last executing test programs: 9.91436045s ago: executing program 0 (id=1050): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) read(r0, &(0x7f00000000c0)=""/178, 0xb2) socket$nl_route(0x10, 0x3, 0x0) 8.421502506s ago: executing program 0 (id=1059): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x70) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in6=@ipv4={""/10, ""/2, @loopback}}}, {{@in6=@private0}, 0x0, @in6=@ipv4={""/10, ""/2, @multicast1}}}, &(0x7f0000000380)=0xe8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(r4, 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSW2(r3, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff}) syz_usb_connect(0x3, 0x2d, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000100), 0xfd, 0x269, &(0x7f0000000a00)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0xb) lsetxattr$system_posix_acl(0x0, &(0x7f0000000340)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') 4.766894967s ago: executing program 0 (id=1090): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r4) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003080)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x2, 0x9, 0x4, 0x6}, 0x1, 0xfb}, [{0x2, 0x9c, 0x80, 0x6, 0x2, 0x7}, {0x1, 0x6, 0x4, 0x3, 0xfffffffd, 0x81}, {0x1, 0x80000001, 0x8, 0x101, 0x3}, {0x3, 0x9, 0x0, 0x7, 0x5, 0x4}, {0xf, 0x7, 0x9, 0x51, 0x8}, {0x3, 0x4, 0xc, 0x101, 0x3, 0x84b5}, {0x9c, 0x4, 0x9, 0x2, 0x487, 0x8}, {0x1, 0x10000, 0x5, 0x4, 0x3, 0x8000}, {0x7, 0x9, 0x1ff, 0x8, 0x2, 0x7fff}, {0x439356e7, 0x609, 0x16, 0x0, 0x10000, 0x6}, {0x5, 0x3, 0x8, 0x3, 0x0, 0xffffffff}, {0x5, 0x0, 0x7, 0x7, 0x8, 0x5}, {0x5, 0x8, 0x9, 0x5, 0xfffff000, 0x7}, {0x768d, 0xcd, 0x8, 0x7, 0x5, 0x9}, {0x1, 0xfffffffb, 0x6, 0x5, 0x7ff, 0x6}, {0xfffffffb, 0x3, 0xfffffffe, 0x6, 0x2}, {0xfffff9fd, 0x9, 0xa5f, 0xa, 0x5, 0x2}, {0xffff997c, 0x9, 0x167, 0x2, 0x71, 0xa2}, {0x5, 0x2, 0xc, 0x8, 0x9, 0x60}, {0x5, 0xa, 0x2, 0x4, 0x3, 0x2000}, {0x32d, 0x8, 0x7fff, 0x4, 0x8, 0x9}, {0x8, 0x200, 0x58fe, 0x7ff, 0x4, 0x3}, {0x101, 0xd, 0x101, 0x1, 0x3, 0x8}, {0x0, 0x3, 0x1ff, 0x7437ec78, 0x2, 0x9}, {0xffffffff, 0x1, 0x9, 0x0, 0x1, 0x4}, {0xc, 0xe, 0x0, 0x3, 0x8, 0x81}, {0x3, 0x3, 0x6, 0xe, 0x0, 0x80}, {0xd, 0x0, 0x7ff, 0x0, 0x80000000, 0x2}, {0x4, 0xb, 0x6c5f1878, 0x57c4, 0x8, 0x25ff}, {0x4, 0xd, 0x1fadd976, 0x3071, 0x0, 0x1}, {0x5, 0x800, 0x3, 0x3, 0x3, 0x9}, {0x9, 0x1ff, 0x81, 0x9c, 0x1, 0x5}, {0x9, 0xd76, 0x6, 0xdc2, 0xa16a, 0x2}, {0x1ff, 0x5, 0x7, 0x2, 0x2, 0x1}, {0x1, 0x32158140, 0x0, 0x8, 0x6, 0x7}, {0xe, 0x4, 0x9000, 0x5, 0x2, 0x7f}, {0x3, 0x2ec74d53, 0x0, 0x0, 0x8, 0x2}, {0x5, 0xfff, 0xffffff13, 0x6, 0x2, 0x6}, {0x1, 0x6, 0x3, 0x4, 0xffb, 0x9}, {0x6, 0x6, 0x1ff, 0x8, 0x7ff, 0x8001}, {0x4, 0xffffffff, 0x0, 0xfffff740, 0x4, 0x4}, {0xffff, 0x5, 0x7, 0x8ac, 0xf}, {0x5, 0x3, 0x6, 0x1000, 0xd8fe, 0x8001}, {0xd, 0x3, 0x80000000, 0x0, 0xffffff81, 0x7ff}, {0xfffffffb, 0x2, 0x1ff, 0xf9, 0xffff8001}, {0x0, 0x6, 0x8000, 0x9, 0x500, 0x7}, {0x1, 0xffffffff, 0x834, 0x7, 0x0, 0x3}, {0x7fff, 0x6, 0x0, 0x2, 0x2, 0x8}, {0xf61, 0x101, 0x9, 0x2, 0x80000000, 0x7fff}, {0xc7, 0x1, 0xad, 0x2, 0xffff, 0x20000000}, {0x0, 0x5, 0x1, 0xffff, 0x3, 0x3}, {0x8, 0x10001, 0x9f98, 0x1, 0x8, 0x66a}, {0xfff, 0x6, 0x8, 0x80000001, 0x0, 0x7f}, {0x8, 0x6, 0x7f, 0x5, 0x3, 0xb}, {0x4, 0x4b, 0x0, 0x1, 0x7f, 0x7fffffff}, {0xfff, 0x47e4, 0x1, 0x0, 0x80000001, 0x9}, {0x3, 0x9, 0x7, 0x6, 0x3e6b7592, 0xe5}, {0x9, 0x9, 0x1, 0x9, 0x0, 0x2}, {0x8, 0x80000001, 0x7fff, 0xb2d9, 0xfffffffe, 0x8}, {0x80000001, 0x9, 0x5206, 0x2, 0x53ce, 0x3}, {0xffffff81, 0x7, 0x8, 0x8, 0x7f, 0x80000000}, {0xfffffff9, 0x9, 0x6, 0x6, 0x9, 0x3}, {0xfffffffd, 0x8, 0x6, 0x5, 0x3, 0x8f}, {0x741, 0x0, 0x9, 0x7fffffff, 0x2, 0x200}, {0x401, 0x2, 0x8, 0x6, 0x4, 0xc6e9}, {0x1, 0x2d73, 0x3ff, 0x5, 0x9f17, 0xffffff7f}, {0x2, 0x401, 0x2b00, 0xfffff57b, 0xfffffc00, 0xd}, {0x3, 0x4, 0xc52b, 0x9, 0x5, 0xff}, {0x0, 0x4, 0x401, 0x0, 0x1, 0x9}, {0x8, 0x4, 0x1, 0x2, 0x10, 0x1}, {0xff, 0x8, 0x6, 0x5, 0xff, 0x5}, {0x2, 0xb15ce2d, 0x80000001, 0xbeab, 0x8, 0x4f}, {0x3, 0x8, 0x3, 0x7, 0x8, 0x4}, {0xfff, 0x9, 0x6, 0x3, 0x100, 0x57}, {0x9, 0x5, 0x4, 0x3, 0xa, 0x2}, {0xb3, 0xe, 0x3, 0x8000, 0x7, 0x9}, {0xff, 0x7, 0x5, 0x10001, 0x6, 0x6}, {0x2, 0x8f, 0x9, 0xffffff46, 0x4, 0x80000000}, {0x9, 0x2, 0xfffffffc, 0x1, 0xd50, 0x3}, {0xd203, 0x7, 0x1, 0x10000, 0x43, 0x1ff}, {0x4, 0x3ff, 0xffffffff, 0x1, 0x5, 0x100}, {0x1ff, 0x3, 0x7ff, 0xfffffff8, 0x1ff, 0xfffffffc}, {0x7, 0x9, 0x3ff, 0x1, 0x7, 0x4}, {0x0, 0x6, 0x0, 0x9, 0xffff0001, 0xcca}, {0x7, 0x1, 0xfffffff1, 0x3ff, 0x100, 0x4}, {0x3, 0x9, 0x0, 0xed4, 0x4, 0x6}, {0x9, 0x7, 0x8001, 0x7, 0x7, 0x2}, {0x3, 0xfff, 0x9, 0x5, 0xb5, 0x3}, {0x0, 0x1, 0x1, 0x5, 0xffffff05, 0xfff}, {0x7, 0x5, 0x2, 0x2, 0x0, 0xfffff9de}, {0x5, 0xffffffff, 0xe6b, 0xb, 0xb, 0x4}, {0x1d, 0xffffff10, 0x1, 0x2, 0xff, 0x52e2}, {0x0, 0x9, 0x0, 0x7, 0xdb, 0x5}, {0x7, 0x2, 0x9, 0x8, 0xa, 0x100}, {0x81, 0x4, 0x988, 0x0, 0x0, 0x7}, {0xdc03, 0x7, 0x402c, 0xffff, 0xfffffff9, 0x4}, {0xa, 0xfffffffe, 0x1, 0x1ff, 0x1ff, 0xc1b5}, {0xa24b, 0x947d, 0x3, 0x4, 0x80000000, 0x2}, {0x9, 0x401, 0xa89, 0x5ef, 0x9, 0x8}, {0x4, 0x7fff, 0x0, 0x4, 0x7fffffff}, {0x3, 0xb8c, 0x6, 0x21761f6a, 0x1, 0x6}, {0xfff, 0xda, 0x1f, 0x4, 0x8, 0x2}, {0x6, 0x10, 0x0, 0x0, 0xfffffff7, 0x43}, {0xfffff000, 0x8, 0xe96, 0x9, 0x9, 0x34b0}, {0x4, 0x8, 0x8, 0x3, 0x6cf4, 0x1}, {0x3, 0x3, 0x7, 0x4, 0xbe, 0x81}, {0x4, 0x800, 0x0, 0x5, 0x8, 0xfa2f}, {0x3, 0xffe00000, 0x81, 0x2, 0x8, 0x6}, {0x9, 0x2, 0x6, 0x4, 0xf, 0x5}, {0x100, 0x1, 0x2, 0xffffffff, 0x9, 0x74}, {0x4, 0x4, 0x8, 0x1, 0x0, 0x3}, {0xfffffff8, 0x7, 0xffffffff, 0x62f, 0x401, 0x30564e0}, {0x9a2f, 0x800, 0x8, 0x7, 0x7}, {0x20000006, 0x2, 0x800, 0x200, 0x9, 0x3}, {0x7, 0x6, 0x8936, 0xdcb, 0x0, 0x2}, {0x6, 0x80000000, 0x8, 0xe, 0xfffffffa, 0x8de3}, {0x0, 0x9, 0x8, 0xfff, 0x6, 0x1ff}, {0x8195, 0x2, 0x1000}, {0x1, 0x5, 0xff, 0x9e0f, 0x5, 0x6}, {0x7fff, 0x6, 0x0, 0x5, 0x8000, 0x3}, {0x7ff, 0x9, 0xa, 0x6, 0x7, 0xe77}, {0x1, 0x5e12, 0x3, 0xfffffffa, 0x2, 0x80000001}, {0xffffff8c, 0x2, 0x1, 0x1, 0x10, 0x5}, {0x4, 0x7, 0x4, 0x78d, 0xffffcff9, 0x9}, {0x1, 0xe, 0x7c0, 0x2, 0x2, 0x207f}, {0x10, 0x5, 0xfffffffa, 0xff, 0x80000, 0xfff}, {0x1, 0x7ff, 0x696e, 0xa, 0x49d, 0xb}, {0x9bf4, 0x0, 0x5, 0x3, 0x3, 0x1000}], [{0x1, 0x1}, {0x2}, {0x5}, {0x2}, {0x2, 0x745e81639ff0f356}, {0x4}, {0x5}, {0x3, 0x1}, {0x3}, {0x2}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x2}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2}, {0x2}, {0x3, 0x1}, {0x2}, {0x5}, {0x2}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x5, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x1, 0x1}, {0x5}, {0xa}, {0x3}, {0x3}, {0x2, 0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x4}, {0x4, 0x1}, {0x4}, {0x4}, {0x1, 0x1}, {0x2, 0x1}, {0x5, 0x3}, {0x4, 0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {0x6}, {0xa}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1}, {0x4}, {0x5}, {0x3}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x2}, {0xb82e57098c7a44ef}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {}, {0x4}, {0x3}, {0x3}, {0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x0, 0x1}, {0x5}], 0xff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r8, 0xc}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000180)="27030200590214000600", 0xa}, {&(0x7f0000000280)="3d2af7cd5f25980f6c84e4ead3a21f6072a5cc81d7379bf979669074", 0x1c}], 0x2}, 0x4) 4.389552551s ago: executing program 0 (id=1093): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000380)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x20, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x9, {[@mptcp=@add_addr={0x1e, 0xa, 0x0, 0xa, 0xb, @dev={0xac, 0x14, 0x14, 0x26}, 0x3}]}}}}}}}}, 0x0) 4.283671962s ago: executing program 0 (id=1095): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = dup2(r0, r0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x3, 0x40000000, 0x10}) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 3.970951196s ago: executing program 0 (id=1100): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x70) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in6=@ipv4={""/10, ""/2, @loopback}}}, {{@in6=@private0}, 0x0, @in6=@ipv4={""/10, ""/2, @multicast1}}}, &(0x7f0000000380)=0xe8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(r4, 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSW2(r3, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff}) syz_usb_connect(0x3, 0x2d, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000100), 0xfd, 0x269, &(0x7f0000000a00)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0xb) lsetxattr$system_posix_acl(0x0, &(0x7f0000000340)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') 3.073294446s ago: executing program 1 (id=1108): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000040), 0xfd, 0x269, &(0x7f0000000a00)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in=@private, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f0000000380)=0xe8) ioprio_set$uid(0x3, r0, 0x2004) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f0000000140)='S', 0x1) sendfile(r2, r1, 0x0, 0x7fffffff) 2.790176389s ago: executing program 3 (id=1112): socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="030000000400000004000000b5"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc1) socket$inet(0x2, 0x3, 0xa) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_raw(0x1d, 0x3, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x5, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000f00000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000300), &(0x7f0000000280)=r3}, 0x20) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r3, r5, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @random="0000fc00", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x16, 0x7c, 0x0, @multicast1}}}}}, 0x0) 2.75468866s ago: executing program 3 (id=1113): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) 2.72132137s ago: executing program 3 (id=1114): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001240)={[{@dioread_nolock}, {@norecovery}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@fowner_eq}, {@hash}, {@permit_directio}, {@subj_type={'subj_type', 0x3d, '/)/-:$//('}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}, 0xfd, 0x573, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ") r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r0, &(0x7f0000002240)=""/237, 0xed, 0x4eb) 2.172546926s ago: executing program 4 (id=1117): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000240)=@xdp={0x2c, 0x0, r2, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x0) 1.946313589s ago: executing program 3 (id=1119): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) recvmsg(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000006c0)}, 0x40000102) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000480)=ANY=[], 0x8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x1fff, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808b", 0x4) 1.904112109s ago: executing program 1 (id=1120): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5f090930f70e0dd038e7ff7fc6e5539b324c078b089b3b333b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f347cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea56777e001cd34e5cb2f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf054135bbafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd731a0bfc1cb1a4c78f9ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b01979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e49336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba80900000000000000d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 1.79988917s ago: executing program 4 (id=1121): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, &(0x7f0000000140)={0x1a, 0x201, 0x0, 0x0, 0x3, 0x9}, 0x10) 1.573660873s ago: executing program 4 (id=1123): open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x799f4f8729a3733e) open(&(0x7f0000000080)='./file0\x00', 0x600, 0x18e) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010001d0025bd7000fadbdf2500000000", @ANYRES32=r2, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES16=r0], 0x44}}, 0x8000) 1.470774023s ago: executing program 2 (id=1125): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r0, 0x4b45, 0x0) r1 = dup(r0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0xffe2, 0x101}}) 1.382772365s ago: executing program 1 (id=1126): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x3c, r1, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x3c}}, 0x0) 1.258320976s ago: executing program 4 (id=1127): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x204000, &(0x7f0000000040)={[{@grpquota}, {@barrier_val={'barrier', 0x3d, 0x857}}]}, 0x4, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r0 = openat(0xffffffffffffff9c, &(0x7f0000000480)='.\x00', 0x10000, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) symlink(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.258147256s ago: executing program 2 (id=1128): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCGPTPEER(r0, 0x5441, 0x5) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x3, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9, 0x6b7, 0x80, 0x7fc, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x800) sendto$inet(r1, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0) recvfrom$inet(r1, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x700) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x13, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000033b52266000010000000000000010000786c6c250000000000202020630af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000001000000000800000018010000202078250000000000202020dd1af5ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000095000000950000000000"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) clock_adjtime(0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) getsockopt$sock_int(r4, 0x1, 0xa, 0xfffffffffffffffe, &(0x7f0000000040)=0x3e) fsetxattr$trusted_overlay_nlink(r4, &(0x7f0000000000), &(0x7f0000000080)={'L+', 0x81}, 0x16, 0x1) syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x0, &(0x7f00000000c0)={[{@bh}, {@init_itable}, {@journal_path={'journal_path', 0x3d, './file1/file0'}}, {@sb={'sb', 0x3d, 0x7}}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@min_batch_time={'min_batch_time', 0x3d, 0x10000}}, {@noload}]}, 0x3, 0x46d, &(0x7f0000000980)="$eJzs3M2PU1UbAPDn3k4HeIF3RsQPPtRRNE6izjCAysKFGk1cYGKiC3U3YQaCFDDMmAghCsbgyhgT98Z/w5VujHFl4lb3hoQYNoCrmtvey7Sdtsx02qnS3y+5cM794Jyn55723HNoAxhZU9kfScSOiPg9Iibq2eYTpup/3bpx6fjtG5eOJ1Gtvv1XUjvv5o1Lx4tTi+u255npNCL9PIl9bcpdunDx9Hylsng+z88un/lwdunCxedOnZk/uXhy8eyho0ePHJ578YVDz/clzqxON/d+cm7/njfe+/rNY182xd8SR59MdTv4VLXa5+KGa2dDOhkbYkVYl1JEZM1VrvX/iSjFSuNNxOufDbVywEBVq9Xq9s6HL1eBe1gSzXldHkZF8UGfPf8WW+sg4OXBDT+G7vor9QegLO5b+VY/MhZpfk655fm2n6Yi4t3Lf3+bbTGYeQgAgCY/ZOOfZ9uN/9J4sOG8Hfna0GRE3BcRuyLi/ojYHREPRNTOfSgiHl5n+a2LJKvHP+m1ngJbo2z891K+ttU8/itGfzFZynM7a/GXkxOnKosHI+L/ETEd5S1Zfq5LGT++9ttXnY41jv+yLSu/GAvm9bg2tqX5moX55fmNxNzo+pWIvWPt4k/urAQkEbEnIvb2WEa3pa67x99FH9aZqt9FPF1v/8vREn8h6b4+Obs1KjsOzhZ3xWq//Hr1rU7lbyj+Psja/39t7/878U8mjeu1S+sv4+ofX3R8pun1/h9P3qmlx/N9H88vL5+fixhPjtUr3bj/0Mq1Rb44P4t/+kD7/r8rVl6JfRGxPyIeiYhHI+KxvO6PR8QTEXGgS/w/v/rkB73HP1hZ/Avrav+VxHi07mmfKJ3+6fumQidXxX+7e/sfqaWm8z1ref9bS716u5sBAADgvyetze0m6cyddJrOzNT/v/zuiLRybmn5mRPnPjq7UJ8DnoxyWsx0TTTMh87lj/X1/JWIqE/6FccP5/PG35S21fIzpagsDDt4GHHbO/T/zJ+lYdcOGDjf14LRpf/D6NL/YXSts/9vHVQ9gM3Xpv9vG0Y9gM3X2P+LOf9Ph1QXYHO1fP5b9oMRYv4PRlfH/n8v//IPUOPzH0bS0ra4+5fkuyaKf6nHyzeaeD8iaonSmr/z37fEeLcfGojyEF6NQSSqSdvGjbT75WnfqjFR3Kv/hldjZBLDe08CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADop38CAAD//yvj2E0=") 1.186448177s ago: executing program 1 (id=1129): syz_read_part_table(0x5c6, &(0x7f0000000bc0)="$eJzs08FLbGUUAPBzp4bp9d5zHvGgRe3e8CCwhCQSciCRYXCjYmUuWgsuaiG4cDEo46zN/oHCVDA30t6laSAKuhJpJfMPKG1mETdG7zgQtal8ovx+i/nuPZx7vvPxnQnutVwUn1w/pYWI+OPvcp5FROHm7afOQ+FxfLH1ZWWyPj408Xl8lMRXEVF597pcEt2qSff7tFNn5FEcrx4MX+bj8MXJfmktl8V3chGLEfH1+Xrx0T81nf9vZ+bh2C7vFZcas9Xl+XIhqrVm/3Rn8mIwiVicygZr52p9rf3zxv+7f3uir/afOa3WmqXjgY2jdOzi+6cf5PePWx/+epXVc/N/4GH5tD1Sje79//C8flZvjb7cnOvrfT12F1ayi/89Wz/5redO+wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB6u7fJeKxqz1eX58sxptdbsn36/8s63lW+++/jHwYXJtwencu2s5Db3Ly418tlbrVkqDGwcpWMX8XS2HXizk9d7ey1wh957HLHUnr/O/T6vn9Vboy835/p63zrbXVjJ4ulfPyy+4kYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHujEotpOjSRi0jil6QbTwvXayf0c7aOZfGRwmfJ6sHw5dazwxcn+6W18Sy+8yRLPF8vdqv13PYx+Jf+DAAA//84pm1S") preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)='\x00', 0x1}], 0x1, 0x9c00, 0x1, 0x3) 935.45808ms ago: executing program 3 (id=1130): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x449) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000200)={@remote, r4}, 0x14) write(r1, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) 900.8388ms ago: executing program 2 (id=1131): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000240)=@xdp={0x2c, 0x0, r2, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x0) 884.77809ms ago: executing program 1 (id=1132): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0, {0x5e34}}, '.