last executing test programs: 13.232093042s ago: executing program 2 (id=429): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x18, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6(0xa, 0x80002, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}}, 0x0) setsockopt$inet6_mtu(r4, 0x29, 0x17, 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) 12.300180956s ago: executing program 1 (id=432): syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x804000, &(0x7f0000000f80)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000080)='./file2\x00', 0x4800, &(0x7f0000000100)=ANY=[], 0x1, 0x6bb, &(0x7f00000018c0)="$eJzs3c1vXFfdB/DvHY8dT9ombpq0eR5VqtVIgIhI7FgpmA0BIWSkCqGyYG0lTmNlkhbHRW6FqMPrtov+Ad1kg1ghsWITqbBgA7vukJeVkNh0g1kNujN3XjJ+m+bF45TPJ7pzzj3nnnN/93fvnbfImgD/s5bOp34/RZbOv75Rrm/dW2hu3Vu41a0nOZZkM6knqSUp/t1qtT5OriRFb5piqNzhw9XFNz75bOvTzlq9Wtrb1/YbN6TabnOoebPbNptkoiofwQPzXX3k+Ype5FeSnKtKGLvJJK3WZFo9P/nrs72esvNkp2zsNnr68AIFnpii87pZvhjXBttnkuPVjV6+D+i+8tbGEuQIjo243fA7CAAAAHjajPIZ+OR2trNRnDiEcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOALYbP/+/9FtdS69dkU3d//n6raUtWPllc+3+b3n1QcAAAAAAAAAHCIXtnOdjZyorveKtr/5/9qe+V0+/GZvJM7WclaLmQjy1nPetYyn2RmYKKpjeX19bX5EUZe2nXkpQMCPVaVjcdz3AAAAAAAAADwBfOLLPX//x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6CIpnoFCnuDjTPpFZPMp1kqmzYTP7erT/N7o87AAAAADgEJ7eznY2c6K63ipxO8mL7O4DpvJPbWc9q1tPMSq61vxfofOqvbd1baG7dW7hVLjvn/fa/HlidPiCM9ozpfPew+57Ptrdo5HpW2y0XcjVvpZlrqbVHls5W8XRnHYrrbhlT8a3KiAm6VpXlkX9QlTu8P+Jk+xv+MqWx/xcsM+2MTPYyMlfFVmbj+e6Z2f0MDZ2dgwzvaT61XmCnh/Y0FPBD5fx4VZbH85u9cj4Ww5m4NHD1vbh/zpMv//H3P56r6kfnkEYzUZWt9mNjZyYWBjLx0iiZuNG8ffPG9Tvnn7ZM7DDXzsSZ3vpSvpcf5Xxm88OsZTU/zXLWs5LZfLddW65OfjFwe++RqSudYnK33S71E9fN+1R1hU5UrZ8nplfbY09kNT/IW7mWlbzW/ncp8/l6LudyFgfO8Jn9z3D7rq89cNf3XwFaz+2axnNfqSrl095vq3JXe3Y8KWVenx/I6+Bz7ky7b7Cln6VTB2epTMsDz41/2j+U+v9XlXIfvxw49+M3nIn5gUy8sF8muhfynebtm2s3lt8ebXenPhgY/usj9ZRaXi+nypOV7gnqXx1l3wvdvqF8lX2ne321HX1nen2dO3Vzzzt1qnoPt3OmS+2+l3btW2j3nR3o2+391sHv5gAYs+NfPT7V+Gfjb42PGr9q3Gi8Pv2dY9849vJUJv88+c363MSXai8Xf8hH+Xn/8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDw7rz73s3lZnNlbajSarXe36Or2TqZ7NH1cJXanmGUlfoBoe6oZPYfz5QDui2t9Lq6P2f2GIM/qPJ/zyajj6p+gSedlvrjzfMYK/9ptVpVS7HHNr/7y85EPTdS6qZGvzYOqExXV3jlSKSuqtQPeadjekICDs3F9VtvX7zz7ntfW721/ObKmyu3Fy9fXpxbvPzawsXrq82Vuc7juKMEnoT+i/64IwEAAAAAAAAAAABGNdrfA+SR/pxg3McIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPN2Wzqd+P0Xm5y7Mletb9xaa5dKt97esJ6klKX6WFB8nV9JZMjMwXbHXfj5cXXzjk8+2Pu3PVS75/tUDxo1ms1oym2SiU959XPNdrcp9FfsdQtE7wjJh57qJg3H7bwAAAP//EOj9JQ==") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x56}, 0x28) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x8494f000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000215000/0x3000)=nil, 0x3000, 0x8, 0x6011, 0xffffffffffffffff, 0xffffffffffffc000) open(&(0x7f0000000000)='./file1\x00', 0x143142, 0x80) 11.031656339s ago: executing program 1 (id=433): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r3, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) 9.661331979s ago: executing program 1 (id=435): socket$key(0xf, 0x3, 0x2) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r2, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)='5', 0x1, 0x20000000, 0x0, 0x0) mmap(&(0x7f00000f8000/0x1000)=nil, 0x1000, 0x2, 0x80010, r1, 0x3000) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r5 = mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x1) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x1c, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r5}, @exit_looper, @dead_binder_done], 0x54, 0x0, &(0x7f0000000100)="d73438587cb3a623fd8ee905e684fde28aea60592a03b7ec818dc884a0444fe71fca81497f44d5c5103915620fa908bb58537bcec2fccf1896aa399773300d53147fe686b8f0784f7bef1841c2a46d758265bf81"}) r6 = epoll_create(0xd751) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r4, &(0x7f0000000500)={0x1}) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x11, @empty, 0x8000, 0x8000, 'none\x00', 0x10, 0x2}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68) 9.525973297s ago: executing program 2 (id=436): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_io_uring_setup(0x208c, &(0x7f0000000200)={0x0, 0xcb14, 0x10100, 0x3, 0x4001bf}, 0x0, 0x0) add_key$fscrypt_v1(0x0, &(0x7f0000001f40)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "51f435b675ba491895df818c52f9e875d9b1bd2c20f5c6b1e36d59e2036887f264d726807797b2e0d0768e1391a519f4aac513fc3713901f18f58a56f75b0121", 0x2d}, 0x48, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{0x0}], 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom0\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f0000000180)=0xdc39) recvfrom$inet_nvme(r1, &(0x7f00000001c0)=""/251, 0xfb, 0x40000000, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r1, 0x7, 0x4) 9.176002327s ago: executing program 2 (id=438): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000040)=0x48182ce9, 0x4) recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x45833af92e4b39ff, 0x0) 8.084472941s ago: executing program 3 (id=440): socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x206bdf}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xfffffffffffffffe) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) connect$inet6(r3, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBENT(r4, 0x4b46, &(0x7f0000000000)={0x4, 0x8, 0xd7}) 7.0601549s ago: executing program 3 (id=441): syz_usb_connect(0x0, 0x35, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xca, 0x9b, 0xd4, 0x10, 0x1199, 0xb000, 0xa898, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x30, 0x2, 0x0, 0x17, 0xb5, 0x1b}}]}}]}}, 0x0) 6.941795277s ago: executing program 0 (id=442): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r1, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r2, r1, 0x0, 0x578410eb) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 6.938037538s ago: executing program 2 (id=443): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r3, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) 6.525239251s ago: executing program 1 (id=444): ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448de, &(0x7f0000000080)) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000640000/0x2000)=nil, 0x2000, 0x0, 0xfffffffffffffffd, 0x20000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 5.800334353s ago: executing program 2 (id=445): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = syz_open_dev$video(&(0x7f00000000c0), 0x8d, 0x20000) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getpid() syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000200)={0x101, 0x4}, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=@newsa={0x148, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e24, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@remote, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xffffffbffffffffc, 0x4}, {0x10000000000009, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}, @XFRMA_SET_MARK={0x8, 0x1d, 0xfffffc00}]}, 0x148}}, 0x844) r4 = fanotify_init(0x81, 0x40000) fanotify_mark(r4, 0x105, 0x40001032, 0xffffffffffffffff, 0x0) 3.538631535s ago: executing program 1 (id=446): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x77f, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbJKmTauJIPjjFBA0ULoxNbYKHioeRLBQ0LPtstmGmk22ZDelCQEtIngRVDwIeunZH/Xm1R9X/S88iKVqWqx4kMhsZtpts5smbZKt7ucD07w3b7bvfffNvHm7M8wG0LNG038KEY9FxAdJxHC2PomIgWaqP+LY2nbXV5bL6ZLE6uprvyfNba6tLJej5TWp/Vnm0Yj4/t2Ig4X19dYXl2ZK1Wplfi3bFxFnx+uLS4fOzJamK9OVuSMTk5OHjz579Mj2xfrnT0sHLn/48lNfHfv7nUcuvf9DEsfiQFbWGsd2GY3R7D0ZSN/CW7y03ZV1WdLtBnBXCtnB1x/pGDAcfc0UAPB/9lZErAIAPSZx/geAHpN/D3BtZbmcL939RmJ3XXkxIvauxZ9f31wr6c+u2e1tXgcdupbccmUkiYiRbah/NCI+++aNL9Ildug6JEA7b1+IiFMjo+vH/2TdPQtb9fQGZXuyv6O3rTf+we75Np3/PNdu/le4Mf+JNvOfwTbH7t244/G/bxsq2UA6/3uh5d626y3xZ0b6stwDzTnfQHL6TLWSjm0PRsRYDAym+YkN6hi7+s/VTmWt878/Pnrz87T+9O/NLQq/9g/e+pqpUqN0LzG3unIh4vH+dvEnN/o/6TD/PbHJOl55/r1PO5Wl8afx5sv6+CO7O2lnrF6MeLJt/9+8oy1NjTdmO9yfON7cHcbznaKNr3/+ZKhT/a39ny5p/flngd2Q9v/QxvGPJK33a9bXjv2t+PHi8Hedyu4cf/v9f0/yejOdzyPOlxqN+YmIPcmr69cfvvnaPJ9vn8Y/9kT743+j/T/9THhqk/H3X/7tyw3j39/d/p/aUv+3S6SDdIeimVL10vWZvk71b67/J5upsWzNZsa/Ti29PXEv7x0AAAAAAAAAAAAAAAAAAAAAAAAAbFYhIg5EUijeSBcKxeLab3g/HEOFaq3eOHi6tjA3Fc3fyh6JgUL+qMvhluehTmTPw8/zh2/LPxMRD0XEx4P7kvw5ilNdjh0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcvs7/P5/6pfBbrcOANgxe7vdAABg1zn/A0Dvcf4HgN7j/A8Avcf5HwB6j/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+zE8ePpsvrXynI5zU+dW1yYqZ07NFWpzxRnF8rFcm3+bHG6VpuuVorl2uyd/r9qrXZ2MuYWzo83KvXGeH1x6eRsbWGucfLMbGm6crIysCtRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDW1BeXZkrVamVe4i4Sq/dHM7qf6Mt2p/ulPbuaSO6PZmxzossDEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/xL8BAAD//7KsH7I=") syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@dax_inode}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@bh}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000140)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xc, 0x0, &(0x7f0000000000)) 3.490516457s ago: executing program 0 (id=447): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r1, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r2, r1, 0x0, 0x578410eb) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 3.370018735s ago: executing program 2 (id=448): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x22000406, &(0x7f00000000c0)={[{@dioread_lock}, {@noblock_validity}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x4}}, {@jqfmt_vfsold}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nobh}, {@grpid}], [], 