last executing test programs: 10m54.258944156s ago: executing program 1 (id=40): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x6, 0x0, 0x7fff0006}]}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000005c0)=[{&(0x7f00000024c0)=""/4096, 0x1000}], 0x1, 0xffffffff, 0x2) getsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000340)={@remote, @loopback, @remote}, &(0x7f00000003c0)=0xc) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) fcntl$getownex(r3, 0x10, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000500)={0x0, @in6={{0xa, 0x4e20, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}}, 0xa, 0xb130, 0x9f, 0xc, 0x0, 0x200, 0xc}, 0x9c) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff0000600054000000000080006"], 0x6c}}, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc4}, 0x0, 0x0, r7) add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) write$cgroup_int(r6, &(0x7f0000000040)=0x1c9, 0x12) 10m50.601584164s ago: executing program 1 (id=45): r0 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) keyctl$session_to_parent(0x12) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0xf, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents(r5, &(0x7f0000001040)=""/4096, 0x1000) socket$nl_xfrm(0x10, 0x3, 0x6) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x2) write$uinput_user_dev(r6, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x2, 0x1, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x7db, 0x4, 0xfffffc01, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x7, 0x7fff, 0x4000000, 0x7, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0x13, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xb, 0x4, 0x6, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x6, 0x800, 0x2, 0x8a, 0x6, 0x1, 0x6], [0xfffffed2, 0x7fffffff, 0xffff, 0x8, 0x1e62, 0x3, 0x0, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x4, 0x1000007, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x9, 0x0, 0x5, 0x4, 0x7, 0x8, 0x40, 0xc10, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x5, 0x4, 0x9, 0x5, 0x3, 0x2, 0x3, 0x0, 0x11e, 0xa4, 0x4, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x68], [0x1, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x401, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0xa, 0xa, 0x6, 0x4, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0xff, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x0, 0xb, 0x0, 0xffff, 0x7, 0x6, 0x2, 0x81, 0x8, 0x2, 0x7, 0x100, 0x8, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x407, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x80000000, 0x5, 0x3, 0x201, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17ce, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x2, 0x11b, 0x996, 0x54, 0x8c1, 0x0, 0x5, 0x4, 0x0, 0x100, 0x10000400, 0x9, 0x0, 0x3, 0xfffffffb, 0xc, 0x2]}, 0x45c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000001, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f0000000540)=0x7b1) ioctl$UI_DEV_CREATE(r6, 0x5501) 10m47.317667685s ago: executing program 1 (id=50): r0 = syz_open_procfs(0x0, &(0x7f0000000200)='gid_map\x00') syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x0, &(0x7f0000000500)={[{@inlinecrypt}, {@usrjquota}, {@errors_remount}, {@dioread_lock}, {@nodioread_nolock}, {@mblk_io_submit}, {@dax_always}, {@dax_inode}, {@nombcache}, {}], [{@audit}]}, 0x43, 0x7bb, &(0x7f0000003000)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31JruwsF72sCxsINCeemhiZMWklq1gySE2pk0ohV4KbemtveTcn5fSa38cemn/j5KQtk5o2h6Ky8iSLduSYyWWlDSfD0z0nuaN3vvOG7150YylAJ5Y4+k/mYhjEfFqEjFaez6JiP5qKhsxvVnu3vpaPl2S2Nh46pukWubu+lo+GrZJHallfh8Rn74UcSKzt97yyur8TLFYWKrlJyoLlyfKK6snLy3MzBXmCounJ6emTp3525nTDxXecGPmuy9Xj9567b9/fm/6xxd/9/4rnyUxHUdr6xrjOCzjMV7bJ/3pLtzhP4ddWc98+PwBCjUcAdlONoY2pR3TV+uVYzEaffv1z3A3WwYAdMoLEbHRSl/LNQDAYy3ZPP//q9ftAAC6pf45wN31tXx96e0nEt11+98RMTTUZE22ds1uqHoddORusuPKSBIRY4dQ/3hEvPXRs++kS3ToOiRAM9euR8SFsfG943+y556Fdv2l+dNzjZnxXSuNf9A9H6fzn783m/9ltuY/0WT+M9jkvfsg7v/+z9w8hGpaSud//2y4t+1eQ/w1Y3213K+qc77+5OKlYiEd234dEcejfzDNT+5Tx/E7P91pta5x/vft68+9ndafPm6XyNzMDu7cZnamMvMwMTe6fT3iD9lm8afj/2C1/5MW899ztfTAfer43z9efrPVujT+NN76sjf+ztq4EfGnpv2fbJVJ9r0/caJ6OEzUD4omPpiOkVb1j2e3+z9d0vrr/xfohrT/R/aPfyxpvF+zfOCX3rpb7Isbo5+0KtR4/DePv/nxP5A8XU3Xj72rM5XK0mTEQPL/vc+f2t62nq+XT+M//sfm7//6+Nfk+H8mff0LB9wR2Vtfv/vg8XdWGv9sW/3fdiKG7s33tar/YP0/tWObg4x/B23gg+43AAAAAAAAAAAAAAAAAAAAAAAAAGhHJiKORpLJbaUzmVxu8ze8fxsjmWKpXDlxsbS8OBvV38oei/5M/asuRxu+D3Wy9n349fypXfm/RsRvIuKNweFqPpcvFWd7HTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1Bxp8fv/qa8GdxXu60ULAYCOGHJiB4AnTZLN9roJAEC3DbVVerhj7QAAuqe98z8A8Evg/A8AT577nP93/xkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtOvc2bPpsvH9+lo+zc9eWVmeL105OVsoz+cWlvO5fGnpcm6uVJorFnL50kLLF7q2+VAslS5PxeLy1YlKoVyZKK+snl8oLS9Wzl9amJkrnC/0dy0yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi48srq/EyxWFiS6Eli/vPNfnhU2tNmIvlho+pRaU/XE3Fts/+6X3vS4SpiYHuUGO7N4AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwGPg5AAD//06AHk0=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) poll(0x0, 0x0, 0x5) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$search(0xa, r5, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0) r6 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r6, 0x851, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r6, 0x4008550d, 0x0) socket$nl_generic(0x10, 0x3, 0x10) readv(r0, &(0x7f0000002300)=[{&(0x7f0000001080)=""/124, 0x7c}], 0x1) pread64(r0, &(0x7f0000002240)=""/163, 0xa3, 0x1ff) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 10m42.408275786s ago: executing program 1 (id=59): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES64, @ANYRES16, @ANYRESDEC=r1, @ANYRESOCT=r0], 0x0, 0xa, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r5, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e652043617074557265272030303030303034303030"], 0xb8) dup3(0xffffffffffffffff, r0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020100000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x60, 0x16, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wlan0\x00'}]}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}], {0x14}}, 0x88}}, 0x0) r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$x25(r7, 0x0, 0x0) r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0) close(r8) bind$inet(0xffffffffffffffff, 0x0, 0x0) 10m38.950000719s ago: executing program 1 (id=63): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x20, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) bpf$ENABLE_STATS(0x20, &(0x7f0000000040), 0x4) r1 = syz_open_dev$usbfs(0x0, 0x204, 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) lseek(0xffffffffffffffff, 0x9, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @rand_addr=0x64010103}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) 10m33.05356925s ago: executing program 1 (id=69): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x2401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000080)='G', 0x1, 0x10, &(0x7f0000000140)={0xa, 0x4e23, 0x800, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000002c0)={0x0, 0x4000000}, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000180)={0x0, 0xa, 0xd, 0x2}) r3 = dup(r1) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd74) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r4, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22882, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xd) close_range(r6, 0xffffffffffffffff, 0x0) r8 = socket(0x1d, 0x4, 0x7) getsockopt$sock_buf(r8, 0x1, 0x1c, 0x0, &(0x7f0000000480)) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1c, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000040000007b01f8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001040), 0x4000000000882, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000380)=""/230, 0xe6}], 0x1, 0x4, 0x3) ioctl$BLKBSZSET(r9, 0x40041271, &(0x7f0000000300)=0x300) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x40) mkdir(&(0x7f0000000500)='./file1\x00', 0x4) 10m16.625997838s ago: executing program 32 (id=69): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x2401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000080)='G', 0x1, 0x10, &(0x7f0000000140)={0xa, 0x4e23, 0x800, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000002c0)={0x0, 0x4000000}, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000180)={0x0, 0xa, 0xd, 0x2}) r3 = dup(r1) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd74) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r4, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22882, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xd) close_range(r6, 0xffffffffffffffff, 0x0) r8 = socket(0x1d, 0x4, 0x7) getsockopt$sock_buf(r8, 0x1, 0x1c, 0x0, &(0x7f0000000480)) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1c, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000040000007b01f8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001040), 0x4000000000882, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000380)=""/230, 0xe6}], 0x1, 0x4, 0x3) ioctl$BLKBSZSET(r9, 0x40041271, &(0x7f0000000300)=0x300) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x40) mkdir(&(0x7f0000000500)='./file1\x00', 0x4) 10.894217179s ago: executing program 0 (id=1761): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x30, 0x0, 0x5f]}}, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000c00)}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) lsetxattr$security_capability(0x0, &(0x7f0000000040), &(0x7f0000000180)=@v2={0x2000000, [{0x401, 0x7}, {0x0, 0x6df6}]}, 0x14, 0x1) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) mkdir(&(0x7f0000000100)='./bus\x00', 0xe8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') r4 = creat(&(0x7f0000001200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa) r5 = fanotify_init(0xf00, 0x0) fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0) setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x1) 10.674987383s ago: executing program 2 (id=1763): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x0, 0x3a36}, 0x8) 8.692872987s ago: executing program 0 (id=1766): openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0xa0000, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4}, &(0x7f00000002c0), &(0x7f0000000300)=r5}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_setup(0x7, 0x0) r7 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) tgkill(r7, r7, 0x21) wait4(r7, 0x0, 0x40000000, 0x0) 8.475936086s ago: executing program 2 (id=1768): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$watch_queue(0x0, 0x80) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffffffd) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e26, 0x3, 'dh\x00', 0x1, 0x7, 0x4b}, 0x2c) io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x3}) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) writev(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000a40)="7bbe6e59fc0a34d28a0e1125f9ac70283915b1c616bca07d95a9fc59082e1c65a3ce432927b97afccb5064b4b6672adcccc4194398008c03b25bb54e8ed0044e742b91a32beb748f836d25467a536e9cdacae466150c0dbcf965f53de3cae0529f1289afe5534185fd9922cef8a5dce2059346651dd39a741a582a0c644aef7c85a59d390d2f2352445cc1f9a3c78ddf42776b3382c900d30d64023a2561487deeacfd3cd8c034825c4965e14ea0d5f2c930a7330c34dd55746903f3a8f95f2c7079b20820", 0xc5}], 0x1) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@broadcast, 0x4e21, 0x10000, 0xc24, 0x0, 0xfffffffb}}, 0x44) r5 = fsopen(&(0x7f00000001c0)='btrfs\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) 7.465787893s ago: executing program 2 (id=1770): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0xc0045b0f, 0x0) 7.099787452s ago: executing program 4 (id=1771): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) getxattr(&(0x7f0000000040)='./bus\x00', 0x0, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 6.202520173s ago: executing program 4 (id=1773): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) write$char_usb(r2, 0x0, 0x0) 4.457576888s ago: executing program 6 (id=1780): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c) syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[], 0x0) 4.40565378s ago: executing program 3 (id=1781): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[0x0], &(0x7f00000000c0), 0x0, 0x1, 0x0, 0x0, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x200, 0x1, &(0x7f00000002c0)=[r2], &(0x7f0000000100)=[0x7], &(0x7f0000000140)=[r3], &(0x7f0000000200)=[0x200], 0x0, 0x400000000}) 4.100173589s ago: executing program 6 (id=1783): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="54010000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0600cd00000000002f013300802009000802110000010802110000005050505050505f00ffffffffffffffff6401010101010103012c0602ff0105be"], 0x154}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 4.099890697s ago: executing program 3 (id=1784): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r3, @ANYBLOB="47000e00800000000802110000000802110000015050505050500000000000000000000064000000000602020202020204060000000000000602000025030034003c040106b80400080026006c09000008000c006400000008000d0000000000a2000f00019c"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0) 3.995919422s ago: executing program 2 (id=1785): syz_mount_image$hfs(&(0x7f0000000480), &(0x7f0000000100)='./file0\x00', 0x1210082, &(0x7f0000000080)={[{@codepage={'codepage', 0x3d, 'ascii'}}, {@creator={'creator', 0x3d, "a4b5bda4"}}, {@iocharset={'iocharset', 0x3d, 'maccyrillic'}}, {@creator={'creator', 0x3d, "e5cb853d"}}, {@uid}, {@part={'part', 0x3d, 0xe78}}, {}]}, 0x7, 0x324, &(0x7f0000000140)="$eJzs3U9r1EwcB/DvJLvd3aelT2wrBY9VwVNp60HxYpHixTfgQYq13UJprKAVtCCunkW8CYJHb55F34JexDegpx7Ek16KByPzy2STTSfZ7LY2W/b7ga67yfz5TSaTzLSsARENrStLX9+c39U/qgrABXAJcADUgQqAk5iu39/a3tj2m2t5BbmSQ/8ohDnVvjSrW01bVp1Pchie/lTBWHIb/RtBEATfuqb6eSSxUHlUOPb3cYCaGZ2yv37kkR2O9MWoFbZruCR6WO1hDw9GyoyGiIgGgLn/O+YuMWZumY4DnDXz8GN9/0dqfrNXXhwDIbz/Y1x6XK8DlD4+/8uueL0nsybd+060SrSVZT0ngvhwyyzDSXWA6raqlFicxvqG35xtSQFPcdlIJJuS1zVEDRFZ0Zr5zoxlbZojr+35RqUNVd2GhYz4J3uu8cN3vLRXt/ypQEzqo/qslpWHV1jDuNlYCZQ+OHJ8vFRPhfHPZZcorfTCVB2tjNfvJ6SSU1EPvH8bt7KRdVzrcHUsNroUlZ6/e1GcL0bQyMqFCXT+WiFs3Xx26yTXpDXXQvvzb2uuqXSuxnrVb86u3vFzf5VyaKwrOvVcXVcz+IF3WGr3vx4+rr7UZ4/MjlGuJKU5M3LbU5GUGf3YQQbw7Z5GJomr1o7O9wy3cBHj9x7ubK74fvNu+W+ioTIg8YQnojkd9Rb9byIN6vpNFcChVfonCALrrgqKZK8dMIyqNPXC67jJO5srqhV+PFgD0WoXGO1azE4MYBGA2RJdEfqp/XE7Vy0usFD2X7q3ZYv9hIyiOoITMqqqY5eLWqGR0uij0muPNlf8vq5EdMzEnY7pG2UHQ2XQ8y4Vrv8S65U5ueroFy9nNRJ0KzxR4nzGCmhCXv8rtoJrF5s5TxyN3nRZc50+B5xJ1eggqvFJuljPxIlB/Ktk73/KUEv4gpuJ+T8RERERERERERERERERERERERERER0LvX4boZ+vE3TWuDuE//EGEREREREREREREREREREREREREREREdHBJJ7/C7jyxJiR0p//6xZ4/m/0XAoi6tvfAAAA//8QG2Ax") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r2, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) 3.943147777s ago: executing program 5 (id=1786): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050"], 0x3c}, 0x1, 0x0, 0x0, 0x4804}, 0x10) 3.726887998s ago: executing program 4 (id=1787): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x336) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) close(0x3) 3.725852606s ago: executing program 6 (id=1788): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000008c}, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40088c0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000005c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff010000000000000000000000000001"], 0x90) 3.557630106s ago: executing program 3 (id=1789): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x67d2, 0xffc5, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, 0x0) 3.522526432s ago: executing program 5 (id=1790): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[], 0x0) 3.332144269s ago: executing program 6 (id=1791): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@newlink={0x4c, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x50483}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}, @IFLA_IPTUN_LINK={0x8, 0x1, r2}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x5}]}}}]}, 0x4c}}, 0x0) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty}}}], 0x20}}], 0x4000000000002b3, 0x0) 3.329020153s ago: executing program 3 (id=1792): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x30, 0x0, 0x5f]}}, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000c00)}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) lsetxattr$security_capability(0x0, &(0x7f0000000040), &(0x7f0000000180)=@v2={0x2000000, [{0x401, 0x7}, {0x0, 0x6df6}]}, 0x14, 0x1) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) mkdir(&(0x7f0000000100)='./bus\x00', 0xe8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') r4 = creat(&(0x7f0000001200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa) r5 = fanotify_init(0xf00, 0x0) fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0) setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x1) 3.141924751s ago: executing program 2 (id=1793): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r0, 0x0, 0x80}, 0x18) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 3.121093801s ago: executing program 5 (id=1794): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101840, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000006c0)={'bridge_slave_0\x00', 0x600}) 2.99948682s ago: executing program 4 (id=1795): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x2101}]}}}}}}}}, 0x0) 2.410134377s ago: executing program 0 (id=1796): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1", 0x2f}], 0x1}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) syz_emit_ethernet(0x7a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c20000d5cde086dd698b7bcc00442ffffc020000000000000000000000000000ff0200"], 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000001ff0)={0x1d, r1}, 0x10) sendmsg$can_raw(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000580)=@canfd={{0x1}, 0xf6, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0x48}, 0xee, 0x0, 0x0, 0x40041}, 0x0) 2.093873003s ago: executing program 6 (id=1797): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xb, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000000000000000000000000000085"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94) r0 = syz_io_uring_setup(0xcf, &(0x7f0000000200)={0x0, 0x0, 0x80, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_SENDMSG={0x9, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8000010, 0x1}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 2.021722481s ago: executing program 3 (id=1798): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000140)={0x7f, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000180)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0xb, r2, 