last executing test programs: 3m31.507344399s ago: executing program 2 (id=888): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000a00)='./file0\x00', 0x1008413, &(0x7f0000000080)={[{@resgid}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@acl}, {@noblock_validity}]}, 0x0, 0x526, &(0x7f0000000c00)="$eJzs3c9vHFcdAPDvrL1OYju1CxygEm2hRU4E2bVrtbU4lCIhOFUCyj0Ye21ZXnsj77qNrYo64g9AQgiQOMGFCxJ/AAhV4sIRIVWCMwgQCEEKB5BoBs3urOMfu2s32ew69ucjTeb92Jnve5vM7LyZyUwAF9ar+XQvTdPrETGVlxfy6ZNZZi/i2Yh47+5bS9mURJq+/o8kkrysva606VJMtBZpruCrX4r4RnI8bn1nd32xWq1s5flyY+NWub6ze2NtY3G1slrZnJ+fe2nh5YUXF2YfpnsrE3niakS88oW/fO/bP/niK7/8zJt/vPm3a99MWm1++2g/PqDRXpWt77MYlw+UZfG2HjDYWdT+Agp5307jTv5PBACAwcqOSz+UH+dfj6kY6X04CwAAADyG0s9Nxv+S9rW7Y8a6lAMAAACPkUJETEZSKOX3b05GoVAqRfMe3o/EeKFaqzc+vVLb3lzO6iKmo1hYWatWZvN7W6ejmGT5uSz9i/fTNM+/0Ky7Xz8fEU9GxHenrjTzpaVadXnYJz8AAADggpg4Mv7/91Rr/A8AAACcM9Odiy8Nuh0AAADAo9Nl/A8AAACcI8b/AAAAcK59+bXXsiltv/96+Y2d7fXaGzeWK/X10sb2UmmptnWrtFqrrTaf2bfRc2X7rw7c3L5dblTqjXJ9Z/fmRm17s3Fz7dArsAEAAIABevKZd36fRMTeZ680p8zYgfr/5u8JGFoDgUdm/5RdJPl87PiH/vBEa/7nATUKGIiRYTcAGJrRYTcAGJrisBsADF1yQn3Xm3d+k88/0d/2AAAA/Tfzse7X/ws9l9zrXQ2ceTZiuLhc/4eLq3n9v8Mtfx05WIBzpegIAC68h77+fyL/hwgAAIZtsjklhVJ+em8yCoVSKeJq87UAxWRlrVqZjYgnIuJ3U8VLWX6uuWRy4pgBAAAAAAAAAAAAAAAAAAAAAAAAAGhJ0yRSAAAA4FyLKPw1+VXrWf4zU89PHj0/MJb8ZyryV4S++cPXv397sdHYmsvK/7lf3vhBXv7CMM5gAAAAAEe1x+ntcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NN7d99aak+DjPv3z0fEdKf4o3G5Ob8cxYgY/1cSoweWSyJipA/x9+5ExEc7xU+yZu2H7BT/yqOPH9P5t9Ap/kQf4sNF9k62/3m10/ZXiGeb887b32jEofyD6r7/i/3930iX7f/qKWM89e7Pyl3j34l4arTz/qcdP+kS/7lTxv/613Z3u9WlP4qY6fj7kxyKVW5s3CrXd3ZvrG0srlZWK5vz83MvLby88OLCbHllbbyS/VmtzHaM8Z2P//xer/6Pd4k/fUL/nz9l/99/9/bdD7eSxU7xrz3XIf6vf5x/4nj8Qv7b96k8ndXPtNN7rfRBT//0t0/36v9yl/6f9Pd/7ZT9v/6Vb/3plB8FAAagvrO7vlitVrbyROxFHC553BPZKP0MNEPiDCbePl71THRdKkl6rzBN0zTbph6iYUn36INJJPslw94zAQAA/Xb/6H/YLQEAAAAAAAAAAAAAAAAAAICLaxDPFTsac28/lfTjEdoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3x/wAAAP//Em/qYg==") mount$bpf(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x1840020, 0x0) 3m30.9410907s ago: executing program 2 (id=893): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fanotify_init(0x40, 0x1) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f00000001c0)) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r9 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff) unshare(0x2c020400) keyctl$unlink(0x9, r9, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x24044092) ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r4, 0x4058587a, 0x0) unshare(0x8000000) ioctl$XFS_IOC_FSBULKSTAT_SINGLE(r5, 0xc0205866, &(0x7f0000000740)={&(0x7f0000000600)=0x9, 0x6, &(0x7f0000000640)=[{}], &(0x7f0000000700)}) r10 = semget(0x1, 0x4, 0x3c4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00'}, 0x94) semtimedop(r10, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100d0000000fbdbdf25010000001800018014000200766574683100000000000000000000001c0002800c00018008000100030000000c000180080001"], 0x48}, 0x1, 0x0, 0x0, 0x850}, 0x4008800) 3m29.81883811s ago: executing program 2 (id=896): syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000100)='.\x00', 0x1a484bc, &(0x7f0000000200)=ANY=[@ANYRES8, @ANYBLOB="eea73c3ca047349ab66dff07b1e2bdc61875c6ccebea30ba1b8977c632dd4bd75d3cfd10cce0c88ccff0ff447cd9caded4abf65767e9dbbd7b5841a8ce3eae5cb5abfd7d4fb44c7151dec2b7b8f9cf870af04f1cc951b195c7fd36ffdbd0622cdc14395f095fb0d31f384214d59a0105d577557215473973f3b70178f49f07562f4d21cad59fafb7fbaf76061c56fdd2093329e2ece7cf96435bca11a90ba7f31e69c4b73ba3d172906ffc90f5de134a696a731d20a9cf70009a31f83d4b774b0d99de69f14de9e655b84b646166d979b9cdbde38324510998bba500000000007cf791c3e2fc9c72f920a64e0000000000000000000000b5ff5bb6b1fa869800651587af", @ANYRES8, @ANYRESDEC, @ANYRESOCT, @ANYRES16, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x1, 0x0, &(0x7f0000000480)) open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x100) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') 3m28.772965523s ago: executing program 2 (id=899): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0xc02, &(0x7f0000000100)={[{@iocharset={'iocharset', 0x3d, 'macturkish'}}, {}, {@errors_continue}, {@fmask={'fmask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@keep_last_dots}, {@keep_last_dots}, {@namecase}, {@iocharset={'iocharset', 0x3d, 'cp852'}}, {}]}, 0x1, 0x151e, &(0x7f0000007640)="$eJzs3AucT9XaOPDnWWvtMSbp1ySXYa31bH7JZZkkySVJLkmSJEluCUmTHElIDLklDUlILkNyGUJymZg07ve7JCRJkyQhuSXr/5ni73TqvOec9/Qe7+ed5/v57I/1zN7P2s/+PbNnXzDfdh1Wq0nt6o2ICP4t+OsfyQAQCwCDAOAaAAgAoHx8+fjs9bklJv97O2F/rofSrnQF7Eri/uds3P+cjfufs3H/czbuf87G/c/ZuP85G/efsZxsy4xC1/KScxd+/5+T8fX//4aLJx98ua7M9d0AYv7ZPO5/zsb9/z8r+Gc24v7nbNz/nCr2ShfA/hfg8z8nyPV313D/czbuP2M52ZV+/3ylF4jk7M/gSn//McYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLGc74yxQAXBpf6boYY4wxxhhjjDH25/G5rnQFjDHGGGOMMcYY+5+HIECCggBiIBfEQm6IAwEAV0NeuAYicC3Ew3WQD66H/FAACkIhSIDCUAQ0GIgBghCKQjGIwg1QHG6EElASSkFpcFAGEuEmKAs3Qzm4BcrDrVABboOKUAkqQxW4HarCHVAN7oTqcBfUgJpQC2rD3VAH7oG6cC/Ug/ugPtwPDeABaAgPQiN4CBrDw9AEHoGm8Cg0g+bQAlpCq/9W/gvQE16EXtAbkqEP9IWXoB/0hwEwEAbByzAYXoEh8CqkwFAYBq/BcHgdRsAbMBJGwWh4E8bAWzAWxsF4mACpMBEmwdswGd6BKTAVpsF0SIMZMBPehVkwG+bAezAX3od5MB8WwEJIhw9gESyGDPgQlsBHkAlLYRkshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHHfAx7IRPYBd8CrthD+yFz2AffP4v5p/+m/xuCAgoUKBChTEYg7EYi3EYh3kwD+bFvBjBCMZjPObDfJgf82NBLIgJmIBFsAgaNEhIWBSLYhSjWByLYwksgaWwFDp0mIiJWBZvxnJYDstjeayAFbAiVsJKWAWrYFWsitWwGlbH6lgDa2AtrIV3493YB+tiXayH9bA+1r/0egobYSNsjI2xCTbBptgUm2EzbIEtsBW2wtbYGttgG2yH7bA9tscO2AGTMAk7YkfshJ2wM3bGLtgFu2JX7IbdsXvWC7kAX8QXsTfWEH2wL/bFfpiSawAOxIH4Mg7GV/AVfBVTcCgOw9fwNXwdR+ApHImjcDSOxqriLRyL45DEBEzFVJyEk3AyTsYpOBWn4nRMwxk4E2fiLJyNs/E9nIvv4/s4H+fjQkzHdFyEizEDM3AJnsZMXIrLcDmuwJW4AlfjGlyN63A9rsONuBE342bciltxO27Hj/Fj/AQVAH6Ke3APpuA+3If7cT8ewAN4EA9iFmbhITyEh/EwHsEjeBSP4jE8jifwOJ7Ek3gKT+MZPIPn8Byex+cSvm78Scm1KSCyKaFEjIgRsSJWxIk4kUfkEXlFXhEREREv4kU+kU/kF/lFQVFQJIgEUUQUEUYYQSKMAQARFVFRXBQXJUQJUUqUEk44kSgSRVlRVpQT5UR5cauoIG4TFUUl0dZVEVVEVdHOVRN3iuqiuqghaopaoraoLeqIOqKuqCvqiXqivqgvGogHREPRBwfgQyK7M03EUGwqhmEz0VzIiz/BWosR2Ea0Fe3EE2IUjsQOorVLEk+LjmIsdhJ/EePwWdFFTMCu4nnRTXQXPcQLoqdo43qJ3mIK9hF9xXTsJ/qLAWKgmIU1xXs4N3ct8apIEUPFMPGaWIivixHiDTFSjBKjxZtijHhLjBXjxHgxQaSKiWKSeFtMFu+IKWKqmCamizQxQ8wU74pZYraYI94Tc8X7Yp6YLxaIhSJdfCAWicUiQ3woloiPRKZYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie1ih/hY7BSfiF3iU7Fb7BF7xWdin/hc7BdfiAPiS3FQfCWyxNfikPhGHBbfiiPiO3FUfC+OiePihPhBnBQ/ilPitDgjzopz4idxXvwsLggvQKIUUkolAxkjc8lYmVvGyatkHhlc/HSvlfHyOplPXi/zywKyoCwkE2RhWURqaaSVJENZVBaTUXmDLC5vlCVkSVlKlpZOlpGJ8iZZVt4sy8lbZHl5q6wgb5MVZSVZWVaRt8uq8g4JkV/3UUPWlLVkbXm3TIZ7ZF15r6wn75P15f2ygXxANpQPykbyIdlYPiybyEdkU/mobCabyxaypWwlH5Ot5eOyjWwr28knZHv5pOwgn5JJ8mnZUfqL3yLPyi7yOdlVPi+7ye6yh/xZXpBe9pK9JfQB2Ve+JPvJ/nKAHCgHyZflYPmKHCJflSlyqBwmX5PD5etyhHxDjpSj5Gj5phwj35Jj5Tg5Xk6QqXKinCTflpPlO3KKnCqnyekyTc6QAy7ONEfKf5j/9h/kD/ll75vlFrlVbsOLrZCfyF1yl9wtd8u9cq/cJ/fJ/XK/PCAPyIPyoMySWfKQPCQPy8PyiDwij8qj8pg8Ls/KH+RJ+aM8JU/L0/KsPCfPyfMXPwNQqISSSqlAxahcKlblVnHqKpVHXa3yqmtURF2r4tV1Kp+6XuVXBVRBVUglqMKqiNLKKKtIhaqoKqai6oZLVapSqrRyqoxKVDf9K/mquLpRlVAlf5N/qb7kv1NfK9VKtVatVRvVRrVT7VR71V51UB1UkkpSHVVH1Ul1Up1VZ9VFdVFdVVfVTXVTPVQP1VP1VL1UL5WsklVf9ZLqp/qrAWqgGqReVoPVYDVEDVEpKkUNU8PUcDVcjVAj1Eg1Uo1Wo9UYNUaNVWPVeDVepapUNUlNUpPVZDVFTVHT1DSVptLUTDVTzVKz1Bw1R81Vc9U8NU8tUAtUukpXi9QilaEy1BK1RGWqpWqpWq6Wq5VqpVqtVqu1aq1ar9arjWqjylRb1Ba1TW1TO9QOtVPtVLvULrVb7VZ71V61T+1T+9V+dUAdUAfVQZWlstQhdUgdVofVEXVEHVVH1TF1TJ1QJ9RJdVKdUqfUGXVGnVPn1Hl1Xl1QF7Jv+wIRiEAF2VfamCA2iA3igrggT5AnyBvkDSJBJIgP4oN8wfVB/qBAUDAoFCQEhYMigQ5MYANxsenR4IageHBjUCIoGZQKSgcuKBMkBjcFZYObg3LBLUH54NagQnBbUDGoFFQOqgS3B1WDO4JqwZ1B9eCuoEZQM6gV1A7uDuoE9wR1g3uDesF9Qf3g/qBB8EDQMHgwaBQ8FDQOHg6aBI8ETYNHg2ZB86BF0DJo9afO7/2pAo+7zbq3TtZ9dF/9ku6n++sBeqAepF/Wg/Ureoh+VafooXqYfk0P16/rEfoNPVKP0qP1m3qMfkuP1eP0eD1Bp+qJepJ+W0/W7+gpeqqepqfrND1Dz9Tv6ll6tp6j39Nz9ft6np6vF+iFOl1/oBfpxTpDf6iX6I90pl6ql+nleoVeqVfp1XqNXqvX6fV6g96oN+nNeoveqrfp7XqH/ljv1J/oXfpTvVvv0Xv1Z3qf/lzv11/oA/pLfVB/pbP01/qQ/kYf1t/qI/o7fVR/r4/p4/qE/kGf1D/qU/q0PqPP6nP6J31e/6wvaJ99c599eTfKKBNjYkysiTVxJs7kMXlMXpPXREzExJt4k8/kM/lNflPQFDQJJsEUMUVMNjJkipqiJmqiprgpbkqYEqaUKWWccSbRJJqypqwpZ8qZ8qa8qWAqmIqmoqlsKpvbze3mDnOHudPcae4yd5mapqapbWqbOqaOqWvqmnqmnqlv6psGpoFpaBqaRqaRaWwamyamiWlqmppmpplpYVqYVqaVaW1amzamjWln2pn2pr3pYDqYJJNkOpqOppPpZDqbzqaL6WK6mq6mm+lmepgepqfpaXqZXibZJJu+pq/pZ/qZAWaAGWQGmcFmsBlihpgUk2KGmWFmuBluRpgRZqQZZUZnnz7mLTPWjDPjzQSTalLNJDPJTDaTzRQzxUwz00yaSTMzzUwzy8wyc8wcM9fMNfPMPLPALDDpJt0sMotMhskwS8wSk2kyzTKzzKwwK8wqs8qsMWvMOrPObIANZpPZZLaYLWab2WZ2mB1mp9lpdpldZrfZbfaavWaf2Wf2m/3mgDlgDpqDJstkmUPmkDlsDpsj5og5ao6aY+aYOWFOmJPmpDllTpkz5ow5ZwpcvF56E2tz2zh7lc1jr7Z57TX2b+OCtpBNsIVtEattflvgN7Gx1pawJW0pW9o6W8Ym2pt+F1e0lWxlW8XebqvaO2y138V17D22rr3X1rP32dr27t/E9e39toF9xDZEBLDNbWPb0jaxj9im9lHbzDa3LWxL294+aTvYp2ySfdp2tM/8Ll5kF9s1dq1dZ9fb3XaPPWPP2sP2W3vO/mR72d52kH3ZDrav2CH2VZtih/4uHm3ftGPsW3asHWfH2wm/i6fZ6TbNzrAz7bt2lp39uzjdfmDn2gw7z863C+zCX+LsmjLsh3aJ/chm2gCW2eV2hV1pV9nV/7/W5Xaj3WQ32132U7vNbrc77Md256UbYbvH7rWf2X32c3vIfmMP2C/tQXvEZtmvf4mzj++I/c4etd/bY/a4PWF/sCftj+pSdvax/2B/thest0BIQJIUBRRDuSiWclMcXUV56GrKS9dQhK6leLqO8tH1lJ8KUEEqRAlUmIqQJkOWiEIqSsUoSjfQpfJKUWlyVIYS6SYqSzdTObqFytOtVIFuo4pUiSpTFbqdqtIdVI3upOp0F9WgmlSLatPdVIfuobp0L9WD+6g+3U8N6AFqSA9SI3qIGtPD1IQeoab0KDWj5tSCWlIreoxa0+PUhtpSO3qC2tOT1IGeoiR6mjrSM9SJ/kKd6VnqQs9RV3qeulF36kEvUE96kXpRb0qmPtSXXqJ+1J8G0EAaRC/TYHqFhtCrlEJDaRi9RsPpdRpBb9BIGkWj6U0aQ2/RWBpH42kCpdJEmkRv02R6h6bQVJpG0ymNZtBMepdm0WyaQ+/RXHqf5tF8WkALKZ0+oEW0mDLoQ1pCH1EmLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQx7STPqFd9Cntpj20lz6jffQ57acv6AB9SQfpK8qir+kQfUOH6Vs6Qt/53vQ9HaPjdIJ+oJP0I52i03SGztI5+onO0890gTxBiKEIZajCIIwJc4WxYe4wLrwqzBNeHeYNrwkj4bVhfHhdmC+8PswfFggLhoXChLBwWCTUoQltSGEYFg2LhdHwhrB4eGNYIiwZlgpLhy4sEyaGN4Vlw5vDcuEtYfnw1rBCeFtYMawUPnJflfD2sGp4R1gtvDOsHt4V1ghrhrXC2uHdYZ3wnrBueG9YL7wvLBfeHzYIHwgbhg+GjcKHwsbhw2GT8JGwafho2CxsHrYIW4atwsfC1uHjYZuwbdgufCJsHz4ZdgifCpPCp8OO4TO/rL9/8d9fnxz2CfuGL4Uvhd7fKxdEF0bTox9EF0UXRzOiH0aXRD+KZkaXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFN0e9r50LHDrhpFMucDEul4t1uV2cu8rlcVe7vO4aF3HXunh3ncvnrnf5XQFX0BVyCa6wK+K0M846cqEr6oq5qLvBFXc3uhKupCvlSjvnyrhE19K1cq1ca/e4a+PaunbuCfeEe9I96Z5yT7mnXUf3jOvk/uI6u2ddF/ece84977q57q6He8H1dBPz/npOJru+rq/r5/q5AW6AG+QGucFusBvihrgUl+KGuWFuuBvuRrgRbqQb6Ua70W6MG+PGurFuvBvvUl2qm+QmucluspviprhpbppLc2luppvpZrlZrursX/cyz81zC9wCl+7S3SKXfc+Y4Za4JS7TZbplbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vldrnd/ppfJ3X73H633x1wB9xB95XLcl+7Q+4bd9h9646479xR97075o67E+4Hd9L96E650+6MO+vOuZ/cefezu+C8S41MjEyKvB2ZHHknMiUyNTItMj2SFpkRmRl5NzIrMjsyJ/JeZG7k/ci8yPzIgsjCSHrkg8iiyOJIRuTDyJLIR5HMyNLIssjyyIrIyoj3hbeFvqgv5qP+Bl/c3+hL+JK+lC/tnS/jE/1Nvqy/2Zfzt/jy/lZfwd/mK/pKvrJ/1DfzzX0L39K38o/51v5x38a39e38E769f9J38E/5JP+07+if8Z38X3xn/6zv4p/zXf3zvpvv7nv4F3xP/6Lv5Xv7ZN/H9/Uv+X6+vx/gB/pB/mU/2L/ih/hXfYof6of51/xw/7of4d/wI/0oPzrmTT/m0iMyTPCpfqKf5N/2k/07cKef6qf56T7Nz/Az/bt+lp/t5/j3/Fz/vp/n5/sFfqFP9x/4RX6xz/Af+iX+I5/pl156qexX+dV+jV/r1/n1foPf6Df5zX6L3+q3+e1+h//Y7/Sf+F3+U7/b7/F7/Wd+n//c7/df+AP+S3/Qf+Wz/Nf+kP/GH/bf+iP+O3/Uf++P+eP+hP/Bn/Q/+lP+tD/jz/pz/id/3v/sL/D/WWOMMcYY+6dMvDwUv13z6+v8Pn+QI/5q474AcPX2Qll/vT77jnJD/l/H/UVC+wgAPN2760OXlho1kpOTL26bKSEoNh/g0t8EZYuBy/FSaAdPQhK0hbJ/WH9/0f0c/YP5o7cCxP1VTixcji/P/wUAJv/B/I89MXpRhfBM/H8x/3yAEsUu5+SGy/FSaPfL+5W2UO7v1F+g9T+oP/eXqQBt/ionD1yOL9efCI/DM5D0my0ZY4wxxhhjjLFf9ReVO196/rz0Lz7/6Pk8QV3OyQWX43/0fM4YY4wxxhhjjLEr79nuPZ56LCmpbed/fVDtv5X1Tw+awv/UzDz4w4H3AJe+ogDg35wQIHsg/5NHsfU/sq+Ui6fO365acdYH8L+jlX/G4Ar/YGKMMcYYY4z96S7f9P/26+pKFcQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVA/4lfJ3alj5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi70v5fAAAA//85evzE") mount$nfs(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, 0x0) 3m27.790264291s ago: executing program 2 (id=902): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x22483, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$kcm(0x11, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x103000, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x3d1, 0x3, 0xffffffffffffffff, 0x6, 0x6}, 0x2d}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2) close(r2) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, 0x0, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r1, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="27030200000314000e00003c031500000000ff8800000000000000000000000000000000000085dc9d9839dc1336", 0x2e}], 0x1}, 0x4005) 3m24.581800517s ago: executing program 2 (id=908): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) ptrace$ARCH_SHSTK_DISABLE(0x1e, r1, 0x1, 0x5002) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x3, 0x248a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x5, 0x0, 0xf439}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r4, 0x2, &(0x7f0000000380)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r4, 0x2, &(0x7f0000000740)={0x0}) 3m23.850029202s ago: executing program 32 (id=908): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) ptrace$ARCH_SHSTK_DISABLE(0x1e, r1, 0x1, 0x5002) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x3, 0x248a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x5, 0x0, 0xf439}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r4, 0x2, &(0x7f0000000380)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r4, 0x2, &(0x7f0000000740)={0x0}) 7.472332335s ago: executing program 3 (id=1745): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) io_uring_setup(0x7042, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x80008, 0xc0}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20004004) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600100004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @private=0xa010102}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f00000000c0), 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000380)={0x0, 0x8, 0xc0, 0x6, 0x7, 0xf87, 0x0, 0x3ff, {r4, @in={{0x2, 0x4e23, @empty}}, 0x1df4, 0x6, 0x47, 0xe13, 0xedcc}}, &(0x7f00000002c0)=0xb0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 6.443223236s ago: executing program 3 (id=1749): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x100, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa}, 0x9c) 5.252575092s ago: executing program 3 (id=1755): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}, 0x1, 0x0, 0x0, 0xc002}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) r1 = io_uring_setup(0x56ab, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r2 = io_uring_setup(0x7042, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20004004) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x3) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @private=0xa010102}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f00000000c0), 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000380)={0x0, 0x8, 0xc0, 0x6, 0x7, 0xf87, 0x0, 0x3ff, {r4, @in={{0x2, 0x4e23, @empty}}, 0x1df4, 0x6, 0x47, 0xe13, 0xedcc}}, &(0x7f00000002c0)=0xb0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 5.009129004s ago: executing program 4 (id=1758): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x80c8d0, &(0x7f0000000140)=ANY=[], 0x1, 0x34f, &(0x7f00000004c0)="$eJzs3M1vG0UYx/FfjO04qZr1AYE4oD4SF7isknDigrBQKyEiUYUa8SIhts0GrCx25LWCjBBpT1w4IP4IDlWPvVWC/gO5cOOAuHDLBYkDPSAWed+8bpzEdes2L9+PVO00M8/ubGazemalmf0Pf/hyazN0N72eSjXTnCQ9kOoqKTOXHktxuaq6hm7qtQt///by+x99/G5jbe3yutmVxrXXV81s6dLPX32zkDa7N6+9+qf7f63+uffC3kv7/137ohVaK7R2p2eeXe/80fOuB75ttMIt1+xq4Huhb6126HeT+mhXCnzbDDrb233z2gsXF7e7fhia1+7blt+3Xsd63b55n3uttrmuaxcXdbz5CdqcZc3b6+teI/3PG889WvCNWfQIjyca80h3uw1vMLYLB2qat59OrwAAwEmS5v95tl8apPTH5P9Fef5fTvL/3yUV8v879fu9Cx/cXUrz/3vVQf4vFfL/z/JT1WQbpTz/r0ka5v+dZH6Q5/8bTyb/P5gRnW7fjw6OoigvVse1H8n/cUYN8v/F9O83duuTO8txgfwfAAAAAAAAAAAAAAAAAAAAAIDT4EEUOVEUOckxWwEeOfPxghwpSusPCX/EJeM4aUbHf/hvwvHHKTfcuKO8JAXf7TR3mskxbXBfUiBfy3L0b/w8pAbl6k0rrqL7JdhN43d3msmrobGpVhy/Ikf1h+Oj6Mo7a5dXzLJdCwrxFS0W41fl6Hlpfkz8qiXy61cGx6pefaUQ78rRrzfUUaCNdGVcFv/titnb763ZaP8X4nYAAAAAAJwFruXq2fy3uIWg6x6sT+bHSX0yvy5r/PeBZH69/PD8PI4vq1R+VncNAAAAAMD5Eva/3vKCwO/OqHBL0lFtyprN1YffMCaNyjbIPaTNnOaefFdrkuJCdvHpzjPo2xRXr4ytqkz0GytN1dVL1ckHpXpoVfbZ6LBwXZ1mLCInHYvHGNMXf/zpn6PbJF/GpElO+Obd2jF3esQjUT6qTfW4O62MvCRKs30HAQAAAHg6hkl/9pO3pMqz7RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfNrPf/K+4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJx3/wcAAP//QOD4ig==") prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$key(0xf, 0x3, 0x2) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) prlimit64(r0, 0x2, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000200)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x1f0, &(0x7f0000000440)="$eJzslb+r01AUx7/3Ji9pfW5uLg4+8DmYJqm/lgfPxclB8Edxs9i0VFMrbQZbEPEvcHdzcPFfEKGu/hFSBVEQXdT5SnJvkptqSltbing+0JNv7j09OfeccAKCIP5bPrz/ORU/Dj5VABzFHmy1/tnIfbjm/67y7dGbK5cbT80Xb+2pUy1Gs5d+vglgcslApO6FEELf31PX6+CZvgGO00o3wOAofRscN5UOwHBL6bua7u8oEQbOnX7YanfDwI2NFxs/NvXZ/L4+YWhp+TFtfzga32uGYTDYmLBKKjf5kuVXAQ60/PR+OZDZulr9PHB4StfBcE3pi7DhOE5eEu38x808vjH3/BaWP+SuvvIx6U660p5xNrBkHXfm+MS1Xa0xAPtz719t9m1YRVgorOBlvmXIrbSjW0917QJm8aR/EVDYBtaf4QV7DUPk9aHsX5bqY3lfdO7vzu/y4WLvz6KVz+aneM5wSptPcpQ8Sz4Wtaj3oDYcjc90e81O0Anu+379vHvWdc/5tWQQSVsyA+P41WQ+HZGhY6plvhaz8LAZRQNP2uzelzY/QP4fnsw/jv2TSL4cDMeuzsb9DiB9KFM/nlxjtW+UJk8QBLFFToBlg9NMhfqaqA1LCOH/NvQIgiAIgiAIgiAIgvhn+BUAAP//aA9ZjQ==") r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x1e1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x100000c, 0x12, r3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8) syz_emit_ethernet(0x91, &(0x7f00000005c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "92c01f", 0x5b, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @private}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x80}}}, {0x8, 0x22eb, 0x4}, {0x8, 0x6558, 0x0, "f725fa260dabe5ae2d2c47dd65d7f5d2e2b41971e4a7ba"}}}}}}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.self_freezing\x00', 0x275a, 0x0) 3.997851494s ago: executing program 3 (id=1760): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1000000000000, 0x0, 0x106, 0x9}}, 0xffffff4e) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r2, 0xc2604111, &(0x7f0000001700)={0x72, [[0x80000000, 0x8001, 0x9, 0x0, 0x7, 0x1ff, 0x7, 0xd], [0x401, 0x6, 0x42ba, 0x0, 0x9, 0xfffffff3, 0x8001, 0x10], [0x843, 0x5, 0x5, 0x7, 0x4, 0x504, 0x3, 0x7]], '\x00', [{0x3, 0xa14d, 0x1, 0x1, 0x1, 0x1}, {0x10, 0x7, 0x1, 0x0, 0x1}, {0x9, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x2, 0x6, 0x1, 0x1, 0x0, 0x1}, {0x9, 0xfff, 0x1, 0x1, 0x1, 0x1}, {0x4, 0x3, 0x1, 0x1}, {0x8002, 0x2}, {0x10000, 0x8, 0x1, 0x1, 0x0, 0x1}, {0x9, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7, 0xffff0000, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x3, 0x0, 0x1, 0x0, 0x1}, {0x6, 0x200, 0x1, 0x1, 0x1}]}) 3.910178822s ago: executing program 4 (id=1762): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x80c8d0, &(0x7f0000000140)=ANY=[], 0x1, 0x34f, &(0x7f00000004c0)="$eJzs3M1vG0UYx/FfjO04qZr1AYE4oD4SF7isknDigrBQKyEiUYUa8SIhts0GrCx25LWCjBBpT1w4IP4IDlWPvVWC/gO5cOOAuHDLBYkDPSAWed+8bpzEdes2L9+PVO00M8/ubGazemalmf0Pf/hyazN0N72eSjXTnCQ9kOoqKTOXHktxuaq6hm7qtQt///by+x99/G5jbe3yutmVxrXXV81s6dLPX32zkDa7N6+9+qf7f63+uffC3kv7/137ohVaK7R2p2eeXe/80fOuB75ttMIt1+xq4Huhb6126HeT+mhXCnzbDDrb233z2gsXF7e7fhia1+7blt+3Xsd63b55n3uttrmuaxcXdbz5CdqcZc3b6+teI/3PG889WvCNWfQIjyca80h3uw1vMLYLB2qat59OrwAAwEmS5v95tl8apPTH5P9Fef5fTvL/3yUV8v879fu9Cx/cXUrz/3vVQf4vFfL/z/JT1WQbpTz/r0ka5v+dZH6Q5/8bTyb/P5gRnW7fjw6OoigvVse1H8n/cUYN8v/F9O83duuTO8txgfwfAAAAAAAAAAAAAAAAAAAAAIDT4EEUOVEUOckxWwEeOfPxghwpSusPCX/EJeM4aUbHf/hvwvHHKTfcuKO8JAXf7TR3mskxbXBfUiBfy3L0b/w8pAbl6k0rrqL7JdhN43d3msmrobGpVhy/Ikf1h+Oj6Mo7a5dXzLJdCwrxFS0W41fl6Hlpfkz8qiXy61cGx6pefaUQ78rRrzfUUaCNdGVcFv/titnb763ZaP8X4nYAAAAAAJwFruXq2fy3uIWg6x6sT+bHSX0yvy5r/PeBZH69/PD8PI4vq1R+VncNAAAAAMD5Eva/3vKCwO/OqHBL0lFtyprN1YffMCaNyjbIPaTNnOaefFdrkuJCdvHpzjPo2xRXr4ytqkz0GytN1dVL1ckHpXpoVfbZ6LBwXZ1mLCInHYvHGNMXf/zpn6PbJF/GpElO+Obd2jF3esQjUT6qTfW4O62MvCRKs30HAQAAAHg6hkl/9pO3pMqz7RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfNrPf/K+4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJx3/wcAAP//QOD4ig==") prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$key(0xf, 0x3, 0x2) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) prlimit64(r0, 