last executing test programs: 1m27.738505626s ago: executing program 2 (id=922): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x48b}, {{0x0, 0x0, 0x0}, 0xb22d}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000880)=""/4098, 0x1002}, {0x0}], 0x2}, 0xffffffff}], 0x3, 0x2100, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 1m27.467322733s ago: executing program 2 (id=923): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, &(0x7f0000000340), &(0x7f0000000380)=r0}, 0x20) recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1}, 0x0) 1m26.488662299s ago: executing program 2 (id=927): openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r6, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) 1m25.091938267s ago: executing program 2 (id=931): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x48b}, {{0x0, 0x0, 0x0}, 0xb22d}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000880)=""/4098, 0x1002}, {0x0}], 0x2}, 0xffffffff}], 0x3, 0x2100, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 1m24.034603251s ago: executing program 2 (id=933): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x27, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000080), 0x2, 0x0) sendfile(r3, r3, 0x0, 0x4) 1m18.828513222s ago: executing program 2 (id=944): io_uring_setup(0x29d5, &(0x7f0000000100)={0x0, 0x9255}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, &(0x7f0000000780)) r4 = fanotify_init(0xf00, 0x0) fanotify_mark(r4, 0x105, 0x40009975, r3, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x118) 1m3.707332799s ago: executing program 32 (id=944): io_uring_setup(0x29d5, &(0x7f0000000100)={0x0, 0x9255}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, &(0x7f0000000780)) r4 = fanotify_init(0xf00, 0x0) fanotify_mark(r4, 0x105, 0x40009975, r3, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x118) 11.200800029s ago: executing program 0 (id=1051): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2b9, 0x0, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x8, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r5 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r5, 0x2) r6 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0) flock(r6, 0x1) close(r5) 11.064548522s ago: executing program 4 (id=1052): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = memfd_create(0x0, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r1, 0x4000) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, 0x0) keyctl$dh_compute(0x17, &(0x7f00000001c0)={0x0, r6}, &(0x7f0000000700)=""/259, 0x103, &(0x7f0000000400)={&(0x7f0000000100)={'streebog256-generic\x00'}}) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) r7 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r7, 0x101, 0x8, 0x0, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="140100002e00010000000000fbdbdd250401f2800c00160009ac0f00000000001400010000000000000000000000ffffac1414aa50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fe2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b39e9db0f89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebdddad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb090042f4d98fe3fa370d47eb640dc5061dc35817c8523b29be820400e900"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000840)={0x284, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT={0x1d4, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x70, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010101}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x42}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private0}}}]}, @CTA_EXPECT_NAT_TUPLE={0x90, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xb4}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @mcast1}}}]}, @CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xa63b8cd0047827d4}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x4c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x2d1e}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x8}, @CTA_EXPECT_MASTER={0x7c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @empty}}}]}]}, 0x284}, 0x1, 0x0, 0x0, 0x4000000}, 0x840) 9.684054528s ago: executing program 4 (id=1054): socket$inet(0x2, 0x4000000000000001, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x400}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0xd, 0x0, 0xfffffe0000000001, 0xfa91, 0xffffffff}, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f002, 0x4}) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, r2, 0x0, 0x6, 0x0) fcntl$setstatus(r2, 0x4, 0x7c00) dup3(r3, r2, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010605"], 0x2c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x0) syz_open_procfs(0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x40, 0xb, 0x6, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IFACE={0x14, 0x17, 'syz_tun\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7ff}]}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x8}, 0x4044000) 8.326038092s ago: executing program 0 (id=1055): ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(r0, &(0x7f00000003c0)='net/ip_tables_targets\x00') pread64(r3, &(0x7f0000000140)=""/170, 0xaa, 0x20000000000004) 8.271217897s ago: executing program 4 (id=1057): socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xc5c, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000a007) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40c0) ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0) r2 = syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000940)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0x7c80, 0x0) fsopen(0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e20}, 0x6e) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) syz_clone(0x25000, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 7.162783196s ago: executing program 4 (id=1061): io_uring_setup(0x29d5, &(0x7f0000000100)={0x0, 0x9255}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, 0x0, &(0x7f0000000780)) r5 = fanotify_init(0xf00, 0x0) fanotify_mark(r5, 0x105, 0x40009975, r3, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r6}, 0x18) openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 7.02273112s ago: executing program 3 (id=1064): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2b9, 0x0, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x8, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r5 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r5, 0x2) r6 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0) flock(r6, 0x1) close(r5) 5.979732613s ago: executing program 3 (id=1066): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000040)='./file2\x00', 0x3200400, &(0x7f0000000c00)=ANY=[], 0x1, 0xa76, &(0x7f00000000c0)="$eJzs3U2MG1cBAOA33vUmmwTilIQuSWgTftry091ms4SfCJqquRA1FbdKEZcoTUtEGhCpBK0qkeTEjVZVuPIjTuVQAUJqLyjqiUslGolLxaFw4EAUpEocoJC4iv2e136xNfb+2V5/n/T89s0bz3szOx6PZ+a9F4CJVWm8Li3NFSFcffPV4/984B+zd6Y82pqj1nidbktVQwhFTE9ny3tvqhnfev+lM93iIiw2XlM6PHmz9d7tIYRL4UC4Fmph79Xrr7y9+MTJyyeuHHzntaM31mftAQBgsnzr2tGlPX/7875dH7x+37GwpTU9nZ/XYnpHPO8/Fk/80/l/JXSmi7bQbiabbzqGSjbfVJf52supZvNN9yh/JltutZW/r2O+LSXlT7VN67beMM7SflwLRWW+I12pzM83f5OHxu/6mWL+wrnzz1wcUkWBNffv+0MIB4RBQ71e/3FjA45AXdY/3KgPvw7CeoT6zmEfgQCa8vuFd7mUX1lYndbSpvsr/+Zjle7vhzWw0fu/8ser/F9fjuWf+uu61oPJsFm/v9J6pc/RjpjO7yPkzy8N+vlPy5uKL9PZ8sv0uo8wLvcXetVzaoPrsVK96p/vF5vV12OctsM3svz2z0/+Px2X/zHQ3X8m7Pr/gRGow6YO1RGog9B3qA/7AASMrOXn5prqUcrPn+vL87eU5G8tyZ8tyd9Wkr+9JB8m2e+f/2l4uVj+nZ//ph/0eli6zvaRGH90wPrk1yMHLT9/7ndQqy0/f54YRtkbp586+5WnT11vPv9ftPb/23F/PxDTtfjZuhZnSNcL8+vqrWf/a53lVHrMd09Wn3TcqGxJ89ebJe7unK/Yvbyc0Hacuasec53v29lrvv2d89Wy+WZj2JrVNz8/2Za9L51/pONq2l7T2fpWs/WYyeqRjiu7YpzXA1Yi7Y+9nv9P++dcqBbPnDt/9pGYTvvpn6aqW+5MP9S+0N9sTN2B1em3/c9c6Gz/s6M1vVppPy7sXJ5etB8Xatn0xWaydZs8TT8c0+l77jtTs43p82e+d/7ptV55mHAXX3jxu6fPnz/7A3+kP2ZtFn/4Y9hHJmC9LTz/3PcXLr7w4sPnnjv97Nlnz144fOTI4cXFI189vLTQOK9faD+7BzaT5S/9YdcEAAAAAAAAAAAA6NcPTxy//pe3vvxus/3/cvu/1P4/Pfmb2v//JGv/n7eTT+3gUzvAXV3yG+PuvdFZj5lsvmoMH8vquzsrZ0/2vo/HuDWOX2z/n9rb5/26pvrcm03P++9N82XdCdzVX8pM1gdJPl7gp2J8Jca/CjBExWz3yTHu6N863N2/ddrXU/8U+qUYT+n/lvaG1I9Jav/dq1+ndPzftQF1ZO1tRHPCYa8j0N2/Rr7/77Yz8aHXZQKC7TxRoV43igcwGoY9/me67pniC3/85tY7Ic1287HO42XefymsxqiPP6n8URj/s1izSrTGv+vr+Neld/WOfp77H13hvz+/8W5bsWFvv8ffy9mqp36gd5eX2e6DWH5a/wdDf+XXf5mVn98Q6tP/svK39Vn+Xeu/f2Xl/z+WnzbbQ5/ut/xmjYtKZz3y68bp/l9+3Ti5la1/6ttz4PVf4UCNt2P5MMl6jzPb7wi2o2ko4/92uT+6UvlzGF+K6XQgTM855N/Ig9Y/PV+Rvgf2ZMsvSr7fxmWc4l4mffzfr8W47POQxv9N+2OtS7rSlq522bbjvq/AZvPeyN//G7NwaQTqIIxomB2BOnSGer2+vhe0Sgy1cIa+/Yd993nY5Q97+5fJx//Nz+Hz8X8r2Q+IfPzf/P35+L95fj6+Xp6fj/+bb898/N88/95sufkV7LmS/E+U5O8tyd+3nD/bLX9/yfs/WZJ/MMRzkh7595W8//6S/HtK8qdK8j9Tkv/ZkvwHSvIfKsn/XEn+Zpfao0zq+sMky9vn+fzD5Ej3f3p9/neX5APj62evH3r81O++XWu2/59p/V5L9/GOxXQ1/nb+UUzn971DW/pO3lsx/fcsf9Svd8AkyfvPyL/fHyzJB8ZXes7L5xsmUNG9x55++63qdZ7PePl8jL8Q4y/G+OEYz8d4IcaHYry4QfVjfTz+2z8cfblY/r2/M8vv93nyvD1Q3k/U4T7rk18fGPR59rwfv0GttvwVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmkrjdWlprgjh6puvHn/q5LmFO1Mebc1Ra7xOt6WqrfeF8EiMp2L8i/jHrfdfOtMe345xERZDEYrW9PDkzVZJ20MIl8KBcC3Uwt6r1195e/GJk5dPXDn4zmtHb6zfFgAAAIDN78MAAAD//+bcHCE=") mkdir(0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x80086e8a, 0x0) io_uring_enter(0xffffffffffffffff, 0x894, 0x3a7b, 0x20, &(0x7f0000000340)={[0x2000004]}, 0x8) read$FUSE(r1, 0x0, 0x0) syz_io_uring_setup(0x63a0, &(0x7f0000002cc0)={0x0, 0xec52, 0x8c20, 0x0, 0x234, 0x0, r1}, &(0x7f0000002d40), 0x0) prlimit64(0x0, 0xe, &(0x7f0000002bc0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r2, &(0x7f000009de80), 0x0, 0x4040004, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) getsockopt$bt_hci(r2, 0x84, 0x22, &(0x7f00000010c0)=""/4106, &(0x7f0000000000)=0x100a) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1, 0x103) mount(&(0x7f0000000b40)=@filename='./bus\x00', &(0x7f00000001c0)='./file2\x00', &(0x7f0000000080)='bdev\x00', 0x48, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) write$binfmt_script(r0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10) sched_setscheduler(0xffffffffffffffff, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x1d}, {0x2, [{@any, 0x8, 0x0, 0x7, "1862ed"}, {@any, 0x1, 0xfe, 0xb, "c73a2a", 0x40}]}}}, 0x20) 3.56709642s ago: executing program 1 (id=1069): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r4 = accept4(r3, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb90}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="21000000040000005b0000008a00000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100647e0000000000000000000000fbfb77f23e1459e3bb00"/37], 0x48) sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000000a0a01ff"], 0x14}}, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100)) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x101001, 0x0) ioctl$SIOCGSKNS(r7, 0x894c, &(0x7f0000000340)={'vxcan1\x00', 0x200}) ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r6, &(0x7f00000012c0)="a5", 0x1) 3.449235271s ago: executing program 0 (id=1070): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x44, 0x30, 0xb, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200"/56, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000006c0)}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb", 0x80}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)}], 0x2}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.377171138s ago: executing program 1 (id=1071): socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xc5c, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000a007) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40c0) ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0) r2 = syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000940)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0x7c80, 0x0) fsopen(0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e20}, 0x6e) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) syz_clone(0x25000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d80000001b00010000000000fdfffffffc000000000000000000000000000000200100000000000000000000000000004e240000000000010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ffffffffffffff7ffcffffffffffffff04000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000006fcffff00000000000003000000000000000000000000000c0008"], 0xd8}}, 0x20008004) socket$nl_route(0x10, 0x3, 0x0) 3.35683231s ago: executing program 3 (id=1072): syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x82000) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x2701, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0xfffffffe, "94c408213d36be01d7000000000000e1100ad985544600", 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 3.146451441s ago: executing program 0 (id=1073): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0xa000, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {0x0, 0xfff1}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x1, 0xe}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 3.087642367s ago: executing program 4 (id=1074): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2b9, 0x0, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x8, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r5 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r5, 0x2) r6 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0) flock(r6, 0x1) close(r5) 2.934950992s ago: executing program 3 (id=1075): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x103000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, 0x0, 0xc) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005280)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "12"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000005c0)={"f2efe21e", 0x4000, 0xfd, 0x4d, 0xffffffff, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "00000002", "a2d1d4a2", ['\x00', "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xf4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xb8}, 0x1, 0x0, 0x0, 0x20004014}, 0x0) 1.652243058s ago: executing program 3 (id=1076): shutdown(0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) capset(0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000380)={0xc}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, 0x0, r3, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) 1.577626765s ago: executing program 1 (id=1077): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), 0x0, 0x208000, &(0x7f0000000640)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x3c, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000540)={0x2a, 0x4, 0x0, {0x1, 0xffffffffffefffff, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) 1.468131426s ago: executing program 4 (id=1078): ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(r0, &(0x7f00000003c0)='net/ip_tables_targets\x00') pread64(r3, &(0x7f0000000140)=""/170, 0xaa, 0x20000000000004) 618.955119ms ago: executing program 1 (id=1079): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r4 = accept4(r3, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb90}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="21000000040000005b0000008a00000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100647e0000000000000000000000fbfb77f23e1459e3bb00"/37], 0x48) sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000000a0a01ff"], 0x14}}, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100)) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x101001, 0x0) ioctl$SIOCGSKNS(r7, 0x894c, &(0x7f0000000340)={'vxcan1\x00', 0x200}) ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r6, &(0x7f00000012c0)="a5", 0x1) 566.329095ms ago: executing program 3 (id=1080): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffd94, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x28}}, 0x0) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==") r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40186e8d, &(0x7f0000000040)={0x0, 0x42c0000000003f, 0x400, 0x200000003, 0x6, 0x3, 0x2401}) syz_open_dev$cec(0x0, 0x0, 0x82002) syz_open_dev$cec(0x0, 0x0, 0x40040) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000006110850000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 405.80652ms ago: executing program 0 (id=1081): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x48b}, {{0x0, 0x0, 0x0}, 0xb22d}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000880)=""/4098, 0x1002}, {0x0}], 0x2}, 0xffffffff}], 0x3, 0x2100, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 227.756388ms ago: executing program 1 (id=1082): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x44, 0x30, 0xb, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000006c0)}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb", 0x80}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)}], 0x2}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 157.349175ms ago: executing program 0 (id=1083): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000540)='./file1\x00', &(0x7f0000000180), &(0x7f0000000500)=ANY=[], 0x361, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000000)=ANY=[], 0xfe37, 0x0) 0s ago: executing program 1 (id=1084): getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000), 0x0) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b000000000000"], 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x19, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fc0700000000000003", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823", @ANYRES32=r0, @ANYBLOB="bd00000000000000b705000008000000"], &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x6e, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000340)={0x2, 0x4}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$packet(0x11, 0x3, 0x300) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_pts(r5, 0x1) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="40000000200025a729bd7000fddbdf250a000007ff000001020001000800060000000000140003006e"], 0x40}, 0x1, 0x0, 0x0, 0x20008081}, 0x0) ioctl$TCSETA(r5, 0x5406, &(0x7f00000001c0)={0xffff, 0x0, 0x4, 0x38f, 0x0, "a0590469a322d928"}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) kernel console output (not intermixed with test programs): 50][ T11] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 217.023327][ T6813] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.215980][ T6813] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.436690][ T6813] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.467677][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 217.467692][ T28] audit: type=1326 audit(1761216359.972:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.555811][ T28] audit: type=1326 audit(1761216359.972:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.665305][ T28] audit: type=1326 audit(1761216359.972:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.687566][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.711741][ T6813] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.721670][ T28] audit: type=1326 audit(1761216359.972:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.744842][ T28] audit: type=1326 audit(1761216359.972:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.774502][ T28] audit: type=1326 audit(1761216359.972:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.875059][ T28] audit: type=1326 audit(1761216359.972:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.900812][ T28] audit: type=1326 audit(1761216359.972:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 217.923023][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.978408][ T28] audit: type=1326 audit(1761216359.972:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fdf0ed8f003 code=0x7ffc0000 [ 218.034700][ T28] audit: type=1326 audit(1761216360.452:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6817 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdf0ed8da7f code=0x7ffc0000 [ 218.056699][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.090276][ T6813] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.127368][ T6813] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.161305][ T6822] loop1: detected capacity change from 0 to 512 [ 218.227121][ T6822] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 218.257465][ T6813] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.374367][ T6813] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.375240][ T6822] loop1: detected capacity change from 0 to 512 [ 218.429523][ T6822] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.237: casefold flag without casefold feature [ 218.467741][ T6822] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.237: couldn't read orphan inode 15 (err -117) [ 218.468869][ T6818] loop3: detected capacity change from 0 to 40427 [ 218.524890][ T6818] F2FS-fs (loop3): invalid crc value [ 218.539435][ T6822] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.546324][ T6828] netlink: 56 bytes leftover after parsing attributes in process `syz.0.239'. [ 218.569597][ T6818] F2FS-fs (loop3): Found nat_bits in checkpoint [ 218.697135][ T6818] F2FS-fs (loop3): Start checkpoint disabled! [ 218.713763][ T6818] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 219.441558][ T6839] netlink: 12 bytes leftover after parsing attributes in process `syz.0.242'. [ 220.073681][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.736655][ T6848] loop1: detected capacity change from 0 to 128 [ 220.783083][ T6848] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 220.819266][ T4074] kworker/u4:10: attempt to access beyond end of device [ 220.819266][ T4074] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 220.836236][ T6848] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 220.851588][ T4074] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 220.855899][ T4074] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 220.857710][ T4074] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 220.866656][ T4074] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 221.755122][ T6862] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 222.022389][ T6866] loop3: detected capacity change from 0 to 1024 [ 222.024008][ T6864] loop1: detected capacity change from 0 to 1764 [ 222.030799][ T6866] EXT4-fs: quotafile must be on filesystem root [ 222.735714][ T6872] netlink: 12 bytes leftover after parsing attributes in process `syz.2.253'. [ 223.015135][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 223.015146][ T28] audit: type=1326 audit(1761216365.522:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 223.594255][ T28] audit: type=1326 audit(1761216365.552:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 223.757662][ T28] audit: type=1326 audit(1761216365.562:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 223.913311][ T28] audit: type=1326 audit(1761216365.562:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 223.997162][ T28] audit: type=1326 audit(1761216365.562:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 224.076711][ T28] audit: type=1326 audit(1761216365.562:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 224.155211][ T28] audit: type=1326 audit(1761216365.562:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 224.230658][ T28] audit: type=1326 audit(1761216365.562:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 224.305895][ T28] audit: type=1326 audit(1761216365.572:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f476c78f003 code=0x7ffc0000 [ 224.387191][ T28] audit: type=1326 audit(1761216366.212:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f476c78da7f code=0x7ffc0000 [ 224.416746][ T6876] loop0: detected capacity change from 0 to 40427 [ 224.430071][ T6876] F2FS-fs (loop0): invalid crc value [ 224.441769][ T6876] F2FS-fs (loop0): Found nat_bits in checkpoint [ 224.614275][ T6876] F2FS-fs (loop0): Start checkpoint disabled! [ 224.707315][ T6876] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 225.607584][ T6879] loop1: detected capacity change from 0 to 32768 [ 228.702717][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 228.702731][ T28] audit: type=1800 audit(1761216371.202:536): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.255" name="file1" dev="loop0" ino=17 res=0 errno=0 [ 228.893373][ T6905] netlink: 12 bytes leftover after parsing attributes in process `syz.1.262'. [ 228.934492][ T3523] kworker/u4:9: attempt to access beyond end of device [ 228.934492][ T3523] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 228.964916][ T3523] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 228.982500][ T3523] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 229.000958][ T3523] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 229.008876][ T3523] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 230.432064][ T6922] loop1: detected capacity change from 0 to 1024 [ 230.444808][ T6922] EXT4-fs: quotafile must be on filesystem root [ 231.706700][ T6927] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 233.598679][ T6937] veth1_macvtap: left promiscuous mode [ 233.705946][ T6942] netlink: 12 bytes leftover after parsing attributes in process `syz.2.274'. [ 237.038073][ T6962] binder: 6961:6962 ioctl 4018620d 0 returned -22 [ 238.001170][ T6968] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 239.575501][ T6977] loop0: detected capacity change from 0 to 1024 [ 239.604485][ T6977] EXT4-fs: quotafile must be on filesystem root [ 241.830675][ T6988] netlink: 12 bytes leftover after parsing attributes in process `syz.1.287'. [ 241.860736][ T6991] binder: 6990:6991 ioctl 4018620d 0 returned -22 [ 249.721912][ T7016] loop2: detected capacity change from 0 to 1764 [ 249.739371][ T7019] veth1_macvtap: left promiscuous mode [ 250.332312][ T7027] binder: 7026:7027 ioctl 4018620d 0 returned -22 [ 250.561779][ T7032] loop0: detected capacity change from 0 to 1024 [ 250.608811][ T7032] EXT4-fs: quotafile must be on filesystem root [ 250.826046][ T7033] loop3: detected capacity change from 0 to 40427 [ 250.843231][ T7033] F2FS-fs (loop3): invalid crc value [ 250.882358][ T7033] F2FS-fs (loop3): Found nat_bits in checkpoint [ 250.946581][ T7033] F2FS-fs (loop3): Start checkpoint disabled! [ 251.025403][ T7033] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 251.870518][ T7051] netlink: 24 bytes leftover after parsing attributes in process `syz.2.304'. [ 252.632107][ T59] kworker/u4:4: attempt to access beyond end of device [ 252.632107][ T59] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 252.678356][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 252.685317][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 253.626687][ T7062] binder: 7061:7062 ioctl 4018620d 0 returned -22 [ 253.680878][ T7064] loop3: detected capacity change from 0 to 64 [ 253.752345][ T7064] syz.3.305: attempt to access beyond end of device [ 253.752345][ T7064] loop3: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 253.815208][ T7064] Buffer I/O error on dev loop3, logical block 512, async page read [ 253.849904][ T7064] syz.3.305: attempt to access beyond end of device [ 253.849904][ T7064] loop3: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 253.900962][ T7064] Buffer I/O error on dev loop3, logical block 56576, async page read [ 253.951946][ T7045] loop1: detected capacity change from 0 to 32768 [ 254.001185][ T7045] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 254.018015][ T7045] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 254.211171][ T7045] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 254.240222][ T1187] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 254.249502][ T1187] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 254.424755][ T1187] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 175ms [ 254.453242][ T1187] gfs2: fsid=syz:syz.0: jid=0: Done [ 254.475697][ T7045] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 254.520032][ T7045] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 254.665322][ T7074] loop0: detected capacity change from 0 to 40427 [ 254.691561][ T7074] F2FS-fs (loop0): invalid crc value [ 254.708357][ T7074] F2FS-fs (loop0): Found nat_bits in checkpoint [ 254.759485][ T7074] F2FS-fs (loop0): Start checkpoint disabled! [ 254.768338][ T7074] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 255.707577][ T59] kworker/u4:4: attempt to access beyond end of device [ 255.707577][ T59] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 255.869153][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 256.051906][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.058946][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.445445][ T7090] binder: 7086:7090 ioctl 4018620d 0 returned -22 [ 260.486896][ T7110] loop2: detected capacity change from 0 to 40427 [ 260.538721][ T7110] F2FS-fs (loop2): invalid crc value [ 260.590019][ T7110] F2FS-fs (loop2): Found nat_bits in checkpoint [ 260.598838][ T7113] loop0: detected capacity change from 0 to 1024 [ 260.638978][ T7110] F2FS-fs (loop2): Start checkpoint disabled! [ 260.669374][ T7110] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 260.694701][ T7113] EXT4-fs: quotafile must be on filesystem root [ 261.319043][ T7120] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 261.328395][ T12] kworker/u4:1: attempt to access beyond end of device [ 261.328395][ T12] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 261.368731][ T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 261.389761][ T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 261.969755][ T7112] loop3: detected capacity change from 0 to 32768 [ 261.987495][ T7112] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 261.998238][ T7112] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 262.690516][ T7112] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 31ms [ 262.759270][ T1187] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 262.775274][ T1187] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 262.905750][ T1187] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 130ms [ 262.923176][ T1187] gfs2: fsid=syz:syz.0: jid=0: Done [ 262.939194][ T7112] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 263.215246][ T7136] loop1: detected capacity change from 0 to 128 [ 267.560436][ T7136] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 267.654179][ T7136] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 268.187050][ T7140] loop1: detected capacity change from 0 to 2048 [ 268.402442][ T7141] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 269.000765][ T7142] NILFS error (device loop1): nilfs_lookup: deleted inode referenced: 12 [ 269.145099][ T7142] Remounting filesystem read-only [ 269.884739][ T7145] binder: 7144:7145 ioctl 4018620d 0 returned -22 [ 271.931151][ T7162] loop2: detected capacity change from 0 to 40427 [ 272.012294][ T7162] F2FS-fs (loop2): invalid crc value [ 272.068093][ T7162] F2FS-fs (loop2): Found nat_bits in checkpoint [ 272.113489][ T7162] F2FS-fs (loop2): Start checkpoint disabled! [ 272.150637][ T7162] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 274.161176][ T1126] kworker/u4:7: attempt to access beyond end of device [ 274.161176][ T1126] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 274.225624][ T1126] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 274.239518][ T1126] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 274.290017][ T7174] loop0: detected capacity change from 0 to 1024 [ 274.297474][ T7174] EXT4-fs: quotafile must be on filesystem root [ 275.779237][ T7185] loop1: detected capacity change from 0 to 1764 [ 276.216664][ T7183] loop2: detected capacity change from 0 to 32768 [ 276.270171][ T7183] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop2 scanned by syz.2.335 (7183) [ 276.332603][ T7183] BTRFS info (device loop2): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 276.362781][ T7183] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 276.397484][ T7183] BTRFS info (device loop2): using free space tree [ 276.541606][ T7183] BTRFS info (device loop2): enabling ssd optimizations [ 276.558523][ T7183] BTRFS info (device loop2): auto enabling async discard [ 276.726560][ T5785] BTRFS info (device loop2): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 277.334491][ T7204] binder: 7202:7204 ioctl 4018620d 0 returned -22 [ 279.040120][ T7214] loop1: detected capacity change from 0 to 1024 [ 279.099716][ T7214] hfsplus: request for non-existent node 16777216 in B*Tree [ 279.128391][ T7214] hfsplus: request for non-existent node 16777216 in B*Tree [ 279.153591][ T7214] hfsplus: request for non-existent node 16777216 in B*Tree [ 279.307781][ T7214] hfsplus: request for non-existent node 16777216 in B*Tree [ 279.538389][ T7218] loop0: detected capacity change from 0 to 40427 [ 279.878537][ T7214] hfsplus: request for non-existent node 16777216 in B*Tree [ 279.889783][ T7214] hfsplus: request for non-existent node 16777216 in B*Tree [ 279.906969][ T7218] F2FS-fs (loop0): invalid crc value [ 279.947210][ T28] audit: type=1800 audit(1761216422.452:537): pid=7214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.342" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 279.966770][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.050414][ T7218] F2FS-fs (loop0): Found nat_bits in checkpoint [ 280.114696][ T7218] F2FS-fs (loop0): Start checkpoint disabled! [ 280.132230][ T7218] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 281.102414][ T1117] kworker/u4:6: attempt to access beyond end of device [ 281.102414][ T1117] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 281.175651][ T1117] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 281.193846][ T1117] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 281.532552][ T7242] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 282.410383][ T7245] binder: 7244:7245 ioctl 4018620d 0 returned -22 [ 282.492028][ T7247] loop3: detected capacity change from 0 to 128 [ 282.555121][ T7247] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 282.590284][ T7247] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 282.694527][ T7237] loop1: detected capacity change from 0 to 32768 [ 282.743717][ T7237] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 282.768385][ T7237] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 282.841553][ T7256] validate_nla: 44 callbacks suppressed [ 282.841571][ T7256] netlink: 'syz.3.359': attribute type 10 has an invalid length. [ 282.907282][ T7256] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.007934][ T7256] bond0: (slave team0): Enslaving as an active interface with an up link [ 283.072414][ T7237] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 283.150774][ T5858] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 283.157615][ T5858] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 284.374314][ T5858] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1216ms [ 284.384732][ T5858] gfs2: fsid=syz:syz.0: jid=0: Done [ 284.391186][ T7237] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 284.939956][ T7237] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 285.349752][ T7267] loop0: detected capacity change from 0 to 4096 [ 285.404814][ T7267] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 285.442707][ T7275] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 285.645186][ T7279] binder: 7277:7279 ioctl 4018620d 0 returned -22 [ 285.824825][ T7281] loop0: detected capacity change from 0 to 128 [ 285.859736][ T7281] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 285.911128][ T7281] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 286.236330][ T7289] netlink: 24 bytes leftover after parsing attributes in process `syz.1.367'. [ 287.028766][ T7297] loop3: detected capacity change from 0 to 1024 [ 287.170620][ T7297] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.125108][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.174582][ T7316] binder: 7315:7316 ioctl 4018620d 0 returned -22 [ 291.064346][ T7326] netlink: 24 bytes leftover after parsing attributes in process `syz.0.376'. [ 292.326155][ T7334] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 292.393838][ T7338] loop1: detected capacity change from 0 to 1024 [ 293.027573][ T7338] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.902849][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.700173][ T7362] netlink: 24 bytes leftover after parsing attributes in process `syz.2.386'. [ 296.527851][ T7370] loop2: detected capacity change from 0 to 32768 [ 296.550463][ T7370] (syz.2.389,7370,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 296.597165][ T7370] (syz.2.389,7370,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 296.720587][ T7370] JBD2: Ignoring recovery information on journal [ 296.751249][ T7372] loop0: detected capacity change from 0 to 2048 [ 296.807754][ T7368] loop1: detected capacity change from 0 to 32768 [ 296.832417][ T7372] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 296.844272][ T7368] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 296.886777][ T7368] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 296.934149][ T7370] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 296.969131][ T7376] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 297.035553][ T7368] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 297.060191][ T7372] NILFS error (device loop0): nilfs_lookup: deleted inode referenced: 12 [ 297.105465][ T5858] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 297.127340][ T5858] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 297.135085][ T7372] Remounting filesystem read-only [ 297.242723][ T5858] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 115ms [ 297.274196][ T5858] gfs2: fsid=syz:syz.0: jid=0: Done [ 297.279798][ T7368] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 297.292933][ T7381] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 297.392988][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 297.401858][ T7385] loop0: detected capacity change from 0 to 1024 [ 297.442360][ T7385] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 298.606798][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.250451][ T7399] loop3: detected capacity change from 0 to 2048 [ 299.363839][ T7409] netlink: 24 bytes leftover after parsing attributes in process `syz.0.397'. [ 300.020393][ T7399] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 300.032964][ T7399] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.088555][ T7399] random: crng reseeded on system resumption [ 300.613395][ T7418] fs-verity: sha512 using implementation "sha512-avx2" [ 302.393025][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.436872][ T7426] loop1: detected capacity change from 0 to 1024 [ 302.539279][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.568301][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.575896][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.620894][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.652547][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.672709][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.702021][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.719914][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.731516][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.741531][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.751933][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.761806][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.771515][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.781392][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.792485][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.805459][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.821762][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.834517][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.844615][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.855251][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.865267][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.876547][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.887394][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.898956][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.907882][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.918242][ T5858] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 302.920233][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.945661][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.953714][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.966871][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.975255][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 302.991417][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 303.002811][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 303.011729][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 303.023454][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 303.034354][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 303.053967][ T7426] hfsplus: request for non-existent node 16777216 in B*Tree [ 303.066593][ T28] audit: type=1800 audit(1761216445.572:538): pid=7426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.400" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 303.086078][ C0] vkms_vblank_simulate: vblank timer overrun [ 303.109773][ T5858] usb 4-1: Using ep0 maxpacket: 32 [ 303.127405][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.155654][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 303.166323][ T5858] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 303.195063][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.235507][ T7433] loop0: detected capacity change from 0 to 1024 [ 303.265784][ T7433] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 303.461695][ T5858] usb 4-1: config 0 descriptor?? [ 303.474053][ T5858] hub 4-1:0.0: USB hub found [ 303.689552][ T5858] hub 4-1:0.0: 1 port detected [ 304.517254][ T5858] hub 4-1:0.0: activate --> -90 [ 304.629355][ T7442] loop1: detected capacity change from 0 to 40427 [ 304.653046][ T7442] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x7ffff [ 304.686023][ T7442] F2FS-fs (loop1): invalid crc value [ 304.722706][ T7442] F2FS-fs (loop1): Found nat_bits in checkpoint [ 304.806679][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.842073][ T7442] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 304.885380][ T7444] loop2: detected capacity change from 0 to 32768 [ 304.902700][ T7444] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 304.920691][ T786] usb 4-1: USB disconnect, device number 7 [ 304.928459][ T7444] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 304.936496][ T7442] F2FS-fs (loop1): access invalid blkaddr:2816 [ 304.962053][ T7442] CPU: 0 PID: 7442 Comm: syz.1.405 Not tainted syzkaller #0 [ 304.969419][ T7442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 304.979540][ T7442] Call Trace: [ 304.982845][ T7442] [ 304.985793][ T7442] dump_stack_lvl+0x16c/0x230 [ 304.990505][ T7442] ? show_regs_print_info+0x20/0x20 [ 304.995721][ T7442] ? __lock_acquire+0x1260/0x7c80 [ 305.000763][ T7442] ? f2fs_get_next_page_offset+0x690/0x690 [ 305.006603][ T7442] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 305.012083][ T7442] f2fs_map_blocks+0xda2/0x3db0 [ 305.016956][ T7442] ? verify_lock_unused+0x140/0x140 [ 305.022292][ T7442] ? f2fs_get_block_locked+0xe0/0xe0 [ 305.027601][ T7442] ? __lock_acquire+0x7c80/0x7c80 [ 305.032643][ T7442] ? xas_descend+0x3a4/0x490 [ 305.037255][ T7442] ? xa_load+0x2c0/0x2e0 [ 305.041528][ T7442] ? xa_load+0x64/0x2e0 [ 305.045707][ T7442] ? page_index+0xe7/0x470 [ 305.050171][ T7442] f2fs_mpage_readpages+0x9f5/0x1ec0 [ 305.055584][ T7442] ? detach_page_private+0x4c0/0x4c0 [ 305.060888][ T7442] ? __mod_lruvec_page_state+0xa5/0x420 [ 305.066464][ T7442] ? f2fs_readahead+0x167/0x300 [ 305.071328][ T7442] ? f2fs_dirty_data_folio+0x810/0x810 [ 305.076821][ T7442] read_pages+0x177/0x840 [ 305.081202][ T7442] ? folio_put+0xd0/0xd0 [ 305.085500][ T7442] ? page_cache_ra_unbounded+0x770/0x770 [ 305.091200][ T7442] ? filemap_add_folio+0x192/0x3c0 [ 305.096349][ T7442] page_cache_ra_unbounded+0x692/0x770 [ 305.101852][ T7442] f2fs_readdir+0x44c/0x8c0 [ 305.106422][ T7442] ? f2fs_fill_dentries+0xbb0/0xbb0 [ 305.111651][ T7442] ? mutex_lock_nested+0x20/0x20 [ 305.116619][ T7442] ? end_current_label_crit_section+0x149/0x170 [ 305.122877][ T7442] ? down_read_killable+0x1d0/0x340 [ 305.128099][ T7442] ? fsnotify_perm+0x271/0x5e0 [ 305.132918][ T7442] iterate_dir+0x1c2/0x580 [ 305.137356][ T7442] __se_sys_getdents64+0xe9/0x260 [ 305.142400][ T7442] ? __x64_sys_getdents64+0x80/0x80 [ 305.147614][ T7442] ? filldir+0x680/0x680 [ 305.151899][ T7442] ? lockdep_hardirqs_on+0x98/0x150 [ 305.157151][ T7442] do_syscall_64+0x55/0xb0 [ 305.161578][ T7442] ? clear_bhb_loop+0x40/0x90 [ 305.166275][ T7442] ? clear_bhb_loop+0x40/0x90 [ 305.170974][ T7442] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 305.176873][ T7442] RIP: 0033:0x7f470d98efc9 [ 305.181314][ T7442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.200947][ T7442] RSP: 002b:00007f470e8cc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 305.209384][ T7442] RAX: ffffffffffffffda RBX: 00007f470dbe5fa0 RCX: 00007f470d98efc9 [ 305.217371][ T7442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 305.225358][ T7442] RBP: 00007f470da11f91 R08: 0000000000000000 R09: 0000000000000000 [ 305.233342][ T7442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 305.241323][ T7442] R13: 00007f470dbe6038 R14: 00007f470dbe5fa0 R15: 00007ffd74e0b238 [ 305.249321][ T7442] [ 305.252391][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.319606][ T7442] F2FS-fs (loop1): access invalid blkaddr:2816 [ 305.326209][ T7442] CPU: 1 PID: 7442 Comm: syz.1.405 Not tainted syzkaller #0 [ 305.333557][ T7442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 305.343647][ T7442] Call Trace: [ 305.346961][ T7442] [ 305.349927][ T7442] dump_stack_lvl+0x16c/0x230 [ 305.354652][ T7442] ? show_regs_print_info+0x20/0x20 [ 305.359897][ T7442] ? __lock_acquire+0x1260/0x7c80 [ 305.364967][ T7442] ? f2fs_get_next_page_offset+0x690/0x690 [ 305.370831][ T7442] ? _raw_spin_unlock+0x40/0x40 [ 305.375742][ T7442] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 305.381162][ T7442] f2fs_map_blocks+0xda2/0x3db0 [ 305.386058][ T7442] ? verify_lock_unused+0x140/0x140 [ 305.391344][ T7442] ? f2fs_get_block_locked+0xe0/0xe0 [ 305.396671][ T7442] ? __lock_acquire+0x7c80/0x7c80 [ 305.401740][ T7442] ? xas_descend+0x3a4/0x490 [ 305.406366][ T7442] ? xa_load+0x2c0/0x2e0 [ 305.410652][ T7442] ? xa_load+0x64/0x2e0 [ 305.414851][ T7442] ? page_index+0xe7/0x470 [ 305.419337][ T7442] f2fs_mpage_readpages+0x9f5/0x1ec0 [ 305.424699][ T7442] ? detach_page_private+0x4c0/0x4c0 [ 305.430042][ T7442] ? __mod_lruvec_page_state+0xa5/0x420 [ 305.435676][ T7442] ? f2fs_readahead+0x167/0x300 [ 305.440569][ T7442] ? f2fs_dirty_data_folio+0x810/0x810 [ 305.446069][ T7442] read_pages+0x177/0x840 [ 305.450455][ T7442] ? folio_put+0xd0/0xd0 [ 305.454746][ T7442] ? page_cache_ra_unbounded+0x770/0x770 [ 305.460438][ T7442] ? filemap_add_folio+0x192/0x3c0 [ 305.465607][ T7442] page_cache_ra_unbounded+0x692/0x770 [ 305.471143][ T7442] f2fs_readdir+0x44c/0x8c0 [ 305.475726][ T7442] ? f2fs_fill_dentries+0xbb0/0xbb0 [ 305.480998][ T7442] ? mutex_lock_nested+0x20/0x20 [ 305.485979][ T7442] ? end_current_label_crit_section+0x149/0x170 [ 305.492268][ T7442] ? down_read_killable+0x1d0/0x340 [ 305.497513][ T7442] ? fsnotify_perm+0x271/0x5e0 [ 305.502319][ T7442] iterate_dir+0x1c2/0x580 [ 305.506775][ T7442] __se_sys_getdents64+0xe9/0x260 [ 305.511845][ T7442] ? __x64_sys_getdents64+0x80/0x80 [ 305.517088][ T7442] ? filldir+0x680/0x680 [ 305.521372][ T7442] ? lockdep_hardirqs_on+0x98/0x150 [ 305.526613][ T7442] do_syscall_64+0x55/0xb0 [ 305.531084][ T7442] ? clear_bhb_loop+0x40/0x90 [ 305.535806][ T7442] ? clear_bhb_loop+0x40/0x90 [ 305.540509][ T7442] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 305.546426][ T7442] RIP: 0033:0x7f470d98efc9 [ 305.550866][ T7442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.570507][ T7442] RSP: 002b:00007f470e8cc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 305.578970][ T7442] RAX: ffffffffffffffda RBX: 00007f470dbe5fa0 RCX: 00007f470d98efc9 [ 305.586969][ T7442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 305.594973][ T7442] RBP: 00007f470da11f91 R08: 0000000000000000 R09: 0000000000000000 [ 305.602975][ T7442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 305.610968][ T7442] R13: 00007f470dbe6038 R14: 00007f470dbe5fa0 R15: 00007ffd74e0b238 [ 305.618989][ T7442] [ 305.773413][ T7450] netlink: 24 bytes leftover after parsing attributes in process `syz.0.407'. [ 305.950100][ T7444] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 305.963084][ T786] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 305.971467][ T786] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 306.077224][ T7442] syz.1.405: attempt to access beyond end of device [ 306.077224][ T7442] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 306.146207][ T786] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 174ms [ 306.167856][ T786] gfs2: fsid=syz:syz.0: jid=0: Done [ 306.191894][ T7444] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 306.331127][ T5792] syz-executor: attempt to access beyond end of device [ 306.331127][ T5792] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 306.357637][ T5792] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 307.127367][ T7463] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 308.014183][ T7465] loop3: detected capacity change from 0 to 40427 [ 308.093774][ T7465] F2FS-fs (loop3): invalid crc value [ 308.119475][ T7465] F2FS-fs (loop3): Found nat_bits in checkpoint [ 308.176381][ T7465] F2FS-fs (loop3): Start checkpoint disabled! [ 308.348117][ T7465] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 309.085930][ T12] kworker/u4:1: attempt to access beyond end of device [ 309.085930][ T12] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 309.100177][ T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 309.107080][ T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 310.932140][ T7497] netlink: 24 bytes leftover after parsing attributes in process `syz.3.417'. [ 311.597816][ T7502] loop0: detected capacity change from 0 to 1024 [ 311.699965][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.728806][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.793452][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.802001][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.809453][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.816885][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.826376][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.833869][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.841821][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.849573][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.856987][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.888060][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.935533][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.968930][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 311.976566][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.007475][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.032267][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.052810][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.118356][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.125790][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.300438][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.307814][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.495463][ T7508] loop2: detected capacity change from 0 to 40427 [ 312.706954][ T7508] F2FS-fs (loop2): invalid crc value [ 312.791005][ T7508] F2FS-fs (loop2): Found nat_bits in checkpoint [ 312.833658][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.841337][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.848849][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.851343][ T7508] F2FS-fs (loop2): Start checkpoint disabled! [ 312.856583][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.877555][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.885227][ T7508] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 312.918021][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 312.925437][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 313.099292][ T7502] hfsplus: request for non-existent node 16777216 in B*Tree [ 313.263291][ T28] audit: type=1800 audit(1761216455.722:539): pid=7502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.419" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 313.580488][ T59] kworker/u4:4: attempt to access beyond end of device [ 313.580488][ T59] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 313.624516][ T59] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 313.632304][ T59] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 313.642589][ T59] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 313.720032][ T7523] loop3: detected capacity change from 0 to 1764 [ 314.816418][ T7533] netlink: 24 bytes leftover after parsing attributes in process `syz.0.428'. [ 317.602118][ T7547] loop3: detected capacity change from 0 to 40427 [ 317.616225][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.630250][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.646795][ T7547] F2FS-fs (loop3): invalid crc value [ 317.656729][ T7547] F2FS-fs (loop3): Found nat_bits in checkpoint [ 317.751344][ T7547] F2FS-fs (loop3): Start checkpoint disabled! [ 317.769298][ T7547] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 319.239120][ T1117] kworker/u4:6: attempt to access beyond end of device [ 319.239120][ T1117] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 319.293945][ T1117] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 319.318066][ T1117] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 319.341275][ T1117] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 320.153345][ T7567] loop2: detected capacity change from 0 to 1764 [ 320.163340][ T7566] loop1: detected capacity change from 0 to 32768 [ 320.180466][ T7566] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.439 (7566) [ 320.209657][ T7566] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 320.219900][ T7566] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 320.219986][ T7566] BTRFS info (device loop1): using free space tree [ 320.408726][ T7566] BTRFS info (device loop1): enabling ssd optimizations [ 320.415754][ T7566] BTRFS info (device loop1): auto enabling async discard [ 322.415494][ T7600] loop3: detected capacity change from 0 to 4096 [ 322.425463][ T7600] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 322.935227][ T5792] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 323.382501][ T7604] loop2: detected capacity change from 0 to 40427 [ 323.428140][ T7604] F2FS-fs (loop2): invalid crc value [ 323.480908][ T7604] F2FS-fs (loop2): Found nat_bits in checkpoint [ 323.516370][ T7604] F2FS-fs (loop2): Start checkpoint disabled! [ 323.639900][ T7604] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 324.612071][ T1126] kworker/u4:7: attempt to access beyond end of device [ 324.612071][ T1126] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 324.632129][ T1126] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 324.647041][ T1126] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 324.661882][ T1126] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 326.499734][ T7633] loop3: detected capacity change from 0 to 4096 [ 326.511507][ T7633] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 327.508306][ T7451] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 328.008674][ T7642] loop2: detected capacity change from 0 to 4096 [ 328.020224][ T7642] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 329.353215][ T7648] netlink: 8 bytes leftover after parsing attributes in process `syz.3.456'. [ 329.899538][ T7652] loop1: detected capacity change from 0 to 1764 [ 331.818031][ T7669] veth1_macvtap: left promiscuous mode [ 332.211396][ T7676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.462'. [ 332.228142][ T7676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.462'. [ 333.569600][ T7685] loop0: detected capacity change from 0 to 4096 [ 333.579376][ T7685] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 339.930176][ T7715] loop0: detected capacity change from 0 to 4096 [ 339.937268][ T7715] EXT4-fs: Ignoring removed mblk_io_submit option [ 339.962966][ T7718] loop1: detected capacity change from 0 to 1024 [ 340.254102][ T7715] EXT4-fs (loop0): Test dummy encryption mode enabled [ 340.281020][ T7715] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 340.335043][ T7729] binder: 7723:7729 ioctl 4018620d 0 returned -22 [ 340.616688][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.742940][ T28] audit: type=1326 audit(1761216488.252:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 345.765175][ C0] vkms_vblank_simulate: vblank timer overrun [ 345.862510][ T28] audit: type=1326 audit(1761216488.252:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 345.919686][ T28] audit: type=1326 audit(1761216488.342:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 345.996803][ T28] audit: type=1326 audit(1761216488.342:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 346.025708][ T7790] binder: 7788:7790 ioctl 4018620d 0 returned -22 [ 346.065765][ T28] audit: type=1326 audit(1761216488.342:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 346.115515][ T28] audit: type=1326 audit(1761216488.342:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 346.204286][ T28] audit: type=1326 audit(1761216488.342:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 346.278309][ T28] audit: type=1326 audit(1761216488.342:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 346.312616][ T28] audit: type=1326 audit(1761216488.342:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 346.417609][ T28] audit: type=1326 audit(1761216488.342:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7785 comm="syz.0.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f476c78f003 code=0x7ffc0000 [ 347.825022][ T7786] loop0: detected capacity change from 0 to 40427 [ 347.937252][ T7786] F2FS-fs (loop0): invalid crc value [ 348.011321][ T7786] F2FS-fs (loop0): Found nat_bits in checkpoint [ 348.282160][ T7786] F2FS-fs (loop0): Start checkpoint disabled! [ 348.309107][ T7786] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 350.965440][ T35] kworker/u4:2: attempt to access beyond end of device [ 350.965440][ T35] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 350.984373][ T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 350.996489][ T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 351.009436][ T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 351.017492][ T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 351.228857][ T7824] loop2: detected capacity change from 0 to 16 [ 351.284143][ T7824] erofs: (device loop2): mounted with root inode @ nid 36. [ 351.713699][ T7824] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 351.723995][ T7824] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 352.449023][ T7824] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 352.468455][ T7824] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 352.486200][ T7824] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 353.007998][ T7827] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 353.018245][ T7827] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 353.028232][ T7827] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 353.038014][ T7827] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 353.048057][ T7827] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 355.560482][ T7847] binder: 7844:7847 ioctl 4018620d 0 returned -22 [ 356.875129][ T7873] loop2: detected capacity change from 0 to 4096 [ 356.885999][ T7873] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 357.706754][ T7451] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 358.234490][ T7880] loop2: detected capacity change from 0 to 1024 [ 358.342241][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.358677][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.366093][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.399084][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.406507][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.442748][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.456156][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.464276][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.490892][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.534441][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.544800][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.568170][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.598104][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.628755][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.849747][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.849826][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.851440][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.851485][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.851870][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.851910][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.852317][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.852362][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.854846][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.854893][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.855299][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.855342][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 358.864086][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.007454][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.353562][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.450445][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.467749][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.553621][ T7889] binder: 7884:7889 ioctl 4018620d 0 returned -22 [ 359.590420][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.643264][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.662857][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.702758][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.720100][ T7880] hfsplus: request for non-existent node 16777216 in B*Tree [ 359.732075][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 359.732089][ T28] audit: type=1800 audit(1761216502.242:576): pid=7880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.529" name="file1" dev="loop2" ino=20 res=0 errno=0 [ 359.941012][ T7898] loop1: detected capacity change from 0 to 2048 [ 359.992505][ T7903] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 360.201579][ T7905] NILFS error (device loop1): nilfs_lookup: deleted inode referenced: 12 [ 360.293836][ T7905] Remounting filesystem read-only [ 361.011371][ T7911] loop2: detected capacity change from 0 to 4096 [ 361.020286][ T7911] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 363.671150][ T28] audit: type=1326 audit(1761216506.172:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 363.751928][ T28] audit: type=1326 audit(1761216506.172:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 363.803936][ T28] audit: type=1326 audit(1761216506.172:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 363.874648][ T28] audit: type=1326 audit(1761216506.172:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 363.898218][ T28] audit: type=1326 audit(1761216506.172:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 363.922701][ T28] audit: type=1326 audit(1761216506.172:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 363.945296][ T28] audit: type=1326 audit(1761216506.172:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 364.012456][ T28] audit: type=1326 audit(1761216506.172:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 364.079657][ T28] audit: type=1326 audit(1761216506.172:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 364.195551][ T7927] binder: 7925:7927 ioctl 4018620d 0 returned -22 [ 365.107886][ T7936] loop1: detected capacity change from 0 to 1024 [ 365.136554][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 365.136568][ T28] audit: type=1326 audit(1761216507.642:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f476c78f057 code=0x7ffc0000 [ 365.203384][ T7921] loop0: detected capacity change from 0 to 40427 [ 365.215559][ T28] audit: type=1326 audit(1761216507.712:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f476c78d810 code=0x7ffc0000 [ 365.238504][ T28] audit: type=1326 audit(1761216507.712:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f476c78ebcb code=0x7ffc0000 [ 365.257463][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.264175][ T28] audit: type=1326 audit(1761216507.722:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f476c78dc2a code=0x7ffc0000 [ 365.268923][ T7921] F2FS-fs (loop0): invalid crc value [ 365.318293][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.326540][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.344091][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.362588][ T7921] F2FS-fs (loop0): Found nat_bits in checkpoint [ 365.378429][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.383538][ T28] audit: type=1326 audit(1761216507.722:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f476c78dc2a code=0x7ffc0000 [ 365.407905][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.416503][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.451990][ T28] audit: type=1326 audit(1761216507.722:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f476c78d717 code=0x7ffc0000 [ 365.456577][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.483847][ T28] audit: type=1326 audit(1761216507.722:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f476c79076a code=0x7ffc0000 [ 365.506721][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.527652][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.549750][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.566738][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.574885][ T7921] F2FS-fs (loop0): Start checkpoint disabled! [ 365.579729][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.589439][ T7921] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 365.595062][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.614729][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.629084][ T28] audit: type=1326 audit(1761216508.132:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f476c78d810 code=0x7ffc0000 [ 365.664212][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.682158][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.691437][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.699322][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.706858][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.716028][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.724601][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.732296][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.748703][ T28] audit: type=1326 audit(1761216508.132:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f476c78dd17 code=0x7ffc0000 [ 365.771126][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.771357][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.786394][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.794433][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.828282][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.846506][ T28] audit: type=1326 audit(1761216508.132:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.0.