last executing test programs: 2m45.577855445s ago: executing program 0 (id=1117): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) 2m45.258734001s ago: executing program 0 (id=1118): socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r3}) keyctl$KEYCTL_MOVE(0x1e, r3, 0xffffffffffffffff, r4, 0x0) 2m44.263532262s ago: executing program 0 (id=1119): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xab4, &(0x7f0000000340)="$eJzs3U2MW0cBAOCxd73JNilxSkKXNLQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOJRAYhR7xvs8sfNsZ9dex98nzY7nzTzPPO/z8/ubNwGYWtXm3+XlhUoIF9545cg/Hvr7/I0pB9sl6s2/s4VULYRQienZ7P3em2nF195/8US3uBKWmn9TOjx5pT3vphDC2bArXAz1sOPCpZffWnri2Lmj53e//eqBy2uz9AAAMF2+fvHA8va//vm+rVdfu/9Q2NCenvbP6zG9Oe73H4o7/mn/vxo605VCKJrLys3GUJ3vLDfTpVyxnlpWbrZH/XNZ/bUe5TaEW9c/U5jWbblhkqX1uB4q1cWOdLW6uNg6Jg/N4/q5yuKZU6effX5MDQVW3b8fCCHsKoTD5zvT6y0cXAdtGDI01kEbJjIcGl1dVxstY1/mEYXGlnFvgQBa8uuFNzmbn1m4Pe13m+2v/iuPV7vPD6tg1Ov/QPXPjbn+oP7fnLPFYfXcqWtTWq70Pdoc0/l1hPz+pd7fv/xKR+fU/HpErc929rqOMCnXF3q1c2bE7RhWr/bn68Wd6ssxTp/DVzpyH+j4/uT/00n5HwPdfZCf/xcEYX2H0JGu3c57Nca8/QHWr/y+uUa6Phrl9/Xl+RtK8jeW5M+X5N9Vkr+pJB+m2e++/9PwUmXlfFd+TD/o+fB0nu3uGH9owPbk5yMHrT+/73dQt1t/fj8xrGd/OP7UyS888/Sl1v3/lfb6fz2u7+lwox6/WxdjgXS+MD+v3r73v95ZT7VHuXuy9tzdpXzz9bbOcpVtK+8TCtuZm9qx0Dnfll7ldnaWq2fl5mPYmLU33z+5K5sv7X+k7Wr6vGaz5a1lyzGXtSNtV7bGOG8HDCOtj73u/0/r50KoVZ49dfrkYzGd1tM/zdQ23Ji+d8TtBm5fv/1/FkJn/5/N7em1anG7sGVleqW1XXg9vl/n9KV2PYXphR+19Dv3rZn5ZvnFE989/cwqLztMu+d/9MK3j58+ffJ7Xgz94qvroxmDvEiHLeulPV4M+mLXWlcx5g0TsOb2/Li1E/Doqe8cf+7kcyfP7Nu/f9/S0v4v7lve09yv31Pcuy86O4bWAqtp5Ud/3C0BAAAAAAAAAAAA+vWDo0cuvfPm599t9f9f6f+X+v+nO39T//+fZP3/837yqR986ge4tUt+s0z2gNW5rFwthg9n7d2W1bM9m+8jMW6P4xf7/6fq8ue6pvbcm02v9UhmjxO46Xkpc9kzSPLxAj8e4/Mx/nWAMarMd58c41s837ryQWFdT8+nKHThbXg+8ORI/7fm2lB4pFHq/931uU5d+mszWUbRY3Hcywh098+pev73v1YWfOxtEXqH2dHW9/PpXScaPffS+x3BBmB1jHv8z3TeM8Vn/vi1jTdCKnbl8c7tZf78UhjEX97pTK/38SfXuv583L5R1z/u5R/1+J/t8e/63v5lI+bVh6v3P7+4/G6h2rCj3/rz5U/Pgd42WP1XY/1paR4O/dXf+FVWf35BqE//zeq/q8/6b1r+ncPV/79Yf/rYHnmw3/pbLa5UO9sxny1Huv6XnzdOrmXLn57teYv6v/FCt+UfcqDG67F+mGaTMs7soLL9iPZO+/Dj/0ZnV3f833Zjs81afh/G52I6bYjTfQ75eCeDtj/dX5F+B7Zn718p+X0z/u9k+1KMy74PafzftD7W409+Id38LFO61uWzvVO3NTCp3puq63+jCpdbh0HDzb9x/O0XBgiNmSHma48TN+b2NxqNtT2hVWKslTP2z3/cxwnjrn/cn3+ZfPzffB8+H/83z8/H/83z8/F/8/z5+B/qlZ+P/5t/nvn4v3n+vdn75uMDL5Tkf7Qkf0f3/PZh+30l8+8syf9YSf7udv7BjhIp//5bzr9Srtf731OS/2BJ/idK8j9Zkv9QSf4jhfziGNAp/1Ml89/pUn+UaV1+mGZ5/zzff5ge6fpPr+//tpJ8YHL97LW9h5/+7Tfrrf7/c+3zIek63qGYrsXjpx/GdH7dOxTSN/LejOm/Zfnr/XwHTJP8+Rn57/vDJfnA5Er3efl+wxSqbOw+OcZlz63qtZ/PZPl0jD8T48/G+NEYL8Z4T4z3xnhpRO1jbRx+/fcHXqqsHO9vyfL7vZ887w/U8ZyoEMK+PtuTnx8Y9H72/Dl+g7rd+ofsDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA21ebf5eWFSggX3njlyFPHTu25MeVgu0S9+Xe2kKq15wvhsRjPxPiX8cW19188UYyvx7gSlkIlVNrTw5NX2jVtCiGcDbvCxVAPOy5cevmtpSeOnTt6fvfbrx64vHafAAAAANz5/h8AAP//JI4RIA==") r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180)=0x906) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)) writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="976005b75f71900eaf8480928f63631a3a7d321506a6858fc3dc227de4014241b1fe97f45de1f53bbb5fe1", 0x2b}, {&(0x7f00000001c0)}], 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x64000004) r2 = syz_open_dev$media(0x0, 0x0, 0x0) r3 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) r4 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{}, {{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000400)={r5, &(0x7f00000007c0)=[{0x80000000}], 0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20050800) ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000e00)={r6, 0x0, &(0x7f0000000e40)=[{}, {{}, {0x80000000}}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f00000001c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r9 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r9, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1, 0x3}, 0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x18) ioctl$MEDIA_IOC_ENUM_ENTITIES(r2, 0xc1007c01, &(0x7f0000000500)={r8}) 2m43.921658259s ago: executing program 0 (id=1121): r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket(0x2, 0x80805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x200000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'fo\x00', 0x1, 0x80005, 0x6f}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x2, 0xcd}}, 0x44) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 2m43.596127365s ago: executing program 0 (id=1122): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file0\x00', 0x8820, 0x0, 0x1, 0x0, 0x0) setpgid(r0, r0) setpgid(0x0, r0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x10082, 0x0) chdir(&(0x7f0000000240)='./file0\x00') 2m43.265758212s ago: executing program 0 (id=1124): r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2m27.616098997s ago: executing program 32 (id=1124): r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 15.293851365s ago: executing program 2 (id=1458): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000033922d2fd04dd3e77e3e6a94a8dd96e2dbb7f618e59e870000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000ffffffff00"/28], 0x50) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/rcu_expedited', 0x48a82, 0x9) write$P9_RGETLOCK(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="2d000000370100000700000000000000090000000069630097c1289a111e8e46680826462755cf3df4de39ef9fc049f1e90de94ac3041f27307c8260f467874b593204eadd4d5b9187d4009e22e853c4594450a5b5b63f72fe249d4770e2cacf6f004bb6368eb845bd410d8534bace9c9e00"/126, @ANYRES32=0x0, @ANYBLOB="0f006e65746c696e6b5f65787461636b00"], 0x2d) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) close(r1) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = fanotify_init(0x200, 0x40000) fanotify_mark(r3, 0x1, 0x48000003, r2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000e0332faa000000000095000000000000001bdca6340087dd5471a9e2c8203225d6a756496706c611b521552839ca5bec1510972611b7c70b4182fa8f7cef81b3b1dde5a61cc1eebfe05ccffa25bc714031c160a1a7e631f4a625a926ca3d5b7885bcb1bd20a7d6aa726619865cc2ccf624572dde4206f10912aa0e759eeb4791a95fdd01ef522a25ca24936a1597062d248d53ee1481a934e8dd85740118e7e0c24ec9bb27a3f96dd298907fcdaed2d7ae9e3f62e3cb72a915a39aa01617e046f550ac26160d8a41c477528724801bb7179cd878570420361353a9b3cfc12f5b7cb4185b0c06b0853897fe78c322b23a395ccf8e0b0ef86a977fc69f4b6ba82974c5e6986b6eab5d96203e1b043bf823b36a1f532273bc54e45dd9abc862fa51176f"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r5 = creat(&(0x7f0000000180)='./cgroup.cpu/cgroup.procs\x00', 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r6, 0x0) r7 = userfaultfd(0x80001) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1}) write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[], 0x118) ioctl$UFFDIO_ZEROPAGE(r7, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}}) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)}], 0x1) 14.083093032s ago: executing program 2 (id=1459): r0 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x22802, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0xef}, &(0x7f0000000340), &(0x7f0000000280)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a240000000c0a0102000000000000000005000000000000000d370003080004400000000014000000060a0104000000000000008310272fecd54b54af14004d9ac10001000000140000001100010000000000000000000000000a402ee7231c71330438b064b0d12dc58f1940ea6ac4c0f800a37f066dbdce9e17e896353eab6573f74b9a68b6852748f896d00e9c6885294973bbe2ea593d5a62ee9973f51ce526e87bedafe668be2a3201d242c9c945d73e60"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) mkdir(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) creat(0x0, 0xc) r5 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000080)={'rti800\x00', [0x401, 0x10, 0x401, 0xa, 0x14000000, 0xfffffffc, 0x9, 0x2, 0xffd, 0xa, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3ff, 0x9, 0x200, 0xe2df, 0xaa14, 0x1, 0x4, 0x0, 0x7, 0xf58, 0x6]}) fallocate(0xffffffffffffffff, 0x40, 0x390, 0x2) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f0000000140)=ANY=[@ANYBLOB="070000eb0700000003000000db23fe5d"]) r6 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r6, 0xc0485661, &(0x7f0000000000)={0x1, 0x1, @raw_data=[0x200, 0x3, 0x8, 0x3, 0x0, 0x5, 0xfffffffa, 0xfffffffb, 0x6, 0x1000, 0xfffd, 0x8, 0x1, 0x4, 0x80000002, 0x6]}) 12.789834977s ago: executing program 2 (id=1463): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000400b8400800b7"], 0x30}}, 0x0) syz_usb_connect(0x6, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRES16], 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x606840, 0x0) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x2}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r3, r3, r3}, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101) dup(r4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) 11.701306815s ago: executing program 1 (id=1465): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[]) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) syz_emit_ethernet(0x76, &(0x7f0000000080)={@link_local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb3e02", 0x40, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "974367", 0x0, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [@dstopts={0x0, 0x1, '\x00', [@padn={0x1, 0x33, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}]}}}}}}}, 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r2 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r2, r2, 0x0, 0x7f03) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113) r4 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0) pwritev2(r4, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x0) 11.518745139s ago: executing program 4 (id=1468): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000), 0x0) 11.441895936s ago: executing program 4 (id=1469): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11.408668618s ago: executing program 4 (id=1470): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c) rt_sigqueueinfo(r0, 0x22, &(0x7f0000000300)={0x15, 0x8, 0x5}) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x9, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040d0479001904"], 0x7) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x14000801) lsetxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0/bus\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) socket$inet6(0xa, 0x80002, 0x0) 10.382869891s ago: executing program 4 (id=1471): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x1c8, 0x12) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x8002) ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0x403c5404, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7) ioctl$FS_IOC_RESVSP(r6, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762}) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 10.049686638s ago: executing program 2 (id=1473): r0 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x22802, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0xef}, &(0x7f0000000340), &(0x7f0000000280)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a240000000c0a0102000000000000000005000000000000000d370003080004400000000014000000060a0104000000000000008310272fecd54b54af14004d9ac10001000000140000001100010000000000000000000000000a402ee7231c71330438b064b0d12dc58f1940ea6ac4c0f800a37f066dbdce9e17e896353eab6573f74b9a68b6852748f896d00e9c6885294973bbe2ea593d5a62ee9973f51ce526e87bedafe668be2a3201d242c9c945d73e60"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) mkdir(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) creat(0x0, 0xc) r5 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000080)={'rti800\x00', [0x401, 0x10, 0x401, 0xa, 0x14000000, 0xfffffffc, 0x9, 0x2, 0xffd, 0xa, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3ff, 0x9, 0x200, 0xe2df, 0xaa14, 0x1, 0x4, 0x0, 0x7, 0xf58, 0x6]}) fallocate(0xffffffffffffffff, 0x40, 0x390, 0x2) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f0000000140)=ANY=[@ANYBLOB="070000eb0700000003000000db23fe5d"]) r6 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r6, 0xc0485661, &(0x7f0000000000)={0x1, 0x1, @raw_data=[0x200, 0x3, 0x8, 0x3, 0x0, 0x5, 0xfffffffa, 0xfffffffb, 0x6, 0x1000, 0xfffd, 0x8, 0x1, 0x4, 0x80000002, 0x6]}) 8.740369204s ago: executing program 2 (id=1475): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x9013, 0x100, 0x4, 0x165}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x3, 0x8, 0x0, {0x0, 0x0, r1}}) io_setup(0x1, &(0x7f0000000000)=0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x101000, 0x40) r10 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000300)=0x1e) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002071a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010071ec7c45f2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050505f8e6fb0fd7ddcb12b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c20500000000000000cceaede3faedc51d29a47fc8136bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b001000000a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72323cc924e627f2f4b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fda4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b0600000000000000564a2b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1a5e1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9cdf99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f9166965a53beb05142e1b1550a8cb7852f6750b6ec962802c0320f8059195729d60c534ee8e8ff0010067fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b9617432e251d14b283f7d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b0000000032a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6fd9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205111b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e800fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a086535bd07820e690d2755768612bb7330a8b285f2584892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd0700000000000011b64b378ee96af15cbbc65d72ae980b6df22b5ca3ea377f36beb44b45c6f84b3f4d2c62ca91b4df16fc8cc5d18b35213e5f67ec200e768ab28feaff2195724b2965ebca822af6c0a4e598d34f9b5f1eb43de209cd5541fe72d89d5f9819c1529c242b72ccdb9541e54fcccf12457df695126458ebffaaebe98748dea4f0a0b0a1683ff327ca05070000000000000088a571761be31e4fdd530604d32149c22f81adc983adc81b335d0579f47763a97af46500c91d5b2640242661beca1b4e695f7aac5ae46a72ac99ec395bdf16e3fc75e7acbb2d10060bef6a793082f8cfd4721588787c8a8c6257a8a11d49f7f7ed9de6efb7dd8058fb0c8125ee9c1691afa39b5a70d489efcd3e95a483c59f8fa7443e795eac454a68ab647e0d5381df6528858895d57274e97046659ac9488c85e5728987fa9d43660eb28b7befbb981f8fde8754d792146e49ee14bff102540e247a8780c80e3ff0688e8cb5c500446756d0b76244766deecc69c4c3435c125f0f06c772a051b690113e59485586e0ff"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r11, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x20}, 0x48) io_submit(r8, 0x1, &(0x7f0000000a40)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xfff, r9, &(0x7f0000000300)="e83924", 0x3}]) io_uring_enter(r5, 0x3517, 0x173d, 0x42, 0x0, 0x0) 7.385733434s ago: executing program 1 (id=1477): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) syz_clone3(&(0x7f00000004c0)={0x8200000, &(0x7f0000000300), &(0x7f0000000340)=0x0, &(0x7f0000000480), {0x3f}, &(0x7f00000003c0), 0x0, &(0x7f0000000400)=""/58, &(0x7f0000000540)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x8}, 0x58) prlimit64(r0, 0x6, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) getsockopt$inet_opts(r2, 0x0, 0xd, 0xfffffffffffffffe, &(0x7f0000000580)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) read$FUSE(0xffffffffffffffff, &(0x7f0000002940)={0x2020}, 0x2020) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a0101000000000000000002000000091f010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}, 0x1, 0x0, 0x0, 0x8004}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x20c3, 0x1ef) execve(&(0x7f0000000000)='./file1\x00', &(0x7f0000000180)={[], 0xffffffffffffff7b}, 0x0) ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0) ioctl$sock_bt_hci(r3, 0x400448c9, 0x0) 5.834379479s ago: executing program 3 (id=1478): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x34, 0x66, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x7c56c988f0195595, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0x9, "74f79c00ca11e6"}]}}}}}}}, 0x0) 5.168339323s ago: executing program 4 (id=1481): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1) r0 = inotify_init1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ptrace$ARCH_SHSTK_STATUS(0x1e, r1, 0x0, 0x5005) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2fc, 0x8442) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r5, &(0x7f0000000580)='1\x00', 0x2) write$sysctl(r5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) inotify_add_watch(r0, &(0x7f00000003c0)='./file0\x00', 0x5000a58) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x42, 0x1}, 0x48) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00') 4.926350532s ago: executing program 3 (id=1482): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c) rt_sigqueueinfo(r0, 0x22, &(0x7f0000000300)={0x15, 0x8, 0x5}) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x9, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040d0479001904"], 0x7) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x14000801) lsetxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0/bus\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) socket$inet6(0xa, 0x80002, 0x0) 4.597839279s ago: executing program 5 (id=1483): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0) sendfile(r0, r0, 0x0, 0x200000) 4.443677081s ago: executing program 2 (id=1484): sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x18) 