last executing test programs: 5.802941821s ago: executing program 0 (id=1958): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000140)={[{@init_itable_val={'init_itable', 0x3d, 0x101}}, {@stripe={'stripe', 0x3d, 0x856f}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@minixdf}, {@nodiscard}, {@nomblk_io_submit}, {@acl}, {@nojournal_checksum}, {@resuid}]}, 0x1, 0xbbc, &(0x7f0000000380)="$eJzs3MtrXNcZAPDvXr1ttSOXUupurFKKDaVj2UWmNoXaxaWbLgrttmAhj4zQ+IGk4EjWYpT8AyHJOpBNIIlJ8CJee5NAttkkzjYmi4AJipVACInCnYckSzN62DO6svX7wZl7zpx77/m+uczcc2BmAjiwhrOHNOJoRFxKIgr159OI6K3W+iMqtf2WlxbGv1taGE9iZeW/XyeRRMSjpYXxxrmS+vZwvdEfEZ/8I4lfvbx53Jm5+amxcrk0XW+fnL164+TM3PyfJ6+OXSldKV07deavo6dHz4ycHW1brt9/cf7ut7//15eVH9758fY3r72VxPkYrPetz6Oe9VMbjuHV12S97ogYa8P594Ouej7r80y6tzko7XBQAAC0lK6bw/0mCtEVa5O3Qnz4aa7BAQAAAG2x0hWxAgAAADznEut/AAAAeM41vgfwaGlhvFHy/UbC3np4ISKGavkv10utpzsq1W1/9ETEoUdJrP9Za1I77KkNR8SDz8++n5Vo8jvkTqssRsRvm13/pJr/UP2X0BvzTyNipA3jD29oP0v5n2/D+HnnD8DBdO9C7Ua2+f6Xrs5/osn9r7vJvetJ5H3/a8z/ljfN/9by72ox//vPDse49fYbN1v1Zfn/7e4/32uUbPxs+1RJ7cLDxYjfdTfLP1nNP2mR/6UdjlH46WapVV/e+a+8GXE8muffkGz9/0QnJybLpZHaY9MxFj8efbfV+Hnnn13/Qy3y3+7633jsTK3/1Of/Fy/eadW3ff7pV73J/6q13vozL47Nzk6fiuhN/r35+dNb59vYp3GOLP8Tf9j6/d8s/+wzoVJ/HbLMF+vbrP3ShjH/fvvWB1vln6398rz+l5/w+r+ywzH++NGrJ1r1rV//ZiUb/0FSWwsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEMaEYORpMWISKr1NC0WIw5HxK/jUFq+PjP7p4nrL1y7nPVFDEVPOjFZLo1ERKHWTrL2qWp9rX16Q/svEXEkIl4vDFTbxfHr5ct5Jw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCqwxExGElajIg0IpYLaVos5h0VAAAA0HZDuz9koBNxAAAAAJ3zBOt/AAAA4Blj/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHHTl2734SEZVzA9WS6a339eQaGdBpad4BALnpyjsAIDfdeQcA5GaXa3zTBXgOJdv097fs6Wt7LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsX8eP3rufRETl3EC1ZHrrfT1Njzi2h9EBnZTmHQCQm66tOrv3Lg5g73mLw8HVfI0PHCTJNv39a/tUHu/p61hMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOw/g9WSpMWISKv1NC0WI34REUPRk0xMlksjEfHLiPis0NOXtfvyDhoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC2m5mbnxorl0vTKioq+VaS/RFGrZL3JxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHmYmZufGiuXS9MzeUcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5G1mbn5qrFwuTe+gcmc3O6+r5J0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5+TkAAP//VNIN/Q==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, 0x0, 0x0) 5.298021918s ago: executing program 0 (id=1961): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0, 0x2}) r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000100)={0x20004, r5, 0x2}) r8 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r7}) ioctl$DRM_IOCTL_GEM_FLINK(r8, 0xc008640a, &(0x7f0000000300)={r9, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000040)={r10}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000300)={r4}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 4.817179693s ago: executing program 2 (id=1963): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000000000000000000000000007112310000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x8, 0xfffffffe}}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x1f, 0x111, 0x8300, 0xf}}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x480202) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) mkdir(0x0, 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x12) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1210060, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000000)=0x1f40) 