0x2c}, 0x84, 0x4d8, &(0x7f0000000900)="$eJzs3MtvG9UaAPBvJs2jz6S91b23D6ihICIKSZMW6IIFIJC6ASHBoixDGqpSt0VNkGhV0RShskT8BcASCYkVG1YgIQRsALGFPUKqUDctLJDR2DOJ3diOnbQJrX8/aexzZs48vjNzxjM+9gTQs0rZSxKxJSJ+iYjhWraxQKn2duPaxek/r12cTqJSeemPpFru+rWL00XRYr7NeWY0jUjfTWJPk/XOnr9waqpcnjmX58fnTr8xPnv+wqMnT0+dmDkxc2byyJHDhyaeeHzysY7iuLTM9Cyu67vfPrt319FXPnh+uhKvfvdptr1b8un1cdSMdLTedkpRikpucexA9fXBVS/932VrRAzm6WTDOm8MHeuLiGx39Vfb/3D0xeLOG47n3lnIfL1OGwjcNtln0/YlY/vy93Th8wu4GyXaOPSo4hM/u/8thrW8/lhvV5/OXmeq8d/Ihx9eqNVNmt3LjtTu2PtazP/fJuOGFpOV4WXWvyUijs3/9WE2RNPvIdpIOi4JALDgy+z655Fm139pw7XNtrwPZSQiDkTEjoj4T0TsjHShzP8i4v9drr90U37p9c9PG7tcZFey678n876tYqhNKeJKFnJbq/H3J6+dLM8czOtkNPoHs/xEm3V89ezP77eaVqq7/suGbP3FtWC+Hb9vGGyc5/jU3NQqQm5w9XIksaFZ/MlCT0BWA7siYvcKlp/V2cmHP9mbpbdtXjp9+fjbuAX9TJWPIx6q7f/5uCn+QlJbU6v+yfGhKM8cHC+OiqW+//HKi/X5/rp0Q/xDncU0tNJgm7h6OWJT0+M/j79oBkV/7Wz367jy63st72mW7v8kjs3Xl8iP/42L1ZYd/wPJy9X0QD7uram5uXMTEQP5iIbxk4tLK/JF+Sz+0f2N8dfui9PsHPf3R/l8eyIiO4jviYh7I2Jfvu33RcT9EbG/TfzfPvPA6+1raIXH/y2QxX+83f6PGEnq++tXkOg79c0Xrdbf2fnvcDU1mo+pP/8NtFhupxu42voDAACAO0Fa7YNO0rG6328XdsamtHx2du5AKd48c7zWVz0S/WnxTddw3fehE/l3w0V+8qb8oYjYXv2l0cZqfmz6bHnrOsUM1Gyua/+1c0Gajo3Vpv3W6kcvwN2jq360+h+dffb5rd8YYE35vyb0Lu0fepf2D71L+4fe1az9X4q4sQ6bAqwxn//Qu7R/6F3aP/Qu7R960tK/xOePW8nOCSv/y395x9HVPDHg9icqwyufPVpPmu9+gX2dFS6eftHxkjsrnES0CaddItL2ZQY639S1T6TLlnlquWrp7+qZGENNamNfnhiMiE6Xc2nNarU4QySeMgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANzR/gkAAP//fHDiVg==") bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) timer_settime(0x0, 0x1, 0x0, 0x0) truncate(&(0x7f0000000080)='./file1\x00', 0x1fd) 3.210162854s ago: executing program 3 (id=449): syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2.940944009s ago: executing program 3 (id=450): r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x100, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xffffffff}}, 0x24) r1 = syz_io_uring_setup(0x106, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.007634154s ago: executing program 0 (id=451): fsopen(0x0, 0x0) mknod$loop(0x0, 0xfff, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) getsockopt$inet_buf(0xffffffffffffffff, 0x88, 0x67, 0x0, &(0x7f0000001000)) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040e05003e20"], 0x8) 1.90101474s ago: executing program 1 (id=452): socket$key(0xf, 0x3, 0x2) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r2, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000000c0)='5', 0x1, 0x20000000, 0x0, 0x0) mmap(&(0x7f00000f8000/0x1000)=nil, 0x1000, 0x2, 0x80010, r1, 0x3000) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r5 = mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x1) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x1c, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r5}, @exit_looper, @dead_binder_done], 0x54, 0x0, &(0x7f0000000100)="d73438587cb3a623fd8ee905e684fde28aea60592a03b7ec818dc884a0444fe71fca81497f44d5c5103915620fa908bb58537bcec2fccf1896aa399773300d53147fe686b8f0784f7bef1841c2a46d758265bf81"}) r6 = epoll_create(0xd751) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r4, &(0x7f0000000500)={0x1}) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x11, @empty, 0x8000, 0x8000, 'none\x00', 0x10, 0x2}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68) 1.653066464s ago: executing program 0 (id=453): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'], 0x18) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) 1.614001127s ago: executing program 3 (id=454): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000006680)={0x0, 0x0, &(0x7f0000006640)={&(0x7f00000065c0)={0x14, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 490.230342ms ago: executing program 3 (id=455): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r1, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r2, r1, 0x0, 0x578410eb) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 437.774735ms ago: executing program 0 (id=456): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x5}}}, 0x24}}, 0x0) 0s ago: executing program 0 (id=457): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x4}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000840)='{', 0x1}], 0x1}, 0x20048843) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0xf, @empty, 0x8005b}}, 0x104, 0x6, 0xf06, 0x0, 0xb4, 0x5d, 0x1}, 0x9c) r2 = dup(r1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.39' (ED25519) to the list of known hosts. [ 60.450220][ T5750] cgroup: Unknown subsys name 'net' [ 60.610134][ T5750] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 62.044939][ T5750] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.496712][ T5764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.506192][ T5768] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.514342][ T5768] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.521930][ T5768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.530825][ T5768] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.539176][ T5768] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.546894][ T5768] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.555055][ T5768] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.562056][ T5773] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.563109][ T5768] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.577442][ T5768] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 63.586064][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.589670][ T5774] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.593691][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.601685][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.607187][ T5775] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.614404][ T5774] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.629325][ T5774] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 63.637144][ T5774] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.638067][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 63.652812][ T5082] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.659832][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.673713][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 63.682731][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.028346][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 64.072548][ T5762] chnl_net:caif_netlink_parms(): no params data found [ 64.173041][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 64.203802][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 64.249293][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.257058][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.264508][ T5766] bridge_slave_0: entered allmulticast mode [ 64.271268][ T5766] bridge_slave_0: entered promiscuous mode [ 64.311414][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.318628][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.325881][ T5766] bridge_slave_1: entered allmulticast mode [ 64.332534][ T5766] bridge_slave_1: entered promiscuous mode [ 64.349508][ T5762] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.356689][ T5762] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.364122][ T5762] bridge_slave_0: entered allmulticast mode [ 64.370735][ T5762] bridge_slave_0: entered promiscuous mode [ 64.380213][ T5762] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.387391][ T5762] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.394703][ T5762] bridge_slave_1: entered allmulticast mode [ 64.401644][ T5762] bridge_slave_1: entered promiscuous mode [ 64.456232][ T5762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.493494][ T5762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.519667][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.531608][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.541908][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.549743][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.557021][ T5767] bridge_slave_0: entered allmulticast mode [ 64.563650][ T5767] bridge_slave_0: entered promiscuous mode [ 64.584108][ T5762] team0: Port device team_slave_0 added [ 64.607544][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.614844][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.621977][ T5767] bridge_slave_1: entered allmulticast mode [ 64.628873][ T5767] bridge_slave_1: entered promiscuous mode [ 64.643440][ T5762] team0: Port device team_slave_1 added [ 64.657997][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.665269][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.672368][ T5765] bridge_slave_0: entered allmulticast mode [ 64.679672][ T5765] bridge_slave_0: entered promiscuous mode [ 64.699830][ T5766] team0: Port device team_slave_0 added [ 64.725352][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.734813][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.741922][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.749783][ T5765] bridge_slave_1: entered allmulticast mode [ 64.756567][ T5765] bridge_slave_1: entered promiscuous mode [ 64.765735][ T5766] team0: Port device team_slave_1 added [ 64.772329][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.779347][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.805867][ T5762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.819279][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.854193][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.861159][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.890053][ T5762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.910856][ T5767] team0: Port device team_slave_0 added [ 64.945466][ T5767] team0: Port device team_slave_1 added [ 64.953254][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.963775][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.971166][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.997488][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.010254][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.017505][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.043714][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.067120][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.119051][ T5762] hsr_slave_0: entered promiscuous mode [ 65.125757][ T5762] hsr_slave_1: entered promiscuous mode [ 65.148321][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.155382][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.181439][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.193694][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.201455][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.230019][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.249650][ T5765] team0: Port device team_slave_0 added [ 65.299165][ T5765] team0: Port device team_slave_1 added [ 65.334669][ T5766] hsr_slave_0: entered promiscuous mode [ 65.340948][ T5766] hsr_slave_1: entered promiscuous mode [ 65.348281][ T5766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.356898][ T5766] Cannot create hsr debugfs directory [ 65.404067][ T5767] hsr_slave_0: entered promiscuous mode [ 65.410291][ T5767] hsr_slave_1: entered promiscuous mode [ 65.419306][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.426926][ T5767] Cannot create hsr debugfs directory [ 65.444166][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.451124][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.477366][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.490697][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.499584][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.527981][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.674689][ T5082] Bluetooth: hci1: command tx timeout [ 65.674703][ T51] Bluetooth: hci0: command tx timeout [ 65.692854][ T5765] hsr_slave_0: entered promiscuous mode [ 65.699791][ T5765] hsr_slave_1: entered promiscuous mode [ 65.706458][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.714196][ T5765] Cannot create hsr debugfs directory [ 65.754686][ T5082] Bluetooth: hci3: command tx timeout [ 65.754713][ T51] Bluetooth: hci2: command tx timeout [ 65.877945][ T5762] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.920407][ T5762] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.931990][ T5762] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.950856][ T5762] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.032822][ T5766] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 66.045768][ T5766] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 66.058769][ T5766] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 66.068368][ T5766] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 66.131637][ T5767] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 66.141418][ T5767] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 66.152060][ T5767] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 66.163492][ T5767] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 66.232626][ T5765] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 66.268034][ T5765] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 66.278158][ T5765] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 66.293293][ T5765] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 66.360970][ T5762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.409011][ T5762] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.445994][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.453269][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.469702][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.496182][ T2917] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.503294][ T2917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.522291][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.550413][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.572213][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.579338][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.599758][ T2917] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.606888][ T2917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.632776][ T5762] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.645419][ T5762] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.680901][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.690955][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.722080][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.729251][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.774909][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.782049][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.812355][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.880824][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.888008][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.901457][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.908562][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.992071][ T5765] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 67.010136][ T5765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 67.090240][ T5762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.207002][ T5762] veth0_vlan: entered promiscuous mode [ 67.229528][ T5762] veth1_vlan: entered promiscuous mode [ 67.310264][ T5762] veth0_macvtap: entered promiscuous mode [ 67.337823][ T5762] veth1_macvtap: entered promiscuous mode [ 67.377671][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.409439][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.426551][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.439801][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.452792][ T5762] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.465161][ T5762] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.474622][ T5762] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.483322][ T5762] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.523167][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.601728][ T5767] veth0_vlan: entered promiscuous mode [ 67.630693][ T5766] veth0_vlan: entered promiscuous mode [ 67.647974][ T5767] veth1_vlan: entered promiscuous mode [ 67.662558][ T5766] veth1_vlan: entered promiscuous mode [ 67.732717][ T1073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.757232][ T5082] Bluetooth: hci0: command tx timeout [ 67.757840][ T51] Bluetooth: hci1: command tx timeout [ 67.765493][ T1073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.785039][ T5765] veth0_vlan: entered promiscuous mode [ 67.820269][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.821929][ T5765] veth1_vlan: entered promiscuous mode [ 67.834296][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.841622][ T51] Bluetooth: hci3: command tx timeout [ 67.847213][ T5082] Bluetooth: hci2: command tx timeout [ 67.853688][ T5766] veth0_macvtap: entered promiscuous mode [ 67.866641][ T5767] veth0_macvtap: entered promiscuous mode [ 67.875632][ T5766] veth1_macvtap: entered promiscuous mode [ 67.892165][ T5767] veth1_macvtap: entered promiscuous mode [ 67.989363][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.014021][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.041744][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.064431][ T5765] veth0_macvtap: entered promiscuous mode [ 68.071641][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.085047][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.095623][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.108017][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.119596][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.133517][ T5765] veth1_macvtap: entered promiscuous mode [ 68.149011][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.161126][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.176603][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.194381][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.206489][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.216921][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.227746][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.245619][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.262372][ T5766] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.274613][ T5766] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.283355][ T5766] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.303501][ T5766] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.337878][ T5767] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.347785][ T5767] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.361272][ T5767] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.370417][ T5767] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.402182][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.424153][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.439578][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.450780][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.461211][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.472280][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.485888][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.515855][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.528512][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.539319][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.550660][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.561530][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.573172][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.585973][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.619117][ T5765] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.632413][ T5765] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.645514][ T5765] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.654877][ T5765] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.708786][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.746974][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.763058][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.779987][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.806831][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.821790][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.848479][ T1073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.869669][ T1073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.959148][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.977052][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.990887][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.997463][ T5853] syz.2.3[5853]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 69.000756][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.384231][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.835566][ T51] Bluetooth: hci1: command tx timeout [ 69.835922][ T5082] Bluetooth: hci0: command tx timeout [ 69.914446][ T5082] Bluetooth: hci3: command tx timeout [ 69.914742][ T51] Bluetooth: hci2: command tx timeout [ 70.099979][ T5870] loop0: detected capacity change from 0 to 64 [ 70.127640][ T5870] ======================================================= [ 70.127640][ T5870] WARNING: The mand mount option has been deprecated and [ 70.127640][ T5870] and is ignored by this kernel. Remove the mand [ 70.127640][ T5870] option from the mount to silence this warning. [ 70.127640][ T5870] ======================================================= [ 70.228578][ T5870] hfs: unable to locate alternate MDB [ 70.254148][ T5870] hfs: continuing without an alternate MDB [ 70.902720][ T5853] loop2: detected capacity change from 0 to 32768 [ 70.914502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.931974][ T5853] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 70.960081][ T5853] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 71.520236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 71.594548][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 71.603546][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 71.615127][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.717541][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.717810][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 71.734173][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 71.742353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 72.455713][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.462304][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.468831][ T51] Bluetooth: hci0: command tx timeout [ 72.474950][ T51] Bluetooth: hci1: command tx timeout [ 72.480362][ T51] Bluetooth: hci2: command tx timeout [ 72.485879][ T51] Bluetooth: hci3: command tx timeout [ 72.586285][ T5853] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 72.622409][ T5845] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 72.649186][ T5845] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 72.769731][ T5845] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 120ms [ 72.791966][ T5845] gfs2: fsid=syz:syz.0: jid=0: Done [ 72.807258][ T5885] loop3: detected capacity change from 0 to 64 [ 72.817350][ T5853] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 72.885629][ T5853] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 73.433071][ T5894] loop0: detected capacity change from 0 to 2048 [ 73.469299][ T5894] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 74.272641][ T1073] kworker/u4:6: attempt to access beyond end of device [ 74.272641][ T1073] loop3: rw=1, sector=65, nr_sectors = 1 limit=64 [ 74.318666][ T1073] Buffer I/O error on dev loop3, logical block 65, lost async page write [ 74.328237][ T1073] kworker/u4:6: attempt to access beyond end of device [ 74.328237][ T1073] loop3: rw=1, sector=66, nr_sectors = 1 limit=64 [ 74.341813][ T1073] Buffer I/O error on dev loop3, logical block 66, lost async page write [ 74.350620][ T1073] kworker/u4:6: attempt to access beyond end of device [ 74.350620][ T1073] loop3: rw=1, sector=67, nr_sectors = 1 limit=64 [ 74.364855][ T1073] Buffer I/O error on dev loop3, logical block 67, lost async page write [ 74.373352][ T1073] kworker/u4:6: attempt to access beyond end of device [ 74.373352][ T1073] loop3: rw=1, sector=68, nr_sectors = 1 limit=64 [ 74.387584][ T1073] Buffer I/O error on dev loop3, logical block 68, lost async page write [ 74.398040][ T1073] kworker/u4:6: attempt to access beyond end of device [ 74.398040][ T1073] loop3: rw=1, sector=72, nr_sectors = 1 limit=64 [ 74.704866][ T1073] Buffer I/O error on dev loop3, logical block 72, lost async page write [ 74.834463][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 74.884912][ T1073] kworker/u4:6: attempt to access beyond end of device [ 74.884912][ T1073] loop3: rw=1, sector=73, nr_sectors = 1 limit=64 [ 75.007950][ T1073] Buffer I/O error on dev loop3, logical block 73, lost async page write [ 75.027530][ T1073] kworker/u4:6: attempt to access beyond end of device [ 75.027530][ T1073] loop3: rw=1, sector=76, nr_sectors = 1 limit=64 [ 75.050643][ T1073] Buffer I/O error on dev loop3, logical block 76, lost async page write [ 76.276184][ T1073] kworker/u4:6: attempt to access beyond end of device [ 76.276184][ T1073] loop3: rw=1, sector=77, nr_sectors = 1 limit=64 [ 76.310945][ T1073] Buffer I/O error on dev loop3, logical block 77, lost async page write [ 76.330523][ T1073] kworker/u4:6: attempt to access beyond end of device [ 76.330523][ T1073] loop3: rw=1, sector=78, nr_sectors = 4088 limit=64 [ 76.354985][ T1073] kworker/u4:6: attempt to access beyond end of device [ 76.354985][ T1073] loop3: rw=1, sector=4166, nr_sectors = 1 limit=64 [ 76.372633][ T1073] Buffer I/O error on dev loop3, logical block 4166, lost async page write [ 76.374041][ T23] usb 1-1: device descriptor read/64, error -71 [ 76.381802][ T1073] Buffer I/O error on dev loop3, logical block 4167, lost async page write [ 77.386503][ T5915] loop3: detected capacity change from 0 to 64 [ 77.433203][ T5915] hfs: unable to locate alternate MDB [ 77.441527][ T5915] hfs: continuing without an alternate MDB [ 82.385714][ T28] cfg80211: failed to load regulatory.db [ 85.886498][ T5965] loop1: detected capacity change from 0 to 32768 [ 85.900929][ T5965] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 85.923960][ T5965] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 85.955584][ T5965] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 86.074498][ T5985] sctp: [Deprecated]: syz.2.42 (pid 5985) Use of struct sctp_assoc_value in delayed_ack socket option. [ 86.074498][ T5985] Use struct sctp_sack_info instead [ 86.147915][ T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 86.184196][ T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 86.508986][ T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 324ms [ 86.544886][ T9] gfs2: fsid=syz:syz.0: jid=0: Done [ 86.554152][ T5965] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 87.095164][ T5991] mmap: syz.2.44 (5991) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 88.562540][ T5965] gfs2: fsid=syz:syz.0: found 1 quota changes [ 88.910207][ T5767] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 88.910207][ T5767] inode = 11 2339 [ 88.910207][ T5767] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 472 [ 88.960552][ T5767] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 88.984988][ T5767] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5767 [syz-executor] gfs2_quota_sync+0x411/0x5a0 [ 89.009065][ T5767] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 89.024226][ T5767] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 89.049664][ T5767] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 89.077418][ T5767] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 89.096059][ T5767] gfs2: fsid=syz:syz.0: File system withdrawn [ 89.102188][ T5767] CPU: 1 PID: 5767 Comm: syz-executor Not tainted syzkaller #0 [ 89.109748][ T5767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 89.119836][ T5767] Call Trace: [ 89.123143][ T5767] [ 89.126088][ T5767] dump_stack_lvl+0x18c/0x250 [ 89.130783][ T5767] ? kobject_uevent_env+0x363/0x8b0 [ 89.135979][ T5767] ? show_regs_print_info+0x20/0x20 [ 89.141172][ T5767] ? load_image+0x400/0x400 [ 89.145665][ T5767] ? kobject_uevent_env+0x363/0x8b0 [ 89.150850][ T5767] gfs2_withdraw+0xb24/0x13d0 [ 89.155526][ T5767] ? gfs2_lm+0x240/0x240 [ 89.159755][ T5767] ? preempt_schedule+0xc0/0xd0 [ 89.164596][ T5767] ? gfs2_consist_inode_i+0xf5/0x110 [ 89.169879][ T5767] gfs2_inode_refresh+0xb89/0x1000 [ 