacity change from 0 to 40427 [ 225.474405][ T7676] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 225.488301][ T7656] F2FS-fs (loop0): Invalid log sectorsize (2) [ 225.500024][ T7676] EXT4-fs error (device loop3): ext4_acquire_dquot:6858: comm syz.3.744: Failed to acquire dquot type 0 [ 225.519933][ T7656] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 225.598675][ T7656] F2FS-fs (loop0): Failed to start F2FS issue_checkpoint_thread (-4) [ 225.615018][ T7469] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 225.641335][ T7469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.645224][ T5528] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.667331][ C0] vkms_vblank_simulate: vblank timer overrun [ 225.685632][ T7469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 225.736186][ T7469] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 225.774216][ T7469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.800150][ C0] vkms_vblank_simulate: vblank timer overrun [ 225.859124][ T7469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.096939][ T7469] hsr_slave_0: entered promiscuous mode [ 226.128726][ T7469] hsr_slave_1: entered promiscuous mode [ 226.171501][ T7469] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 226.192310][ T7469] Cannot create hsr debugfs directory [ 226.463813][ T7702] can: request_module (can-proto-3) failed. [ 227.863798][ T7722] loop0: detected capacity change from 0 to 256 [ 227.926681][ T7722] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 227.965821][ T7722] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 228.887339][ T7741] dvmrp0: entered allmulticast mode [ 228.923649][ T7754] loop0: detected capacity change from 0 to 256 [ 228.992105][ T7754] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 229.098649][ T7760] loop2: detected capacity change from 0 to 256 [ 229.198191][ T5139] libceph: connect (1)[c::]:6789 error -101 [ 229.235265][ T5139] libceph: mon0 (1)[c::]:6789 connect error [ 229.298314][ T7760] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 229.345408][ T7760] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 229.572069][ T5139] libceph: connect (1)[c::]:6789 error -101 [ 229.580610][ T5139] libceph: mon0 (1)[c::]:6789 connect error [ 229.615286][ T7774] loop4: detected capacity change from 0 to 2048 [ 229.776767][ T7774] syz.4.771: attempt to access beyond end of device [ 229.776767][ T7774] loop4: rw=524288, sector=9007199254741068, nr_sectors = 2 limit=2048 [ 230.124648][ T5139] libceph: connect (1)[c::]:6789 error -101 [ 230.159762][ T5139] libceph: mon0 (1)[c::]:6789 connect error [ 230.404740][ T7741] ceph: No mds server is up or the cluster is laggy [ 230.426782][ T7788] loop4: detected capacity change from 0 to 1024 [ 230.749464][ T7788] EXT4-fs: Ignoring removed nomblk_io_submit option [ 230.767117][ T7797] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 230.792089][ T7788] EXT4-fs: Mount option(s) incompatible with ext3 [ 231.357895][ T7469] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 231.703173][ T7469] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 231.773834][ T7469] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 231.821286][ T7788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.776'. [ 232.114937][ T5139] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 232.167832][ T7469] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 232.262370][ T7813] Zero length message leads to an empty skb [ 233.142641][ T5139] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 233.187374][ T5139] usb 4-1: New USB device found, idVendor=1bc7, idProduct=9010, bcdDevice=36.53 [ 233.234666][ T5139] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.270087][ T5139] usb 4-1: config 0 descriptor?? [ 233.288116][ T5139] option 4-1:0.0: GSM modem (1-port) converter detected [ 233.488950][ T7832] tap0: tun_chr_ioctl cmd 35108 [ 233.629171][ T5139] usb 4-1: USB disconnect, device number 5 [ 233.647632][ T5139] option 4-1:0.0: device disconnected [ 233.775476][ T7469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.812035][ T7469] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.841517][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.848808][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.870202][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.877499][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.261569][ T7469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.373955][ T7469] veth0_vlan: entered promiscuous mode [ 234.403922][ T7469] veth1_vlan: entered promiscuous mode [ 234.471376][ T7469] veth0_macvtap: entered promiscuous mode [ 234.489081][ T7469] veth1_macvtap: entered promiscuous mode [ 234.535754][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.555553][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.569857][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.581109][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.599214][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.611383][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.628811][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.642294][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.664895][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.690782][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.704271][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.720760][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.732310][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.750041][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.763561][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.780051][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.791161][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.810483][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.832790][ T7469] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.842362][ T7469] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.854506][ T7469] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.863315][ T7469] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.043530][ T2832] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.070200][ T2832] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.120843][ T1042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.139705][ T1042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.293440][ T7926] kcapi: manufacturer command 12 unknown. [ 237.372839][ T7923] tap0: tun_chr_ioctl cmd 35108 [ 237.674466][ T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 237.874266][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 237.898920][ T25] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 237.924179][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.048082][ T25] usb 3-1: config 0 descriptor?? [ 238.071498][ T25] gspca_main: sq930x-2.14.0 probing 041e:403c [ 238.398751][ T7926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.427630][ T7926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 238.605591][ T25] gspca_sq930x: reg_r 001f failed -110 [ 238.611234][ T25] sq930x 3-1:0.0: probe with driver sq930x failed with error -110 [ 238.701928][ T7911] loop4: detected capacity change from 0 to 32768 [ 238.725772][ T7902] loop3: detected capacity change from 0 to 32768 [ 238.760005][ T9] usb 3-1: USB disconnect, device number 7 [ 238.790765][ T7902] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 238.845522][ T7911] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 238.972417][ T7902] XFS (loop3): Ending clean mount [ 238.978564][ T7911] XFS (loop4): Ending clean mount [ 239.040950][ T29] audit: type=1800 audit(2000000000.840:49): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.798" name="bus" dev="loop3" ino=4425 res=0 errno=0 [ 239.092816][ T29] audit: type=1800 audit(2000000000.890:50): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.798" name="file1" dev="loop3" ino=4422 res=0 errno=0 [ 239.108869][ T1794] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x41/0xd0, xfs_bnobt block 0x8 [ 239.141813][ T1794] XFS (loop4): Unmount and run xfs_repair [ 239.167923][ T29] audit: type=1800 audit(2000000000.890:51): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.798" name="bus" dev="loop3" ino=4425 res=0 errno=0 [ 239.178676][ T1794] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 239.234361][ T1794] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 239.289814][ T1794] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 239.342322][ T1794] 00000020: a2 f8 2a ab 77 f8 42 86 af d4 a8 f7 00 a7 4b ab ..*.w.B.......K. [ 239.352687][ T1794] 00000030: 00 00 00 00 5b fd 4f dd 00 00 00 05 00 00 00 01 ....[.O......... [ 239.373203][ T1794] 00000040: 00 00 02 36 00 00 0d ca 00 00 00 00 00 00 00 00 ...6............ [ 239.383837][ T1794] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 239.393696][ T5528] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 239.434354][ T1794] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 239.443286][ T1794] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 239.505719][ T25] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x8 len 8 error 74 [ 239.539843][ T25] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 239.557837][ T25] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 239.645037][ T5492] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 240.831142][ T7980] trusted_key: syz.3.816 sent an empty control message without MSG_MORE. [ 241.048910][ T7982] tap0: tun_chr_ioctl cmd 35108 [ 241.156717][ T7992] loop2: detected capacity change from 0 to 512 [ 241.234695][ T7992] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 241.254404][ T7992] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 241.325578][ T7992] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.824: Corrupt directory, running e2fsck is recommended [ 241.435808][ T7992] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 241.456100][ T7992] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.824: corrupted in-inode xattr: invalid ea_ino [ 241.512467][ T7992] EXT4-fs (loop2): Remounting filesystem read-only [ 241.540558][ T7992] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.802241][ T29] audit: type=1800 audit(2000000000.990:52): pid=8011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.831" name="file0" dev="sda1" ino=1952 res=0 errno=0 [ 242.143182][ T8014] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 242.155508][ T8014] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 242.166488][ T8014] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.824: Corrupt directory, running e2fsck is recommended [ 242.613726][ T5105] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 242.624528][ T5105] Bluetooth: hci2: Injecting HCI hardware error event [ 242.635398][ T5105] Bluetooth: hci2: hardware error 0x00 [ 243.045310][ T29] audit: type=1804 audit(2000000000.990:53): pid=8011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.831" name="/root/syzkaller.bopmPx/226/file0" dev="sda1" ino=1952 res=1 errno=0 [ 243.104772][ T6597] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.150060][ T8012] bridge_slave_1: left allmulticast mode [ 243.161471][ T8012] bridge_slave_1: left promiscuous mode [ 243.182907][ T8012] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.074920][ T8037] tap0: tun_chr_ioctl cmd 35108 [ 245.147481][ T5105] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 245.719544][ T8055] IPv6: NLM_F_CREATE should be specified when creating new route [ 245.740535][ T8055] netlink: 1 bytes leftover after parsing attributes in process `syz.1.848'. [ 245.930869][ T8061] loop4: detected capacity change from 0 to 764 [ 245.996457][ T8061] rock: directory entry would overflow storage [ 246.002976][ T8061] rock: sig=0x4654, size=5, remaining=4 [ 246.328599][ T5092] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 247.504354][ T5092] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 247.513483][ T5092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.552300][ T5092] usb 2-1: config 0 descriptor?? [ 247.575335][ T8057] netlink: 44 bytes leftover after parsing attributes in process `syz.0.845'. [ 247.588747][ T5092] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 247.599784][ T8057] netlink: 43 bytes leftover after parsing attributes in process `syz.0.845'. [ 247.668701][ T8057] netlink: 'syz.0.845': attribute type 5 has an invalid length. [ 247.711983][ T8057] netlink: 43 bytes leftover after parsing attributes in process `syz.0.845'. [ 247.974316][ T5092] cpia1 2-1:0.0: unexpected state after lo power cmd: 00 [ 248.317705][ T5092] gspca_cpia1: usb_control_msg 01, error -71 [ 248.323798][ T5092] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 248.359500][ T8093] IPv6: NLM_F_CREATE should be specified when creating new route [ 248.376549][ T8093] netlink: 1 bytes leftover after parsing attributes in process `syz.3.860'. [ 248.388059][ T5092] usb 2-1: USB disconnect, device number 8 [ 248.607462][ T29] audit: type=1326 audit(2000000007.840:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8094 comm="syz.3.861" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f896e175b99 code=0x0 [ 249.122705][ T8089] loop2: detected capacity change from 0 to 32768 [ 249.199506][ T8089] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 249.449364][ T8089] XFS (loop2): Ending clean mount [ 249.527881][ T8124] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 25 (only 8 groups) [ 249.802183][ T8132] loop3: detected capacity change from 0 to 1024 [ 249.824850][ T5139] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x41/0xd0, xfs_bnobt block 0x8 [ 249.863758][ T5139] XFS (loop2): Unmount and run xfs_repair [ 249.890210][ T5139] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 249.919407][ T5139] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 249.946016][ T5139] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 249.984832][ T5139] 00000020: a2 f8 2a ab 77 f8 42 86 af d4 a8 f7 00 a7 4b ab ..*.w.B.......K. [ 250.017604][ T5139] 00000030: 00 00 00 00 5b fd 4f dd 00 00 00 05 00 00 00 01 ....[.O......... [ 250.044797][ T5139] 00000040: 00 00 02 36 00 00 0d ca 00 00 00 00 00 00 00 00 ...6............ [ 250.075358][ T5139] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 250.112411][ T5139] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 250.138497][ T5139] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 250.164196][ T8089] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x8 len 8 error 74 [ 250.195320][ T5139] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x41/0xd0, xfs_bnobt block 0x8 [ 250.206579][ T8089] XFS (loop2): page discard on page ffffea000175b680, inode 0x429, pos 0. [ 250.223287][ T5139] XFS (loop2): Unmount and run xfs_repair [ 250.230570][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 250.261088][ T5139] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 250.292987][ T5139] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 250.320751][ T5139] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 250.352599][ T5139] 00000020: a2 f8 2a ab 77 f8 42 86 af d4 a8 f7 00 a7 4b ab ..*.w.B.......K. [ 250.370676][ T5139] 00000030: 00 00 00 00 5b fd 4f dd 00 00 00 05 00 00 00 01 ....[.O......... [ 250.386744][ T8151] netlink: 12 bytes leftover after parsing attributes in process `syz.1.882'. [ 250.404224][ T5139] 00000040: 00 00 02 36 00 00 0d ca 00 00 00 00 00 00 00 00 ...6............ [ 250.413247][ T5139] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 250.432830][ T29] audit: type=1326 audit(2000000009.670:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8150 comm="syz.4.883" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcbfe375b99 code=0x0 [ 250.456809][ T5139] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 250.465864][ T5139] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 250.475487][ T5141] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x8 len 8 error 74 [ 250.489950][ T8] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 250.499600][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.512262][ T8] usb 1-1: config 0 descriptor?? [ 250.527171][ T8] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 250.535184][ T5141] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 250.563343][ T5141] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 250.592427][ T6597] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 250.896215][ T8157] syz.3.886[8157] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 250.896400][ T8157] syz.3.886[8157] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 250.936914][ T8] cpia1 1-1:0.0: unexpected state after lo power cmd: 00 [ 251.288323][ T8] gspca_cpia1: usb_control_msg 01, error -71 [ 251.309771][ T8] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 251.338679][ T8] usb 1-1: USB disconnect, device number 4 [ 251.441243][ T8171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.892'. [ 251.590266][ T8181] syz.4.892: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 251.590957][ T8181] CPU: 1 UID: 0 PID: 8181 Comm: syz.4.892 Not tainted 6.10.0-rc5-next-20240627-syzkaller #0 [ 251.590992][ T8181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 251.591012][ T8181] Call Trace: [ 251.591024][ T8181] [ 251.591034][ T8181] dump_stack_lvl+0x241/0x360 [ 251.591071][ T8181] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.591096][ T8181] ? __pfx__printk+0x10/0x10 [ 251.591138][ T8181] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 251.591168][ T8181] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 251.591200][ T8181] warn_alloc+0x278/0x410 [ 251.591232][ T8181] ? stack_depot_save_flags+0x29/0x830 [ 251.591264][ T8181] ? __vmalloc_node_range_noprof+0x10b/0x1460 [ 251.591290][ T8181] ? __pfx_warn_alloc+0x10/0x10 [ 251.591323][ T8181] ? kasan_save_track+0x3f/0x80 [ 251.591346][ T8181] ? __kasan_kmalloc+0x98/0xb0 [ 251.591373][ T8181] ? xsk_setsockopt+0x598/0x950 [ 251.591403][ T8181] ? do_sock_setsockopt+0x3af/0x720 [ 251.591433][ T8181] ? __sys_setsockopt+0x1ae/0x250 [ 251.591463][ T8181] ? __x64_sys_setsockopt+0xb5/0xd0 [ 251.591494][ T8181] ? do_syscall_64+0xf3/0x230 [ 251.591515][ T8181] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.591554][ T8181] __vmalloc_node_range_noprof+0x130/0x1460 [ 251.591639][ T8181] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 251.591672][ T8181] ? __kasan_kmalloc+0x98/0xb0 [ 251.591699][ T8181] ? xskq_create+0x54/0x170 [ 251.591738][ T8181] vmalloc_user_noprof+0x74/0x80 [ 251.591764][ T8181] ? xskq_create+0xb6/0x170 [ 251.591798][ T8181] xskq_create+0xb6/0x170 [ 251.591835][ T8181] xsk_init_queue+0xa1/0x100 [ 251.591875][ T8181] xsk_setsockopt+0x598/0x950 [ 251.591913][ T8181] ? __pfx_xsk_setsockopt+0x10/0x10 [ 251.591951][ T8181] ? __pfx_lock_acquire+0x10/0x10 [ 251.591982][ T8181] ? aa_sock_opt_perm+0x79/0x120 [ 251.592019][ T8181] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 251.592053][ T8181] ? security_socket_setsockopt+0x87/0xb0 [ 251.592085][ T8181] ? __pfx_xsk_setsockopt+0x10/0x10 [ 251.592118][ T8181] do_sock_setsockopt+0x3af/0x720 [ 251.592159][ T8181] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 251.592189][ T8181] ? __fget_files+0x29/0x470 [ 251.592219][ T8181] ? __fget_files+0x3f6/0x470 [ 251.592259][ T8181] __sys_setsockopt+0x1ae/0x250 [ 251.592300][ T8181] __x64_sys_setsockopt+0xb5/0xd0 [ 251.592337][ T8181] do_syscall_64+0xf3/0x230 [ 251.592362][ T8181] ? clear_bhb_loop+0x35/0x90 [ 251.592395][ T8181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.592433][ T8181] RIP: 0033:0x7fcbfe375b99 [ 251.592461][ T8181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.592484][ T8181] RSP: 002b:00007fcbff1f4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 251.592512][ T8181] RAX: ffffffffffffffda RBX: 00007fcbfe504150 RCX: 00007fcbfe375b99 [ 251.592532][ T8181] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a [ 251.592548][ T8181] RBP: 00007fcbfe3f677e R08: 0000000000000020 R09: 0000000000000000 [ 251.592565][ T8181] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 251.592582][ T8181] R13: 000000000000006e R14: 00007fcbfe504150 R15: 00007fff22cb7f58 [ 251.592619][ T8181] [ 251.592637][ T8181] Mem-Info: [ 251.592654][ T8181] active_anon:4842 inactive_anon:0 isolated_anon:0 [ 251.592654][ T8181] active_file:1860 inactive_file:38665 isolated_file:0 [ 251.592654][ T8181] unevictable:768 dirty:374 writeback:0 [ 251.592654][ T8181] slab_reclaimable:11082 slab_unreclaimable:96190 [ 251.592654][ T8181] mapped:14128 shmem:1248 pagetables:771 [ 251.592654][ T8181] sec_pagetables:0 bounce:0 [ 251.592654][ T8181] kernel_misc_reclaimable:0 [ 251.592654][ T8181] free:1404652 free_pcp:541 free_cma:0 [ 251.592721][ T8181] Node 0 active_anon:19368kB inactive_anon:0kB active_file:7440kB inactive_file:154588kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56512kB dirty:1492kB writeback:0kB shmem:3456kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10204kB pagetables:3084kB sec_pagetables:0kB all_unreclaimable? no [ 251.592784][ T8181] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 251.592843][ T8181] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 251.592916][ T8181] lowmem_reserve[]: 0 2571 2571 0 0 [ 251.592975][ T8181] Node 0 DMA32 free:1653360kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:19316kB inactive_anon:0kB active_file:7440kB inactive_file:154284kB unevictable:1536kB writepending:1492kB present:3129332kB managed:2659840kB mlocked:0kB bounce:0kB free_pcp:2160kB local_pcp:1088kB free_cma:0kB [ 251.593046][ T8181] lowmem_reserve[]: 0 0 0 0 0 [ 251.593099][ T8181] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:304kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 251.593165][ T8181] lowmem_reserve[]: 0 0 0 0 0 [ 251.593217][ T8181] Node 1 Normal free:3949888kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 251.662979][ T8181] lowmem_reserve[]: 0 0 0 0 0 [ 251.663103][ T8181] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 251.663363][ T8181] Node 0 DMA32: 300*4kB (UME) 526*8kB (UME) 350*16kB (UME) 250*32kB (UME) 139*64kB (ME) 76*128kB (UM) 49*256kB (UME) 41*512kB (UME) 21*1024kB (UM) 6*2048kB (ME) 378*4096kB (UM) = 1653248kB [ 251.663610][ T8181] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 251.663759][ T8181] Node 1 Normal: 4*4kB (U) 6*8kB (U) 10*16kB (U) 5*32kB (U) 5*64kB (UM) 3*128kB (U) 3*256kB (UM) 3*512kB (UM) 0*1024kB 1*2048kB (U) 963*4096kB (M) = 3949888kB [ 251.663998][ T8181] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 251.664021][ T8181] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 251.672263][ T8181] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 251.672294][ T8181] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 251.672316][ T8181] 41793 total pagecache pages [ 251.672329][ T8181] 0 pages in swap cache [ 251.672339][ T8181] Free swap = 124460kB [ 251.672359][ T8181] Total swap = 124996kB [ 251.672372][ T8181] 2097051 pages RAM [ 251.672382][ T8181] 0 pages HighMem/MovableOnly [ 251.672393][ T8181] 400881 pages reserved [ 251.672404][ T8181] 0 pages cma reserved [ 251.680131][ T8182] loop1: detected capacity change from 0 to 1024 [ 251.825314][ T8185] syz.3.897[8185] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.825481][ T8185] syz.3.897[8185] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 252.224278][ T8193] netlink: 1 bytes leftover after parsing attributes in process `syz.1.901'. [ 252.421832][ T8189] loop3: detected capacity change from 0 to 8192 [ 252.790388][ T8211] syz.3.909[8211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 252.790564][ T8211] syz.3.909[8211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 253.217293][ T8221] loop0: detected capacity change from 0 to 256 [ 253.279011][ T8221] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 253.332338][ T29] audit: type=1326 audit(2000000012.567:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.1.911" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5ee175b99 code=0x0 [ 253.615595][ T8197] tty tty25: ldisc open failed (-12), clearing slot 24 [ 253.989028][ T8238] loop1: detected capacity change from 0 to 16 [ 254.003525][ T8236] loop0: detected capacity change from 0 to 764 [ 254.025669][ T8238] erofs: (device loop1): mounted with root inode @ nid 36. [ 254.043268][ T8236] rock: directory entry would overflow storage [ 254.050117][ T8236] rock: sig=0x4654, size=5, remaining=4 [ 254.070298][ T8240] syz.2.922[8240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 254.070482][ T8240] syz.2.922[8240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 254.075838][ T8238] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 254.175605][ T8238] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 254.224584][ T8238] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 254.251983][ T8245] loop3: detected capacity change from 0 to 2048 [ 254.283928][ T8243] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 254.449794][ T8253] kcapi: manufacturer command 12 unknown. [ 254.457666][ T8245] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 255.574731][ T5528] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.663949][ T5092] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 255.685519][ T8262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.928'. [ 255.759343][ T8266] loop3: detected capacity change from 0 to 256 [ 255.821237][ T8266] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 255.855328][ T5092] usb 3-1: Using ep0 maxpacket: 32 [ 255.865087][ T5092] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 255.865126][ T5092] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.868580][ T5092] usb 3-1: config 0 descriptor?? [ 255.876993][ T5092] gspca_main: sq930x-2.14.0 probing 041e:403c [ 256.145343][ T8253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.145710][ T8253] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.222094][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.222231][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.339118][ T29] audit: type=1800 audit(2000000015.535:57): pid=8282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.937" name="bus" dev="sda1" ino=1985 res=0 errno=0 [ 256.377230][ T8283] loop3: detected capacity change from 0 to 16 [ 256.409407][ T5092] gspca_sq930x: reg_r 001f failed -110 [ 256.409504][ T5092] sq930x 3-1:0.0: probe with driver sq930x failed with error -110 [ 256.427292][ T8282] loop4: detected capacity change from 0 to 2048 [ 256.440350][ T8283] erofs: (device loop3): mounted with root inode @ nid 36. [ 256.442774][ T5092] usb 3-1: USB disconnect, device number 8 [ 256.519671][ T8283] erofs: (device loop3): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 256.539505][ T8282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.550447][ T8283] erofs: (device loop3): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 256.573369][ T8283] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 256.583710][ T8286] erofs: (device loop3): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 256.703037][ T8282] EXT4-fs error (device loop4): ext4_ext_precache:627: inode #2: comm syz.4.937: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 256.858044][ T8291] loop3: detected capacity change from 0 to 764 [ 256.886650][ T8291] rock: directory entry would overflow storage [ 256.903457][ T8291] rock: sig=0x4654, size=5, remaining=4 [ 257.093142][ T8279] loop1: detected capacity change from 0 to 32768 [ 257.134267][ T8279] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.935 (8279) [ 257.256740][ T8279] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 257.275960][ T8250] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 257.301934][ T8279] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 257.311682][ T5092] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 258.131947][ T8279] BTRFS info (device loop1): using free-space-tree [ 258.301502][ T5092] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 258.343530][ T5092] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 258.381449][ T5092] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 258.391623][ T5092] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.401288][ T5092] usb 5-1: Product: syz [ 258.413640][ T5092] usb 5-1: Manufacturer: syz [ 258.418606][ T5092] usb 5-1: SerialNumber: syz [ 258.506646][ T8318] netlink: 'syz.3.942': attribute type 1 has an invalid length. [ 258.532961][ T8318] netlink: 'syz.3.942': attribute type 2 has an invalid length. [ 258.645846][ T8322] netlink: 56 bytes leftover after parsing attributes in process `syz.2.943'. [ 258.692269][ T5092] cdc_ncm 5-1:1.0: bind() failure [ 258.755300][ T5092] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 258.806702][ T5092] cdc_ncm 5-1:1.1: bind() failure [ 258.861023][ T5092] usb 5-1: USB disconnect, device number 6 [ 258.883184][ T8328] loop3: detected capacity change from 0 to 256 [ 259.008912][ T7469] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 259.021578][ T8328] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 259.501590][ T8341] loop2: detected capacity change from 0 to 16 [ 259.792096][ T8341] erofs: (device loop2): mounted with root inode @ nid 36. [ 259.795145][ T5492] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.329323][ T8349] loop1: detected capacity change from 0 to 16 [ 260.385543][ T8349] erofs: (device loop1): mounted with root inode @ nid 36. [ 260.478585][ T8349] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 260.517963][ T8349] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 260.590929][ T8349] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 260.593310][ T8356] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 260.692784][ T8362] loop3: detected capacity change from 0 to 256 [ 260.738239][ T8362] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 262.365034][ T8392] loop1: detected capacity change from 0 to 2048 [ 262.573291][ T29] audit: type=1326 audit(2000000021.542:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 262.656238][ T8392] NILFS (loop1): invalid segment: Sequence number mismatch [ 262.664430][ T8392] NILFS (loop1): trying rollback from an earlier position [ 262.722671][ T29] audit: type=1326 audit(2000000021.542:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 262.745745][ T8392] NILFS (loop1): recovery complete [ 262.986657][ T8397] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 263.249172][ T29] audit: type=1326 audit(2000000021.542:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm="syz.0.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 263.909759][ T29] audit: type=1326 audit(2000000021.542:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 264.062576][ T29] audit: type=1326 audit(2000000021.542:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 264.177666][ T29] audit: type=1326 audit(2000000021.542:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 264.241788][ T29] audit: type=1326 audit(2000000021.542:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 264.280580][ T29] audit: type=1326 audit(2000000021.542:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9f975b99 code=0x7ffc0000 [ 264.342607][ T29] audit: type=1326 audit(2000000021.552:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf9f9745d0 code=0x7ffc0000 [ 264.395913][ T29] audit: type=1326 audit(2000000021.552:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8390 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf9f9745d0 code=0x7ffc0000 [ 264.501239][ T8381] loop3: detected capacity change from 0 to 32768 [ 264.526295][ T8381] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.969 (8381) [ 264.564330][ T8411] loop4: detected capacity change from 0 to 256 [ 264.790731][ T8411] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 265.227348][ T8415] sctp: [Deprecated]: syz.1.977 (pid 8415) Use of int in max_burst socket option. [ 265.227348][ T8415] Use struct sctp_assoc_value instead [ 265.531917][ T8381] BTRFS error (device loop3): open_ctree failed [ 265.578712][ T8422] loop0: detected capacity change from 0 to 1764 [ 265.592196][ T8422] iso9660: Unknown parameter '18446744073709551615' [ 267.680531][ T8463] loop4: detected capacity change from 0 to 256 [ 268.016514][ T8463] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 268.053828][ T8463] FAT-fs (loop4): Filesystem has been set read-only [ 270.630618][ T29] kauditd_printk_skb: 57 callbacks suppressed [ 270.630639][ T29] audit: type=1326 audit(2000000029.741:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8517 comm="syz.3.1020" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f896e175b99 code=0x0 [ 270.763552][ T8526] befs: Unrecognized mount option "" or missing value [ 270.772610][ T8526] befs: (nullb0): cannot parse mount options [ 270.815981][ T8527] sctp: [Deprecated]: syz.2.1022 (pid 8527) Use of int in max_burst socket option. [ 270.815981][ T8527] Use struct sctp_assoc_value instead [ 271.172372][ T8537] loop4: detected capacity change from 0 to 764 [ 271.374565][ T8537] rock: directory entry would overflow storage [ 271.382247][ T8537] rock: sig=0x4654, size=5, remaining=4 [ 273.951470][ T8562] loop2: detected capacity change from 0 to 256 [ 274.018431][ T8562] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 274.042388][ T8562] FAT-fs (loop2): Filesystem has been set read-only [ 274.291842][ T8572] sctp: [Deprecated]: syz.0.1037 (pid 8572) Use of int in max_burst socket option. [ 274.291842][ T8572] Use struct sctp_assoc_value instead [ 274.366124][ T8575] 9p: Unknown uid 00000000004294967295 [ 274.726424][ T8586] loop0: detected capacity change from 0 to 1024 [ 274.747015][ T8586] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 274.753361][ T8587] program syz.3.1045 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 274.776998][ T8586] hfsplus: xattr searching failed [ 276.474305][ T8605] 9p: Unknown uid 00000000004294967295 [ 276.949860][ T8617] loop3: detected capacity change from 0 to 16 [ 276.975068][ T8617] erofs: (device loop3): mounted with root inode @ nid 36. [ 277.189425][ T5139] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 277.390664][ T5139] usb 1-1: Using ep0 maxpacket: 32 [ 277.407835][ T8595] loop2: detected capacity change from 0 to 131072 [ 277.412182][ T5139] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 277.450810][ T8595] F2FS-fs (loop2): invalid crc value [ 277.453469][ T5139] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 277.515000][ T8595] F2FS-fs (loop2): Found nat_bits in checkpoint [ 277.537777][ T5139] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.569803][ T5139] hub 1-1:4.0: bad descriptor, ignoring hub [ 277.596606][ T5139] hub 1-1:4.0: probe with driver hub failed with error -5 [ 277.604596][ T8595] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 277.643499][ T5139] usbhid 1-1:4.0: couldn't find an input interrupt endpoint [ 277.770852][ T8632] fuse: Unknown parameter '0xffffffffffffffff00000000000000000000' [ 278.034923][ T5139] usb 1-1: USB disconnect, device number 5 [ 