4.148399415s ago: executing program 5 (id=1485): r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x2000) r1 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x22802, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0xef}, &(0x7f0000000340), &(0x7f0000000280)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a240000000c0a0102000000000000000005000000000000000d370003080004400000000014000000060a0104000000000000008310272fecd54b54af14004d9ac10001000000140000001100010000000000000000000000000a402ee7231c71330438b064b0d12dc58f1940ea6ac4c0f800a37f066dbdce9e17e896353eab6573f74b9a68b6852748f896d00e9c6885294973bbe2ea593d5a62ee9973f51ce526e87bedafe668be2a3201d242c9c945d73e60"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) mkdir(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) creat(0x0, 0xc) r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'rti800\x00', [0x401, 0x10, 0x401, 0xa, 0x14000000, 0xfffffffc, 0x9, 0x2, 0xffd, 0xa, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3ff, 0x9, 0x200, 0xe2df, 0xaa14, 0x1, 0x4, 0x0, 0x7, 0xf58, 0x6]}) fallocate(0xffffffffffffffff, 0x40, 0x390, 0x2) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000140)=ANY=[@ANYBLOB="070000eb0700000003000000db23fe5d"]) r7 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r7, 0xc0485661, &(0x7f0000000000)={0x1, 0x1, @raw_data=[0x200, 0x3, 0x8, 0x3, 0x0, 0x5, 0xfffffffa, 0xfffffffb, 0x6, 0x1000, 0xfffd, 0x8, 0x1, 0x4, 0x80000002, 0x6]}) 4.147979895s ago: executing program 4 (id=1486): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r1, 0x0, 0x0) sendmsg$NLBL_MGMT_C_LISTALL(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x34000005}, 0xe1a3f75379e08c20) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4008050) socket$inet6(0xa, 0x800000000000002, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000340), 0x20082, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEV(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4, 0x700000000000000, 0x0, 0x4}, 0x8850) 3.065847463s ago: executing program 3 (id=1487): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r1, 0x4068aea3, &(0x7f0000000140)={0xc5, 0x0, r1}) 3.002905798s ago: executing program 5 (id=1488): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)={@empty, @multicast1}, 0x7) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x880) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) recvmmsg(r4, 0x0, 0x0, 0x40010121, 0x0) r5 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x0, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r5, 0xc0445624, &(0x7f0000000340)={0x140980001, 0x0, "ff5dff0f251ed700f60065c214525ae572ce1c205a923fc24b6b06fa080033ae", 0xfffffffffffffffa, 0x10, 0x8000000001, 0xfffffffffffffffc, 0x31, 0x4, 0x7, 0x2000000, [0x6, 0x6, 0x2a3, 0x1000]}) 2.826431462s ago: executing program 3 (id=1489): syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) fsopen(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r3, 0x0, 0xb8) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r4, r3, 0x0) 1.634114199s ago: executing program 3 (id=1490): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="2e000400", 0x4) 1.573354404s ago: executing program 5 (id=1491): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000005001900010000000800160000000100080017"], 0x44}}, 0x0) 1.513756208s ago: executing program 1 (id=1492): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000002000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETOWNER(r2, 0x400454cc, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r1, 0x58, &(0x7f0000000100)}, 0x87) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4}, 0x18) userfaultfd(0x400) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)='jo', 0x2}], 0x2}, 0x0) r6 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000080)) r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x3, 0x0}) io_uring_enter(r8, 0x47ba, 0x98f1, 0x20, 0x0, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x6, 0x0) 1.480647231s ago: executing program 5 (id=1493): syz_mount_image$nilfs2(&(0x7f0000000140), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x4, 0xad7, &(0x7f0000001900)="$eJzs3U2MW0cBAOB53vUmm6bEKSld0tAmFNry002zWcJPBEmVCImoqRCXShWXKE1LRAgSRQKqSiQ5caNVFSRO/IhTL1VBSPSCop64VKKRKqSeCgcOREFU4gChiVHsGa89sfvsza5/1t8njcfz5j3PvOfn5/c7E4CpVWm8Li8vFCFcfP3lo/948O/zN4ccao1Ra7zOtqWqIYQipmezz3t3phlff++Fk93iIiw1XlM6PHG1Ne0dIYRzYXe4FGph58XLL7259Pjx88cu7HnrlYNX1mfuAQBgunz90sHlu//653u3X3v1vsNhU2t42j+vxfTWuN9/OO74p/3/SuhMF22h3Vw23mwMlfnO8Wa6jNcoZ7b7eLM9yp/Lyq/2GG9T+ODyZ9qGdZtvmGRpPa6ForLYka5UFhebx+ShcVw/VyyePX3mmedGVFFgzf37/hDC7rZw5EJnej1D2tgMMs2h9ahL0fxfX+f5rQ9ruW60cHh4ZV2rN418nocU6ttGu/0BSPLrhbc4l59ZuD2tT5vtr/yrj1W6Tw9rYNjr/0Dlz424/KD835y3xWHtbNS1Kc1X+h1tjen0753uYcrvX+r9+8uvdHQOza9HVPusZ6/rCJNyfaFXPWeGXI/V6lX/fL3YqL4c47QcvpLlt/9+8u90Ur5joLv/5Of/BaEj7B6DOggdIXSkq7fzWfURb3+A8ZXfN1dP10ej/L6+PH9TSf7mkvz5kvwtJfl3lOTDNPvd938aXixWjvPzY/pBz4en82x3xvhDA9YnPx85aPn5fb+Dut3y8/uJYZz94cSTp77w9FOXm/f/F631/0Zc39PhRi3+ti7FEdL5wvy8euve/1pnOZUe492V1efOLuM33u/oHK/YsfI5oW07c0s9Fjqn29ZrvF2d49Wy8eZj2JzVN98/2ZJNl/Y/0nY1La/ZbH6r2XzMZfVI25XtMc7rAauR1sde9/+n9XMhVItnTp859WhMp/X0TzPVTTeH7xtyvYHb1+/zPwuh8/mfra3h1Ur7dmHbyvCiuV14LX5e5/ClVjmdw/fHdPqf+9bMfGP44snvnnl67WcfptpzP3r+2yfOnDn1PW9W/ear41GNQd6kw5Zxqc8kvKmEsajGsN6MeMMErLu9P27uBDxy+jsnnj317Kmz+w8c2L+0dOCL+5f3Nvbr97bv3bc7N4LaAmtp5U9/1DUBAAAAAAAAAAAA+vWDY0cvv/3G599pPv+/8vxfev4/3fmbnv//Sfb8f/6cfHoOPj0HuL1LfmOcrIHVuWy8agwfzuq7Iyvn7my6j8S41Y9ffP4/FZe365rqc082vNojmTUncEt7KXNZGyR5f4Efj/GFGP86wAgV890Hx7isfeu0rqf2KdrapajPTEsjyhtA+t7S2tBsx2SlJ9eu7Tq1fdnbh1RP1tb6PDw458kCmAD/HGX731uGXea/VmZ8LT+3GIM2oTdUmB1ueT9fh3ViQkK93qsXj357sAFYG6Pu/zOd90zx2T9+bfPNkEa7+ljn9jJvvxQG8Ze3O9Pj3v/kepef99s37PJHPf/D7v+z1f9d39u/rMe82urK/e8vrrzTVmzY2W/5+fyndqB3DFb+tVh+mpuHQn/l13+VlZ9fEOrT/7Lyt/RZ/i3zv2t15b8fy0+L7eEHSspPJ4bPN2tcVDrrMZ/NR7r+l583Tq5n85/a9vyA+f/G893mf5XXGG7E8mGaTUo/s4PK9iNaO+3t9xeEgfr/jc6tbf+/rcpmm7X8PozPNZPvp66L0n0OeX8ng9Y/3V+R/gfS/RTp84uS/zf9/062L8W47PeQ+v9N62Mt/uW3pRvLMqWrXZbtRt3WwKR6V/+/4xY2j0EdhP5DfWYV07X6iRtx/ev1+vqe0Cox0sIZ+fIf9XHCqMsf9fIvk/f/m+/D5/3/5vl5/795ft7/b54/H7+hXvl5/7/58sz7/83z78k+N+8feKEk/6Ml+Tu757cO2+8tmX5XSf7HSvL3tPIPdYyR8u8rmf7+kvy7SvIfKMn/REn+J0vyHyzJf7gtv70P6JT/qZLpN7r0PMq0zj9Ms/z5PL9/mB7p+k+v3/+Oknxgcv3s1X1HnvrtN2vN5//nWudD0nW8wzFdjcdPP4zp/Lp3aEvfzHsjpv+W5Y/7+Q6YJnn7Gfn/+0Ml+cDkSvd5+X3DFCo2dx8c47J2q3rt5zNZPh3jz8T4szF+JMaLMd4b430xXhpS/VgfR177/cEXi5Xj/W1Zfr/3k+fPA3W0ExVC2N9nffLzA4Pez5634zeo2y1/lY+DAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjEyl8bq8vFCEcPH1l48+efz03ptDDrXGqDVeZ9tS1dZ0ITwa45kY/zK+uf7eCyfb4xsxLsJSKELRGh6euNoq6Y4QwrmwO1wKtbDz4uWX3lx6/Pj5Yxf2vPXKwSvrtwQAAABg4/t/AAAA//8EEw8R") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000001c0)=ANY=[], 0x1, 0xadc, &(0x7f0000001900)="$eJzs3V2IXFcBAOBzd3c2u2lrpjW1axrbpNW2/nTTbNb4EzQpCYKhKeJLofgS0rQGYwQrqKXQJE++2VJS8MkffOpLqSJYEAl98qVgA0XoUxX0oSFiwYcaTUayc87MnZOZzMxmd+7O7vfB3TPnnnPnnDt75879O+cEYMOaWPq7uDhXhHDujZcPvf/AP2avzdnfylFf+jtVitVCCEWMT2Xv995kM7zywfPHuoVFWFj6m+Lh8UutZW8JIZwOO8L5UA/bzl146a2Fx46cOXx259uv7ru4OmsPAAAbyzfO71u8869/vvv2y6/dcyBsas1Px+f1NGOmedx/IB74p+P/idAZL0pT2XSWbypOE7Od+Sa75CuXU8vyTfUofzorv9Yj36Zw4/InS/O6rTeMs7Qd10MxMR9C2NyKT0zMzzfPycPSef10MX/qxMmnn62oosCK+/e9IYQdpeng2c74Wpv2r4E6LHNqrIE6jOV0YHRlXW40Vb7OI5oaW6reAwE05fcLr3M6v7Jwc1rvNjVY+Zcenei+PKyAUW//Q5U/XXH5Qfm/PmOPw8pZr1tTWq/0Pbo1xvP7CPnzS6/8oXO5tvxOR+fc/H5EbcB69rqPMC73F3rVc3LE9ViuXvXPt4v16isxTJ/DVztS7+34/uT/03H5HwPdfZhf/zeZTGt7Ch3x2s28V6Pi/Q+wduXPzTXS/dEof64vT9/UJ32mT/psn/TNfdJv6ZMOG9lvf/DT8GLRvt6Vn9MPez08XWe7LYYfGbI++fXIYcvPn/sd1s2Wnz9PDGvZ748+cfyLTz15ofn8f9Ha/q/G7T2dbtTjd+t8zJCuF+bX1VvP/tc7y5noke+OrD63dcm/9HprZ75ia/t9Qmk/c1095jqX29Ir3/bOfPUs32ycZrL65scnm7Pl0vFH2q+mz2sqW99ath7TWT3SfuX2GOb1gOVI22N6/r/dHqD5/H/aPudCrXj6xMnjj8R42k7/NFnbdG3+7hHXG1g5vb7/6fdrLnS2/7m1Nb82Ud4vbGnPL5r7hdfj+3XOX2iVU5pf+lFLv3Pfnpxdyj9/7Hsnn1qF9YaN7NkfP/edoydPHv++F8t+8bW1UY1hXqTTlrVSHy+GfbFjtYuoeMcErLpdLzQPAh4+8d2jzxx/5vipPXv37llY2PulPYu7lo7rd5WP7stOV1BbYCW1f/SrrgkAAAAAAAAAAAAwqB8ePnThnTe/8G6z/X+7/V9q/5+e/E3t/3+Stf/P28mndvCpHeDtXdKX8mQdrE5n+Wpx+mhW39QNQPFCM7wzW+5jMWyN4xfb/6fi8n5dU33uyubXekSz7gSu6y9lOuuDJB8v8L4Yno3hrwJUqJjtPjuGN+jfuviwtK2n/ilKTXgb+gceH+n/lvdflNp/d+3XqUt7bcbLKFosVr2OQHf/3FD9f/+rveKV18XUe5oabXk/27jbRKPnUfqgI9gArIyqx//8e2iWm65/nvrj12euTSnbpUc795d5/6UwjL+80xlf6+NPrnb5+bh9oy6/6vUf9fifrfHv4v4v7fd67/+yEfPqyyv3Pz+/+G6p2LBt0PLz9U/9QG8drvzLsfy0Ng+Gwcpv/DIrP78hNKD/ZuVvHrD869Z/+/LK/18sP31sD90/aPnNGhcTnfWYzdYj3f/LrxsnV7L1T3173qD8bz7Xbf2XOVDj1Vg+bGTjMs7ssLLjiNZBe7/xf4f9/b/Z8X9blc12a/lzGJ+P8bQjTs855OOdDFv/9HxF+h24M3v/os/vm/F/x9uXY9jv+5DG/03bYz3+5JfiS59lite6fLbrdV8D4+q9DXX/b1TTxeZp0PKWn6m+/qYhpsbkMpZrPWdVcf0bjcbqXtDqo9LCqfzzr/ruc9XnKfdVXH4/+fi/+TF8Pv5vnp6P/5un5+P/5umz8T/0fo/0fPzffHvOx//N0+/K3jcfH3iuT/rHu6QXoZ2+rfvyrdP2u/u8//Y+6Z/ok76zlb6/I0dKv+eGy7fz9Xr/O/qk398n/ZN90j/VJ/2BPukPldLLY0Cn9E9nyxdZ+nqX9j+9Pj9g/crb5/n+w8aR7v/0+v5vbadPl7OMtpbAanjltd0Hn/zNt+rN9v/Tresh6T7egRivxXOjH8V4ft87lOLX0t6M8b9l6VVfbwLa8v4z8t//B/ukA+MrPefl+w0bUDHTfXYM+/Vb1es4n/HymRh+Noafi+HDMZyP4a4Y7o7hwojqx+o4+Prv9r1YtM/3t2Tpgz5PnrcH6ugnKoSwZ8D65NcHhn2ePe/Hb1g3W/4ym4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUZmLp7+LiXBHCuTdePvTEkRO7rs3Z38pRX/o7VYrVWsuF8EgMJ2P4i/jiygfPHyuHV2NYhIVQhKI1Pzx+qVXSLSGE02FHOB/qYdu5Cy+9tfDYkTOHz+58+9V9F1fvEwAAAID17/8BAAD//092Bzk=") openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0, 0x30) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1db) writev(r1, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x60000}], 0x1) r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') write$uinput_user_dev(r2, &(0x7f0000000a80)={'syz1\x00', {0x0, 0x0, 0x0, 0x1000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$UI_DEV_DESTROY(r2, 0x5502) 1.36868794s ago: executing program 3 (id=1494): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xab4, &(0x7f0000000340)="$eJzs3U2MW0cBAOCxd73JNilxSkKXNLQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOJRAYhR7xvs8sfNsZ9dex98nzY7nzTzPPO/z8/ubNwGYWtXm3+XlhUoIF9545cg/Hvr7/I0pB9sl6s2/s4VULYRQienZ7P3em2nF195/8US3uBKWmn9TOjx5pT3vphDC2bArXAz1sOPCpZffWnri2Lmj53e//eqBy2uz9AAAMF2+fvHA8va//vm+rVdfu/9Q2NCenvbP6zG9Oe73H4o7/mn/vxo605VCKJrLys3GUJ3vLDfTpVyxnlpWbrZH/XNZ/bUe5TaEW9c/U5jWbblhkqX1uB4q1cWOdLW6uNg6Jg/N4/q5yuKZU6effX5MDQVW3b8fCCHsKoTD5zvT6y0cXAdtGDI01kEbJjIcGl1dVxstY1/mEYXGlnFvgQBa8uuFNzmbn1m4Pe13m+2v/iuPV7vPD6tg1Ov/QPXPjbn+oP7fnLPFYfXcqWtTWq70Pdoc0/l1hPz+pd7fv/xKR+fU/HpErc929rqOMCnXF3q1c2bE7RhWr/bn68Wd6ssxTp/DVzpyH+j4/uT/00n5HwPdfZCf/xcEYX2H0JGu3c57Nca8/QHWr/y+uUa6Phrl9/Xl+RtK8jeW5M+X5N9Vkr+pJB+m2e++/9PwUmXlfFd+TD/o+fB0nu3uGH9owPbk5yMHrT+/73dQt1t/fj8xrGd/OP7UyS888/Sl1v3/lfb6fz2u7+lwox6/WxdjgXS+MD+v3r73v95ZT7VHuXuy9tzdpXzz9bbOcpVtK+8TCtuZm9qx0Dnfll7ldnaWq2fl5mPYmLU33z+5K5sv7X+k7Wr6vGaz5a1lyzGXtSNtV7bGOG8HDCOtj73u/0/r50KoVZ49dfrkYzGd1tM/zdQ23Ji+d8TtBm5fv/1/FkJn/5/N7em1anG7sGVleqW1XXg9vl/n9KV2PYXphR+19Dv3rZn5ZvnFE989/cwqLztMu+d/9MK3j58+ffJ7Xgz94qvroxmDvEiHLeulPV4M+mLXWlcx5g0TsOb2/Li1E/Doqe8cf+7kcyfP7Nu/f9/S0v4v7lve09yv31Pcuy86O4bWAqtp5Ud/3C0BAAAAAAAAAAAA+vWDo0cuvfPm599t9f9f6f+X+v+nO39T//+fZP3/837yqR986ge4tUt+s0z2gNW5rFwthg9n7d2W1bM9m+8jMW6P4xf7/6fq8ue6pvbcm02v9UhmjxO46Xkpc9kzSPLxAj8e4/Mx/nWAMarMd58c41s837ryQWFdT8+nKHThbXg+8ORI/7fm2lB4pFHq/931uU5d+mszWUbRY3Hcywh098+pev73v1YWfOxtEXqH2dHW9/PpXScaPffS+x3BBmB1jHv8z3TeM8Vn/vi1jTdCKnbl8c7tZf78UhjEX97pTK/38SfXuv583L5R1z/u5R/1+J/t8e/63v5lI+bVh6v3P7+4/G6h2rCj3/rz5U/Pgd42WP1XY/1paR4O/dXf+FVWf35BqE//zeq/q8/6b1r+ncPV/79Yf/rYHnmw3/pbLa5UO9sxny1Huv6XnzdOrmXLn57teYv6v/FCt+UfcqDG67F+mGaTMs7soLL9iPZO+/Dj/0ZnV3f833Zjs81afh/G52I6bYjTfQ75eCeDtj/dX5F+B7Zn718p+X0z/u9k+1KMy74PafzftD7W409+Id38LFO61uWzvVO3NTCp3puq63+jCpdbh0HDzb9x/O0XBgiNmSHma48TN+b2NxqNtT2hVWKslTP2z3/cxwnjrn/cn3+ZfPzffB8+H/83z8/H/83z8/F/8/z5+B/qlZ+P/5t/nvn4v3n+vdn75uMDL5Tkf7Qkf0f3/PZh+30l8+8syf9YSf7udv7BjhIp//5bzr9Srtf731OS/2BJ/idK8j9Zkv9QSf4jhfziGNAp/1Ml89/pUn+UaV1+mGZ5/zzff5ge6fpPr+//tpJ8YHL97LW9h5/+7Tfrrf7/c+3zIek63qGYrsXjpx/GdH7dOxTSN/LejOm/Zfnr/XwHTJP8+Rn57/vDJfnA5Er3efl+wxSqbOw+OcZlz63qtZ/PZPl0jD8T48/G+NEYL8Z4T4z3xnhpRO1jbRx+/fcHXqqsHO9vyfL7vZ887w/U8ZyoEMK+PtuTnx8Y9H72/Dl+g7rd+ofsDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA21ebf5eWFSggX3njlyFPHTu25MeVgu0S9+Xe2kKq15wvhsRjPxPiX8cW19188UYyvx7gSlkIlVNrTw5NX2jVtCiGcDbvCxVAPOy5cevmtpSeOnTt6fvfbrx64vHafAAAAANz5/h8AAP//JI4RIA==") r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180)=0x906) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)) writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="976005b75f71900eaf8480928f63631a3a7d321506a6858fc3dc227de4014241b1", 0x21}, {&(0x7f00000001c0)="bbabca6da0479d3fce7d8b577f086e74b1da50f9f5", 0x15}], 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x64000004) r2 = syz_open_dev$media(0x0, 0x0, 0x0) r3 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) r4 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{}, {{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000400)={r5, &(0x7f00000007c0)=[{0x80000000}], 0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20050800) ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000e00)={r6, 0x0, &(0x7f0000000e40)=[{}, {{}, {0x80000000}}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f00000001c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r9 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r9, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1, 0x3}, 0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x18) ioctl$MEDIA_IOC_ENUM_ENTITIES(r2, 0xc1007c01, &(0x7f0000000500)={r8}) 489.901341ms ago: executing program 1 (id=1495): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r0) 489.794031ms ago: executing program 1 (id=1496): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0) sendfile(r0, r0, 0x0, 0x200000) 230.241022ms ago: executing program 1 (id=1497): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c) rt_sigqueueinfo(r0, 0x22, &(0x7f0000000300)={0x15, 0x8, 0x5}) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x9, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040d0479001904"], 0x7) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x14000801) lsetxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0/bus\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) socket$inet6(0xa, 0x80002, 0x0) 0s ago: executing program 5 (id=1498): r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x2000) r1 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x22802, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0xef}, &(0x7f0000000340), &(0x7f0000000280)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a240000000c0a0102000000000000000005000000000000000d370003080004400000000014000000060a0104000000000000008310272fecd54b54af14004d9ac10001000000140000001100010000000000000000000000000a402ee7231c71330438b064b0d12dc58f1940ea6ac4c0f800a37f066dbdce9e17e896353eab6573f74b9a68b6852748f896d00e9c6885294973bbe2ea593d5a62ee9973f51ce526e87bedafe668be2a3201d242c9c945d73e60"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) mkdir(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) creat(0x0, 0xc) r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'rti800\x00', [0x401, 0x10, 0x401, 0xa, 0x14000000, 0xfffffffc, 0x9, 0x2, 0xffd, 0xa, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3ff, 0x9, 0x200, 0xe2df, 0xaa14, 0x1, 0x4, 0x0, 0x7, 0xf58, 0x6]}) fallocate(0xffffffffffffffff, 0x40, 0x390, 0x2) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000140)=ANY=[@ANYBLOB="070000eb0700000003000000db23fe5d"]) r7 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r7, 0xc0485661, &(0x7f0000000000)={0x1, 0x1, @raw_data=[0x200, 0x3, 0x8, 0x3, 0x0, 0x5, 0xfffffffa, 0xfffffffb, 0x6, 0x1000, 0xfffd, 0x8, 0x1, 0x4, 0x80000002, 0x6]}) kernel console output (not intermixed with test programs): g: broken bmap (inode number=16) [ 317.084465][ T6518] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 317.096256][ T26] audit: type=1800 audit(1756588946.343:330): pid=6518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.638" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 317.293448][ T6529] input: syz1 as /devices/virtual/input/input15 [ 317.595673][ T6536] loop3: detected capacity change from 0 to 2048 [ 317.809837][ T6537] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 317.844688][ T6541] netlink: 'syz.0.645': attribute type 1 has an invalid length. [ 318.929617][ T26] audit: type=1326 audit(1756588948.183:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.049407][ T26] audit: type=1326 audit(1756588948.213:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.086411][ T26] audit: type=1326 audit(1756588948.213:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.100403][ T6557] netlink: 'syz.4.660': attribute type 1 has an invalid length. [ 319.140642][ T26] audit: type=1326 audit(1756588948.213:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.164779][ T26] audit: type=1326 audit(1756588948.213:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.217685][ T26] audit: type=1326 audit(1756588948.223:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.265035][ T26] audit: type=1326 audit(1756588948.223:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.288708][ T26] audit: type=1326 audit(1756588948.223:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6535 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 319.313097][ T6558] loop0: detected capacity change from 0 to 1024 [ 320.114721][ T6558] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,,errors=continue. Quota mode: writeback. [ 325.078027][ T6597] loop0: detected capacity change from 0 to 2048 [ 325.261196][ T6607] loop2: detected capacity change from 0 to 1764 [ 325.431635][ T6605] loop3: detected capacity change from 0 to 2048 [ 326.109043][ T6608] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 