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f476c78d810 code=0x7ffc0000 [ 365.938196][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 365.945805][ T7936] hfsplus: request for non-existent node 16777216 in B*Tree [ 367.518958][ T7958] binder: 7956:7958 ioctl 4018620d 0 returned -22 [ 368.067116][ T5910] kworker/u4:11: attempt to access beyond end of device [ 368.067116][ T5910] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 368.081553][ T5910] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 368.090543][ T5910] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 368.102263][ T5910] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 368.112055][ T5910] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 371.672638][ T7989] loop2: detected capacity change from 0 to 2048 [ 371.746016][ T7991] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 372.134335][ T7994] NILFS error (device loop2): nilfs_lookup: deleted inode referenced: 12 [ 372.383398][ T7994] Remounting filesystem read-only [ 372.438254][ T7997] binder: 7992:7997 ioctl 4018620d 0 returned -22 [ 373.038765][ T8003] loop1: detected capacity change from 0 to 16 [ 373.057023][ T8003] erofs: (device loop1): mounted with root inode @ nid 36. [ 373.100091][ T8003] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 373.135416][ T8003] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 373.148417][ T8003] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 373.158572][ T8003] syz.1.566: attempt to access beyond end of device [ 373.158572][ T8003] loop1: rw=0, sector=296, nr_sectors = 8 limit=16 [ 373.173387][ T8003] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 373.183097][ T8003] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 373.201342][ T8003] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 373.212457][ T8003] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 373.488225][ T5777] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 373.838533][ T5777] usb 2-1: Using ep0 maxpacket: 8 [ 373.925687][ T5777] usb 2-1: config 0 has an invalid interface number: 145 but max is 0 [ 373.964825][ T5777] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 374.015798][ T5777] usb 2-1: config 0 has no interface number 0 [ 374.034007][ T5777] usb 2-1: config 0 interface 145 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 374.216431][ T5777] usb 2-1: New USB device found, idVendor=7d72, idProduct=445f, bcdDevice=98.21 [ 374.257069][ T5777] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.284367][ T5777] usb 2-1: Product: syz [ 374.298039][ T5777] usb 2-1: Manufacturer: syz [ 374.317812][ T5777] usb 2-1: SerialNumber: syz [ 374.338761][ T5777] usb 2-1: config 0 descriptor?? [ 374.713410][ T8021] loop2: detected capacity change from 0 to 4096 [ 374.723768][ T8021] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 374.794919][ T5777] usb 2-1: bad CDC descriptors [ 375.046136][ T5777] usb 2-1: bad CDC descriptors [ 375.200971][ T5777] usb 2-1: USB disconnect, device number 4 [ 375.630744][ T8029] binder: 8023:8029 ioctl 4018620d 0 returned -22 [ 377.144253][ T8036] loop0: detected capacity change from 0 to 2048 [ 377.224867][ T8037] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 377.909904][ T8039] NILFS error (device loop0): nilfs_lookup: deleted inode referenced: 12 [ 378.104446][ T8039] Remounting filesystem read-only [ 378.896726][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.903571][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.212748][ T8059] loop0: detected capacity change from 0 to 4096 [ 379.222687][ T8059] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 379.846465][ T8061] loop2: detected capacity change from 0 to 16 [ 379.998335][ T8061] erofs: (device loop2): mounted with root inode @ nid 36. [ 380.058765][ T8061] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 380.109272][ T8061] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 380.142191][ T8061] erofs: (device loop2): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 380.242528][ T8061] syz.2.582: attempt to access beyond end of device [ 380.242528][ T8061] loop2: rw=0, sector=296, nr_sectors = 8 limit=16 [ 381.118225][ T8061] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 381.179828][ T8061] erofs: (device loop2): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 381.207013][ T8065] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 381.219535][ T8065] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 381.448039][ T8070] binder: 8068:8070 ioctl 4018620d 0 returned -22 [ 381.571888][ T786] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 382.118023][ T786] usb 3-1: Using ep0 maxpacket: 8 [ 382.129736][ T786] usb 3-1: config 0 has an invalid interface number: 145 but max is 0 [ 382.144019][ T786] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 382.157753][ T786] usb 3-1: config 0 has no interface number 0 [ 382.167014][ T786] usb 3-1: config 0 interface 145 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 382.228593][ T786] usb 3-1: New USB device found, idVendor=7d72, idProduct=445f, bcdDevice=98.21 [ 382.384371][ T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.399731][ T8078] ksmbd: Unknown IPC event: 0, ignore. [ 382.414420][ T786] usb 3-1: Product: syz [ 382.426112][ T786] usb 3-1: Manufacturer: syz [ 382.445842][ T786] usb 3-1: SerialNumber: syz [ 382.473249][ T786] usb 3-1: config 0 descriptor?? [ 382.588297][ T8078] loop0: detected capacity change from 0 to 8 [ 382.596152][ T8078] squashfs: Unknown parameter 'y' [ 382.649355][ T5795] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 382.710214][ T786] usb 3-1: bad CDC descriptors [ 382.850994][ T786] usb 3-1: bad CDC descriptors [ 382.973379][ T786] usb 3-1: USB disconnect, device number 4 [ 385.456534][ T8106] loop1: detected capacity change from 0 to 16 [ 385.471896][ T8106] erofs: (device loop1): mounted with root inode @ nid 36. [ 385.867822][ T8106] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 385.882038][ T8106] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 385.914030][ T8106] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 385.929314][ T8106] syz.1.597: attempt to access beyond end of device [ 385.929314][ T8106] loop1: rw=0, sector=296, nr_sectors = 8 limit=16 [ 385.944559][ T8106] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 386.001374][ T8106] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 386.050769][ T8112] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 386.153377][ T8112] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 386.578448][ T5877] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 387.258966][ T5877] usb 2-1: Using ep0 maxpacket: 8 [ 387.286812][ T5877] usb 2-1: config 0 has an invalid interface number: 145 but max is 0 [ 387.315214][ T5877] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 387.354228][ T5877] usb 2-1: config 0 has no interface number 0 [ 387.380466][ T5877] usb 2-1: config 0 interface 145 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 387.440773][ T5877] usb 2-1: New USB device found, idVendor=7d72, idProduct=445f, bcdDevice=98.21 [ 387.471004][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.494978][ T5877] usb 2-1: Product: syz [ 387.500721][ T5877] usb 2-1: Manufacturer: syz [ 387.505506][ T5877] usb 2-1: SerialNumber: syz [ 387.521219][ T5877] usb 2-1: config 0 descriptor?? [ 388.128605][ T5877] usb 2-1: bad CDC descriptors [ 388.148315][ T5877] usb 2-1: bad CDC descriptors [ 388.211299][ T5877] usb 2-1: USB disconnect, device number 5 [ 388.648590][ T786] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 388.879258][ T786] usb 4-1: Using ep0 maxpacket: 8 [ 388.892774][ T786] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 388.916272][ T786] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 388.967869][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.991496][ T786] usb 4-1: config 0 descriptor?? [ 389.541662][ T8148] netlink: 84 bytes leftover after parsing attributes in process `syz.0.608'. [ 389.601407][ T786] corsair 0003:1B1C:1B09.0007: unknown main item tag 0x7 [ 389.620088][ T786] corsair 0003:1B1C:1B09.0007: unknown main item tag 0x0 [ 389.640703][ T786] corsair 0003:1B1C:1B09.0007: unknown main item tag 0x0 [ 389.678502][ T786] corsair 0003:1B1C:1B09.0007: hidraw0: USB HID v0.00 Device [HID 1b1c:1b09] on usb-dummy_hcd.3-1/input0 [ 389.812309][ T786] usb 4-1: USB disconnect, device number 8 [ 390.533816][ T8152] fido_id[8152]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 391.011120][ T8158] loop3: detected capacity change from 0 to 4096 [ 391.022136][ T8158] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 391.624894][ T8165] loop3: detected capacity change from 0 to 16 [ 391.639562][ T8165] erofs: (device loop3): mounted with root inode @ nid 36. [ 391.652252][ T8165] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 391.683495][ T8165] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 391.867811][ T8165] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 392.866822][ T8165] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 393.131239][ T5777] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 393.367999][ T5777] usb 4-1: Using ep0 maxpacket: 8 [ 393.416332][ T5777] usb 4-1: config 0 has an invalid interface number: 145 but max is 0 [ 393.464196][ T5777] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 393.489881][ T5777] usb 4-1: config 0 has no interface number 0 [ 393.496413][ T5777] usb 4-1: config 0 interface 145 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 393.518548][ T5777] usb 4-1: New USB device found, idVendor=7d72, idProduct=445f, bcdDevice=98.21 [ 393.562247][ T5777] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.583016][ T5777] usb 4-1: Product: syz [ 393.587549][ T5777] usb 4-1: Manufacturer: syz [ 393.593513][ T5777] usb 4-1: SerialNumber: syz [ 393.616017][ T5777] usb 4-1: config 0 descriptor?? [ 393.900385][ T5777] usb 4-1: bad CDC descriptors [ 393.910787][ T5777] usb 4-1: bad CDC descriptors [ 393.974027][ T5777] usb 4-1: USB disconnect, device number 9 [ 394.006321][ T8182] netlink: 84 bytes leftover after parsing attributes in process `syz.1.617'. [ 396.939591][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 396.939605][ T28] audit: type=1326 audit(1761216539.452:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.400022][ T28] audit: type=1326 audit(1761216539.482:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.438375][ T8208] loop3: detected capacity change from 0 to 40427 [ 397.448844][ T28] audit: type=1326 audit(1761216539.562:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.471473][ T28] audit: type=1326 audit(1761216539.572:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.496141][ T8208] F2FS-fs (loop3): invalid crc value [ 397.503747][ T8208] F2FS-fs (loop3): Found nat_bits in checkpoint [ 397.577589][ T8208] F2FS-fs (loop3): Start checkpoint disabled! [ 397.593457][ T28] audit: type=1326 audit(1761216539.582:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.647127][ T28] audit: type=1326 audit(1761216539.582:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.664816][ T8208] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 397.674800][ T28] audit: type=1326 audit(1761216539.582:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.738120][ T28] audit: type=1326 audit(1761216539.592:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.765697][ T28] audit: type=1326 audit(1761216539.592:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 397.803236][ T28] audit: type=1326 audit(1761216539.592:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8207 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf0ed8efc9 code=0x7ffc0000 [ 399.153369][ T59] kworker/u4:4: attempt to access beyond end of device [ 399.153369][ T59] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 399.177700][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 399.208289][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 399.353387][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 399.368170][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 402.415926][ T28] kauditd_printk_skb: 94 callbacks suppressed [ 402.415940][ T28] audit: type=1326 audit(1761216544.922:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 402.701041][ T8250] loop0: detected capacity change from 0 to 40427 [ 402.720666][ T8250] F2FS-fs (loop0): invalid crc value [ 402.750829][ T8250] F2FS-fs (loop0): Found nat_bits in checkpoint [ 402.790473][ T8250] F2FS-fs (loop0): Start checkpoint disabled! [ 402.800298][ T8250] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 402.875283][ T28] audit: type=1326 audit(1761216544.952:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 402.899135][ T28] audit: type=1326 audit(1761216544.982:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 402.933325][ T28] audit: type=1326 audit(1761216544.982:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 402.956130][ T28] audit: type=1326 audit(1761216544.982:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 403.149192][ T28] audit: type=1326 audit(1761216544.982:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 403.180108][ T28] audit: type=1326 audit(1761216544.982:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 404.148143][ T28] audit: type=1326 audit(1761216544.982:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 404.256300][ T28] audit: type=1326 audit(1761216544.982:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 404.358206][ T28] audit: type=1326 audit(1761216544.982:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8248 comm="syz.0.