278.839693][ T8661] overlayfs: missing 'lowerdir' [ 278.901160][ T8662] overlayfs: missing 'lowerdir' [ 279.740704][ T8653] loop4: detected capacity change from 0 to 8192 [ 279.776146][ T8653] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 279.791836][ T8653] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 279.801511][ T8653] REISERFS (device loop4): using ordered data mode [ 279.808492][ T8653] reiserfs: using flush barriers [ 279.817178][ T8653] REISERFS warning (device loop4): sh-458 journal_init_dev: cannot init journal device unknown-block(7,4): -16 [ 279.829166][ T8653] REISERFS warning (device loop4): sh-462 journal_init: unable to initialize journal device [ 279.841121][ T8653] REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 280.353271][ T8684] loop4: detected capacity change from 0 to 4096 [ 280.699465][ T8692] loop0: detected capacity change from 0 to 64 [ 280.756371][ T8692] hfs: inconsistency in B*Tree (2,1,255,1,0) [ 280.763114][ T8692] hfs: get root inode failed [ 282.233399][ T8710] loop0: detected capacity change from 0 to 8192 [ 282.269872][ T8710] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 282.295879][ T8710] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 282.356821][ T8710] REISERFS (device loop0): using ordered data mode [ 282.429084][ T8703] loop4: detected capacity change from 0 to 32768 [ 282.450714][ T8710] reiserfs: using flush barriers [ 282.462013][ T8710] REISERFS warning (device loop0): sh-458 journal_init_dev: cannot init journal device unknown-block(7,0): -16 [ 282.474445][ T8710] REISERFS warning (device loop0): sh-462 journal_init: unable to initialize journal device [ 282.485240][ T8703] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section members_v1: device 0: too many buckets (got 6735162007305869200, max 2147483583) [ 282.485240][ T8703] members_v1 (size 152): [ 282.485240][ T8703] Device: 0 [ 282.485240][ T8703] Label: (bad disk labels section) [ 282.485240][ T8703] UUID: 88000000-0000-0000-9b24-efed6a7049cb [ 282.485240][ T8703] Size: 0 [ 282.485240][ T8703] read errors: 0 [ 282.485240][ T8703] write errors: 0 [ 282.485240][ T8703] checksum errors: 0 [ 282.485240][ T8703] seqread iops: 1611530240 [ 282.485240][ T8703] seqwrite iops: 0 [ 282.485240][ T8703] randread iops: 0 [ 282.485240][ T8703] randwrite iops: 0 [ 282.485240][ T8703] Bucket size: 0 [ 282.485240][ T8703] First bucket: 128 [ 282.485240][ T8703] Buckets: 6735162007305869200 [ 282.485240][ T8703] Last mount: 34376515584 [ 282.485240][ T8703] Last superblock write: 0 [ 282.485240][ T8703] State: unknown [ 282.485240][ T8703] Data allowed: free,sb,journal [ 282.485240][ T8703] Has data: journal,btree,user [ 282.485240][ T8703] Btree allocated bitmap blocksize:1 [ 282.485240][ T8703] Btree allocated bitmap: 00000000 [ 282.487944][ T8710] REISERFS warning (device loop0): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 282.922270][ T8722] loop1: detected capacity change from 0 to 4096 [ 282.992161][ T8726] loop3: detected capacity change from 0 to 512 [ 283.072801][ T8726] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 283.120964][ T8726] ext4 filesystem being mounted at /root/syzkaller.vYdi9T/196/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 283.227711][ T5528] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.415008][ T8756] loop4: detected capacity change from 0 to 256 [ 284.563526][ T8756] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 284.655662][ T29] audit: type=1800 audit(2000000043.697:126): pid=8766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1113" name="file0" dev="sda1" ino=1986 res=0 errno=0 [ 284.891843][ T8756] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1110'. [ 284.948530][ T8767] loop1: detected capacity change from 0 to 4096 [ 285.004167][ T8769] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1110'. [ 285.142156][ T8774] loop2: detected capacity change from 0 to 512 [ 285.248753][ T8774] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.301343][ T8774] ext4 filesystem being mounted at /root/syzkaller.hWRwmO/114/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.472464][ T6597] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.520024][ T8771] loop0: detected capacity change from 0 to 32768 [ 285.551160][ T8771] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section members_v1: device 0: too many buckets (got 6735162007305869200, max 2147483583) [ 285.551160][ T8771] members_v1 (size 152): [ 285.551160][ T8771] Device: 0 [ 285.551160][ T8771] Label: (bad disk labels section) [ 285.551160][ T8771] UUID: 88000000-0000-0000-9b24-efed6a7049cb [ 285.551160][ T8771] Size: 0 [ 285.551160][ T8771] read errors: 0 [ 285.551160][ T8771] write errors: 0 [ 285.551160][ T8771] checksum errors: 0 [ 285.551160][ T8771] seqread iops: 1611530240 [ 285.551160][ T8771] seqwrite iops: 0 [ 285.551160][ T8771] randread iops: 0 [ 285.551160][ T8771] randwrite iops: 0 [ 285.551160][ T8771] Bucket size: 0 [ 285.551160][ T8771] First bucket: 128 [ 285.551160][ T8771] Buckets: 6735162007305869200 [ 285.551160][ T8771] Last mount: 34376515584 [ 285.551160][ T8771] Last superblock write: 0 [ 285.551160][ T8771] State: unknown [ 285.551160][ T8771] Data allowed: free,sb,journal [ 285.551160][ T8771] Has data: journal,btree,user [ 285.551160][ T8771] Btree allocated bitmap blocksize:1 [ 285.551160][ T8771] Btree allocated bitmap: 00000000 [ 286.907031][ T29] audit: type=1800 audit(2000000045.926:127): pid=8800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1128" name="file0" dev="sda1" ino=1980 res=0 errno=0 [ 287.476289][ T8819] loop2: detected capacity change from 0 to 4096 [ 288.102174][ T8835] PM: Enabling pm_trace changes system date and time during resume. [ 288.102174][ T8835] PM: Correct system time has to be restored manually after resume. [ 289.142892][ T8850] loop4: detected capacity change from 0 to 1024 [ 289.205082][ T8850] EXT4-fs: Ignoring removed orlov option [ 289.221219][ T8850] EXT4-fs: Ignoring removed nomblk_io_submit option [ 289.298333][ T8850] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 289.317943][ T8850] System zones: 0-1, 3-36 [ 289.359054][ T8850] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.542688][ T8858] loop1: detected capacity change from 0 to 4096 [ 289.608300][ T8866] loop2: detected capacity change from 0 to 128 [ 289.685328][ T8866] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 289.695348][ T5492] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.755962][ T8866] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 289.807049][ T8830] loop3: detected capacity change from 0 to 32768 [ 289.861682][ T8830] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 289.905563][ T8830] XFS (loop3): Ending clean mount [ 289.923263][ T8830] XFS (loop3): Quotacheck needed: Please wait. [ 290.004590][ T8830] XFS (loop3): Quotacheck: Done. [ 290.023067][ T5147] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 290.211654][ T5147] usb 1-1: Using ep0 maxpacket: 32 [ 290.220986][ T5147] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 290.249158][ T5147] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 290.269151][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.315199][ T5147] hub 1-1:4.0: bad descriptor, ignoring hub [ 290.328066][ T5147] hub 1-1:4.0: probe with driver hub failed with error -5 [ 290.349728][ T5147] usbhid 1-1:4.0: couldn't find an input interrupt endpoint [ 290.356410][ T5528] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 290.927600][ T8906] loop3: detected capacity change from 0 to 256 [ 291.120820][ T5528] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 291.146204][ T5141] usb 1-1: USB disconnect, device number 6 [ 291.150228][ T5528] FAT-fs (loop3): Filesystem has been set read-only [ 291.163532][ T5528] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 291.479869][ T29] audit: type=1326 audit(2000000050.496:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.529668][ T29] audit: type=1326 audit(2000000050.496:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.592174][ T29] audit: type=1326 audit(2000000050.496:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.620282][ T29] audit: type=1326 audit(2000000050.496:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.655085][ T8918] block nbd1: shutting down sockets [ 291.740828][ T29] audit: type=1326 audit(2000000050.496:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.813726][ T29] audit: type=1326 audit(2000000050.496:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.854445][ T29] audit: type=1326 audit(2000000050.496:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.876684][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.893297][ T29] audit: type=1326 audit(2000000050.516:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.920720][ T29] audit: type=1326 audit(2000000050.516:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 291.931726][ T5426] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.943148][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.961240][ T29] audit: type=1326 audit(2000000050.516:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8917 comm="syz.1.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ee175b99 code=0x7ffc0000 [ 292.100351][ T8910] loop4: detected capacity change from 0 to 32768 [ 292.175240][ T8910] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 292.186297][ T5426] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.289573][ T8910] XFS (loop4): Ending clean mount [ 292.324847][ T8910] XFS (loop4): Quotacheck needed: Please wait. [ 292.409851][ T5426] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.413445][ T8910] XFS (loop4): Quotacheck: Done. [ 292.604800][ T5426] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.609205][ T8943] loop1: detected capacity change from 0 to 256 [ 292.666713][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 292.681534][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 292.701560][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 292.711862][ T5492] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 292.731642][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 292.765502][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 292.777574][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 292.790932][ T7469] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 292.800440][ T7469] FAT-fs (loop1): Filesystem has been set read-only [ 292.809749][ T7469] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 293.210257][ T5105] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 293.279242][ T5426] bridge_slave_0: left allmulticast mode [ 293.285324][ T5426] bridge_slave_0: left promiscuous mode [ 293.291171][ T5426] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.530094][ T5105] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 293.833817][ T8966] loop0: detected capacity change from 0 to 512 [ 293.924963][ T8966] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.952860][ T8966] ext4 filesystem being mounted at /root/syzkaller.bopmPx/306/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 294.044681][ T8973] loop4: detected capacity change from 0 to 256 [ 294.154927][ T5088] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.220934][ T5492] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 294.232884][ T5492] FAT-fs (loop4): Filesystem has been set read-only [ 294.258989][ T5426] dvmrp0 (unregistering): left allmulticast mode [ 294.274068][ T5492] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 294.404516][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 294.433713][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 