326.196648][ T6609] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 326.259379][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.270489][ T6597] Remounting filesystem read-only [ 326.275820][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.286511][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.296600][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.306472][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.316155][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.374374][ T26] audit: type=1326 audit(1756588955.623:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6604 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 326.398627][ T26] audit: type=1326 audit(1756588955.643:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6604 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 326.423253][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.433179][ T6597] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 326.525477][ T6615] netlink: 20 bytes leftover after parsing attributes in process `syz.4.663'. [ 326.585721][ T6615] loop4: detected capacity change from 0 to 1024 [ 327.440286][ T26] audit: type=1326 audit(1756588955.643:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6604 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 327.463243][ T6597] input: syz1 as /devices/virtual/input/input16 [ 327.734480][ T6615] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 327.806559][ T6615] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 327.815706][ T6615] EXT4-fs (loop4): orphan cleanup on readonly fs [ 327.860128][ T6615] EXT4-fs error (device loop4): ext4_map_blocks:739: inode #3: block 3: comm syz.4.663: lblock 3 mapped to illegal pblock 3 (length 1) [ 327.879237][ T6615] Quota error (device loop4): write_blk: dquota write failed [ 327.886655][ T6615] Quota error (device loop4): find_free_dqentry: Can't write quota data block 3 [ 327.895886][ T6615] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 327.905904][ T6615] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.663: Failed to acquire dquot type 0 [ 327.917478][ T6615] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 3: comm syz.4.663: lblock 3 mapped to illegal pblock 3 (length 1) [ 327.932410][ T6615] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 327.943168][ T6615] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.663: Failed to acquire dquot type 0 [ 327.960227][ T6615] EXT4-fs error (device loop4): ext4_free_blocks:6218: comm syz.4.663: Freeing blocks not in datazone - block = 0, count = 4096 [ 327.978498][ T26] audit: type=1326 audit(1756588955.643:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6604 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 327.999654][ T6615] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 3: comm syz.4.663: lblock 3 mapped to illegal pblock 3 (length 1) [ 328.029054][ T6615] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 328.040544][ T6615] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.663: Failed to acquire dquot type 0 [ 328.053624][ T6615] EXT4-fs (loop4): 1 orphan inode deleted [ 328.140746][ T6615] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,auto_da_alloc=0x0000000000000006,max_batch_time=0x0000000000000007,acl,journal_dev=0x0000000000000001,auto_da_alloc,jqfmt=vfsold,dax=never,usrjquota=,,errors=continue. Quota mode: writeback. [ 328.281683][ T26] audit: type=1326 audit(1756588955.643:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6604 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 329.519325][ T6627] loop0: detected capacity change from 0 to 256 [ 329.601575][ T6627] MINIX-fs: mounting file system with errors, running fsck is recommended [ 330.673137][ T4453] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 330.737317][ T6640] netlink: 'syz.2.675': attribute type 1 has an invalid length. [ 330.753694][ T6642] loop3: detected capacity change from 0 to 2048 [ 330.949177][ T4453] usb 2-1: Using ep0 maxpacket: 8 [ 331.014779][ T6650] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 331.872836][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 331.872862][ T26] audit: type=1326 audit(1756588961.123:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6641 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 332.005647][ T26] audit: type=1326 audit(1756588961.133:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6641 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 332.070052][ T4453] usb 2-1: unable to read config index 0 descriptor/all [ 332.077524][ T4453] usb 2-1: can't read configurations, error -71 [ 332.141011][ T6656] loop2: detected capacity change from 0 to 2048 [ 332.223826][ T26] audit: type=1326 audit(1756588961.133:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6641 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 332.504739][ T6665] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 332.554027][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.564401][ T6656] Remounting filesystem read-only [ 332.569829][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.579701][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.589718][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.599570][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.609318][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.619495][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.629280][ T6656] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 332.711984][ T6667] input: syz1 as /devices/virtual/input/input17 [ 332.959005][ T26] audit: type=1326 audit(1756588961.133:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6641 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 333.073275][ T6671] loop4: detected capacity change from 0 to 128 [ 333.219344][ T6674] process 'syz.1.682' launched './file0' with NULL argv: empty string added [ 333.302331][ T26] audit: type=1326 audit(1756588961.133:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6641 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 333.387919][ T6676] netlink: 16 bytes leftover after parsing attributes in process `syz.3.684'. [ 333.434387][ T6677] netlink: 32 bytes leftover after parsing attributes in process `syz.0.674'. [ 333.453598][ T6678] binder: 6672:6678 ioctl 4018620d 0 returned -22 [ 334.352159][ T26] audit: type=1326 audit(1756588961.133:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6641 comm="syz.3.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 334.768521][ T26] audit: type=1800 audit(1756588961.893:352): pid=6656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.679" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 336.087811][ T6695] netlink: 'syz.4.689': attribute type 1 has an invalid length. [ 336.166564][ T6696] loop2: detected capacity change from 0 to 2048 [ 336.344471][ T6707] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 336.443046][ T26] audit: type=1326 audit(1756588965.693:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6694 comm="syz.2.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 336.802497][ T26] audit: type=1326 audit(1756588965.733:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6694 comm="syz.2.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 336.857784][ T6713] netlink: 16 bytes leftover after parsing attributes in process `syz.3.696'. [ 336.916208][ T6714] binder: 6710:6714 ioctl 4018620d 0 returned -22 [ 337.217591][ T26] audit: type=1326 audit(1756588965.733:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6694 comm="syz.2.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 337.380127][ T6717] loop1: detected capacity change from 0 to 2048 [ 337.495425][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.511378][ T6718] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 337.517229][ T6717] Remounting filesystem read-only [ 337.527507][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.538065][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.548465][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.558084][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.567761][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.577410][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.597920][ T6717] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 337.742617][ T6721] input: syz1 as /devices/virtual/input/input18 [ 337.882064][ T26] audit: type=1326 audit(1756588965.733:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6694 comm="syz.2.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 338.160459][ T26] audit: type=1326 audit(1756588965.733:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6694 comm="syz.2.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 339.213832][ T26] audit: type=1800 audit(1756588966.853:358): pid=6717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.695" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 339.310489][ T6736] netlink: 'syz.2.704': attribute type 1 has an invalid length. [ 339.461043][ T6744] loop2: detected capacity change from 0 to 764 [ 339.519085][ T6740] loop3: detected capacity change from 0 to 4096 [ 340.145912][ T6754] netlink: 16 bytes leftover after parsing attributes in process `syz.3.710'. [ 340.161346][ T6754] binder: 6752:6754 ioctl 4018620d 0 returned -22 [ 342.003090][ T6765] loop2: detected capacity change from 0 to 2048 [ 342.184845][ T6770] netlink: 'syz.3.716': attribute type 1 has an invalid length. [ 342.217169][ T6771] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 342.232680][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.244541][ T6765] Remounting filesystem read-only [ 342.249820][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.261002][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.270878][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.280555][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.290337][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.300196][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.330377][ T6765] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 342.409389][ T26] audit: type=1800 audit(1756588971.593:359): pid=6765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.714" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 343.022196][ T6776] input: syz1 as /devices/virtual/input/input19 [ 343.270554][ T6780] loop0: detected capacity change from 0 to 128 [ 343.399859][ T6780] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 343.414848][ T6780] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 345.660086][ T6803] netlink: 16 bytes leftover after parsing attributes in process `syz.2.725'. [ 345.685904][ T6803] binder: 6800:6803 ioctl 4018620d 0 returned -22 [ 345.797589][ T6805] loop1: detected capacity change from 0 to 1764 [ 345.952132][ T6805] IPVS: fo: FWM 3 0x00000003 - no destination available [ 347.280703][ T6817] netlink: 'syz.3.730': attribute type 1 has an invalid length. [ 347.409589][ T6818] netlink: 32 bytes leftover after parsing attributes in process `syz.0.723'. [ 347.524387][ T6822] loop2: detected capacity change from 0 to 2048 [ 347.620228][ T6825] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 347.635168][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.647264][ T6822] Remounting filesystem read-only [ 347.652887][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.663191][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.673104][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.682778][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.693016][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.702773][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.713072][ T6822] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 347.722922][ T26] audit: type=1800 audit(1756588976.983:360): pid=6822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.731" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 347.844835][ T6826] input: syz1 as /devices/virtual/input/input20 [ 349.264953][ T6838] loop4: detected capacity change from 0 to 1024 [ 349.404608][ T6838] EXT4-fs (loop4): Ignoring removed bh option [ 349.449085][ T6838] EXT4-fs (loop4): inline encryption not supported [ 349.600691][ T6838] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 349.647387][ T6838] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 2: comm syz.4.735: lblock 2 mapped to illegal pblock 2 (length 1) [ 349.678913][ T6838] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 349.687089][ T6838] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 48: comm syz.4.735: lblock 0 mapped to illegal pblock 48 (length 1) [ 349.855240][ T6838] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 349.964198][ T6838] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.735: Failed to acquire dquot type 0 [ 350.157074][ T6838] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 350.280717][ T6838] EXT4-fs error (device loop4): ext4_evict_inode:282: inode #11: comm syz.4.735: mark_inode_dirty error [ 350.333155][ T6838] EXT4-fs warning (device loop4): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 350.384428][ T6838] EXT4-fs (loop4): 1 orphan inode deleted [ 350.404823][ T4804] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:13: lblock 1 mapped to illegal pblock 1 (length 1) [ 350.466499][ T6838] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x00000000000008c9,debug,inlinecrypt,,errors=continue. Quota mode: writeback. [ 350.563063][ T6850] netlink: 16 bytes leftover after parsing attributes in process `syz.2.737'. [ 350.577631][ T6850] binder: 6848:6850 ioctl 4018620d 0 returned -22 [ 350.715147][ T4804] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 350.850824][ T4804] EXT4-fs error (device loop4): ext4_release_dquot:6245: comm kworker/u4:13: Failed to release dquot type 0 [ 351.197519][ T6838] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 48: comm syz.4.735: lblock 0 mapped to illegal pblock 48 (length 1) [ 351.328680][ T6838] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=-117 [ 354.204794][ T6863] loop2: detected capacity change from 0 to 32768 [ 356.090490][ T6889] netlink: 16 bytes leftover after parsing attributes in process `syz.2.748'. [ 356.145291][ T6891] binder: 6884:6891 ioctl 4018620d 0 returned -22 [ 356.713259][ T6900] netlink: 12 bytes leftover after parsing attributes in process `syz.1.749'. [ 359.689163][ T1108] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 360.219295][ T1108] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 360.259028][ T1108] usb 4-1: config 0 has no interfaces? [ 360.388322][ T6934] netlink: 'syz.4.760': attribute type 1 has an invalid length. [ 360.469125][ T1108] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 360.478415][ T1108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.529492][ T1108] usb 4-1: config 0 descriptor?? [ 363.205040][ T4252] usb 4-1: USB disconnect, device number 4 [ 363.765856][ T6952] netlink: 16 bytes leftover after parsing attributes in process `syz.1.765'. [ 363.868152][ T6953] binder: 6949:6953 ioctl 4018620d 0 returned -22 [ 364.434091][ T6957] loop0: detected capacity change from 0 to 512 [ 365.422221][ T6957] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 365.490656][ T6957] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 365.549072][ T6957] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.767: Corrupt directory, running e2fsck is recommended [ 365.611972][ T6957] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 365.645349][ T6957] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2228: inode #15: comm syz.0.767: corrupted in-inode xattr [ 365.661842][ T6963] loop1: detected capacity change from 0 to 4096 [ 365.701746][ T6963] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 365.721311][ T6957] EXT4-fs (loop0): Remounting filesystem read-only [ 365.742728][ T6957] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.767: couldn't read orphan inode 15 (err -117) [ 365.799447][ T6957] EXT4-fs (loop0): Remounting filesystem read-only [ 365.806272][ T6957] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,noinit_itable,discard,auto_da_alloc,grpjquota=.mb_optimize_scan=0x0000000000000000,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 366.540834][ T6957] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 366.664775][ T6957] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 367.084418][ T6957] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.767: Corrupt directory, running e2fsck is recommended [ 367.243085][ T6977] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 367.286395][ T6977] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 367.346387][ T6977] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.767: Corrupt directory, running e2fsck is recommended [ 367.349651][ T6957] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 367.386781][ T6979] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 367.482568][ T6957] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 367.532586][ T6983] netlink: 'syz.2.773': attribute type 1 has an invalid length. [ 367.561238][ T6979] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 367.894502][ T6994] loop2: detected capacity change from 0 to 512 [ 368.296010][ T6994] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 369.404980][ T7007] netlink: 16 bytes leftover after parsing attributes in process `syz.0.778'. [ 369.432196][ T7007] binder: 7001:7007 ioctl 4018620d 0 returned -22 [ 370.105611][ T7011] loop2: detected capacity change from 0 to 1764 [ 372.853122][ T7025] netlink: 32 