0x2, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000200)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x1f0, &(0x7f0000000440)="$eJzslb+r01AUx7/3Ji9pfW5uLg4+8DmYJqm/lgfPxclB8Edxs9i0VFMrbQZbEPEvcHdzcPFfEKGu/hFSBVEQXdT5SnJvkptqSltbing+0JNv7j09OfeccAKCIP5bPrz/ORU/Dj5VABzFHmy1/tnIfbjm/67y7dGbK5cbT80Xb+2pUy1Gs5d+vglgcslApO6FEELf31PX6+CZvgGO00o3wOAofRscN5UOwHBL6bua7u8oEQbOnX7YanfDwI2NFxs/NvXZ/L4+YWhp+TFtfzga32uGYTDYmLBKKjf5kuVXAQ60/PR+OZDZulr9PHB4StfBcE3pi7DhOE5eEu38x808vjH3/BaWP+SuvvIx6U660p5xNrBkHXfm+MS1Xa0xAPtz719t9m1YRVgorOBlvmXIrbSjW0917QJm8aR/EVDYBtaf4QV7DUPk9aHsX5bqY3lfdO7vzu/y4WLvz6KVz+aneM5wSptPcpQ8Sz4Wtaj3oDYcjc90e81O0Anu+379vHvWdc/5tWQQSVsyA+P41WQ+HZGhY6plvhaz8LAZRQNP2uzelzY/QP4fnsw/jv2TSL4cDMeuzsb9DiB9KFM/nlxjtW+UJk8QBLFFToBlg9NMhfqaqA1LCOH/NvQIgiAIgiAIgiAIgvhn+BUAAP//aA9ZjQ==") r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x1e1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x100000c, 0x12, r3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8) syz_emit_ethernet(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 3.839276558s ago: executing program 1 (id=1763): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r1 = io_uring_setup(0x56ab, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) io_uring_setup(0x7042, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x80008, 0xc0}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20004004) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600100004"], 0x50) pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x3) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @private=0xa010102}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f00000000c0), 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000380)={0x0, 0x8, 0xc0, 0x6, 0x7, 0xf87, 0x0, 0x3ff, {r4, @in={{0x2, 0x4e23, @empty}}, 0x1df4, 0x6, 0x47, 0xe13, 0xedcc}}, &(0x7f00000002c0)=0xb0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 2.741854096s ago: executing program 3 (id=1764): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x14, 0x0, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf40242", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10000}, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="0180"], 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x40000) 2.663276583s ago: executing program 1 (id=1766): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYBLOB="2e0000000100eb39acadb55d9e3ca26d3ad7000a4f21b69bf622fa541cda81ad000096d6f8e3609388ca491f915c0514ca93fffeb9bf0d"]) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 2.662003253s ago: executing program 4 (id=1774): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40cf82223eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff3e24852548deb01efd54f11ed2c41d078b9cf1fc8f725616b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633b72fad6265a293e3877adc1660edbc9a0307a25720a170e7f5670e419dc44febf7ddc73fd4a5a0b6c28665f7f46c7084e17c809268103a2584ab40a68e528329dffafc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc1c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f36c410a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6f0000000000000000cc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a251032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847f6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aaf90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e98c869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda41ec9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da2695605200ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f7118db2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b584c0887b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"}) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x12, 0x8, 0x4, 0x2}, 0x50) 2.498378428s ago: executing program 3 (id=1767): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000657"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.435009763s ago: executing program 1 (id=1768): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) setresuid(0x0, 0xee00, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={0x0, 0x7, 0x18}, 0xc) 2.366808659s ago: executing program 4 (id=1769): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000002280)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000e40)="9b068ee84e8c420d78615e8c796736629110ccd6b0b50514fdc18b6c008516625001d71ea5f19ddb23f93bfa2d28222fae2d55b0d4e35463348a808c8e2b473adc0fedbedc744b3848ee3aaefedf4577c9f7d5ad34146a435ff86577e6c705b172903e01f7dae046669961ef604be4213f8af51d7aa8e259f5f02c9faed00aea03337c252e477e5dd7cd325e56b365591d129953855edf6beac7dd1f3dedc6f0753903b6969a25bc4ca72b66b96fc3a7261cc7febd1abf0b79f5c880d31a8e65dd0b3a55cd93309edc5e99f2ac8a1b4af22322fccbb6239f0e7fc3b4883f7f4f268ff7e7c5b578dde6b5049f4e716ec61eef29555b50b2eda81a3083ff40cf80c13456ca21853a4c92cfbdf395d87710ae1eaa3451cd211877cf5e4ba10ffa47c64703d3bedce49693859768e905e149d28f652183938a5243e7bb3ce6b3edef00eeeda1075bd7c56c356051875756a58510f231fa30f2960953522b323112bffbf7169795d0a9ff038a80a5411ccb924b6575704b2e2ef4ed34578f25e279bc873dcf5182f4567a46a4de27e75870e9ced0b2f9771f5382dd778a24633442285cfc0548b254f2759fe3b046fb901bdd42b7c68a03cfb455754a9168b135bec8e6ea", 0x1c2}], 0x1, 0x0, 0x0, 0x20002885}], 0x1, 0x4020010) 2.238694961s ago: executing program 1 (id=1770): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x80c8d0, &(0x7f0000000140)=ANY=[], 0x1, 0x34f, &(0x7f00000004c0)="$eJzs3M1vG0UYx/FfjO04qZr1AYE4oD4SF7isknDigrBQKyEiUYUa8SIhts0GrCx25LWCjBBpT1w4IP4IDlWPvVWC/gO5cOOAuHDLBYkDPSAWed+8bpzEdes2L9+PVO00M8/ubGazemalmf0Pf/hyazN0N72eSjXTnCQ9kOoqKTOXHktxuaq6hm7qtQt///by+x99/G5jbe3yutmVxrXXV81s6dLPX32zkDa7N6+9+qf7f63+uffC3kv7/137ohVaK7R2p2eeXe/80fOuB75ttMIt1+xq4Huhb6126HeT+mhXCnzbDDrb233z2gsXF7e7fhia1+7blt+3Xsd63b55n3uttrmuaxcXdbz5CdqcZc3b6+teI/3PG889WvCNWfQIjyca80h3uw1vMLYLB2qat59OrwAAwEmS5v95tl8apPTH5P9Fef5fTvL/3yUV8v879fu9Cx/cXUrz/3vVQf4vFfL/z/JT1WQbpTz/r0ka5v+dZH6Q5/8bTyb/P5gRnW7fjw6OoigvVse1H8n/cUYN8v/F9O83duuTO8txgfwfAAAAAAAAAAAAAAAAAAAAAIDT4EEUOVEUOckxWwEeOfPxghwpSusPCX/EJeM4aUbHf/hvwvHHKTfcuKO8JAXf7TR3mskxbXBfUiBfy3L0b/w8pAbl6k0rrqL7JdhN43d3msmrobGpVhy/Ikf1h+Oj6Mo7a5dXzLJdCwrxFS0W41fl6Hlpfkz8qiXy61cGx6pefaUQ78rRrzfUUaCNdGVcFv/titnb763ZaP8X4nYAAAAAAJwFruXq2fy3uIWg6x6sT+bHSX0yvy5r/PeBZH69/PD8PI4vq1R+VncNAAAAAMD5Eva/3vKCwO/OqHBL0lFtyprN1YffMCaNyjbIPaTNnOaefFdrkuJCdvHpzjPo2xRXr4ytqkz0GytN1dVL1ckHpXpoVfbZ6LBwXZ1mLCInHYvHGNMXf/zpn6PbJF/GpElO+Obd2jF3esQjUT6qTfW4O62MvCRKs30HAQAAAHg6hkl/9pO3pMqz7RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfNrPf/K+4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJx3/wcAAP//QOD4ig==") prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$key(0xf, 0x3, 0x2) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) prlimit64(r0, 0x2, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000200)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x1f0, &(0x7f0000000440)="$eJzslb+r01AUx7/3Ji9pfW5uLg4+8DmYJqm/lgfPxclB8Edxs9i0VFMrbQZbEPEvcHdzcPFfEKGu/hFSBVEQXdT5SnJvkptqSltbing+0JNv7j09OfeccAKCIP5bPrz/ORU/Dj5VABzFHmy1/tnIfbjm/67y7dGbK5cbT80Xb+2pUy1Gs5d+vglgcslApO6FEELf31PX6+CZvgGO00o3wOAofRscN5UOwHBL6bua7u8oEQbOnX7YanfDwI2NFxs/NvXZ/L4+YWhp+TFtfzga32uGYTDYmLBKKjf5kuVXAQ60/PR+OZDZulr9PHB4StfBcE3pi7DhOE5eEu38x808vjH3/BaWP+SuvvIx6U660p5xNrBkHXfm+MS1Xa0xAPtz719t9m1YRVgorOBlvmXIrbSjW0917QJm8aR/EVDYBtaf4QV7DUPk9aHsX5bqY3lfdO7vzu/y4WLvz6KVz+aneM5wSptPcpQ8Sz4Wtaj3oDYcjc90e81O0Anu+379vHvWdc/5tWQQSVsyA+P41WQ+HZGhY6plvhaz8LAZRQNP2uzelzY/QP4fnsw/jv2TSL4cDMeuzsb9DiB9KFM/nlxjtW+UJk8QBLFFToBlg9NMhfqaqA1LCOH/NvQIgiAIgiAIgiAIgvhn+BUAAP//aA9ZjQ==") r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x1e1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x100000c, 0x12, r3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8) syz_emit_ethernet(0x91, &(0x7f00000005c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "92c01f", 0x5b, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @private}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x80}}}, {0x8, 0x22eb, 0x4}, {0x8, 0x6558, 0x0, "f725fa260dabe5ae2d2c47dd65d7f5d2e2b41971e4a7ba"}}}}}}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.self_freezing\x00', 0x275a, 0x0) 2.13501566s ago: executing program 4 (id=1771): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800", 0x4e}, {&(0x7f0000000180)="61d039622fca5c64a169be49e15d04271baa03ca41a9f0af2b2b589b3c59e7841efa59ff5387e9a0f10d405ed691ca81b9f21f9f2230812e5946f5", 0x3b}], 0x2}, 0x0) 974.082904ms ago: executing program 1 (id=1775): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38f", 0x5}, {&(0x7f0000000140)="eb", 0x1}], 0x2}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 524.913164ms ago: executing program 1 (id=1776): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}, 0x1, 0x0, 0x0, 0xc002}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x56ab, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = io_uring_setup(0x7042, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x80008, 0xc0}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20004004) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600100004"], 0x50) io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x3) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @private=0xa010102}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r5, 0x84, 0xc, &(0x7f00000000c0), 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f0000000380)={0x0, 0x8, 0xc0, 0x6, 0x7, 0xf87, 0x0, 0x3ff, {r6, @in={{0x2, 0x4e23, @empty}}, 0x1df4, 0x6, 0x47, 0xe13, 0xedcc}}, &(0x7f00000002c0)=0xb0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 523.215584ms ago: executing program 0 (id=1777): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x6, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @initdev={0xac, 0x1e, 0x0, 0x0}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000}, 0x44010) 449.865941ms ago: executing program 4 (id=1778): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "112000"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCINITREPORT(r1, 0x4805, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82307202, 0x0) 280.835345ms ago: executing program 0 (id=1779): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@init_itable}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5) pwrite64(r1, &(0x7f0000000140)='2', 0xff10, 0x8000c61) 157.904677ms ago: executing program 0 (id=1780): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x3, 0x20, &(0x7f0000002900)="9e", 0x1, 0x205a, 0x1ff, 0x0, 0x96b, 0x6, 0x0}) close(r0) 108.916451ms ago: executing program 0 (id=1781): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmmsg$inet6(r1, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000600)='H\"', 0x2}], 0x1}}], 0x1, 0x8001) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/165, 0xee, 0x1, 0x0}, &(0x7f0000000180)=0x40) 14.001909ms ago: executing program 0 (id=1782): setresuid(0xee00, 0x0, 0xee00) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000000340)={0x2020}, 0x2020) 0s ago: executing program 0 (id=1783): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000040)=0xffffffffffffffff) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) kernel console output (not intermixed with test programs): [ T5871] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 645.548028][ T5871] usb 2-1: config 220 has no interface number 2 [ 645.556769][ T5871] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 645.571725][ T5871] usb 2-1: config 220 interface 0 has no altsetting 0 [ 645.571800][T10252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1005'. [ 645.579346][ T5871] usb 2-1: config 220 interface 76 has no altsetting 0 [ 645.598414][ T5871] usb 2-1: config 220 interface 1 has no altsetting 0 [ 645.608603][ T5871] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 645.622821][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.646369][ T5871] usb 2-1: Product: syz [ 645.655651][ T5871] usb 2-1: Manufacturer: syz [ 645.669996][ T5871] usb 2-1: SerialNumber: syz [ 645.749321][T10257] ieee802154 phy0 wpan0: encryption failed: -22 [ 645.876941][T10259] loop4: detected capacity change from 0 to 1024 [ 645.939792][ T5871] usb 2-1: selecting invalid altsetting 0 [ 645.979849][ T5871] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 645.990589][ T5871] usb 2-1: No valid video chain found. [ 646.002534][ T5871] usb 2-1: selecting invalid altsetting 0 [ 646.009428][ T5871] usbtest: probe of 2-1:220.1 failed with error -22 [ 646.028425][ T5871] usb 2-1: USB disconnect, device number 22 [ 646.153104][ T49] hfsplus: b-tree write err: -5, ino 4 [ 646.964259][T10275] syzkaller0: entered promiscuous mode [ 646.987124][T10275] syzkaller0: entered allmulticast mode [ 647.672740][T10282] tipc: Started in network mode [ 647.677977][T10282] tipc: Node identity 000000000000003a0000000000000001, cluster identity 4711 [ 647.711888][T10282] tipc: Enabling of bearer rejected, failed to enable media [ 647.768551][T10283] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 647.790363][T10283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1014'. [ 648.121773][T10287] loop0: detected capacity change from 0 to 128 [ 648.331885][T10289] tipc: Enabling of bearer rejected, failed to enable media [ 648.802183][ T5802] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 649.017864][ T5802] usb 1-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 649.042180][ T5802] usb 1-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 649.077895][ T5802] usb 1-1: config 0 interface 0 has no altsetting 0 [ 649.093222][ T5802] usb 1-1: New USB device found, idVendor=046d, idProduct=c51b, bcdDevice= 0.00 [ 649.113769][ T5802] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.154583][ T5802] usb 1-1: config 0 descriptor?? [ 649.624495][ T5802] logitech-djreceiver 0003:046D:C51B.0008: unknown main item tag 0x0 [ 649.647197][T10310] syzkaller0: entered promiscuous mode [ 649.662509][ T5802] logitech-djreceiver 0003:046D:C51B.0008: unknown main item tag 0x0 [ 649.676898][T10310] syzkaller0: entered allmulticast mode [ 649.841382][ T8] usb 1-1: USB disconnect, device number 20 [ 649.977360][T10322] loop1: detected capacity change from 0 to 256 [ 650.209980][T10326] loop1: detected capacity change from 0 to 4096 [ 650.228490][T10326] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 650.291815][ T5753] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 650.339107][T10326] ntfs3: loop1: Failed to load $Extend (-22). [ 650.356092][T10326] ntfs3: loop1: Failed to initialize $Extend. [ 650.501537][T10336] loop0: detected capacity change from 0 to 1024 [ 650.502758][ T5753] usb 4-1: Using ep0 maxpacket: 16 [ 650.546453][ T5753] usb 4-1: config 0 has an invalid interface number: 60 but max is 0 [ 650.552127][T10336] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 650.555019][ T5753] usb 4-1: config 0 has no interface number 0 [ 650.588942][ T5753] usb 4-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=fa.5a [ 650.598743][ T5753] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.607672][ T5753] usb 4-1: Product: syz [ 650.612322][ T5753] usb 4-1: Manufacturer: syz [ 650.617069][ T5753] usb 4-1: SerialNumber: syz [ 650.624190][ T5753] usb 4-1: config 0 descriptor?? [ 650.633630][T10336] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 650.633677][ T5753] gspca_main: spca500-2.14.0 probing 046d:0900 [ 650.731424][T10336] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: comm syz.0.1027: lblock 0 mapped to illegal pblock 0 (length 6) [ 650.772514][T10336] EXT4-fs (loop0): Remounting filesystem read-only [ 650.795536][T10344] loop1: detected capacity change from 0 to 128 [ 650.865416][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 651.083521][T10351] loop1: detected capacity change from 0 to 1024 [ 651.104020][ T5753] gspca_spca500: reg write: error -71 [ 651.125032][ T5753] gspca_spca500: reg write: error -71 [ 651.153407][ T5753] gspca_spca500: reg write: error -71 [ 651.160673][T10351] hfsplus: bad catalog entry type [ 651.169850][ T5753] gspca_spca500: reg write: error -71 [ 651.200889][ T5753] gspca_spca500: reg write: error -71 [ 651.208656][ T5753] gspca_spca500: reg write: error -71 [ 651.239784][ T5753] gspca_spca500: reg write: error -71 [ 651.252249][ T5753] gspca_spca500: reg write: error -71 [ 651.259918][ T6970] hfsplus: b-tree write err: -5, ino 4 [ 651.277422][ T5753] gspca_spca500: reg write: error -71 [ 651.290405][ T5753] gspca_spca500: reg write: error -71 [ 651.312081][ T5753] gspca_spca500: reg write: error -71 [ 651.329238][ T5753] gspca_spca500: reg write: error -71 [ 651.343516][ T5753] gspca_spca500: reg write: error -71 [ 651.408962][ T5753] usb 4-1: USB disconnect, device number 21 [ 651.419093][T10360] loop1: detected capacity change from 0 to 512 [ 651.494919][T10360] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.1032: iget: bad i_size value: 38620345925642 [ 651.512856][T10360] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.1032: couldn't read orphan inode 15 (err -117) [ 651.596769][T10360] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 651.661998][T10360] EXT4-fs error (device loop1): ext4_check_all_de:666: inode #12: block 7: comm syz.1.1032: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=124 fake=0 [ 651.766402][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 652.126152][T10386] loop3: detected capacity change from 0 to 1024 [ 652.225860][T10386] hfsplus: bad catalog entry type [ 652.297545][T10391] loop0: detected capacity change from 0 to 128 [ 652.314731][ T60] hfsplus: b-tree write err: -5, ino 4 [ 652.351393][ T5753] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 652.412595][T10393] loop3: detected capacity change from 0 to 128 [ 652.758854][ T5753] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 652.792378][ T5753] usb 2-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.00 [ 652.817893][ T5753] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.842182][ T5753] usb 2-1: config 0 descriptor?? [ 653.450658][T10421] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 653.463580][T10421] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1046'. [ 653.494580][ T5753] hid-rmi 0003:0461:4E72.0009: hidraw0: USB HID v10.00 Device [HID 0461:4e72] on usb-dummy_hcd.1-1/input0 [ 653.705817][ T5802] usb 2-1: USB disconnect, device number 23 [ 653.976393][ T5753] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 654.179563][ T5753] usb 4-1: Using ep0 maxpacket: 16 [ 654.203608][ T5083] Bluetooth: hci3: unknown advertising packet type: 0x6f [ 654.203728][ T5083] Bluetooth: hci3: Malformed LE Event: 0x02 [ 654.222259][ T5753] usb 4-1: unable to get BOS descriptor or descriptor too short [ 654.230401][ T5753] usb 4-1: too many configurations: 95, using maximum allowed: 8 [ 654.249373][ T5753] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 654.257836][ T5753] usb 4-1: can't read configurations, error -71 [ 654.388380][T10454] syzkaller0: entered promiscuous mode [ 654.418825][T10454] syzkaller0: entered allmulticast mode [ 654.474673][T10462] vivid-000: disconnect [ 654.631427][T10467] loop4: detected capacity change from 0 to 4096 [ 654.675718][T10470] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 654.740752][ T28] audit: type=1800 audit(1771448533.773:83): pid=10467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1052" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 655.304595][T10458] vivid-000: reconnect [ 655.397260][T10490] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 655.453597][ T28] audit: type=1800 audit(1771448534.447:84): pid=10483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1055" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 655.613391][T10483] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 655.667878][T10483] Remounting filesystem read-only [ 655.705486][T10497] syzkaller0: entered promiscuous mode [ 655.720166][T10497] syzkaller0: entered allmulticast mode [ 655.732511][ T5766] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 655.748741][ T5766] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 655.762051][ T5766] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 655.791153][ T5766] NILFS (loop3): discard dirty page: offset=0, ino=5 [ 655.804739][ T5766] NILFS (loop3): discard dirty block: blocknr=27, size=4096 [ 655.813480][ T5766] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 655.824018][ T5766] NILFS (loop3): discard dirty block: blocknr=28, size=4096 [ 655.832547][ T5766] NILFS (loop3): discard dirty page: offset=4096, ino=3 [ 655.841733][ T5766] NILFS (loop3): discard dirty block: blocknr=29, size=4096 [ 655.860697][ T5766] NILFS (loop3): discard dirty page: offset=925696, ino=3 [ 655.868218][ T5766] NILFS (loop3): discard dirty block: blocknr=36, size=4096 [ 656.904254][T10515] set_capacity_and_notify: 1 callbacks suppressed [ 656.904266][T10515] loop0: detected capacity change from 0 to 32768 [ 657.043595][T10515] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 657.052949][T10515] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 657.088005][T10515] XFS (loop0): Ending clean mount [ 657.124069][T10515] XFS (loop0): Quotacheck needed: Please wait. [ 657.188956][ T11] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 [ 657.232285][ T11] XFS (loop0): Unmount and run xfs_repair [ 657.269980][ T11] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 657.278192][T10551] syzkaller0: entered promiscuous mode [ 657.299635][ T11] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 657.306035][T10551] syzkaller0: entered allmulticast mode [ 657.322029][ T11] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 657.343794][ T11] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 657.363534][ T11] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02 .... ......N.... [ 657.396075][ T11] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 657.427822][ T11] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 ................ [ 657.455287][ T11] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 657.479823][ T11] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 657.503253][ T11] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74 [ 657.557757][T10515] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 657.602714][T10557] loop4: detected capacity change from 0 to 4096 [ 657.678981][ T8910] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 657.728897][T10515] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 [ 657.814566][T10515] XFS (loop0): Unmount and run xfs_repair [ 657.831158][T10515] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 657.850200][T10515] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 657.860848][T10515] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 657.879281][T10515] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 657.892521][T10515] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02 .... ......N.... [ 657.907108][T10515] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 657.919452][T10515] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 ................ [ 657.951572][T10515] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 657.963176][T10515] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 657.978783][T10515] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74 [ 658.000014][T10515] XFS (loop0): page discard on page ffffea0001494ac0, inode 0x1147, pos 20480. [ 658.011563][ T5871] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 [ 658.038026][ T5871] XFS (loop0): Unmount and run xfs_repair [ 658.044735][ T5871] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 658.054390][ T5871] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 658.065148][ T5871] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 658.076351][ T5871] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 658.089812][ T5871] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02 .... ......N.... [ 658.101554][ T5871] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 658.116376][ T5871] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 ................ [ 658.128067][ T5871] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 658.138759][ T5871] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 658.156217][T10515] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74 [ 658.177846][T10515] XFS (loop0): page discard on page ffffea00016b1c80, inode 0x1147, pos 24576. [ 658.201706][ T788] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 [ 658.220351][ T788] XFS (loop0): Unmount and run xfs_repair [ 658.231110][ T788] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 658.250826][ T788] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 658.269182][ T788] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 658.292597][ T788] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 658.320255][ T788] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02 .... ......N.... [ 658.330183][ T788] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 658.339807][ T788] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 ................ [ 658.349225][ T788] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 658.358107][ T788] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 658.383385][ T141] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74 [ 658.398575][ T141] XFS (loop0): page discard on page ffffea0001affc00, inode 0x1147, pos 32768. [ 658.428471][ T788] loop0: writeback error on inode 4423, offset 8192, sector 8800 [ 658.428595][ T788] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 [ 658.428670][ T788] XFS (loop0): Unmount and run xfs_repair [ 658.428682][ T788] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 658.428697][ T788] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 658.428709][ T788] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 658.428722][ T788] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 658.428734][ T788] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02 .... ......N.... [ 658.428746][ T788] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 658.428758][ T788] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 ................ [ 658.428770][ T788] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 658.428781][ T788] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 658.435161][T10515] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74 [ 658.437588][T10515] XFS (loop0): page discard on page ffffea00012e3440, inode 0x1147, pos 65536. [ 658.542617][ T5765] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 659.348467][T10584] syzkaller0: entered promiscuous mode [ 659.354380][T10584] syzkaller0: entered allmulticast mode [ 659.561906][T10591] tun0: tun_chr_ioctl cmd 1074025676 [ 659.567506][T10591] tun0: owner set to 60929 [ 659.792263][ T5871] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 659.987241][ T5871] usb 1-1: Using ep0 maxpacket: 32 [ 660.007050][ T5871] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 660.015386][ T5871] usb 1-1: config 0 has no interface number 0 [ 660.024479][ T5871] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.036073][ T5871] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.052822][ T5871] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 660.073566][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.101457][ T5871] usb 1-1: config 0 descriptor?? [ 660.180288][T10607] syzkaller0: entered promiscuous mode [ 660.186680][T10607] syzkaller0: entered allmulticast mode [ 660.400298][T10609] syzkaller0: entered promiscuous mode [ 660.406804][T10609] syzkaller0: entered allmulticast mode [ 660.436263][T10602] loop3: detected capacity change from 0 to 40427 [ 660.461795][T10602] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 660.469780][T10602] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 660.484525][T10602] F2FS-fs (loop3): invalid crc value [ 660.508333][T10602] F2FS-fs (loop3): Found nat_bits in checkpoint [ 660.591337][T10614] loop1: detected capacity change from 0 to 128 [ 660.641591][T10602] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 660.661156][T10602] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 660.778581][ T5871] uclogic 0003:28BD:0094.000A: pen parameters not found [ 660.785772][ T5871] uclogic 0003:28BD:0094.000A: interface is invalid, ignoring [ 660.855513][ T5766] syz-executor: attempt to access beyond end of device [ 660.855513][ T5766] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 660.912618][ T5766] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 661.007079][ T5871] usb 1-1: USB disconnect, device number 21 [ 661.276645][T10624] loop3: detected capacity change from 0 to 128 [ 661.449350][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 661.456302][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 662.399351][T10628] loop0: detected capacity change from 0 to 32768 [ 662.416916][T10628] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1099 (10628) [ 662.439819][T10628] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 662.451044][T10628] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 662.460434][T10628] BTRFS info (device loop0): using free space tree [ 662.530004][T10628] BTRFS info (device loop0): enabling ssd optimizations [ 662.537352][T10628] BTRFS info (device loop0): auto enabling async discard [ 662.765051][ T5765] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 662.924128][T10654] syzkaller0: entered promiscuous mode [ 662.932450][T10654] syzkaller0: entered allmulticast mode [ 663.092149][T10657] loop1: detected capacity change from 0 to 4096 [ 663.159257][T10659] syzkaller0: entered promiscuous mode [ 663.170861][ T8689] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop0 scanned by udevd (8689) [ 663.175026][T10659] syzkaller0: entered allmulticast mode [ 663.233342][T10660] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 663.275298][T10663] loop4: detected capacity change from 0 to 128 [ 663.340574][ T28] audit: type=1800 audit(1771448541.818:85): pid=10657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1104" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 663.872229][T10672] loop3: detected capacity change from 0 to 512 [ 664.038008][T10672] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 664.146830][T10676] syzkaller0: entered promiscuous mode [ 664.152463][T10676] syzkaller0: entered allmulticast mode [ 664.159950][T10672] ext4 filesystem being mounted at /284/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 664.267986][T10672] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.1107: bg 0: block 217: padding at end of block bitmap is not set [ 664.300224][T10672] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 664.359922][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 664.461100][T10682] loop1: detected capacity change from 0 to 512 [ 664.544012][T10684] loop3: detected capacity change from 0 to 128 [ 665.596412][T10699] loop4: detected capacity change from 0 to 1024 [ 665.771673][T10699] hfsplus: bad catalog entry type [ 665.892841][ T11] hfsplus: b-tree write err: -5, ino 4 [ 665.997105][T10687] loop1: detected capacity change from 0 to 40427 [ 666.034735][T10687] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x35f7 [ 666.054084][T10687] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 666.063606][T10709] syzkaller0: entered promiscuous mode [ 666.083200][T10709] syzkaller0: entered allmulticast mode [ 666.106948][T10687] F2FS-fs (loop1): Image doesn't support compression [ 666.130923][T10687] F2FS-fs (loop1): invalid crc value [ 666.158906][T10687] F2FS-fs (loop1): Found nat_bits in checkpoint [ 666.225638][T10714] loop0: detected capacity change from 0 to 256 [ 666.296178][T10687] F2FS-fs (loop1): Start checkpoint disabled! [ 666.351423][T10687] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 666.451033][T10687] syz.1.1112: attempt to access beyond end of device [ 666.451033][T10687] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 666.511799][T10687] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 666.539099][T10718] tun0: tun_chr_ioctl cmd 1074025680 [ 666.613233][T10720] loop3: detected capacity change from 0 to 512 [ 666.673132][T10720] EXT4-fs (loop3): 1 truncate cleaned up [ 666.705898][T10720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 666.942341][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 666.954706][ T5846] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 667.170268][ T5846] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 667.175179][T10729] syzkaller0: entered promiscuous mode [ 667.200617][ T5846] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 667.208943][T10729] syzkaller0: entered allmulticast mode [ 667.243287][ T5846] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 667.253335][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.286476][ T5846] usb 1-1: config 0 descriptor?? [ 667.304672][ T5846] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 667.553889][ T5846] usb 1-1: USB disconnect, device number 22 [ 667.618357][T10735] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 667.650966][T10735] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 667.657563][T10735] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 667.669011][T10725] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 667.675353][T10735] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 667.693950][T10735] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 667.701122][T10735] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 667.719707][T10735] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 667.748216][T10735] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 667.755326][T10735] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 667.768833][T10743] syzkaller0: entered promiscuous mode [ 667.774346][T10743] syzkaller0: entered allmulticast mode [ 667.804833][T10735] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 667.867714][T10735] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 667.880892][T10725] XFS (loop4): Ending clean mount [ 667.885158][T10735] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 667.893654][T10735] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 667.910038][T10735] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 667.962356][ T9797] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 668.054812][T10748] set_capacity_and_notify: 1 callbacks suppressed [ 668.054827][T10748] loop3: detected capacity change from 0 to 8 [ 668.089197][T10748] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 668.137601][ T8706] udevd[8706]: incorrect cramfs checksum on /dev/loop3 [ 668.159660][T10752] loop4: detected capacity change from 0 to 128 [ 668.207181][ T8910] udevd[8910]: incorrect cramfs checksum on /dev/loop3 [ 668.506036][T10755] loop3: detected capacity change from 0 to 256 [ 668.586500][T10755] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xd509bb81, utbl_chksum : 0xe619d30d) [ 668.882669][T10765] syzkaller0: entered promiscuous mode [ 668.900008][T10765] syzkaller0: entered allmulticast mode [ 669.256911][T10775] syzkaller0: entered promiscuous mode [ 669.285235][T10775] syzkaller0: entered allmulticast mode [ 669.549537][T10781] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 669.566387][T10781] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1137'. [ 669.895382][ T5802] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 669.957825][T10789] program syz.4.1145 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 670.114741][ T5802] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 670.147249][ T5802] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 670.177880][ T5802] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 670.188037][ T5802] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.206647][ T5802] usb 2-1: config 0 descriptor?? [ 670.216983][ T5802] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 670.226602][T10793] syzkaller0: entered promiscuous mode [ 670.241818][T10793] syzkaller0: entered allmulticast mode [ 670.410158][T10802] syzkaller0: entered promiscuous mode [ 670.415879][T10802] syzkaller0: entered allmulticast mode [ 670.454619][ T5753] usb 2-1: USB disconnect, device number 24 [ 670.561226][T10806] syzkaller0: entered promiscuous mode [ 670.566943][T10806] syzkaller0: entered allmulticast mode [ 670.984990][ T5753] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 671.182156][ T5753] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 671.196292][ T5753] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 671.205988][ T5753] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.220150][ T5753] usb 1-1: Product: syz [ 671.224457][ T5753] usb 1-1: Manufacturer: syz [ 671.229242][ T5753] usb 1-1: SerialNumber: syz [ 671.260392][ T5753] usb 1-1: config 0 descriptor?? [ 671.288566][ T5753] dm9601: probe of 1-1:0.0 failed with error -22 [ 671.356178][T10815] loop1: detected capacity change from 0 to 128 [ 671.386739][T10817] loop4: detected capacity change from 0 to 16 [ 671.550118][T10817] erofs: (device loop4): mounted with root inode @ nid 36. [ 671.957163][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 671.965637][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 671.973850][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 671.982094][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 671.990366][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 671.999159][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 672.027585][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 672.035726][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 672.045100][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 672.053004][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 672.061666][ T5753] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 672.127694][ T5753] hid-generic 0103:0004:0000.000B: hidraw0: HID v0.02 Device [syz0] on syz1 [ 672.200160][T10831] fido_id[10831]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 672.215882][T10830] syzkaller0: entered promiscuous mode [ 672.221668][T10830] syzkaller0: entered allmulticast mode [ 673.240968][ T5846] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 673.406974][T10852] loop4: detected capacity change from 0 to 128 [ 673.435460][ T5846] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 673.448819][ T5846] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 673.463295][ T5846] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 673.472965][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.488364][ T5846] usb 4-1: config 0 descriptor?? [ 673.499512][ T5846] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 673.722355][ T5753] usb 4-1: USB disconnect, device number 24 [ 673.842474][T10859] syzkaller0: entered promiscuous mode [ 673.848338][T10859] syzkaller0: entered allmulticast mode [ 673.920660][ T5802] usb 1-1: USB disconnect, device number 23 [ 674.019054][T10861] loop0: detected capacity change from 0 to 128 [ 674.427680][ T2123] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 674.812488][ T2123] usb 2-1: Using ep0 maxpacket: 32 [ 674.947761][ T2123] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 674.981137][ T2123] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.995359][ T2123] usb 2-1: Product: syz [ 675.048950][ T2123] usb 2-1: Manufacturer: syz [ 675.054354][ T2123] usb 2-1: SerialNumber: syz [ 675.073753][ T2123] usb 2-1: config 0 descriptor?? [ 675.097036][ T2123] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 675.338631][T10878] loop4: detected capacity change from 0 to 4096 [ 675.445275][ T8] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 675.667636][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 675.676181][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 675.687973][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 675.698290][ T8] usb 1-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00 [ 675.709097][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.721646][ T8] usb 1-1: config 0 descriptor?? [ 675.979676][ T2123] gspca_ov534_9: reg_w failed -71 [ 676.163293][ T8] glorious 0003:258A:0033.000C: item fetching failed at offset 2/3 [ 676.172042][ T8] glorious: probe of 0003:258A:0033.000C failed with error -22 [ 676.258976][T10886] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 676.296850][T10886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1176'. [ 676.448108][ T2123] gspca_ov534_9: Unknown sensor 0000 [ 676.448557][ T2123] ov534_9: probe of 2-1:0.0 failed with error -22 [ 676.581261][ T5871] usb 1-1: USB disconnect, device number 24 [ 676.620960][ T2123] usb 2-1: USB disconnect, device number 25 [ 677.085411][T10890] syzkaller0: entered promiscuous mode [ 677.097914][T10890] syzkaller0: entered allmulticast mode [ 