294.443776][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 294.457099][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 294.465854][ T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 294.476035][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 294.692264][ T8988] loop0: detected capacity change from 0 to 1024 [ 294.725962][ T8988] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.779162][ T5426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 294.793708][ T5426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 294.806744][ T5426] bond0 (unregistering): Released all slaves [ 294.825072][ T8988] loop0: detected capacity change from 1024 to 1023 [ 294.833176][ T5105] Bluetooth: hci3: command tx timeout [ 294.894014][ T8978] netlink: 'syz.2.1195': attribute type 7 has an invalid length. [ 294.910547][ T5088] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.bopmPx/310/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 294.914422][ T8978] netlink: 'syz.2.1195': attribute type 8 has an invalid length. [ 294.962931][ T8978] netlink: 'syz.2.1195': attribute type 13 has an invalid length. [ 295.008356][ T5088] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.514593][ T8994] loop2: detected capacity change from 0 to 32768 [ 295.644471][ T8994] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nocow [ 295.657577][ T8994] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 295.666475][ T8994] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 295.666475][ T8994] running recovery passes: check_allocations [ 295.750315][ T5426] hsr_slave_0: left promiscuous mode [ 295.755593][ T8994] bcachefs (loop2): accounting_read... done [ 295.762433][ T8994] bcachefs (loop2): alloc_read... done [ 295.768137][ T8994] bcachefs (loop2): stripes_read... done [ 295.773909][ T8994] bcachefs (loop2): snapshots_read... done [ 295.781255][ T8994] bcachefs (loop2): check_allocations... [ 295.793424][ T8994] btree ptr not marked in member info btree allocated bitmap [ 295.793511][ T8994] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 295.825160][ T8994] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 10 [ 295.833947][ T5426] hsr_slave_1: left promiscuous mode [ 295.835828][ T8994] bcachefs (loop2): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 295.850893][ T8994] bcachefs (loop2): bch2_gc_btree(): error fsck_errors_not_fixed [ 295.859192][ T8994] bcachefs (loop2): bch2_gc_btrees(): error fsck_errors_not_fixed [ 295.870473][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.872143][ T8994] bcachefs (loop2): bch2_check_allocations(): error fsck_errors_not_fixed [ 295.886945][ T8994] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed [ 295.895061][ T8994] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 295.902385][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 295.904530][ T8994] bcachefs (loop2): shutting down [ 295.940636][ T8994] bcachefs (loop2): shutdown complete [ 295.941955][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 295.981198][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.087708][ T5426] veth1_macvtap: left promiscuous mode [ 296.117276][ T5426] veth0_macvtap: left promiscuous mode [ 296.145371][ T5426] veth1_vlan: left promiscuous mode [ 296.166869][ T5426] veth0_vlan: left promiscuous mode [ 296.528337][ T5105] Bluetooth: hci1: command tx timeout [ 297.019488][ T5105] Bluetooth: hci3: command tx timeout [ 297.244878][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 297.258284][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 297.270453][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 297.291616][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 297.299670][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 297.307905][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 297.433567][ T5105] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 297.448726][ T5105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 297.460927][ T5105] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 297.489449][ T5105] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 297.504388][ T5105] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 297.512175][ T5105] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 297.844838][ T5426] team0 (unregistering): Port device team_slave_1 removed [ 297.901164][ T5426] team0 (unregistering): Port device team_slave_0 removed [ 298.615886][ T55] Bluetooth: hci1: command tx timeout [ 298.935673][ T8946] chnl_net:caif_netlink_parms(): no params data found [ 299.087319][ T55] Bluetooth: hci3: command tx timeout [ 299.169126][ T8979] chnl_net:caif_netlink_parms(): no params data found [ 299.359101][ T8946] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.366313][ T8946] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.382065][ T8946] bridge_slave_0: entered allmulticast mode [ 299.397218][ T8946] bridge_slave_0: entered promiscuous mode [ 299.408712][ T55] Bluetooth: hci0: command tx timeout [ 299.467693][ T8946] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.481511][ T8946] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.494813][ T8946] bridge_slave_1: entered allmulticast mode [ 299.502776][ T8946] bridge_slave_1: entered promiscuous mode [ 299.569556][ T55] Bluetooth: hci4: command tx timeout [ 299.612883][ T8979] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.628927][ T8979] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.639664][ T8979] bridge_slave_0: entered allmulticast mode [ 299.647772][ T8979] bridge_slave_0: entered promiscuous mode [ 299.659196][ T8979] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.666887][ T8979] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.674698][ T8979] bridge_slave_1: entered allmulticast mode [ 299.682661][ T8979] bridge_slave_1: entered promiscuous mode [ 299.817071][ T5426] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.950372][ T5426] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.978982][ T9039] loop2: detected capacity change from 0 to 32768 [ 300.080468][ T9039] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nocow [ 300.094089][ T9039] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 300.102371][ T9039] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 300.102371][ T9039] running recovery passes: check_allocations [ 300.133597][ T8946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.151757][ T9039] bcachefs (loop2): accounting_read... done [ 300.158460][ T9039] bcachefs (loop2): alloc_read... done [ 300.164152][ T9039] bcachefs (loop2): stripes_read... done [ 300.169886][ T9039] bcachefs (loop2): snapshots_read... done [ 300.176107][ T9039] bcachefs (loop2): check_allocations... [ 300.182317][ T9039] btree ptr not marked in member info btree allocated bitmap [ 300.182344][ T9039] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 300.211738][ T9039] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 10 [ 300.223701][ T9039] bcachefs (loop2): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 300.232043][ T9039] bcachefs (loop2): bch2_gc_btree(): error fsck_errors_not_fixed [ 300.243532][ T9039] bcachefs (loop2): bch2_gc_btrees(): error fsck_errors_not_fixed [ 300.252349][ T9039] bcachefs (loop2): bch2_check_allocations(): error fsck_errors_not_fixed [ 300.261026][ T9039] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed [ 300.263074][ T8979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.269829][ T9039] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 300.287708][ T9039] bcachefs (loop2): shutting down [ 300.325648][ T9039] bcachefs (loop2): shutdown complete [ 300.381127][ T5426] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.430346][ T8946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 300.482333][ T8979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 300.620040][ T5426] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.701191][ T55] Bluetooth: hci1: command tx timeout [ 300.772309][ T8946] team0: Port device team_slave_0 added [ 300.905938][ T8946] team0: Port device team_slave_1 added [ 300.991991][ T8979] team0: Port device team_slave_0 added [ 301.016553][ T8979] team0: Port device team_slave_1 added [ 301.041638][ T9008] chnl_net:caif_netlink_parms(): no params data found [ 301.387884][ T55] Bluetooth: hci3: command tx timeout [ 301.506477][ T55] Bluetooth: hci0: command tx timeout [ 301.668571][ T55] Bluetooth: hci4: command tx timeout [ 301.744278][ T9012] chnl_net:caif_netlink_parms(): no params data found [ 301.767977][ T8946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.774988][ T8946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.813002][ T8946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.842991][ T8979] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.858690][ T8979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.909802][ T8979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.933101][ T8979] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.946183][ T8979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.972974][ T8979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.035114][ T8946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.053092][ T8946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.096504][ T8946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.495239][ T9012] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.517341][ T9012] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.529200][ T9012] bridge_slave_0: entered allmulticast mode [ 302.545657][ T9012] bridge_slave_0: entered promiscuous mode [ 302.660123][ T8979] hsr_slave_0: entered promiscuous mode [ 302.677674][ T8979] hsr_slave_1: entered promiscuous mode [ 302.688692][ T8979] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 302.704101][ T8979] Cannot create hsr debugfs directory [ 302.712808][ T9012] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.727581][ T9012] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.739989][ T9012] bridge_slave_1: entered allmulticast mode [ 302.754320][ T9012] bridge_slave_1: entered promiscuous mode [ 302.800316][ T9008] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.817729][ T9008] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.825375][ T55] Bluetooth: hci1: command tx timeout [ 302.836799][ T9008] bridge_slave_0: entered allmulticast mode [ 302.850221][ T9008] bridge_slave_0: entered promiscuous mode [ 302.870120][ T9008] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.881833][ T9008] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.889741][ T9008] bridge_slave_1: entered allmulticast mode [ 302.906653][ T9008] bridge_slave_1: entered promiscuous mode [ 302.990511][ T5426] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.047697][ T8946] hsr_slave_0: entered promiscuous mode [ 303.072057][ T8946] hsr_slave_1: entered promiscuous mode [ 303.088359][ T8946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 303.098518][ T8946] Cannot create hsr debugfs directory [ 303.266462][ T5426] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.270361][ T9061] loop2: detected capacity change from 0 to 131072 [ 303.291976][ T9061] F2FS-fs (loop2): invalid crc value [ 303.322246][ T9061] F2FS-fs (loop2): Found nat_bits in checkpoint [ 303.378293][ T9012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.381902][ T9061] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 303.411025][ T9012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.438543][ T9008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.461871][ T9008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.548517][ T9008] team0: Port device team_slave_0 added [ 