89.174982][ T5767] ? gfs2_inode_metasync+0xf0/0xf0 [ 89.180078][ T5767] ? gfs2_glock_nq+0xd4f/0x1420 [ 89.184919][ T5767] gfs2_instantiate+0x162/0x220 [ 89.189778][ T5767] gfs2_glock_wait+0x1d4/0x2a0 [ 89.194567][ T5767] do_sync+0x4c6/0xe50 [ 89.198650][ T5767] ? gfs2_quota_sync+0x411/0x5a0 [ 89.203604][ T5767] ? bh_get+0x760/0x760 [ 89.207771][ T5767] ? __lock_acquire+0x7d40/0x7d40 [ 89.212809][ T5767] ? do_raw_spin_lock+0x11f/0x2c0 [ 89.217850][ T5767] ? gfs2_quota_sync+0x411/0x5a0 [ 89.222800][ T5767] ? do_raw_spin_unlock+0x121/0x230 [ 89.228114][ T5767] gfs2_quota_sync+0x411/0x5a0 [ 89.232909][ T5767] gfs2_sync_fs+0x4c/0xb0 [ 89.237255][ T5767] sync_filesystem+0xea/0x220 [ 89.241947][ T5767] generic_shutdown_super+0x6f/0x2b0 [ 89.247258][ T5767] kill_block_super+0x44/0x90 [ 89.251941][ T5767] deactivate_locked_super+0x97/0x100 [ 89.257297][ T5767] cleanup_mnt+0x43b/0x4d0 [ 89.261702][ T5767] task_work_run+0x1d4/0x260 [ 89.266281][ T5767] ? task_work_cancel+0x220/0x220 [ 89.271295][ T5767] ? exit_to_user_mode_loop+0x3b/0x110 [ 89.277088][ T5767] exit_to_user_mode_loop+0xe6/0x110 [ 89.282370][ T5767] exit_to_user_mode_prepare+0xee/0x180 [ 89.287901][ T5767] syscall_exit_to_user_mode+0x1a/0x50 [ 89.293344][ T5767] do_syscall_64+0x61/0xa0 [ 89.297762][ T5767] ? clear_bhb_loop+0x40/0x90 [ 89.302456][ T5767] ? clear_bhb_loop+0x40/0x90 [ 89.307156][ T5767] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 89.313060][ T5767] RIP: 0033:0x7f7c2719d1d7 [ 89.317504][ T5767] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 89.337123][ T5767] RSP: 002b:00007ffe88cfbea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 89.345554][ T5767] RAX: 0000000000000000 RBX: 00007f7c27231c3b RCX: 00007f7c2719d1d7 [ 89.353532][ T5767] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe88cfbf60 [ 89.361514][ T5767] RBP: 00007ffe88cfbf60 R08: 00007ffe88cfcf60 R09: 00000000ffffffff [ 89.369497][ T5767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe88cfcff0 [ 89.377481][ T5767] R13: 00007f7c27231c3b R14: 00000000000147f7 R15: 00007ffe88cfd030 [ 89.385490][ T5767] [ 91.322397][ T6012] ceph: No mds server is up or the cluster is laggy [ 91.361681][ T5752] libceph: connect (1)[c::]:6789 error -101 [ 91.414749][ T5752] libceph: mon0 (1)[c::]:6789 connect error [ 91.686934][ T28] libceph: connect (1)[c::]:6789 error -101 [ 91.693013][ T28] libceph: mon0 (1)[c::]:6789 connect error [ 95.156889][ T6055] loop2: detected capacity change from 0 to 256 [ 95.196485][ T6055] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 95.232439][ T6055] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 95.328506][ T6055] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 105.602133][ T6129] bond1: entered promiscuous mode [ 105.608147][ T6129] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.697732][ T6134] random: crng reseeded on system resumption [ 106.163895][ T6126] loop0: detected capacity change from 0 to 32768 [ 106.840227][ T6126] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 106.925130][ T6126] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 107.036190][ T6126] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 107.616413][ T787] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 107.623432][ T787] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 108.056374][ T787] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 432ms [ 108.073033][ T787] gfs2: fsid=syz:syz.0: jid=0: Done [ 108.093399][ T6126] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 108.444176][ T6126] gfs2: fsid=syz:syz.0: can't create quotad thread: -4 [ 114.174382][ T28] IPVS: starting estimator thread 0... [ 114.264011][ T6195] IPVS: using max 20 ests per chain, 48000 per kthread [ 115.353574][ T6204] loop0: detected capacity change from 0 to 512 [ 115.437793][ T6204] EXT4-fs: Ignoring removed nobh option [ 115.487001][ T6204] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 115.499771][ T6204] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 115.510404][ T6204] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.91: Corrupt directory, running e2fsck is recommended [ 116.345224][ T6204] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 116.353701][ T6204] EXT4-fs error (device loop0): ext4_iget_extra_inode:4732: inode #15: comm syz.0.91: corrupted in-inode xattr: invalid ea_ino [ 116.437394][ T6204] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.91: couldn't read orphan inode 15 (err -117) [ 116.463530][ T6212] loop1: detected capacity change from 0 to 16 [ 116.472879][ T6204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.604635][ T5755] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 116.803679][ T6213] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 116.816205][ T6213] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 116.828283][ T6213] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.91: Corrupt directory, running e2fsck is recommended [ 117.011049][ T6208] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 117.482885][ T6217] Zero length message leads to an empty skb [ 118.212505][ T5762] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.349023][ T6235] loop0: detected capacity change from 0 to 256 [ 120.385755][ T6235] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.401613][ T6235] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.438490][ T6235] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 121.688942][ T6229] loop2: detected capacity change from 0 to 32768 [ 122.152938][ T6229] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 122.202161][ T6229] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 122.335856][ T6229] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 122.378357][ T8] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 122.394308][ T8] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 122.513646][ T8] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 119ms [ 122.535614][ T8] gfs2: fsid=syz:syz.0: jid=0: Done [ 123.577510][ T6229] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 123.639094][ T6229] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 123.654012][ T5862] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 126.398348][ T6274] loop2: detected capacity change from 0 to 256 [ 126.419717][ T6274] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.443904][ T6274] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 126.476940][ T5862] usb 4-1: unable to get BOS descriptor or descriptor too short [ 126.499253][ T6274] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 126.513995][ T5862] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 126.521856][ T5862] usb 4-1: can't read configurations, error -71 [ 129.498326][ T9] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 130.797026][ T9] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 130.813903][ T9] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 130.859367][ T9] usb 3-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 130.911387][ T9] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 130.931966][ T9] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 130.967976][ T9] usb 3-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 131.008857][ T9] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 131.024068][ T9] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 131.058195][ T9] usb 3-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 131.088070][ T9] usb 3-1: string descriptor 0 read error: -22 [ 131.102905][ T9] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 131.134032][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.264476][ T9] adutux 3-1:168.0: interrupt endpoints not found [ 131.971766][ T5752] usb 3-1: USB disconnect, device number 2 [ 132.962545][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.969208][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.284774][ T28] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 133.301451][ T6307] loop0: detected capacity change from 0 to 32768 [ 133.326000][ T6307] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 133.476637][ T6307] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 133.534085][ T28] usb 4-1: Using ep0 maxpacket: 32 [ 133.561904][ T28] usb 4-1: no configurations [ 133.583901][ T28] usb 4-1: can't read configurations, error -22 [ 133.785103][ T28] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 133.897647][ T6307] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 134.070262][ T5752] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 134.093993][ T28] usb 4-1: Using ep0 maxpacket: 32 [ 134.162551][ T5752] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 134.171303][ T28] usb 4-1: no configurations [ 134.192110][ T28] usb 4-1: can't read configurations, error -22 [ 134.220869][ T28] usb usb4-port1: attempt power cycle [ 134.262077][ T5752] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 99ms [ 134.395621][ T6328] loop2: detected capacity change from 0 to 256 [ 134.449072][ T5752] gfs2: fsid=syz:syz.0: jid=0: Done [ 134.454454][ T6307] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 134.466770][ T6307] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 134.478416][ T6328] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 134.500843][ T6328] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 134.600446][ T6328] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 135.544172][ T28] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 