last executing test programs: 7m7.922066795s ago: executing program 0 (id=1): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='nilfs2_transaction_transition\x00', r0, 0x0, 0xc0b}, 0x18) syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file2\x00', 0x90, &(0x7f0000003280)=ANY=[], 0x4, 0xd9c, &(0x7f0000001dc0)="$eJzs3ctvXNX9APBzx544L35xiPnFTdPYJaW4j9gkWKW7GildoEqoEn8BSgMNNfQRugAFKWHRbSMh/oAiuu6izyyQIlap2LTqP4BYdZMiJNpGlcCV7XPG429memcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux9ri4OF2l9Patty7emxn/9+qUmVaO2bXH8Ty2lFJqtuZLaTIsb2liPf3sk2uX2tPPc1qlC6lKVWt6evZua94jKaXraTbdTpPpuY9P3nzpg2eW3ztx48TFN+bu7EzrAQBgtNz73rs//fPj3712/D+/ObOUJlrTy/b5Uh4/mrf7l6r18Zy0/gdUbWnVNl4cCPnG89AI+cY65GsvpxnyjXcp/0BYbrNLvoma8sfapnVqNwyzjf/xVWN+03ijMT+//p981YdjB6r5V64sv3B1QBUFtt2nM3kXn8FgGLlh5dig10AA6+Jxw/tcj3sWHkxraeO9lX/36Ubn+WEb7PbnX/nDVf67N6xx2D779dNU2lW+R0fzeDyOMB7m6/f7X5YXj0c0e6xnt+MIw3J8oVs9x3a5HlvVrf7xc7FffSmn5XU4E+Lt35/4ng7Lewx0ds/+f4NhZIeVQa+AgD0rnje3kpV4PK8vxidq4gdr4odq4odr4kdq4jDKfvvqL9PNauN/fvxP3+/+sLKf7aGc/l+f9Yn7I/stP573268HLT+eTwx72ty/Tn/689t/ief/fx7O/z+bf0sn8wqi7C+M+9Vb5/6HC4MbXfI9HKrzUIf8a8+nNuerpjaWk9rWM/fVY3rzfMe65Tu9Od9kyHc4b4scDPWN2yeHw3xl+6OsV8vrNR7a2wztOBDqUd6Z4zk9GNpzvFu7wo7sAyFfMw8nQrumQrseCfP9f2hXNb25XXH/eanPyTA9Hicp+cLbdt/vUnwv4nUZj+b0zZy+k9P3c/pRh3JHUfk8djv/v3w+p1OzeuHK8uUn8nj5nN4Za06sTj+/y/UGHlyv1/9Mp83X/xxtTW822tcLxzamV+3rhckw/UKX6U/m8fJ79sOxQ2vT5y/9ePkH2914GHFXX3v9R88vL1/+mSeeeOJJ68mg10zATlt49eWfLFx97fVzV15+/sXLL15+5fwT3/7Wk089tbiwtlW/0L5tD+wvGz/6g64JAAAAAAAAAAAA0LPqUOfJOa27v225nrxcnx6vj2c4lPetfBrKfQzK9Z/d7utSrt88vgt1ZPvtxuVEg24j0Nk/3P/XYBjZYWXFXfyBvWHQ/f+V+x6W9Oi5vx1fHUq2u09vXl/G+xfCg9jr/c8pf3/1/9fq/6rn9V/oMWtya+X+7t6hv7YVm071Wn5sf7kP7FR/5f8+l19a81jqrfyVX4Xy441Ke/SHUP7hHsu/r/2nt1b+H3P55WWbO9tr+es1rhqb6xH3G5f7AMb9xsWfQvvLvf36bv8WO2q7lcuHUTYs/Uz2a1j6/+ymLLesB/PquXWcrtx/O/Z30G/9y32/y+/AI2H5Vc3vm/4/h1td/5/l87eg/0/Ydz50/M9gGNlhZWVloF2fjGq/K3vFoF//QW9DDrr8Qb/+dWL/n/H/Uuz/M8Zj/58xHvv/jPHYv1aMx/4/4+sZ+/+M8ZNhubF/0Oma+Bdq4qdq4l+siZ+uiV/59f+Oz9bMf6YmPlMTf7gm/mhN/GxN/Cs18cdq4o/XxOdq4vvdl3M6qu2HURb7jfT9h9FRjv90+/5P1cSB4RX7dY7f76/WxIHhVc7z8P2GEVR1vmNH3N9e9uO+mdN3cvp+Tj/asQqyG76W06/n9Bs5/WZOz+V0PqcLOdU35HD7xd9PnblZbZzndyzEez2fNF4PEO8Tc77H+sTjc/2ez3qyx3J2qvwtXg4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQaa4+Li9NVSm/feuviP6e+8/3VKTOtHLNrj+N5bCml1EwpVXl8PCzv+sR6+tkn1y51Sqt0Ye2xjKdn77bmPbI6f5pNt9Nkeu7jkzdf+uCZ5fdO3Dhx8Y25OzvTegAAABgN/w0AAP//Wabmsg==") mkdir(&(0x7f00000000c0)='./control\x00', 0x0) 7m7.195733684s ago: executing program 0 (id=5): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r4, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000140)={0x28, 0x3, r4, 0x0, &(0x7f0000000000/0x1000)=nil, 0x1000, 0x5}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) 7m5.849611153s ago: executing program 0 (id=9): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) socket(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket(0x2a, 0x2, 0x0) getpeername$packet(r1, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) mount$nfs(&(0x7f0000000000)='\x00\x00', &(0x7f0000000040)='./bus\x00', &(0x7f0000000180), 0x2854409, &(0x7f0000000200)=ANY=[@ANYRESDEC=r1, @ANYRESDEC=0xee01, @ANYRESOCT=r2]) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x2e3, &(0x7f0000000280)="$eJzs3M9LG2kYwPEnMYkxoslh2WUXFh92L7uXQbP3paEolAYq1pT+gNJRJ23INJFMsKSU2p56Lf0jehCP3oTWf8BLbz310puXQg/1UDol8yNGjdXGH/HH9wPyvvq8T+Z9Z1Sed2Bm4+bLh+WiYxTNukSTKhERkU2RjEQlFAnaqNdPSLtn8u/g5/d/Xr91+2ounx+fUp3ITf+XVdXhkTePngwEw1b7ZT1zd+NT9uP6r+u/b3ybflBytORopVpXU2eqH+rmjG3pXMkpG6qTtmU6lpYqjlXz41U/XrSr8/MNNStzQ6n5muU4alYaWrYaWq9qvdZQ875ZqqhhGDqUEuynsDQ1Zea6TJ494sngmNRqObNPRAZ2RQpLPZkQAADoqaD+b1X70WZJ3039H+tY/y//tVYfvLEyHNT/q4lm/S/SVv/f2/qsbfV/UkSOvf7fXRGdL6774/ih6n+cEc36PxX8/Xqe31ke9TrU/wAAAAAAAAAAAAAAAAAAAAAAnAWbrpt2XTcdtuFXv4gkvSdI/O97PU8cD67/xbb14o7YsIj9YqGwUPDbYMCaiNhiyaik5av3+xBo9hOi3iBtyshbezHIX1wo9HmRXFFKXv6YpCWzM991J67kx8fUtz0/Lqn2/Kyk5ZfO+dmd+fFmm5B//m7LNyQt72alKrbMBU/GhflPx1QvX8vvOP6ANw4AAAAAgPPA0JbW/r2/PW7sjvv7Yz/e2l93vD/g769HO+7vY/JHrFerBgAAAADgYnEaj8umbVu1c9cJV3jQrPC9xnuMiUhkr9ARdMKDn4JTFz/QGYt2NdWRxE9elI6d8LbRXmNksptPdtMihz2Hv716/eXorsX/K8l9VtptJ7HfSuMn9x8IAAAAwEnZKvrDn1zq7YQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiATuLFcr1eIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBafA8AAP//ohEIjg==") fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_uring_enter(0xffffffffffffffff, 0x627, 0xc1040000, 0x43, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f00000000c0)="510003000000", 0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 7m4.085579596s ago: executing program 0 (id=10): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000000), 0xfc, 0x582, &(0x7f0000000b40)="$eJzs3d9rW+UbAPDnpO3W/fh+28EY6oUUduFkLl1bf0zwYl6J6HCg9zO0WRlNl9GkY60Dtwt3440MQcSB6L33Xg7/Af+KgQ6GjKIX3lROctKFNunSLF2z5vOBs73vOSd9z5P3PG/ek5OQAAbWRPpPLuLliPgmiRhr2jYc2caJ+n5rj2/OpksS6+uf/pVEkq1r7J9k/x/JKi9FxG9fRZzObW23srK6UCiViktZfbK6eG2ysrJ65spiYb44X7w6PTNz7q2Z6Xffebtnsb5+8Z/vP7n/4bmvT65998vDY3eTOB9Hs23NcTyDW82ViZjInpOROL9px6keNNZPkr0+ALoylOX5SKRjwFgMZVnf0vrY8zw0YJd9maY1MKAS+Q8DqjEPaFzb9+g6+IXx6P36BdDW+Ifr743EaO3a6PBaUr8yOljfml7vjveg/bSNX/+8dzddot37EAd70BDAJrduR8TZ4eGt41+SjX/dO9vBPpvbGLTXH9hL99P5zxut5j+5jflPNM9/Mkda5G43np7/uYc9aKatdP73Xsv578ZNq/GhrPa/2pxvJLl8pVRMx7b/R8SpGDmY1qci4oPWN0E+z609WG/XfvP8L13S9htzwew4Hg5vmv/NFaqFZ4+87tHtiFdazn+Tjf5PWvR/+nxc7LCNE8V7r7bb9vT4d9f6TxGvtez/J52ZbH9/crJ2Pkw2zoqt/r5z4vd27W8b/2jPw90i7f/D28c/njTfr63svI0fR/8tttvW7fl/IPmsVj6QrbtRqFaXpiIOJB9vXT/95LGNemP/NP5TJ7cf/1qd/4fSxO4w/jvH7zTvOrqz+HdXGv/cjvp/54UHH33xQ7v2O+v/N2ulU9maTsa/Tg/wWZ47AAAAAAAA6De5iDgaSS6/Uc7l8vn65zuOx+FcqVypnr5cXr46F7Xvyo7HSK5xp3us6fMQU9nnYRv16U31mYg4FhHfDh2q1fOz5dLcXgcPAAAAAAAAAAAAAAAAAAAAfeJIxGir7/+n/hhq/Zg2q4EX0TY/+Q3sc+3zP9vSi196AvqS138YXF3kv/cAYJ/w+g+DS/7D4JL/MLjkPwwu+Q+Dayf5//OFXTwQAAAAAAAAAAAAAAAAAAAAAAAAAAAA2B8uXriQLutrj2/OpvW56yvLC+XrZ+aKlYX84vJsfra8dC0/Xy7Pl4r52fLi0/5eqVy+NjUdyzcmq8VKdbKysnppsbx8tXrpymJhvnipOPJcogIAAAAAAAAAAAAAAAAAAIAXS2VldaFQKhWXFBS6Kgz3x2H0YSHXH4fRZWGvRyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOK/AAAA//92vTrs") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]}) r1 = open(&(0x7f00000000c0)='.\x00', 0xc8000, 0x0) getdents(r1, 0x0, 0x0) 7m1.147248365s ago: executing program 0 (id=17): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) recvfrom$packet(r1, 0x0, 0x0, 0x40, 0x0, 0x0) 6m57.697997655s ago: executing program 0 (id=23): ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file1\x00'}) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000080)=0x9, 0x4) r1 = msgget$private(0x0, 0x40) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240), 0x0, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r3, &(0x7f0000001240)=""/102400, 0x200000, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) msgctl$IPC_RMID(r1, 0x0) close(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2, 0x1010, r2, 0x80000000) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) setns(0xffffffffffffffff, 0x20000000) syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@mb_optimize_scan}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x4}}]}, 0x1, 0x50f, &(0x7f0000000140)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x48241, 0x141) pwrite64(r4, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) 6m56.270509961s ago: executing program 32 (id=23): ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file1\x00'}) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000080)=0x9, 0x4) r1 = msgget$private(0x0, 0x40) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240), 0x0, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r3, &(0x7f0000001240)=""/102400, 0x200000, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) msgctl$IPC_RMID(r1, 0x0) close(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2, 0x1010, r2, 0x80000000) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) setns(0xffffffffffffffff, 0x20000000) syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@mb_optimize_scan}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x4}}]}, 0x1, 0x50f, &(0x7f0000000140)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x48241, 0x141) pwrite64(r4, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) 10.049422574s ago: executing program 4 (id=937): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='tasks\x00', 0x2, 0x0) r2 = getpid() write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x12) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000940), 0x10) listen(r3, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) sendfile(r5, r4, 0x0, 0x9c) 9.564250384s ago: executing program 4 (id=940): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 9.333984593s ago: executing program 4 (id=943): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000b80), r0) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={0x0}, 0x1, 0x0, 0x0, 0x4080}, 0x4000014) 9.055831075s ago: executing program 4 (id=946): syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x2, 0x232, &(0x7f0000000500)="$eJzslbFrFEEUxr+Z3du7BA1YaGFzKQJGMHu7G5U0FrEXhETU8jCTcLrJhcsVSUBIsBHEWvwD7KwtUlnYaWVtoYJgYUobBUdmdvZ2Nrt78bhgk/eDm/vmzbyZN7Nv34IgiFPL1y8/Pz+/ubB8BcAZzKBu7N+dbA635n966dSMfLcx9fjAGmqohgGQMjO6x+zvAXi76AB7ybJSZt6vzb9acxkcM6Z/BxyXjb4LBj+NVWbeAgz3jfnhphycpjthRCzYg268stqJRaCaUDXRaudVLRefiv9wn2HFHFDtwKzxrZ3dR+0Y6CUiFqmoyXSfwlAqkpMBJUM5Mez+dHyLHDesK1DP697TJ/uq7xt7YN1fCI7Q6HkwLBm9gDp832+argit8190s/Wd5LEl7FXHXRSNUSaPL87N5SzTUEJl+HD3iVio055YGH/kkDn1kRdkJqu8XAqOEeGz8U+q4hjdizeLXl5xnYY5qLaIY16Sf9idHbUwOyUuHB68L3p9+29Je/IC5gLtoRfqoj5OxvGtUq/zOct0xSvj4awuCZUpkdQP5gKXrPrkWl+FVn99s7W1szvXWW+viTWxEUXz14OrQXAtaunanLR2uTtS/xq6Pk1a69cqaqXHPGy3+/1euA30e+GgHyWtlUxLb7o/tA/X9Y9j9reU6edFv3jph5Ll92Dmx/W/UrNObgKvCI4gCIIgCIIgCIIgCIIgCKKUX5ZuguHD1KAry3Gj23r4bwAAAP//c8NPrw==") prlimit64(0x0, 0xe, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x8080, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r2, 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0) read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x20) fadvise64(r4, 0xfcff, 0x20000, 0x3) 7.803319357s ago: executing program 3 (id=949): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='tasks\x00', 0x2, 0x0) r2 = getpid() write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x12) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000940), 0x10) r4 = openat$cgroup_ro(r0, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) sendfile(r5, r4, 0x0, 0x9c) 7.315968116s ago: executing program 3 (id=953): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 7.100708464s ago: executing program 4 (id=956): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfd}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x2, 0x7, 0x2, 0x8, 0xfffff5ab, 0x6, 0x4, 0x9, r1}, 0x20) 6.976027984s ago: executing program 3 (id=958): socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c00)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x5c, 0x2, [@TCA_GRED_MAX_P={0x8}, @TCA_GRED_DPS={0x10, 0x3, {0xc, 0x3, 0x1, 0x3}}, @TCA_GRED_LIMIT={0x8, 0x5, 0x10001}, @TCA_GRED_PARMS={0x38, 0x1, {0xa67, 0x7, 0x3, 0xd, 0x0, 0x0, 0x2e, 0x6, 0x58d, 0x4614, 0x1d, 0x18, 0x16, 0x8, 0x80a, 0x7}}]}}]}, 0x8c}}, 0x0) 6.725230835s ago: executing program 4 (id=960): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @multicast2}}, &(0x7f00000002c0)=0x1c, 0x80800) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000001300)='bbr\x00', 0x4) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x30000, 0x1, 0x0, 0x2}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'tunl0\x00'}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x183081, 0x0) close(r5) socket$kcm(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', 0x0, 0x29, 0x1, 0x8, 0xfffff0c1, 0x16, @mcast2, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x20, 0x8, 0xe, 0x9}}) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\a\x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) 5.772383002s ago: executing program 1 (id=962): connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r0) accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100)) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xfffffffc, 0x4, 0x3, 0x0, 0x5}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe8c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000000c0)={0x1, 0x8, 0x0, 'queue0\x00', 0x2}) write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x95ff]}}], 0xffc8) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x10}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8) modify_ldt$read(0x0, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40186f40, &(0x7f0000000440)=0x1f) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x800000008ec0, 0xa) 5.456253498s ago: executing program 1 (id=964): syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x2, 0x232, &(0x7f0000000500)="$eJzslbFrFEEUxr+Z3du7BA1YaGFzKQJGMHu7G5U0FrEXhETU8jCTcLrJhcsVSUBIsBHEWvwD7KwtUlnYaWVtoYJgYUobBUdmdvZ2Nrt78bhgk/eDm/vmzbyZN7Nv34IgiFPL1y8/Pz+/ubB8BcAZzKBu7N+dbA635n966dSMfLcx9fjAGmqohgGQMjO6x+zvAXi76AB7ybJSZt6vzb9acxkcM6Z/BxyXjb4LBj+NVWbeAgz3jfnhphycpjthRCzYg268stqJRaCaUDXRaudVLRefiv9wn2HFHFDtwKzxrZ3dR+0Y6CUiFqmoyXSfwlAqkpMBJUM5Mez+dHyLHDesK1DP697TJ/uq7xt7YN1fCI7Q6HkwLBm9gDp832+argit8190s/Wd5LEl7FXHXRSNUSaPL87N5SzTUEJl+HD3iVio055YGH/kkDn1kRdkJqu8XAqOEeGz8U+q4hjdizeLXl5xnYY5qLaIY16Sf9idHbUwOyUuHB68L3p9+29Je/IC5gLtoRfqoj5OxvGtUq/zOct0xSvj4awuCZUpkdQP5gKXrPrkWl+FVn99s7W1szvXWW+viTWxEUXz14OrQXAtaunanLR2uTtS/xq6Pk1a69cqaqXHPGy3+/1euA30e+GgHyWtlUxLb7o/tA/X9Y9j9reU6edFv3jph5Ll92Dmx/W/UrNObgKvCI4gCIIgCIIgCIIgCIIgCKKUX5ZuguHD1KAry3Gj23r4bwAAAP//c8NPrw==") prlimit64(0x0, 0xe, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x8080, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r2, 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0) read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x20) fadvise64(r4, 0xfcff, 0x20000, 0x3) 4.556045831s ago: executing program 1 (id=966): fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) shmget(0x3, 0x3000, 0x80, &(0x7f0000006000/0x3000)=nil) 4.228219797s ago: executing program 1 (id=969): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) io_uring_setup(0x1d44, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x54}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94) syz_init_net_socket$x25(0x9, 0x5, 0x0) 3.158687214s ago: executing program 1 (id=971): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) r1 = epoll_create1(0x80000) r2 = fsopen(&(0x7f0000000000)='nfsd\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.901523775s ago: executing program 1 (id=973): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 1.846619881s ago: executing program 2 (id=975): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000b80), r0) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4000014) 1.774951526s ago: executing program 2 (id=976): bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000300)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50) 1.544196535s ago: executing program 3 (id=977): fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) shmget(0x3, 0x3000, 0x80, &(0x7f0000006000/0x3000)=nil) 1.380292278s ago: executing program 3 (id=978): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfd}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x2, 0x7, 0x2, 0x8, 0xfffff5ab, 0x6, 0x4, 0x9, r1}, 0x20) 1.380115848s ago: executing program 2 (id=979): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_setup(0x1d44, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) 1.259034518s ago: executing program 3 (id=980): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8085}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xc}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x0, 