last executing test programs: 1m48.153942933s ago: executing program 1 (id=1786): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) timer_create(0x2, 0x0, &(0x7f0000bbdffc)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x10000) 1m47.891712496s ago: executing program 1 (id=1788): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x41) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0xfff, 0x4000000007}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="11000000040000"], 0x48) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1, 0x0) pwrite64(r1, &(0x7f0000000140)="19", 0x1, 0xe7c) ioctl$VHOST_SET_VRING_NUM(r2, 0x4008af10, &(0x7f0000000200)={0x2, 0x80000000}) socket$inet6(0x10, 0x3, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./bus\x00', 0x204b82f, 0x0, 0x0, 0x0, &(0x7f0000000540)) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x7, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffc00, 0x0, 0x0, 0x0, 0x3}, [@alu={0x4, 0x1, 0x9, 0x0, 0x0, 0x1}]}, &(0x7f00000005c0)='syzkaller\x00', 0x2}, 0x94) 1m46.179447662s ago: executing program 1 (id=1793): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1, &(0x7f00000001c0)=0x32, 0xfffffc41) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c) listen(r0, 0x2000000) r1 = socket$netlink(0x10, 0x3, 0x15) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000100)="580000001400add427323b470c45b45602067fffffff81006e22000d00ff0028925aa8002000eaa57b00090080000efffeffe809000000ff0000f03a0200f00000000000000001ffffffffe7ee00000000000000000200", 0x57}], 0x1) syz_mount_image$nilfs2(&(0x7f0000000240), &(0x7f0000000000)='./file2\x00', 0x10, &(0x7f0000000200)=ANY=[], 0x1, 0xaf0, &(0x7f00000023c0)="$eJzs3V2IXFfhAPBzd3c2u2n7zzT/xKxpbJNW2/rRTbNZ40fQpCQIhkbEl0LxJaRpDcYIVlBLoUmefLOlpOCTH/jUl1JFsCAS+uRLwQaK0Kcq6ENDxIIPNZqM7Mw5M3fOzmRmNrszu5nfD+6eOfece8+5s3fu9z0nAGNrov53cXGuCOHiGy8fff/Bv88ujTnUzFGt/50qxSohhCLGp7L5vTfZCK9/8PzJTmERFup/Uzx87Wpz2jtCCOfC7nApVMPOi5dfemvh8ePnj13Y8/arB6+szdIDAMB4+fqlg4vb//Kne+6+9tq9h8Om5vh0fF5NI2Yax/2H44F/Ov6fCO3xojSUTWf5puIwMdueb7JDvnI5lSzfVJfyp7PyK13ybQo3L3+yNK7TcsNGltbjaigm5kMIm5vxiYn5+cY5eaif108X82dPn3n62RFVFFh1/7ovhLC7NBy50B5fb8OhdVCHFQ61dVCHDTkcHl5Z12oNI1/mIQ21LaPeAgE05PcLlzmXX1m4Nc25TfVX/tXHJjpPD6tg2Ov/QOVPj7j8oPxfnbfFYfXcrmtTWq70O7ozxvP7CPnzS6/8vn26lvxOR/vY/H5Epc96druP0Hn8C33OdXi61X9yyPVYqW71z9eL29WXYpi+hy+3pd7X9vvJ/6cb5X8MdPZhfv3fYDCs7yG0xSu3Mq/aiLc/wPqVPzdXS/dHo/y5vjx9U4/0mR7psz3SN/dIv6NHOoyz33z/J+HFonW9Kz+nH/R6eLrOdlcM/2/A+uTXIwctP3/ud1C3Wn7+PDGsZ7878cSpzz/15OXG8/9Fc/2/Edf3dLpRjb+tSzFDul6YX1dvPvtfbS9noku+rUuRHa18d3XIX/+8rX1+xbbWfEJpO7OsHnPt023plm9Xe75qlm82DjPt2ZYdn2zOpkvHH2m7mr6vqWx5K9lyTGf1SNuVu2OY1wNWIq2P6fn/1vsAjef/0/o5FyrF06fPnHo0xtN6+sfJyqal8fuGXG9g9XT7/af911xof//nzub4ykR5u7ClNb5obBdej/NrH7/QLKc0vrRTS/u5b03O1vPPn/zumafWYLlhnD37o+e+feLMmVPf82HFH76yPqoxyId02rJe6uPDoB92r3URI94wAWtu7wuNg4BHTn/nxDOnnjl1dv+BA/sXFg58Yf/i3vpx/d7y0X3ZuRHUFlhNrZ3+qGsCAAAAAAAAAAAA9OsHx45efufNz73beP+/9f5fev8/Pfmb3v//cfb+f/6efHoPPr0HeHeH9HqerIHV6SxfJQ7/n9U3NQNQxKZwt2fTfSSGzX784vv/qbi8XddUnx3Z+EqXaNacwLL2UqazNkjy/gLvj+GFGP4ywAgVs51Hx/Am7VsXH5bW9dQ+RekV3pr2gTeO9H/L2y9K7393bNepw/vabCzDeGNx1MsIdPaPsWr/+5+tBR95XQzdh6nhlvfT8V0nal2P0vvtwQZgdSxvbzfr82qN+//8W2iUm65/nv3DV2eWhpTt6mPt28utq1obxs2f32mPr/f+J9e6/LzfvmGXP+rlH3b/n83+7+L2L233um//sh7zqisr998/u/Juqdiws9/y8+VP7UBvG6z8a7H8tDQPhf7Kr/0iKz+/IdSn/2Tlb+6z/GXLv2v5vPtpg/6/sfz0tT38QL/lN2pcTLTXYzZbjnT/L79unFzPlj+17XmT8r/xXKflX2FHjTdi+TDOuvV/utFlxxHNg/Ze/f8Ouv+/1f5/m5XNNmv5cxifjfG0IU7POeT9nQxa//R8RdoPbM/mX/TYv+n/d2P7Ygx7/R5S/79pfazGXX4pXv8uU7zS4bu9Xbc1sFG9N1b3/4Y1XGmcBq1s+pnR19+wbEiHTcvTapMrmF/zHH3Ey1Wr1db2glYPIy2ckX//o777POrzlPtHXH4vef+/+TF83v9vnp73/5un5/3/5umz8T/0fpf0vP/ffH3O+//N03dk8837B57rkf7RDulFaKXv7Dx987T9nh7z39Uj/WM90vc00w+15Ujp9950+la+bvPf2iP9gR7pH++R/oke6Q/2SH+4lF7uAzqlfzKbvsjSb3dp+9Pt+wNuX/n7eX7/MD7S/Z9uv/9trfTpcpbh1hJYC6+8tu/Ik7/+ZrXx/v9083pIuo93OMYr8dzohzGe3/cOpfhS2psx/tcsfdTXm4CWvP2MfP//UI90YONKz3n5fcMYKmY6j45hr3aruh3ns7F8KoafjuFnYvhIDOdjuDeG+2K4MKT6sTaOvP7bgy8WrfP9LVl6v8+T5+8DtbUTFULY32d98usDgz7PnrfjN6hbLX+Fr4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMzET97+LiXBHCxTdePvrE8dN7l8Ycauao1v9OlWKV5nQhPBrDyRj+PH64/sHzJ8vhjRgWYSEUoWiOP1eqyx31+O5wKVTDzouXX3pr4fHj549d2PP2qwevrNkXAAAAAGPgfwEAAP//cS8HWw==") socket$nl_generic(0x10, 0x3, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000040)=0x3, 0x12) 1m42.922235085s ago: executing program 1 (id=1796): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file1\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 1m42.342065274s ago: executing program 1 (id=1798): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={0x0, 0x7, 0x329a, 0x7f, 0x71, 0x3}, &(0x7f0000000280)=0x14) 1m41.014411631s ago: executing program 1 (id=1800): socket$inet6_icmp(0xa, 0x2, 0x3a) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}]}) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="02030003130000000007000000000000030006000000000002001000ac1e01010000000000000000030005000000000002000000ffffffff000000000000000002000100000000000000060c0000002005000900e800000053bb467d04f14562c5f463273ef4a720684ea3386f189aca9f564e485a000000040004"], 0x98}, 0x1, 0x7}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r0, 0x0, 0x0) syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x1a1003) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3004c8d4}, 0x80) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_matches\x00') r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0xfffffffffffffff5, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0xffffffffffffff01, 0x2}, @TCA_FQ_PLIMIT={0x0, 0x1, 0x5}]}}]}, 0x48}}, 0x0) sendfile(r3, r3, &(0x7f0000000240)=0x3, 0x8f) 1m39.907371466s ago: executing program 32 (id=1800): socket$inet6_icmp(0xa, 0x2, 0x3a) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}]}) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="02030003130000000007000000000000030006000000000002001000ac1e01010000000000000000030005000000000002000000ffffffff000000000000000002000100000000000000060c0000002005000900e800000053bb467d04f14562c5f463273ef4a720684ea3386f189aca9f564e485a000000040004"], 0x98}, 0x1, 0x7}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r0, 0x0, 0x0) syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x1a1003) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3004c8d4}, 0x80) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_matches\x00') r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0xfffffffffffffff5, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0xffffffffffffff01, 0x2}, @TCA_FQ_PLIMIT={0x0, 0x1, 0x5}]}}]}, 0x48}}, 0x0) sendfile(r3, r3, &(0x7f0000000240)=0x3, 0x8f) 13.578779249s ago: executing program 4 (id=2050): socket$inet6_icmp(0xa, 0x2, 0x3a) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="02030003130000000007000000000000030006000000000002001000ac1e01010000000000000000030005000000000002000000ffffffff000000000000000002000100000000000000060c0000002005000900e800000053bb467d04f14562c5f463273ef4a720684ea3386f189aca9f564e485a000000040004"], 0x98}, 0x1, 0x7}, 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f00000005c0), 0x0, &(0x7f0000000000)={[{@upperdir, 0x5c}]}) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x1a1003) ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f00000000c0)={0x0, 0x0, {0xfffff001, 0x1, 0x2019, 0x5, 0x6, 0x4, 0x2, 0x3}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3004c8d4}, 0x80) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0xfffffffffffffff5, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0xffffffffffffff01, 0x2}, @TCA_FQ_PLIMIT={0x0, 0x1, 0x5}]}}]}, 0x48}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x3, 0x8f) 12.018388317s ago: executing program 4 (id=2057): ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c000180140003000000000000000000000000000000000114000400000000000000000000000000000000010c00028005000100000000000c00068008000200ac14141808000740000000"], 0x12c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) 8.411549498s ago: executing program 2 (id=2066): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x12, 0x7, 0x4, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xfb1585202ff31891}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 8.283858364s ago: executing program 2 (id=2068): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0xfffffffffffffe42, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c) listen(r0, 0x2000000) r1 = socket$netlink(0x10, 0x3, 0x15) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000100)="580000001400add427323b470c45b45602067fffffff81006e22000d00ff0028925aa8002000eaa57b00090080000efffeffe809000000ff0000f03a0200f00000000000000001ffffffffe7ee00000000000000000200", 0x57}], 0x1) syz_mount_image$nilfs2(&(0x7f0000000240), &(0x7f0000000000)='./file2\x00', 0x10, &(0x7f0000000200)=ANY=[], 0x1, 0xaf0, &(0x7f00000023c0)="$eJzs3V2IXFfhAPBzd3c2u2n7zzT/xKxpbJNW2/rRTbNZ40fQpCQIhkbEl0LxJaRpDcYIVlBLoUmefLOlpOCTH/jUl1JFsCAS+uRLwQaK0Kcq6ENDxIIPNZqM7Mw5M3fOzmRmNrszu5nfD+6eOfece8+5s3fu9z0nAGNrov53cXGuCOHiGy8fff/Bv88ujTnUzFGt/50qxSohhCLGp7L5vTfZCK9/8PzJTmERFup/Uzx87Wpz2jtCCOfC7nApVMPOi5dfemvh8ePnj13Y8/arB6+szdIDAMB4+fqlg4vb//Kne+6+9tq9h8Om5vh0fF5NI2Yax/2H44F/Ov6fCO3xojSUTWf5puIwMdueb7JDvnI5lSzfVJfyp7PyK13ybQo3L3+yNK7TcsNGltbjaigm5kMIm5vxiYn5+cY5eaif108X82dPn3n62RFVFFh1/7ovhLC7NBy50B5fb8OhdVCHFQ61dVCHDTkcHl5Z12oNI1/mIQ21LaPeAgE05PcLlzmXX1m4Nc25TfVX/tXHJjpPD6tg2Ov/QOVPj7j8oPxfnbfFYfXcrmtTWq70O7ozxvP7CPnzS6/8vn26lvxOR/vY/H5Epc96druP0Hn8C33OdXi61X9yyPVYqW71z9eL29WXYpi+hy+3pd7X9vvJ/6cb5X8MdPZhfv3fYDCs7yG0xSu3Mq/aiLc/wPqVPzdXS/dHo/y5vjx9U4/0mR7psz3SN/dIv6NHOoyz33z/J+HFonW9Kz+nH/R6eLrOdlcM/2/A+uTXIwctP3/ud1C3Wn7+PDGsZ7878cSpzz/15OXG8/9Fc/2/Edf3dLpRjb+tSzFDul6YX1dvPvtfbS9noku+rUuRHa18d3XIX/+8rX1+xbbWfEJpO7OsHnPt023plm9Xe75qlm82DjPt2ZYdn2zOpkvHH2m7mr6vqWx5K9lyTGf1SNuVu2OY1wNWIq2P6fn/1vsAjef/0/o5FyrF06fPnHo0xtN6+sfJyqal8fuGXG9g9XT7/af911xof//nzub4ykR5u7ClNb5obBdej/NrH7/QLKc0vrRTS/u5b03O1vPPn/zumafWYLlhnD37o+e+feLMmVPf82HFH76yPqoxyId02rJe6uPDoB92r3URI94wAWtu7wuNg4BHTn/nxDOnnjl1dv+BA/sXFg58Yf/i3vpx/d7y0X3ZuRHUFlhNrZ3+qGsCAAAAAAAAAAAA9OsHx45efufNz73beP+/9f5fev8/Pfmb3v//cfb+f/6efHoPPr0HeHeH9HqerIHV6SxfJQ7/n9U3NQNQxKZwt2fTfSSGzX784vv/qbi8XddUnx3Z+EqXaNacwLL2UqazNkjy/gLvj+GFGP4ywAgVs51Hx/Am7VsXH5bW9dQ+RekV3pr2gTeO9H/L2y9K7393bNepw/vabCzDeGNx1MsIdPaPsWr/+5+tBR95XQzdh6nhlvfT8V0nal2P0vvtwQZgdSxvbzfr82qN+//8W2iUm65/nv3DV2eWhpTt6mPt28utq1obxs2f32mPr/f+J9e6/LzfvmGXP+rlH3b/n83+7+L2L233um//sh7zqisr998/u/Juqdiws9/y8+VP7UBvG6z8a7H8tDQPhf7Kr/0iKz+/IdSn/2Tlb+6z/GXLv2v5vPtpg/6/sfz0tT38QL/lN2pcTLTXYzZbjnT/L79unFzPlj+17XmT8r/xXKflX2FHjTdi+TDOuvV/utFlxxHNg/Ze/f8Ouv+/1f5/m5XNNmv5cxifjfG0IU7POeT9nQxa//R8RdoPbM/mX/TYv+n/d2P7Ygx7/R5S/79pfazGXX4pXv8uU7zS4bu9Xbc1sFG9N1b3/4Y1XGmcBq1s+pnR19+wbEiHTcvTapMrmF/zHH3Ey1Wr1db2glYPIy2ckX//o777POrzlPtHXH4vef+/+TF83v9vnp73/5un5/3/5umz8T/0fpf0vP/ffH3O+//N03dk8837B57rkf7RDulFaKXv7Dx987T9nh7z39Uj/WM90vc00w+15Ujp9950+la+bvPf2iP9gR7pH++R/oke6Q/2SH+4lF7uAzqlfzKbvsjSb3dp+9Pt+wNuX/n7eX7/MD7S/Z9uv/9trfTpcpbh1hJYC6+8tu/Ik7/+ZrXx/v9083pIuo93OMYr8dzohzGe3/cOpfhS2psx/tcsfdTXm4CWvP2MfP//UI90YONKz3n5fcMYKmY6j45hr3aruh3ns7F8KoafjuFnYvhIDOdjuDeG+2K4MKT6sTaOvP7bgy8WrfP9LVl6v8+T5+8DtbUTFULY32d98usDgz7PnrfjN6hbLX+Fr4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMzET97+LiXBHCxTdePvrE8dN7l8Ycauao1v9OlWKV5nQhPBrDyRj+PH64/sHzJ8vhjRgWYSEUoWiOP1eqyx31+O5wKVTDzouXX3pr4fHj549d2PP2qwevrNkXAAAAAGPgfwEAAP//cS8HWw==") socket$nl_generic(0x10, 0x3, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000040)=0x3, 0x12) 7.630011687s ago: executing program 0 (id=2069): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x800, 0x0, 0x103, 0x1, 0x3}, 0x20) syz_open_dev$usbfs(&(0x7f0000000040), 0x9, 0x200800) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) dup3(r0, 0xffffffffffffffff, 0x80000) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) 6.999821849s ago: executing program 2 (id=2071): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet6(0xa, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000340), &(0x7f0000000400)=r1}, 0x20) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x16, &(0x7f0000000380)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}, @remote, @void, {@llc={0x4, {@snap={0x1, 0x1, "c8", "118190", 0x60}}}}}, 0x0) 6.915708953s ago: executing program 4 (id=2072): semtimedop(0xffffffffffffffff, &(0x7f0000000040)=[{0x1, 0x21a8}], 0x1, &(0x7f0000000080)={0x77359400}) r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) syz_usb_connect(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) inotify_init() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x14, 0x35, 0x301, 0x70bd26, 0x25dfdbfe, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x1882}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0xc000) futex(&(0x7f0000000000)=0x1, 0x8, 0x82, 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000480)='hpfs\x00', 0x10008, 0x0) sched_getparam(r1, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_clone(0x2008400, 0x0, 0x0, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r6 = syz_open_procfs(r5, 0x0) fchdir(r6) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) 6.877861995s ago: executing program 0 (id=2074): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000001c0)={0x28, 0x2, r0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000002c0)={0x28, 0x3, r0, 0x0, &(0x7f0000343000/0xf000)=nil, 0xf000, 0x8000000004000004}) syz_emit_ethernet(0x5e, &(0x7f00000000c0)={@link_local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0xd, 0x4, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @empty, @dev, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@empty}, {@broadcast}, {@dev}]}, @end]}}}}}}}, 0x0) truncate(&(0x7f0000000280)='./file1\x00', 0x1bf8) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r0, r0, 0x3, 0xfffffffffffffffa, 0x3fff}) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000340)={0x3, 0xb, 0x1, 'queue1\x00', 0x8001}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) get_robust_list(0x0, &(0x7f0000000540)=0x0, &(0x7f0000000200)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) lseek(r3, 0x851, 0x1) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc}) r4 = memfd_secret(0x80000) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r4, 0x8010661b, &(0x7f0000000300)) r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000000c0)={0x7, @win={{0x0, 0x2, 0x7dd3, 0xd}, 0x8, 0x6, 0x0, 0xd55d, 0x0, 0x1}}) 6.741698732s ago: executing program 2 (id=2075): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_mtu(r1, 0x29, 0x50, 0x0, &(0x7f0000000000)) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c) r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xca) bind$ax25(r4, &(0x7f0000000280)={{0x3, @default, 0x5}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @null]}, 0x48) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={0x0, 0xf32f, 0xfe000000}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x6, 0x810, 0x208, 0xe, 0x2, 0x3, 0x8, 0x9, r5}, 0x20) setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) syz_emit_ethernet(0x80, &(0x7f0000000580)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000286dd605f1060004a2f00fc00000000000000"], 0x0) socket$can_bcm(0x1d, 0x2, 0x2) unshare(0x22020400) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x40, 0x6, 0x8}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0xb, 0xfffffffd, 0x6, 0x1200, r6, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x50) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r7, &(0x7f0000000040)="09000000010001", 0x7) socket$inet6_sctp(0xa, 0x801, 0x84) 5.005154059s ago: executing program 3 (id=2076): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x12, 0x7, 0x4, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xfb1585202ff31891}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 4.98464517s ago: executing program 2 (id=2077): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x49c002, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) timer_create(0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x3}, [@tail_call={{}, {0x5}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000100)={[{@grpid}, {@auto_da_alloc}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x7, 0x4d4, &(0x7f0000000180)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpiuJN4NDEejTdNvOrRePIPwIMHE0NCDBfA05jZnWm3291ttz8p+/kk232e2WfmeZ6ZeWaffZ7OBNCzhrI/ScT/IuJORDxVjy5MMFR/e3j/+sSj+9cnYjZNz/yT1NI9yOK5Yr2deWS4FFH6MmnaYN301WsXxqvVqSt5fHTm4mej01evvX7+4vi5qXNTl8ZOnTpx/NjJN8fe6L5SLfLL6vVg/xeXD+x79+zt9yfKxfKB/L2xHm2VuyvGUIfPXuluU4+9XQ3hZPF+urGhhWHZBvLTupK1/+vVw2c3u0DAhknTNO1v//Fs2uzmoiXAlpXEZpcA2BzFF332+7d4bVDX47Fw73T9B1BW74f5q/5JOUp5mkrT79u1NBQRH8/++032ik7jEH+uUwEAgJ7zy+miJ9jc/yvF3oZ0/8/nUAYj4umI2B0Rz0TEnoh4NqKW9rmIeL45gyQi7ZD/nqb4fP4/5rMIpburrmQHWf/vrXxua2H/r+j9xWBfHtsVUXSYp47m+2Q4Kv2fnK9OHWuz/W1L5N/Y/8teWf5FXzAvx91y0wDd5PjM+Mpqu9i9mxH7y831T8rZgSumcZKI2BcR+7vY7mBD+Pxr3x2Yi1Ty96/rb0vXvyZtMaXX9XxcK+m3Ea/Wj/9sNB7/ZD7HpPP85OhAVKeOjmZnwdGWefz2+60P2uW/ZP1/+qt5lXdO/nxm1fUuZMd/R8P5H8X87fwk6mASkczN105HpH3d5XHrj/YrrPT835Z8VAsX7evz8ZmZK8citiXvLV4+Nr9uES/SZ/UfPtK6/e/O18n2xAsRkZ3EL0bESxFxMC/7oYg4HBFHOtT/17df/nTl9V9fWf0nW17/Fhz/+fn6ZQaKlbMlfRcO3XnU5uKxvON/ohYazpe0vv4lCy4Ryy3p6vYeAAAAbA2lqP3vf2lkLlwqjYzUx4D2xI5S9fL0zMGIuDRZv0dgMCqlYqSrPh5cSYrxz8GG+FhT/Hg+bvxV3/ZafGTicnVysysPPW5nrc0ni9p/5u8ux3mBLWgN5tGALWqp9r/39gYVBNhwvv+hdzW0/9k2SWb9pww8mXz/Q+9q1f5vxPcd711wzYCtL9WWoadp/9C7yvHhXLh223PLu22BJ5Hvf+hJ3d7Xv5xA8biGaxfS/tZpBqLFEwMG1rgYeWB7i7w2JZD1rNZwg5WIWF7i7SvJougCtn/CQ6m7DfbH4o/6otNaSRfPcSgC2V5ZMvG5vWt+8hfPRFnr0+aH+XZaaTgW5aWOzuoDG3oZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDf/BQAA//8mic8a") r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f00000000c0)={@host}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r4, &(0x7f0000000140)='3', 0x1, 0xc00) 4.413739309s ago: executing program 3 (id=2078): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) open(0x0, 0x101400, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) r0 = dup(0xffffffffffffffff) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) r1 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x260e, 0x10100, 0xfffffffd, 0x170}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r1, 0x708, 0x41e3, 0x0, 0x0, 0x0) io_setup(0x8, &(0x7f0000000680)=0x0) io_pgetevents(r4, 0x2, 0x2, &(0x7f0000000100)=[{}, {}], 0x0, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000001a40)=""/102392, 0x18ff8) ioprio_get$uid(0x3, 0x0) 4.221740759s ago: executing program 0 (id=2079): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="02030003130000000007000000000000030006000000000002001000ac1e01010000000000000000030005000000000002000000ffffffff000000000000000002000100000000000000060c0000002005000900e800000053bb467d04f14562c5f463273ef4a720684ea3386f189aca9f564e485a000000040004"], 0x98}, 0x1, 0x7}, 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f00000005c0), 0x0, &(0x7f0000000000)={[{@upperdir, 0x5c}]}) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x1a1003) ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f00000000c0)={0x0, 0x0, {0xfffff001, 0x1, 0x2019, 0x5, 0x6, 0x4, 0x2, 0x3}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3004c8d4}, 0x80) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0xfffffffffffffff5, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0xffffffffffffff01, 