677.164941][T10892] program syz.3.1179 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 677.273355][T10894] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 677.853097][T10894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1177'. [ 677.876638][T10900] loop3: detected capacity change from 0 to 128 [ 678.089348][T10905] loop0: detected capacity change from 0 to 256 [ 678.174647][T10905] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x8d1bf2bd, utbl_chksum : 0xe619d30d) [ 679.484233][ T2123] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 679.689071][ T2123] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 679.702836][ T2123] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 679.712377][ T2123] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.722672][ T2123] usb 2-1: config 0 descriptor?? [ 679.732605][ T2123] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 679.948627][ T5846] usb 2-1: USB disconnect, device number 26 [ 680.161545][T10928] syzkaller0: entered promiscuous mode [ 680.167971][T10928] syzkaller0: entered allmulticast mode [ 680.430147][T10934] loop0: detected capacity change from 0 to 512 [ 680.576413][T10936] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 680.611334][T10936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1192'. [ 681.252312][T10940] loop1: detected capacity change from 0 to 128 [ 681.716505][T10942] loop3: detected capacity change from 0 to 8192 [ 682.015834][T10942] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 682.030364][T10942] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 682.056847][T10942] REISERFS (device loop3): using ordered data mode [ 682.278208][T10948] loop4: detected capacity change from 0 to 16 [ 682.314499][T10942] reiserfs: using flush barriers [ 682.349259][T10942] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 682.391247][T10942] REISERFS (device loop3): checking transaction log (loop3) [ 682.465618][T10942] REISERFS (device loop3): Using r5 hash to sort names [ 682.508352][T10942] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 682.681564][T10938] loop0: detected capacity change from 0 to 32768 [ 682.724963][T10942] REISERFS warning (device loop3): super-6502 reiserfs_getopt: unknown mount option "ÿÿ18446744073709551615ÿÿÿÿ0177777777777777777777701777777777777777777777ÿÿ18446744073709551615ÿÿ" [ 682.811443][T10954] loop1: detected capacity change from 0 to 64 [ 682.844808][T10938] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 683.242997][T10938] XFS (loop0): Ending clean mount [ 683.270694][T10938] XFS (loop0): Quotacheck needed: Please wait. [ 683.352813][T10938] XFS (loop0): Quotacheck: Done. [ 683.486938][ T5765] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 683.878112][ T8431] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 684.003862][T10978] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 684.041961][T10978] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1205'. [ 684.557784][T10980] loop3: detected capacity change from 0 to 128 [ 684.597603][T10980] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 684.648077][T10980] ext4 filesystem being mounted at /306/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 684.702441][ T8431] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 684.715923][ T8431] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 684.725115][ T8431] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.745463][ T8431] usb 2-1: config 0 descriptor?? [ 684.753949][ T8431] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 684.762850][ T28] audit: type=1800 audit(1771448561.863:86): pid=10980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1206" name="file1" dev="loop3" ino=12 res=0 errno=0 [ 684.863336][ T5766] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 684.925000][T10977] loop0: detected capacity change from 0 to 32768 [ 684.980842][ T5846] usb 2-1: USB disconnect, device number 27 [ 685.119878][T10989] syzkaller0: entered promiscuous mode [ 685.128287][T10989] syzkaller0: entered allmulticast mode [ 685.473514][T10997] loop0: detected capacity change from 0 to 16 [ 685.484881][T10997] erofs: Unknown parameter '' [ 686.515065][T11004] tap0: tun_chr_ioctl cmd 1074025677 [ 686.529392][T11008] loop0: detected capacity change from 0 to 512 [ 686.536411][T11004] tap0: linktype set to 776 [ 686.591829][T11008] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 686.605264][T11008] ext4 filesystem being mounted at /292/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 686.655079][T11012] syz.4.1217 (11012): attempted to duplicate a private mapping with mremap. This is not supported. [ 686.669152][ T28] audit: type=1800 audit(1771448563.650:87): pid=11008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1216" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 686.722015][ T28] audit: type=1800 audit(1771448563.669:88): pid=11008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1216" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 686.762544][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 686.849966][T11012] loop4: detected capacity change from 0 to 2368 [ 686.922564][T11018] syzkaller0: entered promiscuous mode [ 686.931062][T11018] syzkaller0: entered allmulticast mode [ 686.938924][ T8910] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 686.962624][T11016] loop0: detected capacity change from 0 to 2048 [ 687.034126][T11016] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 687.384691][T11024] loop0: detected capacity change from 0 to 128 [ 687.422914][T11024] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 687.425903][T11022] program syz.1.1223 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 687.454403][T11020] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 687.467193][T11020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1221'. [ 687.478047][T11024] ext4 filesystem being mounted at /294/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 687.557508][T11024] fscrypt (loop0, inode 12): Mutually exclusive encryption flags (0x1b) [ 687.620672][ T5765] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 687.883142][T11038] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1228'. [ 688.012881][T11040] loop3: detected capacity change from 0 to 8 [ 688.044295][T11034] loop0: detected capacity change from 0 to 32768 [ 688.089223][T11040] SQUASHFS error: zlib decompression failed, data probably corrupt [ 688.098912][T11040] SQUASHFS error: Failed to read block 0x9b: -5 [ 688.110698][T11040] SQUASHFS error: Unable to read metadata cache entry [99] [ 688.120916][T11040] SQUASHFS error: Unable to read inode 0x127 [ 688.135213][T11034] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 688.238221][T11034] XFS (loop0): Ending clean mount [ 688.317996][ T5765] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 688.858364][T11060] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 688.897613][T11060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1230'. [ 689.602780][T11064] loop1: detected capacity change from 0 to 1024 [ 689.610452][T11064] EXT4-fs: Ignoring removed nobh option [ 689.623009][T11064] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 689.655171][T11064] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 689.797403][T11064] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4047: comm syz.1.1234: Allocating blocks 497-513 which overlap fs metadata [ 689.874700][T11063] EXT4-fs (loop1): pa ffff888078cb4cb0: logic 32768, phys. 145, len 23 [ 689.884539][T11063] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5388: group 0, free 0, pa_free 1 [ 689.905154][T11068] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 689.919385][T11068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1235'. [ 689.985070][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 690.075230][T11062] loop3: detected capacity change from 0 to 32768 [ 690.141484][T11062] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 691.055113][T11086] loop0: detected capacity change from 0 to 128 [ 691.067386][T11086] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 691.074107][T11062] XFS (loop3): Ending clean mount [ 691.081416][T11086] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 691.095587][T11062] XFS (loop3): Quotacheck needed: Please wait. [ 691.224002][T11062] XFS (loop3): Quotacheck: Done. [ 691.336064][ T141] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 691.348229][ T5766] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 692.459928][T11099] loop4: detected capacity change from 0 to 32768 [ 692.468644][T11103] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 692.488840][T11103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1246'. [ 693.105276][T11117] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 693.121834][T11117] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1248'. [ 694.284044][T11134] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1255'. [ 695.354493][T11147] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 695.377608][T11147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1258'. [ 696.019434][T11164] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 696.039196][T11164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1262'. [ 697.638083][T11170] loop1: detected capacity change from 0 to 32768 [ 697.667811][T11170] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1266 (11170) [ 697.756012][T11170] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 697.800761][T11170] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 697.850844][T11170] BTRFS info (device loop1): using free space tree [ 698.054456][T11170] BTRFS info (device loop1): enabling ssd optimizations [ 698.064622][T11170] BTRFS info (device loop1): auto enabling async discard [ 698.117095][T11196] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 698.130115][T11196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1270'. [ 698.315175][T11204] loop4: detected capacity change from 0 to 128 [ 698.474597][ T5763] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 700.355611][T11230] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 700.441582][T11230] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1276'. [ 700.787897][T11235] loop4: detected capacity change from 0 to 736 [ 701.024036][T11227] loop0: detected capacity change from 0 to 32768 [ 701.117078][ T28] audit: type=1800 audit(1771448577.157:89): pid=11227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1279" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 701.119862][T11239] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 701.138059][ C1] vkms_vblank_simulate: vblank timer overrun [ 701.184325][T11227] syz.0.1279: attempt to access beyond end of device [ 701.184325][T11227] loop0: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 701.257357][T11227] metapage_write_end_io: I/O error [ 701.285611][T11227] ERROR: (device loop0): diWrite: ixpxd invalid [ 701.285611][T11227] [ 701.307439][T11239] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1281'. [ 701.355829][T11227] ERROR: (device loop0): remounting filesystem as read-only [ 701.379962][T11227] ERROR: (device loop0): txCommit: [ 701.379962][T11227] [ 701.429401][T11227] blkno = 8ed2c, nblocks = 1 [ 701.443130][T11227] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 701.443130][T11227] [ 701.532141][T11227] ERROR: (device loop0): dbAllocBits: leaf page corrupt [ 701.532141][T11227] [ 701.564821][T11227] syz.0.1279: attempt to access beyond end of device [ 701.564821][T11227] loop0: rw=34817, sector=4683776, nr_sectors = 4 limit=32768 [ 701.598107][T11227] syz.0.1279: attempt to access beyond end of device [ 701.598107][T11227] loop0: rw=34817, sector=4683780, nr_sectors = 2048 limit=32768 [ 701.639382][T11227] syz.0.1279: attempt to access beyond end of device [ 701.639382][T11227] loop0: rw=34817, sector=4685828, nr_sectors = 516 limit=32768 [ 701.693456][ T113] blkno = 8ed2c, nblocks = 4 [ 701.698286][ T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 701.698286][ T113] [ 701.711173][ T113] blkno = 8ef00, nblocks = 141 [ 701.722877][ T113] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 701.722877][ T113] [ 701.950122][T11249] batadv0: entered promiscuous mode [ 701.971568][T11249] macsec1: entered allmulticast mode [ 701.979970][T11249] batadv0: entered allmulticast mode [ 701.989042][T11249] batadv0: left allmulticast mode [ 701.994195][T11249] batadv0: left promiscuous mode [ 702.348437][T11255] loop1: detected capacity change from 0 to 1024 [ 702.511617][T11259] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 702.527028][ T49] hfsplus: b-tree write err: -5, ino 4 [ 702.530294][T11259] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1288'. [ 702.822186][T11263] loop1: detected capacity change from 0 to 8192 [ 702.843550][T11263] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 702.880354][T11263] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 702.890839][T11263] REISERFS (device loop1): using ordered data mode [ 702.897832][T11263] reiserfs: using flush barriers [ 702.932091][T11263] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 702.954559][T11263] REISERFS (device loop1): checking transaction log (loop1) [ 703.152539][T11263] REISERFS (device loop1): Using tea hash to sort names [ 703.162218][T11266] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 703.164144][T11263] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 703.196021][T11266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1293'. [ 703.231300][T11263] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 703.836111][T11272] loop1: detected capacity change from 0 to 128 [ 705.670653][T11295] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 705.773207][T11295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1298'. [ 706.365793][T11305] input: syz0 as /devices/virtual/input/input10 [ 706.515246][ T60] kworker/u4:4: attempt to access beyond end of device [ 706.515246][ T60] loop0: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 706.574676][ T60] metapage_write_end_io: I/O error [ 706.580639][ T60] JFS: metapage_get_blocks failed [ 706.628032][ T60] JFS: metapage_get_blocks failed [ 706.649424][T11310] program syz.1.1305 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 706.969593][ T5802] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 707.176878][ T5802] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 707.212884][ T5802] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 707.258892][ T5802] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.371653][T11320] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 707.376874][ T5802] usb 1-1: config 0 descriptor?? [ 707.390102][T11320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1309'. [ 707.435282][ T5802] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 707.614484][T11323] loop1: detected capacity change from 0 to 4096 [ 707.661746][T11328] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 707.681677][ T5802] usb 1-1: USB disconnect, device number 25 [ 708.152983][ T5753] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 708.351786][ T5753] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 708.369201][ T5753] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 708.387352][ T5753] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.416849][ T5753] usb 2-1: config 0 descriptor?? [ 708.454856][ T5753] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 708.660472][ T5802] usb 2-1: USB disconnect, device number 28 [ 708.957113][T11347] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 708.969844][T11347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 709.066240][T11345] loop4: detected capacity change from 0 to 32768 [ 709.121095][T11345] (syz.4.1318,11345,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 709.149316][T11345] (syz.4.1318,11345,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 709.219042][T11345] JBD2: Ignoring recovery information on journal [ 709.304575][T11345] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 709.742472][ T9797] ocfs2: Unmounting device (7,4) on (node local) [ 709.909708][ T8] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 709.946611][T11366] vivid-000: disconnect [ 709.951732][T11364] vivid-000: reconnect [ 710.115613][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 710.142122][ T8] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 710.154218][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.164421][ T8] usb 2-1: Product: syz [ 710.169682][ T8] usb 2-1: Manufacturer: syz [ 710.174781][ T8] usb 2-1: SerialNumber: syz [ 710.226444][ T8] usb 2-1: config 0 descriptor?? [ 710.510313][ T8] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 710.666326][ T8431] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 710.898803][T11381] loop4: detected capacity change from 0 to 4096 [ 710.914522][ T8431] usb 4-1: Using ep0 maxpacket: 32 [ 710.926714][ T8431] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.01 [ 710.936685][ T8431] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.944911][ T8431] usb 4-1: Product: syz [ 710.951258][ T8431] usb 4-1: Manufacturer: syz [ 710.956054][ T8431] usb 4-1: SerialNumber: syz [ 710.959582][T11381] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 710.978957][ T8431] usb 4-1: config 0 descriptor?? [ 711.077769][T11381] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 711.087518][T11381] EXT4-fs (loop4): changing journal_checksum during remount not supported; ignoring [ 711.102429][T11381] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 711.143943][ T9797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 711.181245][ T8] gspca_sunplus: reg_w_riv err -71 [ 711.205096][ T8] sunplus: probe of 2-1:0.0 failed with error -71 [ 711.245197][ T8] usb 2-1: USB disconnect, device number 29 [ 711.272132][ T788] usb 4-1: USB disconnect, device number 25 [ 711.380166][T11387] loop4: detected capacity change from 0 to 512 [ 711.408821][T11387] FAT-fs (loop4): bogus number of FAT sectors [ 711.415042][T11387] FAT-fs (loop4): Can't find a valid FAT filesystem [ 711.902614][T11393] loop1: detected capacity change from 0 to 4096 [ 711.925188][T11393] EXT4-fs: Ignoring removed mblk_io_submit option [ 711.951722][T11393] EXT4-fs: Ignoring removed orlov option [ 711.985723][ T6970] JFS: metapage_get_blocks failed [ 711.988250][T11393] EXT4-fs (loop1): Test dummy encryption mode enabled [ 712.031364][T11393] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 712.211359][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 712.512789][T11404] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 712.525196][T11404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1340'. [ 712.658204][T11410] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 712.695000][T11410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1339'. [ 713.315789][T11411] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 713.447130][T11411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1335'. [ 713.464096][T11416] program syz.1.1342 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 714.079558][T11426] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 714.095993][T11426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1344'. [ 714.859935][T11436] loop1: detected capacity change from 0 to 4096 [ 714.871029][T11436] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 714.920527][T11436] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 715.217099][ T5083] Bluetooth: hci3: unexpected event for opcode 0x204e [ 715.373985][T11441] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 715.387254][T11441] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1349'. [ 715.685695][T11448] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 715.728933][T11448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1351'. [ 717.072193][ T5753] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 717.288584][ T5753] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 717.307375][ T5753] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 717.324468][T11464] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 717.328798][ T5753] usb 2-1: config 220 has