0x6, 0x9, 0x5, 0xfff, 0x9, 0x7, 0x5}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 348.901322ms ago: executing program 2 (id=981): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) r1 = epoll_create1(0x80000) r2 = fsopen(&(0x7f0000000000)='nfsd\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 138.984009ms ago: executing program 2 (id=982): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) 0s ago: executing program 2 (id=983): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) kernel console output (not intermixed with test programs): file_info: Block with free entry 1 out of range (1, 6). [ 227.789840][ T7256] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 227.899180][ T7256] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 227.914825][ T7256] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.322: bg 0: block 40: padding at end of block bitmap is not set [ 227.930739][ T7256] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 227.946116][ T7256] EXT4-fs (loop2): 1 truncate cleaned up [ 227.962106][ T7256] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 228.014088][ T7256] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 228.433506][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.004396][ T7292] sctp: [Deprecated]: syz.2.331 (pid 7292) Use of struct sctp_assoc_value in delayed_ack socket option. [ 232.004396][ T7292] Use struct sctp_sack_info instead [ 235.282854][ T7317] loop1: detected capacity change from 0 to 32768 [ 235.332483][ T7317] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 235.429451][ T28] audit: type=1326 audit(1754613423.833:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7315 comm="syz.1.340" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5e0038ebe9 code=0x0 [ 236.920174][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 241.034366][ T7358] loop1: detected capacity change from 0 to 32768 [ 241.133573][ T7358] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 241.892736][ T28] audit: type=1326 audit(1754613430.293:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7356 comm="syz.1.352" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5e0038ebe9 code=0x0 [ 242.258124][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 244.602804][ T7397] loop2: detected capacity change from 0 to 32768 [ 244.741852][ T7397] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 244.999526][ T28] audit: type=1326 audit(1754613433.403:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7396 comm="syz.2.364" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 245.288814][ T7405] loop1: detected capacity change from 0 to 16 [ 245.330892][ T7405] erofs: (device loop1): mounted with root inode @ nid 36. [ 245.469885][ T7410] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 245.480836][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 245.490136][ T7410] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 245.501012][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 245.510666][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 245.520923][ T7410] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 245.531892][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 245.541335][ T7410] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 245.552449][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 245.562059][ T7410] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 245.572839][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 245.582459][ T7410] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 245.593463][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 245.602949][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 245.612297][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 245.622449][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 245.632445][ T7410] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 245.643319][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 245.653500][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 245.663355][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 245.673216][ T7410] erofs: (device loop1): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 245.685488][ T7410] syz.1.365: attempt to access beyond end of device [ 245.685488][ T7410] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 245.700705][ T7410] syz.1.365: attempt to access beyond end of device [ 245.700705][ T7410] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 245.715859][ T7410] syz.1.365: attempt to access beyond end of device [ 245.715859][ T7410] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 245.730761][ T7410] syz.1.365: attempt to access beyond end of device [ 245.730761][ T7410] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 246.160331][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 247.961034][ T7429] loop1: detected capacity change from 0 to 512 [ 248.241645][ T7429] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 248.251658][ T7429] EXT4-fs (loop1): orphan cleanup on readonly fs [ 248.297435][ T7429] Quota error (device loop1): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 248.308423][ T7429] EXT4-fs warning (device loop1): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 248.393938][ T7429] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 248.463089][ T7429] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.372: bg 0: block 40: padding at end of block bitmap is not set [ 248.605247][ T7429] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 248.782654][ T7429] EXT4-fs (loop1): 1 truncate cleaned up [ 248.794528][ T7429] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 248.884645][ T7429] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 249.294495][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.918809][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.055108][ T7449] loop3: detected capacity change from 0 to 16 [ 251.136806][ T7449] erofs: (device loop3): mounted with root inode @ nid 36. [ 251.293943][ T7453] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 251.304805][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 251.314171][ T7453] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 251.325170][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 251.334862][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 251.345125][ T7453] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 251.356143][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 251.365644][ T7453] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 251.376667][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 251.386450][ T7453] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 251.397340][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 251.406757][ T7453] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 251.417586][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 251.427428][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 251.436982][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 251.447454][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 251.457835][ T7453] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 251.469096][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 251.479963][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 251.490007][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 251.500049][ T7453] erofs: (device loop3): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 251.511094][ T7453] syz.3.379: attempt to access beyond end of device [ 251.511094][ T7453] loop3: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 251.525646][ T7453] syz.3.379: attempt to access beyond end of device [ 251.525646][ T7453] loop3: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 251.540888][ T7453] syz.3.379: attempt to access beyond end of device [ 251.540888][ T7453] loop3: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 251.555950][ T7453] syz.3.379: attempt to access beyond end of device [ 251.555950][ T7453] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 254.283638][ T7466] loop3: detected capacity change from 0 to 512 [ 254.678281][ T7466] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 254.688095][ T7466] EXT4-fs (loop3): orphan cleanup on readonly fs [ 254.696557][ T7466] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 254.707781][ T7466] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 254.778522][ T7466] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 254.808346][ T7466] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.385: bg 0: block 40: padding at end of block bitmap is not set [ 254.862904][ T7466] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 254.928105][ T7466] EXT4-fs (loop3): 1 truncate cleaned up [ 254.938872][ T7466] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 255.049170][ T7466] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 255.588058][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.908019][ T7481] hub 8-0:1.0: USB hub found [ 255.914220][ T7481] hub 8-0:1.0: 1 port detected [ 256.318827][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.325832][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.638660][ T7487] loop3: detected capacity change from 0 to 1024 [ 256.708662][ T7487] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.763064][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.343480][ T7502] loop2: detected capacity change from 0 to 32768 [ 260.462427][ T7502] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 260.916121][ T28] audit: type=1326 audit(1754613449.313:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.2.395" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 261.374299][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 261.693953][ T7522] hub 8-0:1.0: USB hub found [ 261.823809][ T7522] hub 8-0:1.0: 1 port detected [ 262.461420][ T7526] ubi: mtd0 is already attached to ubi31 [ 262.707881][ T7535] loop3: detected capacity change from 0 to 1024 [ 262.778684][ T7535] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.063355][ T7544] loop4: detected capacity change from 0 to 128 [ 264.074546][ T7544] FAT-fs (loop4): Directory bread(block 414) failed [ 264.081350][ T7544] FAT-fs (loop4): Directory bread(block 415) failed [ 264.088819][ T7544] FAT-fs (loop4): Directory bread(block 416) failed [ 264.095505][ T7544] FAT-fs (loop4): Directory bread(block 417) failed [ 264.102271][ T7544] FAT-fs (loop4): Directory bread(block 418) failed [ 264.109102][ T7544] FAT-fs (loop4): Directory bread(block 419) failed [ 264.115755][ T7544] FAT-fs (loop4): Directory bread(block 420) failed [ 264.122629][ T7544] FAT-fs (loop4): Directory bread(block 421) failed [ 264.616809][ T2129] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 264.698052][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.826506][ T2129] usb 3-1: Using ep0 maxpacket: 16 [ 264.880116][ T2129] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 264.893509][ T2129] usb 3-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00 [ 264.902968][ T2129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.988076][ T2129] usb 3-1: config 0 descriptor?? [ 265.009929][ T2129] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 265.374980][ T7554] befs: (nbd3): No write support. Marking filesystem read-only [ 265.383666][ T7554] syz.3.411: attempt to access beyond end of device [ 265.383666][ T7554] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 265.396927][ T7554] befs: (nbd3): unable to read superblock [ 267.191824][ T7549] loop4: detected capacity change from 0 to 32768 [ 267.216582][ T8] usb 3-1: USB disconnect, device number 6 [ 267.295596][ T7549] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 268.046619][ T28] audit: type=1326 audit(1754613456.323:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7548 comm="syz.4.410" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f2298ebe9 code=0x0 [ 268.166656][ T5983] ocfs2: Unmounting device (7,4) on (node local) [ 268.545687][ T7577] loop3: detected capacity change from 0 to 512 [ 268.659565][ T7577] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 268.669351][ T7577] EXT4-fs (loop3): orphan cleanup on readonly fs [ 268.706969][ T7577] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 268.718255][ T7577] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 268.810029][ T7577] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 268.836347][ T7577] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.417: bg 0: block 40: padding at end of block bitmap is not set [ 268.935866][ T7577] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 269.086549][ T7577] EXT4-fs (loop3): 1 truncate cleaned up [ 269.122027][ T7577] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 269.178142][ T7577] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 269.613918][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.801601][ T7584] loop4: detected capacity change from 0 to 16 [ 269.828815][ T7584] erofs: (device loop4): mounted with root inode @ nid 36. [ 269.882304][ T7586] loop3: detected capacity change from 0 to 1024 [ 270.030130][ T7589] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 270.041649][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 270.051159][ T7589] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 270.062455][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 270.072184][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 270.082118][ T7589] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 270.094775][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 270.104628][ T7589] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 270.115560][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 270.125291][ T7589] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 270.136280][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 270.145575][ T7589] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 270.156400][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 270.165997][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 270.175474][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 270.185418][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 270.195612][ T7589] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 270.208303][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 270.218762][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 270.228705][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 270.238910][ T7589] erofs: (device loop4): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 270.250401][ T7589] syz.4.415: attempt to access beyond end of device [ 270.250401][ T7589] loop4: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 270.264802][ T7589] syz.4.415: attempt to access beyond end of device [ 270.264802][ T7589] loop4: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 270.279898][ T7589] syz.4.415: attempt to access beyond end of device [ 270.279898][ T7589] loop4: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 270.295044][ T7589] syz.4.415: attempt to access beyond end of device [ 270.295044][ T7589] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 270.679893][ T7586] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.044420][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.436313][ T5853] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 272.436410][ T5853] usb 2-1: Using ep0 maxpacket: 16 [ 272.457634][ T5853] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 272.513203][ T5853] usb 2-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00 [ 272.564608][ T5853] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.641791][ T5853] usb 2-1: config 0 descriptor?? [ 272.660992][ T5853] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 272.696593][ T7603] loop3: detected capacity change from 0 to 128 [ 272.727260][ T7603] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 272.794654][ T7603] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 274.552327][ T786] usb 2-1: USB disconnect, device number 3 [ 274.658266][ T7618] loop4: detected capacity change from 0 to 16 [ 274.748117][ T7618] erofs: (device loop4): mounted with root inode @ nid 36. [ 274.978192][ T7624] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 274.989102][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 274.998411][ T7624] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 275.009651][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 275.019451][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 275.029584][ T7624] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 275.040776][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 275.050314][ T7624] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 275.061626][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 275.071824][ T7624] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 275.082781][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 275.092294][ T7624] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 275.103380][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 275.113168][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 275.122789][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 275.133044][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 275.143335][ T7624] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 275.154443][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 275.165816][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 275.176470][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 275.187303][ T7624] erofs: (device loop4): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 275.198828][ T7624] syz.4.428: attempt to access beyond end of device [ 275.198828][ T7624] loop4: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 275.213381][ T7624] syz.4.428: attempt to access beyond end of device [ 275.213381][ T7624] loop4: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 275.228523][ T7624] syz.4.428: attempt to access beyond end of device [ 275.228523][ T7624] loop4: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 275.244007][ T7624] syz.4.428: attempt to access beyond end of device [ 275.244007][ T7624] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 275.760879][ T7626] loop4: detected capacity change from 0 to 1024 [ 275.863117][ T7626] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 276.067245][ T7623] loop3: detected capacity change from 0 to 32768 [ 276.105820][ T7609] loop2: detected capacity change from 0 to 32768 [ 276.134627][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.153210][ T7623] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 276.189372][ T7609] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 276.357559][ T7609] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 276.621010][ T28] audit: type=1326 audit(1754613465.023:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7622 comm="syz.3.431" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f8578ebe9 code=0x0 [ 277.053856][ T28] audit: type=1326 audit(1754613465.453:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7608 comm="syz.2.425" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 277.102453][ T5785] ocfs2: Unmounting device (7,3) on (node local) [ 277.393636][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 278.368282][ T7647] tmpfs: Unknown parameter 'grpq' [ 280.034103][ T7658] loop3: detected capacity change from 0 to 128 [ 280.084739][ T7658] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 280.145899][ T7658] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 280.157100][ T7662] loop2: detected capacity change from 0 to 16 [ 280.187572][ T7662] erofs: (device loop2): mounted with root inode @ nid 36. [ 280.299372][ T7663] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 280.310142][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 280.319547][ T7663] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 280.330528][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 280.340786][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 280.351214][ T7663] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 280.362349][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 280.372364][ T7663] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 280.385359][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 280.395622][ T7663] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 280.406470][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 280.417260][ T7663] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 280.429918][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 280.444538][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 280.454460][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 280.464457][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 280.475186][ T7663] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 280.487566][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 280.498015][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 280.508209][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 280.518542][ T7663] erofs: (device loop2): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 280.529894][ T7663] syz.2.441: attempt to access beyond end of device [ 280.529894][ T7663] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 280.544439][ T7663] syz.2.441: attempt to access beyond end of device [ 280.544439][ T7663] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 280.560006][ T7663] syz.2.441: attempt to access beyond end of device [ 280.560006][ T7663] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 280.575281][ T7663] syz.2.441: attempt to access beyond end of device [ 280.575281][ T7663] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 281.202213][ T7668] sctp: [Deprecated]: syz.3.443 (pid 7668) Use of struct sctp_assoc_value in delayed_ack socket option. [ 281.202213][ T7668] Use struct sctp_sack_info instead [ 282.360532][ T7677] tmpfs: Unknown parameter 'grpq' [ 283.918246][ T7691] ubi: mtd0 is already attached to ubi31 [ 286.289304][ T7704] sctp: [Deprecated]: syz.3.454 (pid 7704) Use of struct sctp_assoc_value in delayed_ack socket option. [ 286.289304][ T7704] Use struct sctp_sack_info instead [ 291.164509][ T7736] sctp: [Deprecated]: syz.1.463 (pid 7736) Use of struct sctp_assoc_value in delayed_ack socket option. [ 291.164509][ T7736] Use struct sctp_sack_info instead [ 292.722855][ T7745] loop2: detected capacity change from 0 to 32768 [ 292.885507][ T7745] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 292.995503][ T28] audit: type=1326 audit(1754613481.383:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7742 comm="syz.2.465" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 293.270813][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 297.630371][ T7779] tmpfs: Unknown parameter 'grpquo' [ 298.511609][ T7778] loop2: detected capacity change from 0 to 131072 [ 298.545127][ T7778] F2FS-fs (loop2): invalid crc value [ 298.572757][ T7778] F2FS-fs (loop2): Found nat_bits in checkpoint [ 298.687702][ T7778] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 298.702105][ T7786] sctp: [Deprecated]: syz.4.476 (pid 7786) Use of struct sctp_assoc_value in delayed_ack socket option. [ 298.702105][ T7786] Use struct sctp_sack_info instead [ 299.354759][ T7778] F2FS-fs (loop2): Corrupted max_depth of 3: 16842753 [ 303.658388][ T7808] tmpfs: Unknown parameter 'grpquo' [ 307.049428][ T7835] loop1: detected capacity change from 0 to 16 [ 307.242746][ T7835] erofs: (device loop1): mounted with root inode @ nid 36. [ 308.202324][ T7839] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 308.213713][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 308.223335][ T7839] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 308.234263][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 308.243920][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 308.253776][ T7839] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 308.264961][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 308.274412][ T7839] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 308.286625][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 308.296869][ T7839] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 308.307841][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 308.317259][ T7839] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 308.328332][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 308.338221][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 308.348432][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 308.417693][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 308.428011][ T7839] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 308.439264][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 308.449183][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 308.460376][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 308.471144][ T7839] erofs: (device loop1): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 308.481519][ T7839] syz.1.490: attempt to access beyond end of device [ 308.481519][ T7839] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 308.495828][ T7839] syz.1.490: attempt to access beyond end of device [ 308.495828][ T7839] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 308.511518][ T7839] syz.1.490: attempt to access beyond end of device [ 308.511518][ T7839] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 308.528391][ T7839] syz.1.490: attempt to access beyond end of device [ 308.528391][ T7839] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 308.859868][ T7843] tmpfs: Unknown parameter 'grpquot' [ 310.230094][ T7858] loop1: detected capacity change from 0 to 1024 [ 312.871966][ T7873] loop1: detected capacity change from 0 to 16 [ 312.890769][ T7873] erofs: (device loop1): mounted with root inode @ nid 36. [ 313.081497][ T7874] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 313.092710][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 313.102244][ T7874] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 313.114444][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 313.124004][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 313.135364][ T7874] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 313.147695][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 313.157685][ T7874] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 313.168760][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 313.178307][ T7874] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 313.189260][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 313.199066][ T7874] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 313.210327][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 313.220101][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 313.229563][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 313.240389][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 313.250972][ T7874] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 313.262681][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 313.273789][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 313.283715][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 313.293697][ T7874] erofs: (device loop1): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 313.304969][ T7874] syz.1.503: attempt to access beyond end of device [ 313.304969][ T7874] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 313.320933][ T7874] syz.1.503: attempt to access beyond end of device [ 313.320933][ T7874] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 313.336241][ T7874] syz.1.503: attempt to access beyond end of device [ 313.336241][ T7874] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 313.351958][ T7874] syz.1.503: attempt to access beyond end of device [ 313.351958][ T7874] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 313.834437][ T7876] sp0: Synchronizing with TNC [ 314.744298][ T7875] [U] è` [ 315.115253][ T7880] tmpfs: Unknown parameter 'grpquot' [ 316.127314][ T7888] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 316.136044][ T7888] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 316.153283][ T7888] vhci_hcd vhci_hcd.0: Device attached [ 316.170806][ T7889] vhci_hcd: connection closed [ 316.181759][ T1120] vhci_hcd: stop threads [ 316.192116][ T7893] loop4: detected capacity change from 0 to 1024 [ 316.206382][ T7893] EXT4-fs: Ignoring removed bh option [ 316.217059][ T1120] vhci_hcd: release socket [ 316.221659][ T1120] vhci_hcd: disconnect device [ 316.238939][ T7893] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 316.313469][ T7893] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 316.438577][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.435739][ T7902] ubi: mtd0 is already attached to ubi31 [ 317.868064][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.874716][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.199743][ T7921] tmpfs: Unknown parameter 'grpquot' [ 321.393801][ T7929] loop4: detected capacity change from 0 to 512 [ 321.645586][ T7936] hub 8-0:1.0: USB hub found [ 321.708230][ T7936] hub 8-0:1.0: 1 port detected [ 322.596831][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 322.624518][ T7948] ubi: mtd0 is already attached to ubi31 [ 323.466526][ T5870] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 324.845872][ T5870] usb 5-1: Using ep0 maxpacket: 16 [ 324.867918][ T5870] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 324.946320][ T5870] usb 5-1: config 0 has no interface number 0 [ 324.977217][ T5870] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 324.996715][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.041868][ T5870] usb 5-1: Product: syz [ 325.056418][ T5870] usb 5-1: Manufacturer: syz [ 325.061193][ T5870] usb 5-1: SerialNumber: syz [ 325.085717][ T5870] usb 5-1: config 0 descriptor?? [ 325.119625][ T5870] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 327.447383][ T5870] gspca_spca1528: reg_w err -110 [ 327.966483][ T5870] spca1528: probe of 5-1:0.1 failed with error -110 [ 328.050494][ T7967] netlink: 44 bytes leftover after parsing attributes in process `syz.4.524'. [ 328.059706][ T7967] netlink: 28 bytes leftover after parsing attributes in process `syz.4.524'. [ 329.219337][ T7972] loop3: detected capacity change from 0 to 131072 [ 329.261996][ T7972] F2FS-fs (loop3): invalid crc value [ 329.547297][ T8] usb 5-1: USB disconnect, device number 4 [ 329.610879][ T7972] F2FS-fs (loop3): Found nat_bits in checkpoint [ 329.656926][ T7972] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 329.776901][ T7972] F2FS-fs (loop3): Corrupted max_depth of 3: 16842753 [ 330.875158][ T7992] loop4: detected capacity change from 0 to 1024 [ 331.009722][ T7992] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 331.242357][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 331.626317][ T786] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 331.736466][ T6524] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 331.816414][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 331.830606][ T786] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 331.849556][ T786] usb 3-1: config 0 has no interface number 0 [ 331.861122][ T786] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 331.873667][ T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.891735][ T786] usb 3-1: Product: syz [ 331.896536][ T786] usb 3-1: Manufacturer: syz [ 331.902202][ T786] usb 3-1: SerialNumber: syz [ 331.915240][ T786] usb 3-1: config 0 descriptor?? [ 331.936012][ T786] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 331.948838][ T6524] usb 5-1: Using ep0 maxpacket: 8 [ 331.966492][ T6524] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 331.975071][ T6524] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 331.991092][ T6524] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 332.002329][ T6524] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 332.017196][ T6524] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 332.033913][ T6524] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 332.045001][ T6524] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.306662][ T6524] usb 5-1: usb_control_msg returned -32 [ 332.312773][ T6524] usbtmc 5-1:16.0: can't read capabilities [ 332.507989][ T8007] netlink: 44 bytes leftover after parsing attributes in process `syz.2.544'. [ 332.517769][ T8007] netlink: 28 bytes leftover after parsing attributes in process `syz.2.544'. [ 332.837854][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.927288][ T786] gspca_spca1528: reg_w err -110 [ 332.966678][ T786] spca1528: probe of 3-1:0.1 failed with error -110 [ 334.837339][ T23] usb 3-1: USB disconnect, device number 7 [ 334.849169][ T786] usb 5-1: USB disconnect, device number 5 [ 334.916497][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 337.204008][ T8032] loop4: detected capacity change from 0 to 1024 [ 337.289004][ T8032] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.441379][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.956461][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 341.937489][ T8047] loop1: detected capacity change from 0 to 131072 [ 341.971551][ T8047] F2FS-fs (loop1): invalid crc value [ 342.655874][ T8045] loop3: detected capacity change from 0 to 262144 [ 342.733016][ T8045] F2FS-fs (loop3): invalid crc value [ 342.762454][ T8045] F2FS-fs (loop3): Found nat_bits in checkpoint [ 342.803881][ T8045] F2FS-fs (loop3): Start checkpoint disabled! [ 342.815402][ T8047] F2FS-fs (loop1): Found nat_bits in checkpoint [ 342.836463][ T8045] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 342.935513][ T8047] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 343.434107][ T8063] loop2: detected capacity change from 0 to 1024 [ 343.533969][ T8063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.566372][ T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 343.772826][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 343.826460][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 343.844257][ T8] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 343.866347][ T8] usb 4-1: config 0 has no interface number 0 [ 343.924332][ T8] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 343.933762][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.965076][ T8] usb 4-1: Product: syz [ 343.985176][ T8] usb 4-1: Manufacturer: syz [ 343.992298][ T8] usb 4-1: SerialNumber: syz [ 344.012639][ T8] usb 4-1: config 0 descriptor?? [ 344.033136][ T8] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 346.316742][ T8] gspca_spca1528: reg_w err -110 [ 346.352639][ T8] spca1528: probe of 4-1:0.1 failed with error -110 [ 346.459209][ T8] usb 4-1: USB disconnect, device number 4 [ 347.073269][ T8085] netlink: 36 bytes leftover after parsing attributes in process `syz.3.566'. [ 347.886542][ T8087] loop3: detected capacity change from 0 to 16 [ 347.960366][ T8087] erofs: (device loop3): mounted with root inode @ nid 36. [ 348.110191][ T8088] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 348.121047][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 348.130320][ T8088] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 348.141110][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 348.150687][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 348.160927][ T8088] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 348.171663][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 348.180980][ T8088] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 348.191788][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 348.212843][ T8088] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 348.223714][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 348.233000][ T8088] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 348.243649][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 348.253022][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 348.262807][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 348.272679][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 348.282674][ T8088] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 348.293512][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 348.303802][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 348.313292][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 348.323119][ T8088] erofs: (device loop3): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 348.333787][ T8088] syz.3.567: attempt to access beyond end of device [ 348.333787][ T8088] loop3: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 348.348336][ T8088] syz.3.567: attempt to access beyond end of device [ 348.348336][ T8088] loop3: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 348.363650][ T8088] syz.3.567: attempt to access beyond end of device [ 348.363650][ T8088] loop3: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 348.378422][ T8088] syz.3.567: attempt to access beyond end of device [ 348.378422][ T8088] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 351.852214][ T8093] loop3: detected capacity change from 0 to 262144 [ 351.915828][ T8093] F2FS-fs (loop3): invalid crc value [ 351.932889][ T8093] F2FS-fs (loop3): Found nat_bits in checkpoint [ 351.974446][ T8093] F2FS-fs (loop3): Start checkpoint disabled! [ 351.984362][ T8093] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 352.322326][ T786] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 352.699364][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 352.966243][ T786] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 352.974598][ T786] usb 3-1: config 0 has no interface number 0 [ 352.982616][ T28] audit: type=1326 audit(1754613540.933:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.3.570" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f8578ebe9 code=0x0 [ 353.026988][ T786] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 353.055294][ T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.116329][ T786] usb 3-1: Product: syz [ 353.120575][ T786] usb 3-1: Manufacturer: syz [ 353.132471][ T786] usb 3-1: SerialNumber: syz [ 353.152156][ T786] usb 3-1: config 0 descriptor?? [ 353.169494][ T786] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 354.018452][ T786] gspca_spca1528: reg_w err -110 [ 354.126358][ T786] spca1528: probe of 3-1:0.1 failed with error -110 [ 354.229954][ T8110] netlink: 44 bytes leftover after parsing attributes in process `syz.2.569'. [ 354.247939][ T8110] netlink: 28 bytes leftover after parsing attributes in process `syz.2.569'. [ 354.792059][ T23] usb 3-1: USB disconnect, device number 8 [ 356.927191][ T8123] netlink: 16 bytes leftover after parsing attributes in process `syz.3.575'. [ 360.313922][ T8129] loop3: detected capacity change from 0 to 262144 [ 360.337839][ T8129] F2FS-fs (loop3): invalid crc value [ 360.559419][ T8130] loop2: detected capacity change from 0 to 32768 [ 360.630509][ T8129] F2FS-fs (loop3): Found nat_bits in checkpoint [ 360.682539][ T8129] F2FS-fs (loop3): Start checkpoint disabled! [ 360.690921][ T8129] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 360.770549][ T8130] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 360.891068][ T28] audit: type=1326 audit(1754613549.283:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8127 comm="syz.2.579" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 361.737016][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 366.921403][ T8159] netlink: 16 bytes leftover after parsing attributes in process `syz.1.586'. [ 369.346468][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 369.473183][ T8172] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 369.553507][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 369.561653][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 369.577011][ T9] usb 2-1: config 0 has no interface number 0 [ 369.597872][ T9] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 369.617480][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.634559][ T9] usb 2-1: Product: syz [ 369.641968][ T9] usb 2-1: Manufacturer: syz [ 369.647228][ T9] usb 2-1: SerialNumber: syz [ 369.670950][ T9] usb 2-1: config 0 descriptor?? [ 369.690080][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 369.864878][ T8163] loop2: detected capacity change from 0 to 40427 [ 369.904684][ T8163] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff [ 369.948519][ T8163] F2FS-fs (loop2): Image doesn't support compression [ 369.974305][ T8163] F2FS-fs (loop2): Image doesn't support compression [ 370.008739][ T8163] F2FS-fs (loop2): invalid crc value [ 370.042848][ T8163] F2FS-fs (loop2): Found nat_bits in checkpoint [ 370.286530][ T8180] netlink: 44 bytes leftover after parsing attributes in process `syz.1.589'. [ 370.301526][ T8180] netlink: 28 bytes leftover after parsing attributes in process `syz.1.589'. [ 370.362941][ T8170] loop4: detected capacity change from 0 to 32768 [ 370.498355][ T9] gspca_spca1528: reg_w err -110 [ 370.577813][ T9] spca1528: probe of 2-1:0.1 failed with error -110 [ 370.693156][ T8163] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 370.875987][ T8170] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 370.885818][ T5799] usb 2-1: USB disconnect, device number 4 [ 370.941241][ T28] audit: type=1800 audit(1754613559.343:26): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.585" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 371.220209][ T5790] syz-executor: attempt to access beyond end of device [ 371.220209][ T5790] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 371.400158][ T5790] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 371.970819][ T8170] (syz.4.590,8170,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 372.081099][ T8170] syz.4.590 (8170) used greatest stack depth: 18736 bytes left [ 372.226959][ T5983] ocfs2: Unmounting device (7,4) on (node local) [ 372.273660][ T8189] loop1: detected capacity change from 0 to 4096 [ 372.298143][ T8189] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 372.577454][ T8193] netlink: 16 bytes leftover after parsing attributes in process `syz.3.595'. [ 375.982843][ T8214] loop2: detected capacity change from 0 to 256 [ 375.990054][ T8214] exfat: Deprecated parameter 'namecase' [ 375.995755][ T8214] exfat: Deprecated parameter 'utf8' [ 376.001215][ T8214] exfat: Unknown parameter 'gÈd' [ 376.266783][ T5794] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 377.596358][ T23] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 378.526257][ T23] usb 5-1: Using ep0 maxpacket: 16 [ 378.534438][ T23] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 378.542831][ T23] usb 5-1: config 0 has no interface number 0 [ 378.558802][ T23] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 378.568177][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.576571][ T23] usb 5-1: Product: syz [ 378.581195][ T23] usb 5-1: Manufacturer: syz [ 378.585952][ T23] usb 5-1: SerialNumber: syz [ 378.600488][ T23] usb 5-1: config 0 descriptor?? [ 378.619836][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 378.921061][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.927776][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.544386][ T8231] Can't find ip_set type [ 379.683164][ T23] gspca_spca1528: reg_w err -110 [ 379.739534][ T8233] netlink: 44 bytes leftover after parsing attributes in process `syz.4.602'. [ 379.749012][ T8233] netlink: 28 bytes leftover after parsing attributes in process `syz.4.602'. [ 380.226327][ T23] spca1528: probe of 5-1:0.1 failed with error -110 [ 380.258531][ T23] usb 5-1: USB disconnect, device number 6 [ 385.695786][ T8270] Can't find ip_set type [ 386.148642][ T8278] hub 8-0:1.0: USB hub found [ 386.493305][ T8278] hub 8-0:1.0: 1 port detected [ 386.576322][ T1201] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 386.864402][ T1201] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 387.040663][ T1201] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 387.141395][ T1201] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 387.174927][ T1201] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.212791][ T1201] usb 4-1: config 0 descriptor?? [ 389.156765][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 389.486338][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 389.735021][ T1201] uclogic 0003:256C:006D.0002: interface is invalid, ignoring [ 389.868895][ T8308] syz.1.624: attempt to access beyond end of device [ 389.868895][ T8308] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 389.883309][ T8308] EXT4-fs (nbd1): unable to read superblock [ 389.971565][ T8307] loop4: detected capacity change from 0 to 512 [ 390.130605][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 390.221208][ T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 390.329412][ T9] usb 3-1: config 0 has no interface number 0 [ 390.726403][ T1201] usb 4-1: USB disconnect, device number 5 [ 390.773358][ T9] usb 3-1: string descriptor 0 read error: -71 [ 390.935211][ T9] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 390.976896][ T8307] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 390.986496][ T8307] EXT4-fs (loop4): orphan cleanup on readonly fs [ 390.996432][ T8307] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 391.007330][ T8307] EXT4-fs warning (device loop4): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 391.074441][ T8307] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 391.099406][ T8307] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.625: bg 0: block 40: padding at end of block bitmap is not set [ 391.153081][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.193036][ T8307] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 391.259989][ T8307] EXT4-fs (loop4): 1 truncate cleaned up [ 391.277490][ T8307] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 391.391161][ T8307] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 391.448361][ T9] usb 3-1: config 0 descriptor?? [ 391.528324][ T9] usb 3-1: can't set config #0, error -71 [ 391.664403][ T9] usb 3-1: USB disconnect, device number 9 [ 391.763604][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 392.590822][ T8320] hub 8-0:1.0: USB hub found [ 392.595936][ T8320] hub 8-0:1.0: 1 port detected [ 393.229604][ T5788] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 393.436732][ T8330] loop4: detected capacity change from 0 to 512 [ 393.544759][ T8330] EXT4-fs: Ignoring removed nomblk_io_submit option [ 393.623047][ T8330] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 393.666292][ T8330] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 393.745777][ T8330] EXT4-fs (loop4): 1 truncate cleaned up [ 393.822076][ T8330] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 393.840946][ T8336] loop2: detected capacity change from 0 to 16 [ 393.871044][ T8336] erofs: (device loop2): mounted with root inode @ nid 36. [ 394.060752][ T8337] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 394.113416][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 394.125828][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 394.135428][ T8337] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 394.147330][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 394.157568][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 394.167788][ T8337] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 394.178726][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 394.188633][ T8337] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 394.204469][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 394.219225][ T8337] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 394.231608][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 394.243388][ T8337] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 394.256324][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 394.270823][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 394.284579][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 394.306270][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 394.856862][ T8337] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 394.873552][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 394.916724][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 394.979261][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 395.002155][ T8337] erofs: (device loop2): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 395.046786][ T8337] syz.2.633: attempt to access beyond end of device [ 395.046786][ T8337] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 395.067255][ T8337] syz.2.633: attempt to access beyond end of device [ 395.067255][ T8337] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 395.107087][ T8337] syz.2.633: attempt to access beyond end of device [ 395.107087][ T8337] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 395.149734][ T8344] loop4: detected capacity change from 0 to 128 [ 395.167255][ T8344] FAT-fs (loop4): Directory bread(block 414) failed [ 395.173953][ T8344] FAT-fs (loop4): Directory bread(block 415) failed [ 395.180790][ T8344] FAT-fs (loop4): Directory bread(block 416) failed [ 395.187643][ T8344] FAT-fs (loop4): Directory bread(block 417) failed [ 395.194378][ T8344] FAT-fs (loop4): Directory bread(block 418) failed [ 395.201181][ T8344] FAT-fs (loop4): Directory bread(block 419) failed [ 395.207860][ T8344] FAT-fs (loop4): Directory bread(block 420) failed [ 395.214502][ T8344] FAT-fs (loop4): Directory bread(block 421) failed [ 395.239654][ T8344] FAT-fs (loop4): Directory bread(block 414) failed [ 395.246858][ T8344] FAT-fs (loop4): Directory bread(block 415) failed [ 395.255597][ T8344] syz.4.635: attempt to access beyond end of device [ 395.255597][ T8344] loop4: rw=3, sector=478, nr_sectors = 2 limit=128 [ 395.269437][ T8344] syz.4.635: attempt to access beyond end of device [ 395.269437][ T8344] loop4: rw=2051, sector=480, nr_sectors = 6 limit=128 [ 395.286366][ T8337] syz.2.633: attempt to access beyond end of device [ 395.286366][ T8337] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 395.309809][ T8344] syz.4.635: attempt to access beyond end of device [ 395.309809][ T8344] loop4: rw=3, sector=486, nr_sectors = 2 limit=128 [ 395.323345][ T8344] syz.4.635: attempt to access beyond end of device [ 395.323345][ T8344] loop4: rw=2051, sector=488, nr_sectors = 6 limit=128 [ 396.441590][ T8355] loop2: detected capacity change from 0 to 512 [ 396.789872][ T8355] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 396.800873][ T8355] EXT4-fs (loop2): orphan cleanup on readonly fs [ 396.810774][ T8355] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 396.821817][ T8355] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 396.876074][ T8355] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 397.238964][ T5788] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 397.248397][ T5788] Bluetooth: hci3: Injecting HCI hardware error event [ 397.259782][ T5788] Bluetooth: hci3: hardware error 0x00 [ 397.272719][ T8355] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.637: bg 0: block 40: padding at end of block bitmap is not set [ 397.630906][ T8355] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 398.019387][ T8355] EXT4-fs (loop2): 1 truncate cleaned up [ 398.038557][ T8355] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 399.843582][ T8355] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 401.165754][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.796522][ T5788] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 402.180739][ T8378] loop4: detected capacity change from 0 to 256 [ 402.218357][ T8376] loop3: detected capacity change from 0 to 16 [ 402.255025][ T8376] erofs: (device loop3): mounted with root inode @ nid 36. [ 402.326864][ T8378] FAT-fs (loop4): Directory bread(block 64) failed [ 402.333680][ T8378] FAT-fs (loop4): Directory bread(block 65) failed [ 403.863368][ T8374] loop2: detected capacity change from 0 to 262144 [ 403.923481][ T8374] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by syz.2.644 (8374) [ 403.966829][ T8378] FAT-fs (loop4): Directory bread(block 66) failed [ 403.974686][ T8378] FAT-fs (loop4): Directory bread(block 67) failed [ 404.005681][ T8374] BTRFS info (device loop2): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 404.017017][ T8374] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 404.026603][ T8374] BTRFS info (device loop2): using free space tree [ 404.170954][ T8381] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 404.195221][ T8378] FAT-fs (loop4): Directory bread(block 68) failed [ 404.235841][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 404.245573][ T8381] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 404.290829][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 404.319894][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 404.319956][ T8378] FAT-fs (loop4): Directory bread(block 69) failed [ 404.337213][ T8378] FAT-fs (loop4): Directory bread(block 70) failed [ 404.343797][ T8378] FAT-fs (loop4): Directory bread(block 71) failed [ 404.350657][ T8378] FAT-fs (loop4): Directory bread(block 72) failed [ 404.357334][ T8378] FAT-fs (loop4): Directory bread(block 73) failed [ 404.376792][ T8381] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 404.383580][ T8374] BTRFS info (device loop2): enabling ssd optimizations [ 404.395601][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 404.435702][ T8381] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 404.462558][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 404.616077][ T8381] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 404.679460][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 404.760196][ T8381] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 404.830317][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 404.850599][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 404.878765][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 404.926576][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 404.956576][ T8381] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 405.024955][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 405.096491][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 405.105690][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 405.179279][ T8397] BTRFS info (device loop2): balance: start -d -m -s [ 405.198334][ T8381] erofs: (device loop3): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 405.243596][ T8397] BTRFS info (device loop2): relocating block group 63963136 flags data [ 405.257099][ T8381] syz.3.645: attempt to access beyond end of device [ 405.257099][ T8381] loop3: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 405.305042][ T8381] syz.3.645: attempt to access beyond end of device [ 405.305042][ T8381] loop3: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 405.368146][ T8381] syz.3.645: attempt to access beyond end of device [ 405.368146][ T8381] loop3: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 405.406338][ T8381] syz.3.645: attempt to access beyond end of device [ 405.406338][ T8381] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 406.156931][ T8397] BTRFS info (device loop2): balance: canceled [ 407.082066][ T8415] loop3: detected capacity change from 0 to 512 [ 408.439592][ T8415] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 408.449434][ T8415] EXT4-fs (loop3): orphan cleanup on readonly fs [ 408.466032][ T8415] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 408.477493][ T8415] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 408.556379][ T8415] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 408.624076][ T8415] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.652: bg 0: block 40: padding at end of block bitmap is not set [ 408.798292][ T8415] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 409.732103][ T8415] EXT4-fs (loop3): 1 truncate cleaned up [ 409.758579][ T8415] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 409.863761][ T8414] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 409.958977][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.465142][ T8429] hub 8-0:1.0: USB hub found [ 410.484016][ T8429] hub 8-0:1.0: 1 port detected [ 411.169648][ T5790] BTRFS info (device loop2): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 411.521815][ T8438] syz.3.660: attempt to access beyond end of device [ 411.521815][ T8438] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 411.535318][ T8438] efs: cannot read volume header [ 412.887464][ T8447] loop3: detected capacity change from 0 to 512 [ 413.990526][ T8447] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 414.000422][ T8447] EXT4-fs (loop3): orphan cleanup on readonly fs [ 414.029979][ T8447] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 414.040836][ T8447] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 414.110365][ T8447] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 414.134889][ T8447] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.663: bg 0: block 40: padding at end of block bitmap is not set [ 414.213598][ T8447] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 414.316490][ T8447] EXT4-fs (loop3): 1 truncate cleaned up [ 414.327899][ T8447] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 414.424884][ T8447] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 414.950898][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.183266][ T8457] loop3: detected capacity change from 0 to 256 [ 415.191831][ T8457] exfat: Deprecated parameter 'namecase' [ 415.197634][ T8457] exfat: Deprecated parameter 'utf8' [ 415.203010][ T8457] exfat: Unknown parameter 'gÈd' [ 415.252778][ T5798] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 417.341101][ T8469] loop4: detected capacity change from 0 to 16 [ 417.389851][ T8469] erofs: (device loop4): mounted with root inode @ nid 36. [ 417.472778][ T8469] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 417.483717][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 417.492910][ T8469] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 417.503578][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 417.512886][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 417.522144][ T8469] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 417.532843][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 417.542043][ T8469] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 417.552690][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 417.562087][ T8469] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 417.572670][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 417.581964][ T8469] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 417.592541][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 417.601755][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 417.610916][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 417.620399][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 417.629765][ T8469] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 417.640506][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 417.649853][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 417.659047][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 417.668420][ T8469] erofs: (device loop4): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 417.677947][ T8469] syz.4.670: attempt to access beyond end of device [ 417.677947][ T8469] loop4: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 417.691826][ T8469] syz.4.670: attempt to access beyond end of device [ 417.691826][ T8469] loop4: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 417.706268][ T8469] syz.4.670: attempt to access beyond end of device [ 417.706268][ T8469] loop4: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 417.720756][ T8469] syz.4.670: attempt to access beyond end of device [ 417.720756][ T8469] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 418.101906][ T8479] loop4: detected capacity change from 0 to 512 [ 418.235342][ T8479] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 418.245077][ T8479] EXT4-fs (loop4): orphan cleanup on readonly fs [ 418.255334][ T8479] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 418.266099][ T8479] EXT4-fs warning (device loop4): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 418.374700][ T8479] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 418.396253][ T8479] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.674: bg 0: block 40: padding at end of block bitmap is not set [ 418.526328][ T8479] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 418.610318][ T8479] EXT4-fs (loop4): 1 truncate cleaned up [ 418.621977][ T8479] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 418.804892][ T8479] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 419.149574][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 419.167806][ T8487] syzkaller0: entered promiscuous mode [ 419.190015][ T8487] syzkaller0: entered allmulticast mode [ 419.338470][ T8491] loop4: detected capacity change from 0 to 256 [ 419.345903][ T8491] exfat: Deprecated parameter 'namecase' [ 419.351852][ T8491] exfat: Deprecated parameter 'utf8' [ 419.357270][ T8491] exfat: Unknown parameter 'gÈd' [ 419.366592][ T2129] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 419.394729][ T5798] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 419.556309][ T2129] usb 3-1: Using ep0 maxpacket: 16 [ 419.574116][ T2129] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 419.604643][ T2129] usb 3-1: config 0 has no interface number 0 [ 419.649294][ T2129] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 420.458846][ T2129] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.467418][ T2129] usb 3-1: Product: syz [ 420.471624][ T2129] usb 3-1: Manufacturer: syz [ 420.498659][ T2129] usb 3-1: SerialNumber: syz [ 420.525907][ T8500] syz.4.679 uses obsolete (PF_INET,SOCK_PACKET) [ 