0x2}, @TCA_FQ_PLIMIT={0x0, 0x1, 0x5}]}}]}, 0x48}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x3, 0x8f) 3.048969568s ago: executing program 4 (id=2080): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0xfffffffffffffe42, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c) listen(r0, 0x2000000) r1 = socket$netlink(0x10, 0x3, 0x15) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000100)="580000001400add427323b470c45b45602067fffffff81006e22000d00ff0028925aa8002000eaa57b00090080000efffeffe809000000ff0000f03a0200f00000000000000001ffffffffe7ee00000000000000000200", 0x57}], 0x1) syz_mount_image$nilfs2(&(0x7f0000000240), &(0x7f0000000000)='./file2\x00', 0x10, &(0x7f0000000200)=ANY=[], 0x1, 0xaf0, &(0x7f00000023c0)="$eJzs3V2IXFfhAPBzd3c2u2n7zzT/xKxpbJNW2/rRTbNZ40fQpCQIhkbEl0LxJaRpDcYIVlBLoUmefLOlpOCTH/jUl1JFsCAS+uRLwQaK0Kcq6ENDxIIPNZqM7Mw5M3fOzmRmNrszu5nfD+6eOfece8+5s3fu9z0nAGNrov53cXGuCOHiGy8fff/Bv88ujTnUzFGt/50qxSohhCLGp7L5vTfZCK9/8PzJTmERFup/Uzx87Wpz2jtCCOfC7nApVMPOi5dfemvh8ePnj13Y8/arB6+szdIDAMB4+fqlg4vb//Kne+6+9tq9h8Om5vh0fF5NI2Yax/2H44F/Ov6fCO3xojSUTWf5puIwMdueb7JDvnI5lSzfVJfyp7PyK13ybQo3L3+yNK7TcsNGltbjaigm5kMIm5vxiYn5+cY5eaif108X82dPn3n62RFVFFh1/7ovhLC7NBy50B5fb8OhdVCHFQ61dVCHDTkcHl5Z12oNI1/mIQ21LaPeAgE05PcLlzmXX1m4Nc25TfVX/tXHJjpPD6tg2Ov/QOVPj7j8oPxfnbfFYfXcrmtTWq70O7ozxvP7CPnzS6/8vn26lvxOR/vY/H5Epc96druP0Hn8C33OdXi61X9yyPVYqW71z9eL29WXYpi+hy+3pd7X9vvJ/6cb5X8MdPZhfv3fYDCs7yG0xSu3Mq/aiLc/wPqVPzdXS/dHo/y5vjx9U4/0mR7psz3SN/dIv6NHOoyz33z/J+HFonW9Kz+nH/R6eLrOdlcM/2/A+uTXIwctP3/ud1C3Wn7+PDGsZ7878cSpzz/15OXG8/9Fc/2/Edf3dLpRjb+tSzFDul6YX1dvPvtfbS9noku+rUuRHa18d3XIX/+8rX1+xbbWfEJpO7OsHnPt023plm9Xe75qlm82DjPt2ZYdn2zOpkvHH2m7mr6vqWx5K9lyTGf1SNuVu2OY1wNWIq2P6fn/1vsAjef/0/o5FyrF06fPnHo0xtN6+sfJyqal8fuGXG9g9XT7/af911xof//nzub4ykR5u7ClNb5obBdej/NrH7/QLKc0vrRTS/u5b03O1vPPn/zumafWYLlhnD37o+e+feLMmVPf82HFH76yPqoxyId02rJe6uPDoB92r3URI94wAWtu7wuNg4BHTn/nxDOnnjl1dv+BA/sXFg58Yf/i3vpx/d7y0X3ZuRHUFlhNrZ3+qGsCAAAAAAAAAAAA9OsHx45efufNz73beP+/9f5fev8/Pfmb3v//cfb+f/6efHoPPr0HeHeH9HqerIHV6SxfJQ7/n9U3NQNQxKZwt2fTfSSGzX784vv/qbi8XddUnx3Z+EqXaNacwLL2UqazNkjy/gLvj+GFGP4ywAgVs51Hx/Am7VsXH5bW9dQ+RekV3pr2gTeO9H/L2y9K7393bNepw/vabCzDeGNx1MsIdPaPsWr/+5+tBR95XQzdh6nhlvfT8V0nal2P0vvtwQZgdSxvbzfr82qN+//8W2iUm65/nv3DV2eWhpTt6mPt28utq1obxs2f32mPr/f+J9e6/LzfvmGXP+rlH3b/n83+7+L2L233um//sh7zqisr998/u/Juqdiws9/y8+VP7UBvG6z8a7H8tDQPhf7Kr/0iKz+/IdSn/2Tlb+6z/GXLv2v5vPtpg/6/sfz0tT38QL/lN2pcTLTXYzZbjnT/L79unFzPlj+17XmT8r/xXKflX2FHjTdi+TDOuvV/utFlxxHNg/Ze/f8Ouv+/1f5/m5XNNmv5cxifjfG0IU7POeT9nQxa//R8RdoPbM/mX/TYv+n/d2P7Ygx7/R5S/79pfazGXX4pXv8uU7zS4bu9Xbc1sFG9N1b3/4Y1XGmcBq1s+pnR19+wbEiHTcvTapMrmF/zHH3Ey1Wr1db2glYPIy2ckX//o777POrzlPtHXH4vef+/+TF83v9vnp73/5un5/3/5umz8T/0fpf0vP/ffH3O+//N03dk8837B57rkf7RDulFaKXv7Dx987T9nh7z39Uj/WM90vc00w+15Ujp9950+la+bvPf2iP9gR7pH++R/oke6Q/2SH+4lF7uAzqlfzKbvsjSb3dp+9Pt+wNuX/n7eX7/MD7S/Z9uv/9trfTpcpbh1hJYC6+8tu/Ik7/+ZrXx/v9083pIuo93OMYr8dzohzGe3/cOpfhS2psx/tcsfdTXm4CWvP2MfP//UI90YONKz3n5fcMYKmY6j45hr3aruh3ns7F8KoafjuFnYvhIDOdjuDeG+2K4MKT6sTaOvP7bgy8WrfP9LVl6v8+T5+8DtbUTFULY32d98usDgz7PnrfjN6hbLX+Fr4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMzET97+LiXBHCxTdePvrE8dN7l8Ycauao1v9OlWKV5nQhPBrDyRj+PH64/sHzJ8vhjRgWYSEUoWiOP1eqyx31+O5wKVTDzouXX3pr4fHj549d2PP2qwevrNkXAAAAAGPgfwEAAP//cS8HWw==") socket$nl_generic(0x10, 0x3, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000040)=0x3, 0x12) 2.877659866s ago: executing program 2 (id=2081): ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c000180140003000000000000000000000000000000000114000400000000000000000000000000000000010c00028005000100000000000c00068008000200ac14141808000740000000"], 0x12c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) 2.281576706s ago: executing program 0 (id=2082): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r0, 0x0, 0x4004810) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r1 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)=[{0x0}, {&(0x7f0000001640)=""/117, 0x75}], 0x0, 0x11a}, 0x20) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 2.269267437s ago: executing program 3 (id=2083): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet6(0xa, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000340), &(0x7f0000000400)=r1}, 0x20) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x16, &(0x7f0000000380)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}, @remote, @void, {@llc={0x4, {@snap={0x1, 0x1, "c8", "118190", 0x60}}}}}, 0x0) 2.051975778s ago: executing program 3 (id=2084): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x800, 0x0, 0x103, 0x1, 0x3}, 0x20) syz_open_dev$usbfs(&(0x7f0000000040), 0x9, 0x200800) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) dup3(r0, r1, 0x80000) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) 1.687795236s ago: executing program 4 (id=2085): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_mtu(r1, 0x29, 0x50, 0x0, &(0x7f0000000000)) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c) r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xca) bind$ax25(r4, &(0x7f0000000280)={{0x3, @default, 0x5}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @null]}, 0x48) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={0x0, 0xf32f, 0xfe000000}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x6, 0x810, 0x208, 0xe, 0x2, 0x3, 0x8, 0x9, r5}, 0x20) setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) syz_emit_ethernet(0x80, &(0x7f0000000580)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000286dd605f1060004a2f00fc00000000000000"], 0x0) socket$can_bcm(0x1d, 0x2, 0x2) unshare(0x22020400) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x40, 0x6, 0x8}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0xb, 0xfffffffd, 0x6, 0x1200, r6, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x50) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r7, &(0x7f0000000040)="09000000010001", 0x7) socket$inet6_sctp(0xa, 0x801, 0x84) 1.620790879s ago: executing program 0 (id=2086): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x12, 0x7, 0x4, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xfb1585202ff31891}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 1.59874535s ago: executing program 3 (id=2087): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000001c0)={0x28, 0x2, r0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000002c0)={0x28, 0x3, r0, 0x0, &(0x7f0000343000/0xf000)=nil, 0xf000, 0x8000000004000004}) syz_emit_ethernet(0x5e, &(0x7f00000000c0)={@link_local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0xd, 0x4, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @empty, @dev, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@empty}, {@broadcast}, {@dev}]}, @end]}}}}}}}, 0x0) truncate(&(0x7f0000000280)='./file1\x00', 0x1bf8) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r0, r0, 0x3, 0xfffffffffffffffa, 0x3fff}) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000340)={0x3, 0xb, 0x1, 'queue1\x00', 0x8001}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) get_robust_list(0x0, &(0x7f0000000540)=0x0, &(0x7f0000000200)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) lseek(r3, 0x851, 0x1) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc}) r4 = memfd_secret(0x80000) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r4, 0x8010661b, &(0x7f0000000300)) r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000000c0)={0x7, @win={{0x0, 0x2, 0x7dd3, 0xd}, 0x8, 0x6, 0x0, 0xd55d, 0x0, 0x1}}) 914.529824ms ago: executing program 0 (id=2088): socket$nl_audit(0x10, 0x3, 0x9) semtimedop(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080)={0x77359400}) r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) syz_usb_connect(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) inotify_init() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x14, 0x35, 0x301, 0x70bd26, 0x25dfdbfe, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x1882}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0xc000) futex(&(0x7f0000000000)=0x1, 0x8, 0x82, 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000480)='hpfs\x00', 0x10008, 0x0) sched_getparam(r1, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_clone(0x2008400, 0x0, 0x0, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r6 = syz_open_procfs(r5, 0x0) fchdir(r6) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) 797.82772ms ago: executing program 3 (id=2089): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x49c002, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) timer_create(0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x3}, [@tail_call={{}, {0x5}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000100)={[{@grpid}, {@auto_da_alloc}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x7, 0x4d4, &(0x7f0000000180)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpiuJN4NDEejTdNvOrRePIPwIMHE0NCDBfA05jZnWm3291ttz8p+/kk232e2WfmeZ6ZeWaffZ7OBNCzhrI/ScT/IuJORDxVjy5MMFR/e3j/+sSj+9cnYjZNz/yT1NI9yOK5Yr2deWS4FFH6MmnaYN301WsXxqvVqSt5fHTm4mej01evvX7+4vi5qXNTl8ZOnTpx/NjJN8fe6L5SLfLL6vVg/xeXD+x79+zt9yfKxfKB/L2xHm2VuyvGUIfPXuluU4+9XQ3hZPF+urGhhWHZBvLTupK1/+vVw2c3u0DAhknTNO1v//Fs2uzmoiXAlpXEZpcA2BzFF332+7d4bVDX47Fw73T9B1BW74f5q/5JOUp5mkrT79u1NBQRH8/++032ik7jEH+uUwEAgJ7zy+miJ9jc/yvF3oZ0/8/nUAYj4umI2B0Rz0TEnoh4NqKW9rmIeL45gyQi7ZD/nqb4fP4/5rMIpburrmQHWf/vrXxua2H/r+j9xWBfHtsVUXSYp47m+2Q4Kv2fnK9OHWuz/W1L5N/Y/8teWf5FXzAvx91y0wDd5PjM+Mpqu9i9mxH7y831T8rZgSumcZKI2BcR+7vY7mBD+Pxr3x2Yi1Ty96/rb0vXvyZtMaXX9XxcK+m3Ea/Wj/9sNB7/ZD7HpPP85OhAVKeOjmZnwdGWefz2+60P2uW/ZP1/+qt5lXdO/nxm1fUuZMd/R8P5H8X87fwk6mASkczN105HpH3d5XHrj/YrrPT835Z8VAsX7evz8ZmZK8citiXvLV4+Nr9uES/SZ/UfPtK6/e/O18n2xAsRkZ3EL0bESxFxMC/7oYg4HBFHOtT/17df/nTl9V9fWf0nW17/Fhz/+fn6ZQaKlbMlfRcO3XnU5uKxvON/ohYazpe0vv4lCy4Ryy3p6vYeAAAAbA2lqP3vf2lkLlwqjYzUx4D2xI5S9fL0zMGIuDRZv0dgMCqlYqSrPh5cSYrxz8GG+FhT/Hg+bvxV3/ZafGTicnVysysPPW5nrc0ni9p/5u8ux3mBLWgN5tGALWqp9r/39gYVBNhwvv+hdzW0/9k2SWb9pww8mXz/Q+9q1f5vxPcd711wzYCtL9WWoadp/9C7yvHhXLh223PLu22BJ5Hvf+hJ3d7Xv5xA8biGaxfS/tZpBqLFEwMG1rgYeWB7i7w2JZD1rNZwg5WIWF7i7SvJougCtn/CQ6m7DfbH4o/6otNaSRfPcSgC2V5ZMvG5vWt+8hfPRFnr0+aH+XZaaTgW5aWOzuoDG3oZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDf/BQAA//8mic8a") r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f00000000c0)={@host}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r4, &(0x7f0000000140)='3', 0x1, 0xc00) 0s ago: executing program 4 (id=2090): r0 = creat(&(0x7f0000000180)='./file0\x00', 0xa) close(r0) syz_open_dev$vim2m(&(0x7f00000001c0), 0xad5, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x3, 0x4, 0x8}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) kernel console output (not intermixed with test programs): d with a higher generation, found 8 expect 11 [ 165.855846][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 165.876689][ T23] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 165.890877][ T23] usb 3-1: config 0 has no interface number 0 [ 165.896378][ T6663] loop3: detected capacity change from 0 to 2048 [ 165.913678][ T23] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 165.937680][ T23] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 165.947394][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.963858][ T23] usb 3-1: Product: syz [ 165.979734][ T23] usb 3-1: Manufacturer: syz [ 165.992001][ T23] usb 3-1: SerialNumber: syz [ 165.998490][ T5770] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 11 [ 166.014633][ T23] usb 3-1: config 0 descriptor?? [ 166.021770][ T6663] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.040380][ T6654] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 166.243489][ T6667] overlayfs: failed to resolve './file0': -2 [ 166.288788][ T6654] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 166.375083][ T6670] loop3: detected capacity change from 0 to 1024 [ 166.465832][ T27] audit: type=1800 audit(1774228067.570:12): pid=6670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.242" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 167.037646][ T6677] ax25_connect(): syz.1.243 uses autobind, please contact jreuter@yaina.de [ 170.235554][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 170.281668][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 170.300329][ T23] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 170.301639][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 170.324246][ T23] asix 3-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 170.338062][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 170.344850][ T23] asix: probe of 3-1:0.188 failed with error -71 [ 170.355579][ T23] usb 3-1: USB disconnect, device number 2 [ 173.808753][ T6693] loop3: detected capacity change from 0 to 64 [ 174.642264][ T6701] loop3: detected capacity change from 0 to 1024 [ 175.167688][ T27] audit: type=1800 audit(1774228076.280:13): pid=6701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.253" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 176.174067][ T1079] hfsplus: b-tree write err: -5, ino 25 [ 176.193198][ T1079] hfsplus: b-tree write err: -5, ino 4 [ 176.200065][ T1079] hfsplus: b-tree write err: -5, ino 2 [ 176.212807][ T1079] hfsplus: b-tree write err: -5, ino 20 [ 176.378626][ T6713] ax25_connect(): syz.1.256 uses autobind, please contact jreuter@yaina.de [ 176.540212][ T6719] netlink: 48 bytes leftover after parsing attributes in process `syz.2.258'. [ 179.366158][ T6747] loop1: detected capacity change from 0 to 1024 [ 179.552685][ T27] audit: type=1800 audit(1774228080.650:14): pid=6747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.266" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 180.324032][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 180.360263][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 180.380766][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 180.391737][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 180.914789][ T6759] loop3: detected capacity change from 0 to 2048 [ 180.922005][ T6759] FAT-fs (loop3): Unrecognized mount option "" or missing value [ 181.020493][ T5783] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 181.842826][ T6772] overlayfs: failed to resolve './file0': -2 [ 183.133683][ T6787] hpfs: Bad magic ... probably not HPFS [ 185.087643][ T6806] overlayfs: failed to resolve './file0': -2 [ 186.921753][ T6822] loop3: detected capacity change from 0 to 4096 [ 187.023141][ T6822] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 187.040259][ T6822] ntfs3: loop3: Failed to load root (-22). [ 191.963306][ T6868] loop3: detected capacity change from 0 to 2048 [ 192.142817][ T6868] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 192.226402][ T6874] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 193.464044][ T6888] netlink: 36 bytes leftover after parsing attributes in process `syz.0.315'. [ 193.478682][ T6888] netlink: 64 bytes leftover after parsing attributes in process `syz.0.315'. [ 194.632739][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.644774][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.204491][ T6902] loop1: detected capacity change from 0 to 2048 [ 195.269916][ T6902] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 195.763934][ T6914] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 196.614926][ T6906] syz.0.323: attempt to access beyond end of device [ 196.614926][ T6906] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 199.388587][ T6939] loop1: detected capacity change from 0 to 512 [ 199.403229][ T6940] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'. [ 199.426502][ T6937] loop3: detected capacity change from 0 to 2048 [ 199.433720][ T6937] FAT-fs (loop3): Unrecognized mount option "" or missing value [ 199.487996][ T5770] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 199.539010][ T6939] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.623552][ T6939] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 199.769336][ T27] audit: type=1800 audit(1774228100.880:15): pid=6939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.336" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 200.673476][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.692056][ T6963] loop3: detected capacity change from 0 to 1024 [ 200.730398][ T6964] overlayfs: failed to resolve './file0': -2 [ 201.804440][ T5084] Bluetooth: hci3: command 0x0406 tx timeout [ 201.804477][ T5782] Bluetooth: hci2: command 0x0406 tx timeout [ 201.812682][ T5084] Bluetooth: hci0: command 0x0406 tx timeout [ 201.816833][ T5772] Bluetooth: hci1: command 0x0406 tx timeout [ 201.860423][ T27] audit: type=1800 audit(1774228102.970:16): pid=6973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.343" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 202.527977][ T11] hfsplus: b-tree write err: -5, ino 25 [ 202.533834][ T11] hfsplus: b-tree write err: -5, ino 4 [ 202.543220][ T11] hfsplus: b-tree write err: -5, ino 2 [ 202.550689][ T11] hfsplus: b-tree write err: -5, ino 20 [ 202.612559][ T6979] loop1: detected capacity change from 0 to 128 [ 202.727439][ T6979] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 202.781914][ T6979] hpfs: filesystem error: improperly stopped [ 202.793685][ T6979] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 202.829977][ T6979] hpfs: You really don't want any checks? You are crazy... [ 202.864665][ T6979] hpfs: Code page index out of array [ 202.905953][ T6979] hpfs: code page support is disabled [ 202.918403][ T6979] hpfs: hpfs_map_4sectors(): unaligned read [ 202.936865][ T6979] hpfs: hpfs_map_4sectors(): unaligned read [ 203.105526][ T6988] ax25_connect(): syz.2.350 uses autobind, please contact jreuter@yaina.de [ 203.675392][ T6979] hpfs: filesystem error: unable to find root dir [ 204.874185][ T6999] loop1: detected capacity change from 0 to 512 [ 204.991910][ T6999] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.009879][ T7001] loop3: detected capacity change from 0 to 1024 [ 205.086137][ T6999] ext4 filesystem being mounted at /87/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 205.210902][ T27] audit: type=1800 audit(1774228106.320:17): pid=7001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.355" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 205.335543][ T27] audit: type=1800 audit(1774228106.440:18): pid=7004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.354" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 205.864192][ T1096] hfsplus: b-tree write err: -5, ino 25 [ 205.896552][ T1096] hfsplus: b-tree write err: -5, ino 4 [ 205.906236][ T1096] hfsplus: b-tree write err: -5, ino 2 [ 205.911852][ T1096] hfsplus: b-tree write err: -5, ino 20 [ 205.987549][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.520117][ T7020] loop1: detected capacity change from 0 to 1024 [ 207.621061][ T7023] ax25_connect(): syz.3.361 uses autobind, please contact jreuter@yaina.de [ 208.449773][ T7020] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 208.577184][ T7020] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.804779][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.836135][ T7032] ax25_connect(): syz.3.363 uses autobind, please contact jreuter@yaina.de [ 210.416785][ T7036] loop3: detected capacity change from 0 to 1024 [ 211.344864][ T27] audit: type=1800 audit(1774228112.450:19): pid=7036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.365" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 211.943049][ T1144] hfsplus: b-tree write err: -5, ino 25 [ 211.980489][ T1144] hfsplus: b-tree write err: -5, ino 4 [ 212.000066][ T1144] hfsplus: b-tree write err: -5, ino 2 [ 212.016416][ T1144] hfsplus: b-tree write err: -5, ino 20 [ 212.893387][ T7053] syz.3.367: attempt to access beyond end of device [ 212.893387][ T7053] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 213.193158][ T7062] loop1: detected capacity change from 0 to 1024 [ 213.226365][ T7062] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 213.291688][ T7062] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 213.577339][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.229976][ T7072] loop3: detected capacity change from 0 to 1024 [ 214.421605][ T7077] ax25_connect(): syz.1.375 uses autobind, please contact jreuter@yaina.de [ 215.164092][ T27] audit: type=1800 audit(1774228116.270:20): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.376" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 215.860402][ T1096] hfsplus: b-tree write err: -5, ino 25 [ 215.877875][ T1096] hfsplus: b-tree write err: -5, ino 4 [ 215.891072][ T1096] hfsplus: b-tree write err: -5, ino 2 [ 215.896780][ T1096] hfsplus: b-tree write err: -5, ino 20 [ 216.980468][ T7094] loop1: detected capacity change from 0 to 512 [ 217.093668][ T7094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 217.165061][ T7094] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 217.296533][ T7100] loop3: detected capacity change from 0 to 1024 [ 217.359276][ T7100] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 217.439623][ T7100] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.688922][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.733658][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.122454][ T7116] ax25_connect(): syz.0.386 uses autobind, please contact jreuter@yaina.de [ 219.581665][ T7131] loop3: detected capacity change from 0 to 2048 [ 219.670462][ T7131] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 221.231511][ T7145] loop3: detected capacity change from 0 to 64 [ 222.308416][ T7153] ax25_connect(): syz.0.399 uses autobind, please contact jreuter@yaina.de [ 224.286679][ T7164] ax25_connect(): syz.2.401 uses autobind, please contact jreuter@yaina.de [ 226.654895][ T7177] loop1: detected capacity change from 0 to 1024 [ 226.782919][ T27] audit: type=1800 audit(1774228127.890:21): pid=7176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.404" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 226.803332][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.829906][ T7180] loop3: detected capacity change from 0 to 512 [ 227.384021][ T7180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.446457][ T7180] ext4 filesystem being mounted at /90/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 227.481959][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 227.488611][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 227.494215][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 227.522600][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 227.553284][ T27] audit: type=1800 audit(1774228128.660:22): pid=7180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.407" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 227.818511][ T7189] ax25_connect(): syz.0.408 uses autobind, please contact jreuter@yaina.de [ 228.184946][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.174362][ T7196] loop3: detected capacity change from 0 to 1024 [ 229.362382][ T27] audit: type=1800 audit(1774228130.470:23): pid=7196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.411" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 230.086367][ T1096] hfsplus: b-tree write err: -5, ino 25 [ 230.117929][ T1096] hfsplus: b-tree write err: -5, ino 4 [ 230.158971][ T1096] hfsplus: b-tree write err: -5, ino 2 [ 230.184502][ T1096] hfsplus: b-tree write err: -5, ino 20 [ 233.000444][ T7214] loop1: detected capacity change from 0 to 1024 [ 233.045943][ T7214] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 233.087587][ T7216] loop3: detected capacity change from 0 to 64 [ 233.157341][ T7214] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 233.952062][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.163253][ T7228] ax25_connect(): syz.2.420 uses autobind, please contact jreuter@yaina.de [ 235.108747][ T7232] loop1: detected capacity change from 0 to 512 [ 235.306536][ T7235] netlink: 32 bytes leftover after parsing attributes in process `syz.3.422'. [ 235.352224][ T7232] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.549181][ T7232] ext4 filesystem being mounted at /106/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 236.032392][ T27] audit: type=1800 audit(1774228137.140:24): pid=7232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.419" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 236.237117][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.879831][ T7247] loop3: detected capacity change from 0 to 1024 [ 236.888933][ T7247] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 236.930388][ T7249] overlayfs: missing 'lowerdir' [ 236.969326][ T7247] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.267743][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.958589][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.0.432'. [ 239.093313][ T7276] loop3: detected capacity change from 0 to 1024 [ 239.266884][ T27] audit: type=1800 audit(1774228140.370:25): pid=7276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.434" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 240.065903][ T6680] hfsplus: b-tree write err: -5, ino 25 [ 240.166731][ T6680] hfsplus: b-tree write err: -5, ino 4 [ 240.230989][ T6680] hfsplus: b-tree write err: -5, ino 2 [ 240.279665][ T6680] hfsplus: b-tree write err: -5, ino 20 [ 240.611589][ T7286] overlayfs: missing 'lowerdir' [ 241.708291][ T7309] netlink: 32 bytes leftover after parsing attributes in process `syz.0.444'. [ 241.842449][ T7310] loop3: detected capacity change from 0 to 1024 [ 241.940940][ T27] audit: type=1800 audit(1774228143.050:26): pid=7310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.445" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 242.571422][ T1100] hfsplus: b-tree write err: -5, ino 25 [ 242.578612][ T1100] hfsplus: b-tree write err: -5, ino 4 [ 242.584289][ T1100] hfsplus: b-tree write err: -5, ino 2 [ 242.596173][ T1100] hfsplus: b-tree write err: -5, ino 20 [ 244.461001][ T7330] loop1: detected capacity change from 0 to 512 [ 244.534471][ T7330] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 244.567384][ T7332] ax25_connect(): syz.0.450 uses autobind, please contact jreuter@yaina.de [ 244.582707][ T7330] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 245.246183][ T27] audit: type=1800 audit(1774228146.350:27): pid=7330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.438" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 245.266517][ C1] vkms_vblank_simulate: vblank timer overrun [ 245.318367][ T7336] loop3: detected capacity change from 0 to 1024 [ 245.450614][ T27] audit: type=1800 audit(1774228146.560:28): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.453" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 245.557039][ T6680] hfsplus: b-tree write err: -5, ino 25 [ 245.562864][ T6680] hfsplus: b-tree write err: -5, ino 4 [ 245.586348][ T6680] hfsplus: b-tree write err: -5, ino 2 [ 245.592015][ T6680] hfsplus: b-tree write err: -5, ino 20 [ 245.610460][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.593314][ T7351] loop3: detected capacity change from 0 to 1024 [ 246.665937][ T7351] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 246.816835][ T7351] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.917463][ T7359] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 248.372176][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.643003][ T7371] ax25_connect(): syz.1.463 uses autobind, please contact jreuter@yaina.de [ 249.641366][ T7377] loop1: detected capacity change from 0 to 1024 [ 249.750115][ T27] audit: type=1800 audit(1774228150.860:29): pid=7377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.465" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 250.771173][ T49] hfsplus: b-tree write err: -5, ino 25 [ 250.795309][ T49] hfsplus: b-tree write err: -5, ino 4 [ 250.826093][ T49] hfsplus: b-tree write err: -5, ino 2 [ 250.832500][ T49] hfsplus: b-tree write err: -5, ino 20 [ 250.968317][ T7389] loop3: detected capacity change from 0 to 2048 [ 250.975373][ T7389] FAT-fs (loop3): Unrecognized mount option "" or missing value [ 251.083829][ T7178] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 253.081748][ T7411] ax25_connect(): syz.3.476 uses autobind, please contact jreuter@yaina.de [ 255.837402][ T7437] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 256.507327][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.513698][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.610379][ T7454] ax25_connect(): syz.2.487 uses autobind, please contact jreuter@yaina.de [ 267.515659][ T7489] ax25_connect(): syz.1.503 uses autobind, please contact jreuter@yaina.de [ 267.961081][ T7497] loop1: detected capacity change from 0 to 1024 [ 268.057828][ T27] audit: type=1800 audit(1774228169.160:30): pid=7497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.506" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 268.198048][ T1092] hfsplus: b-tree write err: -5, ino 25 [ 268.205175][ T1092] hfsplus: b-tree write err: -5, ino 4 [ 268.266747][ T1092] hfsplus: b-tree write err: -5, ino 2 [ 268.275377][ T1092] hfsplus: b-tree write err: -5, ino 20 [ 274.808845][ T7566] loop3: detected capacity change from 0 to 2048 [ 274.864906][ T7566] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 275.780761][ T7578] loop3: detected capacity change from 0 to 1024 [ 275.880409][ T27] audit: type=1800 audit(1774228176.990:31): pid=7578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.534" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 276.540307][ T11] hfsplus: b-tree write err: -5, ino 25 [ 276.547346][ T11] hfsplus: b-tree write err: -5, ino 4 [ 276.557343][ T11] hfsplus: b-tree write err: -5, ino 2 [ 276.566080][ T11] hfsplus: b-tree write err: -5, ino 20 [ 277.835552][ T7602] loop3: detected capacity change from 0 to 2048 [ 277.872209][ T7602] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 278.036015][ T7609] loop1: detected capacity change from 0 to 64 [ 279.613486][ T7614] loop3: detected capacity change from 0 to 2048 [ 279.644995][ T7614] FAT-fs (loop3): Unrecognized mount option "" or missing value [ 285.162289][ T7642] loop1: detected capacity change from 0 to 2048 [ 285.404557][ T7642] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 287.412607][ T7666] loop1: detected capacity change from 0 to 64 [ 296.274063][ T7721] loop1: detected capacity change from 0 to 2048 [ 296.289185][ T7721] FAT-fs (loop1): Unrecognized mount option "" or missing value [ 297.525860][ T7730] netlink: 48 bytes leftover after parsing attributes in process `syz.0.582'. [ 298.813955][ T7741] loop1: detected capacity change from 0 to 64 [ 302.499135][ T7765] netlink: 48 bytes leftover after parsing attributes in process `syz.3.592'. [ 309.387339][ T7815] loop1: detected capacity change from 0 to 1024 [ 309.440867][ T27] audit: type=1800 audit(1774228210.550:32): pid=7815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.606" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 310.146140][ T33] hfsplus: b-tree write err: -5, ino 25 [ 310.159077][ T33] hfsplus: b-tree write err: -5, ino 4 [ 310.175259][ T33] hfsplus: b-tree write err: -5, ino 2 [ 310.203514][ T33] hfsplus: b-tree write err: -5, ino 20 [ 310.622158][ T7821] netlink: 48 bytes leftover after parsing attributes in process `syz.2.603'. [ 311.246623][ T7829] loop1: detected capacity change from 0 to 8 [ 311.357665][ T7829] squashfs: Unknown parameter '' [ 313.155129][ T7461] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 316.805990][ T5771] kernel write not supported for file [eventfd] (pid: 5771 comm: kworker/1:3) [ 316.972296][ T7855] loop1: detected capacity change from 0 to 1024 [ 317.447741][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.454408][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.065816][ T27] audit: type=1800 audit(1774228219.160:33): pid=7855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.619" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 321.998667][ T5812] kernel write not supported for file [eventfd] (pid: 5812 comm: kworker/1:5) [ 322.200235][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 322.231918][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 322.260521][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 322.301580][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 322.744020][ T7889] vlan2: entered promiscuous mode [ 322.816267][ T7889] vlan2: entered allmulticast mode [ 322.821548][ T7889] hsr_slave_1: entered allmulticast mode [ 324.445012][ T7889] netlink: 4 bytes leftover after parsing attributes in process `syz.3.630'. [ 325.942303][ T7918] loop3: detected capacity change from 0 to 512 [ 326.098398][ T7918] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 326.301106][ T7918] ext4 filesystem being mounted at /149/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 326.787599][ T27] audit: type=1800 audit(1774228227.880:34): pid=7923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.638" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 326.974414][ T5834] kernel write not supported for file [eventfd] (pid: 5834 comm: kworker/0:5) [ 327.292804][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.361474][ T7932] loop1: detected capacity change from 0 to 64 [ 330.673003][ T7956] hpfs: Bad magic ... probably not HPFS [ 331.701986][ T7954] overlayfs: missing 'lowerdir' [ 331.859912][ T7959] loop3: detected capacity change from 0 to 2048 [ 331.867123][ T7959] FAT-fs (loop3): Unrecognized mount option "" or missing value [ 332.307740][ T7461] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 333.808276][ T7964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.649'. [ 333.817233][ T7964] netlink: 44 bytes leftover after parsing attributes in process `syz.1.649'. [ 333.951130][ T7970] loop3: detected capacity change from 0 to 512 [ 334.017459][ T7970] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 335.464167][ T7970] ext4 filesystem being mounted at /152/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 335.579066][ T27] audit: type=1800 audit(1774228236.690:35): pid=7970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.650" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 337.494992][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.950779][ T7992] loop3: detected capacity change from 0 to 1024 [ 338.221556][ T27] audit: type=1800 audit(1774228239.330:36): pid=7997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.657" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 338.286690][ T7998] hpfs: Bad magic ... probably not HPFS [ 339.822224][ T1079] hfsplus: b-tree write err: -5, ino 25 [ 339.830996][ T1079] hfsplus: b-tree write err: -5, ino 4 [ 339.851155][ T1079] hfsplus: b-tree write err: -5, ino 2 [ 339.866028][ T1079] hfsplus: b-tree write err: -5, ino 20 [ 340.078616][ T7491] Bluetooth: hci4: Frame reassembly failed (-84) [ 340.092207][ T8004] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 340.104732][ T8004] loop3: detected capacity change from 0 to 64 [ 340.114254][ T8004] hfs: unable to parse mount options [ 340.332447][ T7461] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 342.534385][ T5775] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 342.540169][ T5776] Bluetooth: hci4: command 0x1003 tx timeout [ 343.079879][ T8030] loop1: detected capacity change from 0 to 512 [ 345.022796][ T8030] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 345.078738][ T8030] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.668: iget: bad i_size value: 38620345925642 [ 345.100402][ T8030] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.668: couldn't read orphan inode 15 (err -117) [ 345.118167][ T8030] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 345.379211][ T1079] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm kworker/u4:6: bg 0: block 5: invalid block bitmap [ 345.419577][ T1079] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 345.486299][ T1079] EXT4-fs (loop1): This should not happen!! Data will be lost [ 345.486299][ T1079] [ 345.532150][ T1079] EXT4-fs (loop1): Total free blocks count 0 [ 345.539183][ T1079] EXT4-fs (loop1): Free/Dirty block details [ 345.564175][ T1079] EXT4-fs (loop1): free_blocks=0 [ 345.569550][ T1079] EXT4-fs (loop1): dirty_blocks=3304 [ 345.574949][ T1079] EXT4-fs (loop1): Block reservation details [ 345.595821][ T1079] EXT4-fs (loop1): i_reserved_data_blocks=3304 [ 345.655542][ T8037] loop3: detected capacity change from 0 to 128 [ 345.720052][ T1100] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 1252 with error 28 [ 347.110996][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.212402][ T8037] FAT-fs (loop3): Filesystem has been set read-only [ 347.219902][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.230138][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.247084][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.289270][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.299608][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.350084][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.386603][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.397620][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.411095][ T8037] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 347.631989][ T27] audit: type=1800 audit(1774228248.570:37): pid=8037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.671" name="file2" dev="loop3" ino=1048595 res=0 errno=0 [ 348.517364][ T8052] capability: warning: `syz.3.674' uses 32-bit capabilities (legacy support in use) [ 348.580566][ T8053] hpfs: Bad magic ... probably not HPFS [ 350.140838][ T8052] program syz.3.674 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 352.262852][ T8067] loop3: detected capacity change from 0 to 64 [ 352.606421][ T5810] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 352.796031][ T5810] usb 3-1: Using ep0 maxpacket: 8 [ 352.825947][ T5810] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 352.856633][ T5810] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 352.898461][ T5810] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 352.917569][ T5810] usb 3-1: Product: syz [ 353.314656][ T8091] loop3: detected capacity change from 0 to 40427 [ 353.323687][ T8091] F2FS-fs (loop3): LFS is not compatible with checkpoint=disable [ 353.356043][ T5810] usb 3-1: Manufacturer: syz [ 353.360733][ T5810] usb 3-1: SerialNumber: syz [ 353.378354][ T8078] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 353.844185][ T8094] loop1: detected capacity change from 0 to 4096 [ 354.058312][ T5810] usb 3-1: Invalid connection information received from device [ 354.246015][ T8097] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 356.070844][ T5810] usb 3-1: USB disconnect, device number 3 [ 356.143859][ T8102] netlink: 36 bytes leftover after parsing attributes in process `syz.3.687'. [ 356.160061][ T8102] netlink: 64 bytes leftover after parsing attributes in process `syz.3.687'. [ 357.840259][ T8106] vlan2: entered promiscuous mode [ 357.895923][ T8106] vlan2: entered allmulticast mode [ 357.901122][ T8106] hsr_slave_1: entered allmulticast mode [ 357.963449][ T8115] loop3: detected capacity change from 0 to 64 [ 358.117215][ T8112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.688'. [ 358.377711][ T8124] hpfs: Bad magic ... probably not HPFS [ 361.473516][ T8145] loop1: detected capacity change from 0 to 128 [ 362.212299][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.225752][ T8145] FAT-fs (loop1): Filesystem has been set read-only [ 362.233636][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.257836][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.315936][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.372419][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.384848][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.400019][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.505970][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.518593][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 362.529123][ T8145] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 363.043490][ T27] audit: type=1800 audit(1774228263.650:38): pid=8145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.700" name="file2" dev="loop1" ino=1048596 res=0 errno=0 [ 364.374277][ T8177] hpfs: Bad magic ... probably not HPFS [ 365.735876][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 366.175902][ T5775] Bluetooth: hci3: command 0x0406 tx timeout [ 366.315729][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 366.328881][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 366.343854][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 366.364645][ T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 366.374504][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.390261][ T8] usb 4-1: Product: syz [ 366.399028][ T8] usb 4-1: Manufacturer: syz [ 366.409557][ T8] usb 4-1: SerialNumber: syz [ 367.282629][ T8196] program syz.2.715 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 367.311681][ T8] usb 4-1: 0:2 : does not exist [ 367.429658][ T8] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 367.953629][ T8] usb 4-1: USB disconnect, device number 2 [ 368.235031][ T8205] netlink: 36 bytes leftover after parsing attributes in process `syz.0.718'. [ 368.253857][ T8205] netlink: 64 bytes leftover after parsing attributes in process `syz.0.718'. [ 368.843295][ T8078] udevd[8078]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 369.736804][ T8220] loop3: detected capacity change from 0 to 512 [ 369.993593][ T8220] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 370.081469][ T8220] ext4 filesystem being mounted at /174/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 370.191420][ T27] audit: type=1800 audit(1774228271.300:39): pid=8220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.723" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 370.419315][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 370.544458][ T8237] hpfs: Bad magic ... probably not HPFS [ 371.066046][ T5775] Bluetooth: hci3: command 0x0406 tx timeout [ 371.234339][ T8241] netlink: 36 bytes leftover after parsing attributes in process `syz.3.729'. [ 371.281367][ T8241] netlink: 64 bytes leftover after parsing attributes in process `syz.3.729'. [ 374.216891][ T8247] program syz.1.727 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 374.802495][ T5834] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 375.222901][ T5834] usb 1-1: Using ep0 maxpacket: 16 [ 375.243098][ T5834] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 375.272924][ T5834] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 375.308993][ T5834] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 375.325218][ T8263] loop1: detected capacity change from 0 to 1024 [ 375.331963][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.341115][ T5834] usb 1-1: Product: syz [ 375.348485][ T5834] usb 1-1: Manufacturer: syz [ 375.367059][ T5834] usb 1-1: SerialNumber: syz [ 375.404925][ T27] audit: type=1800 audit(1774228276.510:40): pid=8263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.733" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 376.817568][ T5834] usb 1-1: 0:2 : does not exist [ 377.033413][ T5834] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 377.070290][ T1144] hfsplus: b-tree write err: -5, ino 25 [ 377.089097][ T1144] hfsplus: b-tree write err: -5, ino 4 [ 377.092756][ T5834] usb 1-1: USB disconnect, device number 3 [ 377.106083][ T1144] hfsplus: b-tree write err: -5, ino 2 [ 377.135375][ T1144] hfsplus: b-tree write err: -5, ino 20 [ 377.150426][ T8078] udevd[8078]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 377.920561][ T8285] netlink: 36 bytes leftover after parsing attributes in process `syz.1.740'. [ 377.940038][ T8285] netlink: 64 bytes leftover after parsing attributes in process `syz.1.740'. [ 378.228170][ T8289] hpfs: Bad magic ... probably not HPFS [ 379.174844][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.181847][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.641255][ T8297] loop1: detected capacity change from 0 to 64 [ 382.474983][ T8330] loop1: detected capacity change from 0 to 64 [ 383.100313][ T8334] loop3: detected capacity change from 0 to 4096 [ 384.498052][ T8335] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 385.717375][ T8347] hpfs: Bad magic ... probably not HPFS [ 390.345115][ T8393] hpfs: Bad magic ... probably not HPFS [ 395.832414][ T8438] hpfs: Bad magic ... probably not HPFS [ 399.314774][ T8466] loop1: detected capacity change from 0 to 1024 [ 399.961653][ T27] audit: type=1800 audit(1774228301.070:41): pid=8473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.800" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 401.230010][ T1100] hfsplus: b-tree write err: -5, ino 25 [ 401.246275][ T1100] hfsplus: b-tree write err: -5, ino 4 [ 401.251909][ T1100] hfsplus: b-tree write err: -5, ino 2 [ 401.259073][ T1100] hfsplus: b-tree write err: -5, ino 20 [ 401.748966][ T8495] hpfs: Bad magic ... probably not HPFS [ 403.418765][ T8505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.808'. [ 406.146030][ T8534] syz.3.824 uses obsolete (PF_INET,SOCK_PACKET) [ 407.928984][ T8552] loop3: detected capacity change from 0 to 1024 [ 408.506009][ T27] audit: type=1800 audit(1774228309.610:42): pid=8557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.830" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 409.177198][ T49] hfsplus: b-tree write err: -5, ino 25 [ 409.183041][ T49] hfsplus: b-tree write err: -5, ino 4 [ 409.202921][ T49] hfsplus: b-tree write err: -5, ino 2 [ 409.211280][ T49] hfsplus: b-tree write err: -5, ino 20 [ 410.345725][ T5771] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 410.419097][ T8572] loop3: detected capacity change from 0 to 4096 [ 410.488131][ T8572] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 410.558306][ T5771] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 410.582121][ T5771] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 410.608450][ T5771] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 410.679373][ T8578] netlink: 36 bytes leftover after parsing attributes in process `syz.1.840'. [ 410.682970][ T5771] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.703430][ T8578] netlink: 64 bytes leftover after parsing attributes in process `syz.1.840'. [ 410.741536][ T5771] usb 3-1: config 0 descriptor?? [ 410.752660][ T8572] overlayfs: upper fs does not support tmpfile. [ 410.804305][ T5771] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 410.816346][ T5771] dvb-usb: bulk message failed: -22 (3/0) [ 410.912159][ T5771] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 410.918849][ T8572] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 410.923382][ T5771] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 410.937154][ T5771] usb 3-1: media controller created [ 410.996785][ T5771] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 411.088005][ T5771] dvb-usb: bulk message failed: -22 (6/0) [ 411.094777][ T5771] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 411.123775][ T5771] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 411.377940][ T5771] dvb-usb: schedule remote query interval to 150 msecs. [ 411.385271][ T5771] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 411.458903][ T8569] dvb-usb: bulk message failed: -22 (2/0) [ 411.539562][ T8572] overlayfs: conflicting lowerdir path [ 411.557073][ T5771] dvb-usb: bulk message failed: -22 (1/0) [ 411.564110][ T5771] dvb-usb: error while querying for an remote control event. [ 411.726138][ T5771] dvb-usb: bulk message failed: -22 (1/0) [ 411.732344][ T5771] dvb-usb: error while querying for an remote control event. [ 411.896943][ T5771] dvb-usb: bulk message failed: -22 (1/0) [ 411.902984][ T5771] dvb-usb: error while querying for an remote control event. [ 411.942911][ T965] usb 3-1: USB disconnect, device number 4 [ 412.098699][ T965] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 412.187082][ T8585] loop1: detected capacity change from 0 to 1024 [ 413.489476][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 413.495332][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 413.516516][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 413.522148][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 414.389625][ T8606] loop1: detected capacity change from 0 to 1024 [ 414.509561][ T27] audit: type=1800 audit(1774228315.600:43): pid=8606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.851" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 415.108969][ T11] hfsplus: b-tree write err: -5, ino 25 [ 415.114798][ T11] hfsplus: b-tree write err: -5, ino 4 [ 415.281237][ T11] hfsplus: b-tree write err: -5, ino 2 [ 415.361716][ T11] hfsplus: b-tree write err: -5, ino 20 [ 415.442492][ T8613] netlink: 36 bytes leftover after parsing attributes in process `syz.2.852'. [ 415.463691][ T8613] netlink: 64 bytes leftover after parsing attributes in process `syz.2.852'. [ 415.704734][ T8616] loop3: detected capacity change from 0 to 1024 [ 415.737075][ T8616] EXT4-fs: Ignoring removed oldalloc option [ 415.743074][ T8616] EXT4-fs: Ignoring removed bh option [ 415.800873][ T8616] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 415.850191][ T8616] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 415.994744][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.205068][ T8627] loop3: detected capacity change from 0 to 1024 [ 416.442789][ T8631] hpfs: Bad magic ... probably not HPFS [ 417.735473][ T12] hfsplus: b-tree write err: -5, ino 25 [ 417.745933][ T12] hfsplus: b-tree write err: -5, ino 4 [ 417.753724][ T12] hfsplus: b-tree write err: -5, ino 2 [ 417.765823][ T12] hfsplus: b-tree write err: -5, ino 20 [ 418.802014][ T8645] netlink: 36 bytes leftover after parsing attributes in process `syz.3.863'. [ 418.814623][ T8645] netlink: 64 bytes leftover after parsing attributes in process `syz.3.863'. [ 419.339747][ T8647] Illegal XDP return value 2672319439 on prog (id 10) dev syz_tun, expect packet loss! [ 419.721854][ T8652] loop1: detected capacity change from 0 to 1024 [ 420.870289][ T1100] hfsplus: b-tree write err: -5, ino 25 [ 420.877383][ T1100] hfsplus: b-tree write err: -5, ino 4 [ 420.889761][ T1100] hfsplus: b-tree write err: -5, ino 2 [ 420.895379][ T1100] hfsplus: b-tree write err: -5, ino 20 [ 421.602562][ T8676] hpfs: Bad magic ... probably not HPFS [ 423.854107][ T8680] netlink: 36 bytes leftover after parsing attributes in process `syz.1.875'. [ 423.864208][ T8680] netlink: 64 bytes leftover after parsing attributes in process `syz.1.875'. [ 424.435906][ T8690] loop3: detected capacity change from 0 to 1024 [ 425.727237][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 425.733124][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 425.775801][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 425.782037][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 425.883999][ T8698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.884'. [ 426.116282][ T8687] loop1: detected capacity change from 0 to 32768 [ 426.156419][ T8687] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.879 (8687) [ 426.403461][ T8687] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 426.428037][ T8687] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 426.465995][ T8687] BTRFS info (device loop1): turning on sync discard [ 426.492066][ T8687] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 426.559985][ T8708] hpfs: Bad magic ... probably not HPFS [ 426.823868][ T8687] BTRFS info (device loop1): use zstd compression, level 3 [ 426.992583][ T8687] BTRFS info (device loop1): turning on async discard [ 427.113075][ T8687] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 427.170594][ T8687] BTRFS info (device loop1): trying to use backup root at mount time [ 427.270850][ T8687] BTRFS info (device loop1): enabling ssd optimizations [ 427.285833][ T8687] BTRFS info (device loop1): using spread ssd allocation scheme [ 427.297512][ T8687] BTRFS info (device loop1): force zlib compression, level 3 [ 427.305140][ T8687] BTRFS info (device loop1): using free space tree [ 427.315466][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 427.333771][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 427.348770][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 427.374024][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 427.384551][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 427.394877][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 427.405171][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 427.425799][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 427.437298][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 427.448788][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 427.483403][ T8687] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 427.714250][ T8687] BTRFS error (device loop1): open_ctree failed: -12 [ 432.606923][ T8763] netlink: 32 bytes leftover after parsing attributes in process `syz.0.897'. [ 433.485054][ T8769] netlink: 36 bytes leftover after parsing attributes in process `syz.3.899'. [ 433.494979][ T8769] netlink: 64 bytes leftover after parsing attributes in process `syz.3.899'. [ 434.280279][ T8778] loop1: detected capacity change from 0 to 32768 [ 434.367930][ T8778] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.903 (8778) [ 434.405493][ T8778] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 434.416056][ T8778] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 434.424684][ T8778] BTRFS info (device loop1): using free space tree [ 435.220676][ T8780] loop3: detected capacity change from 0 to 131072 [ 435.505579][ T8780] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 435.513794][ T8780] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 435.525388][ T8780] F2FS-fs (loop3): invalid crc value [ 435.555147][ T8780] F2FS-fs (loop3): Found nat_bits in checkpoint [ 435.585287][ T8778] BTRFS info (device loop1): enabling ssd optimizations [ 435.592465][ T8778] BTRFS info (device loop1): auto enabling async discard [ 435.663933][ T8780] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 435.671236][ T8780] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 436.795766][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 437.116814][ T8] usb 1-1: config 0 has an invalid descriptor of length 105, skipping remainder of the config [ 437.156221][ T8] usb 1-1: config 0 has no interfaces? [ 437.176059][ T8] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 437.186020][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.242170][ T8] usb 1-1: config 0 descriptor?? [ 437.854328][ T5768] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 438.126236][ T8] usb 1-1: string descriptor 0 read error: -71 [ 438.145750][ T8] usb 1-1: USB disconnect, device number 4 [ 438.277474][ T8820] loop1: detected capacity change from 0 to 1024 [ 438.297273][ T8820] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 438.377124][ T8820] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 438.691067][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 439.000598][ T8829] netlink: 36 bytes leftover after parsing attributes in process `syz.1.910'. [ 439.013749][ T8829] netlink: 64 bytes leftover after parsing attributes in process `syz.1.910'. [ 440.296035][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.302662][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.655213][ T8855] hpfs: Bad magic ... probably not HPFS [ 442.882284][ T8859] netlink: 36 bytes leftover after parsing attributes in process `syz.3.920'. [ 442.891400][ T8859] netlink: 64 bytes leftover after parsing attributes in process `syz.3.920'. [ 444.333338][ T8868] loop3: detected capacity change from 0 to 1024 [ 444.414439][ T8872] netlink: 12 bytes leftover after parsing attributes in process `syz.2.925'. [ 446.651781][ T8885] netlink: 36 bytes leftover after parsing attributes in process `syz.2.930'. [ 446.660815][ T8885] netlink: 64 bytes leftover after parsing attributes in process `syz.2.930'. [ 447.311465][ T8889] netlink: 212 bytes leftover after parsing attributes in process `syz.1.931'. [ 447.580922][ T8899] loop1: detected capacity change from 0 to 2048 [ 447.597529][ T8899] FAT-fs (loop1): bogus sectors per cluster 248 [ 447.603829][ T8899] FAT-fs (loop1): Can't find a valid FAT filesystem [ 447.734645][ T8078] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 448.147815][ T1144] hfsplus: b-tree write err: -5, ino 25 [ 448.280239][ T1144] hfsplus: b-tree write err: -5, ino 4 [ 448.354390][ T1144] hfsplus: b-tree write err: -5, ino 2 [ 448.407442][ T1144] hfsplus: b-tree write err: -5, ino 20 [ 448.821186][ T8907] loop3: detected capacity change from 0 to 128 [ 450.116586][ T27] audit: type=1800 audit(1774228351.160:44): pid=8907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.936" name="bus" dev="loop3" ino=1048597 res=0 errno=0 [ 451.149977][ T8922] hpfs: Bad magic ... probably not HPFS [ 451.937489][ T8924] netlink: 36 bytes leftover after parsing attributes in process `syz.1.941'. [ 451.946676][ T8924] netlink: 64 bytes leftover after parsing attributes in process `syz.1.941'. [ 453.011775][ T8932] loop1: detected capacity change from 0 to 2048 [ 453.021451][ T8932] FAT-fs (loop1): bogus sectors per cluster 248 [ 453.028000][ T8932] FAT-fs (loop1): Can't find a valid FAT filesystem [ 