an invalid descriptor of length 36, skipping remainder of the config [ 717.371723][ T5753] usb 2-1: config 220 has no interface number 2 [ 717.378083][ T5753] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 717.389388][ T49] JFS: metapage_get_blocks failed [ 717.393449][ T5753] usb 2-1: config 220 interface 0 has no altsetting 0 [ 717.410535][ T5753] usb 2-1: config 220 interface 76 has no altsetting 0 [ 717.412281][T11464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1354'. [ 717.417722][ T5753] usb 2-1: config 220 interface 1 has no altsetting 0 [ 717.420400][ T5753] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 717.443479][ T5753] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.452139][ T5753] usb 2-1: Product: syz [ 717.456642][ T5753] usb 2-1: Manufacturer: syz [ 717.461465][ T5753] usb 2-1: SerialNumber: syz [ 717.523724][T11467] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 717.554326][T11467] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1356'. [ 717.774097][ T5753] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 717.783728][T11462] loop3: detected capacity change from 0 to 32768 [ 717.803215][ T5753] usb 2-1: No valid video chain found. [ 717.819161][ T5753] usb 2-1: selecting invalid altsetting 0 [ 717.871784][ T5753] usb 2-1: selecting invalid altsetting 0 [ 717.886206][ T5753] usbtest: probe of 2-1:220.1 failed with error -22 [ 717.926065][ T5753] usb 2-1: USB disconnect, device number 30 [ 718.496385][T11471] syzkaller0: entered promiscuous mode [ 718.515515][T11471] syzkaller0: entered allmulticast mode [ 718.825609][ T8] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 719.028670][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 719.038005][ T8] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 719.039258][ T5753] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 719.058770][ T8] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 719.082703][ T8] usb 2-1: Product: syz [ 719.087030][ T8] usb 2-1: Manufacturer: syz [ 719.103744][ T8] usb 2-1: SerialNumber: syz [ 719.126556][ T8] usb 2-1: config 0 descriptor?? [ 719.148761][ T8] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 719.254141][ T5753] usb 4-1: Using ep0 maxpacket: 16 [ 719.271718][ T5753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 719.289615][ T5753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 719.321957][ T5753] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 719.357442][ T5753] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 719.380983][ T5753] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 719.403386][ T5753] usb 4-1: config 0 descriptor?? [ 719.785375][ T8] input: gspca_zc3xx as /devices/platform/dummy_hcd.1/usb2/2-1/input/input11 [ 719.901656][ T5753] microsoft 0003:045E:07DA.000D: ignoring exceeding usage max [ 719.931624][ T5753] microsoft 0003:045E:07DA.000D: unsupported Resolution Multiplier 0 [ 719.969963][ T5753] microsoft 0003:045E:07DA.000D: implement() called with n (152) > 32! (kworker/1:3) [ 720.027039][ T8] usb 2-1: USB disconnect, device number 31 [ 720.082112][ T5753] microsoft 0003:045E:07DA.000D: No inputs registered, leaving [ 720.145019][ T5753] microsoft 0003:045E:07DA.000D: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 720.183196][ T5753] microsoft 0003:045E:07DA.000D: no inputs found [ 720.204689][ T5753] microsoft 0003:045E:07DA.000D: could not initialize ff, continuing anyway [ 720.235625][ T5753] usb 4-1: USB disconnect, device number 26 [ 720.973372][T11488] fido_id[11488]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 721.434244][ T5802] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 721.624646][T11502] loop4: detected capacity change from 0 to 512 [ 721.626505][ T5802] usb 2-1: Using ep0 maxpacket: 32 [ 721.651395][ T5802] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 721.669961][ T5802] usb 2-1: config 0 has no interface number 0 [ 721.681044][T11502] EXT4-fs error (device loop4): ext4_iget_extra_inode:4732: inode #15: comm syz.4.1369: corrupted in-inode xattr: e_value out of bounds [ 721.703526][T11504] syzkaller0: entered promiscuous mode [ 721.709067][T11504] syzkaller0: entered allmulticast mode [ 721.715177][ T5802] usb 2-1: config 0 interface 12 has no altsetting 0 [ 721.737884][ T5802] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 721.746191][T11502] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.1369: couldn't read orphan inode 15 (err -117) [ 721.750190][ T5802] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 721.767440][T11502] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 721.772558][ T5802] usb 2-1: Product: syz [ 721.807087][ T5802] usb 2-1: Manufacturer: syz [ 721.823576][ T5802] usb 2-1: SerialNumber: syz [ 721.829544][ T8] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 721.842579][ T5802] usb 2-1: config 0 descriptor?? [ 721.916786][ T9797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 722.034115][ T8] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 722.060942][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.087938][ T8] usb 1-1: config 0 descriptor?? [ 722.342040][T11518] loop3: detected capacity change from 0 to 2048 [ 722.362721][T11518] EXT4-fs: Ignoring removed mblk_io_submit option [ 722.398378][T11518] EXT4-fs: Ignoring removed mblk_io_submit option [ 722.446675][T11518] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 722.522124][T11518] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.1374: bg 0: block 234: padding at end of block bitmap is not set [ 722.551922][T11518] EXT4-fs (loop3): Remounting filesystem read-only [ 722.620950][ T8] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [ 722.628940][ T8] [drm] Initialized udl on minor 2 [ 722.652527][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 722.742149][ T5802] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 722.781498][ T5802] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 722.788539][ T8] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed [ 722.811791][ T5802] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 722.832392][ T8] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 722.839651][ T5802] f81534: probe of 2-1:0.12 failed with error -71 [ 722.890546][ T5802] usb 2-1: USB disconnect, device number 32 [ 723.095643][ T5846] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 723.095906][ T5871] usb 1-1: USB disconnect, device number 26 [ 723.127684][ T5846] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 723.472181][T11529] loop4: detected capacity change from 0 to 256 [ 723.537123][T11529] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d) [ 723.749306][T11533] loop3: detected capacity change from 0 to 512 [ 723.787241][T11533] EXT4-fs: Ignoring removed i_version option [ 723.818776][T11533] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 723.883775][T11535] loop4: detected capacity change from 0 to 4096 [ 723.887802][T11533] EXT4-fs (loop3): 1 truncate cleaned up [ 723.937798][T11533] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 724.142083][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 724.176466][T11527] loop1: detected capacity change from 0 to 32768 [ 724.237279][ T5802] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 724.248571][T11527] (syz.1.1377,11527,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 724.298312][ T28] audit: type=1800 audit(1771448598.840:90): pid=11535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1380" name="file1" dev="loop4" ino=33 res=0 errno=0 [ 724.336781][T11527] (syz.1.1377,11527,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 724.360297][T11540] loop3: detected capacity change from 0 to 764 [ 724.408019][T11527] JBD2: Ignoring recovery information on journal [ 724.481982][ T5802] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 724.507431][ T5802] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 724.511231][T11527] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 724.549782][ T5802] usb 1-1: config 220 has no interface number 2 [ 724.585141][ T5802] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 724.630535][ T5802] usb 1-1: config 220 interface 0 has no altsetting 0 [ 724.645770][ T5802] usb 1-1: config 220 interface 76 has no altsetting 0 [ 724.662512][ T5802] usb 1-1: config 220 interface 1 has no altsetting 0 [ 724.683289][ T5802] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 724.693091][ T5802] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 724.712645][ T5802] usb 1-1: Product: syz [ 724.723572][ T5802] usb 1-1: Manufacturer: syz [ 724.734626][ T5802] usb 1-1: SerialNumber: syz [ 724.788604][T11545] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 724.806247][T11545] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1383'. [ 725.009394][ T5802] usb 1-1: selecting invalid altsetting 0 [ 725.030821][ T5802] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 725.046545][ T5802] usb 1-1: No valid video chain found. [ 725.069890][ T5802] usb 1-1: selecting invalid altsetting 0 [ 725.076221][ T5802] usbtest: probe of 1-1:220.1 failed with error -22 [ 725.093262][ T5802] usb 1-1: USB disconnect, device number 27 [ 725.241663][ T5763] ocfs2: Unmounting device (7,1) on (node local) [ 725.576719][T11560] loop1: detected capacity change from 0 to 4096 [ 725.646149][T11564] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 726.159652][ T5802] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 726.402203][T11563] loop4: detected capacity change from 0 to 40427 [ 726.417697][ T5802] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 726.426131][ T5802] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 726.457190][ T5802] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 726.480033][T11563] F2FS-fs (loop4): Invalid segment count (1) [ 726.486258][T11563] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 726.495736][ T5802] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 726.512428][T11563] F2FS-fs (loop4): heap/no_heap options were deprecated [ 726.520780][ T5802] usb 1-1: Manufacturer: syz [ 726.533024][T11568] loop1: detected capacity change from 0 to 32768 [ 726.542317][ T5802] usb 1-1: config 0 descriptor?? [ 726.548669][T11563] F2FS-fs (loop4): invalid crc value [ 726.579840][T11563] F2FS-fs (loop4): Found nat_bits in checkpoint [ 726.622575][T11568] [ 726.622575][T11568] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 726.622575][T11568] [ 726.706123][T11568] ERROR: (device loop1): diWrite: ixpxd invalid [ 726.706123][T11568] [ 726.728961][T11563] F2FS-fs (loop4): Try to recover 1th superblock, ret: -30 [ 726.751896][T11568] ERROR: (device loop1): txCommit: [ 726.751896][T11568] [ 726.774362][T11563] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 726.793090][T11568] [ 726.793090][T11568] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 726.793090][T11568] [ 726.827138][T11568] [ 726.827138][T11568] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 726.827138][T11568] [ 726.854254][ T5802] rc_core: IR keymap rc-hauppauge not found [ 726.860389][ T5802] Registered IR keymap rc-empty [ 726.891655][ T5802] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 726.893121][T11568] read_mapping_page failed! [ 726.936845][ T5802] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12 [ 726.958864][T11568] ERROR: (device loop1): txCommit: [ 726.958864][T11568] [ 726.999351][ C1] igorplugusb 1-1:0.0: Error: urb status = -32 [ 727.068691][ T5802] usb 1-1: USB disconnect, device number 28 [ 727.124928][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 727.132925][ T5763] ERROR: (device loop1): diFree: wmap shows inode already free [ 727.132925][ T5763] [ 727.146192][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 727.167176][ T11] ERROR: (device loop1): diWrite: ixpxd invalid [ 727.167176][ T11] [ 727.232512][ T11] ERROR: (device loop1): txCommit: [ 727.232512][ T11] [ 727.267437][ T11] jfs_write_inode: jfs_commit_inode failed! [ 727.283647][ T5763] [ 727.283647][ T5763] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 727.283647][ T5763] [ 727.334610][ T5763] [ 727.334610][ T5763] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 727.334610][ T5763] [ 727.779097][T11580] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 727.794982][T11580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1394'. [ 727.946020][ T788] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 728.160158][ T788] usb 2-1: Using ep0 maxpacket: 32 [ 728.177027][ T788] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 728.195091][ T788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 728.211791][ T788] usb 2-1: Product: syz [ 728.216030][ T788] usb 2-1: Manufacturer: syz [ 728.221342][ T788] usb 2-1: SerialNumber: syz [ 728.229669][T11588] lo speed is unknown, defaulting to 1000 [ 728.249846][ T788] usb 2-1: config 0 descriptor?? [ 728.541629][ T788] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 033 [ 728.748189][ T5846] usb 2-1: USB disconnect, device number 33 [ 729.415949][T11608] syzkaller0: entered promiscuous mode [ 729.422364][T11608] syzkaller0: entered allmulticast mode [ 729.527266][ T5802] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 729.742303][ T5802] usb 1-1: Using ep0 maxpacket: 32 [ 729.759349][ T5802] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 729.833638][ T5802] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.851539][ T5802] usb 1-1: config 0 descriptor?? [ 730.122946][ T5802] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 730.158908][ T5802] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 730.203945][ T5802] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 730.219497][ T5802] usb 1-1: media controller created [ 730.248070][ T5802] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 730.340173][ T5802] az6027: usb out operation failed. (-71) [ 730.359381][ T5802] az6027: usb out operation failed. (-71) [ 730.372787][ T5802] stb0899_attach: Driver disabled by Kconfig [ 730.380563][ T5802] az6027: no front-end attached [ 730.380563][ T5802] [ 730.397740][ T5802] az6027: usb out operation failed. (-71) [ 730.414142][ T5802] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 730.432708][ T5802] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13 [ 730.448542][ T5802] dvb-usb: schedule remote query interval to 400 msecs. [ 730.464843][ T5802] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 730.481493][ T5802] usb 1-1: USB disconnect, device number 29 [ 730.597547][ T5802] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 730.900668][T11623] loop1: detected capacity change from 0 to 32768 [ 730.926488][T11623] JBD2: Ignoring recovery information on journal [ 731.051449][T11623] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 731.324410][ T5763] ocfs2: Unmounting device (7,1) on (node local) [ 731.390902][T11630] binder: 11629:11630 ioctl c0306201 200000000080 returned -14 [ 731.974965][ T5753] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 732.117511][T11632] loop1: detected capacity change from 0 to 32768 [ 732.135500][T11632] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 732.190580][ T5753] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 732.208469][ T5753] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 732.211224][T11653] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 732.218446][ T5753] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 732.239312][ T5753] usb 4-1: config 220 has no interface number 2 [ 732.246388][ T5753] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 732.261374][ T5753] usb 4-1: config 220 interface 0 has no altsetting 0 [ 732.263191][T11653] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1416'. [ 732.269081][ T5753] usb 4-1: config 220 interface 76 has no altsetting 0 [ 732.278457][ T5846] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 732.285894][ T5753] usb 4-1: config 220 interface 1 has no altsetting 0 [ 732.349239][T11632] XFS (loop1): Ending clean mount [ 732.357133][ T5753] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 732.379514][ T5753] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.419090][ T5753] usb 4-1: Product: syz [ 732.423438][ T5753] usb 4-1: Manufacturer: syz [ 732.464740][ T5753] usb 4-1: SerialNumber: syz [ 732.520565][ T5846] usb 1-1: Using ep0 maxpacket: 32 [ 732.529016][ T5846] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 732.542631][ T5846] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 732.556307][ T5846] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 732.566017][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 732.581125][ T5846] usb 1-1: config 0 descriptor?? [ 732.663584][ T5763] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 732.731214][ T5753] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 732.766275][ T5753] usb 4-1: No valid video chain found. [ 732.772034][ T5753] usb 4-1: selecting invalid altsetting 0 [ 732.850532][ T5753] usb 4-1: selecting invalid altsetting 0 [ 732.883639][ T5753] usbtest: probe of 4-1:220.1 failed with error -22 [ 732.948117][ T5753] usb 4-1: USB disconnect, device number 27 [ 733.029921][ T5846] koneplus 0003:1E7D:2D51.000E: unknown main item tag 0x1 [ 733.097945][ T5846] koneplus 0003:1E7D:2D51.000E: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.0-1/input0 [ 733.244468][ T5846] koneplus 0003:1E7D:2D51.000E: couldn't init struct koneplus_device [ 733.270938][ T5846] koneplus 0003:1E7D:2D51.000E: couldn't install mouse [ 733.301814][ T5846] koneplus: probe of 0003:1E7D:2D51.000E failed with error -71 [ 733.340545][ T5846] usb 1-1: USB disconnect, device number 30 [ 733.844534][T11665] loop9: detected capacity change from 0 to 7 [ 733.859746][T11665] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 733.865485][T11665] loop9: partition table partially beyond EOD, truncated [ 733.876129][T11665] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 733.924129][ T8689] udevd[8689]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 734.198257][T11676] macvtap1: entered promiscuous mode [ 734.204160][T11676] macvtap1: entered allmulticast mode [ 734.213649][T11676] dummy0: entered allmulticast mode [ 734.219096][T11676] dummy0: entered promiscuous mode [ 734.242864][T11676] team0: Device macvtap1 failed to register rx_handler [ 734.254051][T11676] dummy0: left allmulticast mode [ 734.259170][T11676] dummy0: left promiscuous mode [ 734.501364][T11682] loop3: detected capacity change from 0 to 4096 [ 734.547151][T11682] ntfs: volume version 3.1. [ 734.576108][T11684] loop1: detected capacity change from 0 to 128 [ 734.657926][T11682] ntfs: (device loop3): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). [ 734.681837][T11682] ntfs: (device loop3): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28. [ 735.240484][T11692] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 735.289031][T11692] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1428'. [ 735.535648][ T2123] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 735.783799][ T2123] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 735.804648][ T2123] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.843370][ T2123] usb 1-1: Product: syz [ 735.857784][ T2123] usb 1-1: Manufacturer: syz [ 735.862764][ T2123] usb 1-1: SerialNumber: syz [ 736.123772][ T2123] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 736.170891][ T2123] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 736.420108][ T2123] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000010. ret = -71 [ 736.450205][ T2123] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 736.463869][ T2123] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 736.499140][ T2123] lan78xx: probe of 1-1:1.0 failed with error -71 [ 736.525262][T11706] loop1: detected capacity change from 0 to 4096 [ 736.554239][ T2123] usb 1-1: USB disconnect, device number 31 [ 736.561287][T11706] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 736.855061][T11708] loop4: detected capacity change from 0 to 2048 [ 736.891652][T11708] EXT4-fs: Ignoring removed mblk_io_submit option [ 736.916563][T11708] EXT4-fs: Ignoring removed mblk_io_submit option [ 736.976570][T11708] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 