0x0, r4}) 1.844035199s ago: executing program 0 (id=1799): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$watch_queue(0x0, 0x80) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffffffd) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e26, 0x3, 'dh\x00', 0x1, 0x7, 0x4b}, 0x2c) io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x3}) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) writev(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000a40)="7bbe6e59fc0a34d28a0e1125f9ac70283915b1c616bca07d95a9fc59082e1c65a3ce432927b97afccb5064b4b6672adcccc4194398008c03b25bb54e8ed0044e742b91a32beb748f836d25467a536e9cdacae466150c0dbcf965f53de3cae0529f1289afe5534185fd9922cef8a5dce2059346651dd39a741a582a0c644aef7c85a59d390d2f2352445cc1f9a3c78ddf42776b3382c900d30d64023a2561487deeacfd3cd8c034825c4965e14ea0d5f2c930a7330c34dd55746903f3a8f95f2c7079b20820", 0xc5}], 0x1) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@broadcast, 0x4e21, 0x10000, 0xc24, 0x0, 0xfffffffb}}, 0x44) r5 = fsopen(&(0x7f00000001c0)='btrfs\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) 1.829862063s ago: executing program 5 (id=1800): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000014c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) socketpair(0x2, 0x1, 0x6, &(0x7f0000000440)) 1.768636007s ago: executing program 4 (id=1801): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15) r2 = dup(0xffffffffffffffff) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB], 0xb0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000}) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX, @ANYBLOB=',wfdno=']) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) syz_open_procfs(0x0, 0x0) setresuid(0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x80}}, 0x0) 1.663037162s ago: executing program 6 (id=1802): openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0xa0000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4}, &(0x7f00000002c0), &(0x7f0000000300)=r5}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_setup(0x7, 0x0) r7 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) tgkill(r7, r7, 0x21) wait4(r7, 0x0, 0x40000000, 0x0) 805.784635ms ago: executing program 3 (id=1803): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000f80)=ANY=[@ANYBLOB="00301c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000c80)={0x44, &(0x7f0000000a40)={0x0, 0x10, 0x28, "e84d1e75ef11c03105207b174ead1ee50c5bde33e8a6a80fa6290ed6099b215461035b0367072d1c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000a80)={0x44, &(0x7f0000000840)={0x20, 0x16, 0x48, "0303a02b86a9ab184d7bf52f71b9809cb85d4eef20338e0fdb0f027c701254bd31b416c2601bb82e4ee7a2cdc59ccd80446ec56320ad5542758c267ff94ea2ff5b8c66a39715d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 804.881348ms ago: executing program 0 (id=1804): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$inet(0x2, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) sendfile(r0, r0, 0x0, 0x40008) 750.170795ms ago: executing program 5 (id=1805): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080)) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@random="99177fa54f29", @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0) 726.226449ms ago: executing program 2 (id=1806): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r1) close_range(r0, 0xffffffffffffffff, 0x0) 375.330667ms ago: executing program 4 (id=1807): bind$inet(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r0) 289.936058ms ago: executing program 5 (id=1808): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0) close_range(r0, 0xffffffffffffffff, 0x200000000000000) 0s ago: executing program 0 (id=1809): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x1c) sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1}}], 0x1, 0x408b1) kernel console output (not intermixed with test programs): se run fsck. [ 518.573548][ T9204] EXT4-fs: inline encryption not supported [ 518.588619][ T9208] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 518.602427][ T9204] EXT4-fs: Ignoring removed mblk_io_submit option [ 518.609031][ T9204] ext4: Unknown parameter 'audit' [ 518.657609][ T9208] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 518.869581][ T9215] netlink: 20 bytes leftover after parsing attributes in process `syz.4.895'. [ 519.509925][ T9219] overlayfs: missing 'lowerdir' [ 521.094816][ T9226] loop5: detected capacity change from 0 to 256 [ 521.179114][ T9226] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 521.398019][ T9234] loop6: detected capacity change from 0 to 128 [ 521.491255][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 521.554371][ T9234] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256 [ 521.746430][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 521.819273][ T10] usb 5-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 521.905248][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.033822][ T10] usb 5-1: config 0 descriptor?? [ 522.580437][ T10] semitek 0003:1EA7:0907.0007: hidraw0: USB HID v0.00 Device [HID 1ea7:0907] on usb-dummy_hcd.4-1/input0 [ 522.730035][ T9253] netlink: 4 bytes leftover after parsing attributes in process `syz.5.906'. [ 522.880979][ T8879] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 523.485500][ T10] usb 5-1: USB disconnect, device number 9 [ 523.582422][ T9254] fido_id[9254]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 523.615023][ T8879] usb 1-1: Using ep0 maxpacket: 16 [ 523.655128][ T8879] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 523.689007][ T8879] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 523.726458][ T8879] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 523.774001][ T8879] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 523.802346][ T8879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.351916][ T8879] usb 1-1: Product: syz [ 524.356186][ T8879] usb 1-1: Manufacturer: syz [ 524.362207][ T8879] usb 1-1: SerialNumber: syz [ 525.848875][ T8879] usb 1-1: 0:2 : does not exist [ 526.348531][ T9282] loop6: detected capacity change from 0 to 2048 [ 526.561514][ T8879] usb 1-1: 1:0: cannot get min/max values for control 2 (id 1) [ 526.595083][ T9282] EXT4-fs: inline encryption not supported [ 526.691715][ T9282] EXT4-fs: Ignoring removed mblk_io_submit option [ 526.698288][ T9282] ext4: Unknown parameter 'audit' [ 526.837592][ T8879] usb 1-1: USB disconnect, device number 5 [ 529.841903][ T9311] loop3: detected capacity change from 0 to 2048 [ 529.982935][ T9311] EXT4-fs: inline encryption not supported [ 529.988905][ T9311] EXT4-fs: Ignoring removed mblk_io_submit option [ 530.101828][ T9311] ext4: Unknown parameter 'audit' [ 532.681038][ T9327] netlink: 28 bytes leftover after parsing attributes in process `syz.4.931'. [ 535.371391][ T9345] overlayfs: missing 'lowerdir' [ 536.558423][ T9352] overlayfs: missing 'lowerdir' [ 537.380908][ T971] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 537.558443][ T971] usb 3-1: Using ep0 maxpacket: 32 [ 538.410670][ T971] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 538.484405][ T971] usb 3-1: config 0 has no interface number 0 [ 538.526217][ T9363] loop4: detected capacity change from 0 to 512 [ 538.552000][ T971] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 538.607295][ T9363] EXT4-fs (loop4): Test dummy encryption mode enabled [ 538.623134][ T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.666471][ T9363] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 538.693242][ T971] usb 3-1: Product: syz [ 538.709678][ T971] usb 3-1: Manufacturer: syz [ 538.747187][ T971] usb 3-1: SerialNumber: syz [ 538.796251][ T9363] EXT4-fs error (device loop4): ext4_free_branches:1020: inode #11: comm syz.4.943: invalid indirect mapped block 117440512 (level 2) [ 538.840753][ T971] usb 3-1: config 0 descriptor?? [ 538.873024][ T9363] EXT4-fs (loop4): 1 truncate cleaned up [ 538.880401][ T971] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 538.906473][ T9363] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 539.589457][ T9363] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 539.783903][ T9363] EXT4-fs error (device loop4): htree_dirblock_to_tree:1077: inode #2: block 13: comm syz.4.943: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 539.804198][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.023798][ T971] usb 3-1: qt2_attach - failed to power on unit: -71 [ 540.030920][ T971] quatech2 3-1:0.51: probe with driver quatech2 failed with error -71 [ 540.049285][ T971] usb 3-1: USB disconnect, device number 10 [ 541.136583][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 541.577097][ T9385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.951'. [ 542.219635][ T9406] overlayfs: missing 'lowerdir' [ 543.165286][ T9408] netlink: 4 bytes leftover after parsing attributes in process `syz.5.957'. [ 544.073687][ T8879] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 545.165944][ T8879] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 545.372724][ T8879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.381441][ T9424] loop5: detected capacity change from 0 to 2048 [ 545.464977][ T9424] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051 [ 545.480986][ T8879] usb 4-1: Product: syz [ 545.485200][ T8879] usb 4-1: Manufacturer: syz [ 545.571569][ T8879] usb 4-1: SerialNumber: syz [ 545.615997][ T8879] usb 4-1: config 0 descriptor?? [ 545.632923][ T9424] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 545.945917][ T9433] loop2: detected capacity change from 0 to 256 [ 545.993328][ T9435] loop6: detected capacity change from 0 to 16 [ 546.078443][ T9435] erofs (device loop6): mounted with root inode @ nid 36. [ 546.097708][ T9433] exfat: Deprecated parameter 'utf8' [ 546.199960][ T9433] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 546.344271][ T8879] usb 4-1: Firmware: major: 108, minor: 98, hardware type: RZUSB (3) [ 546.553024][ T8879] usb 4-1: failed to fetch extended address, random address set [ 546.597124][ T9442] Driver unsupported XDP return value 0 on prog (id 133) dev N/A, expect packet loss! [ 546.743665][ T8879] usb 4-1: USB disconnect, device number 7 [ 546.790675][ T9447] loop5: detected capacity change from 0 to 2048 [ 547.243231][ T9455] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 547.460815][ T9459] overlayfs: missing 'lowerdir' [ 549.205964][ T30] audit: type=1800 audit(1748968668.096:21): pid=9447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.969" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 549.437642][ T9464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.975'. [ 553.799170][ T9492] loop6: detected capacity change from 0 to 65536 [ 554.087445][ T9492] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 554.151685][ T9492] XFS (loop6): Ending clean mount [ 554.180020][ T9492] XFS (loop6): Quotacheck needed: Please wait. [ 554.297383][ T5925] XFS (loop6): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 [ 554.337146][ T5925] XFS (loop6): Unmount and run xfs_repair [ 554.369586][ T5925] XFS (loop6): First 128 bytes of corrupted metadata buffer: [ 554.403896][ T5925] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 554.461589][ T5925] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 554.478135][ T9515] loop5: detected capacity change from 0 to 128 [ 554.487040][ T5925] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 554.506554][ T9515] EXT4-fs: Ignoring removed bh option [ 554.510884][ T5925] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 554.531665][ T9515] EXT4-fs: Ignoring removed nobh option [ 554.567097][ T5925] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 554.600459][ T5925] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 554.620613][ T5925] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 554.635196][ T5925] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 554.644903][ T5925] XFS (loop6): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74 [ 554.667219][ T9492] XFS (loop6): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 554.684768][ T9515] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 554.708059][ T9492] XFS (loop6): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 [ 554.719050][ T9492] XFS (loop6): Unmount and run xfs_repair [ 554.724207][ T9515] ext4 filesystem being mounted at /191/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 554.724854][ T9492] XFS (loop6): First 128 bytes of corrupted metadata buffer: [ 554.756634][ C1] vkms_vblank_simulate: vblank timer overrun [ 554.773965][ T9492] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 554.782916][ T9492] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 554.791848][ T9492] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 554.801564][ T9492] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 554.810414][ T9521] Cannot find add_set index 1 as target [ 554.816467][ T9492] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 554.829974][ T9492] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 554.838989][ T9492] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 554.847910][ T9492] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 554.856854][ T9492] XFS (loop6): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74 [ 554.916177][ T9492] XFS (loop6): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 554.931167][ T9492] XFS (loop6): Please unmount the filesystem and rectify the problem(s) [ 555.022981][ T9515] fscrypt (loop5, inode 12): Unsupported log2_data_unit_size in encryption policy: 227 [ 555.122655][ T7292] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 555.283895][ T9524] loop4: detected capacity change from 0 to 2048 [ 555.953415][ T5841] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 556.359329][ T5834] Alternate GPT is invalid, using primary GPT. [ 556.381057][ T5834] loop4: p2 p3 p7 [ 556.864150][ T9542] loop5: detected capacity change from 0 to 1024 [ 556.975227][ T9542] EXT4-fs: Ignoring removed i_version option [ 557.045571][ T9542] EXT4-fs: Ignoring removed nobh option [ 557.342054][ T9542] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 557.519656][ T9542] EXT4-fs (loop5): shut down requested (1) [ 557.609761][ T8218] udevd[8218]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 557.624226][ T5854] udevd[5854]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 557.640221][ T5834] udevd[5834]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 557.671131][ T8879] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 557.726848][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.761147][ T5903] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 557.832770][ T8879] usb 4-1: Using ep0 maxpacket: 16 [ 557.855578][ T8879] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 557.878709][ T8879] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 557.919037][ T8879] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 557.943342][ T5903] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 557.960186][ T5903] usb 1-1: config 0 has no interface number 0 [ 557.981034][ T5903] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 557.992075][ T8879] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 557.992121][ T8879] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 557.992164][ T8879] usb 4-1: config 1 interface 0 has no altsetting 0 [ 557.992217][ T8879] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 558.076618][ T5903] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 558.102900][ T9560] loop4: detected capacity change from 0 to 2048 [ 558.119573][ T8879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.120952][ T5903] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 558.168977][ T8879] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 558.190896][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.201759][ T9560] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 558.220962][ T9560] UDF-fs: Scanning with blocksize 512 failed [ 558.247813][ T5903] usb 1-1: config 0 descriptor?? [ 558.257821][ T9554] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 558.278709][ T5903] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 558.311158][ T9560] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 558.475853][ T8879] ums-sddr09 4-1:1.0: probe with driver ums-sddr09 failed with error -22 [ 558.555604][ T8879] usb 4-1: USB disconnect, device number 8 [ 558.631618][ T5903] usb 1-1: USB disconnect, device number 6 [ 558.631689][ C0] iowarrior 1-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 560.363547][ T9579] loop5: detected capacity change from 0 to 2048 [ 560.534360][ T9579] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 560.645685][ T9589] loop3: detected capacity change from 0 to 1024 [ 560.812820][ T43] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 560.885375][ T9591] netlink: 'syz.0.1015': attribute type 4 has an invalid length. [ 561.029901][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 561.066326][ T43] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 561.117072][ T43] usb 5-1: config 0 has no interface number 0 [ 561.125624][ T13] hfsplus: b-tree write err: -5, ino 4 [ 561.157579][ T43] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 561.174428][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.205260][ T43] usb 5-1: Product: syz [ 561.231395][ T43] usb 5-1: Manufacturer: syz [ 561.236091][ T43] usb 5-1: SerialNumber: syz [ 561.353655][ T43] usb 5-1: config 0 descriptor?? [ 561.527388][ T9599] dummy0: entered promiscuous mode [ 561.739230][ T9600] loop2: detected capacity change from 0 to 2048 [ 561.830945][ T971] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 561.968259][ T9600] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 562.025249][ T43] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 562.041004][ T971] usb 4-1: Using ep0 maxpacket: 16 [ 562.046731][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - change_port message too short [ 562.072484][ T971] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 562.102432][ T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 562.111765][ T43] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 562.147160][ T971] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 562.181847][ T971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.189920][ T971] usb 4-1: Product: syz [ 562.211503][ T43] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 562.258441][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 