4.61834206s ago: executing program 0 (id=1964): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4080) 4.028903979s ago: executing program 2 (id=1966): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xc}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x8, 0x830, 0x5, 0xffffffff}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x8e3, 0x24fcdf45, 0xffffbb2f, 0x4, 0x2, 0x7}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x200040f0}, 0x4890) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 3.651755931s ago: executing program 0 (id=1969): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000140)={[{@init_itable_val={'init_itable', 0x3d, 0x101}}, {@stripe={'stripe', 0x3d, 0x856f}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@minixdf}, {@nodiscard}, {@nomblk_io_submit}, {@acl}, {@nojournal_checksum}, {@resuid}]}, 0x1, 0xbbc, &(0x7f0000000380)="$eJzs3MtrXNcZAPDvXr1ttSOXUupurFKKDaVj2UWmNoXaxaWbLgrttmAhj4zQ+IGk4EjWYpT8AyHJOpBNIIlJ8CJee5NAttkkzjYmi4AJipVACInCnYckSzN62DO6svX7wZl7zpx77/m+uczcc2BmAjiwhrOHNOJoRFxKIgr159OI6K3W+iMqtf2WlxbGv1taGE9iZeW/XyeRRMSjpYXxxrmS+vZwvdEfEZ/8I4lfvbx53Jm5+amxcrk0XW+fnL164+TM3PyfJ6+OXSldKV07deavo6dHz4ycHW1brt9/cf7ut7//15eVH9758fY3r72VxPkYrPetz6Oe9VMbjuHV12S97ogYa8P594Ouej7r80y6tzko7XBQAAC0lK6bw/0mCtEVa5O3Qnz4aa7BAQAAAG2x0hWxAgAAADznEut/AAAAeM41vgfwaGlhvFHy/UbC3np4ISKGavkv10utpzsq1W1/9ETEoUdJrP9Za1I77KkNR8SDz8++n5Vo8jvkTqssRsRvm13/pJr/UP2X0BvzTyNipA3jD29oP0v5n2/D+HnnD8DBdO9C7Ua2+f6Xrs5/osn9r7vJvetJ5H3/a8z/ljfN/9by72ox//vPDse49fYbN1v1Zfn/7e4/32uUbPxs+1RJ7cLDxYjfdTfLP1nNP2mR/6UdjlH46WapVV/e+a+8GXE8muffkGz9/0QnJybLpZHaY9MxFj8efbfV+Hnnn13/Qy3y3+7633jsTK3/1Of/Fy/eadW3ff7pV73J/6q13vozL47Nzk6fiuhN/r35+dNb59vYp3GOLP8Tf9j6/d8s/+wzoVJ/HbLMF+vbrP3ShjH/fvvWB1vln6398rz+l5/w+r+ywzH++NGrJ1r1rV//ZiUb/0FSWwsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEMaEYORpMWISKr1NC0WIw5HxK/jUFq+PjP7p4nrL1y7nPVFDEVPOjFZLo1ERKHWTrL2qWp9rX16Q/svEXEkIl4vDFTbxfHr5ct5Jw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCqwxExGElajIg0IpYLaVos5h0VAAAA0HZDuz9koBNxAAAAAJ3zBOt/AAAA4Blj/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHHTl2734SEZVzA9WS6a339eQaGdBpad4BALnpyjsAIDfdeQcA5GaXa3zTBXgOJdv097fs6Wt7LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsX8eP3rufRETl3EC1ZHrrfT1Njzi2h9EBnZTmHQCQm66tOrv3Lg5g73mLw8HVfI0PHCTJNv39a/tUHu/p61hMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOw/g9WSpMWISKv1NC0WI34REUPRk0xMlksjEfHLiPis0NOXtfvyDhoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC2m5mbnxorl0vTKioq+VaS/RFGrZL3JxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHmYmZufGiuXS9MzeUcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5G1mbn5qrFwuTe+gcmc3O6+r5J0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5+TkAAP//VNIN/Q==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, 0x0, 0x0) 3.581808244s ago: executing program 2 (id=1970): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) recvmsg$unix(r0, &(0x7f0000000540)={&(0x7f0000000180), 0x6e, &(0x7f0000000640)=[{&(0x7f0000000380)=""/240, 0xf0}, {&(0x7f0000000300)=""/37, 0x25}, {&(0x7f0000000580)=""/65, 0x41}, {&(0x7f0000000600)=""/51, 0x33}], 