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 406.649578][ T8268] loop2: detected capacity change from 0 to 16 [ 406.656850][ T11] kworker/u4:0: attempt to access beyond end of device [ 406.656850][ T11] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 406.694093][ T8268] erofs: (device loop2): mounted with root inode @ nid 36. [ 406.708299][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 406.715325][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 406.788758][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 406.795709][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 406.868841][ T8268] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 406.896658][ T8272] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 406.920335][ T8268] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 406.932665][ T8268] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 407.110340][ T8268] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 407.133509][ T8268] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 411.877655][ T28] kauditd_printk_skb: 66 callbacks suppressed [ 411.877669][ T28] audit: type=1326 audit(1761216554.372:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 411.986533][ T28] audit: type=1326 audit(1761216554.372:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 412.238391][ T8288] loop1: detected capacity change from 0 to 40427 [ 412.289815][ T8288] F2FS-fs (loop1): invalid crc value [ 412.300206][ T8288] F2FS-fs (loop1): Found nat_bits in checkpoint [ 412.349327][ T8288] F2FS-fs (loop1): Start checkpoint disabled! [ 412.527630][ T8288] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 412.998143][ T28] audit: type=1326 audit(1761216554.382:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 413.874325][ T8310] loop3: detected capacity change from 0 to 4096 [ 413.883929][ T8310] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 414.494523][ T28] audit: type=1326 audit(1761216554.382:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 414.519267][ T28] audit: type=1326 audit(1761216554.382:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 414.542577][ T28] audit: type=1326 audit(1761216554.392:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 414.564851][ T28] audit: type=1326 audit(1761216554.392:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 414.718181][ T28] audit: type=1326 audit(1761216554.392:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 414.845462][ T28] audit: type=1326 audit(1761216554.392:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 414.953519][ T28] audit: type=1326 audit(1761216554.392:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8286 comm="syz.1.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f470d98efc9 code=0x7ffc0000 [ 414.991119][ T8320] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 417.004309][ T59] kworker/u4:4: attempt to access beyond end of device [ 417.004309][ T59] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 417.058031][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 417.064990][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 417.117812][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 417.151726][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 420.371513][ T8350] loop3: detected capacity change from 0 to 4096 [ 420.380522][ T8350] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 421.059709][ T8358] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 425.705760][ T8387] netlink: 24 bytes leftover after parsing attributes in process `syz.2.673'. [ 426.493675][ T8392] loop2: detected capacity change from 0 to 16 [ 426.503179][ T8392] erofs: (device loop2): mounted with root inode @ nid 36. [ 426.556354][ T8392] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 426.567561][ T8394] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 426.766072][ T8392] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 426.783195][ T8392] erofs: (device loop2): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 426.796738][ T8392] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 426.806857][ T8392] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 429.740974][ T8427] netlink: 24 bytes leftover after parsing attributes in process `syz.3.681'. [ 430.345264][ T8435] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 434.564154][ T8467] loop2: detected capacity change from 0 to 16 [ 434.584412][ T8468] netlink: 24 bytes leftover after parsing attributes in process `syz.3.694'. [ 434.592681][ T8467] erofs: (device loop2): mounted with root inode @ nid 36. [ 434.634036][ T8467] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 434.688075][ T8467] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 434.719633][ T8469] erofs: (device loop2): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 434.778823][ T8469] syz.2.696: attempt to access beyond end of device [ 434.778823][ T8469] loop2: rw=0, sector=296, nr_sectors = 8 limit=16 [ 434.800897][ T8469] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 434.823824][ T8469] erofs: (device loop2): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 434.826309][ T8473] netlink: 84 bytes leftover after parsing attributes in process `syz.1.698'. [ 438.759968][ T8517] loop1: detected capacity change from 0 to 16 [ 438.809735][ T8517] erofs: (device loop1): mounted with root inode @ nid 36. [ 438.837612][ T8518] netlink: 24 bytes leftover after parsing attributes in process `syz.3.707'. [ 438.862503][ T8517] erofs: (device loop1): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 438.898320][ T8517] erofs: (device loop1): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 438.919801][ T8517] erofs: (device loop1): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 438.930206][ T8517] erofs: (device loop1): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 438.943750][ T8517] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 439.198000][ T8520] loop1: detected capacity change from 0 to 16 [ 439.231848][ T8520] erofs: (device loop1): mounted with root inode @ nid 36. [ 439.294724][ T8520] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 439.320568][ T8520] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 439.331319][ T8520] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 439.368116][ T8520] syz.1.709: attempt to access beyond end of device [ 439.368116][ T8520] loop1: rw=0, sector=296, nr_sectors = 8 limit=16 [ 439.411805][ T8520] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 439.428593][ T8520] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 440.413824][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.421529][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.718964][ T5777] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 441.991844][ T5777] usb 4-1: Using ep0 maxpacket: 8 [ 442.050586][ T8546] loop1: detected capacity change from 0 to 4096 [ 442.060481][ T8546] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 442.356679][ T5777] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 442.371437][ T5777] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 442.380589][ T5777] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.408671][ T5777] usb 4-1: config 0 descriptor?? [ 442.712320][ T8558] netlink: 24 bytes leftover after parsing attributes in process `syz.0.719'. [ 442.830793][ T5777] usbhid 4-1:0.0: can't add hid device: -71 [ 442.872414][ T5777] usbhid: probe of 4-1:0.0 failed with error -71 [ 442.897072][ T5777] usb 4-1: USB disconnect, device number 10 [ 444.630204][ T8572] loop3: detected capacity change from 0 to 16 [ 444.968822][ T8572] erofs: (device loop3): mounted with root inode @ nid 36. [ 445.848357][ T8572] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 445.921674][ T8572] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 445.951448][ T8579] erofs: (device loop3): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 446.013917][ T8579] syz.3.725: attempt to access beyond end of device [ 446.013917][ T8579] loop3: rw=0, sector=296, nr_sectors = 8 limit=16 [ 446.069958][ T8579] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 446.109262][ T8579] erofs: (device loop3): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 447.599115][ T8600] fuse: Bad value for 'fd' [ 448.891752][ T8616] loop2: detected capacity change from 0 to 16 [ 448.902679][ T8618] netlink: 24 bytes leftover after parsing attributes in process `syz.1.730'. [ 448.911105][ T8616] erofs: (device loop2): mounted with root inode @ nid 36. [ 448.924683][ T8616] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 449.018589][ T8616] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 450.191959][ T8625] loop3: detected capacity change from 0 to 4096 [ 450.201259][ T8625] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 455.068714][ T8657] loop3: detected capacity change from 0 to 16 [ 455.101031][ T8657] erofs: (device loop3): mounted with root inode @ nid 36. [ 455.280394][ T8657] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 455.307392][ T8657] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 456.052838][ T8666] netlink: 24 bytes leftover after parsing attributes in process `syz.0.749'. [ 456.167805][ T8669] netlink: 24 bytes leftover after parsing attributes in process `syz.1.750'. [ 460.341208][ T8707] loop1: detected capacity change from 0 to 16 [ 460.364668][ T8707] erofs: (device loop1): mounted with root inode @ nid 36. [ 462.818998][ T8723] netlink: 24 bytes leftover after parsing attributes in process `syz.0.763'. [ 464.098358][ T8739] netlink: 24 bytes leftover after parsing attributes in process `syz.1.765'. [ 468.988251][ T8768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.775'. [ 469.275400][ T8778] netlink: 24 bytes leftover after parsing attributes in process `syz.1.777'. [ 470.894697][ T8798] loop1: detected capacity change from 0 to 2048 [ 471.024494][ T8803] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 471.025662][ T8791] netlink: 24 bytes leftover after parsing attributes in process `syz.2.784'. [ 471.079342][ T8801] loop3: detected capacity change from 0 to 1024 [ 471.404896][ T8801] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 471.575613][ T8806] NILFS error (device loop1): nilfs_lookup: deleted inode referenced: 12 [ 472.468371][ T8816] netlink: 24 bytes leftover after parsing attributes in process `syz.0.788'. [ 472.477368][ T8806] Remounting filesystem read-only [ 472.479968][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.121028][ T8834] loop3: detected capacity change from 0 to 16 [ 474.151958][ T8834] erofs: (device loop3): mounted with root inode @ nid 36. [ 474.185549][ T8834] erofs: (device loop3): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 474.216638][ T8834] erofs: (device loop3): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 474.256581][ T8834] erofs: (device loop3): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 474.285586][ T8834] erofs: (device loop3): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 474.320130][ T8834] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 474.445312][ T8842] loop0: detected capacity change from 0 to 1024 [ 474.992792][ T8842] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 475.814341][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.985509][ T8858] netlink: 24 bytes leftover after parsing attributes in process `syz.1.799'. [ 477.598920][ T8886] netlink: 8 bytes leftover after parsing attributes in process `syz.0.809'. [ 477.957130][ T8883] netlink: 52 bytes leftover after parsing attributes in process `syz.1.811'. [ 478.081730][ T8887] loop2: detected capacity change from 0 to 4096 [ 478.091873][ T8887] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 478.935208][ T8891] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 478.983539][ T8894] loop0: detected capacity change from 0 to 256 [ 479.051289][ T8894] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 481.808572][ T8918] loop1: detected capacity change from 0 to 4096 [ 481.820763][ T8918] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 482.432090][ T8923] loop1: detected capacity change from 0 to 4096 [ 482.442099][ T8923] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 483.690334][ T8938] loop0: detected capacity change from 0 to 2048 [ 483.760562][ T8941] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 485.050648][ T8943] NILFS error (device loop0): nilfs_lookup: deleted inode referenced: 12 [ 485.335768][ T8943] Remounting filesystem read-only [ 486.302188][ T8961] netlink: 24 bytes leftover after parsing attributes in process `syz.2.831'. [ 487.292400][ T28] kauditd_printk_skb: 63 callbacks suppressed [ 487.292418][ T28] audit: type=1326 audit(1761216629.792:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.364523][ T28] audit: type=1326 audit(1761216629.792:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.425754][ T28] audit: type=1326 audit(1761216629.852:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.564455][ T28] audit: type=1326 audit(1761216629.852:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.714748][ T8972] loop2: detected capacity change from 0 to 40427 [ 487.723858][ T28] audit: type=1326 audit(1761216629.852:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.752590][ T28] audit: type=1326 audit(1761216629.852:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.777254][ T28] audit: type=1326 audit(1761216629.852:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.800905][ T8972] F2FS-fs (loop2): invalid crc value [ 487.815212][ T8972] F2FS-fs (loop2): Found nat_bits in checkpoint [ 487.867336][ T8972] F2FS-fs (loop2): Start checkpoint disabled! [ 487.898067][ T8972] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 487.916540][ T28] audit: type=1326 audit(1761216629.852:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 487.968778][ T28] audit: type=1326 audit(1761216629.852:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 488.603062][ T28] audit: type=1326 audit(1761216629.852:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8970 comm="syz.2.836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b4d8efc9 code=0x7ffc0000 [ 489.492240][ T35] kworker/u4:2: attempt to access beyond end of device [ 489.492240][ T35] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 489.506885][ T35] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 489.514115][ T35] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 489.521420][ T35] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 489.528705][ T35] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 490.525471][ T9004] netlink: 24 bytes leftover after parsing attributes in process `syz.1.845'. [ 492.879520][ T9015] netlink: 24 bytes leftover after parsing attributes in process `syz.3.851'. [ 493.114426][ T28] kauditd_printk_skb: 96 callbacks suppressed [ 493.114440][ T28] audit: type=1326 audit(1761216635.622:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 493.573894][ T9034] loop0: detected capacity change from 0 to 40427 [ 494.171531][ T9034] F2FS-fs (loop0): invalid crc value [ 494.221885][ T28] audit: type=1326 audit(1761216635.622:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 494.246462][ T9034] F2FS-fs (loop0): Found nat_bits in checkpoint [ 494.265596][ T28] audit: type=1326 audit(1761216635.632:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 494.319902][ T9034] F2FS-fs (loop0): Start checkpoint disabled! [ 494.322594][ T28] audit: type=1326 audit(1761216635.632:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 494.358814][ T9034] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 494.600458][ T28] audit: type=1326 audit(1761216635.632:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 494.630219][ T28] audit: type=1326 audit(1761216635.632:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 495.328302][ T28] audit: type=1326 audit(1761216635.632:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 495.387622][ T28] audit: type=1326 audit(1761216635.632:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 495.616918][ T28] audit: type=1326 audit(1761216635.632:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 495.713185][ T28] audit: type=1326 audit(1761216635.632:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9032 comm="syz.0.