bytes leftover after parsing attributes in process `syz.0.784'. [ 373.113285][ T7034] loop0: detected capacity change from 0 to 256 [ 374.531985][ T7047] netlink: 16 bytes leftover after parsing attributes in process `syz.3.791'. [ 374.590298][ T7048] binder: 7043:7048 ioctl 4018620d 0 returned -22 [ 374.624054][ T4360] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 375.160010][ T4360] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 375.494839][ T4360] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.557988][ T4360] usb 5-1: config 0 descriptor?? [ 375.606653][ T7052] loop1: detected capacity change from 0 to 4096 [ 375.631698][ T4360] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 375.646451][ T7052] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 376.640328][ T4360] gspca_stv06xx: I2C: Read error writing address: -71 [ 376.693856][ T4360] usb 5-1: USB disconnect, device number 7 [ 377.179619][ T7068] loop1: detected capacity change from 0 to 256 [ 377.254031][ T7054] loop0: detected capacity change from 0 to 32768 [ 378.348719][ T7074] loop2: detected capacity change from 0 to 32768 [ 378.387688][ T7054] XFS (loop0): Mounting V5 Filesystem [ 378.462870][ T7084] loop1: detected capacity change from 0 to 512 [ 378.472605][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.484486][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.506019][ T7074] JBD2: Ignoring recovery information on journal [ 378.514914][ T7074] jbd2_journal_bmap: journal block not found at offset 32 on loop2-75 [ 378.523602][ T7074] JBD2: bad block at offset 32 [ 378.539608][ T7074] (syz.2.798,7074,0):ocfs2_load_local_alloc:311 ERROR: Invalid local alloc inode, 75 [ 378.549201][ T7074] (syz.2.798,7074,0):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 378.557211][ T7074] (syz.2.798,7074,0):ocfs2_check_volume:2465 ERROR: status = -22 [ 378.565033][ T7074] (syz.2.798,7074,0):ocfs2_check_volume:2493 ERROR: status = -22 [ 378.572841][ T7074] (syz.2.798,7074,0):ocfs2_mount_volume:1824 ERROR: status = -22 [ 378.622199][ T7074] (syz.2.798,7074,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 378.708245][ T7054] XFS (loop0): Ending clean mount [ 378.810568][ T7088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.800'. [ 379.231963][ T4183] XFS (loop0): Unmounting Filesystem [ 380.341074][ T4295] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 380.639073][ T4295] usb 2-1: Using ep0 maxpacket: 32 [ 380.760600][ T4295] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 380.768741][ T4295] usb 2-1: config 0 has no interface number 0 [ 380.979247][ T4295] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 381.002136][ T4295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.084602][ T4295] usb 2-1: Product: syz [ 381.272337][ T4295] usb 2-1: Manufacturer: syz [ 381.295699][ T4295] usb 2-1: SerialNumber: syz [ 381.739930][ T4295] usb 2-1: config 0 descriptor?? [ 381.796133][ T4295] usb 2-1: can't set config #0, error -71 [ 381.820559][ T4295] usb 2-1: USB disconnect, device number 11 [ 382.143556][ T7125] loop0: detected capacity change from 0 to 2048 [ 382.228083][ T7125] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 386.444994][ T7160] loop0: detected capacity change from 0 to 1764 [ 388.138163][ T7162] loop2: detected capacity change from 0 to 2048 [ 388.243613][ T7165] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 388.305324][ T26] audit: type=1326 audit(1756589017.553:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 388.415950][ T26] audit: type=1326 audit(1756589017.583:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 388.471260][ T7164] loop0: detected capacity change from 0 to 4096 [ 388.519707][ T26] audit: type=1326 audit(1756589017.583:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 388.755365][ T26] audit: type=1326 audit(1756589017.583:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 388.913540][ T26] audit: type=1326 audit(1756589017.583:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 389.058570][ T26] audit: type=1326 audit(1756589017.583:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 389.169303][ T26] audit: type=1326 audit(1756589017.583:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 389.409039][ T26] audit: type=1326 audit(1756589017.583:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 391.792706][ T7191] loop0: detected capacity change from 0 to 256 [ 392.522763][ T7199] loop4: detected capacity change from 0 to 1764 [ 396.487159][ T4190] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 397.998973][ T4190] usb 1-1: Using ep0 maxpacket: 32 [ 398.119153][ T4190] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA6, skipping [ 398.223670][ T4190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 398.375468][ T4190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 398.879295][ T4190] usb 1-1: string descriptor 0 read error: -71 [ 398.957216][ T4190] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 399.019465][ T4190] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.041390][ T4190] usb 1-1: config 0 descriptor?? [ 399.219131][ T4190] usb 1-1: can't set config #0, error -71 [ 399.354765][ T7246] loop3: detected capacity change from 0 to 1764 [ 399.418298][ T4190] usb 1-1: USB disconnect, device number 5 [ 401.038772][ T7249] loop4: detected capacity change from 0 to 2048 [ 401.189737][ T7252] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 401.295147][ T26] audit: type=1800 audit(1756589030.543:369): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.849" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 401.379983][ T7255] input: syz1 as /devices/virtual/input/input21 [ 407.634416][ T7299] loop2: detected capacity change from 0 to 2048 [ 407.769054][ T4295] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 408.191014][ T7301] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 408.469212][ T4295] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 408.478391][ T4295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.552802][ T26] audit: type=1800 audit(1756589037.803:370): pid=7302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.863" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 408.637571][ T7304] input: syz1 as /devices/virtual/input/input22 [ 408.858296][ T4295] usb 2-1: Product: syz [ 408.862590][ T4295] usb 2-1: Manufacturer: syz [ 408.867208][ T4295] usb 2-1: SerialNumber: syz [ 408.874601][ T4295] usb 2-1: config 0 descriptor?? [ 409.149997][ T4295] dvb_usb_rtl28xxu 2-1:0.0: chip type detection failed -71 [ 409.179067][ T4295] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 409.200463][ T4295] usb 2-1: USB disconnect, device number 12 [ 409.518387][ T7313] loop1: detected capacity change from 0 to 4096 [ 409.801027][ T7313] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 410.300437][ T1108] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 411.278928][ T1108] usb 3-1: Using ep0 maxpacket: 32 [ 411.425329][ T1108] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 411.434143][ T1108] usb 3-1: config 0 has no interface number 0 [ 411.456314][ T1108] usb 3-1: config 0 interface 184 has no altsetting 0 [ 411.659153][ T1108] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 411.677923][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.706934][ T1108] usb 3-1: Product: syz [ 411.718940][ T1108] usb 3-1: Manufacturer: syz [ 411.736280][ T1108] usb 3-1: SerialNumber: syz [ 411.764522][ T1108] usb 3-1: config 0 descriptor?? [ 411.836953][ T1108] smsc75xx v1.0.0 [ 412.201998][ T7344] loop3: detected capacity change from 0 to 2048 [ 412.322074][ T7345] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 412.425328][ T26] audit: type=1800 audit(1756589041.673:371): pid=7346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.877" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 412.469075][ T1108] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 412.509009][ T7347] input: syz1 as /devices/virtual/input/input23 [ 413.049568][ T1108] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 414.250483][ T7369] loop4: detected capacity change from 0 to 2048 [ 414.259310][ T1108] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000118: -71 [ 414.317911][ T1108] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRH: -71 [ 414.564565][ T1108] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 414.588096][ T1108] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 414.708634][ T1108] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 414.813088][ T1108] usb 3-1: USB disconnect, device number 5 [ 415.498380][ T7378] loop0: detected capacity change from 0 to 2048 [ 415.519914][ T7379] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 415.588783][ T26] audit: type=1326 audit(1756589044.813:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7368 comm="syz.4.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 415.613243][ T26] audit: type=1326 audit(1756589044.813:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7368 comm="syz.4.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 415.655365][ T26] audit: type=1326 audit(1756589044.813:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7368 comm="syz.4.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 416.348880][ T26] audit: type=1326 audit(1756589044.813:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7368 comm="syz.4.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 416.459048][ T7384] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 416.515780][ T26] audit: type=1326 audit(1756589044.833:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7368 comm="syz.4.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 416.526971][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.550236][ T7378] Remounting filesystem read-only [ 416.555549][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.565463][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.565497][ T26] audit: type=1326 audit(1756589044.833:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7368 comm="syz.4.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 416.575549][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.608033][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.617788][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.628968][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.638861][ T7378] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 416.737265][ T7394] input: syz1 as /devices/virtual/input/input24 [ 416.798919][ T4190] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 417.014607][ T26] audit: type=1800 audit(1756589045.893:378): pid=7378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.889" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 417.509204][ T7386] loop3: detected capacity change from 0 to 32768 [ 417.519134][ T4190] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 417.534288][ T4190] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.556309][ T7386] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.891 (7386) [ 417.559408][ T4360] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 417.580091][ T4190] usb 5-1: Product: syz [ 417.586787][ T4190] usb 5-1: Manufacturer: syz [ 417.596901][ T4190] usb 5-1: SerialNumber: syz [ 417.617014][ T4190] usb 5-1: config 0 descriptor?? [ 417.647722][ T7386] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 417.684323][ T7386] BTRFS info (device loop3): using free space tree [ 417.699880][ T7386] BTRFS info (device loop3): has skinny extents [ 417.892922][ T4190] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 417.904395][ T7386] BTRFS info (device loop3): enabling ssd optimizations [ 417.969201][ T4360] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 417.984920][ T4360] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 417.994894][ T4360] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 418.004854][ T4360] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.022913][ T4360] usb 1-1: config 0 descriptor?? [ 418.206424][ T7421] netlink: 16 bytes leftover after parsing attributes in process `syz.1.895'. [ 419.910408][ T4190] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 419.954062][ T4190] usb 5-1: USB disconnect, device number 8 [ 421.481754][ T4190] usb 1-1: USB disconnect, device number 6 [ 421.514721][ T7454] loop3: detected capacity change from 0 to 2048 [ 421.588710][ T7456] netlink: 60 bytes leftover after parsing attributes in process `syz.0.903'. [ 421.608660][ T7457] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 421.630205][ T26] audit: type=1326 audit(1756589050.883:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7453 comm="syz.3.902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 421.685860][ T7456] netlink: 60 bytes leftover after parsing attributes in process `syz.0.903'. [ 421.717845][ T26] audit: type=1326 audit(1756589050.913:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7453 comm="syz.3.902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 421.741019][ T7458] netlink: 60 bytes leftover after parsing attributes in process `syz.0.903'. [ 421.770567][ T7459] netlink: 60 bytes leftover after parsing attributes in process `syz.0.903'. [ 421.788555][ T26] audit: type=1326 audit(1756589050.913:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7453 comm="syz.3.902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 421.998099][ T26] audit: type=1326 audit(1756589050.913:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7453 comm="syz.3.902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 422.722363][ T26] audit: type=1326 audit(1756589050.913:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7453 comm="syz.3.902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 423.370242][ T7481] netlink: 16 bytes leftover after parsing attributes in process `syz.3.907'. [ 425.531301][ T7499] loop1: detected capacity change from 0 to 2048 [ 425.789632][ T7504] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 425.840502][ T26] audit: type=1326 audit(1756589055.073:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 425.979303][ T26] audit: type=1326 audit(1756589055.073:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 426.103537][ T7494] loop3: detected capacity change from 0 to 131072 [ 426.148801][ T26] audit: type=1326 audit(1756589055.073:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 426.456806][ T7494] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 426.465341][ T7494] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 426.481226][ T7494] F2FS-fs (loop3): invalid crc value [ 426.526820][ T7494] F2FS-fs (loop3): Found nat_bits in checkpoint [ 426.528480][ T26] audit: type=1326 audit(1756589055.073:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 426.910315][ T7494] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 426.917405][ T7494] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 427.009581][ T26] audit: type=1326 audit(1756589055.073:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 427.098914][ T26] audit: type=1326 audit(1756589055.073:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 427.185302][ T26] audit: type=1326 audit(1756589055.073:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 427.274955][ T26] audit: type=1326 audit(1756589055.073:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.1.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 428.739501][ T7526] netlink: 16 bytes leftover after parsing attributes in process `syz.4.921'. [ 429.695252][ T7535] loop1: detected capacity change from 0 to 256 [ 431.546977][ T7552] syz.1.927 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 432.111835][ T7548] 9pnet: p9_fd_create_tcp (7548): problem connecting socket to 127.0.0.1 [ 432.610702][ T7559] loop3: detected capacity change from 0 to 4096 [ 433.574004][ T7554] loop1: detected capacity change from 0 to 40427 [ 433.716633][ T7554] F2FS-fs (loop1): Invalid log blocks per segment (83886089) [ 433.735394][ T7554] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 433.864350][ T4185] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 433.899692][ T4185] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 434.362192][ T7577] binder: 7575:7577 ioctl 4018620d 0 returned -22 [ 435.248373][ T7581] loop3: detected capacity change from 0 to 512 [ 435.363815][ T7581] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 435.425458][ T7586] loop2: detected capacity change from 0 to 64 [ 438.711755][ T7622] binder: 7615:7622 ioctl 4018620d 0 returned -22 [ 438.897353][ T7626] loop3: detected capacity change from 0 to 128 [ 439.047112][ T7626] EXT4-fs (loop3): Test dummy encryption mode enabled [ 439.109992][ T7626] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption=v1,nolazytime,,errors=continue. Quota mode: none. [ 439.124077][ T7626] ext4 filesystem being mounted at /201/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 439.448856][ T7632] loop2: detected capacity change from 0 to 16 [ 439.793347][ T7626] fscrypt (loop3): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 439.901719][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.909729][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.021128][ T7632] erofs: (device loop2): mounted with root inode @ nid 36. [ 441.349071][ T1108] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 441.383876][ T7658] loop4: detected capacity change from 0 to 64 [ 441.609134][ T1108] usb 4-1: Using ep0 maxpacket: 8 [ 441.769613][ T1108] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 441.795686][ T1108] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 441.897968][ T1108] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 442.005812][ T1108] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 442.098875][ T1108] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 442.108088][ T1108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.470367][ T1108] usb 4-1: GET_CAPABILITIES returned 0 [ 442.476073][ T1108] usbtmc 4-1:16.0: can't read capabilities [ 442.678969][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.689006][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.698117][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.707226][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.716332][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.725440][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.734570][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.743699][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.752823][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.761945][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.771174][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.780296][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.789521][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.798741][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.807843][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.816966][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 442.861707][ T1108] usb 4-1: USB disconnect, device number 5 [ 444.130453][ T7675] binder: 7673:7675 ioctl 4018620d 0 returned -22 [ 446.126037][ T7690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.967'. [ 446.999324][ T7699] loop3: detected capacity change from 0 to 64 [ 449.139736][ T7707] loop1: detected capacity change from 0 to 2048 [ 449.458201][ T7717] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 449.581805][ T7720] binder: 7718:7720 ioctl 4018620d 0 returned -22 [ 450.379136][ T26] audit: type=1326 audit(1756589079.633:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7703 comm="syz.1.