135.588385][ T28] usb 4-1: device descriptor read/8, error -71 [ 138.924125][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 139.144160][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 139.165654][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 139.193953][ T9] usb 1-1: config 0 has no interfaces? [ 139.218147][ T9] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 139.237821][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.269375][ T9] usb 1-1: config 0 descriptor?? [ 139.502571][ T6356] loop2: detected capacity change from 0 to 32768 [ 139.536344][ T6356] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 139.554063][ T6356] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 139.590348][ T6356] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 139.613580][ T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 139.622221][ T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 139.671289][ T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 49ms [ 139.688344][ T9] gfs2: fsid=syz:syz.0: jid=0: Done [ 139.703261][ T6356] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 140.054353][ T6356] gfs2: fsid=syz:syz.0: found 1 quota changes [ 140.168443][ T5766] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 140.168443][ T5766] inode = 11 2339 [ 140.168443][ T5766] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 472 [ 140.187413][ T5766] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 140.197872][ T5766] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5766 [syz-executor] gfs2_quota_sync+0x411/0x5a0 [ 140.213072][ T5766] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 140.236228][ T5766] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 140.261981][ T5766] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 140.271005][ T5766] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 140.280685][ T5766] gfs2: fsid=syz:syz.0: File system withdrawn [ 140.287918][ T5766] CPU: 1 PID: 5766 Comm: syz-executor Not tainted syzkaller #0 [ 140.295491][ T5766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 140.305560][ T5766] Call Trace: [ 140.308850][ T5766] [ 140.311787][ T5766] dump_stack_lvl+0x18c/0x250 [ 140.316489][ T5766] ? kobject_uevent_env+0x363/0x8b0 [ 140.321699][ T5766] ? show_regs_print_info+0x20/0x20 [ 140.326917][ T5766] ? load_image+0x400/0x400 [ 140.331437][ T5766] ? kobject_uevent_env+0x363/0x8b0 [ 140.336660][ T5766] gfs2_withdraw+0xb24/0x13d0 [ 140.341382][ T5766] ? gfs2_lm+0x240/0x240 [ 140.345658][ T5766] ? gfs2_consist_inode_i+0xf5/0x110 [ 140.350966][ T5766] gfs2_inode_refresh+0xb89/0x1000 [ 140.356097][ T5766] ? gfs2_inode_metasync+0xf0/0xf0 [ 140.361222][ T5766] ? gfs2_glock_nq+0xd4f/0x1420 [ 140.366097][ T5766] gfs2_instantiate+0x162/0x220 [ 140.370967][ T5766] gfs2_glock_wait+0x1d4/0x2a0 [ 140.375751][ T5766] do_sync+0x4c6/0xe50 [ 140.379832][ T5766] ? gfs2_quota_sync+0x411/0x5a0 [ 140.384780][ T5766] ? bh_get+0x760/0x760 [ 140.388951][ T5766] ? __lock_acquire+0x7d40/0x7d40 [ 140.393984][ T5766] ? do_raw_spin_lock+0x11f/0x2c0 [ 140.399028][ T5766] ? gfs2_quota_sync+0x411/0x5a0 [ 140.403976][ T5766] ? do_raw_spin_unlock+0x121/0x230 [ 140.409195][ T5766] gfs2_quota_sync+0x411/0x5a0 [ 140.413979][ T5766] gfs2_sync_fs+0x4c/0xb0 [ 140.418324][ T5766] sync_filesystem+0xea/0x220 [ 140.423038][ T5766] generic_shutdown_super+0x6f/0x2b0 [ 140.428367][ T5766] kill_block_super+0x44/0x90 [ 140.433064][ T5766] deactivate_locked_super+0x97/0x100 [ 140.438446][ T5766] cleanup_mnt+0x43b/0x4d0 [ 140.442880][ T5766] task_work_run+0x1d4/0x260 [ 140.447486][ T5766] ? task_work_cancel+0x220/0x220 [ 140.452531][ T5766] ? exit_to_user_mode_loop+0x3b/0x110 [ 140.458010][ T5766] exit_to_user_mode_loop+0xe6/0x110 [ 140.463310][ T5766] exit_to_user_mode_prepare+0xee/0x180 [ 140.468871][ T5766] syscall_exit_to_user_mode+0x1a/0x50 [ 140.474341][ T5766] do_syscall_64+0x61/0xa0 [ 140.478771][ T5766] ? clear_bhb_loop+0x40/0x90 [ 140.483456][ T5766] ? clear_bhb_loop+0x40/0x90 [ 140.488143][ T5766] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 140.494045][ T5766] RIP: 0033:0x7fa38f19d1d7 [ 140.498480][ T5766] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 140.518097][ T5766] RSP: 002b:00007ffc6f6a2758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 140.526524][ T5766] RAX: 0000000000000000 RBX: 00007fa38f231c3b RCX: 00007fa38f19d1d7 [ 140.534512][ T5766] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6f6a2810 [ 140.542492][ T5766] RBP: 00007ffc6f6a2810 R08: 00007ffc6f6a3810 R09: 00000000ffffffff [ 140.550485][ T5766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc6f6a38a0 [ 140.558484][ T5766] R13: 00007fa38f231c3b R14: 0000000000021cb6 R15: 00007ffc6f6a38e0 [ 140.566482][ T5766] [ 142.159118][ T23] usb 1-1: USB disconnect, device number 4 [ 144.454036][ T23] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 145.217542][ T6395] netlink: 4 bytes leftover after parsing attributes in process `syz.0.150'. [ 146.360021][ T23] usb 1-1: unable to get BOS descriptor or descriptor too short [ 146.389719][ T23] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 146.412384][ T23] usb 1-1: can't read configurations, error -71 [ 149.659694][ T6434] loop1: detected capacity change from 0 to 2048 [ 149.802888][ T6434] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 155.316062][ T6483] loop3: detected capacity change from 0 to 2048 [ 155.482754][ T6483] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 158.588279][ T6519] loop1: detected capacity change from 0 to 256 [ 158.758346][ T6519] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 158.844779][ T6519] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 158.901916][ T6519] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 162.312658][ T6546] loop2: detected capacity change from 0 to 2048 [ 162.448445][ T6546] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 165.933985][ T5752] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 166.178947][ T5752] usb 3-1: Using ep0 maxpacket: 32 [ 166.221763][ T5752] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 166.252440][ T5752] usb 3-1: config 3 has 0 interfaces, different from the descriptor's value: 1 [ 166.277276][ T5752] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 166.403857][ T5752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.262995][ T28] usb 3-1: USB disconnect, device number 3 [ 171.192123][ T6631] loop0: detected capacity change from 0 to 256 [ 171.241682][ T6631] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 171.298353][ T6631] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 171.336892][ T6631] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 172.491368][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 172.844021][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 172.851393][ T9] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 172.872860][ T9] usb 1-1: config 3 has 0 interfaces, different from the descriptor's value: 1 [ 173.364416][ T9] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 173.724300][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.280729][ T9] usb 1-1: USB disconnect, device number 7 [ 179.524001][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 180.644446][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 180.823347][ T8] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 180.963957][ T8] usb 1-1: config 3 has 0 interfaces, different from the descriptor's value: 1 [ 180.972979][ T8] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 181.023297][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.310562][ T6731] loop2: detected capacity change from 0 to 256 [ 182.334082][ T6731] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 182.368644][ T6731] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 182.417364][ T6731] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 183.613057][ T8] usb 1-1: USB disconnect, device number 8 [ 186.315773][ T5082] Bluetooth: hci3: command 0x0406 tx timeout [ 186.323620][ T5082] Bluetooth: hci0: command 0x0406 tx timeout [ 186.339132][ T5764] Bluetooth: hci2: command 0x0406 tx timeout [ 186.345314][ T5082] Bluetooth: hci1: command 0x0406 tx timeout [ 187.114386][ T23] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 188.014178][ T6782] loop1: detected capacity change from 0 to 256 [ 188.034039][ T6782] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 188.049534][ T6782] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 188.074708][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 188.101546][ T23] usb 4-1: config 3 has 0 interfaces, different from the descriptor's value: 1 [ 188.114530][ T6782] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 188.140272][ T23] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 188.164535][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.106633][ T9] usb 4-1: USB disconnect, device number 8 [ 190.318499][ T6800] loop1: detected capacity change from 0 to 2048 [ 190.819888][ T6800] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 194.406978][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.413462][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.238513][ T6903] sctp: [Deprecated]: syz.1.286 (pid 6903) Use of struct sctp_assoc_value in delayed_ack socket option. [ 200.238513][ T6903] Use struct sctp_sack_info instead [ 204.814434][ T5752] IPVS: starting estimator thread 0... [ 204.903943][ T6936] IPVS: using max 