0x4, &(0x7f0000000500)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7020000c3000000bf230000000000002703000000fefeff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400011000000404000001007d60b7030000000000006a0a00fe8000000085000000d3000000c7000000000000009500001000000000acaa8e53a53cb864c300094c07000000000000d94cf0987b00a749a8e53b5c9491cd1f2b94a64f1de23d03a8f0362ebfc44c77511e60070e25510070f7778d3e77ad85319f0113abbac795f8c24abca246150226eb93fe39233add8f68f87699162334343befce832cb8075c5f0ae30cde221371ff00000067e4b75da95370ae6fd2b99ac18f98403494d4a94e95fb8dcd813487b2bdb006c6465c15f04485a9f8c8e49d00000097184c8e9d34b1e382b25e9614634e8e09194f7b83138f5275d9ab463797a2f6dcb45d5f278cd4fb74559575da3560c01cdf1eaa3fc7a3fb4f1689dfd5b626174770e4dfd1c82a694efc62f9ef9c8c0ea1efa5b949ce22827f6fd1dfc69d03482d8ec264e3d96ad19a0c99a234b4b71b0bc22573f8594b91781cd8ff7f000000000000299ebf94588e60abe9a565c5bbdc0358226f8580dc1a83c6a44408de23475a74ef0deda8da4089269ccb4e728dee6320444576c87cc576291e5367a5f1a5d5a12f8313ffff0b7f73335279aa2b68c9f045831119881764c71bb65b5138c50e06024e80fd9656bc077e4e259695748989335ba9eeef288de73815f20fefd4acfb6813ffff00000b971aec1a3e618a08a94ecbd401c8109c87ee3f5c0501857538d2a766bfcf4128fbe726903aca577aa8943af747760718dee5a21396dce6f61c6f3c7e000000cb0868b48719e47296f2299df3ecfb5f3f0e42f6f1eb1dc64dcc8e397366d12033f6288edbda3b838100000000000000000000800000edd4e1266dc9d73223fe614f025a7f284de76b3b676a13c57a0ed24f6270c4cbbf93472eb8093d8296c68dfbb03ddedc3e029b08959b145a7b110068ba071e75d75716243052ad24b624fddc2f0f3a018c0085c2319c248d643cd09fa855b20a6d453f2e954ff0e55c010000008547c5a0ecefcc44cc9532f729167f215937357a4bb9746193c1ec000000000000dd43c108c2109d221b7b26b7c9c209000005b7918a6cd856b8fa806c85480443159c6bed51a0e021f05f7caa1b99cdb4d08d9031210ac00e67d8c40a18503cb7aabcc066dfbfd7f87abe1122f00e5454bec3563a19582e0000000000000000000000000084b27fc6a3f95bf02b4eb5f1599dd46edcad432cc216316fe07afe27649c89cf022a90d895a2d70fcde7a9c37ede0c47c27f44595ab4b1fb1ed5b1d91314b2d50f94a768fb605679485041a6376b8344a39af68aed2be39794dd86ae82f9660cf4f935255d71f9fab2e430ac42bba1f54141cf39d4d50c4ded504beacb0de210d7a3716dca7362c134b91cef3efc514fbcb4747e6814ac16449ac02a43d9d4151697b4b7890ec6b481c5f0ca8c52a6322f34a796fa5941d23409ecf73458223baaffb94a89ee2884df000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x36}, 0x48) fcntl$setlease(r1, 0x400, 0x1) r4 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000080)=0x2) ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0x400, 0x10000}}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) 3.515738146s ago: executing program 3 (id=1971): sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@get={0x118, 0x13, 0x400, 0x70bd26, 0x25dfdbfb, {{'morus640-sse2\x00'}, '\x00', '\x00', 0x2600, 0x400}, [{0x8, 0x1, 0x1}, {0x8, 0x1, 0xeffffffc}, {0x8, 0x1, 0xfffffbfa}, {0x8, 0x1, 0xf}, {0x8}, {0x8, 0x1, 0x8000}, {0x8}]}, 0x118}, 0x1, 0x0, 0x0, 0x64000}, 0x4040) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x800, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_io_uring_setup(0x3bd4, &(0x7f0000000440)={0x0, 0xcc19, 0x130c8, 0x6, 0x2ee}, &(0x7f0000000100), &(0x7f0000000200), &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xa) r2 = socket$vsock_stream(0x28, 0x1, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8c, 0x870, 0x0, 0xdf9e32a0640bc3f8, 0xd59f82, 0x19f5, 0xacc, 0xb, 0x0, 0x8, 0x27fa, 0x7fff, 0x440, 0x3, 0xd, 0x3, {0x45, 0x80}, 0xcd, 0x9}}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) getpriority(0x2, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, 