453.088636][ T8078] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 456.565749][ T5834] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 456.717200][ T8945] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.724764][ T8945] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.757821][ T5834] usb 4-1: config 1 has an invalid descriptor of length 47, skipping remainder of the config [ 456.768628][ T5834] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 456.789677][ T5834] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 456.836893][ T5834] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 456.849201][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 456.881334][ T5834] usb 4-1: SerialNumber: syz [ 456.918958][ T5834] cdc_acm 4-1:1.0: skipping garbage [ 456.930174][ T5834] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 456.961244][ T5834] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 456.984116][ T5834] cdc_acm: probe of 4-1:1.0 failed with error -22 [ 457.159025][ T965] usb 4-1: USB disconnect, device number 3 [ 457.295760][ T8960] netlink: 36 bytes leftover after parsing attributes in process `syz.2.952'. [ 457.304796][ T8960] netlink: 64 bytes leftover after parsing attributes in process `syz.2.952'. [ 457.586702][ T8966] overlayfs: missing 'workdir' [ 457.730955][ T8945] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 457.850557][ T8945] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.703961][ T8983] overlayfs: empty lowerdir [ 460.326793][ T8945] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.336360][ T8945] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.345265][ T8945] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.358935][ T8945] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.681870][ T8990] netlink: 36 bytes leftover after parsing attributes in process `syz.2.961'. [ 460.691027][ T8990] netlink: 64 bytes leftover after parsing attributes in process `syz.2.961'. [ 461.070768][ T8997] loop1: detected capacity change from 0 to 1024 [ 462.332198][ T9012] loop3: detected capacity change from 0 to 2048 [ 462.340737][ T9012] FAT-fs (loop3): bogus sectors per cluster 248 [ 462.347218][ T9012] FAT-fs (loop3): Can't find a valid FAT filesystem [ 462.390274][ T8078] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 462.815908][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 462.827433][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 462.833077][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 462.861701][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 462.933072][ T9020] netlink: 36 bytes leftover after parsing attributes in process `syz.0.972'. [ 462.942343][ T9020] netlink: 64 bytes leftover after parsing attributes in process `syz.0.972'. [ 463.185575][ T9026] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 463.231756][ T9026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.971'. [ 465.003583][ T9035] loop1: detected capacity change from 0 to 32768 [ 465.068525][ T9038] loop3: detected capacity change from 0 to 2048 [ 465.077187][ T9038] FAT-fs (loop3): bogus sectors per cluster 248 [ 465.083456][ T9038] FAT-fs (loop3): Can't find a valid FAT filesystem [ 465.133161][ T9035] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 465.151065][ T9035] JBD2: Ignoring recovery information on journal [ 465.191408][ T9035] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 465.923382][ T9035] syz.1.976 (9035) used greatest stack depth: 19280 bytes left [ 466.056671][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 466.073145][ T9049] loop3: detected capacity change from 0 to 1024 [ 468.266912][ T9060] netlink: 36 bytes leftover after parsing attributes in process `syz.1.982'. [ 468.328702][ T9060] netlink: 64 bytes leftover after parsing attributes in process `syz.1.982'. [ 469.131177][ T9070] loop1: detected capacity change from 0 to 2048 [ 469.148686][ T9070] FAT-fs (loop1): bogus sectors per cluster 248 [ 469.155025][ T9070] FAT-fs (loop1): Can't find a valid FAT filesystem [ 469.261599][ T9072] input: syz1 as /devices/virtual/input/input6 [ 469.290735][ T9072] input: failed to attach handler leds to device input6, error: -6 [ 469.679254][ T9074] loop1: detected capacity change from 0 to 40427 [ 469.721290][ T9074] F2FS-fs (loop1): invalid crc value [ 469.740813][ T9074] F2FS-fs (loop1): Found nat_bits in checkpoint [ 469.837314][ T9074] F2FS-fs (loop1): Start checkpoint disabled! [ 469.866494][ T9074] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 471.078122][ T9083] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 471.158190][ T9083] CIFS mount error: No usable UNC path provided in device string! [ 471.158190][ T9083] [ 471.189484][ T9083] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 471.299088][ T11] kworker/u4:0: attempt to access beyond end of device [ 471.299088][ T11] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 471.319787][ T11] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 471.327794][ T11] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 471.334983][ T11] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 471.719392][ T1100] hfsplus: b-tree write err: -5, ino 25 [ 471.739183][ T9093] netlink: 36 bytes leftover after parsing attributes in process `syz.0.996'. [ 471.778061][ T1100] hfsplus: b-tree write err: -5, ino 4 [ 471.783778][ T1100] hfsplus: b-tree write err: -5, ino 2 [ 471.783994][ T9093] netlink: 64 bytes leftover after parsing attributes in process `syz.0.996'. [ 471.856103][ T1100] hfsplus: b-tree write err: -5, ino 20 [ 472.163167][ T9096] loop3: detected capacity change from 0 to 2048 [ 472.171819][ T9096] FAT-fs (loop3): bogus sectors per cluster 248 [ 472.178185][ T9096] FAT-fs (loop3): Can't find a valid FAT filesystem [ 472.243844][ T8078] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 475.188127][ T9122] loop1: detected capacity change from 0 to 1024 [ 476.108836][ T9128] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1008'. [ 476.186825][ T9128] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1008'. [ 476.557515][ T12] hfsplus: b-tree write err: -5, ino 25 [ 476.563260][ T12] hfsplus: b-tree write err: -5, ino 4 [ 476.578366][ T12] hfsplus: b-tree write err: -5, ino 2 [ 476.595556][ T12] hfsplus: b-tree write err: -5, ino 20 [ 477.528713][ T9144] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 479.879372][ T9156] loop1: detected capacity change from 0 to 64 [ 481.331157][ T9162] loop3: detected capacity change from 0 to 1024 [ 481.540383][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 481.581021][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 481.612515][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 481.673719][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 482.067012][ T9166] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1020'. [ 482.086543][ T9166] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1020'. [ 487.140339][ T9187] loop3: detected capacity change from 0 to 32768 [ 487.228688][ T9187] JBD2: Ignoring recovery information on journal [ 487.508873][ T9210] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1032'. [ 487.520835][ T9210] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1032'. [ 487.863469][ T9187] JBD2: journal reset failed [ 487.921406][ T9187] (syz.3.1027,9187,0):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 487.952107][ T9187] (syz.3.1027,9187,0):ocfs2_check_volume:2432 ERROR: ocfs2 journal load failed! -4 [ 488.881373][ T9221] loop1: detected capacity change from 0 to 64 [ 489.053202][ T9221] hfs: keylen 1794 too large [ 489.064988][ T9221] hfs: keylen 1794 too large [ 489.323347][ T9229] hfs: keylen 1794 too large [ 489.355145][ T9229] hfs: keylen 1794 too large [ 490.014610][ T9231] loop3: detected capacity change from 0 to 64 [ 490.083643][ T9229] hfs: keylen 1794 too large [ 490.721904][ T9235] syz.3.1035: attempt to access beyond end of device [ 490.721904][ T9235] loop3: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 490.775924][ T9235] Buffer I/O error on dev loop3, logical block 512, async page read [ 490.816279][ T9235] syz.3.1035: attempt to access beyond end of device [ 490.816279][ T9235] loop3: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 490.851588][ T9235] Buffer I/O error on dev loop3, logical block 56576, async page read [ 490.945273][ T9242] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1041'. [ 490.958724][ T9242] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1041'. [ 491.228648][ T9243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1043'. [ 492.283407][ T9257] loop1: detected capacity change from 0 to 64 [ 493.392352][ T9245] loop3: detected capacity change from 0 to 32768 [ 493.484556][ T9245] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 493.496164][ T9268] loop1: detected capacity change from 0 to 1024 [ 493.704883][ T1064] hfsplus: b-tree write err: -5, ino 25 [ 493.717716][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 493.725143][ T1064] hfsplus: b-tree write err: -5, ino 2 [ 493.734531][ T1064] hfsplus: b-tree write err: -5, ino 20 [ 494.049544][ T9245] XFS (loop3): Ending clean mount [ 494.407111][ T9276] loop1: detected capacity change from 0 to 256 [ 494.458323][ T5766] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 494.563391][ T9276] FAT-fs (loop1): Directory bread(block 64) failed [ 494.596997][ T9276] FAT-fs (loop1): Directory bread(block 65) failed [ 494.603742][ T9276] FAT-fs (loop1): Directory bread(block 66) failed [ 494.643920][ T9276] FAT-fs (loop1): Directory bread(block 67) failed [ 494.674461][ T9276] FAT-fs (loop1): Directory bread(block 68) failed [ 494.715080][ T9276] FAT-fs (loop1): Directory bread(block 69) failed [ 494.740975][ T9276] FAT-fs (loop1): Directory bread(block 70) failed [ 494.750616][ T9276] FAT-fs (loop1): Directory bread(block 71) failed [ 494.770784][ T9276] FAT-fs (loop1): Directory bread(block 72) failed [ 494.793325][ T9276] FAT-fs (loop1): Directory bread(block 73) failed [ 496.145208][ T9291] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1057'. [ 496.154935][ T9291] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1057'. [ 501.730396][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.738072][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.059056][ T9360] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1078'. [ 506.076180][ T9361] usb usb8: usbfs: process 9361 (syz.3.1077) did not claim interface 0 before use [ 506.113364][ T9361] netlink: 'syz.3.1077': attribute type 12 has an invalid length. [ 506.121364][ T9360] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1078'. [ 506.134205][ T9361] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1077'. [ 511.105199][ T9401] loop3: detected capacity change from 0 to 64 [ 512.915792][ T9409] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1092'. [ 512.949724][ T9409] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1092'. [ 512.986581][ T9412] loop3: detected capacity change from 0 to 128 [ 513.041249][ T9412] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 513.084063][ T9412] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 513.379028][ T5766] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 514.413594][ T9432] loop3: detected capacity change from 0 to 64 [ 515.811270][ T9439] hpfs: Bad magic ... probably not HPFS [ 516.806285][ T5771] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 516.948661][ T9444] program syz.3.1102 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 517.016053][ T5771] usb 1-1: Using ep0 maxpacket: 16 [ 517.124545][ T5771] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 517.366956][ T5771] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 517.410729][ T5771] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 517.420012][ T5771] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 517.430449][ T5771] usb 1-1: SerialNumber: syz [ 517.484526][ T5771] cdc_acm 1-1:1.0: Zero length descriptor references [ 517.500639][ T5771] cdc_acm: probe of 1-1:1.0 failed with error -22 [ 518.741098][ T5834] usb 1-1: USB disconnect, device number 5 [ 518.952093][ T9459] loop1: detected capacity change from 0 to 1024 [ 519.696888][ T9468] loop3: detected capacity change from 0 to 64 [ 520.828215][ T11] hfsplus: b-tree write err: -5, ino 25 [ 520.834477][ T11] hfsplus: b-tree write err: -5, ino 4 [ 520.842827][ T11] hfsplus: b-tree write err: -5, ino 2 [ 520.869976][ T11] hfsplus: b-tree write err: -5, ino 20 [ 521.245701][ T9475] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1112'. [ 521.266037][ T9475] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1112'. [ 521.576814][ T9482] hpfs: Bad magic ... probably not HPFS [ 527.741350][ T9525] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1130'. [ 527.754966][ T9525] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1130'. [ 527.816365][ T9527] loop3: detected capacity change from 0 to 1024 [ 528.366831][ T12] hfsplus: b-tree write err: -5, ino 25 [ 528.391452][ T12] hfsplus: b-tree write err: -5, ino 4 [ 528.419708][ T12] hfsplus: b-tree write err: -5, ino 2 [ 528.453134][ T12] hfsplus: b-tree write err: -5, ino 20 [ 529.072773][ T9533] loop1: detected capacity change from 0 to 4096 [ 529.141398][ T9534] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 529.698207][ T9539] loop3: detected capacity change from 0 to 24 [ 529.725359][ T9539] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 529.777029][ T9539] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 533.111848][ T9563] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1143'. [ 533.126300][ T9563] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1143'. [ 533.378193][ T9566] loop1: detected capacity change from 0 to 4096 [ 533.424156][ T9566] ntfs3: loop1: ino=3, Correct links count -> 2. [ 535.221716][ T9584] loop3: detected capacity change from 0 to 1024 [ 536.069602][ T12] hfsplus: b-tree write err: -5, ino 25 [ 536.095974][ T12] hfsplus: b-tree write err: -5, ino 4 [ 536.105925][ T12] hfsplus: b-tree write err: -5, ino 2 [ 536.111573][ T12] hfsplus: b-tree write err: -5, ino 20 [ 537.436493][ T9598] loop3: detected capacity change from 0 to 40427 [ 537.530962][ T9598] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 537.538993][ T9598] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 537.548991][ T9598] F2FS-fs (loop3): invalid crc value [ 537.719900][ T9598] F2FS-fs (loop3): Found nat_bits in checkpoint [ 537.813755][ T9598] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 537.820887][ T9598] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 540.805743][ T23] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 540.814896][ T9618] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1162'. [ 540.840786][ T9618] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1162'. [ 541.018147][ T23] usb 1-1: config 1 has an invalid descriptor of length 47, skipping remainder of the config [ 541.029655][ T23] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 541.042891][ T23] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 541.084715][ T23] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 541.101086][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 541.124032][ T23] usb 1-1: SerialNumber: syz [ 541.206314][ T23] cdc_acm 1-1:1.0: skipping garbage [ 541.215667][ T23] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 541.223849][ T23] cdc_acm 1-1:1.0: This needs exactly 3 endpoints [ 541.230659][ T23] cdc_acm: probe of 1-1:1.0 failed with error -22 [ 541.956125][ T5834] usb 1-1: USB disconnect, device number 6 [ 542.922471][ T9632] loop3: detected capacity change from 0 to 4096 [ 542.993058][ T9632] ntfs3: loop3: ino=3, Correct links count -> 2. [ 543.584091][ T9641] overlayfs: empty lowerdir [ 544.927255][ T9652] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1173'. [ 544.948482][ T9652] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1173'. [ 545.178656][ T9649] loop1: detected capacity change from 0 to 4096 [ 546.109996][ T9649] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 546.601252][ T9649] overlayfs: upper fs does not support tmpfile. [ 546.803195][ T9649] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 546.987394][ T9649] overlayfs: conflicting lowerdir path [ 547.461583][ T9681] loop1: detected capacity change from 0 to 24 [ 547.476578][ T9681] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 547.525650][ T9681] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 547.930719][ T9688] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1187'. [ 547.949544][ T9688] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1187'. [ 549.109884][ T9699] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.118819][ T9699] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.128091][ T9699] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.137146][ T9699] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.146552][ T9699] geneve2: entered promiscuous mode [ 552.685184][ T9711] overlayfs: failed to resolve './file0': -2 [ 555.276371][ T9724] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1199'. [ 555.311751][ T9724] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1199'. [ 567.853606][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.860085][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.345321][ T9779] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1213'. [ 568.417543][ T9779] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1213'. [ 572.186447][ T9819] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1226'. [ 572.202524][ T9819] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1226'. [ 572.813979][ T9825] loop1: detected capacity change from 0 to 64 [ 573.028949][ T9829] loop3: detected capacity change from 0 to 256 [ 573.110798][ T9829] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 575.149964][ T9852] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1238'. [ 575.162255][ T9852] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1238'. [ 575.958324][ T9855] loop1: detected capacity change from 0 to 32768 [ 576.019603][ T9855] JBD2: Ignoring recovery information on journal [ 576.027303][ T9855] jbd2_journal_bmap: journal block not found at offset 32 on loop1-75 [ 576.036319][ T9855] JBD2: bad block at offset 32 [ 576.258881][ T9855] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 576.761621][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 577.910258][ T9863] loop3: detected capacity change from 0 to 32768 [ 577.985891][ T9863] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 579.048116][ T9863] XFS (loop3): Ending clean mount [ 579.262918][ T27] audit: type=1800 audit(1774228480.370:45): pid=9863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1242" name="file2" dev="loop3" ino=9287 res=0 errno=0 [ 579.334602][ T5766] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 579.919701][ T9893] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1247'. [ 579.930636][ T9893] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1247'. [ 580.846366][ T9908] loop3: detected capacity change from 