303.582145][ T9008] team0: Port device team_slave_1 added [ 303.589900][ T55] Bluetooth: hci0: command tx timeout [ 303.697106][ T5426] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.744318][ T55] Bluetooth: hci4: command tx timeout [ 303.797496][ T9008] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 303.807098][ T9008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.835229][ T9008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 303.909772][ T5426] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.936321][ T9012] team0: Port device team_slave_0 added [ 303.943620][ T9008] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 303.954046][ T9008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.986393][ T9008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 304.037331][ T9012] team0: Port device team_slave_1 added [ 304.268697][ T9012] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.275715][ T9012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.316159][ T9012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.354651][ T9008] hsr_slave_0: entered promiscuous mode [ 304.367806][ T9008] hsr_slave_1: entered promiscuous mode [ 304.384705][ T9008] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 304.412009][ T9008] Cannot create hsr debugfs directory [ 304.456959][ T9012] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.465891][ T9012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.516546][ T9012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 304.777285][ T8979] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.915911][ T9012] hsr_slave_0: entered promiscuous mode [ 304.934503][ T9012] hsr_slave_1: entered promiscuous mode [ 304.941890][ T9012] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 304.950655][ T9012] Cannot create hsr debugfs directory [ 305.002792][ T8979] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.142354][ T8979] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.246653][ T8979] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.458463][ T5426] bridge_slave_1: left allmulticast mode [ 305.481427][ T5426] bridge_slave_1: left promiscuous mode [ 305.500044][ T5426] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.521461][ T5426] bridge_slave_0: left allmulticast mode [ 305.527179][ T5426] bridge_slave_0: left promiscuous mode [ 305.541886][ T5426] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.546406][ T9077] loop2: detected capacity change from 0 to 2048 [ 305.569441][ T5426] bridge_slave_1: left allmulticast mode [ 305.575541][ T5426] bridge_slave_1: left promiscuous mode [ 305.582002][ T5426] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.595252][ T5426] bridge_slave_0: left allmulticast mode [ 305.605327][ T5426] bridge_slave_0: left promiscuous mode [ 305.609248][ T9077] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.611423][ T5426] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.640364][ T5426] bridge_slave_1: left allmulticast mode [ 305.648685][ T5426] bridge_slave_1: left promiscuous mode [ 305.652444][ T9077] EXT4-fs (loop2): Online defrag not supported with bigalloc [ 305.656001][ T5426] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.673648][ T55] Bluetooth: hci0: command tx timeout [ 305.683533][ T5426] bridge_slave_0: left allmulticast mode [ 305.689240][ T5426] bridge_slave_0: left promiscuous mode [ 305.696374][ T5426] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.700176][ T6597] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.831608][ T55] Bluetooth: hci4: command tx timeout [ 307.107729][ T9094] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 307.114535][ T9094] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 307.122954][ T9094] vhci_hcd vhci_hcd.0: Device attached [ 307.224689][ T9096] vhci_hcd: connection closed [ 307.236455][ T5852] vhci_hcd: stop threads [ 307.249838][ T5852] vhci_hcd: release socket [ 307.254423][ T5852] vhci_hcd: disconnect device [ 308.119317][ T5426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 308.137444][ T5426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 308.148701][ T5426] bond0 (unregistering): Released all slaves [ 308.324602][ T5426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 308.336014][ T5426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 308.351421][ T5426] bond0 (unregistering): Released all slaves [ 308.527860][ T5426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 308.539529][ T5426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 308.552384][ T5426] bond0 (unregistering): Released all slaves [ 308.803674][ T5426] tipc: Disabling bearer [ 308.819368][ T5426] tipc: Left network mode [ 308.857500][ T5426] tipc: Disabling bearer [ 308.863731][ T5426] tipc: Left network mode [ 309.284436][ T8946] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 309.321448][ T8946] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 309.335641][ T8946] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 309.403507][ T8946] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 309.660999][ T8979] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 309.681484][ T8979] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 309.723770][ T9102] TCP: tcp_parse_options: Illegal window scaling value 89 > 14 received [ 309.774596][ T8979] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 309.815881][ T9104] loop2: detected capacity change from 0 to 512 [ 309.843623][ T9104] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 309.857070][ T8979] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 309.891335][ T9104] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz.2.1227: iget: bad i_size value: -67835469387268086 [ 309.929423][ T9104] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.1227: couldn't read orphan inode 15 (err -117) [ 309.956388][ T9104] EXT4-fs (loop2): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.971781][ T9104] ext2 filesystem being mounted at /root/syzkaller.hWRwmO/152/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 310.961527][ T6597] EXT4-fs (loop2): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 311.014335][ T5426] hsr_slave_0: left promiscuous mode [ 311.022595][ T5426] hsr_slave_1: left promiscuous mode [ 311.029605][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 311.037611][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 311.046896][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 311.054766][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 311.086546][ T5426] hsr_slave_0: left promiscuous mode [ 311.097176][ T5426] hsr_slave_1: left promiscuous mode [ 311.108042][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 311.117928][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 311.128324][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 311.147707][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 311.169378][ T5426] hsr_slave_0: left promiscuous mode [ 311.175578][ T5426] hsr_slave_1: left promiscuous mode [ 311.183548][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 311.196378][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 311.208300][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 311.217083][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 311.312200][ T5426] veth1_macvtap: left promiscuous mode [ 311.317893][ T5426] veth0_macvtap: left promiscuous mode [ 311.324589][ T5426] veth1_vlan: left promiscuous mode [ 311.331074][ T5426] veth0_vlan: left promiscuous mode [ 311.340025][ T5426] veth1_macvtap: left promiscuous mode [ 311.346018][ T5426] veth0_macvtap: left promiscuous mode [ 311.354663][ T5426] veth1_vlan: left promiscuous mode [ 311.360279][ T5426] veth0_vlan: left promiscuous mode [ 311.377781][ T5426] veth1_macvtap: left promiscuous mode [ 311.384558][ T5426] veth0_macvtap: left promiscuous mode [ 311.390853][ T5426] veth1_vlan: left promiscuous mode [ 311.396241][ T5426] veth0_vlan: left promiscuous mode [ 312.193675][ T9123] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 312.200382][ T9123] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 312.208490][ T9123] vhci_hcd vhci_hcd.0: Device attached [ 312.306293][ T9124] vhci_hcd: cannot find the pending unlink 0 [ 312.623386][ T9124] vhci_hcd: connection closed [ 312.629260][ T5852] vhci_hcd: stop threads [ 312.657872][ T5852] vhci_hcd: release socket [ 312.668003][ T5852] vhci_hcd: disconnect device [ 313.334145][ T5426] team0 (unregistering): Port device team_slave_1 removed [ 313.394335][ T5426] team0 (unregistering): Port device team_slave_0 removed [ 314.555353][ T5426] team0 (unregistering): Port device team_slave_1 removed [ 314.613779][ T5426] team0 (unregistering): Port device team_slave_0 removed [ 315.694829][ T5426] team0 (unregistering): Port device team_slave_1 removed [ 315.760387][ T5426] team0 (unregistering): Port device team_slave_0 removed [ 316.723755][ T8979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 316.751795][ T8946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.063339][ T9127] TCP: tcp_parse_options: Illegal window scaling value 89 > 14 received [ 317.075689][ T8979] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.109508][ T8946] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.137403][ T9008] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 317.184064][ T9008] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 317.245882][ T9008] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 317.278740][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.286044][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.319629][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.326930][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.386632][ T9008] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 317.550798][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.558035][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.608435][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.615668][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.619934][ T9138] loop2: detected capacity change from 0 to 2048 [ 317.642462][ T9012] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 317.683517][ T9138] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.731241][ T9012] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 317.768776][ T9012] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 317.789438][ T9012] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 317.799039][ T9138] EXT4-fs (loop2): Online defrag not supported with bigalloc [ 317.857325][ T6597] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.952346][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.958895][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.176273][ T9146] TCP: tcp_parse_options: Illegal window scaling value 89 > 14 received [ 318.533921][ T9008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.707338][ T9012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.718404][ T9008] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.767372][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.774630][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.794129][ T8979] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.873047][ T8946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.886713][ T9012] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.894991][ T9148] loop2: detected capacity change from 0 to 32768 [ 318.903679][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.904572][ T9148] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1241 (9148) [ 318.910950][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.959535][ T9148] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 