0x0, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r3, 0xf501, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000005440)={&(0x7f0000000340)=@kern={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000031c0)=[{&(0x7f0000003240)=ANY=[], 0x404}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002ac0)={0x84, 0x1d, 0x20, 0x70bd29, 0x25dfdbfe, "", [@nested={0x15, 0xaf, 0x0, 0x1, [@typed={0x4, 0x77}, @nested={0x4, 0xeb}, @generic, @generic="4d0741a1df181bb60f"]}, @nested={0x4, 0xec}, @nested={0x56, 0x128, 0x0, 0x1, [@generic="b7fb0555c475ad685332af0145e93929e165c82fe9d3772007e4d9f0095e4eed8487da6f464ef0da9f8703e4c7d6e0faaa8f5cab6bdf0b847be5", @generic, @nested={0x4, 0x71}, @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@remote}]}]}, 0x84}, {&(0x7f0000000640)=ANY=[@ANYBLOB="500100003f0012042dbd7000ebdbdf25e44e6e092d15e25a0d1986d9f4ae12e7954914d017c12564e80dde669764361d6bd9689eaef669715acee8d87b09100b8505deb731e718683e124bd81d509041e6232ba0bae0d8c2cfccbe8cee8f372226d3e2dad7769dd3046b85f5316c867d62542ad7a87c87c0571593c2e6e67151d871f2adccad734f2d3050ff79886646f1aa32af9c8fb885f3a67a058b6987d665087384c725aacd75b3c68d3da4d49353ddf470ed5b0d724525e3aec299e638bb5632699894cf2a324f02371961ada6cd5759b333a63322e0a026a0cc3cda63a36fd60f76c6ee3a1179789008a050f717f0b3779fd92df5e8b7db3071da28adf382d63c75451b63d0b87a7234bc08164bcc82ffb3754d8230d2218eb698ea4d796509b5d048ccbdb4c4190c00230008000000000000001100b1002f6465762f7572616e646f6d0000000000b0a57c"], 0x150}], 0x7, &(0x7f0000005380)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r2, r1]}}], 0x90, 0xc000}, 0x0) ioctl$VIDIOC_PREPARE_BUF(r3, 0xc04c565d, &(0x7f00000003c0)=@fd={0x113, 0x0, 0x4, 0x1000, 0x0, {0x0, 0xea60}, {0x5, 0xd2598af09f5c086f, 0x2, 0x0, 0x48, 0xf, "3076eddd"}, 0x4, 0x4, {}, 0x7ff, 0x0, r4}) sendto$inet6(r5, &(0x7f00000002c0)='E', 0xffe0, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000005, 0x100013, 0xffffffffffffffff, 0x7f571000) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000180)={0x0, 0x1, 0x1, 0x6, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309002500000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc60efd680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca512b5f379c4eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7f804bb4713019a83353dc519d11c3cc1c22a3b86cf3c645413fcea0ce9ded703699d2bb6a4a663b99b6069da5aaf64785a58847440f064b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200216032811fadcf1e0f49a514df529061e09ce45e3f303a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a250200000000000000d23d324205000000000000000a617f22133b6cb5087f4c6057942ad995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a3cff46591ccaff3075b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8841416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedcbefc5990d7fed29a002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d559b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756d732533c2722e03002293e37966611602f297de6ff5408777d7a93c45cee3ee5c56e8a3e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f6579ef62866a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c909cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc562507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f80000000000001700000000000000000000000000000000000200"}) sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) 3.415757159s