737.122649][T11714] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.1435: bg 0: block 234: padding at end of block bitmap is not set [ 737.179208][T11714] EXT4-fs (loop4): Remounting filesystem read-only [ 737.193248][T11716] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1437'. [ 737.310655][ T9797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 737.722148][T11732] loop1: detected capacity change from 0 to 128 [ 738.181289][T11746] loop4: detected capacity change from 0 to 2048 [ 738.220222][T11746] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 738.337107][ T5802] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 738.566971][ T5802] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 738.607411][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 738.625682][T11757] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1454'. [ 738.634528][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 738.652629][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 738.661058][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 738.681413][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 738.702316][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 738.722092][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 738.750359][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 738.776102][T11765] loop1: detected capacity change from 0 to 256 [ 738.783202][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 738.796708][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 738.806226][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 738.829294][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 738.837564][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 738.847670][T11765] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 738.869786][ T28] audit: type=1800 audit(1771448612.469:91): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1456" name="file1" dev="loop1" ino=1048675 res=0 errno=0 [ 738.886852][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 738.938036][ T28] audit: type=1800 audit(1771448612.497:92): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1456" name="file1" dev="loop1" ino=1048675 res=0 errno=0 [ 738.970742][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 738.993060][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 739.009403][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 739.028514][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 739.047321][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 739.065784][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 739.258586][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 739.267871][ T5802] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 739.277305][ T5802] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 739.301232][ T5802] usb 4-1: config 0 interface 0 has no altsetting 0 [ 739.312283][ T5802] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 739.323944][ T5802] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 739.324717][T11765] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 739.362188][T11765] FAT-fs (loop1): Filesystem has been set read-only [ 739.372666][T11765] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 739.393622][T11765] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 739.406128][T11771] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 739.422820][T11771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1457'. [ 739.440724][T11765] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 739.450175][T11765] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 739.458885][T11765] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 739.664534][ T5802] usb 4-1: Product: syz [ 739.669091][ T5802] usb 4-1: Manufacturer: syz [ 739.675393][ T5802] usb 4-1: SerialNumber: syz [ 739.683671][ T5802] usb 4-1: config 0 descriptor?? [ 739.707828][ T5802] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 740.101637][T11773] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 740.115430][T11773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1458'. [ 740.465105][ C1] usb 4-1: yurex_control_callback - control failed: -71 [ 740.487876][ T788] usb 4-1: USB disconnect, device number 28 [ 740.507703][ T788] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 740.851921][T11793] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 740.868848][T11793] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1462'. [ 741.413345][T11799] loop3: detected capacity change from 0 to 1024 [ 741.592597][T11799] hfsplus: bad catalog entry type [ 741.727114][ T12] hfsplus: b-tree write err: -5, ino 4 [ 741.947734][T11808] loop3: detected capacity change from 0 to 128 [ 743.062470][T11820] syzkaller1: entered promiscuous mode [ 743.071833][T11820] syzkaller1: entered allmulticast mode [ 743.845287][T11829] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 743.865199][T11829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1475'. [ 744.439669][T11838] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 744.452227][T11838] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1479'. [ 744.642573][T11844] loop3: detected capacity change from 0 to 2048 [ 744.685915][T11847] loop1: detected capacity change from 0 to 256 [ 744.692253][T11844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 744.773853][T11844] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 744.794865][T11847] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000003) [ 744.813230][T11847] FAT-fs (loop1): Filesystem has been set read-only [ 744.815336][T11844] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 744.844391][T11844] EXT4-fs (loop3): This should not happen!! Data will be lost [ 744.844391][T11844] [ 744.857851][T11844] EXT4-fs (loop3): Total free blocks count 0 [ 744.864680][T11844] EXT4-fs (loop3): Free/Dirty block details [ 744.872182][T11844] EXT4-fs (loop3): free_blocks=2415919104 [ 744.878293][T11844] EXT4-fs (loop3): dirty_blocks=64 [ 744.883835][T11844] EXT4-fs (loop3): Block reservation details [ 744.890189][T11844] EXT4-fs (loop3): i_reserved_data_blocks=4 [ 744.941659][ T1144] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 33 with error 28 [ 745.258415][T11859] loop1: detected capacity change from 0 to 256 [ 745.315759][T11859] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3967cd3a, utbl_chksum : 0xe619d30d) [ 745.402377][ T28] audit: type=1800 audit(1771448618.577:93): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1486" name="file1" dev="loop1" ino=1048679 res=0 errno=0 [ 745.448813][ T28] audit: type=1800 audit(1771448618.586:94): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1486" name="file1" dev="loop1" ino=1048679 res=0 errno=0 [ 745.461324][T11859] syz.1.1486: attempt to access beyond end of device [ 745.461324][T11859] loop1: rw=524288, sector=440, nr_sectors = 256 limit=256 [ 745.519009][T11859] syz.1.1486: attempt to access beyond end of device [ 745.519009][T11859] loop1: rw=524288, sector=696, nr_sectors = 256 limit=256 [ 745.539795][ T28] audit: type=1800 audit(1771448618.708:95): pid=11865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1486" name="file1" dev="loop1" ino=1048679 res=0 errno=0 [ 745.549188][T11859] syz.1.1486: attempt to access beyond end of device [ 745.549188][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 745.579547][T11864] loop3: detected capacity change from 0 to 2048 [ 745.588101][T11859] syz.1.1486: attempt to access beyond end of device [ 745.588101][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 745.622541][T11859] syz.1.1486: attempt to access beyond end of device [ 745.622541][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 745.652913][ T8689] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 745.680603][T11859] syz.1.1486: attempt to access beyond end of device [ 745.680603][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 745.723085][T11859] syz.1.1486: attempt to access beyond end of device [ 745.723085][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 745.750847][T11859] syz.1.1486: attempt to access beyond end of device [ 745.750847][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 745.791424][T11859] syz.1.1486: attempt to access beyond end of device [ 745.791424][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 745.805621][T11859] syz.1.1486: attempt to access beyond end of device [ 745.805621][T11859] loop1: rw=0, sector=440, nr_sectors = 8 limit=256 [ 746.571977][T11876] loop3: detected capacity change from 0 to 256 [ 746.600754][T11872] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 746.614246][T11872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1490'. [ 746.618319][T11876] exfat: Deprecated parameter 'namecase' [ 746.777223][T11881] loop1: detected capacity change from 0 to 128 [ 746.787955][T11876] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xee17df4f, utbl_chksum : 0xe619d30d) [ 746.973828][ T5753] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 747.183174][ T5753] usb 1-1: Using ep0 maxpacket: 16 [ 747.226796][ T5753] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 747.259695][ T5753] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 747.282102][ T5753] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 747.292523][ T5753] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.316836][ T5753] usb 1-1: config 0 descriptor?? [ 747.379086][T11889] loop1: detected capacity change from 0 to 4096 [ 747.398920][T11889] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 747.438546][T11892] loop4: detected capacity change from 0 to 128 [ 747.584488][T11889] ntfs3: loop1: ino=1e, "file1" ntfs3_write_inode failed, -22. [ 747.776369][ T5753] hid-picolcd 0003:04D8:F002.000F: unknown main item tag 0x0 [ 747.783970][ T5753] hid-picolcd 0003:04D8:F002.000F: unknown main item tag 0x0 [ 747.799720][ T5753] hid-picolcd 0003:04D8:F002.000F: item fetching failed at offset 2/11 [ 747.819181][ T5753] hid-picolcd 0003:04D8:F002.000F: device report parse failed [ 747.839947][ T5753] hid-picolcd: probe of 0003:04D8:F002.000F failed with error -22 [ 747.984419][ T5753] usb 1-1: USB disconnect, device number 32 [ 748.907499][T11908] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 748.920831][T11908] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1502'. [ 749.861365][T11926] syzkaller0: entered promiscuous mode [ 749.867113][T11926] syzkaller0: entered allmulticast mode [ 750.078946][T11932] loop1: detected capacity change from 0 to 128 [ 750.112541][T11932] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 750.137846][T11932] ext4 filesystem being mounted at /413/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 750.194436][ T5763] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 750.322142][T11936] loop1: detected capacity change from 0 to 128 [ 750.341650][ T788] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 750.546425][ T788] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 750.557445][ T788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 750.573243][ T788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 750.583603][ T788] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 750.601945][ T788] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 750.612013][ T788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.634152][ T788] usb 1-1: config 0 descriptor?? [ 750.989214][T11939] loop3: detected capacity change from 0 to 32768 [ 751.015248][T11939] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 751.081676][ T788] plantronics 0003:047F:FFFF.0010: unknown main item tag 0xd [ 751.113397][ T788] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 751.185732][ T8689] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 751.198326][ T788] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 751.243686][ T8247] Bluetooth: hci2: command 0x0406 tx timeout [ 751.419045][ T8431] usb 1-1: USB disconnect, device number 33 [ 751.512444][T11945] loop3: detected capacity change from 0 to 4096 [ 751.541385][T11945] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 751.648512][ T1093] ntfs3: loop3: ino=1e, failed to parse mft record [ 751.699222][ T28] audit: type=1800 audit(1771448624.460:96): pid=11945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1514" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 751.727782][T11945] ntfs3: loop3: ino=1e, "file1" failed to parse mft record [ 751.752821][T11945] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 751.824550][ T1093] ntfs3: loop3: ino=1e, failed to parse mft record [ 751.974160][T11948] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 751.983044][T11949] loop3: detected capacity change from 0 to 128 [ 752.226787][T11954] loop1: detected capacity change from 0 to 1024 [ 752.242448][T11954] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 752.429465][T11954] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 752.572930][T11954] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.1518: missing EA_INODE flag [ 752.727469][T11954] EXT4-fs (loop1): Remounting filesystem read-only [ 752.813519][ T5763] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 752.977838][T11968] loop1: detected capacity change from 0 to 64 [ 753.058484][ T28] audit: type=1800 audit(1771448625.751:97): pid=11968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1521" name="file2" dev="loop1" ino=6 res=0 errno=0 [ 753.322016][T11972] loop3: detected capacity change from 0 to 4096 [ 753.354609][T11972] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 753.435318][T11972] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 753.911622][T11979] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 753.925162][T11979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1526'. [ 753.993473][T11977] syzkaller0: entered promiscuous mode [ 754.007716][T11977] syzkaller0: entered allmulticast mode [ 754.035032][T11983] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 754.054205][T11983] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1527'. [ 754.414815][ T8431] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 754.605725][T11991] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 754.621797][T11991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1530'. [ 754.622212][ T8431] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 754.649970][ T8431] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 754.681623][ T8431] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.726380][ T8431] usb 4-1: config 0 descriptor?? [ 754.762181][ T8431] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 754.874582][T11998] loop4: detected capacity change from 0 to 8192 [ 754.889005][T11998] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 754.903614][T11998] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 754.914424][T11998] REISERFS (device loop4): using ordered data mode [ 754.922319][T11998] reiserfs: using flush barriers [ 754.934991][T11998] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 754.955404][T11998] REISERFS (device loop4): checking transaction log (loop4) [ 754.964658][T11998] REISERFS (device loop4): Using r5 hash to sort names [ 754.986868][ T5846] usb 4-1: USB disconnect, device number 29 [ 755.008913][T11998] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 755.088095][ T5802] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 755.399676][ T5802] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 755.418024][ T5802] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 755.428527][ T5802] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 755.448497][ T5802] usb 2-1: config 0 descriptor?? [ 755.465427][ T5802] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 755.685298][ T8431] usb 2-1: USB disconnect, device number 34 [ 756.215629][T12017] loop4: detected capacity change from 0 to 128 [ 756.257704][T12017] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 756.274030][T12017] ext4 filesystem being mounted at /129/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 756.396367][T12017] EXT4-fs error (device loop4): dx_make_map:1328: inode #2: block 18: comm syz.4.1539: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 756.427475][T12017] EXT4-fs error (device loop4) in do_split:2095: Corrupt filesystem [ 756.507272][ T9797] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 756.721314][T12027] syzkaller0: entered promiscuous mode [ 756.734420][T12027] syzkaller0: entered allmulticast mode [ 757.362404][T12025] loop1: detected capacity change from 0 to 32768 [ 757.486180][T12036] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 757.515735][T12036] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1545'. [ 757.586086][T12025] JBD2: Ignoring recovery information on journal [ 757.659849][T12025] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 758.035893][ T5763] ocfs2: Unmounting device (7,1) on (node local) [ 758.368515][T12047] loop1: detected capacity change from 0 to 128 [ 758.595142][T12048] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 758.611797][T12048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1550'. [ 759.140094][T12055] syzkaller0: entered promiscuous mode [ 759.145759][T12055] syzkaller0: entered allmulticast mode [ 759.427970][T12061] loop3: detected capacity change from 0 to 128 [ 759.832031][T12067] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 759.848635][T12067] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1553'. [ 760.876385][T12077] syzkaller1: entered promiscuous mode [ 760.896130][T12077] syzkaller1: entered allmulticast mode [ 760.933948][T12080] loop4: detected capacity change from 0 to 128 [ 761.128604][ T5753] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 761.452244][T12086] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 761.469896][T12086] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1562'. [ 761.513263][ T5753] usb 1-1: Using ep0 maxpacket: 32 [ 761.526081][ T5753] usb 1-1: config 0 has an invalid interface number: 225 but max is 0 [ 761.553497][T12087] syzkaller0: entered promiscuous mode [ 761.561437][ T5753] usb 1-1: config 0 has no interface number 0 [ 761.572356][T12087] syzkaller0: entered allmulticast mode [ 761.609080][ T5753] usb 1-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79 [ 761.650133][ T5753] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.664517][ T5753] usb 1-1: Product: syz [ 761.669295][ T5753] usb 1-1: Manufacturer: syz [ 761.675575][ T5753] usb 1-1: SerialNumber: syz [ 761.687843][ T5753] usb 1-1: config 0 descriptor?? [ 762.481499][T12100] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 762.500254][T12100] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1565'. [ 762.515205][ T5753] mos7840 1-1:0.225: required endpoints missing [ 762.590439][T12102] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 762.603845][T12102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1567'. [ 762.646281][ T5846] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 762.935454][ T5846] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 763.027185][ T5846] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 763.062473][ T5753] usb 1-1: USB disconnect, device number 34 [ 763.066560][ T5846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.093645][ T5846] usb 2-1: config 0 descriptor?? [ 763.103836][ T5846] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 763.340222][ T5846] usb 2-1: USB disconnect, device number 35 [ 763.412376][T12109] ip6_tunnel: non-ECT from fe88:a43d:e1a4:0000:0000:0000:0000:7d01 with DS=0xe [ 764.155923][T12120] loop1: detected capacity change from 0 to 128 [ 764.212900][ T2123] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 764.492799][T12123] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 764.509745][T12123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1575'. [ 764.570583][ T2123] usb 1-1: Using ep0 maxpacket: 8 [ 764.577872][ T2123] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 764.586513][ T2123] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 764.597014][ T2123] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 764.607051][ T2123] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 764.617547][ T2123] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 