0 to 64 [ 583.127448][ T9916] loop3: detected capacity change from 0 to 40427 [ 583.157393][ T9916] F2FS-fs (loop3): invalid crc value [ 583.201527][ T9916] F2FS-fs (loop3): Found nat_bits in checkpoint [ 583.266416][ T9921] IPVS: Error connecting to the multicast addr [ 583.883509][ T9916] F2FS-fs (loop3): Start checkpoint disabled! [ 583.944110][ T9916] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 584.139200][ T9916] F2FS-fs (loop3): Stopped filesystem due to reason: 0 [ 584.428410][ T9931] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1262'. [ 584.440657][ T9931] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1262'. [ 585.036437][ T9941] loop1: detected capacity change from 0 to 64 [ 586.064726][ T9946] overlayfs: missing 'workdir' [ 586.436302][ T9952] overlayfs: empty lowerdir [ 586.598015][ T9954] loop3: detected capacity change from 0 to 64 [ 589.106172][ T9977] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1275'. [ 589.138476][ T9977] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1275'. [ 589.616834][ T9984] loop3: detected capacity change from 0 to 64 [ 591.235506][ T9988] overlayfs: empty lowerdir [ 591.342956][ T9990] loop1: detected capacity change from 0 to 64 [ 591.749110][ T9990] hfs: keylen 1794 too large [ 591.753963][ T9990] hfs: keylen 1794 too large [ 592.007919][ T9995] overlayfs: missing 'workdir' [ 592.103397][ T9999] loop3: detected capacity change from 0 to 64 [ 592.136791][ T9999] hfs: unable to parse mount options [ 592.830168][T10000] loop1: detected capacity change from 0 to 32768 [ 592.889479][T10000] JBD2: Ignoring recovery information on journal [ 592.897148][T10000] jbd2_journal_bmap: journal block not found at offset 32 on loop1-75 [ 592.905311][T10000] JBD2: bad block at offset 32 [ 592.971079][T10000] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 593.712665][T10008] loop3: detected capacity change from 0 to 2048 [ 593.743390][ T9827] udevd[9827]: incorrect nilfs2 checksum on /dev/loop3 [ 593.760237][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 593.770310][T10008] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 593.791811][T10008] NILFS (loop3): unrecognized mount option "" [ 594.348128][T10021] loop3: detected capacity change from 0 to 64 [ 597.103253][T10031] overlayfs: empty lowerdir [ 597.676431][T10042] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 1, id = 0 [ 597.813217][T10044] overlayfs: missing 'workdir' [ 597.902922][ C0] hrtimer: interrupt took 45296 ns [ 598.774619][T10057] loop3: detected capacity change from 0 to 2048 [ 598.885044][T10057] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 598.905997][T10057] NILFS (loop3): unrecognized mount option "" [ 598.918606][ T9827] udevd[9827]: incorrect nilfs2 checksum on /dev/loop3 [ 599.035905][T10064] loop1: detected capacity change from 0 to 64 [ 599.997527][T10062] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1298'. [ 600.007053][T10062] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1298'. [ 600.379000][T10067] loop3: detected capacity change from 0 to 40427 [ 600.394983][T10067] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 600.402808][T10067] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 600.421139][T10067] F2FS-fs (loop3): invalid crc value [ 600.434956][T10067] F2FS-fs (loop3): Found nat_bits in checkpoint [ 600.483064][T10067] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 600.490653][T10067] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 602.276711][T10082] overlayfs: empty lowerdir [ 604.684748][T10100] usb usb9: usbfs: process 10100 (syz.2.1307) did not claim interface 0 before use [ 605.609708][T10106] overlayfs: missing 'workdir' [ 605.851200][T10094] loop3: detected capacity change from 0 to 65536 [ 606.511887][T10113] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 608.488383][T10130] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 610.143765][T10135] overlayfs: empty lowerdir [ 611.460264][T10150] overlayfs: empty lowerdir [ 611.819659][T10151] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1318'. [ 611.909083][T10157] loop3: detected capacity change from 0 to 64 [ 613.134677][T10151] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1318'. [ 613.234630][T10159] overlayfs: missing 'workdir' [ 613.503185][T10166] loop1: detected capacity change from 0 to 64 [ 613.768535][T10165] loop3: detected capacity change from 0 to 40427 [ 613.829156][T10165] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 613.836982][T10165] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 613.846904][T10165] F2FS-fs (loop3): invalid crc value [ 613.933446][T10165] F2FS-fs (loop3): Found nat_bits in checkpoint [ 613.970570][T10165] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 613.977692][T10165] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 616.528817][T10185] overlayfs: empty lowerdir [ 617.001275][T10182] loop1: detected capacity change from 0 to 2048 [ 617.020061][T10182] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 617.037561][T10182] NILFS (loop1): unrecognized mount option "" [ 617.153074][ T9827] udevd[9827]: incorrect nilfs2 checksum on /dev/loop1 [ 617.352246][T10195] overlayfs: empty lowerdir [ 619.321016][T10212] loop1: detected capacity change from 0 to 64 [ 620.715964][T10217] usb usb9: usbfs: process 10217 (syz.0.1333) did not claim interface 0 before use [ 620.903164][T10212] hfs: keylen 1794 too large [ 620.957439][T10212] hfs: keylen 1794 too large [ 621.168415][T10222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1336'. [ 623.476114][T10257] usb usb9: usbfs: process 10257 (syz.3.1347) did not claim interface 0 before use [ 624.594381][T10269] loop1: detected capacity change from 0 to 32768 [ 624.610393][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.620055][T10270] tipc: Started in network mode [ 624.625214][T10270] tipc: Node identity ac14140f, cluster identity 4711 [ 624.626105][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.632974][T10270] tipc: New replicast peer: 255.255.255.255 [ 624.645093][T10270] tipc: Enabled bearer , priority 10 [ 624.700170][T10269] JBD2: Ignoring recovery information on journal [ 624.763047][T10269] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 624.836699][ T27] audit: type=1800 audit(1774228525.940:46): pid=10269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1350" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 625.510968][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 625.758120][ T5834] tipc: Node number set to 2886997007 [ 626.536398][T10291] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 628.701264][T10309] loop3: detected capacity change from 0 to 2048 [ 628.750786][T10309] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 628.762586][T10309] NILFS (loop3): unrecognized mount option "" [ 628.845074][ T9782] udevd[9782]: incorrect nilfs2 checksum on /dev/loop3 [ 630.228560][T10329] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 630.982992][T10332] IPv6: NLM_F_CREATE should be specified when creating new route [ 631.182361][T10338] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1374'. [ 631.407198][T10343] loop3: detected capacity change from 0 to 2048 [ 631.421133][T10343] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 631.439898][T10343] NILFS (loop3): unrecognized mount option "" [ 631.562723][ T9827] udevd[9827]: incorrect nilfs2 checksum on /dev/loop3 [ 632.916054][T10367] loop1: detected capacity change from 0 to 40427 [ 632.946426][T10367] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 632.954907][T10367] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 632.965949][T10367] F2FS-fs (loop1): invalid crc value [ 632.979499][T10367] F2FS-fs (loop1): Found nat_bits in checkpoint [ 633.026766][T10367] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 633.033851][T10367] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 636.649806][T10398] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 638.017086][T10410] overlayfs: empty lowerdir [ 639.075760][ T8958] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 639.201167][T10431] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 639.257875][ T8958] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 639.290220][ T8958] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 639.321300][ T8958] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 639.350005][ T8958] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 639.366957][ T8958] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 639.399906][ T8958] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 639.444017][ T8958] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 639.457399][ T8958] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 639.484209][ T8958] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 639.517427][ T8958] usb 2-1: string descriptor 0 read error: -22 [ 639.525975][ T8958] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 639.538365][T10421] loop3: detected capacity change from 0 to 32768 [ 639.555340][ T8958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.581371][ T8958] adutux 2-1:168.0: interrupt endpoints not found [ 639.616045][T10421] JBD2: Ignoring recovery information on journal [ 639.629495][T10421] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 639.637929][T10421] JBD2: bad block at offset 32 [ 639.656371][T10421] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 639.678527][T10437] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1407'. [ 639.693707][T10437] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1407'. [ 639.794389][ T8958] usb 2-1: USB disconnect, device number 2 [ 639.902368][ T5766] ocfs2: Unmounting device (7,3) on (node local) [ 640.434403][T10447] overlayfs: empty lowerdir [ 641.290070][T10457] overlayfs: missing 'workdir' [ 641.429810][T10461] loop1: detected capacity change from 0 to 64 [ 643.206171][T10474] loop3: detected capacity change from 0 to 256 [ 643.763688][T10474] FAT-fs (loop3): Directory bread(block 64) failed [ 643.800790][T10474] FAT-fs (loop3): Directory bread(block 65) failed [ 643.835912][T10474] FAT-fs (loop3): Directory bread(block 66) failed [ 643.857240][T10474] FAT-fs (loop3): Directory bread(block 67) failed [ 643.894851][T10474] FAT-fs (loop3): Directory bread(block 68) failed [ 643.918679][T10474] FAT-fs (loop3): Directory bread(block 69) failed [ 644.053489][T10474] FAT-fs (loop3): Directory bread(block 70) failed [ 644.080922][T10474] FAT-fs (loop3): Directory bread(block 71) failed [ 644.111345][T10474] FAT-fs (loop3): Directory bread(block 72) failed [ 644.175707][T10474] FAT-fs (loop3): Directory bread(block 73) failed [ 644.386081][T10487] overlayfs: empty lowerdir [ 645.452060][T10500] loop3: detected capacity change from 0 to 16 [ 646.388243][T10500] erofs: (device loop3): mounted with root inode @ nid 36. [ 646.405265][T10499] syz.3.1426: attempt to access beyond end of device [ 646.405265][T10499] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 646.423945][T10499] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -20 in[62, 4034] out[4096] [ 646.437141][T10499] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -20 in[62, 4034] out[4096] [ 646.452301][T10499] erofs: (device loop3): erofs_fill_dentries: bogus dirent @ nid 36 [ 646.462856][ T27] audit: type=1800 audit(1774228547.550:47): pid=10499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1426" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 647.727057][T10517] hpfs: Bad magic ... probably not HPFS [ 648.004242][ T8] kernel write not supported for file bpf-prog (pid: 8 comm: kworker/0:0) [ 648.800851][T10525] overlayfs: empty lowerdir [ 650.101397][T10542] loop3: detected capacity change from 0 to 64 [ 650.203265][T10542] hfs: keylen 1794 too large [ 650.243205][T10542] hfs: keylen 1794 too large [ 651.895700][T10554] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 651.906632][T10554] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 653.592397][T10568] overlayfs: empty lowerdir [ 654.181798][T10575] loop3: detected capacity change from 0 to 64 [ 654.274721][T10575] hfs: keylen 1794 too large [ 654.292959][T10575] hfs: keylen 1794 too large [ 658.112470][T10608] loop1: detected capacity change from 0 to 64 [ 658.187074][T10608] hfs: keylen 1794 too large [ 658.192119][T10608] hfs: keylen 1794 too large [ 659.506349][T10628] loop3: detected capacity change from 0 to 128 [ 659.749936][ T27] audit: type=1800 audit(1774228560.850:48): pid=10628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1470" name="file2" dev="loop3" ino=1048620 res=0 errno=0 [ 659.974129][T10632] loop1: detected capacity change from 0 to 1024 [ 660.027198][T10632] EXT4-fs: Ignoring removed bh option [ 660.032702][T10632] EXT4-fs: inline encryption not supported [ 660.064963][T10632] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 660.078249][T10632] EXT4-fs (loop1): group descriptors corrupted! [ 661.093694][T10628] FAT-fs (loop3): error, clusters badly computed (4 != 3) [ 661.101444][T10628] FAT-fs (loop3): Filesystem has been set read-only [ 661.108447][T10628] FAT-fs (loop3): error, clusters badly computed (5 != 4) [ 661.116124][T10628] FAT-fs (loop3): error, clusters badly computed (6 != 5) [ 662.603569][T10652] 9pnet_fd: Insufficient options for proto=fd [ 662.880584][T10662] overlayfs: empty lowerdir [ 664.774687][T10682] loop3: detected capacity change from 0 to 64 [ 665.236611][T10687] overlayfs: empty lowerdir [ 665.448261][T10682] hfs: keylen 1794 too large [ 665.453297][T10682] hfs: keylen 1794 too large [ 667.106389][T10704] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1497'. [ 668.027120][T10704] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1497'. [ 668.843261][T10720] loop3: detected capacity change from 0 to 32768 [ 670.072434][T10717] ea_get: invalid extended attribute [ 671.002602][T10730] loop1: detected capacity change from 0 to 16 [ 671.587523][T10730] erofs: (device loop1): mounted with root inode @ nid 36. [ 671.613391][T10730] syz.1.1505: attempt to access beyond end of device [ 671.613391][T10730] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 671.790669][T10730] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -20 in[62, 4034] out[4096] [ 671.881708][ T27] audit: type=1800 audit(1774228572.910:49): pid=10730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1505" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 674.206117][T10764] loop3: detected capacity change from 0 to 16 [ 674.226377][T10764] erofs: (device loop3): mounted with root inode @ nid 36. [ 674.244860][T10764] syz.3.1516: attempt to access beyond end of device [ 674.244860][T10764] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 674.262497][T10764] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -20 in[62, 4034] out[4096] [ 674.278475][ T27] audit: type=1800 audit(1774228575.380:50): pid=10764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1516" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 680.369813][T10801] loop3: detected capacity change from 0 to 32768 [ 680.836430][T10797] ea_get: invalid extended attribute [ 681.652926][T10799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1529'. [ 682.427093][ T5834] kernel write not supported for file bpf-prog (pid: 5834 comm: kworker/0:5) [ 683.450264][T10838] loop1: detected capacity change from 0 to 2048 [ 683.489461][T10838] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 683.530754][T10838] NILFS (loop1): unrecognized mount option "" [ 683.592592][ T9827] udevd[9827]: incorrect nilfs2 checksum on /dev/loop1 [ 686.048415][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.054833][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.064996][T10868] loop1: detected capacity change from 0 to 40427 [ 686.078006][T10868] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 686.085814][T10868] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 686.098709][T10868] F2FS-fs (loop1): invalid crc value [ 686.118433][T10868] F2FS-fs (loop1): Found nat_bits in checkpoint [ 686.165837][T10868] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 686.173214][T10868] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 686.852051][T10876] loop3: detected capacity change from 0 to 64 [ 687.772037][T10881] hpfs: Bad magic ... probably not HPFS [ 688.278640][T10886] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1561'. [ 689.613334][ T5810] kernel write not supported for file bpf-prog (pid: 5810 comm: kworker/1:4) [ 690.288533][ T5776] Bluetooth: hci3: command 0x0406 tx timeout [ 690.485311][T10906] loop3: detected capacity change from 0 to 2048 [ 690.535694][T10906] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 690.545327][T10906] NILFS (loop3): unrecognized mount option "" [ 690.615099][ T9827] udevd[9827]: incorrect nilfs2 checksum on /dev/loop3 [ 691.613352][T10917] dlm: no local IP address has been set [ 691.619701][T10917] dlm: cannot start dlm midcomms -107 [ 694.025271][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1577'. [ 694.339322][T10934] loop1: detected capacity change from 0 to 2048 [ 694.366224][T10934] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 694.377504][T10934] NILFS (loop1): unrecognized mount option "" [ 694.441339][ T9827] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 694.651889][T10940] overlayfs: empty lowerdir [ 695.495978][T10953] hpfs: Bad magic ... probably not HPFS [ 697.776980][T10952] loop1: detected capacity change from 0 to 65536 [ 697.887819][T10975] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 698.028971][T10977] overlayfs: empty lowerdir [ 700.391584][T10994] loop3: detected capacity change from 0 to 32768 [ 700.403813][T10994] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.1599 (10994) [ 700.426605][T10994] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 700.437099][T10994] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 700.445897][T10994] BTRFS info (device loop3): using free space tree [ 700.560401][T10994] BTRFS info (device loop3): enabling ssd optimizations [ 700.567475][T10994] BTRFS info (device loop3): auto enabling async discard [ 700.784064][T11011] loop1: detected capacity change from 0 to 2048 [ 700.918596][T11011] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 701.316197][ T27] audit: type=1800 audit(1774228602.410:51): pid=11011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1601" name="file1" dev="loop1" ino=1367 res=0 errno=0 [ 701.425902][T11021] overlayfs: empty lowerdir [ 702.222203][ T27] audit: type=1804 audit(1774228603.050:52): pid=11023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1601" name="/newroot/371/file0/file1" dev="loop1" ino=1367 res=1 errno=0 [ 702.368329][ T5766] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 702.845845][ T5775] Bluetooth: hci3: command 0x0406 tx timeout [ 703.873589][T11049] hpfs: Bad magic ... probably not HPFS [ 706.440072][T11060] overlayfs: empty lowerdir [ 712.153552][T11095] hpfs: Bad magic ... probably not HPFS [ 713.230115][T11106] loop1: detected capacity change from 0 to 40427 [ 