ago: executing program 1 (id=1972): socket$nl_route(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000340)=""/104, 0x68}], 0x1, 0x5b, 0x100) 2.555969687s ago: executing program 3 (id=1973): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x1, 0x80000000, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}}, 0x24}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@ipv4_newrule={0x34, 0x20, 0x1, 0x70bd26, 0x25dfdbfb, {0x2, 0x10, 0x10, 0x0, 0x9, 0x0, 0x0, 0x6, 0x10006}, [@FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2a}}, @FRA_GENERIC_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x7fffffff}, @FRA_DST={0x8, 0x1, @empty}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4004804) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00!'], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 2.381270723s ago: executing program 0 (id=1974): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000000000000000000000000007112310000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x8, 0xfffffffe}}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x1f, 0x111, 0x8300, 0xf}}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x480202) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) mkdir(0x0, 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x12) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1210060, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000000)=0x1f40) 2.300920295s ago: executing program 3 (id=1975): kexec_load(0x3, 0x1, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327a", 0x76, 0x5, 0xffffffff}], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {0x0}, {&(0x7f0000000740)}], 0x3}, 0x41) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) sendmmsg$alg(r2, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)="bd9c629b909dddebc0508bf412865663aded7919352b141faa7dc00680ce5a44ff1ed1c813c6c1e58e28c509cd269d0e79fff4d2ea4c1da69fa672c4f5eb15788aa929e9f5c94e443cf68a1759ee805958a7c76c8c7f11a39ea32c019c2f2c8cce48d92d659f623081974c0135dc1fe2a057f725a843c083e0620ffa607d3b9570a5b4094fca255491844b3d5cb63bab3d76ad07f9503d1450f1fb860b18ac983285f983e51262c539312073482f1538d9588323b836e6e2b7704dff3cbf89c2b828c7613310eafd664c946b1a6728154b1877257a8abe3d983344da083b86aee35e6b9b0d9307", 0xe7}], 0x1, &(0x7f00000008c0)=[@iv={0x68, 0x117, 0x2, 0x50, "bd19a432ebf20eb0a0ee39d005e869fe74b9842d9c92be0054aa20f9dbfeb8e59fa49c486a1a51c45c98c886185e506d1cf93255718fc79d6b6d1d434c678807c5ab4264c8ba94065d11d8ee27dd16f4"}, @assoc={0x18, 0x117, 0x4, 0x6}], 0x80, 0x40800}, {0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000009c0)="c2debd9e2d4617d17e01e704d3576f8b26b757ffa164a105efcaa28e5d52d4383258c148e95e4ee927dab4ba9cdbf4dbf6b0e19f8b7e9a95211ec6aedfd78a09200b7076afabdae9c87c6837e202845b6cf3ac6b728856d66eef286087e0154a40c153e5fe7505615fb53b33f629928c80aeea7fd091180968d44cd4544b6bb4c116f4d6c4c3d148eb273bd4fa76ad8f709ed07bd2a91564fc364f1b971b0e005fe1d24f1b0d7f157b695c625cc39aac2d6f07b11d92", 0xb6}, {&(0x7f0000000b40)="86545d2157646172b815818bfd0e1457556266898579380233e0e385", 0x1c}, {&(0x7f0000000b80)="0d4842ef613cd072196eae2d74d31c309df1c61a888039b1a23acbea852fb54afae1761845284c6e484aa5154a2b418ffe2ac1d6363010c9d8f2d75a71eb55849202714884c6a0a760f5e028016a68fc07407f5671a5a4a8c91e9d056039df63390376a7359c6fc2059d1e3ffeec1ff0f4c09099e8e61c268324d0fc621f6dc2912e4bd5316ff808ac5126ade9b759e1489c04a517e992d7b56d9df469c0c906000e0f82c089ec12677e7ade15e68a60", 