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 451.403492][ T7728] loop4: detected capacity change from 0 to 65536 [ 451.818030][ T7728] XFS (loop4): Mounting V5 Filesystem [ 452.530492][ T7728] XFS (loop4): Ending clean mount [ 452.557988][ T4455] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x3a/0xd0, xfs_cntbt block 0x6 [ 452.579791][ T4455] XFS (loop4): Unmount and run xfs_repair [ 452.585557][ T4455] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 452.596643][ T4455] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 452.608741][ T4455] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10 ................ [ 452.644007][ T4455] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 452.678908][ T4455] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03 .....J.......... [ 452.738651][ T4455] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00 ...9..?......... [ 452.772351][ T4455] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00 ...........?.... [ 452.918907][ T4455] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 452.962862][ T4455] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 453.799477][ T7728] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x1d3/0x2c0" at daddr 0x6 len 2 error 74 [ 453.812766][ T7728] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x514/0x8a0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 453.827583][ T7728] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 454.120113][ T4184] XFS (loop4): Unmounting Filesystem [ 454.658142][ T7768] loop2: detected capacity change from 0 to 64 [ 455.047048][ T7770] loop3: detected capacity change from 0 to 2048 [ 455.583574][ T7772] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 455.679597][ T26] audit: type=1326 audit(1756589084.933:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 455.717165][ T26] audit: type=1326 audit(1756589084.933:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 455.784399][ T26] audit: type=1326 audit(1756589084.953:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 455.948911][ T26] audit: type=1326 audit(1756589084.953:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 455.971462][ T26] audit: type=1326 audit(1756589084.953:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 457.032492][ T26] audit: type=1326 audit(1756589084.963:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 457.133237][ T26] audit: type=1326 audit(1756589084.963:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 457.210020][ T26] audit: type=1326 audit(1756589084.963:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7769 comm="syz.3.990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 457.234992][ T7793] loop4: detected capacity change from 0 to 64 [ 458.081276][ T7793] hfs: hfs: Invalid key length: 94 [ 459.131404][ T7812] netlink: 'syz.3.1004': attribute type 29 has an invalid length. [ 459.160099][ T7812] netlink: 'syz.3.1004': attribute type 29 has an invalid length. [ 459.173895][ T7812] netlink: 'syz.3.1004': attribute type 29 has an invalid length. [ 459.248030][ T7817] loop4: detected capacity change from 0 to 64 [ 460.767228][ T7829] loop1: detected capacity change from 0 to 2048 [ 461.405639][ T7840] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 461.528537][ T26] audit: type=1326 audit(1756589090.773:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 461.664737][ T26] audit: type=1326 audit(1756589090.823:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 461.745130][ T7845] loop4: detected capacity change from 0 to 2048 [ 461.824613][ T26] audit: type=1326 audit(1756589090.823:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 461.907299][ T7850] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 462.047541][ T26] audit: type=1326 audit(1756589090.823:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 462.079529][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.094428][ T7845] Remounting filesystem read-only [ 462.099847][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.109657][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.119576][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.129304][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.139060][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.169551][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.179425][ T7845] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 462.218290][ T7845] input: syz1 as /devices/virtual/input/input25 [ 462.227366][ T26] audit: type=1326 audit(1756589090.823:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 462.837000][ T26] audit: type=1326 audit(1756589090.823:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 464.228913][ T26] audit: type=1326 audit(1756589090.823:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 464.258376][ T7875] loop1: detected capacity change from 0 to 64 [ 464.274124][ T26] audit: type=1326 audit(1756589090.823:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 464.692537][ T26] audit: type=1800 audit(1756589091.443:409): pid=7845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1013" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 464.961882][ T7880] loop4: detected capacity change from 0 to 256 [ 465.323991][ T7884] loop2: detected capacity change from 0 to 2048 [ 465.448984][ T7889] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 465.485571][ T26] audit: type=1326 audit(1756589094.733:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7882 comm="syz.2.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 466.675897][ T7901] loop4: detected capacity change from 0 to 2048 [ 466.960284][ T7911] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 467.015869][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.026449][ T7901] Remounting filesystem read-only [ 467.032034][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.041938][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.051944][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.062000][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.071695][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.156868][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.166672][ T7901] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 467.176958][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 467.176972][ T26] audit: type=1800 audit(1756589096.433:415): pid=7901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1031" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 467.203947][ T7914] input: syz1 as /devices/virtual/input/input27 [ 467.491432][ T7921] loop4: detected capacity change from 0 to 64 [ 468.335156][ T26] audit: type=1326 audit(1756589097.583:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.0.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fd129be9 code=0x7ffc0000 [ 468.488490][ T26] audit: type=1326 audit(1756589097.623:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.0.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90fd129be9 code=0x7ffc0000 [ 468.577006][ T26] audit: type=1326 audit(1756589097.633:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.0.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fd129be9 code=0x7ffc0000 [ 468.698876][ T26] audit: type=1326 audit(1756589097.633:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.0.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90fd129be9 code=0x7ffc0000 [ 468.811262][ T26] audit: type=1326 audit(1756589097.633:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.0.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fd129be9 code=0x7ffc0000 [ 469.089097][ T7939] sg_write: data in/out 91/14 bytes for SCSI command 0x0-- guessing data in; [ 469.089097][ T7939] program syz.3.1044 not setting count and/or reply_len properly [ 471.240330][ T7957] loop2: detected capacity change from 0 to 2048 [ 471.271392][ T7928] loop4: detected capacity change from 0 to 32768 [ 471.346429][ T7960] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 471.406601][ T7928] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 471.422452][ T26] audit: type=1326 audit(1756589100.673:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 471.528107][ T4184] (syz-executor,4184,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 471.550528][ T4184] ocfs2: Unmounting device (7,4) on (node local) [ 471.567500][ T26] audit: type=1326 audit(1756589100.693:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 471.656831][ T26] audit: type=1326 audit(1756589100.693:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 471.736247][ T26] audit: type=1326 audit(1756589100.693:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 471.971346][ T7976] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1056'. [ 472.033161][ T7977] binder: 7970:7977 ioctl 4018620d 0 returned -22 [ 472.808254][ T26] audit: type=1326 audit(1756589100.693:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 473.552542][ T26] audit: type=1326 audit(1756589100.693:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 474.115519][ T26] audit: type=1326 audit(1756589100.703:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 474.225915][ T26] audit: type=1326 audit(1756589100.703:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7956 comm="syz.2.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 474.265200][ T7999] loop1: detected capacity change from 0 to 256 [ 474.352517][ T7999] FAT-fs (loop1): Directory bread(block 64) failed [ 474.380808][ T8001] loop4: detected capacity change from 0 to 2048 [ 474.389242][ T7999] FAT-fs (loop1): Directory bread(block 65) failed [ 474.395885][ T7999] FAT-fs (loop1): Directory bread(block 66) failed [ 474.419397][ T7999] FAT-fs (loop1): Directory bread(block 67) failed [ 474.440252][ T7999] FAT-fs (loop1): Directory bread(block 68) failed [ 474.459002][ T7999] FAT-fs (loop1): Directory bread(block 69) failed [ 474.465654][ T7999] FAT-fs (loop1): Directory bread(block 70) failed [ 474.489006][ T7999] FAT-fs (loop1): Directory bread(block 71) failed [ 474.491747][ T8002] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 474.509009][ T7999] FAT-fs (loop1): Directory bread(block 72) failed [ 474.515589][ T7999] FAT-fs (loop1): Directory bread(block 73) failed [ 474.550591][ T26] audit: type=1326 audit(1756589103.803:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.4.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 474.628748][ T26] audit: type=1326 audit(1756589103.803:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.4.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 474.693352][ T26] audit: type=1326 audit(1756589103.803:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.4.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 474.814459][ T26] audit: type=1326 audit(1756589103.803:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.4.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 474.935876][ T26] audit: type=1326 audit(1756589103.803:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.4.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 475.121739][ T26] audit: type=1326 audit(1756589103.803:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.4.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67ec655be9 code=0x7ffc0000 [ 475.530461][ T8015] loop1: detected capacity change from 0 to 128 [ 475.590024][ T8015] FAT-fs (loop1): Unrecognized mount option "0xffffffffffffffffÿ01777777777777777777777¬‚ú=¨ËdÌž¬· Y ýS«38`¿·˜›‚" or missing value [ 475.792689][ T8015] loop1: detected capacity change from 0 to 512 [ 476.025432][ T8015] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 476.039313][ T8021] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1071'. [ 476.063544][ T8021] binder: 8016:8021 ioctl 4018620d 0 returned -22 [ 476.799165][ T8015] ext4 filesystem being mounted at /203/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 479.635530][ T8038] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1078'. [ 479.850675][ T8035] loop3: detected capacity change from 0 to 2048 [ 479.994360][ T8047] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 480.059506][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.070635][ T8035] Remounting filesystem read-only [ 480.075910][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.085905][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.096803][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.106741][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.116383][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.128367][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.138161][ T8035] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 480.208953][ T26] audit: type=1800 audit(1756589109.403:435): pid=8035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1077" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 480.501182][ T8046] loop4: detected capacity change from 0 to 2048 [ 480.587436][ T8042] loop2: detected capacity change from 0 to 131072 [ 480.608365][ T8035] input: syz1 as /devices/virtual/input/input28 [ 480.638195][ T8042] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0) [ 480.646373][ T8042] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 480.656895][ T8042] F2FS-fs (loop2): invalid crc value [ 480.670519][ T8042] F2FS-fs (loop2): Found nat_bits in checkpoint [ 480.733119][ T8042] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 480.740263][ T8042] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 481.175352][ T8046] loop4: detected capacity change from 0 to 512 [ 482.241035][ T8062] loop4: detected capacity change from 0 to 64 [ 483.013074][ T8066] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1084'. [ 483.028391][ T8066] binder: 8064:8066 ioctl 4018620d 0 returned -22 [ 486.862022][ T8093] input: syz1 as /devices/virtual/input/input29 [ 487.145113][ T4455] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 487.899190][ T4455] usb 3-1: config 0 has no interfaces? [ 487.981063][ T4455] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 488.000563][ T4455] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 488.036328][ T4455] usb 3-1: SerialNumber: syz [ 488.056294][ T4455] usb 3-1: config 0 descriptor?? [ 488.386140][ T8090] IPVS: length: 24 != 3277873272 [ 488.396193][ T4455] usb 3-1: USB disconnect, device number 6 [ 488.883704][ T8111] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1097'. [ 489.129743][ T8112] binder: 8109:8112 ioctl 4018620d 0 returned -22 [ 492.186904][ T8115] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 492.763858][ T8141] loop3: detected capacity change from 0 to 2048 [ 492.799667][ T8143] loop2: detected capacity change from 0 to 2048 [ 492.933416][ T8141] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,usrjquota=,nobarrier,norecovery,barrier=0x0000000000000004,init_itable,minixdf,resuid=0x0000000000000000,grpjquota=,bsddf,,errors=continue. Quota mode: none. [ 493.077418][ T8149] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 493.099080][ T8146] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 493.132340][ T26] audit: type=1326 audit(1756589122.383:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 493.490562][ T26] audit: type=1326 audit(1756589122.413:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 494.239093][ T26] audit: type=1326 audit(1756589122.413:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 494.303350][ T8161] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1110'. [ 494.317594][ T8161] binder: 8158:8161 ioctl 4018620d 0 returned -22 [ 494.370884][ T26] audit: type=1326 audit(1756589122.413:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 494.494721][ T8160] loop2: detected capacity change from 0 to 2048 [ 494.940997][ T26] audit: type=1326 audit(1756589122.413:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 495.433431][ T26] audit: type=1326 audit(1756589122.413:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 495.494643][ T26] audit: type=1326 audit(1756589122.413:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 495.619264][ T26] audit: type=1326 audit(1756589122.413:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8142 comm="syz.2.