562.275507][ T971] usb 4-1: Manufacturer: syz [ 562.281552][ T43] usb 5-1: USB disconnect, device number 10 [ 562.314222][ T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 562.319430][ T971] usb 4-1: SerialNumber: syz [ 562.937234][ T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 563.002297][ T5837] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 563.065492][ T43] quatech2 5-1:0.51: device disconnected [ 563.089400][ T9614] loop6: detected capacity change from 0 to 2048 [ 563.189462][ T9614] EXT4-fs: inline encryption not supported [ 563.229718][ T9614] EXT4-fs: Ignoring removed mblk_io_submit option [ 563.285092][ T9614] ext4: Unknown parameter 'audit' [ 563.330035][ T971] usb 4-1: config 0 descriptor?? [ 563.345856][ T971] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 563.757746][ T9619] loop0: detected capacity change from 0 to 256 [ 563.932412][ T971] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 564.255714][ T9625] loop4: detected capacity change from 0 to 128 [ 564.271262][ T1221] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 564.322185][ T9625] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 564.360133][ T971] em28xx 4-1:0.0: chip ID is em2874 [ 564.463553][ T9625] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 564.489330][ T1221] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 564.502681][ T1221] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.523139][ T1221] usb 3-1: Product: syz [ 564.529609][ T1221] usb 3-1: Manufacturer: syz [ 564.537338][ T1221] usb 3-1: SerialNumber: syz [ 564.573196][ T5903] usb 4-1: USB disconnect, device number 9 [ 564.635652][ T1221] usb 3-1: config 0 descriptor?? [ 564.663328][ T5903] em28xx 4-1:0.0: Disconnecting em28xx [ 564.820044][ T5903] em28xx 4-1:0.0: Freeing device [ 565.182082][ T1221] usb 3-1: Firmware: major: 108, minor: 98, hardware type: RZUSB (3) [ 565.398509][ T1221] usb 3-1: failed to fetch extended address, random address set [ 566.273828][ T1221] usb 3-1: USB disconnect, device number 11 [ 566.845026][ T9648] loop0: detected capacity change from 0 to 256 [ 566.989658][ T9648] exfat: Deprecated parameter 'namecase' [ 567.687231][ T9648] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e008e1, utbl_chksum : 0xe619d30d) [ 568.060301][ T9657] loop3: detected capacity change from 0 to 4096 [ 568.651171][ T5896] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 568.908714][ T5896] usb 7-1: Using ep0 maxpacket: 32 [ 568.983261][ T5896] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 569.073856][ T5896] usb 7-1: config 0 has no interface number 0 [ 569.116756][ T5896] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 569.151286][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.159372][ T5896] usb 7-1: Product: syz [ 569.160540][ T9670] loop4: detected capacity change from 0 to 2048 [ 569.229249][ T5896] usb 7-1: Manufacturer: syz [ 569.255842][ T5896] usb 7-1: SerialNumber: syz [ 569.291965][ T5896] usb 7-1: config 0 descriptor?? [ 569.338437][ T9670] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 569.407144][ T9670] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 569.434360][ T5896] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 569.529036][ T9670] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28 [ 569.637096][ T5896] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 569.656885][ T9670] EXT4-fs (loop4): This should not happen!! Data will be lost [ 569.656885][ T9670] [ 569.686994][ T9670] EXT4-fs (loop4): Total free blocks count 0 [ 569.715008][ T5896] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 569.739851][ T9670] EXT4-fs (loop4): Free/Dirty block details [ 569.759321][ T9670] EXT4-fs (loop4): free_blocks=2415919104 [ 569.792216][ T9670] EXT4-fs (loop4): dirty_blocks=32 [ 569.797401][ T9670] EXT4-fs (loop4): Block reservation details [ 569.851173][ T9670] EXT4-fs (loop4): i_reserved_data_blocks=2 [ 569.939753][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - change_port message too short [ 569.970021][ T9682] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1045'. [ 570.038217][ T5949] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 570.147943][ C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 570.148418][ T5900] usb 7-1: USB disconnect, device number 6 [ 570.237486][ T5900] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 570.318244][ T5900] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 570.342875][ T5900] quatech2 7-1:0.51: device disconnected [ 571.542776][ T9694] loop4: detected capacity change from 0 to 524255232 [ 571.630416][ T9695] loop6: detected capacity change from 0 to 2048 [ 571.723196][ T9695] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 571.938306][ T9702] netlink: 'syz.2.1052': attribute type 3 has an invalid length. [ 571.995963][ T9702] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 572.422824][ T9678] loop0: detected capacity change from 0 to 32768 [ 572.649681][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 572.668194][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.122518][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 573.965161][ T9717] loop2: detected capacity change from 0 to 1024 [ 575.351091][ T9735] loop5: detected capacity change from 0 to 256 [ 576.083316][ T9735] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 576.360210][ T9735] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 576.814145][ T30] audit: type=1800 audit(1748968695.716:22): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1063" name="file2" dev="loop5" ino=1048653 res=0 errno=0 [ 576.834954][ C1] vkms_vblank_simulate: vblank timer overrun [ 578.034149][ T9764] overlayfs: missing 'lowerdir' [ 579.969613][ T9785] loop5: detected capacity change from 0 to 1024 [ 580.831328][ T9791] overlayfs: missing 'lowerdir' [ 585.011504][ T9806] loop0: detected capacity change from 0 to 2048 [ 585.032239][ T9806] EXT4-fs: inline encryption not supported [ 585.097229][ T9806] EXT4-fs: Ignoring removed mblk_io_submit option [ 585.112224][ T9806] ext4: Unknown parameter 'audit' [ 585.811205][ T1221] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 585.905621][ T9822] loop0: detected capacity change from 0 to 512 [ 585.966007][ T9822] EXT4-fs (loop0): Test dummy encryption mode enabled [ 585.991320][ T1221] usb 5-1: Using ep0 maxpacket: 16 [ 586.030297][ T1221] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 586.055130][ T1221] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.081262][ T9822] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.125095][ T1221] usb 5-1: Product: syz [ 586.139678][ T1221] usb 5-1: Manufacturer: syz [ 586.161156][ T1221] usb 5-1: SerialNumber: syz [ 586.191907][ T1221] usb 5-1: config 0 descriptor?? [ 586.259023][ T1221] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 586.450197][ T9825] overlayfs: missing 'lowerdir' [ 586.796354][ T1221] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110 [ 586.828860][ T9822] EXT4-fs error (device loop0): ext4_free_branches:1020: inode #11: comm syz.0.1085: invalid indirect mapped block 117440512 (level 2) [ 586.941183][ T9822] EXT4-fs (loop0): 1 truncate cleaned up [ 586.948476][ T9822] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 587.296626][ T9822] EXT4-fs error (device loop0): htree_dirblock_to_tree:1077: inode #2: block 13: comm syz.0.1085: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 587.316610][ C1] vkms_vblank_simulate: vblank timer overrun [ 587.583174][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 588.643610][ T9843] loop2: detected capacity change from 0 to 2048 [ 588.720243][ T9843] EXT4-fs: inline encryption not supported [ 588.734472][ T5896] usb 5-1: USB disconnect, device number 11 [ 588.754270][ T9843] EXT4-fs: Ignoring removed mblk_io_submit option [ 588.811767][ T9843] ext4: Unknown parameter 'audit' [ 588.873079][ T9848] loop0: detected capacity change from 0 to 2048 [ 588.880584][ T9848] EXT4-fs: inline encryption not supported [ 588.980984][ T9848] EXT4-fs: Ignoring removed mblk_io_submit option [ 589.048526][ T9848] ext4: Unknown parameter 'audit' [ 591.380855][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 591.651065][ T24] usb 3-1: config 0 has an invalid interface number: 148 but max is 0 [ 591.709193][ T24] usb 3-1: config 0 has no interface number 0 [ 591.761212][ T24] usb 3-1: config 0 interface 148 has no altsetting 0 [ 591.771475][ T9872] loop4: detected capacity change from 0 to 2048 [ 591.845087][ T9872] EXT4-fs: inline encryption not supported [ 591.881363][ T24] usb 3-1: New USB device found, idVendor=0403, idProduct=f06a, bcdDevice=12.d9 [ 591.899883][ T9883] netlink: 'syz.3.1101': attribute type 10 has an invalid length. [ 591.938279][ T9872] EXT4-fs: Ignoring removed mblk_io_submit option [ 591.961487][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.021789][ T9872] ext4: Unknown parameter 'audit' [ 592.074779][ T24] usb 3-1: Product: syz [ 592.094454][ T24] usb 3-1: Manufacturer: syz [ 592.130948][ T24] usb 3-1: SerialNumber: syz [ 592.631049][ T24] usb 3-1: config 0 descriptor?? [ 592.737425][ T9883] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 592.929341][ T24] ftdi_sio 3-1:0.148: FTDI USB Serial Device converter detected [ 592.962267][ T24] ftdi_sio ttyUSB0: unknown device type: 0x12d9 [ 592.981106][ T43] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 593.011767][ T24] usb 3-1: USB disconnect, device number 12 [ 593.227761][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 593.434860][ T24] ftdi_sio 3-1:0.148: device disconnected [ 593.500517][ T43] usb 1-1: config 0 has no interfaces? [ 593.697487][ T43] usb 1-1: config 0 has no interfaces? [ 593.879287][ T43] usb 1-1: config 0 has no interfaces? [ 594.019274][ T43] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 594.040510][ T9900] loop3: detected capacity change from 0 to 2048 [ 594.050865][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.058910][ T43] usb 1-1: Product: syz [ 594.084904][ T9900] EXT4-fs: inline encryption not supported [ 594.128726][ T9900] EXT4-fs: Ignoring removed mblk_io_submit option [ 594.138626][ T43] usb 1-1: Manufacturer: syz [ 594.160257][ T43] usb 1-1: SerialNumber: syz [ 594.165150][ T9900] ext4: Unknown parameter 'audit' [ 594.457138][ T43] usb 1-1: config 0 descriptor?? [ 594.815749][ T9908] loop6: detected capacity change from 0 to 1024 [ 594.889099][ T43] usb 1-1: USB disconnect, device number 7 [ 595.074738][ T9908] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 596.396204][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 596.591235][ T43] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 596.643499][ T9927] veth1_macvtap: left promiscuous mode [ 596.820904][ T43] usb 6-1: Using ep0 maxpacket: 8 [ 596.847906][ T43] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 597.208492][ T9930] loop0: detected capacity change from 0 to 2048 [ 597.450307][ T43] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 597.466520][ T43] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 597.477597][ T43] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 597.495011][ T43] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 597.498429][ T9930] EXT4-fs: inline encryption not supported [ 597.515758][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.591031][ T9930] EXT4-fs: Ignoring removed mblk_io_submit option [ 597.602302][ T9930] ext4: Unknown parameter 'audit' [ 597.851412][ T9936] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1118'. [ 598.005743][ T43] usb 6-1: GET_CAPABILITIES returned 0 [ 598.157616][ T43] usbtmc 6-1:16.0: can't read capabilities [ 598.277195][ T43] usb 6-1: USB disconnect, device number 6 [ 598.962297][ T9946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1120'. [ 604.050109][ T9978] loop2: detected capacity change from 0 to 8192 [ 608.163735][T10021] overlayfs: missing 'lowerdir' [ 610.615265][T10036] netlink: 27 bytes leftover after parsing attributes in process `syz.4.1149'. [ 610.718181][T10038] loop3: detected capacity change from 0 to 1024 [ 610.727319][T10030] loop6: detected capacity change from 0 to 2048 [ 610.757759][T10030] EXT4-fs: inline encryption not supported [ 610.817540][T10030] EXT4-fs: Ignoring removed mblk_io_submit option [ 610.844737][T10030] ext4: Unknown parameter 'audit' [ 611.155554][T10041] overlayfs: missing 'lowerdir' [ 611.351441][ T5903] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 611.991994][T10038] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 613.183113][T10048] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 613.435117][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.500288][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.607901][ T5903] usb 1-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 613.661087][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.648752][T10067] overlayfs: missing 'lowerdir' [ 614.682418][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.928242][T10069] bond0: entered promiscuous mode [ 615.582590][ T5903] usb 1-1: config 0 descriptor?? [ 615.589050][ T5903] usb 1-1: can't set config #0, error -71 [ 615.597504][ T5903] usb 1-1: USB disconnect, device number 8 [ 615.723354][T10069] bond_slave_0: entered promiscuous mode [ 615.729331][T10069] bond_slave_1: entered promiscuous mode [ 615.737787][T10069] batadv0: entered promiscuous mode [ 615.951883][T10069] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 615.970887][T10076] ALSA: mixer_oss: invalid OSS volume '' [ 616.471176][T10069] bond0: left promiscuous mode [ 616.476018][T10069] bond_slave_0: left promiscuous mode [ 616.529707][T10069] bond_slave_1: left promiscuous mode [ 616.632907][T10086] overlayfs: missing 'lowerdir' [ 616.977167][T10088] syz.5.1163 uses obsolete (PF_INET,SOCK_PACKET) [ 617.481344][T10069] batadv0: left promiscuous mode [ 617.676117][T10091] ALSA: mixer_oss: invalid OSS volume '' [ 619.157601][T10102] loop0: detected capacity change from 0 to 2048 [ 619.232981][T10102] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 620.246373][T10112] overlayfs: missing 'lowerdir' [ 623.233475][T10135] overlayfs: missing 'lowerdir' [ 624.119447][T10140] ALSA: mixer_oss: invalid OSS volume '' [ 627.917137][ T5900] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 627.970489][T10174] loop4: detected capacity change from 0 to 2048 [ 628.187081][T10174] EXT4-fs: inline encryption not supported [ 628.307459][T10174] EXT4-fs: Ignoring removed mblk_io_submit option [ 628.468499][T10174] ext4: Unknown parameter 'audit' [ 628.630814][ T5900] usb 4-1: Using ep0 maxpacket: 8 [ 628.860966][ T5900] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 629.005515][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 629.015490][ T5900] usb 4-1: Product: syz [ 629.019702][ T5900] usb 4-1: Manufacturer: syz [ 629.024941][ T5900] usb 4-1: SerialNumber: syz [ 629.033549][ T5900] usb 4-1: config 0 descriptor?? [ 629.413064][T10189] ALSA: mixer_oss: invalid OSS volume '' [ 629.511257][ T5900] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 630.697801][ T5900] gspca_sunplus: reg_w_riv err -71 [ 630.706671][ T5900] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 630.756283][ T5900] usb 4-1: USB disconnect, device number 10 [ 631.171046][T10199] syzkaller1: entered promiscuous mode [ 631.210929][T10199] syzkaller1: entered allmulticast mode [ 631.758535][T10209] loop6: detected capacity change from 0 to 1024 [ 631.829269][T10209] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 631.920708][T10209] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 632.458088][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 632.868976][T10225] loop0: detected capacity change from 0 to 2048 [ 632.951116][T10225] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 632.971618][T10229] loop4: detected capacity change from 0 to 2048 [ 632.980982][T10225] UDF-fs: Scanning with blocksize 512 failed [ 633.046579][T10229] EXT4-fs: inline encryption not supported [ 633.120246][T10229] EXT4-fs: Ignoring removed mblk_io_submit option [ 633.209249][T10229] ext4: Unknown parameter 'audit' [ 633.906941][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 633.914506][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.287747][T10225] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 634.320965][T10236] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1208'. [ 634.449302][T10236] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.458498][T10236] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.467339][T10236] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.476293][T10236] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.675517][T10236] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.685226][T10236] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.694208][T10236] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.703537][T10236] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.797351][T10238] netlink: 'syz.4.1209': attribute type 1 has an invalid length. [ 635.149009][T10242] ALSA: mixer_oss: invalid OSS volume '' [ 636.655188][T10251] loop5: detected capacity change from 0 to 4096 [ 637.963204][T10251] NILFS (loop5): invalid segment: Checksum error in segment payload [ 638.017827][T10251] NILFS (loop5): trying rollback from an earlier position [ 639.282555][T10251] NILFS (loop5): recovery complete [ 639.326541][T10251] NILFS (loop5): error -4 creating segctord thread [ 639.938168][T10276] loop6: detected capacity change from 0 to 2048 [ 640.099951][T10276] EXT4-fs: inline encryption not supported [ 640.121682][T10284] netlink: 'syz.5.1224': attribute type 12 has an invalid length. [ 640.181150][T10276] EXT4-fs: Ignoring removed mblk_io_submit option [ 640.199952][T10276] ext4: Unknown parameter 'audit' [ 640.210013][T10284] netlink: 'syz.5.1224': attribute type 29 has an invalid length. [ 640.492868][T10288] overlayfs: missing 'lowerdir' [ 640.522058][T10284] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1224'. [ 640.531354][T10284] netlink: 'syz.5.1224': attribute type 1 has an invalid length. [ 640.539205][T10284] netlink: 'syz.5.1224': attribute type 2 has an invalid length. [ 640.993836][T10284] netlink: 39 bytes leftover after parsing attributes in process `syz.5.1224'. [ 641.522796][T10299] loop2: detected capacity change from 0 to 7 [ 641.543539][T10299] Dev loop2: unable to read RDB block 7 [ 641.549194][T10299] loop2: unable to read partition table [ 641.590667][T10299] loop2: partition table beyond EOD, truncated [ 641.636185][T10299] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 