318.976579][ T9148] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 318.986071][ T9148] BTRFS info (device loop2): using free-space-tree [ 319.005843][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.013040][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.043242][ T5144] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.050509][ T5144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.115719][ T6597] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 319.437320][ T9173] loop2: detected capacity change from 0 to 4096 [ 319.483838][ T9174] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 319.541372][ T8979] veth0_vlan: entered promiscuous mode [ 319.607333][ T8979] veth1_vlan: entered promiscuous mode [ 319.676022][ T8946] veth0_vlan: entered promiscuous mode [ 319.740738][ T8946] veth1_vlan: entered promiscuous mode [ 319.907586][ T8979] veth0_macvtap: entered promiscuous mode [ 319.958907][ T8979] veth1_macvtap: entered promiscuous mode [ 319.999004][ T8946] veth0_macvtap: entered promiscuous mode [ 320.020985][ T9008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.054465][ T8946] veth1_macvtap: entered promiscuous mode [ 320.110052][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.123435][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.138356][ T8979] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.206627][ T9012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.225863][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.243526][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.262962][ T8979] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 320.271947][ T8946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.285646][ T8946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.297994][ T8946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.308752][ T8946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.323727][ T8946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.369175][ T8979] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.383877][ T8979] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.400022][ T8979] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.414733][ T8979] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.446186][ T8946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.476355][ T8946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.495500][ T8946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.512041][ T8946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.531064][ T8946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 320.582701][ T8946] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.588911][ T9182] loop2: detected capacity change from 0 to 32768 [ 320.592523][ T8946] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.608377][ T8946] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.622252][ T8946] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.639342][ T9182] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 320.694649][ T9182] XFS (loop2): Ending clean mount [ 320.790214][ T6597] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 321.029247][ T9012] veth0_vlan: entered promiscuous mode [ 321.046609][ T5852] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.065706][ T5852] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.199347][ T9012] veth1_vlan: entered promiscuous mode [ 321.209606][ T5852] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.223189][ T5852] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.231668][ T9008] veth0_vlan: entered promiscuous mode [ 321.276418][ T5852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.293543][ T5852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.346792][ T5852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.375568][ T5852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.420593][ T9008] veth1_vlan: entered promiscuous mode [ 321.602695][ T9212] TCP: tcp_parse_options: Illegal window scaling value 89 > 14 received [ 321.625991][ T9012] veth0_macvtap: entered promiscuous mode [ 321.686058][ T9012] veth1_macvtap: entered promiscuous mode [ 321.730096][ T9216] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 321.740272][ T9216] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 321.749509][ T9216] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 321.758256][ T9216] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 321.811298][ T9218] loop3: detected capacity change from 0 to 4096 [ 321.851613][ T9221] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 321.888346][ T9008] veth0_macvtap: entered promiscuous mode [ 321.925668][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.955098][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.975906][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.991140][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.009073][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.028120][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.056899][ T9012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 322.072645][ T9008] veth1_macvtap: entered promiscuous mode [ 322.195538][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.239707][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.269215][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.300556][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.327113][ T9012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.337532][ T9223] loop1: detected capacity change from 0 to 40427 [ 322.349990][ T9223] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 322.354801][ T9012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.357946][ T9223] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 322.394390][ T9012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 322.409211][ T9223] F2FS-fs (loop1): Found nat_bits in checkpoint [ 322.435387][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.460250][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.477984][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.499026][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.504517][ T9223] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 322.516194][ T9223] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 322.527169][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.538751][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.550587][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.564760][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.610599][ T9008] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 322.721136][ T9236] syz.1.1251: attempt to access beyond end of device [ 322.721136][ T9236] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 322.878181][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.896840][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.911648][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.928263][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.938268][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.954147][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.964243][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.975853][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.988503][ T8979] syz-executor: attempt to access beyond end of device [ 322.988503][ T8979] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 322.994739][ T9008] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 323.025114][ T9012] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.040614][ T8979] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 323.048692][ T9012] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.072275][ T9012] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.081143][ T9012] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.168666][ T9246] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.178341][ T9246] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.187645][ T9246] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.196787][ T9246] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.221480][ T9008] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.261091][ T9008] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.278570][ T9008] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.312510][ T9008] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.603346][ T2832] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.624568][ T2832] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 323.695893][ T2832] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.710638][ T2832] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 323.777791][ T2832] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.822253][ T2832] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 323.883008][ T9258] netlink: 494 bytes leftover after parsing attributes in process `syz.3.1265'. [ 323.888230][ T2832] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.914305][ T2832] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.345198][ T9260] loop2: detected capacity change from 0 to 40427 [ 324.363262][ T9260] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 324.371610][ T9260] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 324.430991][ T9260] F2FS-fs (loop2): Found nat_bits in checkpoint [ 324.499063][ T9260] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 324.506308][ T9260] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 326.454187][ T9283] syz.2.1266: attempt to access beyond end of device [ 326.454187][ T9283] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 326.684181][ T9287] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1274'. [ 326.738075][ T6597] syz-executor: attempt to access beyond end of device [ 326.738075][ T6597] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 326.752942][ T6597] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 326.762545][ T9298] netlink: 494 bytes leftover after parsing attributes in process `syz.4.1276'. [ 327.183837][ T9302] loop4: detected capacity change from 0 to 32768 [ 327.305641][ T9302] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nocow [ 327.318670][ T9302] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 327.326829][ T9302] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 327.326829][ T9302] running recovery passes: check_allocations [ 327.392592][ T9302] bcachefs (loop4): accounting_read... done [ 327.401303][ T9302] bcachefs (loop4): alloc_read... done [ 327.407551][ T9302] bcachefs (loop4): stripes_read... done [ 327.413882][ T9302] bcachefs (loop4): snapshots_read... done [ 327.420719][ T9302] bcachefs (loop4): check_allocations... [ 327.464905][ T9302] btree ptr not marked in member info btree allocated bitmap [ 327.464934][ T9302] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 327.493099][ T9302] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 10 [ 327.502633][ T9302] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 327.510787][ T9302] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 327.518619][ T9302] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 327.527746][ T9302] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 327.536555][ T9302] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 327.544651][ T9302] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 327.554329][ T9302] bcachefs (loop4): shutting down [ 327.586646][ T9302] bcachefs (loop4): shutdown complete [ 327.774003][ T9320] loop1: detected capacity change from 0 to 256 [ 328.913351][ T9332] loop2: detected capacity change from 0 to 512 [ 328.986046][ T9332] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 329.912214][ T9336] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 