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x7ffc0000 [ 496.213587][ T8178] loop1: detected capacity change from 0 to 256 [ 497.710216][ T26] audit: type=1326 audit(1756589126.963:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fd129be9 code=0x7ffc0000 [ 497.849045][ T26] audit: type=1326 audit(1756589126.993:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90fd129be9 code=0x7ffc0000 [ 499.529046][ T8204] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1125'. [ 499.869532][ T8204] binder: 8203:8204 ioctl 4018620d 0 returned -22 [ 499.891556][ T8207] loop3: detected capacity change from 0 to 64 [ 501.011754][ T8220] loop3: detected capacity change from 0 to 2048 [ 501.087007][ T8224] loop1: detected capacity change from 0 to 2048 [ 501.375349][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.381715][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.647681][ T8229] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 501.683972][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.695791][ T8220] Remounting filesystem read-only [ 501.701176][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.711900][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.721776][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.731547][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.741317][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.769242][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.779053][ T8220] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 501.789057][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 501.789069][ T26] audit: type=1800 audit(1756589131.033:450): pid=8220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1129" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 501.962642][ T8220] input: syz1 as /devices/virtual/input/input30 [ 501.982687][ T8233] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 502.039661][ T26] audit: type=1326 audit(1756589131.293:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8223 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 502.208854][ T26] audit: type=1326 audit(1756589131.323:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8223 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 502.367331][ T26] audit: type=1326 audit(1756589131.323:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8223 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 502.412066][ T26] audit: type=1326 audit(1756589131.323:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8223 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 502.485682][ T26] audit: type=1326 audit(1756589131.323:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8223 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 502.850466][ T26] audit: type=1326 audit(1756589131.323:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8223 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66dd26cbe9 code=0x7ffc0000 [ 503.400916][ T8241] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1137'. [ 503.415072][ T8241] binder: 8239:8241 ioctl 4018620d 0 returned -22 [ 503.583544][ T8246] loop4: detected capacity change from 0 to 64 [ 504.723983][ T8266] loop2: detected capacity change from 0 to 256 [ 509.568188][ T8293] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1149'. [ 509.651117][ T8293] binder: 8292:8293 ioctl 4018620d 0 returned -22 [ 510.917263][ T8301] loop3: detected capacity change from 0 to 64 [ 511.307232][ T8306] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1153'. [ 511.328319][ T8306] IPVS: Error joining to the multicast group [ 512.130947][ T8308] loop3: detected capacity change from 0 to 64 [ 512.914016][ T26] audit: type=1800 audit(1756589142.163:457): pid=8308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1154" name="file1" dev="loop3" ino=22 res=0 errno=0 [ 514.017794][ T8328] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1160'. [ 514.115214][ T8327] binder: 8325:8327 ioctl 4018620d 0 returned -22 [ 514.127988][ T8326] loop2: detected capacity change from 0 to 4096 [ 514.221293][ T8333] loop3: detected capacity change from 0 to 64 [ 514.235253][ T8331] loop4: detected capacity change from 0 to 256 [ 514.703866][ T4194] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 514.730300][ T4194] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 515.054584][ T8345] loop2: detected capacity change from 0 to 64 [ 516.589554][ T5231] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.855723][ T5231] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.939027][ T4455] Bluetooth: hci5: command 0x0409 tx timeout [ 516.964874][ T5231] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.011573][ T8338] chnl_net:caif_netlink_parms(): no params data found [ 517.138675][ T5231] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.421948][ T8338] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.488915][ T8338] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.517636][ T8338] device bridge_slave_0 entered promiscuous mode [ 517.615523][ T8338] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.627357][ T8338] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.656442][ T8338] device bridge_slave_1 entered promiscuous mode [ 517.813535][ T8338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 517.893209][ T8338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 518.250280][ T5231] bond1: (slave ip6gretap1): Releasing backup interface [ 519.078169][ T4455] Bluetooth: hci5: command 0x041b tx timeout [ 519.161684][ T8338] team0: Port device team_slave_0 added [ 519.186707][ T8338] team0: Port device team_slave_1 added [ 519.359994][ T8387] loop3: detected capacity change from 0 to 2048 [ 519.388489][ T8338] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 519.409528][ T8338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.488510][ T8391] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 519.530746][ T8389] loop4: detected capacity change from 0 to 4096 [ 519.542100][ T8338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 519.563539][ T26] audit: type=1326 audit(1756589148.813:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 519.615333][ T26] audit: type=1326 audit(1756589148.843:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 519.632487][ T8338] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 519.698811][ T8338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.698925][ T26] audit: type=1326 audit(1756589148.843:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 519.819104][ T4455] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 519.828870][ T26] audit: type=1326 audit(1756589148.843:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 519.852928][ T8338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 519.879875][ T4184] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 519.886366][ T4184] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 519.918937][ T26] audit: type=1326 audit(1756589148.843:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 520.051678][ T26] audit: type=1326 audit(1756589148.843:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 520.117174][ T8338] device hsr_slave_0 entered promiscuous mode [ 520.189031][ T26] audit: type=1326 audit(1756589148.843:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 520.190864][ T8338] device hsr_slave_1 entered promiscuous mode [ 520.216175][ T26] audit: type=1326 audit(1756589148.843:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 520.382246][ T8404] loop3: detected capacity change from 0 to 128 [ 520.389667][ T4455] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 520.456740][ T4455] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping [ 520.719260][ T4455] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 520.749600][ T8404] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 520.947412][ T8404] ext4 filesystem being mounted at /249/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 521.009600][ T8338] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 521.065812][ T8338] Cannot create hsr debugfs directory [ 521.176878][ T4453] Bluetooth: hci5: command 0x040f tx timeout [ 521.184121][ T4455] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 521.299248][ T4455] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 521.402133][ T4455] usb 2-1: Product: syz [ 521.491879][ T4455] usb 2-1: Manufacturer: syz [ 521.548211][ T4455] usb 2-1: SerialNumber: syz [ 521.671097][ T4455] usb 2-1: config 0 descriptor?? [ 521.810868][ T4455] radio-si470x 2-1:0.0: could not find interrupt in endpoint [ 521.897914][ T4455] radio-si470x: probe of 2-1:0.0 failed with error -5 [ 521.953289][ T4455] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 522.179210][ T8418] loop4: detected capacity change from 0 to 2048 [ 522.321427][ T8423] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 522.399262][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.410553][ T8418] Remounting filesystem read-only [ 522.415863][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.425772][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.435786][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.445751][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.455479][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.519437][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.519678][ T8427] input: syz1 as /devices/virtual/input/input31 [ 522.529483][ T8418] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 522.545641][ T26] audit: type=1800 audit(1756589151.793:466): pid=8418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1181" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 522.610519][ T5231] bond0: (slave wlan1): Releasing backup interface [ 522.816943][ T8338] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 522.867818][ T8435] loop2: detected capacity change from 0 to 256 [ 522.975572][ T8338] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 522.982825][ T8439] loop4: detected capacity change from 0 to 8 [ 523.006780][ T8338] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 523.038540][ T4455] usb 2-1: USB disconnect, device number 13 [ 523.348933][ T4295] Bluetooth: hci5: command 0x0419 tx timeout [ 523.437221][ T8439] SQUASHFS error: Unable to read directory block [2c0:35] [ 523.467641][ T5231] device hsr_slave_0 left promiscuous mode [ 524.262441][ T5231] device hsr_slave_1 left promiscuous mode [ 524.270828][ T5231] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 524.281136][ T5231] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 524.291622][ T5231] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 524.299221][ T5231] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.310638][ T8447] ksmbd: Unknown IPC event: 6, ignore. [ 524.317254][ T5231] device bridge_slave_1 left promiscuous mode [ 524.331712][ T5231] bridge0: port 2(bridge_slave_1) entered disabled state [ 524.381697][ T5231] device bridge_slave_0 left promiscuous mode [ 524.398781][ T5231] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.502733][ T5231] device veth1_macvtap left promiscuous mode [ 524.530747][ T5231] device veth0_macvtap left promiscuous mode [ 524.536870][ T5231] device veth1_vlan left promiscuous mode [ 524.549253][ T5231] device veth0_vlan left promiscuous mode [ 524.576439][ T8449] loop4: detected capacity change from 0 to 4096 [ 524.728677][ T4184] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 524.739052][ T4184] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 524.991217][ T5231] bond7 (unregistering): Released all slaves [ 525.074905][ T5231] bond6 (unregistering): Released all slaves [ 525.098183][ T5231] bond5 (unregistering): Released all slaves [ 525.561539][ T5231] bond4 (unregistering): Released all slaves [ 525.834147][ T5231] bond3 (unregistering): Released all slaves [ 525.856734][ T5231] bond2 (unregistering): Released all slaves [ 525.881191][ T5231] bond1 (unregistering): Released all slaves [ 526.003785][ T8462] loop4: detected capacity change from 0 to 64 [ 526.989650][ T5231] team0 (unregistering): Port device team_slave_1 removed [ 527.009592][ T5231] team0 (unregistering): Port device team_slave_0 removed [ 527.049681][ T5231] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 527.118369][ T5231] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 527.186580][ T8468] loop4: detected capacity change from 0 to 2048 [ 527.566122][ T8471] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 527.990406][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.011039][ T8468] Remounting filesystem read-only [ 528.016357][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.026440][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.036535][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.046440][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.056119][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.083114][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.092924][ T8468] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 528.102714][ T26] audit: type=1800 audit(1756589157.363:467): pid=8468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1192" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 528.130559][ T8468] input: syz1 as /devices/virtual/input/input32 [ 528.276489][ T5231] bond0 (unregistering): Released all slaves [ 528.307220][ T8476] loop2: detected capacity change from 0 to 1764 [ 528.345017][ T8478] loop4: detected capacity change from 0 to 64 [ 528.376324][ T8338] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 528.648880][ T4233] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 528.797641][ T8496] loop1: detected capacity change from 0 to 256 [ 528.823263][ T8494] sg_read: process 781 (syz.4.1197) changed security contexts after opening file descriptor, this is not allowed. [ 529.048965][ T4233] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 529.124340][ T4233] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 529.172922][ T8338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 529.299233][ T4233] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 529.316917][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 529.335494][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 529.352126][ T4233] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 529.412911][ T8338] 8021q: adding VLAN 0 to HW filter on device team0 [ 529.448919][ T4233] usb 3-1: SerialNumber: syz [ 529.459363][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 529.535874][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 529.604639][ T1212] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.611873][ T1212] bridge0: port 1(bridge_slave_0) entered forwarding state [ 529.918234][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 530.454975][ T4233] usb 3-1: 0:2 : does not exist [ 530.465748][ T8338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 530.540308][ T8338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 530.601301][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 530.623246][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 530.662046][ T4345] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.669222][ T4345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 530.730895][ T4233] usb 3-1: USB disconnect, device number 7 [ 530.788180][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 530.848499][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 530.864114][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 531.244385][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 531.566113][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 531.619922][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 531.639120][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 531.658717][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 531.674545][ T8529] loop2: detected capacity change from 0 to 2048 [ 531.690812][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 531.720206][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 531.729375][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 531.748480][ T8530] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 531.749220][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 531.766717][ T4188] udevd[4188]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 531.831759][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.873904][ T8529] Remounting filesystem read-only [ 531.879415][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.889564][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.899651][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.909981][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.919681][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.931273][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.941022][ T8529] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 531.950912][ T26] audit: type=1800 