643.408641][T10309] loop3: detected capacity change from 0 to 512 [ 643.570840][T10309] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 643.811529][T10309] EXT4-fs (loop3): 1 truncate cleaned up [ 643.824593][T10316] loop5: detected capacity change from 0 to 2048 [ 643.844365][T10309] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 643.898613][T10316] EXT4-fs: inline encryption not supported [ 643.993148][T10316] EXT4-fs: Ignoring removed mblk_io_submit option [ 643.999764][T10316] ext4: Unknown parameter 'audit' [ 644.127053][T10309] syz.3.1233 (pid 10309) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 645.568988][T10331] loop0: detected capacity change from 0 to 512 [ 645.628386][T10331] EXT4-fs: inline encryption not supported [ 645.679938][T10331] EXT4-fs: Ignoring removed oldalloc option [ 645.802930][T10331] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 645.837803][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 645.893001][T10331] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 645.971470][T10331] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a846c01c, mo2=0002] [ 646.059509][T10331] System zones: 0-2, 18-18, 34-34 [ 646.093145][T10331] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 646.161449][T10331] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.1238: iget: bad i_size value: 360287970189639680 [ 646.245198][T10331] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.1238: couldn't read orphan inode 15 (err -117) [ 646.323534][T10331] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 646.947186][T10335] loop5: detected capacity change from 0 to 131072 [ 646.996755][T10335] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0) [ 647.007032][T10335] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 647.030867][T10335] F2FS-fs (loop5): invalid crc value [ 647.169829][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 647.181544][T10335] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 647.188849][T10335] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 647.387911][T10346] loop2: detected capacity change from 0 to 2048 [ 647.422076][T10346] EXT4-fs: inline encryption not supported [ 647.466078][T10346] EXT4-fs: Ignoring removed mblk_io_submit option [ 647.510895][T10346] ext4: Unknown parameter 'audit' [ 647.570610][T10342] loop3: detected capacity change from 0 to 8192 [ 648.609374][T10348] ALSA: mixer_oss: invalid OSS volume '' [ 649.013383][T10354] loop2: detected capacity change from 0 to 1024 [ 649.044876][T10342] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 649.121716][T10342] FAT-fs (loop3): Filesystem has been set read-only [ 649.227284][T10354] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 649.350984][T10354] ext4 filesystem being mounted at /200/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 649.404236][T10361] loop4: detected capacity change from 0 to 128 [ 649.477066][T10361] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 649.700136][T10361] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 649.747944][ T5837] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 650.711861][T10373] loop3: detected capacity change from 0 to 1024 [ 650.848036][T10373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 650.888084][T10373] ext4 filesystem being mounted at /204/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 650.936962][T10373] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.1250: lblock 3 mapped to illegal pblock 3 (length 1) [ 651.025677][T10380] loop6: detected capacity change from 0 to 2048 [ 651.033092][T10373] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 651.083543][T10373] EXT4-fs (loop3): This should not happen!! Data will be lost [ 651.083543][T10373] [ 651.089919][T10380] EXT4-fs: inline encryption not supported [ 651.131666][T10384] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 4: comm syz.3.1250: lblock 4 mapped to illegal pblock 4 (length 4) [ 651.146107][T10380] EXT4-fs: Ignoring removed mblk_io_submit option [ 651.170916][T10380] ext4: Unknown parameter 'audit' [ 651.273760][T10384] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 4 with error 117 [ 651.452114][T10384] EXT4-fs (loop3): This should not happen!! Data will be lost [ 651.452114][T10384] [ 652.333429][T10394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1256'. [ 652.343411][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 652.961085][T10401] overlayfs: missing 'lowerdir' [ 654.861747][T10435] overlayfs: missing 'lowerdir' [ 655.770983][ T43] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 656.331092][ T43] usb 5-1: Using ep0 maxpacket: 8 [ 656.338513][ T43] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 656.393237][ T43] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 656.435917][T10443] loop2: detected capacity change from 0 to 256 [ 656.445098][ T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 656.500823][ T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 656.534952][ T43] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 656.619949][ T43] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 656.668797][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.824744][T10446] loop3: detected capacity change from 0 to 128 [ 656.842160][T10446] EXT4-fs: Ignoring removed nobh option [ 656.959569][T10446] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 656.981054][T10446] ext4 filesystem being mounted at /208/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 657.010634][ T43] usb 5-1: usb_control_msg returned -32 [ 657.021181][ T43] usbtmc 5-1:16.0: can't read capabilities [ 657.438870][ T5835] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 657.456927][T10453] overlayfs: missing 'lowerdir' [ 658.704829][ T971] usb 5-1: USB disconnect, device number 12 [ 660.114883][T10492] overlayfs: missing 'lowerdir' [ 660.399549][T10495] loop6: detected capacity change from 0 to 32768 [ 660.505776][T10495] XFS (loop6): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 660.581840][T10495] XFS (loop6): Ending clean mount [ 660.589805][T10495] XFS (loop6): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 [ 660.604546][T10495] XFS (loop6): Unmount and run xfs_repair [ 660.612437][T10495] XFS (loop6): First 128 bytes of corrupted metadata buffer: [ 660.620263][T10495] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 660.630870][T10495] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 660.641355][T10495] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 660.651255][T10495] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 660.660360][T10495] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 660.669397][T10495] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ................ [ 660.678334][T10495] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 660.687415][T10495] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 660.696322][T10495] XFS (loop6): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74 [ 660.707838][T10495] XFS (loop6): Failed to initialize disk quotas, err -117. [ 660.764402][T10506] loop4: detected capacity change from 0 to 256 [ 660.943916][T10508] overlayfs: missing 'lowerdir' [ 661.144894][ T7292] XFS (loop6): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 661.213872][ T7292] XFS (loop6): Uncorrected metadata errors detected; please run xfs_repair. [ 661.559540][T10522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1295'. [ 662.143751][T10522] syz.2.1295 (10522) used greatest stack depth: 19800 bytes left [ 662.787825][T10526] loop4: detected capacity change from 0 to 32768 [ 662.915055][T10526] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 662.923624][T10526] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 662.946924][T10526] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 662.958843][ T5896] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 662.978729][T10532] loop2: detected capacity change from 0 to 32768 [ 662.986346][ T5896] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 663.066516][T10532] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 663.122800][T10542] loop3: detected capacity change from 0 to 512 [ 663.151748][T10542] EXT4-fs: Ignoring removed nomblk_io_submit option [ 663.215323][T10542] EXT4-fs: Ignoring removed mblk_io_submit option [ 663.309105][T10542] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 663.378901][T10532] XFS (loop2): Ending clean mount [ 663.387610][T10532] XFS (loop2): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 [ 663.399000][T10532] XFS (loop2): Unmount and run xfs_repair [ 663.407167][T10532] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 663.414880][T10532] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 663.423829][T10532] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 663.433277][T10532] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 663.442304][T10532] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 663.451240][T10532] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 663.460152][T10532] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ................ [ 663.469155][T10532] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 663.478187][T10532] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 663.487114][T10532] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74 [ 663.492745][T10542] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 663.498739][T10532] XFS (loop2): Failed to initialize disk quotas, err -117. [ 663.553244][T10542] EXT4-fs (loop3): 1 truncate cleaned up [ 663.559292][T10532] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x26/0xe0, xfs_bnobt block 0x8 [ 663.567627][T10554] overlayfs: missing 'lowerdir' [ 663.570625][T10532] XFS (loop2): Unmount and run xfs_repair [ 663.581438][T10532] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 663.588851][T10532] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff AB3B............ [ 663.597345][T10542] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 663.597887][T10532] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 40 ...............@ [ 663.622443][T10532] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 663.631450][T10532] 00000030: 00 00 00 00 72 89 6f 7a 00 00 00 06 00 00 00 02 ....r.oz........ [ 663.640348][T10532] 00000040: 00 00 05 9a 00 00 00 06 00 00 05 b0 00 00 0a 50 ...............P [ 663.649298][T10532] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 663.658226][T10532] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 663.667173][T10532] 00000070: 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 ................ [ 663.676109][T10532] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x8 len 8 error 74 [ 663.687964][T10532] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 663.702711][T10532] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 663.768770][T10542] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 663.783594][ T5837] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 663.892151][ T5896] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 905ms [ 663.900645][ T5896] gfs2: fsid=syz:syz.0: jid=0: Done [ 663.964917][T10526] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 664.116445][T10526] gfs2: fsid=syz:syz.0: found 1 quota changes [ 664.161031][T10542] loop3: detected capacity change from 0 to 512 [ 664.274524][T10542] EXT4-fs (loop3): orphan cleanup on readonly fs [ 664.275040][T10562] loop0: detected capacity change from 0 to 512 [ 664.377952][T10542] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 664.555014][T10542] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 664.627148][T10562] EXT4-fs error (device loop0): ext4_iget_extra_inode:5034: inode #15: comm syz.0.1305: corrupted in-inode xattr: overlapping e_value [ 664.746955][T10562] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.1305: couldn't read orphan inode 15 (err -117) [ 664.810204][T10542] EXT4-fs error (device loop3): ext4_clear_blocks:874: inode #13: comm syz.3.1302: attempt to clear invalid blocks 2 len 1 [ 664.978015][T10562] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 665.037369][T10542] EXT4-fs error (device loop3): ext4_free_branches:1020: inode #13: comm syz.3.1302: invalid indirect mapped block 1819239214 (level 0) [ 665.154281][T10542] EXT4-fs error (device loop3): ext4_free_branches:1020: inode #13: comm syz.3.1302: invalid indirect mapped block 1819239214 (level 1) [ 665.182298][T10542] EXT4-fs (loop3): 1 truncate cleaned up [ 665.243053][T10542] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 665.712916][T10542] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.1302: Abort forced by user [ 665.996706][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 666.026752][T10542] EXT4-fs (loop3): Remounting filesystem read-only [ 666.060677][T10542] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 666.072662][T10575] overlayfs: missing 'lowerdir' [ 666.143721][T10578] overlayfs: missing 'lowerdir' [ 666.276075][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 666.315109][T10581] loop0: detected capacity change from 0 to 1024 [ 666.389615][T10581] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 666.830517][T10591] EXT4-fs error (device loop0): __ext4_remount:6736: comm syz.0.1309: Abort forced by user [ 666.945215][T10591] EXT4-fs (loop0): Remounting filesystem read-only [ 666.995387][T10591] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 667.316640][T10594] loop2: detected capacity change from 0 to 512 [ 667.353609][T10594] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 667.415452][T10594] EXT4-fs (loop2): 1 truncate cleaned up [ 667.432848][T10594] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 667.539297][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 667.637671][ T5837] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 668.563257][T10615] overlayfs: missing 'lowerdir' [ 669.606891][T10589] loop5: detected capacity change from 0 to 32768 [ 669.792130][T10592] loop3: detected capacity change from 0 to 32768 [ 669.965583][T10589] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR [ 669.970786][T10589] (syz.5.1313,10589,1):ocfs2_initialize_super:2229 ERROR: status = -12 [ 670.103864][T10589] (syz.5.1313,10589,1):ocfs2_fill_super:1177 ERROR: status = -12 [ 670.289760][T10632] overlayfs: missing 'lowerdir' [ 670.610322][T10640] loop4: detected capacity change from 0 to 1024 [ 670.637274][T10634] loop6: detected capacity change from 0 to 2048 [ 670.685967][T10634] EXT4-fs: inline encryption not supported [ 670.747283][T10634] EXT4-fs: Ignoring removed mblk_io_submit option [ 670.796776][T10634] ext4: Unknown parameter 'audit' [ 671.759771][T10650] loop2: detected capacity change from 0 to 256 [ 672.002120][ T5949] hfsplus: b-tree write err: -5, ino 3 [ 672.121699][ T5836] hfsplus: node 4:3 still has 1 user(s)! [ 672.188436][T10650] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 672.607928][T10657] loop6: detected capacity change from 0 to 32768 [ 672.975361][T10657] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0 [ 673.023383][T10657] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc [ 673.023383][T10657] allowing incompatible features above 0.0: (unknown version) [ 673.023383][T10657] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 673.063176][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.072350][T10657] bcachefs (loop6): recovering from clean shutdown, journal seq 10 [ 673.080580][T10657] bcachefs (loop6): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete [ 673.080580][T10657] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive [ 673.080580][T10657] running recovery passes: check_extents_to_backpointers,check_inodes [ 673.110184][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.120215][T10657] bcachefs (loop6): dropping and reconstructing all alloc info [ 673.177482][T10657] bcachefs (loop6): accounting_read... done [ 674.071555][T10657] bcachefs (loop6): alloc_read... done [ 674.077702][T10657] bcachefs (loop6): snapshots_read... done [ 674.085679][T10657] bcachefs (loop6): done starting filesystem [ 674.699495][ T7292] bcachefs (loop6): shutting down [ 675.018959][ T7292] bcachefs (loop6): shutdown complete [ 675.125096][T10676] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 675.154188][T10681] overlayfs: missing 'lowerdir' [ 676.369965][T10693] overlayfs: missing 'lowerdir' [ 677.540386][T10709] loop3: detected capacity change from 0 to 164 [ 677.587409][T10709] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 677.641343][ T5896] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 677.649054][T10709] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 677.658727][T10707] loop2: detected capacity change from 0 to 2048 [ 677.690314][T10707] EXT4-fs: inline encryption not supported [ 677.720155][T10707] EXT4-fs: Ignoring removed mblk_io_submit option [ 677.722886][T10709] Symlink component flag not implemented [ 677.746493][T10707] ext4: Unknown parameter 'audit' [ 677.780838][T10709] Symlink component flag not implemented [ 677.786956][T10709] Symlink component flag not implemented (7) [ 677.796927][T10709] Symlink component flag not implemented (116) [ 678.050822][ T5896] usb 6-1: Using ep0 maxpacket: 8 [ 678.062674][ T5896] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 678.091661][ T5896] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 678.244206][ T5896] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 678.475004][ T5896] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 678.823348][ T5896] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 678.888238][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.139024][ T5896] usb 6-1: GET_CAPABILITIES returned 0 [ 679.186079][ T5896] usbtmc 6-1:16.0: can't read capabilities [ 679.378290][ T5900] usb 6-1: USB disconnect, device number 7 [ 680.436202][T10721] loop6: detected capacity change from 0 to 1024 [ 680.509222][T10721] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 682.187216][T10732] loop5: detected capacity change from 0 to 256 [ 682.207827][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 683.853933][T10749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1359'. [ 683.894131][T10747] loop6: detected capacity change from 0 to 2048 [ 683.990702][T10747] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 683.993962][ T1221] usb 6-1: new low-speed USB device number 8 using dummy_hcd [ 684.187285][ T1221] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 684.271447][ T1221] usb 6-1: config 0 has no interface