329.918896][ T9336] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 329.927290][ T9336] vhci_hcd vhci_hcd.0: Device attached [ 329.933608][ T9338] vhci_hcd: connection closed [ 329.970366][ T63] vhci_hcd: stop threads [ 330.009241][ T63] vhci_hcd: release socket [ 330.016113][ T63] vhci_hcd: disconnect device [ 330.722269][ T9345] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 0 (only 8 groups) [ 332.024718][ T9355] netlink: 494 bytes leftover after parsing attributes in process `syz.2.1289'. [ 332.214515][ T9361] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1292'. [ 332.363341][ T9370] loop2: detected capacity change from 0 to 512 [ 332.474524][ T9370] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 332.555352][ T9370] ext4 filesystem being mounted at /root/syzkaller.hWRwmO/184/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 332.854361][ T9388] loop4: detected capacity change from 0 to 512 [ 332.891160][ T9388] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 332.935546][ T9392] netlink: 512 bytes leftover after parsing attributes in process `syz.0.1305'. [ 332.940117][ T9388] EXT4-fs (loop4): 1 truncate cleaned up [ 332.955085][ T9388] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 333.117421][ T9388] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz.4.1303: corrupted in-inode xattr: overlapping e_value [ 333.220702][ T9388] EXT4-fs (loop4): Remounting filesystem read-only [ 333.251260][ T9388] EXT4-fs warning (device loop4): ext4_xattr_set_entry:1766: inode #15: comm syz.4.1303: unable to update i_inline_off [ 333.275217][ T9388] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2856: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 333.450795][ T9008] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.465203][ T6597] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.728171][ T1089] ================================================================== [ 333.736586][ T1089] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330 [ 333.744697][ T1089] Read of size 8 at addr ffff8880280850b8 by task kworker/u8:6/1089 [ 333.752706][ T1089] [ 333.755053][ T1089] CPU: 0 UID: 0 PID: 1089 Comm: kworker/u8:6 Not tainted 6.10.0-rc5-next-20240627-syzkaller #0 [ 333.765409][ T1089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 333.775496][ T1089] Workqueue: l2tp l2tp_tunnel_del_work [ 333.781187][ T1089] Call Trace: [ 333.784489][ T1089] [ 333.787443][ T1089] dump_stack_lvl+0x241/0x360 [ 333.792158][ T1089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.797401][ T1089] ? __pfx__printk+0x10/0x10 [ 333.802038][ T1089] ? _printk+0xd5/0x120 [ 333.806235][ T1089] ? __virt_addr_valid+0x183/0x530 [ 333.811391][ T1089] ? __virt_addr_valid+0x183/0x530 [ 333.816545][ T1089] print_report+0x169/0x550 [ 333.821082][ T1089] ? __virt_addr_valid+0x183/0x530 [ 333.826237][ T1089] ? __virt_addr_valid+0x183/0x530 [ 333.831388][ T1089] ? __virt_addr_valid+0x45f/0x530 [ 333.836543][ T1089] ? __phys_addr+0xba/0x170 [ 333.841089][ T1089] ? l2tp_tunnel_del_work+0xe5/0x330 [ 333.846409][ T1089] kasan_report+0x143/0x180 [ 333.850961][ T1089] ? l2tp_tunnel_del_work+0xe5/0x330 [ 333.856277][ T1089] l2tp_tunnel_del_work+0xe5/0x330 [ 333.861437][ T1089] ? process_scheduled_works+0x945/0x1830 [ 333.867165][ T1089] process_scheduled_works+0xa2c/0x1830 [ 333.872738][ T1089] ? __pfx_process_scheduled_works+0x10/0x10 [ 333.878732][ T1089] ? assign_work+0x364/0x3d0 [ 333.883355][ T1089] worker_thread+0x86d/0xd40 [ 333.887979][ T1089] ? __kthread_parkme+0x169/0x1d0 [ 333.893028][ T1089] ? __pfx_worker_thread+0x10/0x10 [ 333.898149][ T1089] kthread+0x2f0/0x390 [ 333.902230][ T1089] ? __pfx_worker_thread+0x10/0x10 [ 333.907433][ T1089] ? __pfx_kthread+0x10/0x10 [ 333.912035][ T1089] ret_from_fork+0x4b/0x80 [ 333.916466][ T1089] ? __pfx_kthread+0x10/0x10 [ 333.921068][ T1089] ret_from_fork_asm+0x1a/0x30 [ 333.925855][ T1089] [ 333.928877][ T1089] [ 333.931200][ T1089] Allocated by task 9409: [ 333.935540][ T1089] kasan_save_track+0x3f/0x80 [ 333.940220][ T1089] __kasan_kmalloc+0x98/0xb0 [ 333.944902][ T1089] __kmalloc_noprof+0x1f9/0x400 [ 333.949774][ T1089] l2tp_session_create+0x3b/0xc20 [ 333.954801][ T1089] pppol2tp_connect+0xca3/0x17a0 [ 333.959746][ T1089] __sys_connect+0x2df/0x310 [ 333.964342][ T1089] __x64_sys_connect+0x7a/0x90 [ 333.969115][ T1089] do_syscall_64+0xf3/0x230 [ 333.973624][ T1089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.979613][ T1089] [ 333.981940][ T1089] Freed by task 1089: [ 333.986003][ T1089] kasan_save_track+0x3f/0x80 [ 333.990692][ T1089] kasan_save_free_info+0x40/0x50 [ 333.995730][ T1089] poison_slab_object+0xe0/0x150 [ 334.000674][ T1089] __kasan_slab_free+0x37/0x60 [ 334.005441][ T1089] kfree+0x149/0x360 [ 334.009346][ T1089] __sk_destruct+0x58/0x5f0 [ 334.013884][ T1089] rcu_core+0xaaa/0x17a0 [ 334.018139][ T1089] handle_softirqs+0x2c4/0x970 [ 334.022909][ T1089] __irq_exit_rcu+0xf4/0x1c0 [ 334.027517][ T1089] irq_exit_rcu+0x9/0x30 [ 334.031764][ T1089] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 334.037405][ T1089] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 334.043420][ T1089] [ 334.045746][ T1089] Last potentially related work creation: [ 334.051457][ T1089] kasan_save_stack+0x3f/0x60 [ 334.056140][ T1089] __kasan_record_aux_stack+0xac/0xc0 [ 334.061695][ T1089] call_rcu+0x167/0xa70 [ 334.065883][ T1089] pppol2tp_release+0x24b/0x350 [ 334.070746][ T1089] sock_close+0xbc/0x240 [ 334.074993][ T1089] __fput+0x24a/0x8a0 [ 334.078982][ T1089] task_work_run+0x24f/0x310 [ 334.083695][ T1089] syscall_exit_to_user_mode+0x168/0x370 [ 334.089346][ T1089] do_syscall_64+0x100/0x230 [ 334.093953][ T1089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.099858][ T1089] [ 334.102183][ T1089] The buggy address belongs to the object at ffff888028085000 [ 334.102183][ T1089] which belongs to the cache kmalloc-1k of size 1024 [ 334.116362][ T1089] The buggy address is located 184 bytes inside of [ 334.116362][ T1089] freed 1024-byte region [ffff888028085000, ffff888028085400) [ 334.130254][ T1089] [ 334.132591][ T1089] The buggy address belongs to the physical page: [ 334.139126][ T1089] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28080 [ 334.147903][ T1089] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 334.156414][ T1089] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 334.164333][ T1089] page_type: 0xfdffffff(slab) [ 334.169366][ T1089] raw: 00fff00000000040 ffff888015041dc0 ffffea0001e49800 dead000000000003 [ 334.178014][ T1089] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 334.186735][ T1089] head: 00fff00000000040 ffff888015041dc0 ffffea0001e49800 dead000000000003 [ 334.195424][ T1089] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 334.204114][ T1089] head: 00fff00000000003 ffffea0000a02001 ffffffffffffffff 0000000000000000 [ 334.212817][ T1089] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 334.221575][ T1089] page dumped because: kasan: bad access detected [ 334.227999][ T1089] page_owner tracks the page as allocated [ 334.233714][ T1089] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5089, tgid 5089 (syz-executor), ts 75312982971, free_ts 75309228312 [ 334.253007][ T1089] post_alloc_hook+0x1f3/0x230 [ 334.257789][ T1089] get_page_from_freelist+0x2ccb/0x2d80 [ 334.263349][ T1089] __alloc_pages_noprof+0x256/0x6c0 [ 334.268559][ T1089] alloc_slab_page+0x5f/0x120 [ 334.273242][ T1089] allocate_slab+0x5a/0x2f0 [ 334.277750][ T1089] ___slab_alloc+0xcd1/0x14b0 [ 334.282432][ T1089] __slab_alloc+0x58/0xa0 [ 334.286785][ T1089] __kmalloc_cache_noprof+0x1d5/0x2c0 [ 334.292172][ T1089] batadv_hard_if_event+0xe71/0x1620 [ 334.297490][ T1089] notifier_call_chain+0x19f/0x3e0 [ 334.302649][ T1089] register_netdevice+0x1570/0x19e0 [ 334.307885][ T1089] geneve_configure+0x6dd/0xa60 [ 334.312771][ T1089] geneve_newlink+0x109/0x1b0 [ 334.317457][ T1089] rtnl_newlink+0x16c7/0x22b0 [ 334.322145][ T1089] rtnetlink_rcv_msg+0x892/0x1170 [ 334.327193][ T1089] netlink_rcv_skb+0x1e3/0x430 [ 334.331964][ T1089] page last free pid 5089 tgid 5089 stack trace: [ 334.338299][ T1089] free_unref_page+0xd22/0xea0 [ 334.343130][ T1089] __slab_free+0x31b/0x3d0 [ 334.347575][ T1089] qlist_free_all+0x9e/0x140 [ 334.352181][ T1089] kasan_quarantine_reduce+0x14f/0x170 [ 334.357646][ T1089] __kasan_slab_alloc+0x23/0x80 [ 334.362591][ T1089] kmem_cache_alloc_noprof+0x135/0x2a0 [ 334.368231][ T1089] __kernfs_new_node+0xd8/0x870 [ 334.373096][ T1089] kernfs_new_node+0x137/0x240 [ 334.377869][ T1089] __kernfs_create_file+0x49/0x2e0 [ 334.382990][ T1089] sysfs_add_file_mode_ns+0x24a/0x310 [ 334.388366][ T1089] internal_create_group+0x7a7/0x11d0 [ 334.393838][ T1089] sysfs_create_groups+0x56/0x120 [ 334.398876][ T1089] device_add_attrs+0xe5/0x600 [ 334.403683][ T1089] device_add+0x576/0xbf0 [ 334.408018][ T1089] netdev_register_kobject+0x17e/0x320 [ 334.413566][ T1089] register_netdevice+0x11d5/0x19e0 [ 334.418773][ T1089] [ 334.421095][ T1089] Memory state around the buggy address: [ 334.426740][ T1089] ffff888028084f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 334.434811][ T1089] ffff888028085000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.442879][ T1089] >ffff888028085080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.450961][ T1089] ^ [ 334.457050][ T1089] ffff888028085100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.465205][ T1089] ffff888028085180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.473266][ T1089] ================================================================== [ 334.481385][ T1089] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 334.488607][ T1089] CPU: 0 UID: 0 PID: 1089 Comm: kworker/u8:6 Not tainted 6.10.0-rc5-next-20240627-syzkaller #0 [ 334.498978][ T1089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 334.509084][ T1089] Workqueue: l2tp l2tp_tunnel_del_work [ 334.514593][ T1089] Call Trace: [ 334.517901][ T1089] [ 334.520858][ T1089] dump_stack_lvl+0x241/0x360 [ 334.525573][ T1089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.530899][ T1089] ? __pfx__printk+0x10/0x10 [ 334.535543][ T1089] ? vscnprintf+0x5d/0x90 [ 334.539953][ T1089] panic+0x349/0x870 [ 334.543895][ T1089] ? check_panic_on_warn+0x21/0xb0 [ 334.549275][ T1089] ? __pfx_panic+0x10/0x10 [ 334.553824][ T1089] ? mark_lock+0x9a/0x360 [ 334.558277][ T1089] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 334.564203][ T1089] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 334.570133][ T1089] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 334.576504][ T1089] ? print_report+0x502/0x550 [ 334.581221][ T1089] check_panic_on_warn+0x86/0xb0 [ 334.586200][ T1089] ? l2tp_tunnel_del_work+0xe5/0x330 [ 334.591518][ T1089] end_report+0x77/0x160 [ 334.595796][ T1089] kasan_report+0x154/0x180 [ 334.600339][ T1089] ? l2tp_tunnel_del_work+0xe5/0x330 [ 334.605667][ T1089] l2tp_tunnel_del_work+0xe5/0x330 [ 334.610815][ T1089] ? process_scheduled_works+0x945/0x1830 [ 334.616568][ T1089] process_scheduled_works+0xa2c/0x1830 [ 334.622169][ T1089] ? __pfx_process_scheduled_works+0x10/0x10 [ 334.628194][ T1089] ? assign_work+0x364/0x3d0 [ 334.632825][ T1089] worker_thread+0x86d/0xd40 [ 334.637505][ T1089] ? __kthread_parkme+0x169/0x1d0 [ 334.642566][ T1089] ? __pfx_worker_thread+0x10/0x10 [ 334.647718][ T1089] kthread+0x2f0/0x390 [ 334.651841][ T1089] ? __pfx_worker_thread+0x10/0x10 [ 334.656993][ T1089] ? __pfx_kthread+0x10/0x10 [ 334.661620][ T1089] ret_from_fork+0x4b/0x80 [ 334.666077][ T1089] ? __pfx_kthread+0x10/0x10 [ 334.670704][ T1089] ret_from_fork_asm+0x1a/0x30 [ 334.675530][ T1089] [ 334.678872][ T1089] Kernel Offset: disabled [ 334.683210][ T1089] Rebooting in 86400 seconds..