\x00'}) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = epoll_create1(0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'geneve0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYRES32=r5], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000680)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r7, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x70, 0x10, 0x401, 0x70bd28, 0x1, {0x0, 0x0, 0x0, 0x0, 0x8, 0x10000}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x30, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x800}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x81, 0xffffff81}}]}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x70}, 0x1, 0x0, 0x0, 0x240008c4}, 0x20008004) getsockopt$inet_opts(r6, 0x0, 0x9, &(0x7f0000000140)=""/122, &(0x7f00000001c0)=0x7a) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) r8 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x51) r9 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) close_range(r2, 0xffffffffffffffff, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_HEADER(r10, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x3c, 0xc, 0x6, 0x501, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x3c}}, 0x20000000) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="680000001000030426bd7000fdffffffd4086892", @ANYRES32=0x0, @ANYBLOB="5606090040e63412400012800e00010069703665727370616e0000002c000280060010004e2200000600180007000000060011004e22000006000200f8"], 0x68}, 0x1, 0x0, 0x0, 0x600}, 0x0) dup(r0) socket(0x10, 0x803, 0x0) socket$inet(0x2, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'bond_slave_1\x00', 0x800}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="12000000010000000400000008"], 0x48) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0), 0x145000, 0x0) 659.697823ms ago: executing program 4 (id=1133): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) unshare(0x26000400) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, 0x0) 591.439563ms ago: executing program 2 (id=1134): r0 = epoll_create1(0x80000) vmsplice(r0, &(0x7f00000020c0)=[{0x0}, {0xfffffffffffffffe}], 0x2, 0x5) 590.546953ms ago: executing program 1 (id=1135): timer_settime(0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000400)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}, {@bh}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xc00) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x20, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ftruncate(r0, 0x3) 482.377034ms ago: executing program 4 (id=1136): r0 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) 411.602895ms ago: executing program 2 (id=1137): mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000001440)=0x4, 0x4) getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, &(0x7f0000002680)) 294.813116ms ago: executing program 2 (id=1138): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={0x1}, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180), 0x4) socket$packet(0x11, 0x3, 0x300) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000140)=ANY=[@ANYRES16=0x0, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x4840) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0) ftruncate(r3, 0x2007ffc) lseek(r0, 0x8, 0x4) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) r4 = socket(0x11, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r4, &(0x7f00000001c0)={0x11, 0x0, r6, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}}, 0x14) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 0s ago: executing program 3 (id=1139): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000300)={[{@data_err_ignore}, {@noload}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@errors_remount}, {@grpid}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x3}}, {@jqfmt_vfsold}]}, 0x1, 0x47a, &(0x7f00000006c0)="$eJzs28uPFMUfAPBv9z6AH4/lh/gAUVeJyUbjLrugcvCi0cQYjCZ6wOM6O5ANA2vY1QgSWYzxZGJI9Ew8Gv0LvBkTo55MuHryZEiIcgE8remebpgdZni4M8yy8/kkPVPVXT1VNdWP6qqZAPrWaPaSRGyKiN8jYqQeXZ5gtP525dKpytVLpypJLC299VeSp7t86VSlTFrut7GIjKUR6adJkcly8ydOHpmu1arHi/jEwtH3JuZPnHzmg6PTh6uHq8em9u/ft3fy+eemnu1IPbN6Xd758dyuHa++c/b1ysGz7/7yXVbeTcX2xnp0ymhW8b+Xcs3bnux0Zj22uSGcDPawINyRgYjImmsoP/9HYiCuN95IvPJJTwsHdFV2b1rXfvPiErCGJdHrEgC9Ud7os+ffcrlLXY9V4eKL9QegrN5XiqW+ZTDSIs1Q0/NtJ41GxMHFf85lS3RpHAIAoNHnla8ODEfER1e/fS3re4xERDke9ED++kf+uqWYQ9kaEf+PiG0RcV9EbI+I+4u0D0bEQyssz439n/TCCj/yprL+3wvF3Nby/l/Z+4utA0Vsc17/oeTQbK26J9bl38lYDK3L4pM3yeOHl89/0W5bY/8vW7L8y75gUY4Lg00DdDPTC9N5p7QDLp6J2DnYqv7JtZmAJCJ2RMTOO/voLWVg9qlvdrVL1Lr+l8/dVg4dmGda+jqr3mJW/8Voqn8paZyfnL1hfnJifdSqeybqR0Urv/722Zvt8r91+3fXxWr9vaH9m5NsTRrna+c7m/9/PP7T4eTtfJ55uFj34fTCwvHJiOHkQB5ftn7q+r5lvEyfHf9ju1uf/9uKfbL6PxwR2UH8SEQ8GhGPFWV/PCKeiIjdN6njzy/duv6R9qj9z0TMtLz+XTv+m9r/zgMDR376vl3+t9f++/LQWLEmv/7dQqviZJeL5gKu5LsDAACAe0Wa/wY+ScevhdN0fLz+G/7t8b+0Nje/8PShufePzcT5LfXxz7Qc6RopxkNrs7XqZLJYfGJ9fHSqGCsux0v3FuPGXw5syOPjlbnaTI/rDv1uY5vzP/PnQK9LB3TZhpZrp4bvekGAHmieR0+XR0+/ES4GsFb5vzb0r/L8b/O83/g/GGCNcf+H/tXq/D/dFDcXAGuT+z/0L+c/9Kn0xxXs7KkA7nXu/9CXVvK//i4G1q+OYvQmsFobJQ9ElIF0VZRHoEuBXl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOuPfAAAA//+Pc+dq") pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0) ppoll(&(0x7f0000000280)=[{r1, 0x6210}], 0x1, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00000002c0)={0x0, 0x8000000, 0x7f, 0x9ae5, 0x7, "42341f9b1000007e4f0000001900"}) r2 = io_uring_setup(0x43ae, &(0x7f0000000640)={0x0, 0x4178, 0x8, 0x3, 0x200003d5}) close_range(r2, 0xffffffffffffffff, 0x0) r3 = syz_open_pts(r1, 0x40000) dup3(r3, r1, 0x0) splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x0) kernel console output (not intermixed with test programs): 8 [ 89.354142][ T4695] loop2: detected capacity change from 0 to 164 [ 89.453247][ T4697] fuse: Invalid rootmode [ 89.463503][ T4648] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 89.528980][ T4648] ext4 filesystem being mounted at /12/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 89.584438][ T4702] netlink: 20 bytes leftover after parsing attributes in process `syz.2.85'. [ 89.603287][ T4438] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 89.621716][ T4438] usb 5-1: USB disconnect, device number 3 [ 90.078379][ T4719] loop0: detected capacity change from 0 to 512 [ 90.133095][ T4721] loop1: detected capacity change from 0 to 512 [ 90.224918][ T4723] loop2: detected capacity change from 0 to 128 [ 90.956930][ T4719] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 90.971283][ T4721] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 90.992880][ T4719] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 91.006184][ T4723] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 91.012513][ T4721] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 91.036961][ T4723] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 91.047839][ T4723] ext2 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.110536][ T4719] EXT4-fs error (device loop0): ext4_orphan_get:1406: inode #15: comm syz.0.93: inode has both inline data and extents flags [ 91.175506][ T4719] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.93: couldn't read orphan inode 15 (err -117) [ 91.189431][ T4721] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 91.224327][ T4728] loop4: detected capacity change from 0 to 512 [ 91.252812][ T4719] EXT4-fs (loop0): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000001,block_validity,jqfmt=vfsold,quota,resuid=0x0000000000000000,lazytime,noblock_validity,usrquota,,errors=continue. Quota mode: writeback. [ 91.300137][ T4721] EXT4-fs (loop1): 1 truncate cleaned up [ 91.347468][ T4721] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,dioread_nolock,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,bsdgroups,grpjquota=,,errors=continue. Quota mode: none. [ 91.385985][ T4728] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 91.608983][ T4732] fuse: Invalid rootmode [ 91.689055][ T4734] loop4: detected capacity change from 0 to 128 [ 92.033637][ T4743] device syzkaller0 entered promiscuous mode [ 92.317836][ T4749] loop0: detected capacity change from 0 to 128 [ 92.744650][ T4754] loop3: detected capacity change from 0 to 128 [ 92.794767][ T4754] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 92.932215][ T4754] ext4 filesystem being mounted at /22/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 93.053230][ T4754] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 93.179831][ T4760] fuse: Bad value for 'rootmode' [ 93.695637][ T4774] device vlan3 entered promiscuous mode [ 93.705481][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan3: link becomes ready [ 93.762851][ T4778] loop0: detected capacity change from 0 to 2048 [ 93.942956][ T4778] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable=0x0000000000000001,errors=remount-ro,resgid=0x0000000000000000,barrier,quota,delalloc,. Quota mode: writeback. [ 93.987272][ T4778] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.171546][ T4783] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.115: bg 0: block 345: padding at end of block bitmap is not set [ 94.199826][ T4787] netlink: 'syz.1.117': attribute type 13 has an invalid length. [ 94.246642][ T4783] EXT4-fs (loop0): Remounting filesystem read-only [ 94.273930][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 94.357508][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 94.465946][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 94.647511][ T4795] loop3: detected capacity change from 0 to 128 [ 94.828841][ T4795] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 94.956086][ T4795] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 94.968275][ T4795] ext2 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.629812][ T4799] loop0: detected capacity change from 0 to 4096 [ 95.757188][ T4803] fuse: Bad value for 'rootmode' [ 95.771003][ T4799] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 96.595118][ T4815] loop0: detected capacity change from 0 to 128 [ 96.698462][ T4815] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 96.712961][ T4815] ext4 filesystem being mounted at /41/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 96.891900][ T4815] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 97.120660][ T4824] loop2: detected capacity change from 0 to 128 [ 97.213277][ T4824] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 97.251897][ T4824] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.430723][ T4747] ODEBUG: Out of memory. ODEBUG disabled [ 97.691748][ T4833] fuse: Bad value for 'rootmode' [ 97.792854][ T4838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.134'. [ 97.860486][ T4840] loop4: detected capacity change from 0 to 512 [ 97.891639][ T4842] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 97.916654][ T4840] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 97.937965][ T4840] EXT4-fs error (device loop4): mb_free_blocks:1889: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 97.981104][ T4840] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #11: comm syz.4.135: corrupted inode contents [ 98.004523][ T4840] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #11: comm syz.4.135: mark_inode_dirty error [ 98.103658][ T4840] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.135: invalid indirect mapped block 1 (level 1) [ 98.172626][ T4840] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #11: comm syz.4.135: corrupted inode contents [ 98.202778][ T4840] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 98.225378][ T4840] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #11: comm syz.4.135: corrupted inode contents [ 98.323498][ T4840] EXT4-fs error (device loop4): ext4_truncate:4286: inode #11: comm syz.4.135: mark_inode_dirty error [ 98.367966][ T4840] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 98.401099][ T4840] EXT4-fs (loop4): 1 truncate cleaned up [ 98.440885][ T4840] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 98.470310][ T4840] netlink: 24 bytes leftover after parsing attributes in process `syz.4.135'. [ 98.588076][ T4854] loop1: detected capacity change from 0 to 128 [ 99.292348][ T4854] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 99.321771][ T4854] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 99.326124][ T4856] loop2: detected capacity change from 0 to 128 [ 99.336767][ T4854] ext2 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.463662][ T4856] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 99.531288][ T4866] loop3: detected capacity change from 0 to 512 [ 99.556783][ T4856] ext4 filesystem being mounted at /24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 99.667125][ T4869] fuse: Unknown parameter 'use00000000000000000000' [ 99.676055][ T4870] netlink: 132 bytes leftover after parsing attributes in process `syz.0.146'. [ 99.692782][ T4870] IPv6: Can't replace route, no match found [ 99.734762][ T4866] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 99.772240][ T4866] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.976824][ T4882] capability: warning: `syz.0.152' uses deprecated v2 capabilities in a way that may be insecure [ 100.063434][ T4886] device syzkaller0 entered promiscuous mode [ 100.137465][ T4888] device syzkaller0 entered promiscuous mode [ 100.299472][ T4892] fuse: Unknown parameter 'use00000000000000000000' [ 100.554242][ T4903] netlink: 'syz.2.161': attribute type 13 has an invalid length. [ 101.092065][ T4604] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 101.111446][ T4903] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.120183][ T4903] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.332145][ T4604] usb 5-1: device descriptor read/64, error -71 [ 101.602069][ T4604] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 101.793140][ T4604] usb 5-1: device descriptor read/64, error -71 [ 101.803387][ T4903] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.859202][ T4903] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.913740][ T4604] usb usb5-port1: attempt power cycle [ 102.305506][ T4903] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.322022][ T4604] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 102.331748][ T4903] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.346920][ T4903] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.356451][ T4903] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.412223][ T4604] usb 5-1: device descriptor read/8, error -71 [ 102.605060][ T4903] syz.2.161 (4903) used greatest stack depth: 19792 bytes left [ 102.694173][ T4604] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 102.701904][ T4929] fuse: Unknown parameter 'use00000000000000000000' [ 102.792443][ T4604] usb 5-1: device descriptor read/8, error -71 [ 102.858695][ T4936] device syzkaller0 entered promiscuous mode [ 102.900980][ T4940] netlink: 64 bytes leftover after parsing attributes in process `syz.2.173'. [ 102.922355][ T4604] usb usb5-port1: unable to enumerate USB device [ 103.274878][ T4954] fuse: Unknown parameter 'user_i00000000000000000000' [ 103.311634][ T1112] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.322294][ T4952] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.351796][ T1112] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.393768][ T1112] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.438713][ T4957] loop0: detected capacity change from 0 to 128 [ 103.529408][ T4957] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 104.196659][ T4957] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 104.207454][ T4957] ext2 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.576285][ T4980] loop3: detected capacity change from 0 to 512 [ 104.628564][ T4980] EXT4-fs (loop3): Ignoring removed orlov option [ 104.702155][ T4980] EXT4-fs (loop3): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000006,orlov,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 104.802306][ T4980] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 104.925270][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 104.925285][ T26] audit: type=1800 audit(1778549531.206:18): pid=4980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.190" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 105.121466][ T4999] Zero length message leads to an empty skb [ 105.127671][ T4274] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 105.232473][ T4999] loop2: detected capacity change from 0 to 4096 [ 105.352288][ T4274] usb 5-1: device descriptor read/64, error -71 [ 105.373601][ T4999] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 105.493534][ T26] audit: type=1800 audit(1778549531.776:19): pid=4999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.197" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 105.589929][ T5003] loop3: detected capacity change from 0 to 8192 [ 105.682084][ T4274] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 105.922073][ T4274] usb 5-1: device descriptor read/64, error -71 [ 106.009580][ T5018] fuse: Unknown parameter 'user_i00000000000000000000' [ 106.042401][ T4274] usb usb5-port1: attempt power cycle [ 106.341294][ T5022] capability: warning: `syz.0.207' uses 32-bit capabilities (legacy support in use) [ 106.446200][ T5027] netem: change failed [ 106.538236][ T4274] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 106.577405][ T5030] loop0: detected capacity change from 0 to 128 [ 106.642210][ T4274] usb 5-1: device descriptor read/8, error -71 [ 106.659459][ T5030] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 106.682124][ T5030] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.924314][ T5033] loop0: detected capacity change from 0 to 128 [ 106.933106][ T4274] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 107.001505][ T5035] loop1: detected capacity change from 0 to 2048 [ 107.032296][ T4274] usb 5-1: device descriptor read/8, error -71 [ 107.044525][ T5033] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a80ec018, mo2=0002] [ 107.066598][ T5033] System zones: 1-3, 19-19, 35-36 [ 107.079581][ T5033] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,debug,,errors=continue. Quota mode: writeback. [ 107.094167][ T5035] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 107.105034][ T5033] ext4 filesystem being mounted at /62/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 107.162216][ T4274] usb usb5-port1: unable to enumerate USB device [ 107.200050][ T5035] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.212: bg 0: block 234: padding at end of block bitmap is not set [ 107.218603][ T5035] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 850 with error 28 [ 107.231411][ T5035] EXT4-fs (loop1): This should not happen!! Data will be lost [ 107.231411][ T5035] [ 107.241193][ T5035] EXT4-fs (loop1): Total free blocks count 0 [ 107.247305][ T5035] EXT4-fs (loop1): Free/Dirty block details [ 107.253528][ T5035] EXT4-fs (loop1): free_blocks=0 [ 107.258567][ T5035] EXT4-fs (loop1): dirty_blocks=864 [ 107.263892][ T5035] EXT4-fs (loop1): Block reservation details [ 107.269910][ T5035] EXT4-fs (loop1): i_reserved_data_blocks=54 [ 107.334875][ T5047] fuse: Unknown parameter 'user_id00000000000000000000' [ 107.537787][ T5053] loop2: detected capacity change from 0 to 2048 [ 107.854960][ T5063] loop1: detected capacity change from 0 to 128 [ 107.973754][ T5063] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 108.084187][ T5063] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 108.095391][ T5063] ext2 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.278584][ T5053] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 108.512091][ T5064] loop4: detected capacity change from 0 to 128 [ 108.593115][ T5064] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 108.604448][ T5064] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 108.870348][ T5077] device syzkaller0 entered promiscuous mode [ 109.134084][ T5091] fuse: Unknown parameter 'user_id00000000000000000000' [ 109.539903][ T5106] device syzkaller0 entered promiscuous mode [ 109.932561][ T5118] fuse: Unknown parameter 'user_id00000000000000000000' [ 110.522000][ T4603] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 110.772123][ T4603] usb 5-1: device descriptor read/64, error -71 [ 110.818782][ T5143] loop1: detected capacity change from 0 to 164 [ 110.884543][ T5146] loop0: detected capacity change from 0 to 128 [ 110.902229][ T5143] Unable to read rock-ridge attributes [ 110.962803][ T5146] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 111.008055][ T5146] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 111.042284][ T4603] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 111.107753][ T5154] xt_hashlimit: size too large, truncated to 1048576 [ 111.121016][ T5156] fuse: Bad value for 'fd' [ 111.241986][ T4603] usb 5-1: device descriptor read/64, error -71 [ 111.457363][ T4603] usb usb5-port1: attempt power cycle [ 111.583949][ T5170] loop3: detected capacity change from 0 to 128 [ 111.604791][ T5170] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 111.804049][ T5170] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 111.815661][ T5170] ext2 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.562014][ T4603] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 112.662958][ T4603] usb 5-1: device descriptor read/8, error -71 [ 112.932230][ T4603] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 113.022352][ T4603] usb 5-1: device descriptor read/8, error -71 [ 113.152199][ T4603] usb usb5-port1: unable to enumerate USB device [ 113.279132][ T5190] fuse: Bad value for 'fd' [ 113.655690][ T5203] loop2: detected capacity change from 0 to 512 [ 113.715139][ T5203] EXT4-fs (loop2): Ignoring removed bh option [ 113.732282][ T5203] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 113.744978][ T5203] EXT4-fs (loop2): 1 truncate cleaned up [ 113.758229][ T5203] EXT4-fs (loop2): mounted filesystem without journal. Opts: bh,,errors=continue. Quota mode: none. [ 113.799986][ T5203] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.279: bg 0: block 465: padding at end of block bitmap is not set [ 113.852329][ T5203] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 131587 with max blocks 1 with error 28 [ 113.880104][ T5212] loop4: detected capacity change from 0 to 1024 [ 113.892231][ T5215] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 113.905735][ T5203] EXT4-fs (loop2): This should not happen!! Data will be lost [ 113.905735][ T5203] [ 113.943286][ T5203] EXT4-fs (loop2): Total free blocks count 0 [ 113.953883][ T5203] EXT4-fs (loop2): Free/Dirty block details [ 113.959886][ T5203] EXT4-fs (loop2): free_blocks=0 [ 113.966226][ T5203] EXT4-fs (loop2): dirty_blocks=2 [ 113.971308][ T5203] EXT4-fs (loop2): Block reservation details [ 113.981488][ T5212] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 113.988967][ T5203] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 114.041263][ T5212] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,resgid=0x0000000000000000,mblk_io_submit,norecovery,debug_want_extra_isize=0x0000000000000080,resgid=0x0000000000000000,nobarrier,grpid,jqfmt=vfsv0,,errors=continue. Quota mode: none. [ 114.172702][ T5222] fuse: Bad value for 'fd' [ 114.222011][ T1112] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 114.424515][ T1112] usb 1-1: device descriptor read/64, error -71 [ 114.694407][ T1112] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 114.758856][ T5238] loop3: detected capacity change from 0 to 128 [ 114.902024][ T1112] usb 1-1: device descriptor read/64, error -71 [ 115.022538][ T1112] usb usb1-port1: attempt power cycle [ 115.037549][ T4440] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 115.060493][ T4440] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 115.213498][ T5247] fuse: Unknown parameter '0x0000000000000003' [ 115.286458][ T5249] loop3: detected capacity change from 0 to 1024 [ 115.366836][ T5249] EXT4-fs (loop3): Ignoring removed bh option [ 115.412919][ T5249] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 115.440366][ T1112] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 115.532994][ T5257] loop1: detected capacity change from 0 to 2048 [ 115.542421][ T1112] usb 1-1: device descriptor read/8, error -71 [ 115.614160][ T5257] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noinit_itable,i_version,init_itable,,errors=continue. Quota mode: none. [ 115.642053][ T5257] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.676526][ T5257] EXT4-fs (loop1): shut down requested (0) [ 115.896281][ T1112] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 115.919116][ T5261] EXT4-fs (loop1): resizing filesystem from 256 to 0 blocks [ 115.952822][ T5261] EXT4-fs warning (device loop1): ext4_resize_fs:2004: can't shrink FS - resize aborted [ 116.027741][ T5267] loop4: detected capacity change from 0 to 128 [ 116.074533][ T5267] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 116.235799][ T5267] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 116.247059][ T5267] ext2 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.740472][ T1112] usb 1-1: device descriptor read/8, error -71 [ 116.862280][ T1112] usb usb1-port1: unable to enumerate USB device [ 116.969924][ T5278] loop3: detected capacity change from 0 to 512 [ 116.997720][ T5282] loop1: detected capacity change from 0 to 128 [ 117.003223][ T5280] fuse: Unknown parameter '0x0000000000000003' [ 117.015358][ T5278] EXT4-fs (loop3): Unrecognized mount option "seclabel" or missing value [ 117.095643][ T5285] netlink: 8 bytes leftover after parsing attributes in process `syz.0.308'. [ 117.197705][ T5288] loop3: detected capacity change from 0 to 128 [ 117.297886][ T5288] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 117.309133][ T5288] ext4 filesystem being mounted at /68/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 117.630468][ T5309] fuse: Unknown parameter '0x0000000000000003' [ 117.780107][ T5313] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 117.862816][ T4604] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 117.892594][ T5317] loop0: detected capacity change from 0 to 1024 [ 117.951785][ T5319] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 117.985602][ T5319] Symlink component flag not implemented [ 117.985765][ T5317] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 118.012145][ T5319] Symlink component flag not implemented (7) [ 118.072166][ T4604] usb 2-1: device descriptor read/64, error -71 [ 118.126828][ T5317] EXT4-fs (loop0): shut down requested (0) [ 118.346700][ T4604] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 118.542687][ T4604] usb 2-1: device descriptor read/64, error -71 [ 118.613486][ T5341] fuse: Unknown parameter '0x0000000000000003' [ 118.672196][ T4604] usb usb2-port1: attempt power cycle [ 118.917200][ T5349] netlink: 104 bytes leftover after parsing attributes in process `syz.0.335'. [ 118.947809][ T5350] set_capacity_and_notify: 1 callbacks suppressed [ 118.947826][ T5350] loop3: detected capacity change from 0 to 512 [ 119.112175][ T4604] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 119.212355][ T4604] usb 2-1: device descriptor read/8, error -71 [ 119.376225][ T5366] fuse: Unknown parameter '0x0000000000000003' [ 119.482063][ T4604] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 119.572622][ T4604] usb 2-1: device descriptor read/8, error -71 [ 119.692223][ T4604] usb usb2-port1: unable to enumerate USB device [ 119.852032][ T4235] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 119.944881][ T5374] loop4: detected capacity change from 0 to 512 [ 119.961819][ T5374] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 119.969331][ T5374] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 119.987380][ T5374] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,quota,grpjquota=,stripe=0x0000000000000003,lazytime,nomblk_io_submit,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 120.007684][ T5374] ext4 filesystem being mounted at /42/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.298464][ T5382] loop4: detected capacity change from 0 to 4096 [ 120.341831][ T5382] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 120.431481][ T5386] loop0: detected capacity change from 0 to 128 [ 120.467435][ T5386] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 120.536730][ T5386] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 120.547778][ T5386] ext2 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.142094][ T4235] usb 4-1: unable to get BOS descriptor or descriptor too short [ 121.231866][ T5396] loop2: detected capacity change from 0 to 1024 [ 121.262511][ T5396] EXT4-fs (loop2): Ignoring removed nobh option [ 121.280703][ T5396] EXT4-fs (loop2): Invalid want_extra_isize 130 [ 121.365479][ T5402] fuse: Unknown parameter '0x0000000000000003' [ 121.462243][ T4235] usb 4-1: string descriptor 0 read error: -22 [ 121.468569][ T4235] usb 4-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40 [ 121.505736][ T4235] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.593817][ T5412] netlink: 16 bytes leftover after parsing attributes in process `syz.2.359'. [ 121.897546][ T5427] fuse: Unknown parameter 'fd0x0000000000000003' [ 121.905562][ T4274] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 121.992969][ T26] audit: type=1326 audit(1778549548.266:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.2.367" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f965d67edd9 code=0x7ffc0000 [ 122.062835][ T26] audit: type=1326 audit(1778549548.306:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.2.367" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f965d67edd9 code=0x7ffc0000 [ 122.122140][ T4274] usb 2-1: device descriptor read/64, error -71 [ 122.178532][ T26] audit: type=1326 audit(1778549548.306:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.2.367" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f965d67edd9 code=0x7ffc0000 [ 122.297247][ T26] audit: type=1326 audit(1778549548.306:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.2.367" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f965d67edd9 code=0x7ffc0000 [ 122.391254][ T26] audit: type=1326 audit(1778549548.306:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.2.367" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f965d67edd9 code=0x7ffc0000 [ 122.416681][ T4274] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 122.442130][ T4235] usb 4-1: 1:1: cannot get freq at ep 0x1 [ 122.473106][ T26] audit: type=1326 audit(1778549548.306:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.2.367" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f965d67edd9 code=0x7ffc0000 [ 122.509823][ T5438] loop4: detected capacity change from 0 to 256 [ 122.518738][ T5436] loop2: detected capacity change from 0 to 128 [ 122.529885][ T4235] usb 4-1: USB disconnect, device number 2 [ 122.540118][ T26] audit: type=1326 audit(1778549548.306:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5429 comm="syz.2.367" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f965d67edd9 code=0x7ffc0000 [ 122.623457][ T5436] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 122.638459][ T5436] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 122.648158][ T4274] usb 2-1: device descriptor read/64, error -71 [ 122.782301][ T4274] usb usb2-port1: attempt power cycle [ 122.815819][ T4184] udevd[4184]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 122.892518][ T5444] loop2: detected capacity change from 0 to 1024 [ 122.931720][ T5444] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 123.015254][ T5444] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,auto_da_alloc=0x0000000000000007,noblock_validity,delalloc,journal_dev=0x0000000000000007,nouid32,nomblk_io_submit,noinit_itable,mb_optimize_scan=0x0000000000000000,,errors=continue. Quota mode: none. [ 123.053271][ T5444] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.108786][ T5453] fuse: Unknown parameter 'fd0x0000000000000003' [ 123.301999][ T4274] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 123.345165][ T5463] netlink: 60 bytes leftover after parsing attributes in process `syz.2.379'. [ 123.359441][ T5463] smc: net device nr0 applied user defined pnetid S [ 123.374917][ T5462] IPVS: rr: FWM 3 0x00000003 - no destination available [ 123.427588][ T4274] usb 2-1: device descriptor read/8, error -71 [ 123.484009][ T5468] loop3: detected capacity change from 0 to 1024 [ 123.541165][ T5468] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 123.712236][ T4274] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 123.768737][ T5481] program syz.2.389 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 123.882357][ T4274] usb 2-1: device descriptor read/8, error -71 [ 123.918724][ T5485] fuse: Unknown parameter 'fd0x0000000000000003' [ 124.052207][ T4274] usb usb2-port1: unable to enumerate USB device [ 124.409764][ T5489] loop2: detected capacity change from 0 to 128 [ 124.508882][ T5489] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 124.599049][ T5489] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 124.609915][ T5489] ext2 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.414325][ T5502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.396'. [ 125.466424][ T5502] netlink: 14 bytes leftover after parsing attributes in process `syz.0.396'. [ 125.721500][ T5513] loop3: detected capacity change from 0 to 512 [ 125.782194][ T5513] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 125.847750][ T5513] EXT4-fs error (device loop3): ext4_orphan_get:1432: comm syz.3.402: bad orphan inode 131083 [ 125.875788][ T5513] EXT4-fs (loop3): mounted filesystem without journal. Opts: stripe=0x0000000000000004,errors=continue,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 126.252290][ T4604] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 126.465860][ T5534] loop0: detected capacity change from 0 to 512 [ 126.601263][ T5536] netlink: 'syz.1.411': attribute type 29 has an invalid length. [ 126.610844][ T5536] netlink: 'syz.1.411': attribute type 29 has an invalid length. [ 126.622215][ T4604] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 126.633938][ T5536] netlink: 'syz.1.411': attribute type 29 has an invalid