number 0 [ 684.277657][ T1221] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 684.283031][T10759] loop0: detected capacity change from 0 to 1024 [ 684.301900][T10747] EXT4-fs (loop6): shut down requested (1) [ 684.322612][ T1221] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 684.353940][ T1221] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 684.380540][ T1221] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.488304][ T1221] usb 6-1: config 0 descriptor?? [ 684.537610][T10745] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 684.618624][T10759] hfsplus: bad catalog entry type [ 684.637940][ T1221] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 684.658728][T10765] overlayfs: missing 'lowerdir' [ 684.687828][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 684.872793][ T49] hfsplus: b-tree write err: -5, ino 4 [ 684.994645][ T1221] usb 6-1: USB disconnect, device number 8 [ 685.414592][T10769] loop6: detected capacity change from 0 to 32768 [ 685.672915][T10769] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 685.681232][T10769] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 685.718972][T10769] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 685.901682][ T43] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 686.196827][ T43] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 687.137690][T10785] overlayfs: missing 'lowerdir' [ 687.321080][ T43] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1124ms [ 687.377383][ T43] gfs2: fsid=syz:syz.0: jid=0: Done [ 687.780803][T10769] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 688.560226][T10769] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 689.798001][T10802] loop3: detected capacity change from 0 to 4096 [ 691.037285][T10825] overlayfs: missing 'lowerdir' [ 692.171994][T10841] loop6: detected capacity change from 0 to 47 [ 693.740961][ T1221] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 694.250843][ T1221] usb 3-1: Using ep0 maxpacket: 32 [ 694.268441][ T1221] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 694.282285][ T1221] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 695.155426][ T1221] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 695.167454][ T1221] usb 3-1: config 1 has no interface number 0 [ 695.208841][ T1221] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 695.281258][ T1221] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 695.355090][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 695.362570][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 695.372063][ T1221] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 695.388512][ T1221] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 695.423349][ T1221] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 695.648013][ T1221] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 696.124772][T10874] loop5: detected capacity change from 0 to 32768 [ 696.132851][T10874] btrfs: Deprecated parameter 'usebackuproot' [ 696.139028][T10874] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 696.162578][T10874] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1392 (10874) [ 696.193630][ T43] usb 3-1: USB disconnect, device number 13 [ 696.200156][T10874] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 696.210518][T10874] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm [ 696.219458][T10874] BTRFS info (device loop5): using free-space-tree [ 696.248358][ T43] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 696.346540][T10896] loop0: detected capacity change from 0 to 512 [ 696.656314][T10898] overlayfs: missing 'lowerdir' [ 696.666640][T10874] BTRFS info (device loop5): rebuilding free space tree [ 696.749135][T10896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 696.786041][T10896] ext4 filesystem being mounted at /258/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 696.848643][ T30] audit: type=1800 audit(1748968815.766:23): pid=10896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1395" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 696.920058][T10874] BTRFS warning (device loop5): failed to trim 1 device(s), last error -512 [ 697.026826][ T5841] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 697.148397][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 697.213992][T10913] loop2: detected capacity change from 0 to 64 [ 697.756146][T10923] loop0: detected capacity change from 0 to 47 [ 697.814104][T10921] loop6: detected capacity change from 0 to 256 [ 697.862103][T10921] exfat: Deprecated parameter 'utf8' [ 697.897727][T10921] exfat: Deprecated parameter 'utf8' [ 697.977325][T10921] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 698.058786][T10923] syz.0.1400: attempt to access beyond end of device [ 698.058786][T10923] loop0: rw=2049, sector=48, nr_sectors = 8 limit=47 [ 698.199899][T10927] loop2: detected capacity change from 0 to 2048 [ 698.572040][T10927] EXT4-fs: inline encryption not supported [ 698.578118][T10927] EXT4-fs: Ignoring removed mblk_io_submit option [ 698.749482][T10927] ext4: Unknown parameter 'audit' [ 698.762159][T10931] loop5: detected capacity change from 0 to 65536 [ 698.787166][T10935] overlayfs: missing 'lowerdir' [ 698.962559][T10931] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 699.066947][T10931] XFS (loop5): Ending clean mount [ 699.916141][T10953] loop0: detected capacity change from 0 to 256 [ 699.984098][ T5841] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 700.075135][T10953] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 700.176563][ T30] audit: type=1800 audit(1748968819.086:24): pid=10953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1408" name="file1" dev="loop0" ino=1048660 res=0 errno=0 [ 701.014692][T10967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1415'. [ 701.158676][ T43] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 701.206669][T10972] loop5: detected capacity change from 0 to 64 [ 701.321124][ T43] usb 7-1: Using ep0 maxpacket: 8 [ 701.487285][ T43] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 701.871597][ T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 701.953702][ T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 702.065684][ T43] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 702.139180][ T43] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 702.190184][ T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.301384][T10975] loop4: detected capacity change from 0 to 524255232 [ 702.450654][ T43] usb 7-1: GET_CAPABILITIES returned 0 [ 702.474958][ T43] usbtmc 7-1:16.0: can't read capabilities [ 702.865648][ T5903] usb 7-1: USB disconnect, device number 7 [ 702.986165][T10983] loop5: detected capacity change from 0 to 2048 [ 703.041679][T10983] EXT4-fs: inline encryption not supported [ 703.069291][T10983] EXT4-fs: Ignoring removed mblk_io_submit option [ 703.119755][T10983] ext4: Unknown parameter 'audit' [ 704.820405][T10994] loop4: detected capacity change from 0 to 1024 [ 704.938662][T10994] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 705.494730][T10994] ext4 filesystem being mounted at /252/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 705.705135][T10994] EXT4-fs error (device loop4): ext4_xattr_block_find:1869: inode #15: comm syz.4.1426: corrupted xattr block 128: invalid ea_ino [ 705.927468][T10994] EXT4-fs (loop4): Remounting filesystem read-only [ 706.285945][T11004] loop0: detected capacity change from 0 to 131072 [ 706.296243][T11004] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0) [ 706.304496][T11004] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 706.360200][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 706.406221][T11004] F2FS-fs (loop0): invalid crc value [ 706.550061][T11004] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 706.557325][T11004] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 708.378520][T11041] loop5: detected capacity change from 0 to 2048 [ 708.415996][T11041] EXT4-fs: inline encryption not supported [ 708.471700][T11041] EXT4-fs: Ignoring removed mblk_io_submit option [ 708.478981][T11041] ext4: Unknown parameter 'audit' [ 708.991659][ T43] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 709.311089][ T43] usb 3-1: Using ep0 maxpacket: 8 [ 709.615646][ T43] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 709.691223][ T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 709.759268][ T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 709.787794][T11055] overlayfs: missing 'lowerdir' [ 709.820773][ T43] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 709.885256][ T43] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 709.936310][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.300452][ T43] usb 3-1: GET_CAPABILITIES returned 0 [ 710.358235][ T43] usbtmc 3-1:16.0: can't read capabilities [ 710.640448][ T43] usb 3-1: USB disconnect, device number 14 [ 712.004003][T11080] overlayfs: missing 'lowerdir' [ 712.226784][T11085] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1461'. [ 712.260895][T11085] netlink: 'syz.2.1461': attribute type 7 has an invalid length. [ 712.301030][T11085] netlink: 'syz.2.1461': attribute type 8 has an invalid length. [ 712.308904][T11085] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1461'. [ 712.850479][T11094] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1464'. [ 712.895862][T11094] netlink: 'syz.3.1464': attribute type 7 has an invalid length. [ 712.920965][T11094] netlink: 'syz.3.1464': attribute type 8 has an invalid length. [ 712.959471][T11094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1464'. [ 713.823844][T11104] loop2: detected capacity change from 0 to 2048 [ 713.910203][T11104] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 714.061249][T11108] ALSA: mixer_oss: invalid OSS volume '' [ 716.572214][T11133] loop0: detected capacity change from 0 to 256 [ 716.579656][T11133] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x0000000000000000' [ 716.783047][T11131] loop2: detected capacity change from 0 to 32768 [ 716.790411][T11131] btrfs: Deprecated parameter 'usebackuproot' [ 716.796631][T11131] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 716.847050][T11131] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1459 (11131) [ 716.897097][T11131] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 716.907422][T11131] BTRFS info (device loop2): using sha256 (sha256-x86_64) checksum algorithm [ 716.916495][T11131] BTRFS info (device loop2): using free-space-tree [ 717.069806][T11131] BTRFS info (device loop2): rebuilding free space tree [ 717.215720][T11158] overlayfs: missing 'lowerdir' [ 717.704769][T11131] BTRFS warning (device loop2): failed to trim 1 device(s), last error -512 [ 717.787879][T11170] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1470'. [ 717.810455][ T5837] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 717.861023][T11170] netlink: 'syz.6.1470': attribute type 7 has an invalid length. [ 717.871091][T11170] netlink: 'syz.6.1470': attribute type 8 has an invalid length. [ 717.929445][T11170] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1470'. [ 718.089968][T11175] loop5: detected capacity change from 0 to 256 [ 718.203694][T11175] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 718.341514][T11178] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1472'. [ 718.388594][T11180] overlayfs: missing 'lowerdir' [ 718.478894][ T30] audit: type=1800 audit(1748968837.386:25): pid=11175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1474" name="file1" dev="loop5" ino=1048662 res=0 errno=0 [ 720.884231][T11196] loop2: detected capacity change from 0 to 2048 [ 722.061887][T11196] EXT4-fs: inline encryption not supported [ 722.404716][T11196] EXT4-fs: Ignoring removed mblk_io_submit option [ 722.431122][T11196] ext4: Unknown parameter 'audit' [ 723.532742][T11219] loop4: detected capacity change from 0 to 2048 [ 723.617736][T11219] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 723.683789][T11222] veth1_macvtap: left promiscuous mode [ 724.042034][T11229] ALSA: mixer_oss: invalid OSS volume '' [ 724.343438][T11230] overlayfs: missing 'lowerdir' [ 724.790240][T11235] loop6: detected capacity change from 0 to 512 [ 724.881261][T11235] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 724.899906][T11235] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 725.012821][ T30] audit: type=1800 audit(1748968843.936:26): pid=11235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1489" name="file2" dev="loop6" ino=16 res=0 errno=0 [ 725.311051][T11243] loop4: detected capacity change from 0 to 32768 [ 725.318694][T11243] btrfs: Deprecated parameter 'usebackuproot' [ 725.325020][T11243] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 725.338239][T11243] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1488 (11243) [ 725.381074][T11243] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 725.391610][T11243] BTRFS info (device loop4): using sha256 (sha256-x86_64) checksum algorithm [ 725.400605][T11243] BTRFS info (device loop4): using free-space-tree [ 725.633102][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 726.741721][T11243] BTRFS info (device loop4): rebuilding free space tree [ 728.186253][T11282] fuse: Bad value for 'fd' [ 728.870876][T11285] loop0: detected capacity change from 0 to 2048 [ 728.888720][T11285] EXT4-fs: inline encryption not supported [ 728.911227][T11285] EXT4-fs: Ignoring removed mblk_io_submit option [ 728.923108][T11279] netlink: 14528 bytes leftover after parsing attributes in process `syz.6.1494'. [ 728.963066][T11285] ext4: Unknown parameter 'audit' [ 729.189951][T11290] loop2: detected capacity change from 0 to 256 [ 729.317103][T11243] BTRFS warning (device loop4): failed to trim 1 device(s), last error -512 [ 729.324629][T11290] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 729.852145][ T30] audit: type=1800 audit(1748968848.766:27): pid=11290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1501" name="file1" dev="loop2" ino=1048664 res=0 errno=0 [ 729.873071][ C1] vkms_vblank_simulate: vblank timer overrun [ 729.884410][T11290] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 729.945798][T11290] exFAT-fs (loop2): Filesystem has been set read-only [ 730.001220][T11290] exFAT-fs (loop2): error, failed to bmap (inode : ffff888053e734d8 iblock : 8, err : -5) [ 730.066039][ T5836] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 730.101272][T11290] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 731.138073][T11311] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1509'. [ 732.104244][T11320] loop3: detected capacity change from 0 to 16 [ 732.152395][T11320] erofs (device loop3): mounted with root inode @ nid 36. [ 732.468032][T11326] overlayfs: missing 'lowerdir' [ 733.082435][T11339] loop5: detected capacity change from 0 to 2048 [ 733.243400][T11341] loop3: detected capacity change from 0 to 32768 [ 733.251140][T11341] btrfs: Deprecated parameter 'usebackuproot' [ 733.257292][T11341] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 733.268674][T11339] EXT4-fs: inline encryption not supported [ 733.310980][T11341] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1518 (11341) [ 733.331906][T11339] EXT4-fs: Ignoring removed mblk_io_submit option [ 733.360920][T11339] ext4: Unknown parameter 'audit' [ 733.376872][T11341] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 733.387093][T11341] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 733.400844][T11341] BTRFS info (device loop3): using free-space-tree [ 734.144085][T11341] BTRFS info (device loop3): rebuilding free space tree [ 734.768340][T11372] loop5: detected capacity change from 0 to 64 [ 734.901963][T11341] BTRFS warning (device loop3): failed to trim 1 device(s), last error -512 [ 735.045014][ T5835] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 735.091255][T11379] loop4: detected capacity change from 0 to 128 [ 735.312885][T11379] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 735.400982][T11379] ext4 filesystem being mounted at /272/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 735.610385][T11386] loop6: detected capacity change from 0 to 1024 [ 735.758635][T11386] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 735.761987][T11389] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1530'. [ 735.875801][T11379] fscrypt: Error allocating hmac(sha512): -2 [ 736.025578][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 736.156220][ T5836] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 736.251087][T11401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1533'. [ 736.453300][T11405] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1535'. [ 736.954974][T11416] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 738.163509][T11427] loop0: detected capacity change from 0 to 512 [ 738.294179][T11427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 738.327403][T11427] ext4 filesystem being mounted at /282/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 738.430175][T11427] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #4: comm syz.0.1542: corrupted inode contents [ 738.522831][T11427] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #4: comm syz.0.1542: mark_inode_dirty error [ 738.626721][ T30] audit: type=1326 audit(1748968857.546:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11442 comm="syz.4.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa374b8e969 code=0x7ffc0000 [ 738.704929][T11427] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #4: comm syz.0.1542: corrupted inode contents [ 738.735936][ T30] audit: type=1326 audit(1748968857.546:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11442 comm="syz.4.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fa374b8e969 code=0x7ffc0000 [ 738.758215][ C1] vkms_vblank_simulate: vblank timer overrun [ 738.816645][T11427] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #4: comm syz.0.1542: mark_inode_dirty error [ 738.852810][T11427] Quota error (device loop0): write_blk: dquota write failed [ 738.871296][T11427] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 738.897740][ T30] audit: type=1326 audit(1748968857.546:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11442 comm="syz.4.