audit(1756589161.213:468): pid=8529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1204" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 532.134485][ T8529] input: syz1 as /devices/virtual/input/input33 [ 532.767807][ T8537] loop4: detected capacity change from 0 to 128 [ 533.164140][ T8537] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 533.289116][ T8537] ext4 filesystem being mounted at /257/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 535.553431][ T8557] syz.4.1206 (pid 8557) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 535.582584][ T8557] fscrypt: key with descriptor e8dab99234bb312e is too short (got 16 bytes, need 32+ bytes) [ 537.002400][ T5307] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 537.022335][ T5307] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 537.075658][ T8338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 538.184925][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 538.194756][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 539.015923][ T8607] loop4: detected capacity change from 0 to 2048 [ 539.127887][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 539.130040][ T8610] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 539.173242][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 539.217998][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 539.231560][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.265346][ T8607] Remounting filesystem read-only [ 539.265830][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 539.271500][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.288211][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.298252][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.308205][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.317875][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.330069][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.339820][ T8607] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 539.349666][ T26] audit: type=1800 audit(1756589168.613:469): pid=8607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1219" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 539.405375][ T8607] input: syz1 as /devices/virtual/input/input34 [ 539.414660][ T8338] device veth0_vlan entered promiscuous mode [ 539.446695][ T8338] device veth1_vlan entered promiscuous mode [ 539.553217][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 539.592798][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 539.679433][ T8338] device veth0_macvtap entered promiscuous mode [ 539.730116][ T8338] device veth1_macvtap entered promiscuous mode [ 539.964120][ T8619] loop4: detected capacity change from 0 to 32768 [ 540.017342][ T8621] loop1: detected capacity change from 0 to 24 [ 540.142861][ T8621] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 540.175659][ T8619] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1222 (8619) [ 540.202150][ T8621] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 540.227884][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 540.270472][ T8619] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 540.279320][ T8619] BTRFS info (device loop4): using free space tree [ 540.285842][ T8619] BTRFS info (device loop4): has skinny extents [ 540.404101][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 540.647451][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.659990][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.670167][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.681653][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.762447][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.807728][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.859624][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.870818][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.882534][ T8338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 540.894811][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.905438][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.916308][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.927146][ T8619] BTRFS info (device loop4): enabling ssd optimizations [ 540.958801][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.980194][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.994164][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.010298][ T8338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.022648][ T8338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.036002][ T8338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 541.044997][ T26] audit: type=1800 audit(1756589170.293:470): pid=8619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1222" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 541.045826][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 541.207223][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 541.241164][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 541.325712][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 541.400894][ T8338] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.444393][ T8338] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.475847][ T8338] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.504046][ T8338] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.359477][ T8666] loop2: detected capacity change from 0 to 2048 [ 543.536894][ T8666] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 543.681820][ T1212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.762915][ T1212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.839547][ T26] audit: type=1800 audit(1756589173.093:471): pid=8666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1230" name="file2" dev="loop2" ino=1347 res=0 errno=0 [ 543.972129][ T4634] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 544.028019][ T1212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.055356][ T26] audit: type=1326 audit(1756589173.203:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8665 comm="syz.2.1230" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0903ab5be9 code=0x0 [ 544.146535][ T1212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.513972][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 544.689608][ T8687] loop2: detected capacity change from 0 to 2048 [ 545.299013][ T8693] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 545.374285][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.422074][ T8687] Remounting filesystem read-only [ 545.428478][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.438369][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.448462][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.459614][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.469322][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.481922][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.491785][ T8687] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 545.538953][ T26] audit: type=1800 audit(1756589174.763:473): pid=8687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1232" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 545.569576][ T8687] input: syz1 as /devices/virtual/input/input35 [ 550.658337][ T8753] loop1: detected capacity change from 0 to 256 [ 551.120544][ T8765] loop5: detected capacity change from 0 to 512 [ 551.224694][ T8765] EXT4-fs (loop5): Test dummy encryption mode enabled [ 551.246836][ T8768] loop2: detected capacity change from 0 to 2048 [ 551.263551][ T8765] EXT4-fs (loop5): Unrecognized mount option "=" or missing value [ 551.371127][ T8770] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 551.416655][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.427334][ T8768] Remounting filesystem read-only [ 551.432824][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.442737][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.452751][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.463773][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.473463][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.484808][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.494727][ T8768] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 551.504697][ T26] audit: type=1800 audit(1756589180.763:474): pid=8768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1249" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 551.551504][ T8768] input: syz1 as /devices/virtual/input/input36 [ 558.987799][ T8831] loop5: detected capacity change from 0 to 64 [ 559.065215][ T8833] loop1: detected capacity change from 0 to 512 [ 559.709189][ T8833] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 561.515663][ T1336] Bluetooth: hci5: command 0x0405 tx timeout [ 561.530106][ T4804] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 562.347261][ T8819] IPVS: set_ctl: invalid protocol: 0 100.1.1.1:20002 [ 562.784691][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.791373][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.663892][ T8878] binder: 8869:8878 ioctl c0306201 0 returned -14 [ 565.552591][ T8884] loop2: detected capacity change from 0 to 128 [ 565.594660][ T8887] loop1: detected capacity change from 0 to 64 [ 566.239786][ T8884] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 566.259455][ T8884] ext4 filesystem being mounted at /275/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 567.386998][ T8907] loop3: detected capacity change from 0 to 2048 [ 568.338852][ T8912] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 568.364167][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.376784][ T8907] Remounting filesystem read-only [ 568.382277][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.392110][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.402136][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.413892][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.423649][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.433860][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.443604][ T8907] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 568.453401][ T26] audit: type=1800 audit(1756589197.713:475): pid=8907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1282" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 568.546578][ T8914] input: syz1 as /devices/virtual/input/input37 [ 569.407370][ T8926] loop3: detected capacity change from 0 to 16 [ 569.747051][ T8926] erofs: (device loop3): mounted with root inode @ nid 36. [ 570.545115][ T8939] loop3: detected capacity change from 0 to 64 [ 572.189051][ T8941] loop2: detected capacity change from 0 to 2048 [ 572.257548][ T8941] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 572.623396][ T8964] loop2: detected capacity change from 0 to 2048 [ 572.707446][ T8970] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 572.873000][ T8965] loop5: detected capacity change from 0 to 32768 [ 572.931710][ T8965] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.1297 (8965) [ 572.951931][ T8965] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 572.960985][ T8965] BTRFS info (device loop5): using free space tree [ 572.968024][ T8965] BTRFS info (device loop5): has skinny extents [ 572.988784][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.008446][ T8964] Remounting filesystem read-only [ 573.013926][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.024737][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.034961][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.045102][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.054997][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.122467][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.132252][ T8964] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 573.142444][ T26] audit: type=1800 audit(1756589202.403:476): pid=8964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1296" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 573.262182][ T8977] input: syz1 as /devices/virtual/input/input38 [ 573.999764][ T8965] BTRFS info (device loop5): enabling ssd optimizations [ 579.756079][ T9058] loop3: detected capacity change from 0 to 2048 [ 580.083943][ T9070] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 580.126409][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.172408][ T9058] Remounting filesystem read-only [ 580.177839][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.187748][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.198278][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.208396][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.218136][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.237197][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.247057][ T9058] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 580.308875][ T26] audit: type=1800 audit(1756589209.503:477): pid=9058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1311" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 580.350713][ T9058] input: syz1 as /devices/virtual/input/input39 [ 580.361146][ T9072] loop4: detected capacity change from 0 to 256 [ 580.989447][ T9084] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0 [ 581.051831][ T9083] IPVS: stopping backup sync thread 9084 ... [ 581.094591][ T9076] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1316'. [ 581.196421][ T9076] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1316'. [ 582.685997][ T9106] loop2: detected capacity change from 0 to 512 [ 582.758197][ T9106] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 583.912029][ T4804] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 583.926184][ T9115] loop1: detected capacity change from 0 to 64 [ 585.806307][ T9128] loop2: detected capacity change from 0 to 2048 [ 585.959007][ T9132] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 585.993162][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.003540][ T9128] Remounting filesystem read-only [ 586.008904][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.018710][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.028791][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.038606][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.048336][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.058519][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.068835][ T9128] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 586.079758][ T26] audit: type=1800 audit(1756589215.333:478): pid=9128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1327" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 586.231731][ T9133] input: syz1 as /devices/virtual/input/input40 [ 589.071081][ T9171] loop2: detected capacity change from 0 to 64 [ 589.133739][ T9175] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1334'. [ 592.438205][ T9206] loop2: detected capacity change from 0 to 256 [ 597.772496][ T9241] loop1: detected capacity change from 0 to 64 [ 600.828817][ T4452] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 601.078870][ T4452] usb 6-1: Using ep0 maxpacket: 8 [ 601.226102][ T4452] usb 6-1: config 0 has no interfaces? [ 601.240045][ T4452] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 601.255129][ T4452] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.285714][ T4452] usb 6-1: config 0 descriptor?? [ 601.320908][ T9283] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1361'. [ 602.689033][ T13] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 603.132719][ T13] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 603.183716][ T13] usb 2-1: config 1 has an invalid descriptor of length 118, skipping remainder of the config [ 603.217275][ T13] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 603.252108][ T13] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xF7, skipping [ 603.478496][ T13] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 603.505422][ T13] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 603.543067][ T13] usb 2-1: Product: syz [ 603.547292][ T13] usb 2-1: Manufacturer: syz [ 603.622299][ T13] cdc_wdm 2-1:1.0: skipping garbage [ 603.634233][ T13] cdc_wdm 2-1:1.0: skipping garbage [ 604.391266][ T13] cdc_wdm: probe of 2-1:1.0 failed with error -22 [ 604.429812][ T13] usb 2-1: USB disconnect, device number 14 [ 604.885533][ T9335] loop4: detected capacity change from 0 to 64 [ 608.088494][ T9261] ODEBUG: Out of memory. ODEBUG disabled [ 611.014894][ T9380] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 612.109231][ T9388] loop2: detected capacity change from 0 to 2048 [ 612.232945][ T9397] loop3: detected capacity change from 0 to 64 [ 612.245349][ T9398] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 612.920601][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 612.931064][ T9388] Remounting filesystem read-only [ 612.936318][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 612.946282][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 612.956284][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 612.966226][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 612.975948][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 612.987132][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 612.997092][ T9388] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 613.007639][ T26] audit: type=1800 audit(1756589242.253:479): pid=9388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1380" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 613.145048][ T9407] input: syz1 as /devices/virtual/input/input41 [ 613.786740][ T9408] loop1: detected capacity change from 0 to 4096 [ 614.324232][ T4182] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 614.365908][ T4182] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 614.575175][ T9261] Set syz1 is full, maxelem 65536 reached [ 614.617126][ T8663] usb 6-1: USB disconnect, device number 2 [ 615.658219][ T9439] tipc: Started in network mode [ 615.689053][ T9439] tipc: Node identity 0e1fbd8bbe1d, cluster identity 4711 [ 615.696586][ T9439] tipc: Enabled bearer , priority 0 [ 616.404837][ T9454] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1394'. [ 616.465746][ T9455] binder: 9445:9455 ioctl 4018620d 0 returned -22 [ 616.760286][ T9438] tipc: Disabling bearer [ 616.779920][ T4232] tipc: Node number set to 2952969611 [ 617.131753][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1399'. [ 617.203786][ T9468] loop1: detected capacity change from 0 to 64 [ 617.367986][ T9471] loop2: detected capacity change from 0 to 4096 [ 617.461558][ T9481] overlayfs: './file0' not a directory [ 618.996936][ T4194] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 619.299855][ T4194] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 619.702441][ T9510] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1408'. [ 619.769596][ T9511] binder: 9506:9511 ioctl 4018620d 0 returned -22 [ 621.216096][ T9530] loop2: detected capacity change from 0 to 64 [ 621.387433][ T4300] Bluetooth: Error in BCSP hdr checksum [ 621.642914][ T378] Bluetooth: Error in BCSP hdr checksum [ 621.900599][ T4300] Bluetooth: Error in BCSP hdr checksum [ 623.178922][ T7430] Bluetooth: hci2: command 0x1003 tx timeout [ 623.274009][ T4195] Bluetooth: hci2: sending frame failed (-49) [ 624.133606][ T9538] loop2: detected capacity change from 0 to 4096 [ 624.221881][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.228207][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.446930][ T13] Bluetooth: hci2: command 0x1001 tx timeout [ 625.454116][ T4195] Bluetooth: hci2: sending frame failed (-49) [ 625.626015][ T9552] netlink: 'syz.2.1420': attribute type 10 has an invalid length. [ 625.671182][ T9552] team0: Port device netdevsim0 added [ 629.628271][ T9560] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1422'. [ 629.686286][ T9561] binder: 9557:9561 ioctl 4018620d 0 returned -22 [ 629.860207][ T4455] Bluetooth: hci2: command 0x1009 tx timeout [ 630.034978][ T9565] loop5: detected capacity change from 0 to 512 [ 630.265126][ T9565] EXT4-fs (loop5): Test dummy encryption mode enabled [ 630.313237][ T9565] EXT4-fs (loop5): Unrecognized mount option "=" or missing value [ 630.437026][ T9574] loop4: detected capacity change from 0 to 64 [ 631.350934][ T8663] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 632.718853][ T8663] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 632.728106][ T8663] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 632.778370][ T8663] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 632.789226][ T8663] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xF7, skipping [ 633.379191][ T8663] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 633.405395][ T8663] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 633.456203][ T8663] usb 6-1: Product: syz [ 633.499236][ T8663] usb 6-1: Manufacturer: syz [ 633.793649][ T8663] cdc_wdm 6-1:1.0: skipping garbage [ 633.803440][ T8663] cdc_wdm 6-1:1.0: skipping garbage [ 633.809212][ T8663] cdc_wdm: probe of 6-1:1.0 failed with error -22 [ 633.927963][ T4455] usb 6-1: USB disconnect, device number 3 [ 635.649162][ T9603] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1435'. [ 635.707132][ T9604] binder: 9601:9604 ioctl 4018620d 0 returned -22 [ 636.879898][ T9612] loop1: detected capacity change from 0 to 512 [ 636.958240][ T9612] EXT4-fs (loop1): Test dummy encryption mode enabled [ 637.019360][ T9612] EXT4-fs (loop1): Unrecognized mount option "=" or missing value [ 637.064873][ T9614] loop5: detected capacity change from 0 to 64 [ 637.958462][ T9619] tipc: Started in network mode [ 637.982555][ T9619] tipc: Node identity 2edb2f547051, cluster identity 4711 [ 638.028225][ T9619] tipc: Enabled bearer , priority 0 [ 638.104443][ T9624] device syzkaller0 entered promiscuous mode [ 639.193331][ T4452] tipc: Node number set to 1586114388 [ 639.303517][ T9622] tipc: Resetting bearer [ 640.378336][ T9622] tipc: Disabling bearer [ 640.590770][ T9642] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1447'. [ 640.651072][ T9643] binder: 9640:9643 ioctl 4018620d 0 returned -22 [ 641.704271][ T8663] Bluetooth: hci5: command 0x0406 tx timeout [ 641.739916][ T9645] team0: No ports can be present during mode change [ 641.997092][ T9650] loop2: detected capacity change from 0 to 512 [ 642.146856][ T9650] EXT4-fs (loop2): Test dummy encryption mode enabled [ 642.219691][ T9650] EXT4-fs (loop2): Unrecognized mount option "=" or missing value [ 646.188876][ T9673] tipc: Started in network mode [ 646.208849][ T9673] tipc: Node identity 469303c823cc, cluster identity 4711 [ 646.208980][ T9673] tipc: Enabled bearer , priority 0 [ 646.419859][ T9676] device syzkaller0 entered promiscuous mode [ 646.499879][ T8340] Bluetooth: hci5: Received unexpected HCI Event 00000000 [ 647.338824][ T8667] tipc: Node number set to 1700725704 [ 647.588155][ T9676] tipc: Resetting bearer [ 647.821157][ T9690] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1459'. [ 647.882530][ T9691] binder: 9688:9691 ioctl 4018620d 0 returned -22 [ 648.605790][ T9676] tipc: Disabling bearer [ 651.506384][ T9726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1472'. [ 651.598558][ T9726] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 651.668983][ T9726] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 651.710419][ T9726] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 651.733476][ T9726] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 651.837585][ T9730] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1473'. [ 651.896891][ T9731] binder: 9728:9731 ioctl 4018620d 0 returned -22 [ 653.811840][ T9733] block device autoloading is deprecated and will be removed. [ 657.628814][ T9746] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1477'. [ 657.787629][ T9785] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1485'. [ 657.849528][ T9786] binder: 9781:9786 ioctl 4018620d 0 returned -22 [ 659.396031][ T9801] ALSA: mixer_oss: invalid OSS volume '' [ 661.157052][ T9811] loop5: detected capacity change from 0 to 2048 [ 661.177025][ T9812] loop3: detected capacity change from 0 to 2048 [ 661.335278][ T9818] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 661.355160][ T9817] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 661.396658][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.407119][ T9811] Remounting filesystem read-only [ 661.412641][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.422629][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.432669][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.443277][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.453054][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.463273][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.473005][ T9811] NILFS error (device loop5): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 661.482880][ T26] audit: type=1800 audit(1756589290.743:480): pid=9811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1493" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 661.690099][ T26] audit: type=1326 audit(1756589290.933:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9810 comm="syz.3.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 661.728582][ T26] audit: type=1326 audit(1756589290.933:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9810 comm="syz.3.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55171eebe9 code=0x7ffc0000 [ 661.790267][ T8338] [ 661.792643][ T8338] ====================================================== [ 661.799669][ T8338] WARNING: possible circular locking dependency detected [ 661.806750][ T8338] syzkaller #0 Not tainted [ 661.811188][ T8338] ------------------------------------------------------ [ 661.818231][ T8338] syz-executor/8338 is trying to acquire lock: [ 661.824392][ T8338] ffff888076680938 ((wq_completion)loop5){+.+.}-{0:0}, at: flush_workqueue+0x126/0x1380 [ 661.834167][ T8338] [ 661.834167][ T8338] but task is already holding lock: [ 661.841548][ T8338] ffff888147154468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 661.850465][ T8338] [ 661.850465][ T8338] which lock already depends on the new lock. [ 661.850465][ T8338] [ 661.860880][ T8338] [ 661.860880][ T8338] the existing dependency chain (in reverse order) is: [ 661.869915][ T8338] [ 661.869915][ T8338] -> #7 (&lo->lo_mutex){+.+.}-{3:3}: [ 661.877389][ T8338] __mutex_lock_common+0x1eb/0x2390 [ 661.883212][ T8338] mutex_lock_killable_nested+0x17/0x20 [ 661.889290][ T8338] lo_open+0x6a/0x100 [ 661.893808][ T8338] blkdev_get_whole+0x90/0x390 [ 661.899188][ T8338] blkdev_get_by_dev+0x2d0/0xa60 [ 661.904658][ T8338] blkdev_open+0x12d/0x2c0 [ 661.909599][ T8338] do_dentry_open+0x7ff/0xf80 [ 661.914801][ T8338] path_openat+0x2682/0x2f30 [ 661.919916][ T8338] do_filp_open+0x1b3/0x3e0 [ 661.924943][ T8338] do_sys_openat2+0x142/0x4a0 [ 661.930143][ T8338] __x64_sys_openat+0x135/0x160 [ 661.935515][ T8338] do_syscall_64+0x4c/0xa0 [ 661.940455][ T8338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 661.946874][ T8338] [ 661.946874][ T8338] -> #6 (&disk->open_mutex){+.+.}-{3:3}: [ 661.954693][ T8338] __mutex_lock_common+0x1eb/0x2390 [ 661.960416][ T8338] mutex_lock_nested+0x17/0x20 [ 661.965705][ T8338] blkdev_get_by_dev+0x157/0xa60 [ 661.971165][ T8338] swsusp_check+0x9b/0x2a0 [ 661.976105][ T8338] software_resume+0xc6/0x3b0 [ 661.981321][ T8338] resume_store+0xe4/0x130 [ 661.986259][ T8338] kernfs_fop_write_iter+0x379/0x4c0 [ 661.992151][ T8338] vfs_write+0x712/0xd00 [ 661.996940][ T8338] ksys_write+0x14d/0x250 [ 662.001814][ T8338] do_syscall_64+0x4c/0xa0 [ 662.006767][ T8338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 662.013204][ T8338] [ 662.013204][ T8338] -> #5 (system_transition_mutex/1){+.+.}-{3:3}: [ 662.021722][ T8338] __mutex_lock_common+0x1eb/0x2390 [ 662.027464][ T8338] mutex_lock_nested+0x17/0x20 [ 662.032749][ T8338] software_resume+0x7c/0x3b0 [ 662.037952][ T8338] resume_store+0xe4/0x130 [ 662.042894][ T8338] kernfs_fop_write_iter+0x379/0x4c0 [ 662.048709][ T8338] vfs_write+0x712/0xd00 [ 662.053482][ T8338] ksys_write+0x14d/0x250 [ 662.058344][ T8338] do_syscall_64+0x4c/0xa0 [ 662.063300][ T8338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 662.069726][ T8338] [ 662.069726][ T8338] -> #4 (&of->mutex){+.+.}-{3:3}: [ 662.076937][ T8338] __mutex_lock_common+0x1eb/0x2390 [ 662.082670][ T8338] mutex_lock_nested+0x17/0x20 [ 662.087953][ T8338] kernfs_seq_start+0x51/0x3c0 [ 662.093238][ T8338] seq_read_iter+0x3c4/0xd50 [ 662.098375][ T8338] vfs_read+0x725/0xcf0 [ 662.103050][ T8338] ksys_read+0x14d/0x250 [ 662.107810][ T8338] do_syscall_64+0x4c/0xa0 [ 662.112743][ T8338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 662.119178][ T8338] [ 662.119178][ T8338] -> #3 (&p->lock){+.+.}-{3:3}: [ 662.126214][ T8338] __mutex_lock_common+0x1eb/0x2390 [ 662.131933][ T8338] mutex_lock_nested+0x17/0x20 [ 662.137215][ T8338] seq_read_iter+0xad/0xd50 [ 662.142242][ T8338] generic_file_splice_read+0x3a2/0x590 [ 662.148307][ T8338] splice_direct_to_actor+0x413/0xb50 [ 662.154207][ T8338] do_splice_direct+0x1b9/0x2c0 [ 662.159578][ T8338] do_sendfile+0x5d5/0xec0 [ 662.164514][ T8338] __se_sys_sendfile64+0x13b/0x190 [ 662.170147][ T8338] do_syscall_64+0x4c/0xa0 [ 662.175082][ T8338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 662.181525][ T8338] [ 662.181525][ T8338] -> #2 (sb_writers#3){.+.+}-{0:0}: [ 662.188914][ T8338] lo_write_bvec+0x193/0x770 [ 662.194023][ T8338] loop_process_work+0x1d62/0x2480 [ 662.199650][ T8338] process_one_work+0x863/0x1000 [ 662.205115][ T8338] worker_thread+0xaa8/0x12a0 [ 662.210316][ T8338] kthread+0x436/0x520 [ 662.214902][ T8338] ret_from_fork+0x1f/0x30 [ 662.219835][ T8338] [ 662.219835][ T8338] -> #1 ((work_completion)(&worker->work)){+.+.}-{0:0}: [ 662.228949][ T8338] process_one_work+0x7bf/0x1000 [ 662.234401][ T8338] worker_thread+0xaa8/0x12a0 [ 662.239596][ T8338] kthread+0x436/0x520 [ 662.244192][ T8338] ret_from_fork+0x1f/0x30 [ 662.249142][ T8338] [ 662.249142][ T8338] -> #0 ((wq_completion)loop5){+.+.}-{0:0}: [ 662.257229][ T8338] __lock_acquire+0x2c33/0x7c60 [ 662.262619][ T8338] lock_acquire+0x197/0x3f0 [ 662.267648][ T8338] flush_workqueue+0x142/0x1380 [ 662.273033][ T8338] drain_workqueue+0xcf/0x380 [ 662.278233][ T8338] destroy_workqueue+0x7b/0xb20 [ 662.283607][ T8338] __loop_clr_fd+0x234/0xb90 [ 662.288723][ T8338] blkdev_put+0x53f/0x7d0 [ 662.293584][ T8338] deactivate_locked_super+0x93/0xf0 [ 662.299391][ T8338] cleanup_mnt+0x418/0x4d0 [ 662.304331][ T8338] task_work_run+0x125/0x1a0 [ 662.309443][ T8338] exit_to_user_mode_loop+0x10f/0x130 [ 662.315339][ T8338] exit_to_user_mode_prepare+0xb1/0x140 [ 662.321410][ T8338] syscall_exit_to_user_mode+0x16/0x40 [ 662.327396][ T8338] do_syscall_64+0x58/0xa0 [ 662.332335][ T8338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 662.338750][ T8338] [ 662.338750][ T8338] other info that might help us debug this: [ 662.338750][ T8338] [ 662.348976][ T8338] Chain exists of: [ 662.348976][ T8338] (wq_completion)loop5 --> &disk->open_mutex --> &lo->lo_mutex [ 662.348976][ T8338] [ 662.362449][ T8338] Possible unsafe locking scenario: [ 662.362449][ T8338] [ 662.369893][ T8338] CPU0 CPU1 [ 662.375258][ T8338] ---- ---- [ 662.380622][ T8338] lock(&lo->lo_mutex); [ 662.384868][ T8338] lock(&disk->open_mutex); [ 662.391988][ T8338] lock(&lo->lo_mutex); [ 662.398752][ T8338] lock((wq_completion)loop5); [ 662.403599][ T8338] [ 662.403599][ T8338] *** DEADLOCK *** [ 662.403599][ T8338] [ 662.411735][ T8338] 2 locks held by syz-executor/8338: [ 662.417018][ T8338] #0: ffff8880202ec518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 662.426346][ T8338] #1: ffff888147154468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 662.435575][ T8338] [ 662.435575][ T8338] stack backtrace: [ 662.441459][ T8338] CPU: 0 PID: 8338 Comm: syz-executor Not tainted syzkaller #0 [ 662.449006][ T8338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 662.459076][ T8338] Call Trace: [ 662.462361][ T8338] [ 662.465316][ T8338] dump_stack_lvl+0x168/0x230 [ 662.470004][ T8338] ? load_image+0x3b0/0x3b0 [ 662.474510][ T8338] ? show_regs_print_info+0x20/0x20 [ 662.479715][ T8338] ? print_circular_bug+0x12b/0x1a0 [ 662.484922][ T8338] check_noncircular+0x274/0x310 [ 662.489862][ T8338] ? add_chain_block+0x940/0x940 [ 662.494897][ T8338] ? lockdep_lock+0xdc/0x1e0 [ 662.499494][ T8338] ? mark_lock+0x94/0x320 [ 662.503832][ T8338] __lock_acquire+0x2c33/0x7c60 [ 662.508705][ T8338] ? verify_lock_unused+0x140/0x140 [ 662.513913][ T8338] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 662.519982][ T8338] ? verify_lock_unused+0x140/0x140 [ 662.525190][ T8338] ? __perf_event_task_sched_in+0x4c4/0x550 [ 662.531086][ T8338] ? verify_lock_unused+0x140/0x140 [ 662.536290][ T8338] ? verify_lock_unused+0x140/0x140 [ 662.541502][ T8338] ? memset+0x1e/0x40 [ 662.545490][ T8338] lock_acquire+0x197/0x3f0 [ 662.550010][ T8338] ? flush_workqueue+0x126/0x1380 [ 662.555041][ T8338] ? __mutex_trylock_common+0x14f/0x250 [ 662.560602][ T8338] ? read_lock_is_recursive+0x10/0x10 [ 662.565990][ T8338] ? __init_swait_queue_head+0xa5/0x150 [ 662.571542][ T8338] flush_workqueue+0x142/0x1380 [ 662.576483][ T8338] ? flush_workqueue+0x126/0x1380 [ 662.581509][ T8338] ? __lock_acquire+0x7c60/0x7c60 [ 662.586534][ T8338] ? lock_chain_count+0x20/0x20 [ 662.591384][ T8338] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 662.596792][ T8338] ? lockdep_hardirqs_off+0x70/0x100 [ 662.602083][ T8338] ? rcu_work_rcufn+0x110/0x110 [ 662.606954][ T8338] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 662.612595][ T8338] ? finish_wait+0xc0/0x1d0 [ 662.617103][ T8338] drain_workqueue+0xcf/0x380 [ 662.621795][ T8338] destroy_workqueue+0x7b/0xb20 [ 662.626672][ T8338] __loop_clr_fd+0x234/0xb90 [ 662.631271][ T8338] ? lo_release+0x172/0x1f0 [ 662.635775][ T8338] ? lo_open+0x100/0x100 [ 662.640019][ T8338] blkdev_put+0x53f/0x7d0 [ 662.644355][ T8338] deactivate_locked_super+0x93/0xf0 [ 662.649649][ T8338] cleanup_mnt+0x418/0x4d0 [ 662.654075][ T8338] ? lockdep_hardirqs_on+0x94/0x140 [ 662.659276][ T8338] task_work_run+0x125/0x1a0 [ 662.663872][ T8338] exit_to_user_mode_loop+0x10f/0x130 [ 662.669252][ T8338] exit_to_user_mode_prepare+0xb1/0x140 [ 662.674820][ T8338] syscall_exit_to_user_mode+0x16/0x40 [ 662.680287][ T8338] do_syscall_64+0x58/0xa0 [ 662.684717][ T8338] ? clear_bhb_loop+0x30/0x80 [ 662.689394][ T8338] ? clear_bhb_loop+0x30/0x80 [ 662.694071][ T8338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 662.699978][ T8338] RIP: 0033:0x7fd0b99e1f17 [ 662.704402][ T8338] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 662.724010][ T8338] RSP: 002b:00007ffe0a8c39a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 662.732428][ T8338] RAX: 0000000000000000 RBX: 00007fd0b9a63c05 RCX: 00007fd0b99e1f17 [ 662.740400][ T8338] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe0a8c3a60 [ 662.748370][ T8338] RBP: 00007ffe0a8c3a60 R08: 0000000000000000 R09: 0000000000000000 [ 662.756426][ T8338] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe0a8c4af0 [ 662.764399][ T8338] R13: 00007fd0b9a63c05 R14: 00000000000a1885 R15: 00007ffe0a8c4b30 [ 662.772377][ T8338] [ 663.205177][ T9829] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1498'. [ 663.263589][ T9830] binder: 9827:9830 ioctl 4018620d 0 returned -22