0xb0}, {&(0x7f0000000c40)="176d6b3905505e2a41391bf6fd66d8ad4ebc86e07694005204b0151bfa8dc581a5be209d8850a950791f10f76de79651272a11f6d7267276ff1596a47826a90a0b74b425d8ff2bbea5c5732f69a908c45b4b348abc24d2cd2031a9508ef8e3594bd12ebc38c466f76d6ff3618471f4f6574e1043766375eb889750ca25429f976089462bf1b689280ebc67640f4534eef4b7ffd85963bc5d8b11", 0x9a}, {&(0x7f0000000d40)="7edb39aa76e39c9fc185dd49e1d028ba5e90ec3bb54d3c486f189f406945a495fe7b4ad51446c162", 0x28}], 0x5, 0x0, 0x0, 0xc0}], 0x2, 0x48040) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.015409954s ago: executing program 0 (id=1976): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000280)={0x1, @sdr={0x4d2036d9, 0x7}}) 1.893030208s ago: executing program 2 (id=1977): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4080) 1.886065228s ago: executing program 1 (id=1978): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xc}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x8, 0x830, 0x5, 0xffffffff}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x8e3, 0x24fcdf45, 0xffffbb2f, 0x4, 0x2, 0x7}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x200040f0}, 0x4890) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}}, 0x0) 1.801755161s ago: executing program 3 (id=1979): r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000808, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000040)=0x1000, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x3d10, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000014c0), 0x0, 0x22021, 0x0) 1.610070657s ago: executing program 3 (id=1980): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 1.609180117s ago: executing program 1 (id=1981): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000002940)=@newqdisc={0x434, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0x10}, {0x1}, {0x2, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x0, 0x4f0d, 0x5, 0x10001, 0x8, 0x10000, 0x80, 0x288, 0x9, 0x9, 0x2, 0xfff, 0xdfd, 0x1, 0x7887, 0x5, 0xdd16, 0x392, 0x31aa, 0x7fff, 0x2, 0xfffff98c, 0x4, 0x4e, 0x100, 0xa, 0x9, 0x2, 0x11, 0xffffffff, 0x3, 0x4, 0x1000, 0x800, 0x7, 0x1, 0x9, 0xd, 0x7, 0xa4f, 0x2, 0xc, 0x3, 0x0, 0xffffffef, 0x74, 0x2, 0x4, 0xffffffff, 0x6, 0x3, 0x1000, 0x6, 0x5, 0x71d, 0x2, 0xffff, 0x6, 0x6, 0x80000000, 0xce0, 0x9, 0xea5, 0x8, 0x200, 0x4, 0x8001, 0xa8, 0x9, 0x10, 0x9, 0x10000, 0x2, 0x7fff, 0xc, 0x7, 0x4800, 0x8, 0x6, 0xe87, 0x7f, 0x6, 0x0, 0x4800, 0x1, 0x12, 0x18b, 0x6, 0x2, 0x5, 0x1, 0x40, 0x5, 0x1, 0x0, 0x1da35084, 0x4, 0x1, 0x9, 0x7, 0x0, 0x4, 0x8, 0x4, 0x2, 0x0, 0x7, 0x200, 0x3, 0x8001, 0xa000, 0x0, 0x7a69, 0x764064d2, 0x92, 0x2, 0xbdc9, 0x3, 0xff, 0x2, 0x10, 0x5, 0x10000, 0x100, 0x5, 0x1022075d, 0x8, 0x5, 0x5, 0xfffffffe, 0x7f, 0x101, 0x4, 0x2, 0x9, 0x27, 0xff, 0x1, 0xf64a, 0xfffffffd, 0x5, 0x6, 0x7, 0xffff4fc5, 0x8, 0x7f, 0x101, 0x400, 0x100, 0x2, 0x5, 0x4, 0x27, 0x2, 0x7, 0x1, 0xb8, 0xffffff2a, 0x6, 0x8001, 0x6, 0x8, 0x3ff, 0x2, 0x6, 0x0, 0x6, 0x7fff, 0x80, 0x2, 0x5aeb, 0xc, 0x80000001, 0x39, 0x5, 0xa05, 0x3, 0x9, 0x72, 0x5, 0x4, 0x9, 0xba, 0x3, 0xc3, 0x8, 0x6, 0x7f, 0x5, 0xe8f0, 0x55, 0x8, 0x0, 0x7, 0x2, 0x8, 0x410, 0xffff03a4, 0xa8, 0x39b5, 0x8, 0xf3, 0x4, 0x10001, 0x0, 0x7f, 0x2, 0x7fff, 0x7, 0x401, 0x4, 0x0, 0x8, 0x2, 0x7, 0x2, 0x1, 0x2, 0x8, 0xffff, 0x0, 0x9, 0xc0e, 0x41, 0xf, 