764.630901][ T2123] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 764.640391][ T2123] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.872838][ T2123] usb 1-1: GET_CAPABILITIES returned 0 [ 764.878909][ T2123] usbtmc 1-1:16.0: can't read capabilities [ 765.192297][ T5753] usb 1-1: USB disconnect, device number 35 [ 765.222993][T12118] usbtmc 1-1:16.0: stb usb_control_msg returned -71 [ 765.613593][T12134] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 765.630903][T12134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1577'. [ 765.959173][T12132] loop3: detected capacity change from 0 to 40427 [ 766.026886][T12132] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff [ 766.071367][T12132] F2FS-fs (loop3): Image doesn't support compression [ 766.108128][T12132] F2FS-fs (loop3): Image doesn't support compression [ 766.149954][T12132] F2FS-fs (loop3): invalid crc value [ 766.167967][T12132] F2FS-fs (loop3): Found nat_bits in checkpoint [ 766.388296][T12132] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 766.956642][T12147] loop1: detected capacity change from 0 to 128 [ 767.592602][T12154] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 767.607204][T12154] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1584'. [ 768.103975][T12165] IPVS: dh: FWM 3 0x00000003 - no destination available [ 768.237543][T12168] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 768.273277][T12168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1588'. [ 769.383906][T12179] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 769.420587][T12179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1590'. [ 769.482472][T12180] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 769.495646][T12180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1591'. [ 770.857351][T12194] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 770.893055][T12194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1596'. [ 771.837148][T12199] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 771.853941][T12199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1597'. [ 773.029962][T12207] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 773.047530][T12207] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1598'. [ 774.048613][T12240] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 774.074666][ T8431] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 774.092847][T12240] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1608'. [ 774.280705][ T8431] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 774.302650][ T8431] usb 2-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config [ 774.352001][ T8431] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 774.396595][ T8431] usb 2-1: config 1 has no interface number 1 [ 774.419323][ T8431] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 774.480808][ T8431] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 774.524004][ T8431] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.606546][ T8431] usb 2-1: Product: syz [ 774.630594][ T8431] usb 2-1: Manufacturer: syz [ 774.656968][ T8431] usb 2-1: SerialNumber: syz [ 775.109237][T12248] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 775.130729][T12248] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1611'. [ 775.153994][ T8431] usb 2-1: USB disconnect, device number 36 [ 775.336225][T12250] loop3: detected capacity change from 0 to 8192 [ 775.354185][T12250] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 775.416808][T12250] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 775.444391][T12250] REISERFS (device loop3): using ordered data mode [ 775.464399][T12250] reiserfs: using flush barriers [ 775.470995][T12250] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 775.491211][T12250] REISERFS (device loop3): checking transaction log (loop3) [ 775.637684][T12250] REISERFS (device loop3): Using tea hash to sort names [ 775.648508][T12250] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 775.662857][T12250] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 775.883462][T12254] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 5) not found (pos 2) [ 775.973801][T12257] syzkaller0: entered promiscuous mode [ 776.034783][T12260] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 776.207509][T12259] loop1: detected capacity change from 0 to 128 [ 776.222691][T12257] syzkaller0: entered allmulticast mode [ 776.316487][T12250] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 5) not found (pos 2) [ 776.560432][T12260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1613'. [ 776.583244][T12254] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 776.699820][T12254] REISERFS error (device loop3): vs-15011 reiserfs_release_objectid: tried to free free object id (4) [ 776.747296][T12254] REISERFS (device loop3): Remounting filesystem read-only [ 777.100143][T12274] loop4: detected capacity change from 0 to 128 [ 777.137371][T12274] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 777.332512][T12281] UDF-fs: error (device loop4): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 778.165338][T12293] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 778.187145][T12293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1623'. [ 778.347229][T12272] loop1: detected capacity change from 0 to 32768 [ 778.373467][T12272] JBD2: Ignoring recovery information on journal [ 778.465777][T12272] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 779.000393][T12303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1625'. [ 779.306737][ T5763] ocfs2: Unmounting device (7,1) on (node local) [ 779.551949][T12290] loop3: detected capacity change from 0 to 32768 [ 779.690695][T12290] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 779.827360][T12290] XFS (loop3): Ending clean mount [ 779.835089][T12315] loop4: detected capacity change from 0 to 512 [ 779.848272][T12315] EXT4-fs: Ignoring removed nobh option [ 779.877915][T12315] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 779.941061][T12315] EXT4-fs (loop4): 1 truncate cleaned up [ 779.955243][T12315] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 780.070053][T12320] loop1: detected capacity change from 0 to 128 [ 780.242634][ T9797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 780.318011][ T5766] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 780.767518][T12327] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 780.805471][T12327] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1630'. [ 782.298727][T12353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1636'. [ 782.837234][T12329] loop1: detected capacity change from 0 to 40427 [ 782.856622][T12329] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 782.888279][T12329] F2FS-fs (loop1): Image doesn't support compression [ 782.923066][T12329] F2FS-fs (loop1): Image doesn't support compression [ 782.931479][T12329] F2FS-fs (loop1): invalid crc value [ 782.952388][T12329] F2FS-fs (loop1): Found nat_bits in checkpoint [ 783.040385][T12329] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 783.061470][T12361] loop4: detected capacity change from 0 to 256 [ 783.124682][T12329] F2FS-fs (loop1): inject dquot initialize in f2fs_dquot_initialize of f2fs_rename2+0x871/0x2270 [ 783.212941][T12361] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 783.258012][T12361] FAT-fs (loop4): Filesystem has been set read-only [ 783.360749][ T5763] bio_check_eod: 2146 callbacks suppressed [ 783.360767][ T5763] syz-executor: attempt to access beyond end of device [ 783.360767][ T5763] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 783.392961][ T5763] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 783.407244][ T5763] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 783.611083][ T8431] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 784.713719][ T8431] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 784.732631][ T8431] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 784.762231][ T8431] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.764599][T12375] loop1: detected capacity change from 0 to 128 [ 784.784274][ T8431] usb 4-1: config 0 descriptor?? [ 784.855999][T12377] loop4: detected capacity change from 0 to 128 [ 785.099716][ T5753] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 785.150693][ T8431] usbhid 4-1:0.0: can't add hid device: -71 [ 785.156923][ T8431] usbhid: probe of 4-1:0.0 failed with error -71 [ 785.166090][ T8431] usb 4-1: USB disconnect, device number 30 [ 785.448536][ T5753] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 785.531101][ T5753] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 785.663770][ T5753] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.919549][ T5753] usb 1-1: config 0 descriptor?? [ 785.929308][ T5753] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 786.225707][ T5753] usb 1-1: USB disconnect, device number 36 [ 786.244742][ T8431] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 786.370623][T12388] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1647'. [ 786.454296][ T8431] usb 4-1: Using ep0 maxpacket: 32 [ 786.471390][ T8431] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 786.513677][ T8431] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 786.598338][ T8431] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.797308][ T8431] usb 4-1: config 0 descriptor?? [ 786.900981][ T8431] usb 4-1: can't set config #0, error -71 [ 787.014452][T12386] loop4: detected capacity change from 0 to 32768 [ 787.031166][ T8431] usb 4-1: USB disconnect, device number 31 [ 787.124105][T12394] loop1: detected capacity change from 0 to 128 [ 787.137911][T12394] EXT4-fs: Ignoring removed nomblk_io_submit option [ 787.159342][T12386] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 787.183873][T12394] EXT4-fs (loop1): Test dummy encryption mode enabled [ 787.241115][T12394] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 787.287081][T12394] ext4 filesystem being mounted at /447/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 787.487527][ T5763] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 787.780581][ T9797] ocfs2: Unmounting device (7,4) on (node local) [ 788.226660][T12410] /dev/loop0: Can't open blockdev [ 788.510990][T12415] loop3: detected capacity change from 0 to 128 [ 790.314793][ T8431] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 790.511170][T12434] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 790.541959][ T8431] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 790.573301][ T8431] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 790.590025][ T8431] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.621946][ T8431] usb 2-1: config 0 descriptor?? [ 790.676509][ T8431] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 790.710220][T12440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1664'. [ 790.795936][T12425] loop4: detected capacity change from 0 to 32768 [ 790.849139][T12425] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 790.916552][ T8431] usb 2-1: USB disconnect, device number 37 [ 790.949168][T12425] XFS (loop4): Ending clean mount [ 791.034549][T12425] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 791.519531][T12453] loop3: detected capacity change from 0 to 32768 [ 791.716510][T12453] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 792.538783][T12453] XFS (loop3): Ending clean mount [ 792.554793][T12453] XFS (loop3): Quotacheck needed: Please wait. [ 792.801589][T12453] XFS (loop3): Quotacheck: Done. [ 792.811824][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 792.838299][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 793.874502][ T5766] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 795.030709][ T8431] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 795.235741][ T8431] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 795.266003][ T8431] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 795.277108][ T8431] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.291003][ T8431] usb 1-1: config 0 descriptor?? [ 795.339699][ T8431] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 795.448818][T12516] loop1: detected capacity change from 0 to 64 [ 795.471678][T12516] hfs: unable to locate alternate MDB [ 795.481260][T12516] hfs: continuing without an alternate MDB [ 795.491581][T12518] loop3: detected capacity change from 0 to 128 [ 795.552508][T12519] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 795.569869][T12519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1679'. [ 795.777901][ T8431] usb 1-1: USB disconnect, device number 37 [ 798.028354][T12551] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 798.045710][T12551] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1691'. [ 798.879870][T12559] loop3: detected capacity change from 0 to 128 [ 799.941625][ T5753] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 800.168675][ T5753] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 800.206617][ T5753] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 800.258520][ T5753] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 800.325050][ T5753] usb 2-1: config 0 descriptor?? [ 800.382693][ T5753] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 800.591949][ T2123] usb 2-1: USB disconnect, device number 38 [ 801.654074][T12577] loop4: detected capacity change from 0 to 32768 [ 801.683953][T12591] loop3: detected capacity change from 0 to 256 [ 801.707470][T12577] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 801.729550][T12591] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 801.842964][T12577] XFS (loop4): Ending clean mount [ 801.854337][T12577] XFS (loop4): Quotacheck needed: Please wait. [ 801.947011][T12577] XFS (loop4): Quotacheck: Done. [ 802.017901][T12604] loop1: detected capacity change from 0 to 128 [ 802.095215][T12577] XFS (loop4): User initiated shutdown received. [ 802.132339][T12577] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:497). Shutting down filesystem. [ 802.179248][T12577] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 803.079430][ T9797] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 803.367804][T12618] syzkaller0: entered promiscuous mode [ 803.374603][T12618] syzkaller0: entered allmulticast mode [ 803.649306][T12622] loop0: detected capacity change from 32768 to 0 [ 805.974350][T12654] loop4: detected capacity change from 0 to 128 [ 807.101086][T12668] syzkaller0: entered promiscuous mode [ 807.178500][T12668] syzkaller0: entered allmulticast mode [ 807.400984][T12675] loop4: detected capacity change from 0 to 1024 [ 808.194895][T12686] loop1: detected capacity change from 0 to 128 [ 808.257421][T12675] hfsplus: xattr searching failed [ 808.393677][T12675] hfsplus: xattr searching failed [ 808.429045][T12675] hfsplus: xattr searching failed [ 809.731092][T12707] syzkaller0: entered promiscuous mode [ 809.743260][T12703] kvm: user requested TSC rate below hardware speed [ 809.754905][T12707] syzkaller0: entered allmulticast mode [ 810.669369][T12713] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3944. macoff=96 [ 810.983673][T12719] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 810.998579][T12719] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1740'. [ 811.054249][T12724] loop1: detected capacity change from 0 to 128 [ 812.116680][T12732] loop1: detected capacity change from 0 to 128 [ 812.148719][T12732] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 812.166983][T12732] ext4 filesystem being mounted at /472/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 812.357128][T12732] syz.1.1744 (pid 12732) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 812.417507][ T5763] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 813.151155][T12744] loop4: detected capacity change from 0 to 128 [ 813.371210][T12749] syzkaller0: entered promiscuous mode [ 813.388397][T12749] syzkaller0: entered allmulticast mode [ 814.683196][T12778] loop4: detected capacity change from 0 to 128 [ 815.833972][T12790] loop4: detected capacity change from 0 to 128 [ 817.026590][T12801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1764'. [ 817.136656][T12805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1766'. [ 817.563993][ T5809] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 817.590750][T12816] loop1: detected capacity change from 0 to 128 [ 817.814514][ T5809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 817.915722][ T5809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 818.520575][ T5809] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 818.530299][ T5809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 818.542370][ T5809] usb 4-1: config 0 descriptor?? [ 819.026180][ T5809] playstation 0003:054C:0DF2.0011: unknown main item tag 0x0 [ 819.053741][ T5809] playstation 0003:054C:0DF2.0011: unknown main item tag 0x0 [ 819.062967][ T5809] playstation 0003:054C:0DF2.0011: unknown main item tag 0x0 [ 819.071047][ T5809] playstation 0003:054C:0DF2.0011: unknown main item tag 0x0 [ 819.083096][ T5809] playstation 0003:054C:0DF2.0011: unknown main item tag 0x0 [ 819.104381][ T5809] playstation 0003:054C:0DF2.0011: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0 [ 819.224427][ T5809] playstation 0003:054C:0DF2.0011: Failed to retrieve feature with reportID 9: -32 [ 819.254375][ T5809] playstation 0003:054C:0DF2.0011: Failed to retrieve DualSense pairing info: -32 [ 819.285231][ T5809] playstation 0003:054C:0DF2.0011: Failed to get MAC address from DualSense [ 819.294677][ T5809] playstation 0003:054C:0DF2.0011: Failed to create dualsense. [ 819.319451][ T5809] playstation: probe of 0003:054C:0DF2.0011 failed with error -32 [ 819.343887][ T5809] usb 4-1: USB disconnect, device number 32 [ 819.696950][T12850] [ 819.699683][T12850] ===================================================== [ 819.706782][T12850] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 819.714498][T12850] syzkaller #0 Not tainted [ 819.719279][T12850] ----------------------------------------------------- [ 819.726392][T12850] syz.0.1783/12850 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 819.734309][T12850] ffffffff8ce0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xf0/0x3c0 [ 819.743011][T12850] [ 819.743011][T12850] and this task is already holding: [ 819.750540][T12850] ffff888046a26618 (&f->f_owner.lock){...-}-{2:2}, at: send_sigurg+0x29/0x3c0 [ 819.759668][T12850] which would create a new lock dependency: [ 819.765548][T12850] (&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 819.773744][T12850] [ 819.773744][T12850] but this new dependency connects a HARDIRQ-irq-safe lock: [ 819.783305][T12850] (&dev->event_lock#2){-.-.}-{2:2} [ 819.783336][T12850] [ 819.783336][T12850] ... which became HARDIRQ-irq-safe at: [ 819.796770][T12850] lock_acquire+0x19e/0x420 [ 819.801457][T12850] _raw_spin_lock_irqsave+0xb4/0x100 [ 819.806999][T12850] input_event+0x7a/0xc0 [ 819.811414][T12850] psmouse_report_standard_packet+0x53/0x200 [ 819.817647][T12850] psmouse_process_byte+0x478/0x670 [ 819.822938][T12850] psmouse_handle_byte+0x43/0x490 [ 819.828165][T12850] ps2_interrupt+0x164/0x980 [ 819.832930][T12850] serio_interrupt+0x8b/0x130 [ 819.837818][T12850] i8042_interrupt+0x385/0x710 [ 819.842669][T12850] __handle_irq_event_percpu+0x271/0x940 [ 819.848561][T12850] handle_irq_event+0x8b/0x1e0 [ 819.853436][T12850] handle_edge_irq+0x247/0xb30 [ 819.858475][T12850] __common_interrupt+0x13b/0x230 [ 819.863676][T12850] common_interrupt+0xb4/0xd0 [ 819.868475][T12850] asm_common_interrupt+0x26/0x40 [ 819.873572][T12850] unwind_next_frame+0xf0b/0x2970 [ 819.878941][T12850] arch_stack_walk+0x144/0x190 [ 819.883797][T12850] stack_trace_save+0xaa/0x100 [ 819.888813][T12850] kasan_set_track+0x4e/0x70 [ 819.893561][T12850] kasan_save_free_info+0x2e/0x50 [ 819.898837][T12850] ____kasan_slab_free+0x126/0x1e0 [ 819.904027][T12850] slab_free_freelist_hook+0x130/0x1a0 [ 819.909566][T12850] kmem_cache_free+0xf8/0x270 [ 819.914599][T12850] do_exit+0x90c/0x2460 [ 819.918829][T12850] call_usermodehelper_exec_async+0x348/0x350 [ 819.925056][T12850] ret_from_fork+0x48/0x80 [ 819.929546][T12850] ret_from_fork_asm+0x11/0x20 [ 819.934600][T12850] [ 819.934600][T12850] to a HARDIRQ-irq-unsafe lock: [ 819.941879][T12850] (tasklist_lock){.