420.628379][ T2129] usb 3-1: config 0 descriptor?? [ 420.639964][ T2129] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 421.124542][ T8508] netlink: 44 bytes leftover after parsing attributes in process `syz.2.659'. [ 421.136172][ T8508] netlink: 28 bytes leftover after parsing attributes in process `syz.2.659'. [ 421.367313][ T2129] gspca_spca1528: reg_w err -110 [ 421.417704][ T2129] spca1528: probe of 3-1:0.1 failed with error -110 [ 421.824092][ T2129] usb 3-1: USB disconnect, device number 10 [ 422.209579][ T8520] loop4: detected capacity change from 0 to 512 [ 422.795719][ T2129] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 423.476827][ T8520] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 423.486452][ T8520] EXT4-fs (loop4): orphan cleanup on readonly fs [ 423.496080][ T8520] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 423.507025][ T8520] EXT4-fs warning (device loop4): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 423.604787][ T8520] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 423.814494][ T8520] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.685: bg 0: block 40: padding at end of block bitmap is not set [ 423.862227][ T2129] usb 4-1: Using ep0 maxpacket: 16 [ 423.896980][ T8520] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 424.000683][ T8520] EXT4-fs (loop4): 1 truncate cleaned up [ 424.011865][ T8520] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 424.067551][ T2129] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 424.162525][ T2129] usb 4-1: config 0 has no interface number 0 [ 424.184090][ T8520] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 424.344881][ T2129] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 424.451557][ T2129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.505668][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 424.506509][ T2129] usb 4-1: Product: syz [ 424.605908][ T2129] usb 4-1: Manufacturer: syz [ 424.631603][ T8528] sctp: [Deprecated]: syz.1.689 (pid 8528) Use of struct sctp_assoc_value in delayed_ack socket option. [ 424.631603][ T8528] Use struct sctp_sack_info instead [ 424.693182][ T2129] usb 4-1: SerialNumber: syz [ 424.848518][ T2129] usb 4-1: config 0 descriptor?? [ 425.073683][ T2129] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 425.457377][ T8525] syzkaller0: entered promiscuous mode [ 425.463051][ T8525] syzkaller0: entered allmulticast mode [ 425.496610][ T2129] gspca_spca1528: reg_w err -71 [ 425.597582][ T2129] spca1528: probe of 4-1:0.1 failed with error -71 [ 425.636016][ T2129] usb 4-1: USB disconnect, device number 6 [ 425.687014][ T8538] loop3: detected capacity change from 0 to 16 [ 425.736908][ T8538] erofs: (device loop3): mounted with root inode @ nid 36. [ 425.876941][ T8538] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 425.887646][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 425.896881][ T8538] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 425.907530][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 425.916864][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 425.926206][ T8538] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 425.936873][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 425.946003][ T8538] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 425.957156][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 425.966334][ T8538] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 425.977188][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 425.986579][ T8538] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 425.997178][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 426.006379][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 426.015519][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 426.025003][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 426.034398][ T8538] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 426.045157][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 426.054663][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 426.064140][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 426.073542][ T8538] erofs: (device loop3): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 426.083501][ T8538] syz.3.691: attempt to access beyond end of device [ 426.083501][ T8538] loop3: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 426.097437][ T8538] syz.3.691: attempt to access beyond end of device [ 426.097437][ T8538] loop3: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 426.111824][ T8538] syz.3.691: attempt to access beyond end of device [ 426.111824][ T8538] loop3: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 426.126225][ T8538] syz.3.691: attempt to access beyond end of device [ 426.126225][ T8538] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 428.186312][ T23] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 428.377744][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 428.399889][ T23] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 428.408225][ T23] usb 2-1: config 0 has no interface number 0 [ 428.442293][ T23] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 428.451882][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.460440][ T23] usb 2-1: Product: syz [ 428.464774][ T23] usb 2-1: Manufacturer: syz [ 428.481421][ T23] usb 2-1: SerialNumber: syz [ 428.489741][ T23] usb 2-1: config 0 descriptor?? [ 428.515449][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 429.010317][ T8555] netlink: 44 bytes leftover after parsing attributes in process `syz.1.699'. [ 429.024578][ T8555] netlink: 28 bytes leftover after parsing attributes in process `syz.1.699'. [ 429.239452][ T23] gspca_spca1528: reg_w err -110 [ 429.266847][ T23] spca1528: probe of 2-1:0.1 failed with error -110 [ 429.735249][ T8] usb 2-1: USB disconnect, device number 5 [ 430.184416][ T8557] loop4: detected capacity change from 0 to 256 [ 430.274377][ T8557] FAT-fs (loop4): Directory bread(block 64) failed [ 430.291813][ T8557] FAT-fs (loop4): Directory bread(block 65) failed [ 430.312956][ T8557] FAT-fs (loop4): Directory bread(block 66) failed [ 430.325556][ T8557] FAT-fs (loop4): Directory bread(block 67) failed [ 430.332634][ T8557] FAT-fs (loop4): Directory bread(block 68) failed [ 430.380149][ T8557] FAT-fs (loop4): Directory bread(block 69) failed [ 430.394027][ T8557] FAT-fs (loop4): Directory bread(block 70) failed [ 430.421522][ T8557] FAT-fs (loop4): Directory bread(block 71) failed [ 430.428573][ T8557] FAT-fs (loop4): Directory bread(block 72) failed [ 430.438612][ T8557] FAT-fs (loop4): Directory bread(block 73) failed [ 430.567805][ T8560] sctp: [Deprecated]: syz.1.701 (pid 8560) Use of struct sctp_assoc_value in delayed_ack socket option. [ 430.567805][ T8560] Use struct sctp_sack_info instead [ 431.530201][ T8564] loop4: detected capacity change from 0 to 16 [ 431.550921][ T8564] erofs: (device loop4): mounted with root inode @ nid 36. [ 431.590424][ T8564] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 431.601169][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 431.610736][ T8564] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 431.621404][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 431.630697][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 431.640342][ T8564] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 431.651053][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 431.660345][ T8564] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 431.671221][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 431.680414][ T8564] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 431.691179][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 431.700403][ T8564] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 431.711298][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 431.720487][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 431.729942][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 431.739288][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 431.748610][ T8564] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 431.759268][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 431.768907][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 431.778208][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 431.787567][ T8564] erofs: (device loop4): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 431.797347][ T8564] syz.4.704: attempt to access beyond end of device [ 431.797347][ T8564] loop4: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 431.811206][ T8564] syz.4.704: attempt to access beyond end of device [ 431.811206][ T8564] loop4: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 431.825802][ T8564] syz.4.704: attempt to access beyond end of device [ 431.825802][ T8564] loop4: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 431.840347][ T8564] syz.4.704: attempt to access beyond end of device [ 431.840347][ T8564] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 432.594077][ T8581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.708'. [ 432.604320][ T8581] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 432.612980][ T8581] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 432.622814][ T8581] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 432.630946][ T8581] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 432.762567][ T8584] netlink: 16 bytes leftover after parsing attributes in process `syz.3.709'. [ 432.803665][ T8584] team0: No ports can be present during mode change [ 432.832043][ T8584] warning: `syz.3.709' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 432.853594][ T8584] vlan0: entered promiscuous mode [ 432.915570][ T8584] team0: Port device vlan0 added [ 432.990562][ T8591] sctp: [Deprecated]: syz.1.711 (pid 8591) Use of struct sctp_assoc_value in delayed_ack socket option. [ 432.990562][ T8591] Use struct sctp_sack_info instead [ 433.645979][ T8584] tipc: Started in network mode [ 433.716417][ T8584] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 433.740943][ T8584] tipc: Enabled bearer , priority 0 [ 434.827803][ T8606] syz_tun: entered allmulticast mode [ 434.868300][ T8] tipc: Node number set to 11578026 [ 434.892869][ T8610] ubi: mtd0 is already attached to ubi31 [ 435.135248][ T8619] sctp: [Deprecated]: syz.1.722 (pid 8619) Use of struct sctp_assoc_value in delayed_ack socket option. [ 435.135248][ T8619] Use struct sctp_sack_info instead [ 436.165133][ T8625] tipc: Started in network mode [ 436.196360][ T8625] tipc: Node identity b6b0a7f3e77f, cluster identity 4711 [ 436.214337][ T8625] tipc: Enabled bearer , priority 0 [ 436.255809][ T8628] syzkaller0: entered promiscuous mode [ 436.267525][ T8628] syzkaller0: entered allmulticast mode [ 436.279396][ T8627] netlink: 'syz.1.728': attribute type 16 has an invalid length. [ 436.294686][ T8627] netlink: 'syz.1.728': attribute type 17 has an invalid length. [ 436.398485][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 436.421134][ T8633] loop2: detected capacity change from 0 to 512 [ 436.659766][ T8633] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 436.669717][ T8633] EXT4-fs (loop2): orphan cleanup on readonly fs [ 436.696504][ T8633] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 436.707556][ T8633] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 436.794025][ T8633] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 436.892446][ T8633] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.729: bg 0: block 40: padding at end of block bitmap is not set [ 436.993590][ T8633] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 437.003385][ T8627] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 437.114550][ T8633] EXT4-fs (loop2): 1 truncate cleaned up [ 437.125758][ T8633] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 437.348902][ T9] tipc: Node number set to 1372563443 [ 437.384473][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 437.409169][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 437.471177][ T8638] tipc: Resetting bearer [ 437.523795][ T8640] ubi: mtd0 is already attached to ubi31 [ 437.561741][ T8622] tipc: Resetting bearer [ 437.648088][ T8622] tipc: Disabling bearer [ 437.698853][ T8643] ubi: mtd0 is already attached to ubi31 [ 438.377655][ T8654] sctp: [Deprecated]: syz.2.736 (pid 8654) Use of struct sctp_assoc_value in delayed_ack socket option. [ 438.377655][ T8654] Use struct sctp_sack_info instead [ 439.513188][ T8658] syz.4.737: attempt to access beyond end of device [ 439.513188][ T8658] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 439.526004][ T8658] efs: cannot read volume header [ 440.362001][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.370481][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.466803][ T8663] loop4: detected capacity change from 0 to 512 [ 440.663009][ T8663] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 440.673828][ T8663] EXT4-fs (loop4): orphan cleanup on readonly fs [ 440.690624][ T1201] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 440.706538][ T8663] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 440.717502][ T8663] EXT4-fs warning (device loop4): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 440.802806][ T8663] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 440.813864][ T8663] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.738: bg 0: block 40: padding at end of block bitmap is not set [ 440.907977][ T8663] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 441.026904][ T8663] EXT4-fs (loop4): 1 truncate cleaned up [ 441.038770][ T8663] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 441.125923][ T8663] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 441.147799][ T1201] usb 3-1: Using ep0 maxpacket: 16 [ 441.295836][ T1201] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 441.364032][ T1201] usb 3-1: config 0 has no interface number 0 [ 441.495548][ T1201] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 441.571366][ T1201] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.583730][ T5983] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.596606][ T1201] usb 3-1: Product: syz [ 441.601238][ T1201] usb 3-1: Manufacturer: syz [ 441.640098][ T1201] usb 3-1: SerialNumber: syz [ 441.691190][ T1201] usb 3-1: config 0 descriptor?? [ 441.714721][ T1201] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 441.954197][ T8670] ubi: mtd0 is already attached to ubi31 [ 442.077607][ T8672] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'. [ 442.510448][ T1201] gspca_spca1528: reg_w err -110 [ 442.577403][ T1201] spca1528: probe of 3-1:0.1 failed with error -110 [ 442.697383][ T8677] netlink: 44 bytes leftover after parsing attributes in process `syz.2.739'. [ 442.885615][ T8682] sctp: [Deprecated]: syz.1.747 (pid 8682) Use of struct sctp_assoc_value in delayed_ack socket option. [ 442.885615][ T8682] Use struct sctp_sack_info instead [ 443.531242][ T8677] netlink: 28 bytes leftover after parsing attributes in process `syz.2.739'. [ 443.782334][ T786] usb 3-1: USB disconnect, device number 11 [ 443.858136][ T8687] netlink: zone id is out of range [ 443.883690][ T8687] netlink: zone id is out of range [ 444.335387][ T8700] ubi: mtd0 is already attached to ubi31 [ 445.091222][ T8708] sctp: [Deprecated]: syz.3.757 (pid 8708) Use of struct sctp_assoc_value in delayed_ack socket option. [ 445.091222][ T8708] Use struct sctp_sack_info instead [ 445.566386][ T2129] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 445.776221][ T2129] usb 4-1: Using ep0 maxpacket: 16 [ 445.790356][ T2129] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 445.806239][ T2129] usb 4-1: config 0 has no interface number 0 [ 445.816065][ T2129] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 445.825285][ T2129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.850052][ T2129] usb 4-1: Product: syz [ 445.854509][ T2129] usb 4-1: Manufacturer: syz [ 445.877419][ T2129] usb 4-1: SerialNumber: syz [ 445.888949][ T2129] usb 4-1: config 0 descriptor?? [ 445.897956][ T2129] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 446.232060][ T8714] loop2: detected capacity change from 0 to 32768 [ 446.287251][ T8714] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 446.375722][ T8720] netlink: 44 bytes leftover after parsing attributes in process `syz.3.758'. [ 446.385898][ T8720] netlink: 28 bytes leftover after parsing attributes in process `syz.3.758'. [ 446.556377][ T8714] (syz.2.760,8714,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "ÿÿ184467440737095516150xffffffffffffffff18446744073709551615±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(cŸoö—ÈêM ) Çÿÿÿÿÿÿÿÿÿ" or missing value [ 446.617262][ T2129] gspca_spca1528: reg_w err -110 [ 446.688572][ T2129] spca1528: probe of 4-1:0.1 failed with error -110 [ 447.124682][ T5799] usb 4-1: USB disconnect, device number 7 [ 447.139509][ T8714] syz.2.760 (8714) used greatest stack depth: 18664 bytes left [ 447.248374][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 447.446824][ T8729] loop2: detected capacity change from 0 to 512 [ 449.401245][ T8729] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 449.410832][ T8729] EXT4-fs (loop2): orphan cleanup on readonly fs [ 449.441890][ T8729] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 449.452832][ T8729] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 449.766912][ T8729] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 449.804785][ T8729] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.763: bg 0: block 40: padding at end of block bitmap is not set [ 449.913718][ T8729] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 450.182357][ T8729] EXT4-fs (loop2): 1 truncate cleaned up [ 450.231315][ T8729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 451.133268][ T8744] loop4: detected capacity change from 0 to 256 [ 451.136547][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.140868][ T8744] exfat: Deprecated parameter 'namecase' [ 451.154521][ T8744] exfat: Deprecated parameter 'utf8' [ 451.160056][ T8744] exfat: Unknown parameter 'gÈd' [ 451.371967][ T8745] sctp: [Deprecated]: syz.3.766 (pid 8745) Use of struct sctp_assoc_value in delayed_ack socket option. [ 451.371967][ T8745] Use struct sctp_sack_info instead [ 451.848764][ T8748] loop3: detected capacity change from 0 to 32768 [ 451.895394][ T8748] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 451.939520][ T28] audit: type=1326 audit(1754613640.343:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8747 comm="syz.3.769" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f8578ebe9 code=0x0 [ 452.438222][ T5785] ocfs2: Unmounting device (7,3) on (node local) [ 454.367464][ T8775] sctp: [Deprecated]: syz.2.777 (pid 8775) Use of struct sctp_assoc_value in delayed_ack socket option. [ 454.367464][ T8775] Use struct sctp_sack_info instead [ 454.849138][ T8784] loop4: detected capacity change from 0 to 256 [ 454.856831][ T8784] exfat: Deprecated parameter 'namecase' [ 454.862556][ T8784] exfat: Deprecated parameter 'utf8' [ 454.868045][ T8784] exfat: Unknown parameter 'gÈd' [ 455.321735][ T5798] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 455.670512][ T8791] loop2: detected capacity change from 0 to 16 [ 455.769454][ T8791] erofs: (device loop2): mounted with root inode @ nid 36. [ 455.865239][ T8791] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 455.876363][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 455.886376][ T8791] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 455.898149][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 455.907743][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 455.917107][ T8791] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 455.927782][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 455.937017][ T8791] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 455.947661][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 455.956882][ T8791] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 455.967621][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 455.976816][ T8791] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 455.987513][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 455.996714][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 456.005850][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 456.015227][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 456.024555][ T8791] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 456.035246][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 456.044635][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 456.053859][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 456.063178][ T8791] erofs: (device loop2): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 456.072728][ T8791] syz.2.781: attempt to access beyond end of device [ 456.072728][ T8791] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 456.086630][ T8791] syz.2.781: attempt to access beyond end of device [ 456.086630][ T8791] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 456.101241][ T8791] syz.2.781: attempt to access beyond end of device [ 456.101241][ T8791] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 456.115614][ T8791] syz.2.781: attempt to access beyond end of device [ 456.115614][ T8791] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 456.391973][ T8795] loop3: detected capacity change from 0 to 32768 [ 456.447633][ T8798] tipc: Enabled bearer , priority 0 [ 456.455663][ T8798] syzkaller0: entered promiscuous mode [ 456.461938][ T8795] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 456.472670][ T8798] syzkaller0: entered allmulticast mode [ 456.519967][ T28] audit: type=1326 audit(1754613644.923:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8794 comm="syz.3.783" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f8578ebe9 code=0x0 [ 456.624163][ T8800] tipc: Resetting bearer [ 456.671257][ T8797] tipc: Resetting bearer [ 456.781254][ T8805] sctp: [Deprecated]: syz.2.786 (pid 8805) Use of struct sctp_assoc_value in delayed_ack socket option. [ 456.781254][ T8805] Use struct sctp_sack_info instead [ 456.822228][ T8797] tipc: Disabling bearer [ 456.839520][ T5785] ocfs2: Unmounting device (7,3) on (node local) [ 457.129959][ T8812] fuse: Bad value for 'fd' [ 457.381610][ T8811] Bluetooth: MGMT ver 1.22 [ 459.738510][ T8828] loop2: detected capacity change from 0 to 32768 [ 459.779477][ T8831] sctp: [Deprecated]: syz.1.796 (pid 8831) Use of struct sctp_assoc_value in delayed_ack socket option. [ 459.779477][ T8831] Use struct sctp_sack_info instead [ 459.837366][ T8828] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 459.908726][ T28] audit: type=1326 audit(1754613648.313:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8827 comm="syz.2.795" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 460.305864][ T8840] loop3: detected capacity change from 0 to 32768 [ 460.366782][ T8842] tipc: Started in network mode [ 460.371860][ T8842] tipc: Node identity 9e0d1c43de67, cluster identity 4711 [ 460.386869][ T8842] tipc: Enabled bearer , priority 0 [ 460.397730][ T8842] syzkaller0: entered promiscuous mode [ 460.403994][ T8842] syzkaller0: entered allmulticast mode [ 460.427344][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 460.497297][ T8840] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 460.504240][ T8845] tipc: Resetting bearer [ 460.571025][ T28] audit: type=1326 audit(1754613648.973:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8839 comm="syz.3.797" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f8578ebe9 code=0x0 [ 460.627758][ T8841] tipc: Resetting bearer [ 460.824709][ T8851] hub 8-0:1.0: USB hub found [ 460.831026][ T8851] hub 8-0:1.0: 1 port detected [ 461.071024][ T8841] tipc: Disabling bearer [ 461.447628][ T5785] ocfs2: Unmounting device (7,3) on (node local) [ 461.570111][ T8855] fuse: Bad value for 'fd' [ 462.627340][ T8865] sctp: [Deprecated]: syz.3.806 (pid 8865) Use of struct sctp_assoc_value in delayed_ack socket option. [ 462.627340][ T8865] Use struct sctp_sack_info instead [ 462.987333][ T8869] loop3: detected capacity change from 0 to 32768 [ 463.059669][ T8869] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 463.126404][ T28] audit: type=1326 audit(1754613651.523:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8868 comm="syz.3.808" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f8578ebe9 code=0x0 [ 463.496622][ T8878] loop2: detected capacity change from 0 to 32768 [ 463.541718][ T8878] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 463.570785][ T8878] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 463.637635][ T28] audit: type=1326 audit(1754613652.033:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8877 comm="syz.2.810" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 465.834648][ T5785] ocfs2: Unmounting device (7,3) on (node local) [ 465.929386][ T8888] fuse: Bad value for 'fd' [ 465.974131][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 467.396966][ T8894] sctp: [Deprecated]: syz.1.816 (pid 8894) Use of struct sctp_assoc_value in delayed_ack socket option. [ 467.396966][ T8894] Use struct sctp_sack_info instead [ 467.428427][ T8898] tipc: Enabled bearer , priority 0 [ 467.467029][ T8898] syzkaller0: entered promiscuous mode [ 467.496866][ T8898] syzkaller0: entered allmulticast mode [ 467.538970][ T8898] tipc: Resetting bearer [ 467.579915][ T8896] tipc: Resetting bearer [ 467.658410][ T8896] tipc: Disabling bearer [ 468.173641][ T8913] loop4: detected capacity change from 0 to 32768 [ 468.230710][ T8913] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 468.274573][ T28] audit: type=1326 audit(1754613656.673:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8911 comm="syz.4.823" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f2298ebe9 code=0x0 [ 468.563856][ T8922] tipc: Started in network mode [ 468.571630][ T8922] tipc: Node identity 7a32a587953, cluster identity 4711 [ 468.581860][ T8922] tipc: Enabled bearer , priority 0 [ 468.601054][ T8922] syzkaller0: entered promiscuous mode [ 468.620283][ T8922] syzkaller0: entered allmulticast mode [ 468.734135][ T8926] sctp: [Deprecated]: syz.1.826 (pid 8926) Use of struct sctp_assoc_value in delayed_ack socket option. [ 468.734135][ T8926] Use struct sctp_sack_info instead [ 469.571061][ T8922] tipc: Resetting bearer [ 469.586469][ T8921] tipc: Resetting bearer [ 469.675752][ T8921] tipc: Disabling bearer [ 469.688551][ T5983] ocfs2: Unmounting device (7,4) on (node local) [ 469.900688][ T8938] tipc: Enabled bearer , priority 0 [ 469.910377][ T8938] syzkaller0: entered promiscuous mode [ 469.915911][ T8938] syzkaller0: entered allmulticast mode [ 469.945673][ T8938] tipc: Resetting bearer [ 469.973577][ T8937] tipc: Resetting bearer [ 470.047735][ T8937] tipc: Disabling bearer [ 470.158195][ T8944] netlink: 40 bytes leftover after parsing attributes in process `syz.4.827'. [ 470.497682][ T8948] loop2: detected capacity change from 0 to 32768 [ 470.532059][ T8952] sctp: [Deprecated]: syz.4.837 (pid 8952) Use of struct sctp_assoc_value in delayed_ack socket option. [ 470.532059][ T8952] Use struct sctp_sack_info instead [ 470.568024][ T8948] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 470.634056][ T28] audit: type=1326 audit(1754613659.023:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8947 comm="syz.2.836" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 470.972842][ T8966] loop4: detected capacity change from 0 to 256 [ 470.980448][ T8966] exfat: Deprecated parameter 'namecase' [ 470.986434][ T8966] exfat: Deprecated parameter 'utf8' [ 470.992298][ T8966] exfat: Unknown parameter 'gÈd' [ 471.037300][ T5798] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 471.316773][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 471.458435][ T8974] netlink: 27 bytes leftover after parsing attributes in process `syz.1.844'. [ 471.750098][ T8978] tipc: Enabled bearer , priority 0 [ 472.866295][ T5799] tipc: Node number set to 1080695875 [ 473.807617][ T8978] syzkaller0: entered promiscuous mode [ 473.829548][ T8977] sctp: [Deprecated]: syz.4.846 (pid 8977) Use of struct sctp_assoc_value in delayed_ack socket option. [ 473.829548][ T8977] Use struct sctp_sack_info instead [ 473.868277][ T8978] syzkaller0: entered allmulticast mode [ 473.921035][ T8978] tipc: Resetting bearer [ 473.955723][ T8975] tipc: Resetting bearer [ 474.029543][ T8975] tipc: Disabling bearer [ 477.054289][ T9007] sctp: [Deprecated]: syz.4.856 (pid 9007) Use of struct sctp_assoc_value in delayed_ack socket option. [ 477.054289][ T9007] Use struct sctp_sack_info instead [ 477.259264][ T9009] netlink: 8 bytes leftover after parsing attributes in process `syz.2.857'. [ 477.675412][ T9018] hub 8-0:1.0: USB hub found [ 477.691165][ T9018] hub 8-0:1.0: 1 port detected [ 478.590283][ T9034] tipc: Enabled bearer , priority 0 [ 478.603165][ T9034] syzkaller0: entered promiscuous mode [ 478.618738][ T9034] syzkaller0: entered allmulticast mode [ 478.900057][ T9037] sctp: [Deprecated]: syz.4.866 (pid 9037) Use of struct sctp_assoc_value in delayed_ack socket option. [ 478.900057][ T9037] Use struct sctp_sack_info instead [ 478.935707][ T9034] tipc: Resetting bearer [ 479.003484][ T9032] tipc: Resetting bearer [ 479.074344][ T9032] tipc: Disabling bearer [ 479.989440][ T9052] hub 8-0:1.0: USB hub found [ 479.995445][ T9052] hub 8-0:1.0: 1 port detected [ 480.405328][ T9058] loop4: detected capacity change from 0 to 16 [ 480.481147][ T9058] erofs: (device loop4): mounted with root inode @ nid 36. [ 480.584377][ T9058] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 480.595397][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 480.604625][ T9058] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 480.615375][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 480.624718][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 480.634056][ T9058] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 480.644781][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 480.655643][ T9058] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 480.666595][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 480.675926][ T9058] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 480.686740][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 480.695919][ T9058] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 480.706875][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 480.716241][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 480.725505][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 480.734990][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 480.744430][ T9058] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 480.755079][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 480.764537][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 480.773797][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 480.783127][ T9058] erofs: (device loop4): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 480.793165][ T9058] syz.4.876: attempt to access beyond end of device [ 480.793165][ T9058] loop4: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 480.807024][ T9058] syz.4.876: attempt to access beyond end of device [ 480.807024][ T9058] loop4: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 480.821361][ T9058] syz.4.876: attempt to access beyond end of device [ 480.821361][ T9058] loop4: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 480.835797][ T9058] syz.4.876: attempt to access beyond end of device [ 480.835797][ T9058] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 483.589079][ T9074] sctp: [Deprecated]: syz.3.880 (pid 9074) Use of struct sctp_assoc_value in delayed_ack socket option. [ 483.589079][ T9074] Use struct sctp_sack_info instead [ 486.635383][ T9113] sctp: [Deprecated]: syz.3.891 (pid 9113) Use of struct sctp_assoc_value in delayed_ack socket option. [ 486.635383][ T9113] Use struct sctp_sack_info instead [ 487.021451][ T9104] loop4: detected capacity change from 0 to 32768 [ 487.102997][ T9104] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 487.165650][ T9104] (syz.4.889,9104,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "ÿÿ184467440737095516150xffffffffffffffff18446744073709551615±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(cŸoö—ÈêM ) Çÿÿÿÿÿÿÿÿÿ" or missing value [ 487.406491][ T9126] hub 8-0:1.0: USB hub found [ 488.177672][ T9126] hub 8-0:1.0: 1 port detected [ 488.802226][ T5983] ocfs2: Unmounting device (7,4) on (node local) [ 488.979480][ T9132] syzkaller0: entered promiscuous mode [ 488.985057][ T9132] syzkaller0: entered allmulticast mode [ 489.493347][ T9151] sctp: [Deprecated]: syz.3.903 (pid 9151) Use of struct sctp_assoc_value in delayed_ack socket option. [ 489.493347][ T9151] Use struct sctp_sack_info instead [ 492.114059][ T9161] loop4: detected capacity change from 0 to 32768 [ 492.206892][ T9161] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 492.291422][ T9161] (syz.4.907,9161,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "ÿÿ184467440737095516150xffffffffffffffff18446744073709551615±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(cŸoö—ÈêM ) Çÿÿÿÿÿÿÿÿÿ" or missing value [ 492.412244][ T5983] ocfs2: Unmounting device (7,4) on (node local) [ 492.658614][ T9166] hub 8-0:1.0: USB hub found [ 492.728161][ T9166] hub 8-0:1.0: 1 port detected [ 494.025908][ T5799] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 494.224279][ T5799] usb 5-1: Using ep0 maxpacket: 16 [ 494.236538][ T5799] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 494.244628][ T5799] usb 5-1: config 0 has no interface number 0 [ 494.254948][ T5799] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 494.264545][ T5799] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.272976][ T5799] usb 5-1: Product: syz [ 494.277767][ T5799] usb 5-1: Manufacturer: syz [ 494.282476][ T5799] usb 5-1: SerialNumber: syz [ 494.290196][ T5799] usb 5-1: config 0 descriptor?? [ 494.303977][ T5799] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 494.732490][ T5799] gspca_spca1528: reg_w err -71 [ 494.777034][ T5799] spca1528: probe of 5-1:0.1 failed with error -71 [ 494.824122][ T5799] usb 5-1: USB disconnect, device number 7 [ 495.130341][ T9180] loop2: detected capacity change from 0 to 32768 [ 495.357355][ T9180] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 495.378460][ T9181] sctp: [Deprecated]: syz.3.913 (pid 9181) Use of struct sctp_assoc_value in delayed_ack socket option. [ 495.378460][ T9181] Use struct sctp_sack_info instead [ 495.491888][ T28] audit: type=1326 audit(1754613683.873:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9179 comm="syz.2.914" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 495.983506][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 496.202716][ T9200] syzkaller0: entered promiscuous mode [ 496.267091][ T9200] syzkaller0: entered allmulticast mode [ 496.360880][ T9208] hub 8-0:1.0: USB hub found [ 496.377956][ T9208] hub 8-0:1.0: 1 port detected [ 500.409989][ T9224] loop2: detected capacity change from 0 to 32768 [ 500.468877][ T9224] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 500.560989][ T28] audit: type=1326 audit(1754613688.963:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.2.926" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4a98ebe9 code=0x0 [ 500.618264][ T1201] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 500.876848][ T1201] usb 4-1: Using ep0 maxpacket: 16 [ 500.978050][ T1201] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 501.014346][ T1201] usb 4-1: config 0 has no interface number 0 [ 501.068388][ T1201] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 501.086975][ T1201] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.115574][ T1201] usb 4-1: Product: syz [ 501.149209][ T1201] usb 4-1: Manufacturer: syz [ 501.153882][ T1201] usb 4-1: SerialNumber: syz [ 501.171191][ T5790] ocfs2: Unmounting device (7,2) on (node local) [ 501.199050][ T1201] usb 4-1: config 0 descriptor?? [ 501.267291][ T1201] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 501.467048][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.545120][ T28] audit: type=1326 audit(1754613689.943:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9236 comm="syz.1.930" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5e0038ebe9 code=0x0 [ 501.711132][ T1201] gspca_spca1528: reg_w err -71 [ 501.756407][ T1201] spca1528: probe of 4-1:0.1 failed with error -71 [ 501.763367][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.778009][ T1201] usb 4-1: USB disconnect, device number 8 [ 501.801753][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.809334][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.967331][ T9245] loop4: detected capacity change from 0 to 16 [ 502.018790][ T9245] erofs: (device loop4): mounted with root inode @ nid 36. [ 502.152104][ T9248] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 502.163490][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 502.172999][ T9248] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 502.183853][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 502.193607][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 502.203854][ T9248] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 502.214804][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 502.224547][ T9248] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 502.235521][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 502.245220][ T9248] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 502.255987][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 502.265824][ T9248] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 502.277589][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 502.287954][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 502.297434][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 502.307587][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 502.318011][ T9248] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 502.329015][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 502.339399][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 502.348945][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 502.359190][ T9248] erofs: (device loop4): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 502.370350][ T9248] syz.4.933: attempt to access beyond end of device [ 502.370350][ T9248] loop4: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 502.384984][ T9248] syz.4.933: attempt to access beyond end of device [ 502.384984][ T9248] loop4: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 502.400070][ T9248] syz.4.933: attempt to access beyond end of device [ 502.400070][ T9248] loop4: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 502.415182][ T9248] syz.4.933: attempt to access beyond end of device [ 502.415182][ T9248] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 504.226627][ T9273] loop4: detected capacity change from 0 to 16 [ 504.253173][ T9273] erofs: (device loop4): mounted with root inode @ nid 36. [ 505.298050][ T9279] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 505.308908][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 505.318285][ T9279] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 505.329289][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 505.339210][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 505.348984][ T9279] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 505.359924][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 505.369434][ T9279] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 505.380313][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 505.389846][ T9279] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 505.400778][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 505.410212][ T9279] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 505.421003][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 505.430409][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 505.440188][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 505.597063][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 505.639696][ T9279] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 505.663987][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 505.684879][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 505.736403][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 505.768467][ T9279] erofs: (device loop4): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 505.814347][ T9279] syz.4.946: attempt to access beyond end of device [ 505.814347][ T9279] loop4: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 505.846487][ T9279] syz.4.946: attempt to access beyond end of device [ 505.846487][ T9279] loop4: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 505.877464][ T9279] syz.4.946: attempt to access beyond end of device [ 505.877464][ T9279] loop4: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 505.913579][ T9279] syz.4.946: attempt to access beyond end of device [ 505.913579][ T9279] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 505.963587][ T9293] Driver unsupported XDP return value 0 on prog (id 56) dev N/A, expect packet loss! [ 507.499381][ T9316] ubi: mtd0 is already attached to ubi31 [ 510.339007][ T9347] loop2: detected capacity change from 0 to 16 [ 510.350737][ T9347] erofs: (device loop2): mounted with root inode @ nid 36. [ 510.509720][ T9349] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 510.520683][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 510.530177][ T9349] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 510.541053][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 510.550686][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 510.560698][ T9349] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 510.571721][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 510.581201][ T9349] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 510.592112][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 510.601603][ T9349] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 510.612409][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 510.621813][ T9349] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 510.632726][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 510.642246][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 510.651797][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 510.661660][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 510.671877][ T9349] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 510.682788][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 510.693117][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 510.702595][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 510.712728][ T9349] erofs: (device loop2): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 510.725440][ T9349] syz.2.974: attempt to access beyond end of device [ 510.725440][ T9349] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 510.740137][ T9349] syz.2.974: attempt to access beyond end of device [ 510.740137][ T9349] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 510.755221][ T9349] syz.2.974: attempt to access beyond end of device [ 510.755221][ T9349] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 510.770367][ T9349] syz.2.974: attempt to access beyond end of device [ 510.770367][ T9349] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 513.145043][ T9386] [ 513.148193][ T9386] ============================= [ 513.153122][ T9386] WARNING: suspicious RCU usage [ 513.158197][ T9386] 6.6.101-syzkaller #0 Not tainted [ 513.163329][ T9386] ----------------------------- [ 513.168261][ T9386] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage! [ 513.176945][ T9386] [ 513.176945][ T9386] other info that might help us debug this: [ 513.176945][ T9386] [ 513.187553][ T9386] [ 513.187553][ T9386] rcu_scheduler_active = 2, debug_locks = 1 [ 513.195647][ T9386] 1 lock held by syz.2.983/9386: [ 513.200686][ T9386] #0: ffffffff8cd2fd40 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 [ 513.211193][ T9386] [ 513.211193][ T9386] stack backtrace: [ 513.217284][ T9386] CPU: 1 PID: 9386 Comm: syz.2.983 Not tainted 6.6.101-syzkaller #0 [ 513.225952][ T9386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 513.236139][ T9386] Call Trace: [ 513.239445][ T9386] [ 513.242397][ T9386] dump_stack_lvl+0x16c/0x230 [ 513.247115][ T9386] ? show_regs_print_info+0x20/0x20 [ 513.252359][ T9386] ? load_image+0x3b0/0x3b0 [ 513.256898][ T9386] lockdep_rcu_suspicious+0x1e1/0x300 [ 513.262395][ T9386] get_callchain_entry+0x2a9/0x3c0 [ 513.267543][ T9386] get_perf_callchain+0xa3/0x4b0 [ 513.272507][ T9386] ? put_callchain_entry+0xb0/0xb0 [ 513.277682][ T9386] ? plist_add+0x3d8/0x490 [ 513.282146][ T9386] __bpf_get_stack+0x2d7/0x510 [ 513.286952][ T9386] ? stack_map_get_build_id_offset+0x720/0x720 [ 513.293172][ T9386] ? __cant_sleep+0x210/0x210 [ 513.297901][ T9386] ? bpf_prog_b8a90dd1efcc4ad9+0x45/0x49 [ 513.303594][ T9386] bpf_get_stack_raw_tp+0x1a9/0x210 [ 513.308834][ T9386] bpf_prog_b8a90dd1efcc4ad9+0x45/0x49 [ 513.314349][ T9386] bpf_prog_run_pin_on_cpu+0xa8/0x140 [ 513.319766][ T9386] bpf_prog_test_run_syscall+0x311/0x490 [ 513.325444][ T9386] ? sock_gen_cookie+0x60/0x60 [ 513.330254][ T9386] ? sock_gen_cookie+0x60/0x60 [ 513.335048][ T9386] bpf_prog_test_run+0x321/0x390 [ 513.340016][ T9386] __sys_bpf+0x440/0x800 [ 513.344278][ T9386] ? bpf_link_show_fdinfo+0x350/0x350 [ 513.349689][ T9386] ? lock_chain_count+0x20/0x20 [ 513.354652][ T9386] __x64_sys_bpf+0x7c/0x90 [ 513.359086][ T9386] do_syscall_64+0x55/0xb0 [ 513.363528][ T9386] ? clear_bhb_loop+0x40/0x90 [ 513.368220][ T9386] ? clear_bhb_loop+0x40/0x90 [ 513.372916][ T9386] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 513.378832][ T9386] RIP: 0033:0x7fab4a98ebe9 [ 513.383287][ T9386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.403020][ T9386] RSP: 002b:00007fab48bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 513.411502][ T9386] RAX: ffffffffffffffda RBX: 00007fab4abb5fa0 RCX: 00007fab4a98ebe9 [ 513.419494][ T9386] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a [ 513.427590][ T9386] RBP: 00007fab4aa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 513.435597][ T9386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.443596][ T9386] R13: 00007fab4abb6038 R14: 00007fab4abb5fa0 R15: 00007ffcabd1f8d8 [ 513.451604][ T9386] [ 515.062175][ T9368] tipc: Enabling of bearer rejected, failed to enable media