0xffff, 0xfffffff7, 0xffffff26, 0x7, 0x32a, 0xad95, 0x776, 0x9, 0xfffffffd, 0x8, 0x3, 0xa4c9, 0x1, 0x6, 0xb, 0x3, 0x101, 0x1, 0x0, 0x2, 0x3, 0x4, 0x0, 0x80000000, 0xfffffff8, 0x400, 0x5, 0x2, 0x40, 0xfffeffff, 0x541b]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0xb3538085985bb3d6}, 0x0) sendmsg$NFT_BATCH(r2, 0x0, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000008000004000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c0001800600010000020000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002b80)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.398366054s ago: executing program 3 (id=1982): mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2000, 0x103) syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x8000, &(0x7f00000006c0)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T") 1.397743594s ago: executing program 2 (id=1983): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) arch_prctl$ARCH_GET_FS(0x1003, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x80) r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f00000000c0)=@usbdevfs_connect) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006", @ANYRES16=0x0, @ANYRES32=r0], 0x3c}}, 0x0) socket(0x10, 0x2, 0xd61) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4c3}) setgid(0x0) 1.396939814s ago: executing program 1 (id=1984): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) syz_extract_tcp_res(0x0, 0x6, 0x5) syz_emit_ethernet(0x30f, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaabb7fc9bb68d1df88a82b008100190008004ebd02f900680000082f9078ac1414bbac1414bb868700000000020f1ad9a4cd3bdbed2faeb6ca28ae0005d46a11634e2c62aedc01037b07101f3462d0fcfe0f647f6c28f4d157000da3e23df9148913333cd499051188f763d72d71cddf89e9be603984f006102784755e41ecd35e59b6d313b83e060b25974a58669da2a4dd0612d2d2d1fb3c6dd4e8eb9ff1ef232c6e64020f3fa96b73c2e7a272a2a3fe3dd044183430000000050000000600000005000000030000000344447bb1e00000010000000be000000200008ad86401010000000000e000000200000fffac141442000000066401010000000004ac1414aa00000008ffffffff0000000c000c21880b00fa00009b2047b600aa02605ba2d4d43ad536c3ead7ecc4c480adbcded174c7e91ced0004c8936012c776402e558872da2b52513290220f56811c8f0d6c4fe271892546669ae20a60d7fe38ac933428f50c85503e657d3ca40dcafb3bfbb37423ae8ffdc4ea9f64a6594bf2c3f7b76c81b92525c50e59300aa2ab958d6b1ffd656b7dd1eebbfc6441b800e7a0377b8fafcd2c7cc5cb8674aac57676cc96cabf92d356c8ed183430e3698919935602bf2ad8e0e85cf6e40a86319fae1029657f6ffd4a8ce88980d3d9daef15a657b15de657d35463966a87f5ca546f9c070075761f0808cdf8eaa9dc067e9a2b30c4f0a3984999a8ed973c94c680f20147040008000001f03291972cf310546effe1f556d9d152d80955de9d24d23fb9bfa475a0e616af1f1f9b6cd0732715dc32d1d89417bd000086dde044262c7deb71f3ad2075f421a376502d21fd380f95c20320016eeb637396877d86bdbfa381a12be1f2a916d96a47f188305bbc11e07e3f513e8e101d800aa43d698e1ddcd56577d52b69281987db802118b7053664a527c42a860918ce097b09b7827124778233f8dad66f080088be00000003100125040100000000000005080022eb0000000321803a2302"], &(0x7f0000000640)={0x0, 0x2, [0x4a1, 0xc34, 0xf62, 0x4b]}) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, 0x0, &(0x7f00000000c0), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r2, &(0x7f0000000800)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0x43}, 