36 ests per chain, 86400 per kthread [ 205.780293][ T6950] loop3: detected capacity change from 0 to 256 [ 205.825564][ T6950] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 205.987005][ T6950] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 206.805716][ T6950] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 209.077065][ T6975] loop3: detected capacity change from 0 to 2048 [ 209.088505][ T5752] IPVS: starting estimator thread 0... [ 209.284756][ T6979] IPVS: using max 20 ests per chain, 48000 per kthread [ 209.374763][ T6975] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 210.325644][ T6990] sctp: [Deprecated]: syz.1.310 (pid 6990) Use of struct sctp_assoc_value in delayed_ack socket option. [ 210.325644][ T6990] Use struct sctp_sack_info instead [ 210.787897][ T6998] loop0: detected capacity change from 0 to 256 [ 210.833573][ T6998] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 210.913682][ T6998] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 210.986829][ T6998] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 215.813982][ T5827] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 216.004311][ T5827] usb 4-1: Using ep0 maxpacket: 32 [ 216.014852][ T5827] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 216.079478][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.200511][ T5827] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 216.601272][ T5827] gspca_nw80x: reg_r err -32 [ 216.622246][ T5827] nw80x: probe of 4-1:3.0 failed with error -32 [ 217.629541][ T5827] usb 4-1: USB disconnect, device number 9 [ 218.015445][ T7055] loop3: detected capacity change from 0 to 512 [ 218.061916][ T7055] EXT4-fs: Ignoring removed nobh option [ 218.124153][ T7055] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 218.174998][ T7055] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 218.214154][ T7055] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.330: Corrupt directory, running e2fsck is recommended [ 218.280389][ T7055] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 218.309238][ T7055] EXT4-fs error (device loop3): ext4_iget_extra_inode:4732: inode #15: comm syz.3.330: corrupted in-inode xattr: invalid ea_ino [ 218.368439][ T7055] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.330: couldn't read orphan inode 15 (err -117) [ 218.395294][ T7055] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.608000][ T7058] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 218.623131][ T7058] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 218.634452][ T7058] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.330: Corrupt directory, running e2fsck is recommended [ 219.065753][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.225770][ T7062] sctp: [Deprecated]: syz.0.329 (pid 7062) Use of struct sctp_assoc_value in delayed_ack socket option. [ 219.225770][ T7062] Use struct sctp_sack_info instead [ 223.639444][ T7095] sctp: [Deprecated]: syz.1.342 (pid 7095) Use of struct sctp_assoc_value in delayed_ack socket option. [ 223.639444][ T7095] Use struct sctp_sack_info instead [ 225.524199][ T5752] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 225.842972][ T5752] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 225.907500][ T5752] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.916350][ T5752] usb 1-1: Product: syz [ 225.920580][ T5752] usb 1-1: Manufacturer: syz [ 225.929674][ T5752] usb 1-1: SerialNumber: syz [ 227.673932][ T5752] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 227.680388][ T5752] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 228.311540][ T5752] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 228.317874][ T5752] cdc_ncm 1-1:1.0: setting tx_max = 184 [ 228.333308][ T5752] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 228.382750][ T5752] usb 1-1: USB disconnect, device number 9 [ 228.511326][ T5752] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 229.060793][ T7142] loop0: detected capacity change from 0 to 512 [ 229.083053][ T7142] EXT4-fs: Ignoring removed nobh option [ 229.158678][ T7142] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 229.171949][ T7142] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 229.189515][ T7142] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.353: Corrupt directory, running e2fsck is recommended [ 229.262448][ T7142] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 229.305438][ T7142] EXT4-fs error (device loop0): ext4_iget_extra_inode:4732: inode #15: comm syz.0.353: corrupted in-inode xattr: invalid ea_ino [ 229.614323][ T7142] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.353: couldn't read orphan inode 15 (err -117) [ 229.885104][ T7142] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 230.130390][ T7152] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 230.143773][ T7152] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 230.155842][ T7152] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.353: Corrupt directory, running e2fsck is recommended [ 230.729672][ T5762] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.802599][ T7180] sctp: [Deprecated]: syz.3.352 (pid 7180) Use of struct sctp_assoc_value in delayed_ack socket option. [ 232.802599][ T7180] Use struct sctp_sack_info instead [ 233.744370][ T23] usb 4-1: new low-speed USB device number 10 using dummy_hcd [ 234.293961][ T23] usb 4-1: unable to get BOS descriptor or descriptor too short [ 234.330528][ T23] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 234.333903][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 234.347439][ T23] usb 4-1: can't read configurations, error -71 [ 234.348743][ T7216] loop1: detected capacity change from 0 to 256 [ 234.385072][ T7216] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 234.404215][ T7216] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 234.454727][ T7216] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 234.622646][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 234.642686][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.672642][ T9] usb 3-1: Product: syz [ 234.680996][ T9] usb 3-1: Manufacturer: syz [ 234.863515][ T9] usb 3-1: SerialNumber: syz [ 235.290986][ T7223] loop1: detected capacity change from 0 to 2048 [ 235.310090][ T7223] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 235.634714][ T7229] netlink: 12 bytes leftover after parsing attributes in process `syz.0.368'. [ 236.632482][ T9] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 236.645494][ T9] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 236.652927][ T9] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 236.855598][ T9] cdc_ncm 3-1:1.0: setting tx_max = 184 [ 236.882101][ T9] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 237.026084][ T9] usb 3-1: USB disconnect, device number 4 [ 237.034654][ T9] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 237.810513][ T7249] sctp: [Deprecated]: syz.1.372 (pid 7249) Use of struct sctp_assoc_value in delayed_ack socket option. [ 237.810513][ T7249] Use struct sctp_sack_info instead [ 238.669576][ T9] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 239.483515][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 239.518011][ T9] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 239.568433][ T9] usb 2-1: can't read configurations, error -71 [ 239.919337][ T7267] netlink: 12 bytes leftover after parsing attributes in process `syz.0.377'. [ 240.724614][ T7271] loop1: detected capacity change from 0 to 2048 [ 241.287483][ T7271] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 242.349487][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 242.556622][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 242.669657][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.819745][ T8] usb 1-1: Product: syz [ 242.879018][ T8] usb 1-1: Manufacturer: syz [ 242.883661][ T8] usb 1-1: SerialNumber: syz [ 243.462029][ T7301] netlink: 12 bytes leftover after parsing attributes in process `syz.3.387'. [ 244.355871][ T8] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 244.363915][ T7306] sctp: [Deprecated]: syz.3.388 (pid 7306) Use of struct sctp_assoc_value in delayed_ack socket option. [ 244.363915][ T7306] Use struct sctp_sack_info instead [ 244.411279][ T8] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 244.555252][ T8] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 244.663919][ T8] cdc_ncm 1-1:1.0: setting tx_max = 184 [ 244.693685][ T8] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 244.781071][ T8] usb 1-1: USB disconnect, device number 10 [ 244.808088][ T8] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 251.927262][ T7362] loop1: detected capacity change from 0 to 2048 [ 251.999259][ T7362] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 252.869909][ T27] audit: type=1800 audit(1770846084.950:2): pid=7366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.403" name="file1" dev="loop1" ino=1346 res=0 errno=0 [ 256.451618][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.464259][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 265.465677][ T7429] loop2: detected capacity change from 0 to 32768 [ 265.648184][ T7429] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 265.875092][ T7429] XFS (loop2): Ending clean mount [ 266.590399][ T5766] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 267.593053][ T7472] loop1: detected capacity change from 0 to 2048 [ 267.629814][ T7472] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 268.710299][ T27] audit: type=1800 audit(1770846100.850:3): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.432" name="file1" dev="loop1" ino=1346 res=0 errno=0 [ 269.663543][ T7491] x_tables: duplicate underflow at hook 1 [ 270.960354][ T5827] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 271.964104][ T5827] usb 1-1: unable to get BOS descriptor or descriptor too short [ 272.803892][ T5827] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 272.811461][ T5827] usb 1-1: can't read configurations, error -71 [ 273.255357][ T23] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 274.084140][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 274.099501][ T23] usb 4-1: config 0 has an invalid interface number: 48 but max is 0 [ 274.130481][ T23] usb 4-1: config 0 has no interface number 0 [ 274.164328][ T23] usb 4-1: config 0 interface 48 has no altsetting 0 [ 274.214511][ T23] usb 4-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98 [ 274.243828][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.252156][ T23] usb 4-1: Product: syz [ 274.268123][ T23] usb 4-1: Manufacturer: syz [ 274.273067][ T23] usb 4-1: SerialNumber: syz [ 274.348493][ T23] usb 4-1: config 0 descriptor?? [ 275.443989][ T5827] usb 4-1: USB disconnect, device number 12 [ 276.340956][ T7528] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 276.532439][ T7536] loop1: detected capacity change from 0 to 2048 [ 276.723143][ T7536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 277.356308][ T7536] EXT4-fs: Ignoring removed orlov option [ 277.475518][ T7536] EXT4-fs: Ignoring removed bh option [ 277.481036][ T7536] EXT4-fs: can't change dax mount option while remounting [ 277.935177][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.998961][ T5771] Bluetooth: hci0: unexpected cc 0x203e length: 2 > 1 [ 278.006319][ T5771] Bluetooth: hci0: unexpected event for opcode 0x203e [ 279.500385][ T7568] loop2: detected capacity change from 0 to 512 [ 279.525493][ T7568] EXT4-fs: Ignoring removed nobh option [ 279.547108][ T7570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.456'. [ 279.611567][ T7568] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 279.721030][ T7568] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 279.783964][ T7568] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.448: Corrupt directory, running e2fsck is recommended [ 279.848698][ T7568] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 280.037418][ T7568] EXT4-fs error (device loop2): ext4_iget_extra_inode:4732: inode #15: comm syz.2.448: corrupted in-inode xattr: invalid ea_ino [ 280.304301][ T7568] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.448: couldn't read orphan inode 15 (err -117) [ 280.369243][ T7568] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 280.483877][ T7580] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 280.495618][ T7580] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 280.506022][ T7580] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.448: Corrupt directory, running e2fsck is recommended [ 385.783718][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 385.790788][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P59/1:b..l [ 385.798915][ C0] rcu: (detected by 0, t=10502 jiffies, g=21541, q=234 ncpus=2) [ 385.806639][ C0] task:kworker/u4:4 state:R running task stack:22376 pid:59 ppid:2 flags:0x00004000 [ 385.818246][ C0] Workqueue: bat_events batadv_nc_worker [ 385.823925][ C0] Call Trace: [ 385.827215][ C0] [ 385.830162][ C0] __schedule+0x1553/0x45a0 [ 385.834695][ C0] ? mark_lock+0x94/0x320 [ 385.839044][ C0] ? mark_lock+0x41/0x320 [ 385.843389][ C0] ? asan.module_dtor+0x20/0x20 [ 385.848252][ C0] ? mark_lock+0x94/0x320 [ 385.852601][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 385.858606][ C0] ? preempt_schedule_irq+0xb4/0x150 [ 385.863913][ C0] preempt_schedule_irq+0xbf/0x150 [ 385.869042][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 385.874797][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 385.880622][ C0] irqentry_exit+0x67/0x70 [ 385.885053][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 385.890523][ C0] RIP: 0010:lock_acquire+0x208/0x420 [ 385.896256][ C0] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3c 04 f8 0f 85 f0 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 43 c7 44 3c 08 00 00 00 00 65 48 8b 04 25 [ 385.915888][ C0] RSP: 0000:ffffc900015a7a40 EFLAGS: 00000206 [ 385.921972][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1deb69bb622e2000 [ 385.929959][ C0] RDX: 0000000000000000 RSI: ffffffff8acada80 RDI: ffffffff8b1c81e0 [ 385.937959][ C0] RBP: ffffc900015a7b48 R08: dffffc0000000000 R09: 1ffffffff2237ea0 [ 385.945943][ C0] R10: dffffc0000000000 R11: fffffbfff2237ea1 R12: 1ffff920002b4f54 [ 385.953925][ C0] R13: ffffffff8d131fa0 R14: 0000000000000246 R15: dffffc0000000000 [ 385.961933][ C0] ? batadv_nc_worker+0xd2/0x610 [ 385.966917][ C0] ? read_lock_is_recursive+0x20/0x20 [ 385.972301][ C0] ? batadv_nc_worker+0xd2/0x610 [ 385.977260][ C0] ? batadv_nc_worker+0xd2/0x610 [ 385.982214][ C0] ? batadv_nc_worker+0xd2/0x610 [ 385.987172][ C0] batadv_nc_worker+0xef/0x610 [ 385.991957][ C0] ? batadv_nc_worker+0xd2/0x610 [ 385.996915][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 386.002655][ C0] process_scheduled_works+0xa5d/0x15d0 [ 386.008238][ C0] ? assign_work+0x430/0x430 [ 386.012848][ C0] ? assign_work+0x3d0/0x430 [ 386.017457][ C0] worker_thread+0xa55/0xfc0 [ 386.022105][ C0] kthread+0x2fa/0x390 [ 386.026201][ C0] ? pr_cont_work+0x560/0x560 [ 386.030911][ C0] ? kthread_blkcg+0xd0/0xd0 [ 386.035521][ C0] ret_from_fork+0x48/0x80 [ 386.039953][ C0] ? kthread_blkcg+0xd0/0xd0 [ 386.044564][ C0] ret_from_fork_asm+0x11/0x20 [ 386.049359][ C0] [ 386.052402][ C0] rcu: rcu_preempt kthread starved for 10528 jiffies! g21541 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 386.063605][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 386.073575][ C0] rcu: RCU grace-period kthread stack dump: [ 386.079469][ C0] task:rcu_preempt state:R running task stack:27880 pid:17 ppid:2 flags:0x00004000 [ 386.090792][ C0] Call Trace: [ 386.094081][ C0] [ 386.097031][ C0] __schedule+0x1553/0x45a0 [ 386.101576][ C0] ? asan.module_dtor+0x20/0x20 [ 386.106446][ C0] ? enqueue_timer+0x23d/0x550 [ 386.111225][ C0] ? __mod_timer+0x984/0xdb0 [ 386.115840][ C0] schedule+0xbd/0x170 [ 386.119927][ C0] schedule_timeout+0x188/0x2d0 [ 386.124795][ C0] ? console_conditional_schedule+0x40/0x40 [ 386.130700][ C0] ? preempt_schedule+0xc0/0xd0 [ 386.135573][ C0] ? update_process_times+0x1b0/0x1b0 [ 386.140960][ C0] ? prepare_to_swait_event+0x339/0x360 [ 386.146522][ C0] rcu_gp_fqs_loop+0x313/0x1590 [ 386.151385][ C0] ? rcu_gp_init+0x1162/0x1560 [ 386.156172][ C0] ? rcu_gp_kthread+0x3b0/0x3b0 [ 386.161037][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 386.167040][ C0] ? rcu_gp_init+0x1560/0x1560 [ 386.171812][ C0] ? rcu_gp_cleanup+0xb41/0xc90 [ 386.176677][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 386.181894][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 386.187104][ C0] rcu_gp_kthread+0x9d/0x3b0 [ 386.191710][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 386.196843][ C0] ? __kthread_parkme+0x7a/0x1c0 [ 386.201801][ C0] ? __kthread_parkme+0x162/0x1c0 [ 386.206838][ C0] kthread+0x2fa/0x390 [ 386.210916][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 386.216039][ C0] ? kthread_blkcg+0xd0/0xd0 [ 386.220637][ C0] ret_from_fork+0x48/0x80 [ 386.225062][ C0] ? kthread_blkcg+0xd0/0xd0 [ 386.229658][ C0] ret_from_fork_asm+0x11/0x20 [ 386.234460][ C0] [ 386.237484][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 386.243805][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 386.250831][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 386.260893][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x10 [ 386.266538][ C0] Code: d7 22 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 83 e1 43 00 fb f4 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80 [ 386.286154][ C0] RSP: 0018:ffffffff8ce07d80 EFLAGS: 000002c2 [ 386.292239][ C0] RAX: cc2235006ea12d00 RBX: ffffffff8162a490 RCX: cc2235006ea12d00 [ 386.300218][ C0] RDX: 0000000000000001 RSI: ffffffff8acac900 RDI: ffffffff8b1c81e0 [ 386.308200][ C0] RBP: ffffffff8ce07eb8 R08: ffff8880b8e36b2b R09: 1ffff110171c6d65 [ 386.316185][ C0] R10: dffffc0000000000 R11: ffffed10171c6d66 R12: 1ffffffff19d2688 [ 386.324165][ C0] R13: 1ffffffff19c0fbc R14: 0000000000000000 R15: dffffc0000000000 [ 386.332144][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 386.341080][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 386.347668][ C0] CR2: 0000200000131030 CR3: 00000000259d8000 CR4: 00000000003506f0 [ 386.355654][ C0] Call Trace: [ 386.358936][ C0] [ 386.361868][ C0] default_idle+0x13/0x20 [ 386.366297][ C0] default_idle_call+0x6c/0xa0 [ 386.371070][ C0] do_idle+0x1f0/0x4e0 [ 386.375155][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 386.380364][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 386.386021][ C0] cpu_startup_entry+0x43/0x60 [ 386.390793][ C0] rest_init+0x2e2/0x300 [ 386.395050][ C0] ? time_init+0x40/0x40 [ 386.399306][ C0] arch_call_rest_init+0xe/0x10 [ 386.404168][ C0] start_kernel+0x459/0x4e0 [ 386.408686][ C0] x86_64_start_reservations+0x2a/0x30 [ 386.414163][ C0] x86_64_start_kernel+0x60/0x60 [ 386.419109][ C0] secondary_startup_64_no_verify+0x179/0x17b [ 386.425200][ C0]