715.500911][T11106] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 715.509012][T11106] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 715.535709][T11106] F2FS-fs (loop1): invalid crc value [ 715.577891][T11106] F2FS-fs (loop1): Found nat_bits in checkpoint [ 715.671019][T11106] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 715.678720][T11106] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 719.993721][T11149] loop3: detected capacity change from 0 to 8 [ 720.156251][T11149] squashfs image failed sanity check [ 721.072578][T11161] hpfs: Bad magic ... probably not HPFS [ 722.013796][T11166] loop3: detected capacity change from 0 to 131072 [ 722.052876][T11166] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 722.061040][T11166] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 722.212836][T11166] F2FS-fs (loop3): invalid crc value [ 722.384966][T11166] F2FS-fs (loop3): Found nat_bits in checkpoint [ 722.621912][T11166] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 722.629131][T11166] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 723.073143][T11178] netlink: 476 bytes leftover after parsing attributes in process `syz.2.1653'. [ 727.329554][T11202] overlayfs: missing 'workdir' [ 729.232409][T11219] loop1: detected capacity change from 0 to 2048 [ 729.241179][T11219] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 729.251191][T11219] NILFS (loop1): unrecognized mount option "" [ 729.421711][T11210] udevd[11210]: incorrect nilfs2 checksum on /dev/loop1 [ 729.430115][ T5810] kernel write not supported for file bpf-prog (pid: 5810 comm: kworker/1:4) [ 729.508437][T11210] udevd[11210]: incorrect nilfs2 checksum on /dev/loop1 [ 729.639908][T11225] overlayfs: empty lowerdir [ 731.099763][T11242] loop3: detected capacity change from 0 to 2048 [ 731.117877][T11242] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 731.155946][T11242] NILFS (loop3): unrecognized mount option "" [ 731.179756][ T5810] kernel write not supported for file bpf-prog (pid: 5810 comm: kworker/1:4) [ 731.266133][T11210] udevd[11210]: incorrect nilfs2 checksum on /dev/loop3 [ 731.428638][T11253] hpfs: Bad magic ... probably not HPFS [ 732.902849][T11262] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 732.914604][T11262] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 733.321882][T11264] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 734.349714][T11273] loop3: detected capacity change from 0 to 2048 [ 734.380047][T11273] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 734.401738][T11273] NILFS (loop3): mounting unchecked fs [ 734.425098][T11273] NILFS (loop3): invalid segment: Inconsistency found [ 734.460561][T11273] NILFS (loop3): unable to fall back to spare super block [ 734.485210][T11273] NILFS (loop3): error -22 while searching super root [ 734.503483][T11210] udevd[11210]: incorrect nilfs2 checksum on /dev/loop3 [ 737.234004][T11303] loop1: detected capacity change from 0 to 2048 [ 737.252958][T11305] overlayfs: missing 'workdir' [ 737.275758][T11303] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 737.297854][T11309] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 737.307533][T11303] NILFS (loop1): mounting unchecked fs [ 737.314326][T11303] NILFS (loop1): invalid segment: Inconsistency found [ 737.323531][T11303] NILFS (loop1): unable to fall back to spare super block [ 737.334398][T11303] NILFS (loop1): error -22 while searching super root [ 737.589732][T11287] udevd[11287]: incorrect nilfs2 checksum on /dev/loop1 [ 737.676407][T11315] hpfs: Bad magic ... probably not HPFS [ 738.125104][T11324] 9pnet_fd: Insufficient options for proto=fd [ 738.541792][T11337] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 738.644025][T11339] loop1: detected capacity change from 0 to 2048 [ 738.660182][T11339] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 738.706033][T11339] NILFS (loop1): mounting unchecked fs [ 738.724901][T11339] NILFS (loop1): invalid segment: Inconsistency found [ 738.735010][T11339] NILFS (loop1): unable to fall back to spare super block [ 738.742723][T11339] NILFS (loop1): error -22 while searching super root [ 738.757209][T11287] udevd[11287]: incorrect nilfs2 checksum on /dev/loop1 [ 738.858293][T11347] binder: 11342:11347 unknown command 1074553619 [ 738.864708][T11347] binder: 11342:11347 ioctl c0306201 200000000540 returned -22 [ 738.914848][T11349] 9pnet_fd: Insufficient options for proto=fd [ 738.984977][T11351] overlayfs: missing 'workdir' [ 741.098401][T11378] netlink: 476 bytes leftover after parsing attributes in process `syz.3.1724'. [ 741.740537][T11382] overlayfs: missing 'workdir' [ 741.752174][T11384] loop1: detected capacity change from 0 to 64 [ 744.471279][T11411] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 744.688552][T11413] loop3: detected capacity change from 0 to 64 [ 744.846828][T11415] 9pnet_fd: Insufficient options for proto=fd [ 745.101407][T11419] overlayfs: missing 'workdir' [ 746.134568][T11431] loop3: detected capacity change from 0 to 512 [ 746.227002][T11431] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 746.286272][T11431] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 746.370940][T11431] EXT4-fs (loop3): 1 truncate cleaned up [ 746.400104][T11439] netlink: 'syz.2.1743': attribute type 1 has an invalid length. [ 746.410400][T11431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 746.501618][T11430] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 746.638211][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 746.838718][T11445] hpfs: Bad magic ... probably not HPFS [ 748.536099][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.548029][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.631179][T11450] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 749.233053][T11454] 9pnet_fd: Insufficient options for proto=fd [ 749.898035][T11463] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1751'. [ 750.627803][T11470] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 750.822371][T11474] 9pnet_fd: Insufficient options for proto=fd [ 756.943979][T11506] loop3: detected capacity change from 0 to 32768 [ 756.995351][T11506] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.1766 (11506) [ 757.107923][T11510] hpfs: Bad magic ... probably not HPFS [ 757.178505][T11506] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 757.209477][T11506] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 758.111575][T11506] BTRFS info (device loop3): enabling disk space caching [ 758.154276][T11506] BTRFS info (device loop3): force clearing of disk cache [ 758.186544][T11506] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 758.231074][T11506] BTRFS info (device loop3): use zstd compression, level 3 [ 758.267666][T11506] BTRFS info (device loop3): disk space caching is enabled [ 758.277112][T11519] 9pnet_fd: Insufficient options for proto=fd [ 758.470846][T11506] BTRFS info (device loop3): enabling ssd optimizations [ 758.485576][T11506] BTRFS info (device loop3): auto enabling async discard [ 758.563407][T11506] BTRFS info (device loop3): rebuilding free space tree [ 758.595234][T11541] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1771'. [ 758.706303][T11506] BTRFS info (device loop3): disabling free space tree [ 758.757037][T11506] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 758.919902][T11506] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 759.276380][ T5766] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 760.010341][T11287] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 11 /dev/loop3 scanned by udevd (11287) [ 763.137274][T11575] loop3: detected capacity change from 0 to 32768 [ 763.938902][T11571] ea_get: invalid extended attribute [ 764.433892][T11582] mmap: syz.1.1786 (11582) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 767.455949][T11603] loop3: detected capacity change from 0 to 8 [ 767.465153][T11603] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 767.703534][T11287] udevd[11287]: incorrect cramfs checksum on /dev/loop3 [ 767.727688][T11602] overlayfs: empty lowerdir [ 767.942349][T11606] loop1: detected capacity change from 0 to 2048 [ 767.977593][T11606] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 768.062333][T11606] NILFS (loop1): mounting unchecked fs [ 768.083037][T11606] NILFS (loop1): invalid segment: Inconsistency found [ 768.100698][T11606] NILFS (loop1): unable to fall back to spare super block [ 768.128638][T11606] NILFS (loop1): error -22 while searching super root [ 768.213685][T11287] udevd[11287]: incorrect nilfs2 checksum on /dev/loop1 [ 768.653274][T11612] loop3: detected capacity change from 0 to 32768 [ 769.579066][T11611] ea_get: invalid extended attribute [ 770.598016][T11619] hpfs: Bad magic ... probably not HPFS [ 773.522540][T11640] loop3: detected capacity change from 0 to 1024 [ 774.375100][ T7491] hfsplus: request for non-existent node 33554434 in B*Tree [ 774.413085][ T7491] hfsplus: request for non-existent node 33554434 in B*Tree [ 774.472922][ T5776] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 774.484300][ T5776] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 774.495074][ T5776] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 774.507147][ T5776] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 774.536736][ T5776] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 774.921796][ T5776] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 775.523959][T11662] overlayfs: missing 'workdir' [ 775.941286][T11650] chnl_net:caif_netlink_parms(): no params data found [ 776.025012][T11650] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.454174][T11650] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.462088][T11650] bridge_slave_0: entered allmulticast mode [ 776.485151][T11650] bridge_slave_0: entered promiscuous mode [ 776.599529][T11650] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.638377][T11650] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.684036][T11650] bridge_slave_1: entered allmulticast mode [ 776.758443][T11650] bridge_slave_1: entered promiscuous mode [ 776.902079][T11650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 776.921800][T11650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 776.996901][T11650] team0: Port device team_slave_0 added [ 777.010544][ T5775] Bluetooth: hci0: command tx timeout [ 777.024257][T11650] team0: Port device team_slave_1 added [ 777.083585][T11650] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 777.093378][T11650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.126654][T11650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 777.154215][T11650] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.165933][T11650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.247704][T11650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.931401][T11650] hsr_slave_0: entered promiscuous mode [ 777.947197][T11650] hsr_slave_1: entered promiscuous mode [ 777.954879][T11650] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 777.963165][T11650] Cannot create hsr debugfs directory [ 778.652602][T11699] hpfs: Bad magic ... probably not HPFS [ 779.594019][ T5775] Bluetooth: hci0: command tx timeout [ 779.822582][T11650] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 779.866855][T11650] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 779.910361][T11650] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 779.940497][T11650] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 780.303318][T11650] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.405060][T11650] 8021q: adding VLAN 0 to HW filter on device team0 [ 780.435311][T10175] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.442769][T10175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 781.409631][T10175] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.416894][T10175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 781.574455][T11650] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 781.647002][ T5775] Bluetooth: hci0: command tx timeout [ 781.772806][T11715] overlayfs: missing 'workdir' [ 782.710659][T11650] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 782.883671][T11730] loop3: detected capacity change from 0 to 2048 [ 782.903931][T11730] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 782.914777][T11730] NILFS (loop3): mounting unchecked fs [ 783.199260][T11730] NILFS (loop3): invalid segment: Inconsistency found [ 783.272569][T11730] NILFS (loop3): unable to fall back to spare super block [ 783.381795][T11730] NILFS (loop3): error -22 while searching super root [ 783.563885][T11287] udevd[11287]: incorrect nilfs2 checksum on /dev/loop3 [ 783.727650][ T5775] Bluetooth: hci0: command tx timeout [ 785.103105][T11748] loop3: detected capacity change from 0 to 40427 [ 785.119151][T11650] veth0_vlan: entered promiscuous mode [ 785.124785][T11748] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 785.132615][T11748] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 785.154219][T11650] veth1_vlan: entered promiscuous mode [ 785.163089][T11748] F2FS-fs (loop3): invalid crc value [ 785.209105][T11748] F2FS-fs (loop3): Found nat_bits in checkpoint [ 785.247835][T11748] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 785.254940][T11748] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 785.441720][T11650] veth0_macvtap: entered promiscuous mode [ 786.098212][T11650] veth1_macvtap: entered promiscuous mode [ 786.322232][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 786.346282][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 786.374260][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 786.412558][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 786.434413][T11762] overlayfs: missing 'workdir' [ 786.445737][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 786.476792][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 786.527690][T11650] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 786.626565][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 786.734156][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.193384][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 787.264357][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.325818][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 787.354900][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.846395][T11650] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 787.903105][T11650] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.959723][T11650] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.023310][T11650] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.061458][T11650] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.329815][T11777] hpfs: Bad magic ... probably not HPFS [ 790.047894][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 790.084283][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 790.989078][T11790] loop3: detected capacity change from 0 to 32768 [ 791.872582][T11789] ea_get: invalid extended attribute [ 792.752339][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 792.867175][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 793.020107][T11795] overlayfs: missing 'workdir' [ 794.408284][T11805] 9pnet_fd: Insufficient options for proto=fd [ 796.004512][T11825] overlayfs: empty lowerdir [ 796.710783][T11832] Bluetooth: MGMT ver 1.22 [ 797.276726][T11845] hpfs: Bad magic ... probably not HPFS [ 799.763017][T11854] loop4: detected capacity change from 0 to 40427 [ 799.778799][T11854] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 799.786617][T11854] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 799.796917][T11854] F2FS-fs (loop4): invalid crc value [ 799.830713][T11854] F2FS-fs (loop4): Found nat_bits in checkpoint [ 799.865297][T11854] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 799.873009][T11854] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 801.727310][T11869] overlayfs: missing 'workdir' [ 801.803820][T11870] loop4: detected capacity change from 0 to 2048 [ 801.824885][T11870] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 801.930882][T11870] NILFS (loop4): unrecognized mount option "" [ 801.940399][T11287] udevd[11287]: incorrect nilfs2 checksum on /dev/loop4 [ 802.944523][T11882] hpfs: Bad magic ... probably not HPFS [ 806.370010][T11904] overlayfs: empty lowerdir [ 806.410372][T11906] overlayfs: missing 'workdir' [ 806.499646][T11908] loop4: detected capacity change from 0 to 2048 [ 806.531120][T11908] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 806.604978][T11908] NILFS (loop4): unrecognized mount option "" [ 806.760321][T11287] udevd[11287]: incorrect nilfs2 checksum on /dev/loop4 [ 807.806889][T11921] hpfs: Bad magic ... probably not HPFS [ 808.644718][T11919] netlink: 160 bytes leftover after parsing attributes in process `syz.3.1880'. [ 808.666842][T11919] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1880'. [ 808.687923][T11919] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1880'. [ 808.932737][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.942271][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.997043][T11944] overlayfs: missing 'workdir' [ 811.903781][T11958] loop3: detected capacity change from 0 to 2048 [ 811.924976][T11959] overlayfs: empty lowerdir [ 811.957220][T11958] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 812.009375][T11958] NILFS (loop3): unrecognized mount option "" [ 812.283004][T11962] loop4: detected capacity change from 0 to 40427 [ 812.320316][T11962] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 812.328168][T11962] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 812.345714][T11962] F2FS-fs (loop4): invalid crc value [ 812.372344][T11962] F2FS-fs (loop4): Found nat_bits in checkpoint [ 812.409540][T11287] udevd[11287]: incorrect nilfs2 checksum on /dev/loop3 [ 812.440946][T11962] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 812.448169][T11962] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 812.947255][T11976] hpfs: Bad magic ... probably not HPFS [ 815.401811][T11989] netlink: 160 bytes leftover after parsing attributes in process `syz.4.1897'. [ 815.411650][T11989] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1897'. [ 815.421381][T11989] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1897'. [ 816.121783][T11999] overlayfs: missing 'workdir' [ 817.888420][T12029] hpfs: Bad magic ... probably not HPFS [ 819.063828][T12037] overlayfs: empty lowerdir [ 819.159141][T12040] overlayfs: missing 'workdir' [ 819.276100][T12041] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1916'. [ 819.291279][T12041] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1916'. [ 819.309305][T12041] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1916'. [ 821.895620][T12067] 9pnet_fd: Insufficient options for proto=fd [ 822.054446][T12072] overlayfs: missing 'workdir' [ 822.705924][T12083] hpfs: Bad magic ... probably not HPFS [ 823.891751][T12093] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1933'. [ 824.049750][T12097] overlayfs: empty lowerdir [ 825.938436][T12113] 9pnet_fd: Insufficient options for proto=fd [ 826.216201][T12119] overlayfs: missing 'workdir' [ 827.090784][T12132] overlayfs: empty lowerdir [ 828.159948][T12140] loop3: detected capacity change from 0 to 40427 [ 828.258343][T12142] hpfs: Bad magic ... probably not HPFS [ 829.097154][T12140] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 829.105026][T12140] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 829.115120][T12140] F2FS-fs (loop3): invalid crc value [ 829.140162][T12140] F2FS-fs (loop3): Found nat_bits in checkpoint [ 829.176714][T12140] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 829.183807][T12140] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 831.049942][T12160] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1953'. [ 831.240579][T12166] overlayfs: empty lowerdir [ 831.785619][T12170] overlayfs: missing 'workdir' [ 831.852866][T12172] 9pnet_fd: Insufficient options for proto=fd [ 832.843555][T12182] loop3: detected capacity change from 0 to 40427 [ 832.855773][T12182] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 832.863547][T12182] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 832.873333][T12182] F2FS-fs (loop3): invalid crc value [ 832.882248][T12182] F2FS-fs (loop3): Found nat_bits in checkpoint [ 832.911789][T12182] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 832.918929][T12182] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 833.793444][T12195] hpfs: Bad magic ... probably not HPFS [ 835.728082][T12210] overlayfs: empty lowerdir [ 836.227154][T12207] loop3: detected capacity change from 0 to 2048 [ 836.272295][T12207] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 836.296852][T12207] NILFS (loop3): unrecognized mount option "" [ 836.349510][T12216] 9pnet_fd: Insufficient options for proto=fd [ 836.366766][T12108] udevd[12108]: incorrect nilfs2 checksum on /dev/loop3 [ 836.420463][T12218] overlayfs: missing 'workdir' [ 836.815187][T12223] loop3: detected capacity change from 0 to 40427 [ 836.859459][T12223] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 836.867392][T12223] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 836.946859][T12223] F2FS-fs (loop3): invalid crc value [ 836.975227][T12223] F2FS-fs (loop3): Found nat_bits in checkpoint [ 837.016873][T12223] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 837.024015][T12223] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 837.641239][T12238] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1973'. [ 838.702991][T12249] overlayfs: empty lowerdir [ 839.614194][T12254] loop4: detected capacity change from 0 to 2048 [ 839.631368][T12254] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 839.651220][T12254] NILFS (loop4): unrecognized mount option "" [ 839.719772][T12257] hpfs: Bad magic ... probably not HPFS [ 840.624812][T12108] udevd[12108]: incorrect nilfs2 checksum on /dev/loop4 [ 840.785343][T12261] 9pnet_fd: Insufficient options for proto=fd [ 841.386686][T12273] overlayfs: missing 'workdir' [ 841.546761][T12270] loop4: detected capacity change from 0 to 40427 [ 841.562815][T12270] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 841.571321][T12270] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 841.582925][T12270] F2FS-fs (loop4): invalid crc value [ 841.602363][T12270] F2FS-fs (loop4): Found nat_bits in checkpoint [ 841.644838][T12270] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 841.652479][T12270] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 842.821984][T12288] overlayfs: empty lowerdir [ 843.441691][T12295] loop3: detected capacity change from 0 to 2048 [ 843.526173][T12295] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 843.551004][T12295] NILFS (loop3): unrecognized mount option "" [ 843.581988][T12108] udevd[12108]: incorrect nilfs2 checksum on /dev/loop3 [ 843.701504][T12301] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1991'. [ 843.810227][T12303] 9pnet_fd: Insufficient options for proto=fd [ 844.310658][T12308] loop3: detected capacity change from 0 to 40427 [ 844.325087][T12308] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 844.332975][T12308] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 844.342119][T12308] F2FS-fs (loop3): invalid crc value [ 844.365327][T12308] F2FS-fs (loop3): Found nat_bits in checkpoint [ 844.410467][T12308] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 844.417637][T12308] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 845.582173][T12324] hpfs: Bad magic ... probably not HPFS [ 846.870205][T12330] overlayfs: empty lowerdir [ 847.048207][T12332] overlayfs: missing 'workdir' [ 847.927369][T12351] 9pnet_fd: Insufficient options for proto=fd [ 848.762687][T12362] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2010'. [ 849.021947][T12369] overlayfs: empty lowerdir [ 849.566454][T12372] overlayfs: missing 'workdir' [ 850.350978][T12384] 9pnet_fd: Insufficient options for proto=fd [ 851.119339][T12389] loop4: detected capacity change from 0 to 40427 [ 851.129863][T12390] hpfs: Bad magic ... probably not HPFS [ 851.467696][T12389] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 851.475982][T12389] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 851.822559][T12389] F2FS-fs (loop4): invalid crc value [ 851.896629][T12389] F2FS-fs (loop4): Found nat_bits in checkpoint [ 851.942860][T12389] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 851.950026][T12389] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 853.188409][T12416] overlayfs: empty lowerdir [ 853.854960][T12420] 9pnet_fd: Insufficient options for proto=fd [ 853.894222][T12418] loop3: detected capacity change from 0 to 2048 [ 853.952376][T12418] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 853.984845][T12418] NILFS (loop3): unrecognized mount option "" [ 854.088114][T12108] udevd[12108]: incorrect nilfs2 checksum on /dev/loop3 [ 854.150111][T12427] overlayfs: missing 'workdir' [ 855.175730][T12445] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2034'. [ 855.578823][T12450] hpfs: Bad magic ... probably not HPFS [ 856.761263][T12460] overlayfs: empty lowerdir [ 857.496790][T12465] 9pnet_fd: Insufficient options for proto=fd [ 857.555387][T12463] loop3: detected capacity change from 0 to 2048 [ 857.627599][T12463] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 857.666687][T12463] NILFS (loop3): unrecognized mount option "" [ 857.761547][T12108] udevd[12108]: incorrect nilfs2 checksum on /dev/loop3 [ 858.155521][T12472] loop4: detected capacity change from 0 to 40427 [ 858.171435][T12472] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 858.179368][T12472] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 858.194222][T12472] F2FS-fs (loop4): invalid crc value [ 858.217265][T12472] F2FS-fs (loop4): Found nat_bits in checkpoint [ 858.257719][T12472] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 858.264851][T12472] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 858.611965][T12481] overlayfs: missing 'workdir' [ 859.319297][T12501] 9pnet_fd: Insufficient options for proto=fd [ 859.851291][T12508] overlayfs: empty lowerdir [ 860.522262][T12517] hpfs: Bad magic ... probably not HPFS [ 861.959034][T12524] netlink: 140 bytes leftover after parsing attributes in process `syz.4.2057'. [ 862.780772][T12535] 9pnet_fd: Insufficient options for proto=fd [ 863.713516][T12544] overlayfs: missing 'workdir' [ 864.262160][T12556] overlayfs: empty lowerdir [ 865.753784][T12572] 9pnet_fd: Insufficient options for proto=fd [ 865.924649][T12577] hpfs: Bad magic ... probably not HPFS [ 868.072797][T12587] overlayfs: missing 'workdir' [ 869.622857][T12595] overlayfs: empty lowerdir [ 870.233256][T12603] netlink: 140 bytes leftover after parsing attributes in process `syz.2.2081'. [ 870.262404][T12600] loop4: detected capacity change from 0 to 2048 [ 870.299991][T12600] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 870.351819][T12600] NILFS (loop4): unrecognized mount option "" [ 870.439287][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.447119][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.498789][T12108] udevd[12108]: incorrect nilfs2 checksum on /dev/loop4 [ 870.701665][ T7491] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.843454][ T7491] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.009920][ T7491] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.632784][ T7491] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.040237][T12626] hpfs: Bad magic ... probably not HPFS [ 872.219045][T12629] loop3: detected capacity change from 0 to 512 [ 874.586279][T12629] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.2089: invalid indirect mapped block 256 (level 2) [ 874.610528][T12629] EXT4-fs (loop3): 2 truncates cleaned up [ 874.618630][T12629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 874.647107][T12628] [ 874.649462][T12628] ====================================================== [ 874.656643][T12628] WARNING: possible circular locking dependency detected [ 874.663670][T12628] syzkaller #0 Not tainted [ 874.668083][T12628] ------------------------------------------------------ [ 874.675095][T12628] syz.3.2089/12628 is trying to acquire lock: [ 874.681159][T12628] ffff8880581c6ec8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_destroy_inline_data+0x28/0xe0 [ 874.690917][T12628] [ 874.690917][T12628] but task is already holding lock: [ 874.698270][T12628] ffff888029800bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 874.708270][T12628] [ 874.708270][T12628] which lock already depends on the new lock. [ 874.708270][T12628] [ 874.718838][T12628] [ 874.718838][T12628] the existing dependency chain (in reverse order) is: [ 874.727916][T12628] [ 874.727916][T12628] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 874.736350][T12628] percpu_down_read+0x44/0x1a0 [ 874.741736][T12628] ext4_writepages+0x1a4/0x350 [ 874.747040][T12628] do_writepages+0x3b3/0x630 [ 874.752250][T12628] __writeback_single_inode+0x153/0xec0 [ 874.758322][T12628] writeback_single_inode+0x21f/0x760 [ 874.764216][T12628] write_inode_now+0x183/0x210 [ 874.769500][T12628] iput+0x5ae/0x920 [ 874.773828][T12628] ext4_xattr_block_set+0x273f/0x32b0 [ 874.779738][T12628] ext4_expand_extra_isize_ea+0x12c5/0x1e80 [ 874.786156][T12628] __ext4_expand_extra_isize+0x306/0x400 [ 874.792308][T12628] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 874.798291][T12628] ext4_evict_inode+0x7f3/0xea0 [ 874.803695][T12628] evict+0x4ca/0x8d0 [ 874.808135][T12628] ext4_orphan_cleanup+0xbec/0x1420 [ 874.813866][T12628] ext4_fill_super+0x5ed0/0x6790 [ 874.819331][T12628] get_tree_bdev+0x3f3/0x520 [ 874.824469][T12628] vfs_get_tree+0x8c/0x280 [ 874.829405][T12628] do_new_mount+0x24b/0xa40 [ 874.834431][T12628] __se_sys_mount+0x2e7/0x3d0 [ 874.839642][T12628] do_syscall_64+0x55/0xa0 [ 874.844594][T12628] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 874.851022][T12628] [ 874.851022][T12628] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 874.858599][T12628] __lock_acquire+0x2df1/0x7d40 [ 874.863978][T12628] lock_acquire+0x19e/0x420 [ 874.868998][T12628] down_write+0x97/0x200 [ 874.873753][T12628] ext4_destroy_inline_data+0x28/0xe0 [ 874.879727][T12628] ext4_do_writepages+0x4f0/0x3990 [ 874.885356][T12628] ext4_writepages+0x1dd/0x350 [ 874.890652][T12628] do_writepages+0x3b3/0x630 [ 874.895770][T12628] filemap_fdatawrite_wbc+0x122/0x180 [ 874.901659][T12628] file_write_and_wait_range+0x197/0x280 [ 874.907803][T12628] generic_buffers_fsync_noflush+0x6f/0x160 [ 874.914213][T12628] ext4_sync_file+0x454/0xc00 [ 874.919403][T12628] ext4_buffered_write_iter+0x2c0/0x350 [ 874.925464][T12628] ext4_file_write_iter+0x1d9/0x1880 [ 874.931264][T12628] vfs_write+0x46c/0x990 [ 874.936032][T12628] __x64_sys_pwrite64+0x19b/0x230 [ 874.941574][T12628] do_syscall_64+0x55/0xa0 [ 874.946514][T12628] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 874.952923][T12628] [ 874.952923][T12628] other info that might help us debug this: [ 874.952923][T12628] [ 874.963144][T12628] Possible unsafe locking scenario: [ 874.963144][T12628] [ 874.970615][T12628] CPU0 CPU1 [ 874.975970][T12628] ---- ---- [ 874.981333][T12628] rlock(&sbi->s_writepages_rwsem); [ 874.986624][T12628] lock(&ei->xattr_sem); [ 874.993478][T12628] lock(&sbi->s_writepages_rwsem); [ 875.001185][T12628] lock(&ei->xattr_sem); [ 875.005510][T12628] [ 875.005510][T12628] *** DEADLOCK *** [ 875.005510][T12628] [ 875.013645][T12628] 2 locks held by syz.3.2089/12628: [ 875.018842][T12628] #0: ffff888029806418 (sb_writers#4){.+.+}-{0:0}, at: vfs_write+0x21b/0x990 [ 875.027724][T12628] #1: ffff888029800bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 875.038158][T12628] [ 875.038158][T12628] stack backtrace: [ 875.044037][T12628] CPU: 0 PID: 12628 Comm: syz.3.2089 Not tainted syzkaller #0 [ 875.051514][T12628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 875.061577][T12628] Call Trace: [ 875.064871][T12628] [ 875.067828][T12628] dump_stack_lvl+0x18c/0x250 [ 875.072528][T12628] ? load_image+0x400/0x400 [ 875.077056][T12628] ? show_regs_print_info+0x20/0x20 [ 875.082269][T12628] ? print_circular_bug+0x12b/0x1a0 [ 875.087510][T12628] check_noncircular+0x2fc/0x400 [ 875.092471][T12628] ? print_deadlock_bug+0x5d0/0x5d0 [ 875.097670][T12628] ? lockdep_lock+0xf5/0x230 [ 875.102256][T12628] ? _find_first_zero_bit+0xd3/0x100 [ 875.107536][T12628] __lock_acquire+0x2df1/0x7d40 [ 875.112410][T12628] ? lock_chain_count+0x20/0x20 [ 875.117256][T12628] ? verify_lock_unused+0x140/0x140 [ 875.122444][T12628] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 875.128426][T12628] ? lockdep_hardirqs_on+0x98/0x150 [ 875.133623][T12628] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 875.139520][T12628] ? _raw_spin_unlock+0x40/0x40 [ 875.144367][T12628] ? stack_trace_save+0xaa/0x100 [ 875.149297][T12628] ? stack_trace_snprint+0xf0/0xf0 [ 875.154408][T12628] lock_acquire+0x19e/0x420 [ 875.158946][T12628] ? ext4_destroy_inline_data+0x28/0xe0 [ 875.164504][T12628] ? __might_sleep+0xe0/0xe0 [ 875.169098][T12628] ? read_lock_is_recursive+0x20/0x20 [ 875.174556][T12628] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 875.180622][T12628] ? __might_sleep+0xe0/0xe0 [ 875.185206][T12628] ? register_lock_class+0xc4/0x8a0 [ 875.190426][T12628] down_write+0x97/0x200 [ 875.194662][T12628] ? ext4_destroy_inline_data+0x28/0xe0 [ 875.200289][T12628] ? down_read_killable+0x340/0x340 [ 875.205525][T12628] ? ext4_journal_check_start+0x178/0x250 [ 875.211243][T12628] ext4_destroy_inline_data+0x28/0xe0 [ 875.216625][T12628] ext4_do_writepages+0x4f0/0x3990 [ 875.221744][T12628] ? verify_lock_unused+0x140/0x140 [ 875.226937][T12628] ? __lock_acquire+0x1347/0x7d40 [ 875.231959][T12628] ? ext4_normal_submit_inode_data_buffers+0x240/0x240 [ 875.238808][T12628] ? rcu_read_lock_any_held+0xb4/0x140 [ 875.244257][T12628] ? __lock_acquire+0x7d40/0x7d40 [ 875.249274][T12628] ext4_writepages+0x1dd/0x350 [ 875.254032][T12628] ? ext4_read_folio+0x2f0/0x2f0 [ 875.258965][T12628] ? __rwlock_init+0x150/0x150 [ 875.263733][T12628] ? do_raw_spin_unlock+0x121/0x230 [ 875.268923][T12628] ? ext4_read_folio+0x2f0/0x2f0 [ 875.273852][T12628] do_writepages+0x3b3/0x630 [ 875.278446][T12628] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 875.284158][T12628] ? __lock_acquire+0x7d40/0x7d40 [ 875.289175][T12628] ? __rwlock_init+0x150/0x150 [ 875.293934][T12628] ? do_raw_spin_unlock+0x121/0x230 [ 875.299128][T12628] filemap_fdatawrite_wbc+0x122/0x180 [ 875.304673][T12628] file_write_and_wait_range+0x197/0x280 [ 875.310385][T12628] ? __filemap_set_wb_err+0x1b0/0x1b0 [ 875.315748][T12628] ? ext4_buffered_write_iter+0xd7/0x350 [ 875.321370][T12628] ? __lock_acquire+0x7d40/0x7d40 [ 875.326386][T12628] generic_buffers_fsync_noflush+0x6f/0x160 [ 875.332280][T12628] ext4_sync_file+0x454/0xc00 [ 875.336953][T12628] ext4_buffered_write_iter+0x2c0/0x350 [ 875.342490][T12628] ext4_file_write_iter+0x1d9/0x1880 [ 875.347782][T12628] ? rcu_read_lock_any_held+0xb4/0x140 [ 875.353233][T12628] ? ext4_file_read_iter+0x670/0x670 [ 875.358511][T12628] vfs_write+0x46c/0x990 [ 875.362749][T12628] ? file_end_write+0x250/0x250 [ 875.367605][T12628] ? __fget_files+0x43d/0x4b0 [ 875.372278][T12628] ? __fdget+0x180/0x210 [ 875.376513][T12628] ? __x64_sys_pwrite64+0xf6/0x230 [ 875.381617][T12628] __x64_sys_pwrite64+0x19b/0x230 [ 875.386647][T12628] ? ksys_pwrite64+0x1c0/0x1c0 [ 875.391401][T12628] ? lockdep_hardirqs_on+0x98/0x150 [ 875.396604][T12628] do_syscall_64+0x55/0xa0 [ 875.401019][T12628] ? clear_bhb_loop+0x40/0x90 [ 875.405691][T12628] ? clear_bhb_loop+0x40/0x90 [ 875.410357][T12628] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 875.416239][T12628] RIP: 0033:0x7f53b4d9c799 [ 875.420645][T12628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 875.440240][T12628] RSP: 002b:00007f53b5d13028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 875.448646][T12628] RAX: ffffffffffffffda RBX: 00007f53b5016090 RCX: 00007f53b4d9c799 [ 875.456618][T12628] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 000000000000000b [ 875.464583][T12628] RBP: 00007f53b4e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 875.472544][T12628] R10: 0000000000000c00 R11: 0000000000000246 R12: 0000000000000000 [ 875.480505][T12628] R13: 00007f53b5016128 R14: 00007f53b5016090 R15: 00007ffcf5cbf708 [ 875.488474][T12628] [ 875.492944][T12628] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.2089: bg 0: block 5: invalid block bitmap [ 875.531566][T12628] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 875.544340][T12628] EXT4-fs (loop3): This should not happen!! Data will be lost [ 875.544340][T12628] [ 875.554010][T12628] EXT4-fs (loop3): Total free blocks count 0 [ 875.560014][T12628] EXT4-fs (loop3): Free/Dirty block details [ 875.565953][T12628] EXT4-fs (loop3): free_blocks=0 [ 875.570875][T12628] EXT4-fs (loop3): dirty_blocks=2 [ 875.575904][T12628] EXT4-fs (loop3): Block reservation details [ 875.581870][T12628] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 875.654524][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 875.691526][T12633] 9pnet_fd: Insufficient options for proto=fd [ 876.648204][ T7491] hsr_slave_0: left promiscuous mode [ 876.657833][ T7491] hsr_slave_1: left promiscuous mode [ 876.668148][ T7491] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 876.677435][ T7491] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 876.685155][ T7491] bridge_slave_1: left allmulticast mode [ 876.694360][ T7491] bridge_slave_1: left promiscuous mode [ 876.702677][ T7491] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.713024][ T7491] bridge_slave_0: left allmulticast mode [ 876.719333][ T7491] bridge_slave_0: left promiscuous mode [ 876.725080][ T7491] bridge0: port 1(bridge_slave_0) entered disabled state [ 877.251833][ T7491] team0 (unregistering): Port device team_slave_1 removed [ 877.301835][ T7491] team0 (unregistering): Port device team_slave_0 removed [ 877.347932][ T7491] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 877.398498][ T7491] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 877.748595][ T7491] bond0 (unregistering): Released all slaves [ 878.158080][ T7491] IPVS: stop unused estimator thread 0...