length. [ 126.646676][ T4604] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 126.676642][ T4604] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 126.782462][ T4604] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 126.803532][ T4604] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 126.823253][ T4604] usb 5-1: SerialNumber: syz [ 126.893757][ T4604] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 126.911446][ T4604] cdc_acm 5-1:1.0: This needs exactly 3 endpoints [ 126.930579][ T4604] cdc_acm: probe of 5-1:1.0 failed with error -22 [ 127.110482][ T5518] loop4: detected capacity change from 0 to 128 [ 127.247679][ T5551] loop1: detected capacity change from 0 to 1024 [ 127.270820][ T5518] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 127.338200][ T5518] ext4 filesystem being mounted at /57/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 127.372434][ T5551] EXT4-fs (loop1): invalid inodes per group: 0 [ 127.372434][ T5551] [ 127.473884][ T4604] usb 5-1: USB disconnect, device number 16 [ 127.558666][ T5556] loop0: detected capacity change from 0 to 1024 [ 127.642068][ T5556] EXT4-fs (loop0): filesystem is read-only [ 127.934442][ T5568] netlink: 12 bytes leftover after parsing attributes in process `syz.0.425'. [ 128.140886][ T5576] loop0: detected capacity change from 0 to 512 [ 128.210761][ T5576] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 128.222462][ T5576] System zones: 0-2, 18-18, 34-35 [ 128.260177][ T5576] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.382704][ T5576] ext4 filesystem being mounted at /108/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.538379][ T5585] loop4: detected capacity change from 0 to 128 [ 128.688748][ T5585] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 128.828896][ T5585] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 128.839631][ T5585] ext2 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.645222][ T5605] loop0: detected capacity change from 0 to 256 [ 129.922080][ T4235] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 130.292418][ T4235] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 130.308477][ T4235] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 130.325701][ T4235] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 130.370069][ T5623] netlink: 56 bytes leftover after parsing attributes in process `syz.3.445'. [ 130.433023][ T4235] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 130.444339][ T4235] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 130.462022][ T4235] usb 3-1: SerialNumber: syz [ 130.513320][ T4235] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 130.521247][ T4235] cdc_acm 3-1:1.0: This needs exactly 3 endpoints [ 130.528756][ T4235] cdc_acm: probe of 3-1:1.0 failed with error -22 [ 130.725537][ T5608] loop2: detected capacity change from 0 to 128 [ 130.804464][ T5608] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 130.815776][ T5608] ext4 filesystem being mounted at /110/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 130.902281][ T4235] usb 3-1: USB disconnect, device number 2 [ 131.783818][ T5665] netlink: 16 bytes leftover after parsing attributes in process `syz.2.463'. [ 131.796618][ T5662] device syzkaller0 entered promiscuous mode [ 132.004419][ T5670] loop4: detected capacity change from 0 to 256 [ 132.250345][ T5673] loop2: detected capacity change from 0 to 128 [ 132.306414][ T5673] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 132.363582][ T5673] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 132.376227][ T5673] ext2 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.776712][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.783100][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.922098][ T4438] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 132.970676][ T5692] IPVS: rr: FWM 3 0x00000003 - no destination available [ 133.342084][ T4438] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 133.358941][ T4438] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 133.370420][ T4438] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 133.462207][ T4438] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 133.475610][ T4438] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 133.486656][ T4438] usb 4-1: SerialNumber: syz [ 133.557308][ T4438] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 133.570623][ T4438] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 133.579084][ T4438] cdc_acm: probe of 4-1:1.0 failed with error -22 [ 133.772402][ T5681] loop3: detected capacity change from 0 to 128 [ 133.838300][ T5681] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 133.866544][ T5681] ext4 filesystem being mounted at /98/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 133.959216][ T5706] loop0: detected capacity change from 0 to 164 [ 134.023985][ T5706] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 134.137463][ T5708] loop1: detected capacity change from 0 to 512 [ 134.145865][ T4235] usb 4-1: USB disconnect, device number 3 [ 134.196879][ T5710] loop0: detected capacity change from 0 to 1024 [ 134.230072][ T5708] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 134.245190][ T5708] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.266724][ T5710] EXT4-fs (loop0): Ignoring removed orlov option [ 134.280228][ T5708] EXT4-fs error (device loop1): ext4_xattr_block_get:543: inode #15: comm syz.1.481: corrupted xattr block 13 [ 134.308519][ T26] audit: type=1800 audit(1778549560.586:27): pid=5708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.481" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 134.347808][ T5710] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,bsddf,nombcache,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,nodioread_nolock,grpjquota=,,errors=continue. Quota mode: none. [ 134.451272][ T5710] EXT4-fs error (device loop0): ext4_free_inode:355: comm syz.0.480: bit already cleared for inode 15 [ 134.526818][ T5715] netlink: 12 bytes leftover after parsing attributes in process `syz.1.482'. [ 135.472111][ T4438] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 135.892086][ T4438] usb 2-1: unable to get BOS descriptor or descriptor too short [ 135.952339][ T4438] usb 2-1: no configurations [ 135.957222][ T4438] usb 2-1: can't read configurations, error -22 [ 136.138863][ T4235] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 136.184954][ T5757] netlink: 'syz.4.501': attribute type 1 has an invalid length. [ 136.213256][ T5755] loop3: detected capacity change from 0 to 128 [ 136.260330][ T5755] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 136.291834][ T5755] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 136.302983][ T5755] ext2 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.504712][ T4235] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.524622][ T4235] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 136.558843][ T4235] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.586481][ T4235] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 136.706812][ T4235] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 136.722101][ T4235] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 136.730163][ T4235] usb 1-1: SerialNumber: syz [ 137.005487][ T5748] loop0: detected capacity change from 0 to 128 [ 137.064224][ T5748] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 137.120464][ T5748] ext4 filesystem being mounted at /126/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 137.210648][ T4438] usb 1-1: USB disconnect, device number 6 [ 137.254471][ T5787] loop2: detected capacity change from 0 to 128 [ 137.367476][ T5787] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 137.399068][ T5787] ext4 filesystem being mounted at /120/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 137.664263][ T5799] netlink: 596 bytes leftover after parsing attributes in process `syz.1.519'. [ 137.811223][ T5803] loop2: detected capacity change from 0 to 512 [ 137.929411][ T5803] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 137.990036][ T5803] ext4 filesystem being mounted at /121/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.168923][ T5820] loop4: detected capacity change from 0 to 512 [ 138.202391][ T5820] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 138.281222][ T5820] EXT4-fs (loop4): 1 truncate cleaned up [ 138.342485][ T5820] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x000000000000000d,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,data_err=ignore,dioread_lock,. Quota mode: none. [ 138.460034][ T5820] mmap: syz.4.527 (5820) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 138.506483][ T5830] tipc: Started in network mode [ 138.511407][ T5830] tipc: Node identity 7e5e38ddeb21, cluster identity 9 [ 138.527902][ T5830] tipc: Enabled bearer , priority 0 [ 138.541866][ T5830] device syzkaller0 entered promiscuous mode [ 138.575165][ T5830] tipc: Resetting bearer [ 138.587223][ T5829] tipc: Resetting bearer [ 138.638540][ T5829] tipc: Disabling bearer [ 139.162214][ T4438] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 139.223864][ T26] audit: type=1326 audit(1778549565.506:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.295892][ T26] audit: type=1326 audit(1778549565.506:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.371355][ T26] audit: type=1326 audit(1778549565.506:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.432185][ T26] audit: type=1326 audit(1778549565.506:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.465962][ T5859] device syzkaller1 entered promiscuous mode [ 139.530345][ T26] audit: type=1326 audit(1778549565.506:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.564355][ T26] audit: type=1326 audit(1778549565.506:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.592239][ T26] audit: type=1326 audit(1778549565.506:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.639033][ T26] audit: type=1326 audit(1778549565.506:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5846 comm="syz.0.538" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f0e9c1cedd9 code=0x7ffc0000 [ 139.672051][ T4438] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.683934][ T5864] raw_sendmsg: syz.0.544 forgot to set AF_INET. Fix it! [ 139.691033][ T4438] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 139.755591][ T4438] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.779847][ T4438] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 139.887559][ T4438] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 139.927294][ T4438] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 139.950931][ T4438] usb 5-1: SerialNumber: syz [ 140.037714][ T5873] loop1: detected capacity change from 0 to 128 [ 140.092077][ T5873] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 140.117408][ T5873] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 140.129054][ T5873] ext2 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.265645][ T5836] loop4: detected capacity change from 0 to 128 [ 140.296758][ T5883] loop2: detected capacity change from 0 to 512 [ 140.353458][ T5836] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 140.380115][ T5836] ext4 filesystem being mounted at /86/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 140.426313][ T4274] usb 5-1: USB disconnect, device number 17 [ 140.738085][ T5895] loop3: detected capacity change from 0 to 512 [ 140.824610][ T5883] EXT4-fs (loop2): Ignoring removed oldalloc option [ 140.839362][ T5895] EXT4-fs error (device loop3): ext4_orphan_get:1406: inode #15: comm syz.3.557: inode has both inline data and extents flags [ 140.887029][ T5895] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.557: couldn't read orphan inode 15 (err -117) [ 140.907366][ T5883] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,inode_readahead_blks=0x0000000000000000,lazytime,oldalloc,. Quota mode: writeback. [ 140.932841][ T5883] ext4 filesystem being mounted at /131/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 140.947414][ T5895] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier,nojournal_checksum,debug_want_extra_isize=0x000000000000000a,grpid,resuid=0x0000000000000000,noquota,,errors=continue. Quota mode: none. [ 141.069509][ T5883] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.552: bg 0: block 217: padding at end of block bitmap is not set [ 141.099626][ T5895] netlink: 56 bytes leftover after parsing attributes in process `syz.3.557'. [ 141.152047][ T5883] EXT4-fs (loop2): Remounting filesystem read-only [ 142.553680][ T5938] netlink: 24 bytes leftover after parsing attributes in process `syz.3.575'. [ 142.582877][ T4440] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 142.680592][ T5942] loop3: detected capacity change from 0 to 128 [ 143.011531][ T5946] loop3: detected capacity change from 0 to 512 [ 143.032162][ T4440] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 143.055225][ T4440] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 143.090949][ T4440] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.121839][ T4440] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 143.222337][ T5946] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 143.262059][ T4440] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 143.281514][ T4440] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 143.283399][ T5946] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.300104][ T4440] usb 5-1: SerialNumber: syz [ 143.569072][ T5928] loop4: detected capacity change from 0 to 128 [ 143.699670][ T5928] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 143.767642][ T5928] ext4 filesystem being mounted at /90/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 143.830585][ T4449] usb 5-1: USB disconnect, device number 18 [ 144.187928][ T5971] loop2: detected capacity change from 0 to 128 [ 144.235768][ T5971] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 144.269585][ T5971] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 144.281039][ T5971] ext2 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.780986][ T5987] program syz.3.594 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 146.411251][ T6017] loop3: detected capacity change from 0 to 256 [ 146.424889][ T6017] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 146.450261][ T6017] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 146.532139][ T4235] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 146.902109][ T4235] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 147.007088][ T4235] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 147.018811][ T4235] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 147.037724][ T4235] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 147.142213][ T4235] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 147.162568][ T4235] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 147.183970][ T6049] loop2: detected capacity change from 0 to 512 [ 147.189816][ T4235] usb 1-1: SerialNumber: syz [ 147.223948][ T6049] EXT4-fs (loop2): Ignoring removed oldalloc option [ 147.298641][ T6049] EXT4-fs (loop2): 1 truncate cleaned up [ 147.312638][ T6049] EXT4-fs (loop2): mounted filesystem without journal. Opts: quota,bsdgroups,lazytime,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback. [ 147.445475][ T6013] loop0: detected capacity change from 0 to 128 [ 147.488327][ T6013] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 147.547161][ T6013] ext4 filesystem being mounted at /138/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 147.680968][ T6065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.626'. [ 147.721666][ T1112] usb 1-1: USB disconnect, device number 7 [ 148.066966][ T6080] loop3: detected capacity change from 0 to 256 [ 148.080846][ T6075] loop2: detected capacity change from 0 to 128 [ 148.107358][ T6075] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 148.130667][ T6075] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 148.142193][ T6075] ext2 filesystem being mounted at /145/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.170520][ T6085] loop1: detected capacity change from 0 to 512 [ 148.185074][ T6080] FAT-fs (loop3): bogus number of FAT sectors [ 148.204155][ T6080] FAT-fs (loop3): Can't find a valid FAT filesystem [ 148.237748][ T6085] FAT-fs (loop1): Directory bread(block 199916) failed [ 148.281193][ T6085] FAT-fs (loop1): Directory bread(block 199917) failed [ 148.294039][ T6085] FAT-fs (loop1): Directory bread(block 199918) failed [ 148.301121][ T6085] FAT-fs (loop1): Directory bread(block 199919) failed [ 148.308513][ T6085] FAT-fs (loop1): Directory bread(block 199920) failed [ 148.315763][ T6085] FAT-fs (loop1): Directory bread(block 199921) failed [ 148.323108][ T6085] FAT-fs (loop1): Directory bread(block 199922) failed [ 148.330655][ T6085] FAT-fs (loop1): Directory bread(block 199923) failed [ 148.479242][ T6089] loop3: detected capacity change from 0 to 128 [ 148.718971][ T6093] FAT-fs (loop1): FAT read failed (blocknr 128) [ 148.741524][ T154] Bluetooth: hci5: Frame reassembly failed (-84) [ 