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa374b8e969 code=0x7ffc0000 [ 738.966681][T11427] EXT4-fs error (device loop0): ext4_acquire_dquot:6931: comm syz.0.1542: Failed to acquire dquot type 1 [ 738.991056][T11441] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #4: comm syz.0.1542: corrupted inode contents [ 739.012289][T11441] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #4: comm syz.0.1542: mark_inode_dirty error [ 739.171199][T11457] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1551'. [ 739.235752][T11441] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #4: comm syz.0.1542: corrupted inode contents [ 739.248047][ T971] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 739.500313][T11453] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1551'. [ 739.551292][ T971] usb 3-1: Using ep0 maxpacket: 8 [ 739.717511][ T971] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 739.765897][T11441] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #4: comm syz.0.1542: mark_inode_dirty error [ 739.860775][ T971] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 739.875141][T11441] Quota error (device loop0): write_blk: dquota write failed [ 739.883141][T11441] Quota error (device loop0): find_free_dqentry: Can't write quota data block 5 [ 739.892659][T11441] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 739.904595][T11441] EXT4-fs error (device loop0): ext4_acquire_dquot:6931: comm syz.0.1542: Failed to acquire dquot type 1 [ 739.941604][T11443] Quota error (device loop0): do_insert_tree: Inserting already present quota entry (block 7) [ 739.950806][ T971] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 740.002641][T11443] Quota error (device loop0): qtree_write_dquot: Error -5 occurred while creating quota [ 740.007925][ T971] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 740.028982][ T971] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 740.091356][ T971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.132000][ T971] hub 3-1:1.0: bad descriptor, ignoring hub [ 740.137960][ T971] hub 3-1:1.0: probe with driver hub failed with error -5 [ 740.238216][T11464] sp0: Synchronizing with TNC [ 740.265899][ T971] cdc_wdm 3-1:1.0: skipping garbage [ 740.303256][ T971] cdc_wdm 3-1:1.0: skipping garbage [ 740.388616][ T971] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 740.441280][ T971] cdc_wdm 3-1:1.0: Unknown control protocol [ 740.548314][ T971] usb 3-1: USB disconnect, device number 15 [ 740.863395][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 741.030861][ T971] usb 3-1: new low-speed USB device number 16 using dummy_hcd [ 741.069933][T11478] netlink: 'syz.4.1556': attribute type 11 has an invalid length. [ 741.098438][T11478] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1556'. [ 741.206200][ T971] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 741.221884][ T971] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 741.237586][ T971] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 741.259008][ T971] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 741.283371][ T971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.361745][T11450] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 741.373463][ T971] hub 3-1:1.0: bad descriptor, ignoring hub [ 741.398498][ T971] hub 3-1:1.0: probe with driver hub failed with error -5 [ 741.443120][ T971] cdc_wdm 3-1:1.0: skipping garbage [ 741.448396][ T971] cdc_wdm 3-1:1.0: skipping garbage [ 741.488968][ T971] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 741.506874][ T971] cdc_wdm 3-1:1.0: Unknown control protocol [ 741.923562][ T1221] usb 3-1: USB disconnect, device number 16 [ 742.386307][T11491] loop5: detected capacity change from 0 to 128 [ 742.547847][T11491] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 742.613274][T11491] ext4 filesystem being mounted at /281/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 742.645282][ C1] vkms_vblank_simulate: vblank timer overrun [ 742.698393][T11497] loop3: detected capacity change from 0 to 2048 [ 742.728644][T11497] EXT4-fs: inline encryption not supported [ 742.753977][T11497] EXT4-fs: Ignoring removed mblk_io_submit option [ 742.817201][T11497] ext4: Unknown parameter 'audit' [ 744.498661][ T5841] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 745.896051][T11519] loop0: detected capacity change from 0 to 2048 [ 745.936295][T11519] EXT4-fs: inline encryption not supported [ 745.958795][T11519] EXT4-fs: Ignoring removed mblk_io_submit option [ 745.989602][T11519] ext4: Unknown parameter 'audit' [ 746.277497][T11524] mkiss: ax0: crc mode is auto. [ 747.596814][T11542] loop6: detected capacity change from 0 to 2048 [ 747.661987][T11542] EXT4-fs: inline encryption not supported [ 747.731159][T11542] EXT4-fs: Ignoring removed mblk_io_submit option [ 747.737745][T11542] ext4: Unknown parameter 'audit' [ 750.817275][T11583] loop5: detected capacity change from 0 to 256 [ 750.952498][T11583] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 751.029050][T11592] loop2: detected capacity change from 0 to 128 [ 751.072286][ T30] audit: type=1800 audit(1748968869.986:31): pid=11583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1587" name="file1" dev="loop5" ino=1048666 res=0 errno=0 [ 751.089212][T11583] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008) [ 751.127541][T11592] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 751.148866][T11583] exFAT-fs (loop5): Filesystem has been set read-only [ 751.156220][T11583] exFAT-fs (loop5): error, failed to bmap (inode : ffff888053d01b18 iblock : 8, err : -5) [ 751.172552][T11583] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008) [ 751.239238][T11592] ext4 filesystem being mounted at /264/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 751.299182][ T6085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 751.328105][ T6085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 751.482098][T11601] bond0: entered promiscuous mode [ 751.487199][T11601] bond_slave_0: entered promiscuous mode [ 751.544495][T11601] bond_slave_1: entered promiscuous mode [ 751.572974][T11601] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 751.625685][T11601] batadv0: entered promiscuous mode [ 751.685421][T11601] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 751.736181][T11601] bond0: left promiscuous mode [ 751.753381][T11601] bond_slave_0: left promiscuous mode [ 751.775436][T11601] bond_slave_1: left promiscuous mode [ 751.796814][T11601] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 751.834989][T11601] batadv0: left promiscuous mode [ 752.115647][ T5837] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 752.302831][T11613] input: syz0 as /devices/virtual/input/input10 [ 752.715059][T11620] loop2: detected capacity change from 0 to 128 [ 752.842136][T11620] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 752.916989][T11620] ext4 filesystem being mounted at /265/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 752.967097][T11629] loop3: detected capacity change from 0 to 2048 [ 752.987694][T11629] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 753.114496][ T971] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 753.695728][ T971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 753.757054][ T971] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 753.786730][ T971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.820063][ T971] usb 6-1: config 0 descriptor?? [ 753.845485][T11625] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 754.200094][ T5837] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 754.299041][T11643] loop6: detected capacity change from 0 to 2048 [ 754.366295][ T971] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 754.444405][T11643] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 754.481857][ T971] elan 0003:04F3:0755.0008: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0 [ 754.669473][ T971] usb 6-1: USB disconnect, device number 9 [ 754.676827][T11640] loop3: detected capacity change from 0 to 32768 [ 754.733113][T11640] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 754.742841][T11640] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 754.756566][T11640] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 754.819740][T11640] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 754.995705][T11650] overlayfs: missing 'lowerdir' [ 755.203761][T11652] netlink: 14528 bytes leftover after parsing attributes in process `syz.2.1607'. [ 755.359302][T11654] netlink: 43 bytes leftover after parsing attributes in process `syz.6.1608'. [ 755.452277][T11646] fido_id[11646]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 755.781354][T11657] loop0: detected capacity change from 0 to 1024 [ 755.852943][T11662] loop6: detected capacity change from 0 to 128 [ 755.871392][T11658] loop5: detected capacity change from 0 to 2048 [ 755.880352][T11658] EXT4-fs: inline encryption not supported [ 755.888538][T11657] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 755.925542][T11658] EXT4-fs: Ignoring removed mblk_io_submit option [ 755.992800][T11662] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 756.017390][T11658] ext4: Unknown parameter 'audit' [ 756.033380][T11662] ext4 filesystem being mounted at /196/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 756.379245][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 756.789263][ T7292] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 756.873273][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 756.879639][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 757.329649][T11678] loop4: detected capacity change from 0 to 2048 [ 757.352429][T11678] EXT4-fs: inline encryption not supported [ 757.373693][T11678] EXT4-fs: Ignoring removed mblk_io_submit option [ 757.380238][T11678] ext4: Unknown parameter 'audit' [ 757.386951][T11682] sp0: Synchronizing with TNC [ 758.760322][T11694] loop6: detected capacity change from 0 to 512 [ 760.001059][T11694] EXT4-fs error (device loop6): ext4_iget_extra_inode:5034: inode #15: comm syz.6.1621: corrupted in-inode xattr: overlapping e_value [ 760.019404][T11694] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.1621: couldn't read orphan inode 15 (err -117) [ 760.037238][T11694] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 760.421322][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 760.577742][T11707] loop4: detected capacity change from 0 to 128 [ 760.859415][T11707] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 760.918143][T11707] ext4 filesystem being mounted at /289/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 760.950341][ C1] vkms_vblank_simulate: vblank timer overrun [ 761.234458][T11713] input: syz1 as /devices/virtual/input/input11 [ 761.495389][ T5836] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 761.498248][T11716] loop0: detected capacity change from 0 to 256 [ 761.562866][T11716] exfat: Unknown parameter 'namecascard' [ 761.890234][T11722] /dev/nullb0: Can't open blockdev [ 761.949481][T11725] loop6: detected capacity change from 0 to 512 [ 761.981810][T11725] EXT4-fs: Ignoring removed nomblk_io_submit option [ 761.988549][T11725] EXT4-fs: Ignoring removed mblk_io_submit option [ 762.088742][T11725] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2 [ 762.145897][T11725] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -2 [ 762.157083][T11725] EXT4-fs (loop6): 1 truncate cleaned up [ 762.165382][T11725] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 762.184147][T11725] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 762.394601][ T5896] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 762.512569][T11725] loop6: detected capacity change from 0 to 512 [ 762.588487][T11725] EXT4-fs (loop6): orphan cleanup on readonly fs [ 762.606590][T11738] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1647'. [ 762.607595][ T5896] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 762.627091][T11725] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13 [ 762.627865][ T5896] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 762.648914][ T5896] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 762.661724][ T5896] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 762.691223][ T5896] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 762.698483][T11725] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 762.701163][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.766388][T11725] EXT4-fs error (device loop6): ext4_clear_blocks:874: inode #13: comm syz.6.1631: attempt to clear invalid blocks 2 len 1 [ 762.846700][T11725] EXT4-fs error (device loop6): ext4_free_branches:1020: inode #13: comm syz.6.1631: invalid indirect mapped block 1819239214 (level 0) [ 762.851119][ T5896] usb 1-1: config 0 descriptor?? [ 762.913854][T11737] loop2: detected capacity change from 0 to 8192 [ 762.949006][T11725] EXT4-fs error (device loop6): ext4_free_branches:1020: inode #13: comm syz.6.1631: invalid indirect mapped block 1819239214 (level 1) [ 762.951760][T11731] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 763.011356][T11725] EXT4-fs (loop6): 1 truncate cleaned up [ 763.044653][T11725] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 763.113902][T11741] sp0: Synchronizing with TNC [ 763.193774][T11737] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 763.216015][T11737] FAT-fs (loop2): Filesystem has been set read-only [ 763.312654][T11725] EXT4-fs error (device loop6): __ext4_remount:6736: comm syz.6.1631: Abort forced by user [ 763.363012][T11725] EXT4-fs (loop6): Remounting filesystem read-only [ 763.379916][T11725] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000. [ 763.610484][ T5896] plantronics 0003:047F:FFFF.0009: reserved main item tag 0xd [ 763.623652][ T5896] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 764.391589][ T5896] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 764.540301][ T5896] usb 1-1: USB disconnect, device number 9 [ 764.548760][ T7292] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 765.086712][T11756] loop4: detected capacity change from 0 to 32768 [ 765.163048][T11756] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 766.161090][T11756] XFS (loop4): Ending clean mount [ 766.167425][T11756] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 [ 766.178952][T11756] XFS (loop4): Unmount and run xfs_repair [ 766.184804][T11756] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 766.192261][T11756] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 766.201248][T11756] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 766.210126][T11756] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 766.219975][T11756] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 766.229353][T11756] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 766.238264][T11756] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ................ [ 766.247155][T11756] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 766.256057][T11756] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 766.264962][T11756] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74 [ 766.276491][T11756] XFS (loop4): Failed to initialize disk quotas, err -117. [ 766.287867][T11752] fido_id[11752]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 766.471110][T11780] syzkaller1: entered promiscuous mode [ 766.531964][T11780] syzkaller1: entered allmulticast mode [ 766.564033][ T5836] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 766.607424][ T5836] XFS (loop4): Uncorrected metadata errors detected; please run xfs_repair. [ 766.764160][T11782] loop2: detected capacity change from 0 to 1024 [ 766.798937][T11782] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 766.812155][T11782] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 766.827961][T11782] JBD2: no valid journal superblock found [ 766.839731][T11782] EXT4-fs (loop2): Could not load journal inode [ 767.402157][T11788] tun0: tun_chr_ioctl cmd 1074025675 [ 767.410889][T11788] tun0: persist enabled [ 767.428895][T11788] tun0: tun_chr_ioctl cmd 1074025675 [ 767.440787][T11788] tun0: persist disabled [ 767.683588][T11794] loop3: detected capacity change from 0 to 128 [ 767.862367][T11797] bond0: entered promiscuous mode [ 767.878851][T11797] bond_slave_0: entered promiscuous mode [ 767.899366][T11797] bond_slave_1: entered promiscuous mode [ 767.947708][T11797] batadv0: entered promiscuous mode [ 767.978210][T11792] loop4: detected capacity change from 0 to 32768 [ 767.988349][T11797] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 768.016073][T11797] bond0: left promiscuous mode [ 768.034211][T11794] syz.3.1652: attempt to access beyond end of device [ 768.034211][T11794] loop3: rw=1, sector=145, nr_sectors = 77 limit=128 [ 768.054398][T11797] bond_slave_0: left promiscuous mode [ 768.068638][T11792] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 768.082763][T11797] bond_slave_1: left promiscuous mode [ 768.089510][T11797] batadv0: left promiscuous mode [ 768.322245][T11792] XFS (loop4): Ending clean mount [ 768.342698][T11792] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 [ 768.353827][T11792] XFS (loop4): Unmount and run xfs_repair [ 768.359675][T11792] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 768.368164][T11792] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 768.377172][T11792] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 768.386371][T11792] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 768.395319][T11792] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 768.404314][T11792] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 768.413319][T11792] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ................ [ 768.422367][T11792] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 768.431319][T11792] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 768.440200][T11792] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74 [ 768.451841][T11792] XFS (loop4): Failed to initialize disk quotas, err -117. [ 768.502686][T11792] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x26/0xe0, xfs_bnobt block 0x8 [ 768.513810][T11792] XFS (loop4): Unmount and run xfs_repair [ 768.519561][T11792] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 768.527096][T11792] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff AB3B............ [ 768.536072][T11792] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 40 ...............@ [ 768.545209][T11792] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 768.554151][T11792] 00000030: 00 00 00 00 72 89 6f 7a 00 00 00 06 00 00 00 02 ....r.oz........ [ 768.563143][T11792] 00000040: 00 00 05 9a 00 00 00 06 00 00 05 b0 00 00 0a 50 ...............P [ 768.573441][T11792] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 768.582496][T11792] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 768.591455][T11792] 00000070: 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 ................ [ 768.600516][T11792] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x8 len 8 error 74 [ 768.614466][T11792] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 768.629203][T11792] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 768.926858][ T5836] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 770.625261][T11830] loop2: detected capacity change from 0 to 128 [ 770.646769][T11830] EXT4-fs: Ignoring removed nobh option [ 770.693218][T11830] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 770.744855][T11819] loop5: detected capacity change from 0 to 32768 [ 770.772305][T11830] ext4 filesystem being mounted at /275/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 770.952683][T11819] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 771.250646][ T5837] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 771.524774][T11841] loop0: detected capacity change from 0 to 4096 [ 771.631084][ T5841] ocfs2: Unmounting device (7,5) on (node local) [ 771.690113][T11851] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 771.751677][ T30] audit: type=1800 audit(1748968890.669:32): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1664" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 771.752872][T11848] pim6reg1: entered promiscuous mode [ 771.772142][ C1] vkms_vblank_simulate: vblank timer overrun [ 771.870867][T11848] pim6reg1: entered allmulticast mode [ 773.463608][T11863] loop0: detected capacity change from 0 to 32768 [ 773.546340][T11863] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 773.554759][T11863] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 773.569057][T11863] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 773.580018][ T5900] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 773.595716][ T5900] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 773.880643][T11867] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 774.342191][ T5900] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 746ms [ 774.475639][ T5900] gfs2: fsid=syz:syz.0: jid=0: Done [ 774.505924][T11863] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 774.647358][T11863] gfs2: fsid=syz:syz.0: found 1 quota changes [ 774.872475][T11885] loop6: detected capacity change from 0 to 524287999 [ 775.103379][ T8218] Buffer I/O error on dev loop6, logical block 65535999, async page read [ 775.516874][ T5834] Buffer I/O error on dev loop6, logical block 65535999, async page read [ 775.811260][ T5834] Buffer I/O error on dev loop6, logical block 65535999, async page read [ 776.108260][ T5834] Buffer I/O error on dev loop6, logical block 65535999, async page read [ 776.783901][T11878] loop5: detected capacity change from 0 to 40427 [ 776.833748][T11878] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504) [ 776.878111][T11878] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 776.911827][T11878] F2FS-fs (loop5): build fault injection type: 0x0 [ 776.977897][T11878] F2FS-fs (loop5): invalid crc value [ 777.450106][T11878] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 777.484636][T11878] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 777.852531][T11919] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 778.079414][T11921] loop3: detected capacity change from 0 to 2048 [ 778.152208][T11921] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 778.274024][T11927] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 778.675182][ T5835] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 147 [ 778.741222][ T5835] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 778.778677][ T5835] Remounting filesystem read-only [ 778.793848][ T5835] NILFS (loop3): error -5 truncating bmap (ino=15) [ 778.811145][ T8879] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 778.844393][ T5835] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 778.971254][ T8879] usb 7-1: Using ep0 maxpacket: 8 [ 778.998104][ T8879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 779.051407][ T8879] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 779.090773][ T8879] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.145046][ T8879] usb 7-1: config 0 descriptor?? [ 779.285362][T11937] af_packet: tpacket_rcv: packet too big, clamped from 4 to 4294967272. macoff=96 [ 779.412147][ T8879] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 779.949096][ T8879] usb 7-1: USB disconnect, device number 8 [ 780.008603][T11951] loop0: detected capacity change from 0 to 256 [ 780.111169][T11951] exfat: Deprecated parameter 'utf8' [ 780.170400][T11951] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 781.227673][T11966] loop4: detected capacity change from 0 to 2048 [ 781.481081][T11966] EXT4-fs: inline encryption not supported [ 781.487182][T11966] EXT4-fs: Ignoring removed mblk_io_submit option [ 781.567119][T11966] ext4: Unknown parameter 'audit' [ 782.049190][ T43] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 782.244931][ T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 782.276685][ T43] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 782.341280][ T43] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 782.361034][ T5896] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 782.467439][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 782.513139][ T43] usb 3-1: Product: syz [ 782.533943][ T43] usb 3-1: Manufacturer: syz [ 782.579915][ T43] usb 3-1: SerialNumber: syz [ 782.625145][ T43] cdc_mbim 3-1:1.0: skipping garbage [ 782.631121][ T5896] usb 1-1: Using ep0 maxpacket: 8 [ 782.672776][ T5896] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 782.736191][ T5896] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 782.828772][ T5896] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 782.882544][T11976] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 782.941055][ T5896] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 782.999610][T11987] loop5: detected capacity change from 0 to 512 [ 783.015982][ T5896] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 783.038029][T11987] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 783.059797][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.112738][T11987] EXT4-fs (loop5): 1 truncate cleaned up [ 783.173986][T11987] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 783.305372][ T5896] usb 1-1: GET_CAPABILITIES returned 0 [ 783.327236][ T5896] usbtmc 1-1:16.0: can't read capabilities [ 783.489054][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 783.573138][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 783.586993][T11976] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 783.614394][ T5896] usb 1-1: USB disconnect, device number 10 [ 783.623651][ T43] cdc_mbim 3-1:1.0: setting tx_max = 184 [ 783.662951][ T43] cdc_mbim 3-1:1.0: cdc-wdm1: USB WDM device [ 783.750971][ T43] wwan wwan0: port wwan0mbim0 attached [ 783.812977][ T43] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 12:f3:34:3e:93:31 [ 783.906916][ T43] usb 3-1: USB disconnect, device number 17 [ 783.942482][ T43] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM [ 784.114379][ T43] wwan wwan0: port wwan0mbim0 disconnected [ 784.131642][ T1221] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 784.332057][ T1221] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 784.363687][ T1221] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.396470][ T1221] usb 4-1: config 0 descriptor?? [ 784.575150][T12008] program syz.6.1720 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 784.991162][ T5896] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 785.057912][ T971] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 785.221769][ T5896] usb 3-1: Using ep0 maxpacket: 8 [ 785.288252][ T5896] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 785.318296][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 785.515802][ T5896] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 785.524103][ T971] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 785.601861][ T971] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 785.624553][ T971] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 785.636137][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 785.648992][ T971] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 785.701767][ T971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.718969][ T1221] usb 4-1: Cannot set autoneg [ 785.724110][ T1221] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 785.771076][ T971] usb 1-1: config 0 descriptor?? [ 785.800733][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 785.816888][ T1221] usb 4-1: USB disconnect, device number 11 [ 785.857813][ T5896] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 785.889718][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 785.921824][ T5896] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 785.981057][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 786.016627][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 786.049887][ T5896] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 786.066659][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 786.119299][ T5896] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 786.150781][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 786.170745][ T5896] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 786.199877][ T5896] usb 3-1: string descriptor 0 read error: -22 [ 786.218230][ T5896] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 786.267731][ T971] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 786.270855][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.297072][ T971] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 786.381954][ T971] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 786.403425][ T5896] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 786.529351][T12037] ip6gre1: entered allmulticast mode [ 787.158877][T12043] loop6: detected capacity change from 0 to 32768 [ 787.167724][T12043] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1733 (12043) [ 787.199137][T12043] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 787.211031][T12043] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm [ 787.220460][T12043] BTRFS info (device loop6): disk space caching is enabled [ 787.227783][T12043] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 787.507292][T12043] BTRFS info (device loop6): rebuilding free space tree [ 787.524140][T12043] BTRFS info (device loop6): disabling free space tree [ 787.531197][T12043] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 787.541560][T12043] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 787.667512][T12065] netlink: 'syz.3.1735': attribute type 1 has an invalid length. [ 787.688007][ T5903] usb 3-1: USB disconnect, device number 18 [ 787.705796][ T30] audit: type=1800 audit(1748968906.629:33): pid=12043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1733" name="file0" dev="loop6" ino=258 res=0 errno=0 [ 787.721289][T12065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1735'. [ 787.729128][T12043] fs-verity: sha512 using implementation "sha512-avx2" [ 787.755774][T12043] BTRFS info (device loop6): setting compat-ro feature flag for VERITY (0x4) [ 787.774246][T12065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1735'. [ 787.837331][T12065] netlink: 'syz.3.1735': attribute type 1 has an invalid length. [ 787.870054][T12065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1735'. [ 788.038436][ T7292] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 788.269262][T12038] loop4: detected capacity change from 0 to 32768 [ 788.300190][T12071] netlink: 35 bytes leftover after parsing attributes in process `syz.3.1737'. [ 788.373460][T12038] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1732 (12038) [ 788.456184][T12038] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 788.500228][T12038] BTRFS info (device loop4): using crc32c (crc32c-x86_64) checksum algorithm [ 788.546911][ T5896] usb 1-1: USB disconnect, device number 11 [ 788.597903][T12038] BTRFS info (device loop4): using free-space-tree [ 789.477864][T12075] loop6: detected capacity change from 0 to 2048 [ 789.485830][T12038] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 789.486409][T12038] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 789.531435][T12038] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 789.562437][T12075] EXT4-fs: inline encryption not supported [ 789.573009][T12095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1741'. [ 789.588000][T12095] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1741'. [ 789.623703][T12095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1741'. [ 789.656078][T12075] EXT4-fs: Ignoring removed mblk_io_submit option [ 789.668951][T12075] ext4: Unknown parameter 'audit' [ 789.746727][T12038] BTRFS error (device loop4): open_ctree failed: -12 [ 791.204685][T12113] loop0: detected capacity change from 0 to 2048 [ 791.252511][T12113] EXT4-fs: inline encryption not supported [ 791.278011][T12113] EXT4-fs: Ignoring removed mblk_io_submit option [ 791.318490][T12113] ext4: Unknown parameter 'audit' [ 791.955928][T12121] loop4: detected capacity change from 0 to 128 [ 792.040462][T12121] hpfs: Unknown parameter 'rootcontext' [ 792.169388][T12126] TCP: tcp_parse_options: Illegal window scaling value 253 > 14 received [ 794.784695][T12161] overlayfs: missing 'lowerdir' [ 796.011100][ T5896] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 796.217286][ T5896] usb 7-1: Using ep0 maxpacket: 8 [ 796.315828][ T5896] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 796.512346][ T5896] usb 7-1: config 0 has no interface number 0 [ 796.536353][T12173] loop5: detected capacity change from 0 to 2048 [ 796.636508][ T5896] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 796.688125][T12173] EXT4-fs: inline encryption not supported [ 796.820559][T12173] EXT4-fs: Ignoring removed mblk_io_submit option [ 796.876579][ T5896] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 796.990050][T12173] ext4: Unknown parameter 'audit' [ 797.060933][ T5896] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 797.360804][ T5896] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 797.397083][ T5896] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 797.475533][ T5896] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.711888][ T5896] usb 7-1: config 0 descriptor?? [ 797.771113][ T5896] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 797.871643][T12187] loop2: detected capacity change from 0 to 7 [ 798.021164][ T5896] usb 7-1: USB disconnect, device number 9 [ 798.021276][ C1] ldusb 7-1:0.55: usb_submit_urb failed (-19) [ 798.034181][T12165] ldusb 7-1:0.55: Couldn't submit interrupt_out_urb -19 [ 798.069030][T12187] Dev loop2: unable to read RDB block 7 [ 798.085569][T12187] loop2: unable to read partition table [ 798.093927][ T5896] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 798.095808][T12187] loop2: partition table beyond EOD, truncated [ 798.108370][T12187] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 798.126784][ T971] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 798.281018][ T971] usb 3-1: Using ep0 maxpacket: 8 [ 798.299241][ T971] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 798.330952][ T971] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 798.356296][ T971] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 798.394208][ T971] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 798.430849][ T971] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 798.459911][ T971] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 798.490152][ T971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.791074][ T5896] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 799.053871][ T5896] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 799.204455][ T5896] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 799.447182][ T5896] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 799.467535][ T971] usb 3-1: usb_control_msg returned -32 [ 799.480805][ T971] usbtmc 3-1:16.0: can't read capabilities [ 799.523020][ T5896] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 799.544486][ T5896] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 799.572869][ T5896] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 799.584140][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 799.607923][ T5896] usb 5-1: Product: syz [ 799.641216][ T5896] usb 5-1: Manufacturer: syz [ 799.680430][ T5896] cdc_wdm 5-1:1.0: skipping garbage [ 799.690986][ T5896] cdc_wdm 5-1:1.0: skipping garbage [ 799.722074][ T5896] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 799.728056][ T5896] cdc_wdm 5-1:1.0: Unknown control protocol [ 799.912956][ T5896] usb 5-1: USB disconnect, device number 13 [ 800.516570][ T5896] usb 3-1: USB disconnect, device number 19 [ 800.726502][T12223] loop2: detected capacity change from 0 to 64 [ 800.881509][ T30] audit: type=1800 audit(1748969432.781:34): pid=12223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1785" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 801.775265][T12244] overlayfs: missing 'lowerdir' [ 802.551187][T12250] vlan2: entered allmulticast mode [ 804.301289][ T5903] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 804.311593][ T971] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 804.434337][T12285] netlink: 'syz.5.1808': attribute type 39 has an invalid length. [ 804.500976][ T971] usb 3-1: Using ep0 maxpacket: 8 [ 804.506176][ T5903] usb 4-1: Using ep0 maxpacket: 32 [ 804.528175][ T5903] usb 4-1: config 0 interface 0 has no altsetting 0 [ 804.535145][ T971] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 804.553640][ T971] usb 3-1: config 0 has no interface number 0 [ 804.567466][ T5903] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 804.591045][ T971] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 804.604303][ T10] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 804.612503][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.629673][ T971] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 804.640622][ T5903] usb 4-1: Product: syz [ 804.657417][ T5903] usb 4-1: Manufacturer: syz [ 804.662328][ T5903] usb 4-1: SerialNumber: syz [ 804.667249][ T971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 804.696426][ T5903] usb 4-1: config 0 descriptor?? [ 804.717443][ T971] usb 3-1: config 0 descriptor?? [ 804.722580][T12291] [ 804.722594][T12291] ===================================================== [ 804.722610][T12291] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 804.722631][T12291] 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 Not tainted [ 804.722653][T12291] ----------------------------------------------------- [ 804.722666][T12291] syz.0.1809/12291 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 804.722704][T12291] ffff88814bf46da0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x31/0x3e0 [ 804.769648][T12291] [ 804.769648][T12291] and this task is already holding: [ 804.777024][T12291] ffff88805f8fc0c0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 804.785824][T12291] which would create a new lock dependency: [ 804.791721][T12291] (&new->fa_lock){....