+.+}-{2:2} [ 819.941904][T12850] [ 819.941904][T12850] ... which became HARDIRQ-irq-unsafe at: [ 819.954796][T12850] ... [ 819.954804][T12850] lock_acquire+0x19e/0x420 [ 819.962013][T12850] _raw_read_lock+0x36/0x50 [ 819.966691][T12850] do_wait+0x294/0xae0 [ 819.970982][T12850] kernel_wait+0xd7/0x1c0 [ 819.975394][T12850] call_usermodehelper_exec_work+0xb9/0x220 [ 819.981488][T12850] process_scheduled_works+0xa5d/0x15d0 [ 819.987152][T12850] worker_thread+0xa55/0xfc0 [ 819.991957][T12850] kthread+0x2fa/0x390 [ 819.996206][T12850] ret_from_fork+0x48/0x80 [ 820.000983][T12850] ret_from_fork_asm+0x11/0x20 [ 820.005945][T12850] [ 820.005945][T12850] other info that might help us debug this: [ 820.005945][T12850] [ 820.016430][T12850] Chain exists of: [ 820.016430][T12850] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 820.016430][T12850] [ 820.029852][T12850] Possible interrupt unsafe locking scenario: [ 820.029852][T12850] [ 820.038344][T12850] CPU0 CPU1 [ 820.044261][T12850] ---- ---- [ 820.049778][T12850] lock(tasklist_lock); [ 820.054150][T12850] local_irq_disable(); [ 820.061208][T12850] lock(&dev->event_lock#2); [ 820.068559][T12850] lock(&f->f_owner.lock); [ 820.075754][T12850] [ 820.079222][T12850] lock(&dev->event_lock#2); [ 820.084267][T12850] [ 820.084267][T12850] *** DEADLOCK *** [ 820.084267][T12850] [ 820.092856][T12850] 2 locks held by syz.0.1783/12850: [ 820.098197][T12850] #0: ffff88807e1acab0 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x21/0x50 [ 820.107440][T12850] #1: ffff888046a26618 (&f->f_owner.lock){...-}-{2:2}, at: send_sigurg+0x29/0x3c0 [ 820.116844][T12850] [ 820.116844][T12850] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 820.127248][T12850] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 820.133158][T12850] IN-HARDIRQ-W at: [ 820.137643][T12850] lock_acquire+0x19e/0x420 [ 820.144692][T12850] _raw_spin_lock_irqsave+0xb4/0x100 [ 820.152681][T12850] input_event+0x7a/0xc0 [ 820.159192][T12850] psmouse_report_standard_packet+0x53/0x200 [ 820.167860][T12850] psmouse_process_byte+0x478/0x670 [ 820.175460][T12850] psmouse_handle_byte+0x43/0x490 [ 820.183184][T12850] ps2_interrupt+0x164/0x980 [ 820.190204][T12850] serio_interrupt+0x8b/0x130 [ 820.197040][T12850] i8042_interrupt+0x385/0x710 [ 820.204330][T12850] __handle_irq_event_percpu+0x271/0x940 [ 820.212489][T12850] handle_irq_event+0x8b/0x1e0 [ 820.219778][T12850] handle_edge_irq+0x247/0xb30 [ 820.227048][T12850] __common_interrupt+0x13b/0x230 [ 820.234514][T12850] common_interrupt+0xb4/0xd0 [ 820.241975][T12850] asm_common_interrupt+0x26/0x40 [ 820.249165][T12850] unwind_next_frame+0xf0b/0x2970 [ 820.256517][T12850] arch_stack_walk+0x144/0x190 [ 820.263435][T12850] stack_trace_save+0xaa/0x100 [ 820.270658][T12850] kasan_set_track+0x4e/0x70 [ 820.277494][T12850] kasan_save_free_info+0x2e/0x50 [ 820.284684][T12850] ____kasan_slab_free+0x126/0x1e0 [ 820.292214][T12850] slab_free_freelist_hook+0x130/0x1a0 [ 820.299839][T12850] kmem_cache_free+0xf8/0x270 [ 820.306774][T12850] do_exit+0x90c/0x2460 [ 820.313452][T12850] call_usermodehelper_exec_async+0x348/0x350 [ 820.321870][T12850] ret_from_fork+0x48/0x80 [ 820.328735][T12850] ret_from_fork_asm+0x11/0x20 [ 820.335695][T12850] IN-SOFTIRQ-W at: [ 820.340025][T12850] lock_acquire+0x19e/0x420 [ 820.346699][T12850] _raw_spin_lock_irqsave+0xb4/0x100 [ 820.354148][T12850] input_inject_event+0xab/0x320 [ 820.361256][T12850] led_trigger_event+0x133/0x210 [ 820.368522][T12850] kbd_bh+0x1c0/0x2d0 [ 820.374747][T12850] tasklet_action_common+0x302/0x4d0 [ 820.383700][T12850] handle_softirqs+0x280/0x820 [ 820.391341][T12850] __irq_exit_rcu+0xd3/0x190 [ 820.398103][T12850] irq_exit_rcu+0x9/0x20 [ 820.404596][T12850] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 820.412409][T12850] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 820.420558][T12850] pv_native_safe_halt+0xf/0x10 [ 820.427796][T12850] default_idle+0x13/0x20 [ 820.434458][T12850] default_idle_call+0x6c/0xa0 [ 820.441645][T12850] do_idle+0x1f0/0x4e0 [ 820.448166][T12850] cpu_startup_entry+0x43/0x60 [ 820.455282][T12850] rest_init+0x2e2/0x300 [ 820.461689][T12850] arch_call_rest_init+0xe/0x10 [ 820.468816][T12850] start_kernel+0x459/0x4e0 [ 820.475494][T12850] x86_64_start_reservations+0x2a/0x30 [ 820.483382][T12850] copy_bootdata+0x0/0xe0 [ 820.490001][T12850] secondary_startup_64_no_verify+0x179/0x17b [ 820.498425][T12850] INITIAL USE at: [ 820.502857][T12850] lock_acquire+0x19e/0x420 [ 820.509534][T12850] _raw_spin_lock_irqsave+0xb4/0x100 [ 820.517093][T12850] input_inject_event+0xab/0x320 [ 820.524304][T12850] led_trigger_event+0x133/0x210 [ 820.531855][T12850] kbd_led_trigger_activate+0xbd/0x100 [ 820.539593][T12850] led_trigger_set+0x52c/0x950 [ 820.547107][T12850] led_trigger_set_default+0x1a0/0x1e0 [ 820.554866][T12850] led_classdev_register_ext+0x733/0x9b0 [ 820.562772][T12850] input_leds_connect+0x4eb/0x6b0 [ 820.570398][T12850] input_register_device+0xcdc/0x1070 [ 820.578041][T12850] atkbd_connect+0x70a/0x9b0 [ 820.584973][T12850] serio_driver_probe+0x7a/0xa0 [ 820.592039][T12850] really_probe+0x25b/0xb20 [ 820.598707][T12850] __driver_probe_device+0x18c/0x330 [ 820.606535][T12850] driver_probe_device+0x4f/0x420 [ 820.613827][T12850] __driver_attach+0x44e/0x6e0 [ 820.620862][T12850] bus_for_each_dev+0x235/0x2b0 [ 820.627888][T12850] serio_handle_event+0x1a2/0x860 [ 820.635166][T12850] process_scheduled_works+0xa5d/0x15d0 [ 820.643253][T12850] worker_thread+0xa55/0xfc0 [ 820.650102][T12850] kthread+0x2fa/0x390 [ 820.656357][T12850] ret_from_fork+0x48/0x80 [ 820.662963][T12850] ret_from_fork_asm+0x11/0x20 [ 820.670119][T12850] } [ 820.672874][T12850] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 820.683109][T12850] -> (&client->buffer_lock){....}-{2:2} { [ 820.689532][T12850] INITIAL USE at: [ 820.693749][T12850] lock_acquire+0x19e/0x420 [ 820.700155][T12850] _raw_spin_lock_irqsave+0xb4/0x100 [ 820.708231][T12850] evdev_ioctl_handler+0x19eb/0x1ed0 [ 820.716838][T12850] __se_sys_ioctl+0xfd/0x170 [ 820.724937][T12850] do_syscall_64+0x55/0xa0 [ 820.731878][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 820.739687][T12850] } [ 820.742346][T12850] ... key at: [] evdev_open.__key.28+0x0/0x20 [ 820.750842][T12850] ... acquired at: [ 820.754891][T12850] _raw_spin_lock+0x2e/0x40 [ 820.759557][T12850] evdev_pass_values+0xcb/0xab0 [ 820.764829][T12850] evdev_events+0x1d8/0x330 [ 820.769665][T12850] input_pass_values+0x905/0x12f0 [ 820.775133][T12850] input_event_dispose+0x346/0x6c0 [ 820.780715][T12850] input_inject_event+0x1f9/0x320 [ 820.785996][T12850] evdev_write+0x35f/0x490 [ 820.790662][T12850] vfs_write+0x296/0x990 [ 820.795593][T12850] ksys_write+0x150/0x260 [ 820.800194][T12850] do_syscall_64+0x55/0xa0 [ 820.805050][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 820.811214][T12850] [ 820.813541][T12850] -> (&new->fa_lock){....}-{2:2} { [ 820.818883][T12850] INITIAL USE at: [ 820.823151][T12850] lock_acquire+0x19e/0x420 [ 820.829679][T12850] _raw_write_lock_irq+0xaf/0xf0 [ 820.836540][T12850] fasync_remove_entry+0xf4/0x1c0 [ 820.843828][T12850] sock_fasync+0x88/0xf0 [ 820.849971][T12850] __fput+0x7f3/0x970 [ 820.855875][T12850] task_work_run+0x1d4/0x260 [ 820.862407][T12850] exit_to_user_mode_loop+0xe6/0x110 [ 820.869601][T12850] exit_to_user_mode_prepare+0xee/0x180 [ 820.877043][T12850] syscall_exit_to_user_mode+0x1a/0x50 [ 820.884318][T12850] do_syscall_64+0x61/0xa0 [ 820.890470][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 820.898436][T12850] INITIAL READ USE at: [ 820.902937][T12850] lock_acquire+0x19e/0x420 [ 820.909610][T12850] _raw_read_lock_irqsave+0xbc/0x100 [ 820.917170][T12850] kill_fasync+0x192/0x4b0 [ 820.923986][T12850] sock_wake_async+0x137/0x160 [ 820.931280][T12850] sk_wake_async+0x184/0x280 [ 820.938239][T12850] unix_release_sock+0x802/0xe40 [ 820.945538][T12850] unix_release+0x8c/0xc0 [ 820.952143][T12850] sock_close+0xbd/0x230 [ 820.958570][T12850] __fput+0x234/0x970 [ 820.964721][T12850] task_work_run+0x1d4/0x260 [ 820.971557][T12850] get_signal+0x1235/0x13f0 [ 820.978233][T12850] arch_do_signal_or_restart+0xc2/0x800 [ 820.986124][T12850] exit_to_user_mode_loop+0x70/0x110 [ 820.993666][T12850] exit_to_user_mode_prepare+0xee/0x180 [ 821.001391][T12850] syscall_exit_to_user_mode+0x1a/0x50 [ 821.009209][T12850] do_syscall_64+0x61/0xa0 [ 821.015793][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 821.023843][T12850] } [ 821.026410][T12850] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 821.035271][T12850] ... acquired at: [ 821.039412][T12850] _raw_read_lock_irqsave+0xbc/0x100 [ 821.045405][T12850] kill_fasync+0x192/0x4b0 [ 821.050128][T12850] evdev_pass_values+0x54b/0xab0 [ 821.055442][T12850] evdev_events+0x1d8/0x330 [ 821.060232][T12850] input_pass_values+0x905/0x12f0 [ 821.065711][T12850] input_event_dispose+0x346/0x6c0 [ 821.071447][T12850] input_inject_event+0x1f9/0x320 [ 821.076813][T12850] evdev_write+0x35f/0x490 [ 821.081476][T12850] vfs_write+0x296/0x990 [ 821.086489][T12850] ksys_write+0x150/0x260 [ 821.090980][T12850] do_syscall_64+0x55/0xa0 [ 821.095897][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 821.102247][T12850] [ 821.104769][T12850] -> (&f->f_owner.lock){...-}-{2:2} { [ 821.110514][T12850] IN-SOFTIRQ-R at: [ 821.114601][T12850] lock_acquire+0x19e/0x420 [ 821.120989][T12850] _raw_read_lock_irqsave+0xbc/0x100 [ 821.128294][T12850] send_sigurg+0x29/0x3c0 [ 821.134447][T12850] sk_send_sigurg+0x6f/0xc0 [ 821.141030][T12850] tcp_check_urg+0x200/0x750 [ 821.147346][T12850] tcp_urg+0x164/0x410 [ 821.153172][T12850] tcp_rcv_established+0xa34/0x1d20 [ 821.160206][T12850] tcp_v4_do_rcv+0x4ed/0xb80 [ 821.166547][T12850] tcp_v4_rcv+0x23bf/0x2af0 [ 821.173065][T12850] ip_protocol_deliver_rcu+0x20e/0x3f0 [ 821.180541][T12850] ip_local_deliver_finish+0x2ca/0x510 [ 821.187766][T12850] NF_HOOK+0x32d/0x3b0 [ 821.193836][T12850] NF_HOOK+0x32d/0x3b0 [ 821.199548][T12850] __netif_receive_skb+0xcc/0x290 [ 821.206501][T12850] process_backlog+0x391/0x6f0 [ 821.212896][T12850] __napi_poll+0xc0/0x460 [ 821.219062][T12850] net_rx_action+0x616/0xc40 [ 821.225577][T12850] handle_softirqs+0x280/0x820 [ 821.232275][T12850] __irq_exit_rcu+0xd3/0x190 [ 821.238702][T12850] irq_exit_rcu+0x9/0x20 [ 821.244767][T12850] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 821.252043][T12850] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 821.260019][T12850] lock_acquire+0x208/0x420 [ 821.266333][T12850] fs_reclaim_acquire+0x98/0x100 [ 821.273126][T12850] prepare_alloc_pages+0x15a/0x5f0 [ 821.279973][T12850] __alloc_pages+0x134/0x460 [ 821.286210][T12850] __folio_alloc+0x10/0x20 [ 821.292352][T12850] vma_alloc_folio+0x47a/0x8f0 [ 821.298846][T12850] shmem_alloc_folio+0x1a9/0x2a0 [ 821.305426][T12850] shmem_alloc_and_acct_folio+0x1e6/0x6d0 [ 821.313174][T12850] shmem_get_folio_gfp+0xcde/0x2aa0 [ 821.320269][T12850] shmem_fault+0x1b8/0x810 [ 821.326514][T12850] __do_fault+0x13b/0x4d0 [ 821.332480][T12850] handle_mm_fault+0x2299/0x4c00 [ 821.339232][T12850] __get_user_pages+0x5d0/0x1380 [ 821.345905][T12850] populate_vma_page_range+0x2c1/0x380 [ 821.353153][T12850] __mm_populate+0x260/0x390 [ 821.359429][T12850] vm_mmap_pgoff+0x2da/0x3f0 [ 821.365880][T12850] do_syscall_64+0x55/0xa0 [ 821.372833][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 821.380466][T12850] INITIAL USE at: [ 821.384741][T12850] lock_acquire+0x19e/0x420 [ 821.391003][T12850] _raw_write_lock_irq+0xaf/0xf0 [ 821.397685][T12850] __f_setown+0x3b/0x330 [ 821.403486][T12850] do_fcntl+0x11fd/0x1490 [ 821.409541][T12850] __se_sys_fcntl+0xc9/0x1a0 [ 821.415869][T12850] do_syscall_64+0x55/0xa0 [ 821.421932][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 821.429396][T12850] INITIAL READ USE at: [ 821.433709][T12850] lock_acquire+0x19e/0x420 [ 821.440392][T12850] _raw_read_lock_irqsave+0xbc/0x100 [ 821.447840][T12850] send_sigurg+0x29/0x3c0 [ 821.454255][T12850] sk_send_sigurg+0x6f/0xc0 [ 821.461002][T12850] tcp_check_urg+0x200/0x750 [ 821.467604][T12850] tcp_urg+0x164/0x410 [ 821.473739][T12850] tcp_rcv_established+0xa34/0x1d20 [ 821.481201][T12850] tcp_v4_do_rcv+0x4ed/0xb80 [ 821.487872][T12850] __release_sock+0x1e5/0x460 [ 821.494888][T12850] release_sock+0x5f/0x1c0 [ 821.501296][T12850] tcp_sendmsg+0x39/0x50 [ 821.507740][T12850] ____sys_sendmsg+0x5ba/0x960 [ 821.514691][T12850] ___sys_sendmsg+0x2a6/0x360 [ 821.521437][T12850] __se_sys_sendmsg+0x1c2/0x2b0 [ 821.528402][T12850] do_syscall_64+0x55/0xa0 [ 821.534979][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 821.542948][T12850] } [ 821.545519][T12850] ... key at: [] init_file.__key+0x0/0x20 [ 821.553572][T12850] ... acquired at: [ 821.557355][T12850] _raw_read_lock_irqsave+0xbc/0x100 [ 821.562886][T12850] send_sigio+0x33/0x360 [ 821.567336][T12850] kill_fasync+0x228/0x4b0 [ 821.571977][T12850] sock_wake_async+0x137/0x160 [ 821.576910][T12850] sk_wake_async+0x184/0x280 [ 821.581759][T12850] unix_release_sock+0x802/0xe40 [ 821.586965][T12850] unix_release+0x8c/0xc0 [ 821.591457][T12850] sock_close+0xbd/0x230 [ 821.595857][T12850] __fput+0x234/0x970 [ 821.600025][T12850] task_work_run+0x1d4/0x260 [ 821.604797][T12850] get_signal+0x1235/0x13f0 [ 821.609489][T12850] arch_do_signal_or_restart+0xc2/0x800 [ 821.615230][T12850] exit_to_user_mode_loop+0x70/0x110 [ 821.620957][T12850] exit_to_user_mode_prepare+0xee/0x180 [ 821.626673][T12850] syscall_exit_to_user_mode+0x1a/0x50 [ 821.632296][T12850] do_syscall_64+0x61/0xa0 [ 821.636989][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 821.643146][T12850] [ 821.645468][T12850] [ 821.645468][T12850] the dependencies between the lock to be acquired [ 821.645474][T12850] and HARDIRQ-irq-unsafe lock: [ 821.658963][T12850] -> (tasklist_lock){.+.+}-{2:2} { [ 821.664254][T12850] HARDIRQ-ON-R at: [ 821.668216][T12850] lock_acquire+0x19e/0x420 [ 821.674642][T12850] _raw_read_lock+0x36/0x50 [ 821.680866][T12850] do_wait+0x294/0xae0 [ 821.686660][T12850] kernel_wait+0xd7/0x1c0 [ 821.692802][T12850] call_usermodehelper_exec_work+0xb9/0x220 [ 821.700682][T12850] process_scheduled_works+0xa5d/0x15d0 [ 821.707882][T12850] worker_thread+0xa55/0xfc0 [ 821.714211][T12850] kthread+0x2fa/0x390 [ 821.719918][T12850] ret_from_fork+0x48/0x80 [ 821.726107][T12850] ret_from_fork_asm+0x11/0x20 [ 821.732511][T12850] SOFTIRQ-ON-R at: [ 821.736474][T12850] lock_acquire+0x19e/0x420 [ 821.742893][T12850] _raw_read_lock+0x36/0x50 [ 821.749189][T12850] do_wait+0x294/0xae0 [ 821.755112][T12850] kernel_wait+0xd7/0x1c0 [ 821.761270][T12850] call_usermodehelper_exec_work+0xb9/0x220 [ 821.768994][T12850] process_scheduled_works+0xa5d/0x15d0 [ 821.776195][T12850] worker_thread+0xa55/0xfc0 [ 821.782598][T12850] kthread+0x2fa/0x390 [ 821.788308][T12850] ret_from_fork+0x48/0x80 [ 821.794526][T12850] ret_from_fork_asm+0x11/0x20 [ 821.801193][T12850] INITIAL USE at: [ 821.805087][T12850] lock_acquire+0x19e/0x420 [ 821.811226][T12850] _raw_write_lock_irq+0xaf/0xf0 [ 821.818062][T12850] copy_process+0x2275/0x3d80 [ 821.824289][T12850] kernel_clone+0x24b/0x8a0 [ 821.830453][T12850] user_mode_thread+0x111/0x180 [ 821.836863][T12850] rest_init+0x27/0x300 [ 821.842660][T12850] arch_call_rest_init+0xe/0x10 [ 821.849084][T12850] start_kernel+0x459/0x4e0 [ 821.855137][T12850] x86_64_start_reservations+0x2a/0x30 [ 821.862155][T12850] copy_bootdata+0x0/0xe0 [ 821.868136][T12850] secondary_startup_64_no_verify+0x179/0x17b [ 821.876010][T12850] INITIAL READ USE at: [ 821.880339][T12850] lock_acquire+0x19e/0x420 [ 821.886924][T12850] _raw_read_lock+0x36/0x50 [ 821.893677][T12850] do_wait+0x294/0xae0 [ 821.899945][T12850] kernel_wait+0xd7/0x1c0 [ 821.906296][T12850] call_usermodehelper_exec_work+0xb9/0x220 [ 821.914195][T12850] process_scheduled_works+0xa5d/0x15d0 [ 821.921837][T12850] worker_thread+0xa55/0xfc0 [ 821.928531][T12850] kthread+0x2fa/0x390 [ 821.934765][T12850] ret_from_fork+0x48/0x80 [ 821.941300][T12850] ret_from_fork_asm+0x11/0x20 [ 821.948356][T12850] } [ 821.950839][T12850] ... key at: [] tasklist_lock+0x18/0x40 [ 821.958558][T12850] ... acquired at: [ 821.962440][T12850] _raw_read_lock+0x36/0x50 [ 821.967207][T12850] send_sigurg+0xf0/0x3c0 [ 821.971699][T12850] sk_send_sigurg+0x6f/0xc0 [ 821.976364][T12850] tcp_check_urg+0x200/0x750 [ 821.981643][T12850] tcp_urg+0x164/0x410 [ 821.985971][T12850] tcp_rcv_established+0xa34/0x1d20 [ 821.991338][T12850] tcp_v4_do_rcv+0x4ed/0xb80 [ 821.996185][T12850] __release_sock+0x1e5/0x460 [ 822.001200][T12850] release_sock+0x5f/0x1c0 [ 822.005776][T12850] sk_stream_wait_memory+0x6e3/0xee0 [ 822.011404][T12850] tcp_sendmsg_locked+0x15cd/0x4ba0 [ 822.016854][T12850] tcp_sendmsg+0x2f/0x50 [ 822.021725][T12850] __sys_sendto+0x4a9/0x6b0 [ 822.026413][T12850] __x64_sys_sendto+0xde/0xf0 [ 822.031366][T12850] do_syscall_64+0x55/0xa0 [ 822.035946][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 822.042215][T12850] [ 822.044658][T12850] [ 822.044658][T12850] stack backtrace: [ 822.050946][T12850] CPU: 0 PID: 12850 Comm: syz.0.1783 Not tainted syzkaller #0 [ 822.058584][T12850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 822.068897][T12850] Call Trace: [ 822.072172][T12850] [ 822.075189][T12850] dump_stack_lvl+0x18c/0x250 [ 822.080040][T12850] ? load_image+0x400/0x400 [ 822.084626][T12850] ? show_regs_print_info+0x20/0x20 [ 822.089829][T12850] ? load_image+0x400/0x400 [ 822.094496][T12850] ? print_shortest_lock_dependencies+0xf4/0x160 [ 822.100808][T12850] __lock_acquire+0x6851/0x7d40 [ 822.105674][T12850] ? verify_lock_unused+0x140/0x140 [ 822.110953][T12850] ? cubictcp_acked+0xc6/0xe90 [ 822.115803][T12850] lock_acquire+0x19e/0x420 [ 822.120387][T12850] ? send_sigurg+0xf0/0x3c0 [ 822.124881][T12850] ? read_lock_is_recursive+0x20/0x20 [ 822.130262][T12850] ? do_raw_read_lock+0x3d/0x90 [ 822.135274][T12850] ? _raw_read_lock_irqsave+0xc8/0x100 [ 822.140920][T12850] ? _raw_read_lock+0x50/0x50 [ 822.145783][T12850] _raw_read_lock+0x36/0x50 [ 822.150769][T12850] ? send_sigurg+0xf0/0x3c0 [ 822.155373][T12850] send_sigurg+0xf0/0x3c0 [ 822.160009][T12850] sk_send_sigurg+0x6f/0xc0 [ 822.164656][T12850] tcp_check_urg+0x200/0x750 [ 822.169698][T12850] tcp_urg+0x164/0x410 [ 822.173866][T12850] ? tcp_validate_incoming+0x2250/0x2250 [ 822.179854][T12850] ? read_tsc+0x9/0x20 [ 822.184015][T12850] ? inet_sk_rx_dst_set+0x15f/0x1d0 [ 822.189292][T12850] tcp_rcv_established+0xa34/0x1d20 [ 822.194678][T12850] ? tcp_check_space+0xad0/0xad0 [ 822.199790][T12850] ? __local_bh_enable_ip+0x13a/0x1c0 [ 822.205590][T12850] tcp_v4_do_rcv+0x4ed/0xb80 [ 822.210205][T12850] __release_sock+0x1e5/0x460 [ 822.215084][T12850] release_sock+0x5f/0x1c0 [ 822.219692][T12850] sk_stream_wait_memory+0x6e3/0xee0 [ 822.225164][T12850] ? sk_stream_wait_close+0x540/0x540 [ 822.230620][T12850] ? wait_woken+0x180/0x180 [ 822.235305][T12850] ? __tcp_push_pending_frames+0xd2/0x340 [ 822.241119][T12850] ? tcp_push+0x40a/0x660 [ 822.245481][T12850] tcp_sendmsg_locked+0x15cd/0x4ba0 [ 822.250737][T12850] ? verify_lock_unused+0x140/0x140 [ 822.255969][T12850] ? tcp_set_state+0x680/0x680 [ 822.260769][T12850] tcp_sendmsg+0x2f/0x50 [ 822.265181][T12850] __sys_sendto+0x4a9/0x6b0 [ 822.269770][T12850] ? __ia32_sys_getpeername+0x90/0x90 [ 822.275405][T12850] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 822.281639][T12850] ? lock_chain_count+0x20/0x20 [ 822.286527][T12850] __x64_sys_sendto+0xde/0xf0 [ 822.291202][T12850] do_syscall_64+0x55/0xa0 [ 822.295713][T12850] ? clear_bhb_loop+0x40/0x90 [ 822.300397][T12850] ? clear_bhb_loop+0x40/0x90 [ 822.305064][T12850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 822.310951][T12850] RIP: 0033:0x7f0f9ab9c629 [ 822.315466][T12850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 822.335814][T12850] RSP: 002b:00007f0f9baef028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 822.344596][T12850] RAX: ffffffffffffffda RBX: 00007f0f9ae15fa0 RCX: 00007f0f9ab9c629 [ 822.352648][T12850] RDX: ffffffffffffff94 RSI: 0000200000000000 RDI: 0000000000000003 [ 822.360954][T12850] RBP: 00007f0f9ac32b39 R08: 0000000000000000 R09: 0000000000000000 [ 822.369017][T12850] R10: 000000000000000b R11: 0000000000000246 R12: 0000000000000000 [ 822.377243][T12850] R13: 00007f0f9ae16038 R14: 00007f0f9ae15fa0 R15: 00007ffd3606abe8 [ 822.385303][T12850]