148.753070][ T154] Bluetooth: hci5: Frame reassembly failed (-84) [ 149.076663][ T6110] loop1: detected capacity change from 0 to 764 [ 149.195540][ T6110] rock: directory entry would overflow storage [ 149.205899][ T6110] rock: sig=0x4654, size=5, remaining=4 [ 149.320846][ T6113] loop1: detected capacity change from 0 to 512 [ 149.722112][ T4235] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 149.950220][ T6123] netlink: 24 bytes leftover after parsing attributes in process `syz.3.651'. [ 149.959682][ T6123] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 150.142788][ T4235] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 150.155223][ T4235] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 150.166545][ T4235] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 150.177968][ T4235] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 150.262295][ T4235] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 150.281019][ T4235] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 150.289613][ T4235] usb 2-1: SerialNumber: syz [ 150.558234][ T6115] loop1: detected capacity change from 0 to 128 [ 150.638684][ T6115] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 150.649600][ T6115] ext4 filesystem being mounted at /109/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 150.684820][ T6115] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 150.717375][ T4449] usb 2-1: USB disconnect, device number 12 [ 150.772245][ T4440] Bluetooth: hci5: command 0x1003 tx timeout [ 150.778484][ T4193] Bluetooth: hci5: sending frame failed (-49) [ 150.995970][ T6144] loop2: detected capacity change from 0 to 512 [ 151.194506][ T6146] loop3: detected capacity change from 0 to 128 [ 151.253749][ T6146] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 151.315489][ T6146] ext4 filesystem being mounted at /155/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.187353][ T6168] loop0: detected capacity change from 0 to 512 [ 152.242532][ T6168] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 152.275592][ T6167] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 152.292924][ T6168] EXT4-fs (loop0): 1 truncate cleaned up [ 152.303398][ T6168] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,errors=remount-ro,acl,noblock_validity,. Quota mode: none. [ 152.345397][ T6167] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 152.356435][ T6167] ext2 filesystem being mounted at /148/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.852007][ T4438] Bluetooth: hci5: command 0x1001 tx timeout [ 152.858145][ T4193] Bluetooth: hci5: sending frame failed (-49) [ 152.891980][ T4449] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 153.252078][ T4449] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.271973][ T4449] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 153.282983][ T4449] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 153.299066][ T4449] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 153.392152][ T4449] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 153.405959][ T4449] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 153.416971][ T4449] usb 1-1: SerialNumber: syz [ 153.686249][ T6177] set_capacity_and_notify: 1 callbacks suppressed [ 153.686268][ T6177] loop0: detected capacity change from 0 to 128 [ 153.724009][ T6177] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 153.742634][ T6177] ext4 filesystem being mounted at /146/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 153.833051][ T4603] usb 1-1: USB disconnect, device number 8 [ 154.776435][ T6210] loop1: detected capacity change from 0 to 1024 [ 154.845578][ T6210] EXT4-fs error (device loop1): ext4_orphan_get:1432: comm syz.1.686: bad orphan inode 11 [ 154.857021][ T6210] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,data_err=ignore,max_batch_time=0x0000000000000007,nodiscard,stripe=0x0000000000000004,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 154.898240][ T6210] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 2: comm syz.1.686: lblock 2 mapped to illegal pblock 2 (length 1) [ 154.925425][ T6210] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 154.934021][ T4449] Bluetooth: hci5: command 0x1009 tx timeout [ 154.945277][ T6210] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 48: comm syz.1.686: lblock 0 mapped to illegal pblock 48 (length 1) [ 154.960678][ T6210] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 154.982103][ T6210] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.686: Failed to acquire dquot type 0 [ 155.040272][ T4194] EXT4-fs error (device loop1): __ext4_get_inode_loc:4334: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 155.057703][ T4194] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 155.068287][ T4194] EXT4-fs error (device loop1): ext4_quota_off:6542: inode #3: comm syz-executor: mark_inode_dirty error [ 155.226818][ T6216] loop1: detected capacity change from 0 to 512 [ 155.397208][ T6216] EXT4-fs (loop1): 1 truncate cleaned up [ 155.412491][ T6216] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.629523][ T6223] loop0: detected capacity change from 0 to 1024 [ 155.780390][ T6223] EXT4-fs (loop0): Ignoring removed orlov option [ 155.791732][ T6223] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869) [ 155.846634][ T6223] EXT4-fs (loop0): invalid journal inode [ 155.881053][ T6223] EXT4-fs (loop0): can't get journal size [ 155.894207][ T4604] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 155.910276][ T6223] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,norecovery,journal_path=./file0,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 155.930602][ T4604] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 155.951969][ T4603] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 156.066035][ T6231] fido_id[6231]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 156.499611][ T4603] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 156.510981][ T4603] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 156.522427][ T4603] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 156.541725][ T4603] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 156.642966][ T6245] loop1: detected capacity change from 0 to 128 [ 156.650804][ T6246] fuse: Bad value for 'fd' [ 156.696544][ T6245] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 156.764262][ T6245] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.775914][ T6245] ext2 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.913780][ T6249] loop0: detected capacity change from 0 to 128 [ 157.000895][ T26] audit: type=1800 audit(1778549583.276:36): pid=6249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.700" name="file1" dev="loop0" ino=1048601 res=0 errno=0 [ 157.022140][ T4603] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.041644][ T4603] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 157.060023][ T4603] usb 4-1: SerialNumber: syz [ 157.098669][ T6251] device ip6gre1 entered promiscuous mode [ 157.106417][ T4438] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 157.136692][ T6251] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 157.145793][ T4438] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 157.177509][ T4449] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 157.190294][ T6253] loop0: detected capacity change from 0 to 512 [ 157.240154][ T6253] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 157.272025][ T6253] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 157.323940][ T6225] loop3: detected capacity change from 0 to 128 [ 157.368053][ T6225] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 157.393341][ T6225] ext4 filesystem being mounted at /162/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 157.571351][ T4603] usb 4-1: USB disconnect, device number 4 [ 157.624197][ T4449] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 157.723513][ T4449] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 158.167398][ T6271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.708'. [ 158.513295][ T6290] netlink: 20 bytes leftover after parsing attributes in process `syz.3.717'. [ 158.902049][ T4235] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 159.138917][ T6306] netlink: 8 bytes leftover after parsing attributes in process `syz.4.725'. [ 159.321222][ T4235] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 159.429927][ T6316] hub 8-0:1.0: USB hub found [ 159.452174][ T6316] hub 8-0:1.0: 1 port detected [ 160.145920][ T4235] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 160.219896][ T4235] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 160.230358][ T4235] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 160.342104][ T4235] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 160.368446][ T4235] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 160.401770][ T4235] usb 3-1: SerialNumber: syz [ 160.691485][ T6295] loop2: detected capacity change from 0 to 128 [ 160.797126][ T6295] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 160.814127][ T6295] ext4 filesystem being mounted at /156/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 160.938474][ T6352] loop0: detected capacity change from 0 to 128 [ 160.960173][ T4603] usb 3-1: USB disconnect, device number 3 [ 160.992335][ T6352] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 161.032052][ T6352] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 161.042860][ T6352] ext2 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.092067][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 161.185625][ T6356] loop1: detected capacity change from 0 to 512 [ 161.284925][ T6356] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 161.343999][ T6356] EXT4-fs (loop1): 1 truncate cleaned up [ 161.366847][ T6356] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x0000000000000000,errors=remount-ro,acl,noblock_validity,. Quota mode: none. [ 161.583821][ T6369] netlink: 'syz.4.750': attribute type 1 has an invalid length. [ 161.639569][ T6369] 8021q: adding VLAN 0 to HW filter on device bond1 [ 161.685084][ T6371] device bond1 entered promiscuous mode [ 161.765792][ T6376] loop1: detected capacity change from 0 to 4096 [ 161.807673][ T6369] bond1: (slave dummy0): making interface the new active one [ 161.868100][ T6369] device dummy0 entered promiscuous mode [ 161.910368][ T6369] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 161.925878][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 161.956541][ T6368] device bond1 left promiscuous mode [ 161.971482][ T6368] device dummy0 left promiscuous mode [ 161.986895][ T6382] device syzkaller0 entered promiscuous mode [ 161.997076][ T6376] EXT4-fs (loop1): Test dummy encryption mode enabled [ 162.026295][ T6376] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback. [ 162.036833][ T6382] tc action pedit offset 128 out of bounds [ 162.286695][ T6376] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 162.594506][ T6413] loop4: detected capacity change from 0 to 512 [ 162.633346][ T6415] loop1: detected capacity change from 0 to 1024 [ 162.657956][ T6413] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 162.678249][ T6413] EXT4-fs error (device loop4): mb_free_blocks:1889: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 162.701357][ T6413] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #11: comm syz.4.765: corrupted inode contents [ 162.712512][ T4438] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 162.736151][ T6415] EXT4-fs error (device loop1): ext4_map_blocks:741: inode #3: block 5: comm syz.1.766: lblock 5 mapped to illegal pblock 5 (length 1) [ 162.769631][ T6413] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #11: comm syz.4.765: mark_inode_dirty error [ 162.783717][ T6415] Quota error (device loop1): write_blk: dquota write failed [ 162.795657][ T6415] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 162.798964][ T6413] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.765: invalid indirect mapped block 1 (level 1) [ 162.809122][ T6415] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 162.838437][ T6413] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #11: comm syz.4.765: corrupted inode contents [ 162.853681][ T6413] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 162.867119][ T6415] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.766: Failed to acquire dquot type 0 [ 162.884146][ T6413] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #11: comm syz.4.765: corrupted inode contents [ 162.910495][ T6415] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 5: comm syz.1.766: lblock 5 mapped to illegal pblock 5 (length 1) [ 162.928671][ T6413] EXT4-fs error (device loop4): ext4_truncate:4286: inode #11: comm syz.4.765: mark_inode_dirty error [ 162.956175][ T6413] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 162.972406][ T6415] Quota error (device loop1): do_insert_tree: Can't read tree quota block 5 [ 162.986117][ T6413] EXT4-fs (loop4): 1 truncate cleaned up [ 162.992268][ T6413] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 163.006516][ T6415] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 163.029486][ T6413] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.765: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0 [ 163.042439][ T6415] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.766: Failed to acquire dquot type 0 [ 163.072209][ T4438] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 163.086685][ T4438] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 163.110322][ T4438] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 163.123896][ T6415] EXT4-fs error (device loop1): ext4_free_blocks:6231: comm syz.1.766: Freeing blocks not in datazone - block = 0, count = 4096 [ 163.139618][ T4438] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 163.158759][ T6415] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 5: comm syz.1.766: lblock 5 mapped to illegal pblock 5 (length 1) [ 163.186912][ T6415] Quota error (device loop1): do_insert_tree: Can't read tree quota block 5 [ 163.207585][ T6415] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 163.225094][ T6415] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.766: Failed to acquire dquot type 0 [ 163.258578][ T6415] EXT4-fs (loop1): 1 orphan inode deleted [ 163.273176][ T4438] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 163.292070][ T6415] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,grpid,,errors=continue. Quota mode: writeback. [ 163.308426][ T4438] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 163.326416][ T4438] usb 3-1: SerialNumber: syz [ 163.352682][ T6424] mip6: mip6_rthdr_init_state: spi is not 0: 1 [ 163.372106][ T6415] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #3: block 5: comm syz.1.766: lblock 5 mapped to illegal pblock 5 (length 1) [ 163.420177][ T6415] Quota error (device loop1): do_insert_tree: Can't read tree quota block 5 [ 163.462092][ T6415] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 163.482305][ T6415] EXT4-fs error (device loop1): ext4_acquire_dquot:6236: comm syz.1.766: Failed to acquire dquot type 0 [ 163.669059][ T6437] device syzkaller0 entered promiscuous mode [ 163.693881][ T6405] loop2: detected capacity change from 0 to 128 [ 163.825988][ T6405] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 163.870143][ T6405] ext4 filesystem being mounted at /162/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 163.934416][ T6450] ieee802154 phy0 wpan0: encryption failed: -22 [ 164.216333][ T4604] usb 3-1: USB disconnect, device number 4 [ 164.491817][ T6472] loop0: detected capacity change from 0 to 1024 [ 164.560285][ T6475] loop4: detected capacity change from 0 to 128 [ 164.567502][ T6472] EXT4-fs (loop0): Ignoring removed bh option [ 164.605264][ T6475] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 164.678922][ T6477] loop3: detected capacity change from 0 to 512 [ 164.708755][ T6475] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 164.719862][ T6475] ext2 filesystem being mounted at /126/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.748615][ T6472] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 164.895080][ T6477] EXT4-fs error (device loop3): ext4_orphan_get:1406: inode #15: comm syz.3.792: inode has both inline data and extents flags [ 164.944421][ T26] audit: type=1800 audit(1778549591.226:37): pid=6472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.790" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 164.971280][ T6477] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.792: couldn't read orphan inode 15 (err -117) [ 165.009684][ T6477] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 165.250884][ T6491] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 165.345099][ T6491] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 165.385320][ T6491] EXT4-fs error (device loop2): ext4_orphan_get:1406: inode #13: comm syz.2.796: iget: bad i_size value: 12154757448730 [ 165.406643][ T6497] EXT4-fs (loop3): Ignoring removed orlov option [ 165.437221][ T6497] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,orlov,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 165.456615][ T6497] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 165.467850][ T6491] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.796: couldn't read orphan inode 13 (err -117) [ 165.537465][ T6491] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,nodelalloc,sysvgroups,jqfmt=vfsold,nombcache,grpjquota=.seclabel,,errors=continue. Quota mode: writeback. [ 165.698551][ T6491] EXT4-fs (loop2): re-mounted. Opts: usrjquota=,journal_ioprio=0x0000000000000001,stripe=0x0000000000. Quota mode: writeback. [ 165.916423][ T6512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.802'. [ 165.938951][ T6512] netlink: 12 bytes leftover after parsing attributes in process `syz.2.802'. [ 165.958538][ T6512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.802'. [ 165.978252][ T6512] netlink: 12 bytes leftover after parsing attributes in process `syz.2.802'. [ 166.096006][ T6515] set_capacity_and_notify: 2 callbacks suppressed [ 166.096021][ T6515] loop0: detected capacity change from 0 to 1024 [ 166.139986][ T6515] EXT4-fs (loop0): Ignoring removed orlov option [ 166.178217][ T6515] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable,orlov,nogrpid,errors=continue,,errors=continue. Quota mode: none. [ 166.642016][ T4449] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 166.985081][ T6528] netlink: 108 bytes leftover after parsing attributes in process `syz.2.807'. [ 167.000172][ T6528] netlink: 20 bytes leftover after parsing attributes in process `syz.2.807'. [ 167.002781][ T4449] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 167.045970][ T4449] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 167.068176][ T4449] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 167.172235][ T4449] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 167.181424][ T4449] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 167.210846][ T4449] usb 2-1: SerialNumber: syz [ 167.497672][ T6521] loop1: detected capacity change from 0 to 128 [ 167.598067][ T6521] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 167.653980][ T6521] ext4 filesystem being mounted at /144/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 167.718659][ T6553] loop4: detected capacity change from 0 to 512 [ 167.788912][ T4449] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 167.830997][ T4449] usb 2-1: USB disconnect, device number 13 [ 167.840180][ T6553] EXT4-fs (loop4): 1 truncate cleaned up [ 167.846076][ T6553] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,journal_dev=0x0000000000000006,,errors=continue. Quota mode: none. [ 168.351282][ T6566] loop4: detected capacity change from 0 to 512 [ 168.462048][ T6566] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 168.498897][ T6569] device pim6reg1 entered promiscuous mode [ 168.612060][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 168.714383][ T6571] loop1: detected capacity change from 0 to 128 [ 168.769275][ T6571] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 168.811525][ T6571] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 168.822903][ T6571] ext2 filesystem being mounted at /145/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.924993][ T6579] loop2: detected capacity change from 0 to 128 [ 169.031451][ T6579] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 169.054351][ T6588] loop4: detected capacity change from 0 to 1024 [ 169.071843][ T6579] ext4 filesystem being mounted at /175/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 169.111046][ T6589] device syzkaller0 entered promiscuous mode [ 169.220000][ T6588] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,nodioread_nolock,noquota,delalloc,journal_dev=0x0000000000000006,nodioread_nolock,,errors=continue. Quota mode: none. [ 169.331796][ T6588] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.458386][ T6596] tipc: Enabling of bearer rejected, failed to enable media [ 170.017713][ T6600] loop0: detected capacity change from 0 to 128 [ 170.313184][ T6607] loop4: detected capacity change from 0 to 512 [ 170.362086][ T6607] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 170.420980][ T6607] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 170.442397][ T4234] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 170.478875][ T6607] System zones: 1-12 [ 170.484105][ T6613] netlink: 12 bytes leftover after parsing attributes in process `syz.3.824'. [ 170.522562][ T6607] EXT4-fs (loop4): 1 truncate cleaned up [ 170.552624][ T6607] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,max_batch_time=0x0000000000000002,debug_want_extra_isize=0x000000000000006a,mb_optimize_scan=0x0000000000000001,debug,data=journal,,errors=continue. Quota mode: none. [ 170.679715][ T6621] IPVS: rr: FWM 3 0x00000003 - no destination available [ 170.810094][ T6626] loop0: detected capacity change from 0 to 512 [ 170.822036][ T4234] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 170.937539][ T6626] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 171.020111][ T4234] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 171.063060][ T6626] EXT4-fs error (device loop0): ext4_orphan_get:1432: comm syz.0.843: bad orphan inode 131083 [ 171.074309][ T6626] EXT4-fs (loop0): mounted filesystem without journal. Opts: stripe=0x000000000000003d,init_itable,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 171.082388][ T4234] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 171.189289][ T6625] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 171.202606][ T4234] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 171.237498][ T4234] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 171.295843][ T6625] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 171.307902][ T6625] ext2 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.356595][ T4234] usb 2-1: SerialNumber: syz [ 171.629873][ T6640] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 171.657580][ T6644] tmpfs: Unknown parameter 'grpquota' [ 171.688909][ T6644] netlink: 14 bytes leftover after parsing attributes in process `syz.2.849'. [ 171.752634][ T6644] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 171.798782][ T6644] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 171.815339][ T6599] set_capacity_and_notify: 1 callbacks suppressed [ 171.815356][ T6599] loop1: detected capacity change from 0 to 128 [ 171.928332][ T6644] bond0 (unregistering): Released all slaves [ 172.003512][ T6599] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 172.040186][ T6599] ext4 filesystem being mounted at /146/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 172.182842][ T4234] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 172.218766][ T4234] usb 2-1: USB disconnect, device number 14 [ 172.428532][ T6666] loop2: detected capacity change from 0 to 512 [ 172.497289][ T6666] EXT4-fs (loop2): mounted filesystem without journal. Opts: lazytime,errors=remount-ro,. Quota mode: writeback. [ 172.498529][ T6671] loop3: detected capacity change from 0 to 512 [ 172.520724][ T6666] ext4 filesystem being mounted at /182/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.554275][ T6671] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 172.583064][ T6671] EXT4-fs (loop3): 1 truncate cleaned up [ 172.589836][ T6671] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,errors=remount-ro,acl,noblock_validity,. Quota mode: none. [ 172.633572][ T26] kauditd_printk_skb: 512 callbacks suppressed [ 172.633587][ T26] audit: type=1800 audit(1778549598.916:550): pid=6671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.861" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 172.945408][ T6679] netlink: 14 bytes leftover after parsing attributes in process `syz.1.864'. [ 173.048943][ T6678] loop3: detected capacity change from 0 to 128 [ 173.112165][ T6678] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 173.173322][ T6678] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 173.184366][ T6678] ext2 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.242356][ T6679] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 173.317978][ T6679] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 173.390429][ T6679] bond0 (unregistering): Released all slaves [ 173.642984][ T6698] sg_write: data in/out 76/14 bytes for SCSI command 0x0-- guessing data in; [ 173.642984][ T6698] program syz.0.872 not setting count and/or reply_len properly [ 174.056365][ T6713] device syzkaller0 entered promiscuous mode [ 174.063128][ C0] hrtimer: interrupt took 663148 ns [ 174.125993][ T4449] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 174.146812][ T6718] netlink: 14 bytes leftover after parsing attributes in process `syz.3.881'. [ 174.182702][ T6718] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.206297][ T6718] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.225742][ T6718] bond0 (unregistering): Released all slaves [ 174.270173][ T6720] loop2: detected capacity change from 0 to 164 [ 174.298270][ T6720] ISOFS: unable to read i-node block [ 174.307319][ T6720] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 174.528264][ T4449] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 174.536263][ T6731] loop3: detected capacity change from 0 to 128 [ 174.596932][ T6731] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 174.706628][ T6731] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 174.717468][ T6731] ext2 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.941371][ T4449] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 174.952428][ T4449] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 175.042253][ T4449] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 175.086197][ T4449] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 175.146821][ T4449] usb 2-1: SerialNumber: syz [ 175.206280][ T6746] netlink: 4 bytes leftover after parsing attributes in process `syz.4.892'. [ 175.382488][ T6751] netlink: 14 bytes leftover after parsing attributes in process `syz.2.894'. [ 175.439217][ T6707] loop1: detected capacity change from 0 to 128 [ 175.556223][ T6754] loop2: detected capacity change from 0 to 128 [ 175.783177][ T6707] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 175.799558][ T6765] loop4: detected capacity change from 0 to 512 [ 175.862783][ T6772] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.902'. [ 175.868167][ T6707] ext4 filesystem being mounted at /150/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 175.875110][ T6772] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.902'. [ 175.944850][ T6765] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 175.963036][ T4449] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 175.996720][ T4449] usb 2-1: USB disconnect, device number 15 [ 176.076895][ T6765] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback. [ 176.160348][ T6765] ext4 filesystem being mounted at /150/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.179548][ T6786] loop0: detected capacity change from 0 to 128 [ 176.237762][ T6786] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 176.250508][ T6785] tmpfs: Unknown parameter 'grpquota' [ 176.330677][ T6786] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 176.342023][ T6786] ext2 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.357801][ T6787] netlink: 14 bytes leftover after parsing attributes in process `syz.3.908'. [ 176.778630][ T6795] EXT4-fs (loop4): Ignoring removed bh option [ 176.833724][ T6795] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 177.365085][ T6821] tmpfs: Unknown parameter 'grpquota' [ 177.462111][ T6824] netlink: 14 bytes leftover after parsing attributes in process `syz.2.922'. [ 177.562115][ T4604] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 177.997510][ T6843] set_capacity_and_notify: 1 callbacks suppressed [ 177.997527][ T6843] loop4: detected capacity change from 0 to 128 [ 178.400979][ T6843] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 178.402396][ T4604] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 178.440787][ T4604] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 178.472922][ T6843] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 178.484283][ T6843] ext2 filesystem being mounted at /161/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.527572][ T4604] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 178.717900][ T4604] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 178.737541][ T4604] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 178.750915][ T4604] usb 1-1: SerialNumber: syz [ 178.939482][ T6862] loop3: detected capacity change from 0 to 512 [ 178.948918][ T6863] tmpfs: Unknown parameter 'grpquota' [ 179.016311][ T6866] netlink: 14 bytes leftover after parsing attributes in process `syz.2.937'. [ 179.072368][ T6819] loop0: detected capacity change from 0 to 128 [ 179.159864][ T6819] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 179.184495][ T6871] netlink: 72 bytes leftover after parsing attributes in process `syz.3.939'. [ 179.212099][ T6819] ext4 filesystem being mounted at /205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 179.245279][ T6871] netlink: 12 bytes leftover after parsing attributes in process `syz.3.939'. [ 179.393999][ T26] audit: type=1804 audit(1778549605.676:551): pid=6879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.942" name="bus" dev="ramfs" ino=40234 res=1 errno=0 [ 179.443860][ T4604] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 179.457647][ T6880] loop3: detected capacity change from 0 to 256 [ 179.482914][ T4604] usb 1-1: USB disconnect, device number 9 [ 179.568802][ T6880] FAT-fs (loop3): Directory bread(block 64) failed [ 179.612270][ T6880] FAT-fs (loop3): Directory bread(block 65) failed [ 179.618952][ T6880] FAT-fs (loop3): Directory bread(block 66) failed [ 179.681143][ T6884] loop1: detected capacity change from 0 to 764 [ 179.689340][ T6880] FAT-fs (loop3): Directory bread(block 67) failed [ 179.711082][ T6880] FAT-fs (loop3): Directory bread(block 68) failed [ 179.728161][ T6884] rock: directory entry would overflow storage [ 179.767144][ T6880] FAT-fs (loop3): Directory bread(block 69) failed [ 179.794825][ T6884] rock: sig=0x4654, size=5, remaining=4 [ 179.812766][ T6886] loop4: detected capacity change from 0 to 128 [ 179.815702][ T6880] FAT-fs (loop3): Directory bread(block 70) failed [ 179.877018][ T6880] FAT-fs (loop3): Directory bread(block 71) failed [ 179.888190][ T6886] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 179.898983][ T6886] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.917850][ T26] audit: type=1804 audit(1778549606.196:552): pid=6886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.946" name="/newroot/164/file0/bus" dev="loop4" ino=12 res=1 errno=0 [ 179.962046][ T6880] FAT-fs (loop3): Directory bread(block 72) failed [ 179.968737][ T6880] FAT-fs (loop3): Directory bread(block 73) failed [ 180.080506][ T6890] netlink: 32 bytes leftover after parsing attributes in process `syz.4.947'. [ 180.763622][ T6907] loop2: detected capacity change from 0 to 128 [ 180.835938][ T6907] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 180.854885][ T6907] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 180.865746][ T6907] ext2 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.993498][ T6899] loop0: detected capacity change from 0 to 32768 [ 181.174958][ T6899] XFS (loop0): Mounting V5 Filesystem [ 181.336034][ T6899] XFS (loop0): Ending clean mount [ 181.384126][ T6904] loop3: detected capacity change from 0 to 32768 [ 181.540894][ T4190] XFS (loop0): Unmounting Filesystem [ 181.568457][ T6918] tmpfs: Unknown parameter 'grpquota' [ 181.670295][ T6920] netlink: 14 bytes leftover after parsing attributes in process `syz.3.955'. [ 181.760083][ T6897] loop4: detected capacity change from 0 to 32768 [ 181.817062][ T6897] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.951 (6897) [ 181.898545][ T6897] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 181.944187][ T6897] BTRFS info (device loop4): setting nodatacow, compression disabled [ 181.979109][ T6897] BTRFS info (device loop4): turning on flush-on-commit [ 182.008849][ T6897] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 182.050910][ T6897] BTRFS info (device loop4): use lzo compression, level 0 [ 182.090662][ T6897] BTRFS info (device loop4): setting nodatasum [ 182.122972][ T6897] BTRFS info (device loop4): use no compression [ 182.142297][ T6903] F2FS-fs (loop1): build fault injection attr: rate: 14, type: 0x1ffff [ 182.151538][ T6897] BTRFS info (device loop4): trying to use backup root at mount time [ 182.189424][ T6897] BTRFS info (device loop4): max_inline at 0 [ 182.205763][ T6903] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0xe4 [ 182.229234][ T6897] BTRFS info (device loop4): using free space tree [ 182.257688][ T6903] F2FS-fs (loop1): invalid crc value [ 182.283406][ T6897] BTRFS info (device loop4): has skinny extents [ 182.354957][ T6903] F2FS-fs (loop1): Found nat_bits in checkpoint [ 182.494810][ T5067] BTRFS warning (device loop4): checksum verify failed on 5332992 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 182.566626][ T6897] BTRFS warning (device loop4): couldn't read tree root [ 182.585117][ T4520] BTRFS warning (device loop4): checksum verify failed on 5324800 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 182.609271][ T6903] F2FS-fs (loop1) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x43c/0xaa0 [ 182.616932][ T6897] BTRFS warning (device loop4): couldn't read tree root [ 182.670729][ T6897] BTRFS error (device loop4): parent transid verify failed on 5255168 wanted 5 found 7 [ 182.753794][ T6897] BTRFS warning (device loop4): couldn't read tree root [ 182.770419][ T6903] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 182.776655][ T6946] device syzkaller0 entered promiscuous mode [ 182.866130][ T6897] BTRFS info (device loop4): enabling ssd optimizations [ 182.884982][ T6897] BTRFS info (device loop4): clearing free space tree [ 182.917489][ T6897] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 182.967703][ T6903] F2FS-fs (loop1) : inject no more block in inc_valid_node_count of f2fs_new_node_page+0x185/0x8f0 [ 183.006392][ T6897] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 183.053804][ T6903] attempt to access beyond end of device [ 183.053804][ T6903] loop1: rw=2049, want=45104, limit=40427 [ 183.120773][ T6897] BTRFS info (device loop4): creating free space tree [ 183.159457][ T6954] program syz.3.960 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.177977][ T6897] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 183.211324][ T6897] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 183.451096][ T4603] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 183.478199][ T4476] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop4 scanned by udevd (4476) [ 183.897026][ T4603] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 183.919332][ T4603] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 183.973039][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 183.981651][ T4603] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 184.132224][ T4603] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 184.151682][ T4603] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 184.202027][ T4603] usb 1-1: SerialNumber: syz [ 184.229153][ T6973] tmpfs: Unknown parameter 'grpquota' [ 184.313145][ T6977] netlink: 14 bytes leftover after parsing attributes in process `syz.1.967'. [ 184.467287][ T6955] set_capacity_and_notify: 1 callbacks suppressed [ 184.467303][ T6955] loop0: detected capacity change from 0 to 128 [ 184.589171][ T6985] loop4: detected capacity change from 0 to 2048 [ 184.624865][ T6955] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 184.664781][ T6955] ext4 filesystem being mounted at /209/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 184.831508][ T6985] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable=0x0000000000000001,errors=remount-ro,resgid=0x0000000000000000,barrier,quota,delalloc,. Quota mode: writeback. [ 184.988022][ T6985] ext4 filesystem being mounted at /169/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.143006][ T4603] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 185.172871][ T6999] sg_write: data in/out 76/14 bytes for SCSI command 0x0-- guessing data in; [ 185.172871][ T6999] program syz.2.976 not setting count and/or reply_len properly [ 185.190138][ T4603] usb 1-1: USB disconnect, device number 10 [ 185.220981][ T7000] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.971: bg 0: block 345: padding at end of block bitmap is not set [ 185.317504][ T7000] EXT4-fs (loop4): Remounting filesystem read-only [ 185.915479][ T7014] tmpfs: Unknown parameter 'grpquota' [ 186.136385][ T7024] netlink: 14 bytes leftover after parsing attributes in process `syz.2.983'. [ 186.252941][ T7029] loop1: detected capacity change from 0 to 128 [ 186.286329][ T7029] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 186.329738][ T7029] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 186.340518][ T7029] ext2 filesystem being mounted at /162/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.420630][ T7034] loop2: detected capacity change from 0 to 512 [ 186.594213][ T7034] EXT4-fs (loop2): Ignoring removed orlov option [ 186.680675][ T7034] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,orlov,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 186.731734][ T7043] netlink: 20 bytes leftover after parsing attributes in process `syz.3.991'. [ 186.741529][ T7043] netlink: 20 bytes leftover after parsing attributes in process `syz.3.991'. [ 186.755874][ T7034] ext4 filesystem being mounted at /209/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 186.909413][ T26] audit: type=1800 audit(1778549613.186:553): pid=7034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.988" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 187.251053][ T7059] netlink: 'syz.0.997': attribute type 10 has an invalid length. [ 187.886517][ T7063] loop0: detected capacity change from 0 to 1024 [ 188.043004][ T7063] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 188.054149][ T7063] ext4 filesystem being mounted at /214/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.293642][ T7069] tmpfs: Unknown parameter 'grpquota' [ 188.404215][ T7070] netlink: 14 bytes leftover after parsing attributes in process `syz.4.999'. [ 188.534699][ T7070] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.593466][ T7070] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.633318][ T7070] bond0 (unregistering): Released all slaves [ 188.879186][ T7075] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.897183][ T7075] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.921418][ T7075] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.939166][ T7075] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.382538][ T26] audit: type=1800 audit(1778549615.666:554): pid=7034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.988" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 190.146875][ T7054] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 190.548753][ T7089] tmpfs: Unknown parameter 'grpquota' [ 190.663512][ T7092] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1017'. [ 191.011034][ T7081] loop2: detected capacity change from 0 to 32768 [ 191.072500][ T7081] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1002 (7081) [ 191.140728][ T7081] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 191.180198][ T7081] BTRFS info (device loop2): using free space tree [ 191.187050][ T4604] Bluetooth: hci1: command 0x0406 tx timeout [ 191.199731][ T4604] Bluetooth: hci3: command 0x0406 tx timeout [ 191.216323][ T4604] Bluetooth: hci2: command 0x0406 tx timeout [ 191.222763][ T7081] BTRFS info (device loop2): has skinny extents [ 191.249656][ T4604] Bluetooth: hci4: command 0x0406 tx timeout [ 191.295412][ T7103] tipc: Trying to set illegal importance in message [ 191.514722][ T7081] BTRFS info (device loop2): enabling ssd optimizations [ 191.880098][ T7136] loop1: detected capacity change from 0 to 128 [ 191.950468][ T7139] tmpfs: Unknown parameter 'grpquota' [ 192.010215][ T7136] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 192.091458][ T7136] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 192.109907][ T7136] ext2 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.220826][ T7144] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1021'. [ 192.768741][ T26] audit: type=1326 audit(1778549619.046:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 192.903291][ T26] audit: type=1326 audit(1778549619.046:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.129311][ T26] audit: type=1326 audit(1778549619.076:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.153881][ T26] audit: type=1326 audit(1778549619.076:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.206759][ T7178] loop3: detected capacity change from 0 to 512 [ 193.289892][ T26] audit: type=1326 audit(1778549619.076:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.328201][ T7181] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 193.361394][ T7181] smc: net device nr0 erased user defined pnetid S [ 193.603712][ T26] audit: type=1326 audit(1778549619.076:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.665592][ T26] audit: type=1326 audit(1778549619.076:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.690154][ T26] audit: type=1326 audit(1778549619.076:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.715785][ T26] audit: type=1326 audit(1778549619.076:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7167 comm="syz.3.1030" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f0d98478dd9 code=0x7ffc0000 [ 193.864507][ T7189] tmpfs: Unknown parameter 'grpquota' [ 193.992654][ T7191] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1036'. [ 194.062902][ T7193] loop3: detected capacity change from 0 to 512 [ 194.156108][ T7193] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 194.191048][ T4235] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 194.199682][ T7193] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 194.217883][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.224306][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.236039][ T4235] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 194.270164][ T7193] EXT4-fs (loop3): 1 truncate cleaned up [ 194.281957][ T7193] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,dioread_nolock,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,bsdgroups,grpjquota=,,errors=continue. Quota mode: none. [ 194.812479][ T7206] process 'syz.4.1041' launched './file1' with NULL argv: empty string added [ 195.136855][ T7208] loop0: detected capacity change from 0 to 128 [ 195.217096][ T7208] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 195.268950][ T7208] ext4 filesystem being mounted at /227/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 196.303011][ T1109] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 196.387295][ T7223] loop2: detected capacity change from 0 to 128 [ 196.547841][ T7223] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 196.595081][ T7234] tmpfs: Unknown parameter 'grpquota' [ 196.650055][ T7223] ext4 filesystem being mounted at /214/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.682242][ T1109] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 196.719733][ T7234] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1051'. [ 196.731693][ T1109] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 196.799485][ T26] audit: type=1804 audit(1778549623.078:564): pid=7223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1048" name="/newroot/214/file0/bus" dev="loop2" ino=12 res=1 errno=0 [ 196.854968][ T1109] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 197.022232][ T1109] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 197.067765][ T1109] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 197.096898][ T1109] usb 5-1: SerialNumber: syz [ 197.211785][ T7247] loop3: detected capacity change from 0 to 1024 [ 197.290809][ T7247] EXT4-fs (loop3): Ignoring removed bh option [ 197.318476][ T7247] EXT4-fs (loop3): orphan cleanup on readonly fs [ 197.357549][ T7247] EXT4-fs error (device loop3): ext4_quota_enable:6440: comm syz.3.1054: Bad quota inum: 4294934528, type: 0 [ 197.373475][ T1109] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 197.394539][ T1109] usb 5-1: USB disconnect, device number 19 [ 197.492521][ T7247] EXT4-fs (loop3): Remounting filesystem read-only [ 197.499099][ T7247] EXT4-fs warning (device loop3): ext4_enable_quotas:6488: Failed to enable quota tracking (type=0, err=-117, ino=4294934528). Please run e2fsck to fix. [ 197.596378][ T7247] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 197.621969][ T7247] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,auto_da_alloc,bh,bsddf,abort,errors=remount-ro,. Quota mode: writeback. [ 197.998123][ T7256] loop4: detected capacity change from 0 to 128 [ 198.196636][ T7264] loop1: detected capacity change from 0 to 128 [ 198.296688][ T7256] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 198.370809][ T7266] loop0: detected capacity change from 0 to 128 [ 198.416044][ T7266] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 198.432558][ T7256] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.444711][ T7266] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 198.456474][ T7266] ext2 filesystem being mounted at /230/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.543619][ T7269] loop3: detected capacity change from 0 to 128 [ 198.608558][ T7269] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 198.637140][ T7269] ext4 filesystem being mounted at /253/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 199.533119][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1071'. [ 200.108715][ T7297] device ip6erspan0 entered promiscuous mode [ 200.322009][ T1112] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 200.445370][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1072'. [ 200.732297][ T1112] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 200.752843][ T1112] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 200.766786][ T7308] tmpfs: Unknown parameter 'grpquota' [ 200.792070][ T1112] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 200.875730][ T7310] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1075'. [ 200.912232][ T1112] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 200.929254][ T1112] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 200.947520][ T1112] usb 5-1: SerialNumber: syz [ 201.229418][ T1112] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 201.259195][ T1112] usb 5-1: USB disconnect, device number 20 [ 201.445679][ T7325] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 201.650326][ T7339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1089'. [ 201.679948][ T7337] loop3: detected capacity change from 0 to 1024 [ 201.697194][ T7339] team0: Port device team_slave_0 removed [ 201.776369][ T7337] EXT4-fs (loop3): Ignoring removed bh option [ 201.819748][ T7348] device syzkaller0 entered promiscuous mode [ 201.884259][ T7337] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,bh,,errors=continue. Quota mode: none. [ 201.905114][ T7337] ext4 filesystem being mounted at /257/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.968853][ T7337] EXT4-fs error (device loop3): ext4_map_blocks:741: inode #15: block 3: comm syz.3.1088: lblock 3 mapped to illegal pblock 3 (length 3) [ 202.057875][ T7358] device syzkaller0 entered promiscuous mode [ 202.066346][ T7337] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 202.085694][ T7337] EXT4-fs (loop3): This should not happen!! Data will be lost [ 202.085694][ T7337] [ 202.118747][ T7356] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 3: comm syz.3.1088: lblock 3 mapped to illegal pblock 3 (length 1) [ 202.168811][ T7335] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 4: comm syz.3.1088: lblock 4 mapped to illegal pblock 4 (length 2) [ 202.186605][ T7356] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 3: comm syz.3.1088: lblock 3 mapped to illegal pblock 3 (length 1) [ 202.209797][ T7335] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 4: comm syz.3.1088: lblock 4 mapped to illegal pblock 4 (length 2) [ 202.256890][ T7356] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 3: comm syz.3.1088: lblock 3 mapped to illegal pblock 3 (length 1) [ 202.278662][ T7335] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 4: comm syz.3.1088: lblock 4 mapped to illegal pblock 4 (length 2) [ 202.302488][ T7367] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 202.352224][ T7356] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 3: comm syz.3.1088: lblock 3 mapped to illegal pblock 3 (length 1) [ 202.385605][ T7335] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 4: comm syz.3.1088: lblock 4 mapped to illegal pblock 4 (length 2) [ 202.407882][ T7356] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #15: block 3: comm syz.3.1088: lblock 3 mapped to illegal pblock 3 (length 1) [ 202.432845][ T7374] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1099'. [ 202.496229][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 202.527348][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 202.552895][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 202.581227][ T7376] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 202.597396][ T7382] loop4: detected capacity change from 0 to 2048 [ 202.651589][ T7376] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 202.725116][ T7382] loop4: p1 < > p4 [ 202.725116][ T7382] p4: [ 202.766263][ T7382] loop4: p4 size 722688 extends beyond EOD, truncated [ 202.878792][ T7388] loop0: detected capacity change from 0 to 128 [ 202.897863][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 202.907909][ T7388] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 202.936210][ T7387] device syzkaller0 entered promiscuous