}-{3:3} -> (&f_owner->lock){....}-{3:3} [ 804.799457][T12291] [ 804.799457][T12291] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 804.808946][T12291] (&dev->event_lock#2){..-.}-{3:3} [ 804.809011][T12291] [ 804.809011][T12291] ... which became SOFTIRQ-irq-safe at: [ 804.821919][T12291] lock_acquire+0x179/0x350 [ 804.826561][T12291] _raw_spin_lock_irqsave+0x3a/0x60 [ 804.831891][T12291] input_inject_event+0x9f/0x390 [ 804.836935][T12291] led_set_brightness+0x217/0x290 [ 804.842099][T12291] led_trigger_event+0xda/0x270 [ 804.847144][T12291] kbd_bh+0x21b/0x300 [ 804.851247][T12291] tasklet_action_common+0x284/0x400 [ 804.856654][T12291] handle_softirqs+0x219/0x8e0 [ 804.861553][T12291] run_ksoftirqd+0x3a/0x60 [ 804.866086][T12291] smpboot_thread_fn+0x3f7/0xae0 [ 804.871158][T12291] kthread+0x3c5/0x780 [ 804.875331][T12291] ret_from_fork+0x5d7/0x6f0 [ 804.880053][T12291] ret_from_fork_asm+0x1a/0x30 [ 804.884936][T12291] [ 804.884936][T12291] to a SOFTIRQ-irq-unsafe lock: [ 804.891962][T12291] (tasklist_lock){.+.+}-{3:3} [ 804.892016][T12291] [ 804.892016][T12291] ... which became SOFTIRQ-irq-unsafe at: [ 804.904652][T12291] ... [ 804.904666][T12291] lock_acquire+0x179/0x350 [ 804.911884][T12291] _raw_read_lock+0x5f/0x70 [ 804.916518][T12291] __do_wait+0x105/0x890 [ 804.920913][T12291] do_wait+0x21e/0x5a0 [ 804.925123][T12291] kernel_wait+0x9f/0x160 [ 804.929582][T12291] call_usermodehelper_exec_work+0xf1/0x170 [ 804.935593][T12291] process_one_work+0x9cf/0x1b70 [ 804.940640][T12291] worker_thread+0x6c8/0xf10 [ 804.945343][T12291] kthread+0x3c5/0x780 [ 804.949522][T12291] ret_from_fork+0x5d7/0x6f0 [ 804.954327][T12291] ret_from_fork_asm+0x1a/0x30 [ 804.959198][T12291] [ 804.959198][T12291] other info that might help us debug this: [ 804.959198][T12291] [ 804.969441][T12291] Chain exists of: [ 804.969441][T12291] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 804.969441][T12291] [ 804.982479][T12291] Possible interrupt unsafe locking scenario: [ 804.982479][T12291] [ 804.990838][T12291] CPU0 CPU1 [ 804.996223][T12291] ---- ---- [ 805.001593][T12291] lock(tasklist_lock); [ 805.005865][T12291] local_irq_disable(); [ 805.012624][T12291] lock(&dev->event_lock#2); [ 805.019866][T12291] lock(&new->fa_lock); [ 805.026663][T12291] [ 805.030123][T12291] lock(&dev->event_lock#2); [ 805.035015][T12291] [ 805.035015][T12291] *** DEADLOCK *** [ 805.035015][T12291] [ 805.043161][T12291] 4 locks held by syz.0.1809/12291: [ 805.048371][T12291] #0: ffff8880307ee180 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xc7b/0x11d0 [ 805.057959][T12291] #1: ffffffff8e3c4e40 (rcu_read_lock){....}-{1:3}, at: sk_send_sigurg+0xf2/0x360 [ 805.067372][T12291] #2: ffffffff8e3c4e40 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 805.076523][T12291] #3: ffff88805f8fc0c0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 805.085765][T12291] [ 805.085765][T12291] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 805.096189][T12291] -> (&dev->event_lock#2){..-.}-{3:3} { [ 805.101989][T12291] IN-SOFTIRQ-W at: [ 805.106163][T12291] lock_acquire+0x179/0x350 [ 805.112724][T12291] _raw_spin_lock_irqsave+0x3a/0x60 [ 805.120012][T12291] input_inject_event+0x9f/0x390 [ 805.126979][T12291] led_set_brightness+0x217/0x290 [ 805.134070][T12291] led_trigger_event+0xda/0x270 [ 805.140953][T12291] kbd_bh+0x21b/0x300 [ 805.146978][T12291] tasklet_action_common+0x284/0x400 [ 805.154479][T12291] handle_softirqs+0x219/0x8e0 [ 805.161284][T12291] run_ksoftirqd+0x3a/0x60 [ 805.167734][T12291] smpboot_thread_fn+0x3f7/0xae0 [ 805.174717][T12291] kthread+0x3c5/0x780 [ 805.180806][T12291] ret_from_fork+0x5d7/0x6f0 [ 805.187468][T12291] ret_from_fork_asm+0x1a/0x30 [ 805.194263][T12291] INITIAL USE at: [ 805.198348][T12291] lock_acquire+0x179/0x350 [ 805.204818][T12291] _raw_spin_lock_irqsave+0x3a/0x60 [ 805.211977][T12291] input_inject_event+0x9f/0x390 [ 805.218850][T12291] led_set_brightness+0x217/0x290 [ 805.225839][T12291] kbd_led_trigger_activate+0xcb/0x110 [ 805.233249][T12291] led_trigger_set+0x59a/0xc50 [ 805.239953][T12291] led_trigger_set_default+0x1bd/0x2a0 [ 805.247356][T12291] led_classdev_register_ext+0x7b8/0xa10 [ 805.254994][T12291] input_leds_connect+0x552/0x8e0 [ 805.261987][T12291] input_attach_handler.isra.0+0x184/0x260 [ 805.269757][T12291] input_register_device+0xa84/0x1130 [ 805.277093][T12291] atkbd_connect+0x5da/0xa20 [ 805.283625][T12291] serio_driver_probe+0x77/0xb0 [ 805.290430][T12291] really_probe+0x241/0xa90 [ 805.296881][T12291] __driver_probe_device+0x1de/0x440 [ 805.304112][T12291] driver_probe_device+0x4c/0x1b0 [ 805.311076][T12291] __driver_attach+0x283/0x580 [ 805.317775][T12291] bus_for_each_dev+0x13e/0x1d0 [ 805.324582][T12291] serio_handle_event+0x247/0xa50 [ 805.331564][T12291] process_one_work+0x9cf/0x1b70 [ 805.338434][T12291] worker_thread+0x6c8/0xf10 [ 805.344957][T12291] kthread+0x3c5/0x780 [ 805.350958][T12291] ret_from_fork+0x5d7/0x6f0 [ 805.357500][T12291] ret_from_fork_asm+0x1a/0x30 [ 805.364202][T12291] } [ 805.366880][T12291] ... key at: [] __key.7+0x0/0x40 [ 805.374188][T12291] -> (&client->buffer_lock){....}-{3:3} { [ 805.380052][T12291] INITIAL USE at: [ 805.384048][T12291] lock_acquire+0x179/0x350 [ 805.390332][T12291] _raw_spin_lock+0x2e/0x40 [ 805.396697][T12291] evdev_pass_values+0x10e/0x9b0 [ 805.403414][T12291] evdev_events+0x1bb/0x390 [ 805.409697][T12291] input_pass_values+0x6c7/0x890 [ 805.416393][T12291] input_handle_event+0xf00/0x14d0 [ 805.423263][T12291] input_inject_event+0x1cd/0x390 [ 805.430070][T12291] evdev_write+0x457/0x750 [ 805.436256][T12291] vfs_write+0x2a0/0x1150 [ 805.442352][T12291] ksys_write+0x1f8/0x250 [ 805.448446][T12291] do_syscall_64+0xcd/0x4c0 [ 805.454709][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.462368][T12291] } [ 805.464958][T12291] ... key at: [] __key.1+0x0/0x40 [ 805.472268][T12291] ... acquired at: [ 805.476163][T12291] _raw_spin_lock+0x2e/0x40 [ 805.480896][T12291] evdev_pass_values+0x10e/0x9b0 [ 805.486059][T12291] evdev_events+0x1bb/0x390 [ 805.490785][T12291] input_pass_values+0x6c7/0x890 [ 805.495950][T12291] input_handle_event+0xf00/0x14d0 [ 805.501345][T12291] input_inject_event+0x1cd/0x390 [ 805.506565][T12291] evdev_write+0x457/0x750 [ 805.511184][T12291] vfs_write+0x2a0/0x1150 [ 805.515714][T12291] ksys_write+0x1f8/0x250 [ 805.520244][T12291] do_syscall_64+0xcd/0x4c0 [ 805.524945][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.531039][T12291] [ 805.533367][T12291] -> (&new->fa_lock){....}-{3:3} { [ 805.538539][T12291] INITIAL USE at: [ 805.542449][T12291] lock_acquire+0x179/0x350 [ 805.548564][T12291] _raw_write_lock_irq+0x36/0x50 [ 805.555121][T12291] fasync_remove_entry+0xb2/0x1e0 [ 805.561761][T12291] fasync_helper+0xaf/0xd0 [ 805.567793][T12291] __tty_fasync+0x1e4/0x300 [ 805.573927][T12291] tty_fasync+0x9e/0xe0 [ 805.579767][T12291] __fput+0x96b/0xb70 [ 805.585449][T12291] task_work_run+0x150/0x240 [ 805.591631][T12291] exit_to_user_mode_loop+0xeb/0x110 [ 805.598626][T12291] do_syscall_64+0x3f6/0x4c0 [ 805.604817][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.612337][T12291] INITIAL READ USE at: [ 805.616685][T12291] lock_acquire+0x179/0x350 [ 805.623231][T12291] _raw_read_lock_irqsave+0x74/0x90 [ 805.630470][T12291] kill_fasync+0x138/0x510 [ 805.636931][T12291] evdev_pass_values+0x619/0x9b0 [ 805.643920][T12291] evdev_events+0x1bb/0x390 [ 805.650471][T12291] input_pass_values+0x6c7/0x890 [ 805.657431][T12291] input_handle_event+0xf00/0x14d0 [ 805.664565][T12291] input_inject_event+0x1cd/0x390 [ 805.671618][T12291] evdev_write+0x457/0x750 [ 805.678075][T12291] vfs_write+0x2a0/0x1150 [ 805.684440][T12291] ksys_write+0x1f8/0x250 [ 805.690814][T12291] do_syscall_64+0xcd/0x4c0 [ 805.697349][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.705358][T12291] } [ 805.707884][T12291] ... key at: [] __key.0+0x0/0x40 [ 805.715232][T12291] ... acquired at: [ 805.719045][T12291] _raw_read_lock_irqsave+0x74/0x90 [ 805.724465][T12291] kill_fasync+0x138/0x510 [ 805.729099][T12291] evdev_pass_values+0x619/0x9b0 [ 805.734258][T12291] evdev_events+0x1bb/0x390 [ 805.738983][T12291] input_pass_values+0x6c7/0x890 [ 805.744130][T12291] input_handle_event+0xf00/0x14d0 [ 805.749441][T12291] input_inject_event+0x1cd/0x390 [ 805.754872][T12291] evdev_write+0x457/0x750 [ 805.759570][T12291] vfs_write+0x2a0/0x1150 [ 805.764104][T12291] ksys_write+0x1f8/0x250 [ 805.768821][T12291] do_syscall_64+0xcd/0x4c0 [ 805.773530][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.779648][T12291] [ 805.781979][T12291] [ 805.781979][T12291] the dependencies between the lock to be acquired [ 805.781997][T12291] and SOFTIRQ-irq-unsafe lock: [ 805.795615][T12291] -> (tasklist_lock){.+.+}-{3:3} { [ 805.800881][T12291] HARDIRQ-ON-R at: [ 805.805051][T12291] lock_acquire+0x179/0x350 [ 805.811430][T12291] _raw_read_lock+0x5f/0x70 [ 805.817895][T12291] __do_wait+0x105/0x890 [ 805.824010][T12291] do_wait+0x21e/0x5a0 [ 805.829943][T12291] kernel_wait+0x9f/0x160 [ 805.836233][T12291] call_usermodehelper_exec_work+0xf1/0x170 [ 805.844018][T12291] process_one_work+0x9cf/0x1b70 [ 805.850810][T12291] worker_thread+0x6c8/0xf10 [ 805.857279][T12291] kthread+0x3c5/0x780 [ 805.863350][T12291] ret_from_fork+0x5d7/0x6f0 [ 805.869814][T12291] ret_from_fork_asm+0x1a/0x30 [ 805.876439][T12291] SOFTIRQ-ON-R at: [ 805.880531][T12291] lock_acquire+0x179/0x350 [ 805.886922][T12291] _raw_read_lock+0x5f/0x70 [ 805.893298][T12291] __do_wait+0x105/0x890 [ 805.899581][T12291] do_wait+0x21e/0x5a0 [ 805.905519][T12291] kernel_wait+0x9f/0x160 [ 805.911720][T12291] call_usermodehelper_exec_work+0xf1/0x170 [ 805.919476][T12291] process_one_work+0x9cf/0x1b70 [ 805.926265][T12291] worker_thread+0x6c8/0xf10 [ 805.932707][T12291] kthread+0x3c5/0x780 [ 805.938619][T12291] ret_from_fork+0x5d7/0x6f0 [ 805.945089][T12291] ret_from_fork_asm+0x1a/0x30 [ 805.951747][T12291] INITIAL USE at: [ 805.955750][T12291] lock_acquire+0x179/0x350 [ 805.962041][T12291] _raw_write_lock_irq+0x36/0x50 [ 805.968800][T12291] copy_process+0x4caf/0x76a0 [ 805.975266][T12291] kernel_clone+0xfc/0x960 [ 805.981466][T12291] user_mode_thread+0xc7/0x110 [ 805.988007][T12291] rest_init+0x23/0x2b0 [ 805.993939][T12291] start_kernel+0x3ee/0x4d0 [ 806.000214][T12291] x86_64_start_reservations+0x18/0x30 [ 806.007449][T12291] x86_64_start_kernel+0x130/0x190 [ 806.014334][T12291] common_startup_64+0x13e/0x148 [ 806.021061][T12291] INITIAL READ USE at: [ 806.025585][T12291] lock_acquire+0x179/0x350 [ 806.032310][T12291] _raw_read_lock+0x5f/0x70 [ 806.039034][T12291] __do_wait+0x105/0x890 [ 806.045492][T12291] do_wait+0x21e/0x5a0 [ 806.051777][T12291] kernel_wait+0x9f/0x160 [ 806.058330][T12291] call_usermodehelper_exec_work+0xf1/0x170 [ 806.066432][T12291] process_one_work+0x9cf/0x1b70 [ 806.073571][T12291] worker_thread+0x6c8/0xf10 [ 806.080361][T12291] kthread+0x3c5/0x780 [ 806.086628][T12291] ret_from_fork+0x5d7/0x6f0 [ 806.093522][T12291] ret_from_fork_asm+0x1a/0x30 [ 806.100487][T12291] } [ 806.103080][T12291] ... key at: [] tasklist_lock+0x18/0x40 [ 806.110936][T12291] ... acquired at: [ 806.114922][T12291] _raw_read_lock+0x5f/0x70 [ 806.119676][T12291] send_sigurg+0xed/0xc80 [ 806.124228][T12291] sk_send_sigurg+0x76/0x360 [ 806.129055][T12291] unix_stream_sendmsg+0xeb3/0x11d0 [ 806.134511][T12291] ____sys_sendmsg+0xa98/0xc70 [ 806.139501][T12291] ___sys_sendmsg+0x134/0x1d0 [ 806.144379][T12291] __sys_sendmmsg+0x200/0x420 [ 806.149254][T12291] __x64_sys_sendmmsg+0x9c/0x100 [ 806.154419][T12291] do_syscall_64+0xcd/0x4c0 [ 806.159144][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.165243][T12291] [ 806.167572][T12291] -> (&f_owner->lock){....}-{3:3} { [ 806.172838][T12291] INITIAL USE at: [ 806.176758][T12291] lock_acquire+0x179/0x350 [ 806.182933][T12291] _raw_write_lock_irq+0x36/0x50 [ 806.189492][T12291] __f_setown+0x61/0x3c0 [ 806.195368][T12291] __tty_fasync+0x1bf/0x300 [ 806.201478][T12291] tty_fasync+0x9e/0xe0 [ 806.207313][T12291] do_fcntl+0xa3d/0x15a0 [ 806.213177][T12291] __x64_sys_fcntl+0x163/0x200 [ 806.219549][T12291] do_syscall_64+0xcd/0x4c0 [ 806.225679][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.233165][T12291] INITIAL READ USE at: [ 806.237507][T12291] lock_acquire+0x179/0x350 [ 806.244060][T12291] _raw_read_lock_irqsave+0x74/0x90 [ 806.251306][T12291] send_sigurg+0x5f/0xc80 [ 806.257775][T12291] sk_send_sigurg+0x76/0x360 [ 806.264426][T12291] unix_stream_sendmsg+0xeb3/0x11d0 [ 806.271683][T12291] ____sys_sendmsg+0xa98/0xc70 [ 806.278518][T12291] ___sys_sendmsg+0x134/0x1d0 [ 806.285220][T12291] __sys_sendmmsg+0x200/0x420 [ 806.291921][T12291] __x64_sys_sendmmsg+0x9c/0x100 [ 806.298880][T12291] do_syscall_64+0xcd/0x4c0 [ 806.305428][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.313358][T12291] } [ 806.315866][T12291] ... key at: [] __key.1+0x0/0x40 [ 806.323028][T12291] ... acquired at: [ 806.326850][T12291] lock_acquire+0x179/0x350 [ 806.331581][T12291] _raw_read_lock_irqsave+0x74/0x90 [ 806.337000][T12291] send_sigio+0x31/0x3e0 [ 806.341462][T12291] kill_fasync+0x214/0x510 [ 806.346100][T12291] sock_wake_async+0xf1/0x160 [ 806.350981][T12291] sk_send_sigurg+0x179/0x360 [ 806.355878][T12291] unix_stream_sendmsg+0xeb3/0x11d0 [ 806.361302][T12291] ____sys_sendmsg+0xa98/0xc70 [ 806.366273][T12291] ___sys_sendmsg+0x134/0x1d0 [ 806.371143][T12291] __sys_sendmmsg+0x200/0x420 [ 806.376067][T12291] __x64_sys_sendmmsg+0x9c/0x100 [ 806.381204][T12291] do_syscall_64+0xcd/0x4c0 [ 806.385920][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.392134][T12291] [ 806.394463][T12291] [ 806.394463][T12291] stack backtrace: [ 806.400360][T12291] CPU: 1 UID: 0 PID: 12291 Comm: syz.0.1809 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 806.400405][T12291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 806.400429][T12291] Call Trace: [ 806.400440][T12291] [ 806.400453][T12291] dump_stack_lvl+0x116/0x1f0 [ 806.400492][T12291] check_irq_usage+0x7dc/0x920 [ 806.400559][T12291] ? check_path.constprop.0+0x24/0x50 [ 806.400617][T12291] ? __lock_acquire+0x1285/0x1c90 [ 806.400672][T12291] __lock_acquire+0x1285/0x1c90 [ 806.400735][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.400779][T12291] ? __lock_acquire+0x1053/0x1c90 [ 806.400846][T12291] lock_acquire+0x179/0x350 [ 806.400903][T12291] ? send_sigio+0x31/0x3e0 [ 806.400962][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.401007][T12291] ? lock_acquire+0x179/0x350 [ 806.401065][T12291] _raw_read_lock_irqsave+0x74/0x90 [ 806.401123][T12291] ? send_sigio+0x31/0x3e0 [ 806.401179][T12291] send_sigio+0x31/0x3e0 [ 806.401235][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.401283][T12291] kill_fasync+0x214/0x510 [ 806.401341][T12291] sock_wake_async+0xf1/0x160 [ 806.401385][T12291] sk_send_sigurg+0x179/0x360 [ 806.401444][T12291] unix_stream_sendmsg+0xeb3/0x11d0 [ 806.401508][T12291] ? aa_sk_perm+0x2f4/0xb10 [ 806.401565][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.401609][T12291] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 806.401669][T12291] ? __pfx_aa_sk_perm+0x10/0x10 [ 806.401724][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.401776][T12291] ____sys_sendmsg+0xa98/0xc70 [ 806.401824][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.401872][T12291] ? copy_msghdr_from_user+0x10a/0x160 [ 806.401907][T12291] ? __pfx_____sys_sendmsg+0x10/0x10 [ 806.401957][T12291] ? find_held_lock+0x2b/0x80 [ 806.402001][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.402049][T12291] ___sys_sendmsg+0x134/0x1d0 [ 806.402083][T12291] ? __pfx____sys_sendmsg+0x10/0x10 [ 806.402130][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.402173][T12291] ? find_held_lock+0x2b/0x80 [ 806.402230][T12291] __sys_sendmmsg+0x200/0x420 [ 806.402269][T12291] ? __pfx___sys_sendmmsg+0x10/0x10 [ 806.402311][T12291] ? __pfx_do_futex+0x10/0x10 [ 806.402363][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.402408][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.402463][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.402506][T12291] ? xfd_validate_state+0x61/0x180 [ 806.402558][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.402607][T12291] __x64_sys_sendmmsg+0x9c/0x100 [ 806.402641][T12291] ? srso_alias_return_thunk+0x5/0xfbef5 [ 806.402685][T12291] ? lockdep_hardirqs_on+0x7c/0x110 [ 806.402719][T12291] do_syscall_64+0xcd/0x4c0 [ 806.402757][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.402795][T12291] RIP: 0033:0x7f983418e969 [ 806.402823][T12291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 806.402864][T12291] RSP: 002b:00007f9834f4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 806.402898][T12291] RAX: ffffffffffffffda RBX: 00007f98343b5fa0 RCX: 00007f983418e969 [ 806.402922][T12291] RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000003 [ 806.402946][T12291] RBP: 00007f9834210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 806.402968][T12291] R10: 00000000000408b1 R11: 0000000000000246 R12: 0000000000000000 [ 806.402990][T12291] R13: 0000000000000000 R14: 00007f98343b5fa0 R15: 00007ffef999f788 [ 806.403024][T12291] [ 806.414262][ T5903] gs_usb 4-1:0.0: Couldn't send data format (err=-110) [ 806.414866][ C1] vkms_vblank_simulate: vblank timer overrun [ 806.424961][ T5903] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -110 [ 806.859650][ T971] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 806.871594][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 806.886382][ T971] usb 3-1: USB disconnect, device number 20 [ 806.893656][ T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 806.905716][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 806.916123][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 806.926958][T12283] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 806.941299][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 807.233716][ T2149] usb 5-1: USB disconnect, device number 14 [ 807.514414][ T971] usb 4-1: USB disconnect, device number 12