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 496.608309][ T5877] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 496.863677][ T9051] syz.0.854 (9051) used greatest stack depth: 19976 bytes left [ 496.889281][ T5877] usb 3-1: Using ep0 maxpacket: 8 [ 496.912497][ T5877] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 496.964747][ T5877] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 497.002406][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.066411][ T5877] usb 3-1: config 0 descriptor?? [ 497.144215][ T3518] kworker/u4:8: attempt to access beyond end of device [ 497.144215][ T3518] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 497.197082][ T3518] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 497.204388][ T3518] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 497.211529][ T3518] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 497.224917][ T3518] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 499.042952][ T5877] usbhid 3-1:0.0: can't add hid device: -71 [ 499.056121][ T5877] usbhid: probe of 3-1:0.0 failed with error -71 [ 499.188252][ T5877] usb 3-1: USB disconnect, device number 5 [ 500.109336][ T9086] loop1: detected capacity change from 0 to 1764 [ 500.191686][ T8836] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 501.888095][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.899715][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.234301][ T9114] loop0: detected capacity change from 0 to 2048 [ 502.243074][ T9114] EXT4-fs: Ignoring removed nomblk_io_submit option [ 502.294281][ T9114] EXT4-fs: Ignoring removed nobh option [ 502.332547][ T9114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 502.633441][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 502.979309][ T9130] loop3: detected capacity change from 0 to 1764 [ 505.403764][ T9154] loop0: detected capacity change from 0 to 4096 [ 505.413940][ T9154] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 506.091490][ T9162] program syz.3.891 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 506.393089][ T9169] loop0: detected capacity change from 0 to 1764 [ 506.467808][ T8836] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 508.607956][ T9185] loop2: detected capacity change from 0 to 8 [ 508.951721][ T9188] loop0: detected capacity change from 0 to 4096 [ 508.961628][ T9188] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 510.645692][ T8314] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 510.691094][ T28] kauditd_printk_skb: 65 callbacks suppressed [ 510.691110][ T28] audit: type=1800 audit(1761216653.202:1053): pid=9183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.899" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 510.882481][ T9191] Bluetooth: MGMT ver 1.22 [ 511.955064][ T9206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.904'. [ 512.266655][ T9207] loop2: detected capacity change from 0 to 1764 [ 513.308152][ T8836] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 513.579034][ T28] audit: type=1326 audit(1761216656.082:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 513.952159][ T9215] loop0: detected capacity change from 0 to 40427 [ 514.034832][ T28] audit: type=1326 audit(1761216656.102:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 514.102137][ T9215] F2FS-fs (loop0): invalid crc value [ 514.118999][ T9215] F2FS-fs (loop0): Found nat_bits in checkpoint [ 514.133036][ T28] audit: type=1326 audit(1761216656.102:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 514.216993][ T9215] F2FS-fs (loop0): Start checkpoint disabled! [ 514.228896][ T28] audit: type=1326 audit(1761216656.102:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 514.251639][ T28] audit: type=1326 audit(1761216656.102:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 514.278207][ T9215] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 514.661289][ T9225] loop2: detected capacity change from 0 to 4096 [ 514.670967][ T9225] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 515.113797][ T28] audit: type=1326 audit(1761216656.102:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 515.447903][ T9229] netlink: 8 bytes leftover after parsing attributes in process `syz.1.911'. [ 515.720234][ T28] audit: type=1326 audit(1761216656.102:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 515.818165][ T28] audit: type=1326 audit(1761216656.102:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 515.888168][ T28] audit: type=1326 audit(1761216656.102:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 516.266377][ T28] audit: type=1326 audit(1761216656.102:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 516.377634][ T28] audit: type=1326 audit(1761216656.102:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f476c78efc9 code=0x7ffc0000 [ 516.543553][ T28] audit: type=1326 audit(1761216656.102:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f476c78f003 code=0x7ffc0000 [ 516.703062][ T28] audit: type=1326 audit(1761216656.222:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f476c78da7f code=0x7ffc0000 [ 516.725689][ T28] audit: type=1326 audit(1761216656.452:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f476c78f057 code=0x7ffc0000 [ 517.570317][ T28] audit: type=1326 audit(1761216656.462:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f476c78d810 code=0x7ffc0000 [ 517.775552][ T28] audit: type=1326 audit(1761216656.462:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f476c78ebcb code=0x7ffc0000 [ 517.902821][ T9247] loop2: detected capacity change from 0 to 1764 [ 519.158718][ T48] kworker/u4:3: attempt to access beyond end of device [ 519.158718][ T48] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 519.201735][ T48] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 519.216752][ T48] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 519.228360][ T48] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 520.902345][ T9275] loop0: detected capacity change from 0 to 512 [ 520.922003][ T9275] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 520.990853][ T9275] EXT4-fs (loop0): 1 truncate cleaned up [ 521.019520][ T9275] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 522.176592][ T9288] loop1: detected capacity change from 0 to 1764 [ 522.255291][ T8289] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 522.547997][ T50] Bluetooth: hci2: Malformed HCI Event [ 523.344516][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.712856][ T9301] IPv6: Can't replace route, no match found [ 528.045255][ T9322] loop0: detected capacity change from 0 to 1764 [ 528.166472][ T8836] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 528.868157][ T786] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 529.269997][ T786] usb 2-1: Using ep0 maxpacket: 8 [ 529.406494][ T786] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 529.452954][ T786] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 529.462229][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.472929][ T786] usb 2-1: config 0 descriptor?? [ 530.003707][ T786] usbhid 2-1:0.0: can't add hid device: -71 [ 530.021351][ T786] usbhid: probe of 2-1:0.0 failed with error -71 [ 530.077231][ T786] usb 2-1: USB disconnect, device number 6 [ 543.018135][ T9365] loop1: detected capacity change from 0 to 1764 [ 544.988920][ T5788] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 545.008577][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 545.016964][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 545.027212][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 545.035670][ T5788] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 545.047660][ T5788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 545.806535][ T9394] netlink: 24 bytes leftover after parsing attributes in process `syz.3.960'. [ 546.495273][ T9381] chnl_net:caif_netlink_parms(): no params data found [ 546.728669][ T9381] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.736573][ T9381] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.750225][ T9381] bridge_slave_0: entered allmulticast mode [ 546.758512][ T9381] bridge_slave_0: entered promiscuous mode [ 546.901533][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 546.910458][ T9381] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.921613][ T9381] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.930032][ T9381] bridge_slave_1: entered allmulticast mode [ 546.942298][ T9381] bridge_slave_1: entered promiscuous mode [ 546.998718][ T9381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 547.019624][ T9381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 547.089912][ T9381] team0: Port device team_slave_0 added [ 547.098490][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 547.107568][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 547.121890][ T9381] team0: Port device team_slave_1 added [ 547.128231][ T5788] Bluetooth: hci0: command tx timeout [ 547.138387][ T8] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 547.147535][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.171427][ T8] usb 1-1: config 0 descriptor?? [ 547.199774][ T9381] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 547.206849][ T9381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.233549][ T9381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 547.249998][ T9381] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 547.257283][ T9381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.284585][ T9381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 547.383697][ T9381] hsr_slave_0: entered promiscuous mode [ 547.395934][ T9381] hsr_slave_1: entered promiscuous mode [ 547.405835][ T9381] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 547.415930][ T9381] Cannot create hsr debugfs directory [ 547.672480][ T8] usbhid 1-1:0.0: can't add hid device: -71 [ 547.687830][ T8] usbhid: probe of 1-1:0.0 failed with error -71 [ 547.704300][ T8] usb 1-1: USB disconnect, device number 4 [ 548.125056][ T9381] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 548.150348][ T9381] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 548.177131][ T9381] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 548.338616][ T9381] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 549.761113][ T5788] Bluetooth: hci0: command tx timeout [ 549.822182][ T9381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 549.980363][ T9381] 8021q: adding VLAN 0 to HW filter on device team0 [ 550.050474][ T8341] bridge0: port 1(bridge_slave_0) entered blocking state [ 550.058931][ T8341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 551.007463][ T8341] bridge0: port 2(bridge_slave_1) entered blocking state [ 551.014721][ T8341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 551.329665][ T9441] netlink: 24 bytes leftover after parsing attributes in process `syz.0.969'. [ 551.697044][ T9443] loop1: detected capacity change from 0 to 4096 [ 551.706739][ T9443] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 552.126780][ T50] Bluetooth: hci0: command tx timeout [ 552.312092][ T9381] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 553.018156][ T5877] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 553.084145][ T9381] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 553.339269][ T5877] usb 2-1: Using ep0 maxpacket: 8 [ 553.589461][ T5877] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 553.664646][ T5877] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 553.720138][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.829824][ T5877] usb 2-1: config 0 descriptor?? [ 554.208114][ T50] Bluetooth: hci0: command tx timeout [ 554.473366][ T5877] usbhid 2-1:0.0: can't add hid device: -71 [ 554.546471][ T5877] usbhid: probe of 2-1:0.0 failed with error -71 [ 554.874350][ T5877] usb 2-1: USB disconnect, device number 7 [ 555.803817][ T9381] veth0_vlan: entered promiscuous mode [ 556.007829][ T9381] veth1_vlan: entered promiscuous mode [ 556.485960][ T9381] veth0_macvtap: entered promiscuous mode [ 556.531485][ T9381] veth1_macvtap: entered promiscuous mode [ 556.552174][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.563640][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.575141][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.585907][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.597931][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.630039][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.654635][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.680886][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.701662][ T9381] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 556.933376][ T9490] loop3: detected capacity change from 0 to 4096 [ 556.943649][ T9490] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 558.514586][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.578209][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.588161][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.606610][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.616583][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.628723][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.638691][ T9381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.649947][ T9381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.663007][ T9381] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 559.883798][ T9500] netlink: 24 bytes leftover after parsing attributes in process `syz.1.984'. [ 560.493586][ T5910] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.761579][ T9381] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.961574][ T9381] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.188068][ T9381] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.209928][ T9508] loop1: detected capacity change from 0 to 64 [ 561.238069][ T9381] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.678845][ T9516] UBIFS error (pid: 9516): cannot open "/dev/sg0", error -22 [ 562.140239][ T5910] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.370022][ T5910] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.491958][ T5910] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.702538][ T3523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.755810][ T3523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.884029][ T3523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.904599][ T3523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 563.129572][ T9529] netlink: 24 bytes leftover after parsing attributes in process `syz.0.996'. [ 563.232511][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.800420][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.342272][ T9566] netlink: 24 bytes leftover after parsing attributes in process `syz.0.999'. [ 567.796806][ T9570] loop1: detected capacity change from 0 to 1764 [ 568.701632][ T9578] fuse: Bad value for 'fd' [ 571.319109][ T9596] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1007'. [ 571.955949][ T9598] loop0: detected capacity change from 0 to 4096 [ 571.963117][ T9598] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 572.200595][ T9351] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 572.969467][ T5788] Bluetooth: hci4: command 0x1003 tx timeout [ 572.976087][ T50] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 574.518712][ T9629] loop0: detected capacity change from 0 to 1764 [ 575.367844][ C0] sched: RT throttling activated [ 576.464523][ T9645] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1018'. [ 579.105890][ T1187] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 579.434922][ T1187] usb 4-1: too many configurations: 151, using maximum allowed: 8 [ 579.687479][ T1187] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 579.813724][ T1187] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 579.948353][ T1187] usb 4-1: Product: syz [ 580.002533][ T1187] usb 4-1: Manufacturer: syz [ 580.062002][ T1187] usb 4-1: SerialNumber: syz [ 580.165351][ T1187] usb 4-1: config 0 descriptor?? [ 580.386729][ T9664] loop1: detected capacity change from 0 to 128 [ 580.505692][ T9664] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 582.586004][ T1187] usb 4-1: can't set config #0, error -71 [ 582.595564][ T1187] usb 4-1: USB disconnect, device number 11 [ 583.661563][ T9664] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 585.391668][ T50] Bluetooth: hci0: Malformed HCI Event [ 586.863616][ T5910] hsr_slave_0: left promiscuous mode [ 586.892428][ T5910] hsr_slave_1: left promiscuous mode [ 586.912305][ T5910] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 586.930255][ T5910] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 586.949223][ T5910] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 586.958674][ T5910] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.975148][ T5910] bridge_slave_1: left allmulticast mode [ 586.981573][ T5910] bridge_slave_1: left promiscuous mode [ 586.992573][ T5910] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.006480][ T5910] bridge_slave_0: left allmulticast mode [ 587.023895][ T5910] bridge_slave_0: left promiscuous mode [ 587.037929][ T5910] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.153254][ T5910] veth0_macvtap: left promiscuous mode [ 587.159533][ T5910] veth1_vlan: left promiscuous mode [ 587.165166][ T5910] veth0_vlan: left promiscuous mode [ 587.191300][ T9712] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1031'. [ 588.123398][ T9721] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1033'. [ 589.144820][ T5910] team0 (unregistering): Port device team_slave_1 removed [ 589.164462][ T9723] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1034'. [ 589.212632][ T5910] team0 (unregistering): Port device team_slave_0 removed [ 589.285350][ T5910] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 589.374415][ T5910] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 589.899643][ T9731] loop1: detected capacity change from 0 to 4096 [ 589.906793][ T9731] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 589.981408][ T9351] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 590.862677][ T50] Bluetooth: hci3: Malformed HCI Event [ 591.104895][ T5910] bond0 (unregistering): Released all slaves [ 593.149709][ T9767] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1043'. [ 594.539660][ T9779] loop3: detected capacity change from 0 to 4096 [ 594.546691][ T9779] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 594.721482][ T9783] loop0: detected capacity change from 0 to 64 [ 594.995600][ T9786] loop3: detected capacity change from 0 to 2048 [ 595.097332][ T9790] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 596.049641][ T9797] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12 [ 596.201753][ T9797] Remounting filesystem read-only [ 596.833953][ T9811] loop1: detected capacity change from 0 to 512 [ 596.925810][ T9811] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 597.586262][ T9811] EXT4-fs (loop1): 1 truncate cleaned up [ 597.609099][ T9811] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 597.872936][ T9823] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1054'. [ 599.076083][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 599.195086][ T9832] loop4: detected capacity change from 0 to 512 [ 599.268019][ T9832] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 599.318611][ T9834] loop3: detected capacity change from 0 to 4096 [ 599.325661][ T9834] ntfs3: Unknown parameter 'süñwFeta)ÔÀ“kš´¨W¯ë½gŠW' [ 599.371870][ T9832] EXT4-fs (loop4): 1 truncate cleaned up [ 599.468127][ T9832] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 600.086992][ T9381] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.558178][ T9881] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1065'. [ 602.219396][ T9882] loop3: detected capacity change from 0 to 2048 [ 602.320604][ T9886] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 602.444454][ T9882] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12 [ 602.478945][ T9882] Remounting filesystem read-only [ 604.033643][ T9905] loop1: detected capacity change from 0 to 512 [ 604.076906][ T9905] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 604.222407][ T9905] EXT4-fs (loop1): 1 truncate cleaned up [ 604.270438][ T9905] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 605.698687][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.945531][ T9949] loop3: detected capacity change from 0 to 2048 [ 607.046001][ T9949] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 607.109291][ T9949] NILFS (loop3): mounting unchecked fs [ 607.191510][ T9949] NILFS (loop3): recovery complete [ 607.220407][ T9959] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 607.255486][ T9958] loop0: detected capacity change from 0 to 1024 [ 607.359288][ T9958] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 607.556388][ T9958] ================================================================== [ 607.564515][ T9958] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 607.572316][ T9958] Read of size 18446744073709551588 at addr ffff88805cb06040 by task syz.0.1083/9958 [ 607.581804][ T9958] [ 607.584290][ T9958] CPU: 0 PID: 9958 Comm: syz.0.1083 Not tainted syzkaller #0 [ 607.591708][ T9958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 607.601829][ T9958] Call Trace: [ 607.605116][ T9958] [ 607.608067][ T9958] dump_stack_lvl+0x16c/0x230 [ 607.612771][ T9958] ? read_lock_is_recursive+0x20/0x20 [ 607.618158][ T9958] ? show_regs_print_info+0x20/0x20 [ 607.623383][ T9958] ? load_image+0x3b0/0x3b0 [ 607.627897][ T9958] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 607.633286][ T9958] ? __virt_addr_valid+0x18c/0x540 [ 607.638407][ T9958] ? __virt_addr_valid+0x469/0x540 [ 607.643524][ T9958] print_report+0xac/0x220 [ 607.647958][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 607.653426][ T9958] kasan_report+0x117/0x150 [ 607.657952][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 607.663442][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 607.668939][ T9958] kasan_check_range+0x288/0x290 [ 607.673911][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 607.679410][ T9958] __asan_memmove+0x29/0x70 [ 607.683959][ T9958] ext4_xattr_set_entry+0x94b/0x1e90 [ 607.689283][ T9958] ext4_xattr_block_set+0xae3/0x32a0 [ 607.694585][ T9958] ? ext4_destroy_inode+0x200/0x200 [ 607.699805][ T9958] ? proc_nr_inodes+0x230/0x230 [ 607.704672][ T9958] ? do_raw_spin_unlock+0x121/0x230 [ 607.709886][ T9958] ? _raw_spin_unlock+0x28/0x40 [ 607.714750][ T9958] ? ext4_xattr_block_find+0x350/0x350 [ 607.720240][ T9958] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 607.725634][ T9958] ext4_xattr_set_handle+0x10a1/0x1290 [ 607.731114][ T9958] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 607.737117][ T9958] ? __ext4_journal_start_sb+0x259/0x570 [ 607.742764][ T9958] ext4_xattr_set+0x22d/0x320 [ 607.747451][ T9958] ? end_current_label_crit_section+0x170/0x170 [ 607.753702][ T9958] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 607.759259][ T9958] ? posix_xattr_acl+0x93/0xb0 [ 607.764036][ T9958] ? evm_protect_xattr+0x36d/0x7a0 [ 607.769158][ T9958] ? ext4_xattr_trusted_get+0x40/0x40 [ 607.774543][ T9958] __vfs_setxattr+0x431/0x470 [ 607.779235][ T9958] __vfs_setxattr_noperm+0x12d/0x5e0 [ 607.784531][ T9958] vfs_setxattr+0x16c/0x2f0 [ 607.789047][ T9958] ? xattr_permission+0x470/0x470 [ 607.794079][ T9958] ? __mnt_want_write+0x223/0x2a0 [ 607.799118][ T9958] ? path_setxattr+0x314/0x550 [ 607.803894][ T9958] path_setxattr+0x362/0x550 [ 607.808531][ T9958] ? simple_xattrs_free+0x150/0x150 [ 607.813753][ T9958] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 607.819742][ T9958] ? lock_chain_count+0x20/0x20 [ 607.824596][ T9958] __x64_sys_lsetxattr+0xb8/0xd0 [ 607.829540][ T9958] do_syscall_64+0x55/0xb0 [ 607.833961][ T9958] ? clear_bhb_loop+0x40/0x90 [ 607.838665][ T9958] ? clear_bhb_loop+0x40/0x90 [ 607.843366][ T9958] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 607.849264][ T9958] RIP: 0033:0x7f476c78efc9 [ 607.853685][ T9958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.873304][ T9958] RSP: 002b:00007f476d636038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 607.881758][ T9958] RAX: ffffffffffffffda RBX: 00007f476c9e5fa0 RCX: 00007f476c78efc9 [ 607.889740][ T9958] RDX: 0000200000000500 RSI: 0000200000000180 RDI: 0000200000000540 [ 607.897717][ T9958] RBP: 00007f476c811f91 R08: 0000000000000000 R09: 0000000000000000 [ 607.905726][ T9958] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 607.913726][ T9958] R13: 00007f476c9e6038 R14: 00007f476c9e5fa0 R15: 00007ffc0bb29ec8 [ 607.921718][ T9958] [ 607.924740][ T9958] [ 607.927069][ T9958] Allocated by task 9958: [ 607.931395][ T9958] kasan_set_track+0x4e/0x70 [ 607.936008][ T9958] __kasan_kmalloc+0x8f/0xa0 [ 607.940599][ T9958] __kmalloc_node_track_caller+0xb2/0x230 [ 607.946326][ T9958] kmemdup+0x2b/0x70 [ 607.950229][ T9958] ext4_xattr_block_set+0x9e5/0x32a0 [ 607.955523][ T9958] ext4_xattr_set_handle+0x10a1/0x1290 [ 607.960992][ T9958] ext4_xattr_set+0x22d/0x320 [ 607.965677][ T9958] __vfs_setxattr+0x431/0x470 [ 607.970360][ T9958] __vfs_setxattr_noperm+0x12d/0x5e0 [ 607.975663][ T9958] vfs_setxattr+0x16c/0x2f0 [ 607.980275][ T9958] path_setxattr+0x362/0x550 [ 607.984875][ T9958] __x64_sys_lsetxattr+0xb8/0xd0 [ 607.989828][ T9958] do_syscall_64+0x55/0xb0 [ 607.994249][ T9958] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 608.000162][ T9958] [ 608.002495][ T9958] Last potentially related work creation: [ 608.008215][ T9958] kasan_save_stack+0x3e/0x60 [ 608.012922][ T9958] __kasan_record_aux_stack+0xaf/0xc0 [ 608.018308][ T9958] kvfree_call_rcu+0xee/0x780 [ 608.022995][ T9958] neigh_periodic_work+0x3f7/0xd70 [ 608.028113][ T9958] process_scheduled_works+0xa45/0x15b0 [ 608.033697][ T9958] worker_thread+0xa55/0xfc0 [ 608.038291][ T9958] kthread+0x2fa/0x390 [ 608.042359][ T9958] ret_from_fork+0x48/0x80 [ 608.046779][ T9958] ret_from_fork_asm+0x11/0x20 [ 608.051549][ T9958] [ 608.053897][ T9958] The buggy address belongs to the object at ffff88805cb06000 [ 608.053897][ T9958] which belongs to the cache kmalloc-1k of size 1024 [ 608.067953][ T9958] The buggy address is located 64 bytes inside of [ 608.067953][ T9958] 1024-byte region [ffff88805cb06000, ffff88805cb06400) [ 608.081277][ T9958] [ 608.083606][ T9958] The buggy address belongs to the physical page: [ 608.090032][ T9958] page:ffffea000172c000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5cb00 [ 608.100203][ T9958] head:ffffea000172c000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 608.109167][ T9958] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 608.117163][ T9958] page_type: 0xffffffff() [ 608.121500][ T9958] raw: 00fff00000000840 ffff888017841dc0 dead000000000100 dead000000000122 [ 608.130090][ T9958] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 608.138672][ T9958] page dumped because: kasan: bad access detected [ 608.145093][ T9958] page_owner tracks the page as allocated [ 608.150818][ T9958] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 4074, tgid 4074 (kworker/u4:10), ts 99356714127, free_ts 92616017911 [ 608.171569][ T9958] post_alloc_hook+0x1cd/0x210 [ 608.176354][ T9958] get_page_from_freelist+0x195c/0x19f0 [ 608.181932][ T9958] __alloc_pages+0x1e3/0x460 [ 608.186536][ T9958] alloc_slab_page+0x5d/0x170 [ 608.191260][ T9958] new_slab+0x87/0x2e0 [ 608.195345][ T9958] ___slab_alloc+0xc6d/0x1300 [ 608.200037][ T9958] __kmem_cache_alloc_node+0x1a2/0x260 [ 608.205510][ T9958] __kmalloc+0xa4/0x240 [ 608.209679][ T9958] ieee802_11_parse_elems_full+0xb9/0x2080 [ 608.215499][ T9958] ieee80211_inform_bss+0x107/0x1060 [ 608.220802][ T9958] rdev_inform_bss+0x106/0x410 [ 608.225574][ T9958] cfg80211_inform_bss_frame_data+0xb33/0x12b0 [ 608.231735][ T9958] ieee80211_bss_info_update+0x70b/0x930 [ 608.237368][ T9958] ieee80211_ibss_rx_queued_mgmt+0x17c9/0x2ac0 [ 608.243536][ T9958] ieee80211_iface_work+0x717/0xc70 [ 608.248743][ T9958] cfg80211_wiphy_work+0x225/0x260 [ 608.253871][ T9958] page last free stack trace: [ 608.258548][ T9958] free_unref_page_prepare+0x7ce/0x8e0 [ 608.264016][ T9958] free_unref_page_list+0xbe/0x860 [ 608.269154][ T9958] release_pages+0x1fa0/0x2220 [ 608.273967][ T9958] __folio_batch_release+0x71/0xe0 [ 608.279109][ T9958] truncate_inode_pages_range+0x358/0xf00 [ 608.284870][ T9958] f2fs_evict_inode+0x289/0x1800 [ 608.289845][ T9958] evict+0x486/0x870 [ 608.293772][ T9958] evict_inodes+0x5fe/0x690 [ 608.298306][ T9958] generic_shutdown_super+0x97/0x2b0 [ 608.303645][ T9958] kill_block_super+0x44/0x90 [ 608.308340][ T9958] kill_f2fs_super+0x30a/0x3c0 [ 608.313141][ T9958] deactivate_locked_super+0x97/0x100 [ 608.318538][ T9958] cleanup_mnt+0x429/0x4c0 [ 608.322959][ T9958] task_work_run+0x1ce/0x250 [ 608.327566][ T9958] exit_to_user_mode_loop+0xe6/0x110 [ 608.332874][ T9958] exit_to_user_mode_prepare+0xf6/0x180 [ 608.338437][ T9958] [ 608.340765][ T9958] Memory state around the buggy address: [ 608.346392][ T9958] ffff88805cb05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 608.354454][ T9958] ffff88805cb05f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 608.362512][ T9958] >ffff88805cb06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 608.370566][ T9958] ^ [ 608.376716][ T9958] ffff88805cb06080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 608.384782][ T9958] ffff88805cb06100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 608.392846][ T9958] ================================================================== [ 608.454775][ T9958] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 608.462037][ T9958] CPU: 1 PID: 9958 Comm: syz.0.1083 Not tainted syzkaller #0 [ 608.469434][ T9958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 608.479520][ T9958] Call Trace: [ 608.482837][ T9958] [ 608.485888][ T9958] dump_stack_lvl+0x16c/0x230 [ 608.490616][ T9958] ? show_regs_print_info+0x20/0x20 [ 608.495868][ T9958] ? load_image+0x3b0/0x3b0 [ 608.500421][ T9958] panic+0x2c0/0x710 [ 608.504352][ T9958] ? bpf_jit_dump+0xd0/0xd0 [ 608.508888][ T9958] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 608.514561][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 608.520074][ T9958] ? check_panic_on_warn+0x70/0xa0 [ 608.525250][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 608.530836][ T9958] check_panic_on_warn+0x84/0xa0 [ 608.535839][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 608.541336][ T9958] end_report+0x6f/0x140 [ 608.545611][ T9958] kasan_report+0x128/0x150 [ 608.550148][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 608.555649][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 608.561144][ T9958] kasan_check_range+0x288/0x290 [ 608.566105][ T9958] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 608.571597][ T9958] __asan_memmove+0x29/0x70 [ 608.576132][ T9958] ext4_xattr_set_entry+0x94b/0x1e90 [ 608.581454][ T9958] ext4_xattr_block_set+0xae3/0x32a0 [ 608.586763][ T9958] ? ext4_destroy_inode+0x200/0x200 [ 608.591980][ T9958] ? proc_nr_inodes+0x230/0x230 [ 608.596849][ T9958] ? do_raw_spin_unlock+0x121/0x230 [ 608.602071][ T9958] ? _raw_spin_unlock+0x28/0x40 [ 608.606930][ T9958] ? ext4_xattr_block_find+0x350/0x350 [ 608.612396][ T9958] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 608.617779][ T9958] ext4_xattr_set_handle+0x10a1/0x1290 [ 608.623251][ T9958] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 608.629240][ T9958] ? __ext4_journal_start_sb+0x259/0x570 [ 608.634887][ T9958] ext4_xattr_set+0x22d/0x320 [ 608.639575][ T9958] ? end_current_label_crit_section+0x170/0x170 [ 608.645837][ T9958] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 608.651439][ T9958] ? posix_xattr_acl+0x93/0xb0 [ 608.656212][ T9958] ? evm_protect_xattr+0x36d/0x7a0 [ 608.661328][ T9958] ? ext4_xattr_trusted_get+0x40/0x40 [ 608.666712][ T9958] __vfs_setxattr+0x431/0x470 [ 608.671406][ T9958] __vfs_setxattr_noperm+0x12d/0x5e0 [ 608.676694][ T9958] vfs_setxattr+0x16c/0x2f0 [ 608.681219][ T9958] ? xattr_permission+0x470/0x470 [ 608.686245][ T9958] ? __mnt_want_write+0x223/0x2a0 [ 608.691279][ T9958] ? path_setxattr+0x314/0x550 [ 608.696054][ T9958] path_setxattr+0x362/0x550 [ 608.700653][ T9958] ? simple_xattrs_free+0x150/0x150 [ 608.705872][ T9958] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 608.711877][ T9958] ? lock_chain_count+0x20/0x20 [ 608.716757][ T9958] __x64_sys_lsetxattr+0xb8/0xd0 [ 608.721724][ T9958] do_syscall_64+0x55/0xb0 [ 608.726149][ T9958] ? clear_bhb_loop+0x40/0x90 [ 608.730831][ T9958] ? clear_bhb_loop+0x40/0x90 [ 608.735521][ T9958] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 608.741426][ T9958] RIP: 0033:0x7f476c78efc9 [ 608.745860][ T9958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.765569][ T9958] RSP: 002b:00007f476d636038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 608.774015][ T9958] RAX: ffffffffffffffda RBX: 00007f476c9e5fa0 RCX: 00007f476c78efc9 [ 608.781997][ T9958] RDX: 0000200000000500 RSI: 0000200000000180 RDI: 0000200000000540 [ 608.789974][ T9958] RBP: 00007f476c811f91 R08: 0000000000000000 R09: 0000000000000000 [ 608.797956][ T9958] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 608.805958][ T9958] R13: 00007f476c9e6038 R14: 00007f476c9e5fa0 R15: 00007ffc0bb29ec8 [ 608.813959][ T9958] [ 608.817347][ T9958] Kernel Offset: disabled [ 608.821675][ T9958] Rebooting in 86400 seconds..