mode [ 202.954399][ T7388] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 202.965549][ T7388] ext2 filesystem being mounted at /234/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.034756][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 203.178702][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 203.178721][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1105'. [ 203.235624][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 203.265572][ T4476] udevd[4476]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 203.301381][ T5445] udevd[5445]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 203.344336][ T7395] device ip6erspan0 entered promiscuous mode [ 203.354870][ T7376] hsr0 speed is unknown, defaulting to 1000 [ 203.420168][ T7399] loop4: detected capacity change from 0 to 512 [ 203.431229][ T7400] loop1: detected capacity change from 0 to 128 [ 203.487948][ T7403] loop2: detected capacity change from 0 to 256 [ 203.500199][ T7400] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 203.565815][ T7400] ext4 filesystem being mounted at /184/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.611317][ T7399] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 203.705181][ T26] audit: type=1804 audit(1778549629.988:565): pid=7400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1108" name="/newroot/184/file0/bus" dev="loop1" ino=12 res=1 errno=0 [ 203.719981][ T7399] ext4 filesystem being mounted at /199/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.834801][ T7416] loop3: detected capacity change from 0 to 1024 [ 203.951686][ T7416] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 203.977400][ T7419] loop2: detected capacity change from 0 to 2048 [ 204.099918][ T7419] loop2: p1 < > p4 [ 204.099918][ T7419] p4: [ 204.129135][ T7416] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,norecovery,max_batch_time=0x0000000000000005,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none. [ 204.164986][ T7419] loop2: p4 size 722688 extends beyond EOD, truncated [ 204.598407][ T4476] udevd[4476]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 204.614572][ T5445] udevd[5445]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 205.263366][ T7458] loop1: detected capacity change from 0 to 2048 [ 205.299406][ T7455] loop4: detected capacity change from 0 to 4096 [ 205.337539][ T7458] loop1: p1 < > p4 [ 205.337539][ T7458] p4: [ 205.372644][ T7458] loop1: p4 size 722688 extends beyond EOD, truncated [ 205.393653][ T7455] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,barrier=0x0000000000000857,,errors=continue. Quota mode: writeback. [ 205.546014][ T7455] EXT4-fs (loop4): shut down requested (2) [ 205.567621][ T7466] bridge0: port 3(vlan2) entered blocking state [ 205.584522][ T7466] bridge0: port 3(vlan2) entered disabled state [ 205.601530][ T7466] device vlan2 entered promiscuous mode [ 205.619728][ T7466] device geneve0 entered promiscuous mode [ 205.657148][ T7471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'. [ 205.679978][ T7471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'. [ 205.696230][ T5445] udevd[5445]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 205.721661][ T7472] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1130'. [ 205.758698][ T7472] device bridge_slave_1 left promiscuous mode [ 205.782619][ T7472] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.840204][ T7472] device bridge_slave_0 left promiscuous mode [ 205.865587][ T7475] EXT4-fs (loop1): Ignoring removed bh option [ 205.896149][ T7472] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.958329][ T7475] EXT4-fs (loop1): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,bh,,errors=continue. Quota mode: none. [ 205.988635][ T4476] udevd[4476]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 206.073750][ T7475] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 206.217927][ T7475] EXT4-fs error (device loop1): ext4_map_blocks:741: inode #15: block 3: comm syz.1.1135: lblock 3 mapped to illegal pblock 3 (length 3) [ 206.296946][ T7491] netlink: 'syz.2.1138': attribute type 10 has an invalid length. [ 206.339581][ T7475] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 206.401937][ T7475] EXT4-fs (loop1): This should not happen!! Data will be lost [ 206.401937][ T7475] [ 206.435573][ T7490] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 3: comm syz.1.1135: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.435581][ T7474] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 4: comm syz.1.1135: lblock 4 mapped to illegal pblock 4 (length 2) [ 206.481573][ T7490] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 3: comm syz.1.1135: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.528342][ T7493] [ 206.530734][ T7493] ====================================================== [ 206.537885][ T7493] WARNING: possible circular locking dependency detected [ 206.544942][ T7493] syzkaller #0 Not tainted [ 206.549387][ T7493] ------------------------------------------------------ [ 206.556423][ T7493] syz.3.1139/7493 is trying to acquire lock: [ 206.558386][ T7490] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 3: comm syz.1.1135: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.562427][ T7493] ffff8880777a2c58 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x20f/0x2df0 [ 206.586551][ T7493] [ 206.586551][ T7493] but task is already holding lock: [ 206.589786][ T7474] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 4: comm syz.1.1135: lblock 4 mapped to illegal pblock 4 (length 2) [ 206.593938][ T7493] ffff88806085e478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 206.617768][ T7493] [ 206.617768][ T7493] which lock already depends on the new lock. [ 206.617768][ T7493] [ 206.628206][ T7493] [ 206.628206][ T7493] the existing dependency chain (in reverse order) is: [ 206.637256][ T7493] [ 206.637256][ T7493] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 206.644856][ T7493] down_write+0x38/0x60 [ 206.649686][ T7493] ext4_destroy_inline_data+0x24/0xe0 [ 206.655618][ T7493] ext4_writepages+0x670/0x2df0 [ 206.661031][ T7493] do_writepages+0x476/0x6e0 [ 206.666185][ T7493] filemap_fdatawrite_wbc+0x1eb/0x240 [ 206.670336][ T7490] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 3: comm syz.1.1135: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.672120][ T7493] file_write_and_wait_range+0x14d/0x220 [ 206.672149][ T7493] ext4_sync_file+0x1ff/0xae0 [ 206.697605][ T7493] ext4_buffered_write_iter+0x338/0x3b0 [ 206.703737][ T7493] ext4_file_write_iter+0x74d/0x1700 [ 206.709587][ T7493] vfs_write+0x745/0xd60 [ 206.711438][ T7474] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 4: comm syz.1.1135: lblock 4 mapped to illegal pblock 4 (length 2) [ 206.728354][ T7493] __x64_sys_pwrite64+0x19a/0x220 [ 206.728381][ T7493] do_syscall_64+0x4c/0xa0 [ 206.728404][ T7493] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 206.745327][ T7493] [ 206.745327][ T7493] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 206.753829][ T7493] __lock_acquire+0x2c42/0x7d10 [ 206.759247][ T7493] lock_acquire+0x19e/0x400 [ 206.764345][ T7493] percpu_down_read+0x46/0x1b0 [ 206.769660][ T7493] ext4_writepages+0x20f/0x2df0 [ 206.775068][ T7493] do_writepages+0x476/0x6e0 [ 206.780209][ T7493] __writeback_single_inode+0x153/0xda0 [ 206.786319][ T7493] writeback_single_inode+0x3cb/0x8e0 [ 206.792256][ T7493] write_inode_now+0x23b/0x2c0 [ 206.797633][ T7493] iput+0x5ab/0x8a0 [ 206.798300][ T7490] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 3: comm syz.1.1135: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.802022][ T7493] ext4_xattr_set_entry+0x34f4/0x3ea0 [ 206.802050][ T7493] ext4_xattr_block_set+0x4fd/0x2d20 [ 206.827845][ T7493] ext4_expand_extra_isize_ea+0xf3f/0x19b0 [ 206.834345][ T7493] __ext4_expand_extra_isize+0x301/0x3e0 [ 206.840554][ T7493] __ext4_mark_inode_dirty+0x469/0x700 [ 206.846572][ T7493] ext4_evict_inode+0xa8d/0x1090 [ 206.852063][ T7493] evict+0x4c9/0x8d0 [ 206.856511][ T7493] ext4_orphan_cleanup+0xad2/0x1320 [ 206.858387][ T7474] EXT4-fs error (device loop1): ext4_map_blocks:631: inode #15: block 4: comm syz.1.1135: lblock 4 mapped to illegal pblock 4 (length 2) [ 206.862251][ T7493] ext4_fill_super+0x8d6e/0x94f0 [ 206.862277][ T7493] mount_bdev+0x287/0x3c0 [ 206.887215][ T7493] legacy_get_tree+0xe6/0x180 [ 206.892448][ T7493] vfs_get_tree+0x88/0x270 [ 206.897415][ T7493] do_new_mount+0x24a/0xa40 [ 206.902480][ T7493] __se_sys_mount+0x2e3/0x3d0 [ 206.907713][ T7493] do_syscall_64+0x4c/0xa0 [ 206.912686][ T7493] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 206.919138][ T7493] [ 206.919138][ T7493] other info that might help us debug this: [ 206.919138][ T7493] [ 206.929394][ T7493] Possible unsafe locking scenario: [ 206.929394][ T7493] [ 206.936875][ T7493] CPU0 CPU1 [ 206.942262][ T7493] ---- ---- [ 206.947653][ T7493] lock(&ei->xattr_sem); [ 206.952021][ T7493] lock(&sbi->s_writepages_rwsem); [ 206.959772][ T7493] lock(&ei->xattr_sem); [ 206.966660][ T7493] lock(&sbi->s_writepages_rwsem); [ 206.971886][ T7493] [ 206.971886][ T7493] *** DEADLOCK *** [ 206.971886][ T7493] [ 206.980060][ T7493] 3 locks held by syz.3.1139/7493: [ 206.985200][ T7493] #0: ffff8880563e80e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 206.995360][ T7493] #1: ffff8880563e8650 (sb_internal){++++}-{0:0}, at: ext4_evict_inode+0x44a/0x1090 [ 207.004900][ T7493] #2: ffff88806085e478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 207.015226][ T7493] [ 207.015226][ T7493] stack backtrace: [ 207.021155][ T7493] CPU: 1 PID: 7493 Comm: syz.3.1139 Not tainted syzkaller #0 [ 207.028553][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 207.038661][ T7493] Call Trace: [ 207.041977][ T7493] [ 207.044935][ T7493] dump_stack_lvl+0x188/0x250 [ 207.049653][ T7493] ? load_image+0x400/0x400 [ 207.054193][ T7493] ? show_regs_print_info+0x20/0x20 [ 207.059424][ T7493] ? print_circular_bug+0x12b/0x1a0 [ 207.064684][ T7493] check_noncircular+0x296/0x330 [ 207.069665][ T7493] ? look_up_lock_class+0x71/0x110 [ 207.074814][ T7493] ? add_chain_block+0x940/0x940 [ 207.079776][ T7493] ? lockdep_lock+0xf1/0x1f0 [ 207.084400][ T7493] ? mark_lock+0x94/0x320 [ 207.088761][ T7493] __lock_acquire+0x2c42/0x7d10 [ 207.093676][ T7493] ? mark_lock+0x94/0x320 [ 207.098044][ T7493] ? verify_lock_unused+0x140/0x140 [ 207.103284][ T7493] ? verify_lock_unused+0x140/0x140 [ 207.108517][ T7493] ? __lock_acquire+0x13bc/0x7d10 [ 207.113579][ T7493] ? 0xffffffffa002e000 [ 207.117775][ T7493] lock_acquire+0x19e/0x400 [ 207.122328][ T7493] ? ext4_writepages+0x20f/0x2df0 [ 207.127391][ T7493] ? check_noncircular+0x189/0x330 [ 207.132535][ T7493] ? __might_sleep+0xf0/0xf0 [ 207.137164][ T7493] ? read_lock_is_recursive+0x10/0x10 [ 207.142573][ T7493] ? mark_lock+0x94/0x320 [ 207.146940][ T7493] ? __lock_acquire+0x13bc/0x7d10 [ 207.152005][ T7493] percpu_down_read+0x46/0x1b0 [ 207.156795][ T7493] ? ext4_writepages+0x20f/0x2df0 [ 207.161851][ T7493] ext4_writepages+0x20f/0x2df0 [ 207.166755][ T7493] ? mark_lock+0x94/0x320 [ 207.171111][ T7493] ? verify_lock_unused+0x140/0x140 [ 207.176363][ T7493] ? mark_lock+0x94/0x320 [ 207.180725][ T7493] ? ext4_readpage+0x2e0/0x2e0 [ 207.185525][ T7493] ? __lock_acquire+0x13bc/0x7d10 [ 207.190585][ T7493] ? rcu_lock_release+0x5/0x20 [ 207.195395][ T7493] ? __lock_acquire+0x7d10/0x7d10 [ 207.200448][ T7493] ? do_raw_spin_lock+0x128/0x2f0 [ 207.205510][ T7493] ? do_raw_spin_unlock+0x11d/0x230 [ 207.210740][ T7493] ? ext4_readpage+0x2e0/0x2e0 [ 207.215565][ T7493] do_writepages+0x476/0x6e0 [ 207.220209][ T7493] ? __writepage+0x130/0x130 [ 207.224836][ T7493] ? writeback_single_inode+0x3c0/0x8e0 [ 207.230421][ T7493] ? __lock_acquire+0x7d10/0x7d10 [ 207.235485][ T7493] ? do_raw_spin_lock+0x128/0x2f0 [ 207.240553][ T7493] __writeback_single_inode+0x153/0xda0 [ 207.246142][ T7493] writeback_single_inode+0x3cb/0x8e0 [ 207.251694][ T7493] ? write_inode_now+0x2c0/0x2c0 [ 207.256689][ T7493] write_inode_now+0x23b/0x2c0 [ 207.261492][ T7493] ? bdi_split_work_to_wbs+0x8a0/0x8a0 [ 207.267095][ T7493] ? do_raw_spin_unlock+0x11d/0x230 [ 207.272422][ T7493] iput+0x5ab/0x8a0 [ 207.276274][ T7493] ext4_xattr_set_entry+0x34f4/0x3ea0 [ 207.281755][ T7493] ? ext4_xattr_ibody_set+0x330/0x330 [ 207.287172][ T7493] ? rcu_is_watching+0x11/0xa0 [ 207.291974][ T7493] ? kmem_cache_free+0x14c/0x210 [ 207.296963][ T7493] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 207.303070][ T7493] ext4_xattr_block_set+0x4fd/0x2d20 [ 207.308412][ T7493] ? ext4_get_inode_loc+0x120/0x120 [ 207.313668][ T7493] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 207.319429][ T7493] ? ext4_xattr_block_find+0x500/0x500 [ 207.324925][ T7493] ? ext4_xattr_block_find+0x433/0x500 [ 207.330439][ T7493] ext4_expand_extra_isize_ea+0xf3f/0x19b0 [ 207.336302][ T7493] __ext4_expand_extra_isize+0x301/0x3e0 [ 207.341981][ T7493] __ext4_mark_inode_dirty+0x469/0x700 [ 207.347494][ T7493] ext4_evict_inode+0xa8d/0x1090 [ 207.352467][ T7493] ? _raw_spin_unlock+0x24/0x40 [ 207.357459][ T7493] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 207.363390][ T7493] ? do_raw_spin_unlock+0x11d/0x230 [ 207.368631][ T7493] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 207.374564][ T7493] evict+0x4c9/0x8d0 [ 207.378509][ T7493] ? proc_nr_inodes+0x320/0x320 [ 207.383391][ T7493] ? do_raw_spin_unlock+0x11d/0x230 [ 207.388637][ T7493] ? _raw_spin_unlock+0x24/0x40 [ 207.393641][ T7493] ? iput+0x706/0x8a0 [ 207.397658][ T7493] ext4_orphan_cleanup+0xad2/0x1320 [ 207.402926][ T7493] ? ext4_orphan_del+0xbf0/0xbf0 [ 207.407900][ T7493] ? errseq_check_and_advance+0x62/0x120 [ 207.413569][ T7493] ext4_fill_super+0x8d6e/0x94f0 [ 207.418555][ T7493] ? format_decode+0x898/0x1300 [ 207.423461][ T7493] ? ext4_mount+0x40/0x40 [ 207.427827][ T7493] ? set_blocksize+0x1f3/0x370 [ 207.432633][ T7493] ? sb_set_blocksize+0xa5/0xe0 [ 207.437519][ T7493] mount_bdev+0x287/0x3c0 [ 207.441891][ T7493] ? ext4_mount+0x40/0x40 [ 207.446248][ T7493] legacy_get_tree+0xe6/0x180 [ 207.450967][ T7493] ? ext4_errno_to_code+0x160/0x160 [ 207.456208][ T7493] vfs_get_tree+0x88/0x270 [ 207.460739][ T7493] do_new_mount+0x24a/0xa40 [ 207.465285][ T7493] __se_sys_mount+0x2e3/0x3d0 [ 207.470040][ T7493] ? __x64_sys_mount+0xc0/0xc0 [ 207.474843][ T7493] ? lockdep_hardirqs_on+0x94/0x140 [ 207.480072][ T7493] ? __x64_sys_mount+0x1c/0xc0 [ 207.484874][ T7493] do_syscall_64+0x4c/0xa0 [ 207.489322][ T7493] ? clear_bhb_loop+0x30/0x80 [ 207.494028][ T7493] ? clear_bhb_loop+0x30/0x80 [ 207.498752][ T7493] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 207.504705][ T7493] RIP: 0033:0x7f0d9847a04a [ 207.509163][ T7493] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.528804][ T7493] RSP: 002b:00007f0d966d1e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 207.537263][ T7493] RAX: ffffffffffffffda RBX: 00007f0d966d1ee0 RCX: 00007f0d9847a04a [ 207.545274][ T7493] RDX: 0000200000000240 RSI: 0000200000000000 RDI: 00007f0d966d1ea0 [ 207.553308][ T7493] RBP: 0000200000000240 R08: 00007f0d966d1ee0 R09: 0000000000000000 [ 207.561325][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 207.569336][ T7493] R13: 00007f0d966d1ea0 R14: 000000000000047a R15: 000000000000002c [ 207.578204][ T7493] [ 207.638401][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #11: comm syz.3.1139: iget: bad extra_isize 90 (inode size 256) [ 207.652271][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.659314][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.1139: error while reading EA inode 11 err=-117 [ 207.674311][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.681037][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #11: comm syz.3.1139: iget: bad extra_isize 90 (inode size 256) [ 207.696384][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.703153][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.1139: error while reading EA inode 11 err=-117 [ 207.718897][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.725598][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #18: comm syz.3.1139: iget: bad extra_isize 90 (inode size 256) [ 207.739519][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.746265][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.1139: error while reading EA inode 18 err=-117 [ 207.759318][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.768493][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #18: comm syz.3.1139: iget: bad extra_isize 90 (inode size 256) [ 207.783852][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.790491][ T7493] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.1139: error while reading EA inode 18 err=-117 [ 207.804152][ T7493] EXT4-fs (loop3): Remounting filesystem read-only [ 207.810814][ T7493] EXT4-fs (loop3): 1 orphan inode deleted [ 207.830649][ T7493] EXT4-fs (loop3): mounted filesystem without journal. Opts: data_err=ignore,noload,debug_want_extra_isize=0x000000000000005a,errors=remount-ro,grpid,noquota,min_batch_time=0x0000000000000003,jqfmt=vfsold,. Quota mode: none. [ 214.062069][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!