0x5}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000680)="92ca3a839be8e27fc536b372000000a296de0d0ffc1741a765bf3f5ca07596cc2ff87ba8aa859a112c04aa9d4840d1624f0a5ae2c074a946be21e2009392db2023965d125247f55fa1bce029e1f40492d9ba71aa7890683c202b50c75f3f955b63ac5826dcdd7d524ff2f656bbfb50275d4b85a96e994dc2746067c63fd67838d6a82cf356296db4e3165011257bc44151dc994f1efde4b8fe73e132d8e94795bc9adc5875f4867021a6d8453cf1ee42700e19f5bb6f58b649e0f75abb081224b04953ecf70e88f0d81c9921efe756ab560100000000000000391e5051d7f5adbadc308cdcd00a51f0f0111213572bcf82fe894f9c12d43b8b860cf06bb97e505d74a192dd2ad4cb42829b84bf3f7452d47a70226b3647902095ac3720", 0x11d}], 0x1}}, {{&(0x7f0000000580)={0xa, 0x4e24, 0x81, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xb}, 0x1c, &(0x7f0000000600)=[{&(0x7f00000005c0)='j', 0x1}], 0x1}}], 0x2, 0x14) shutdown(r2, 0x1) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e21, @loopback}}}, &(0x7f0000000280)=0x84) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r3, 0x0, 0x20000011) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x2004095) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810) io_uring_setup(0x1781, &(0x7f0000000140)={0x0, 0x5dda, 0x40, 0x0, 0x268}) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000000c0)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef59510525ba56dcd79a36c23d3b9844e1571a86ea1698fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, &(0x7f0000000040), 0x10) setsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) 154.147025ms ago: executing program 1 (id=1985): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000000000000000000000000007112310000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x8, 0xfffffffe}}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x1f, 0x111, 0x8300, 0xf}}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x480202) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) mkdir(0x0, 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x12) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1210060, &(0x7f0000000380)) openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000000)=0x1f40) 33.631328ms ago: executing program 1 (id=1986): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10000003, 0x7, 0x6361, 0x5, 0xffffffff, 0x1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, 0x0, 0x200040d0) r6 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r6, &(0x7f0000000140)="ba", 0x1, 0x20008040, &(0x7f0000000080)={0x11, 0x8100, r5, 0x1, 0x7, 0x6, @multicast}, 0x14) 0s ago: executing program 2 (id=1987): socket$nl_route(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_open_procfs(0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000340)=""/104, 0x68}], 0x1, 0x5b, 0x100) kernel console output (not intermixed with test programs): 2.672143][ T6778] hpfs: hpfs_map_4sectors(): unaligned read [ 182.672198][ T6778] hpfs: filesystem error: unable to find root dir [ 182.891729][ T6778] hpfs: hpfs_map_4sectors(): unaligned read [ 183.371229][ T6794] input: syz1 as /devices/virtual/input/input6 [ 185.364584][ T6818] hub 8-0:1.0: USB hub found [ 185.370305][ T6818] hub 8-0:1.0: 1 port detected [ 185.878700][ T6822] loop0: detected capacity change from 0 to 256 [ 188.691566][ T6844] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:0 [ 188.719818][ T6848] netlink: 108 bytes leftover after parsing attributes in process `syz.2.258'. [ 188.959849][ T6856] hub 8-0:1.0: USB hub found [ 188.969092][ T6856] hub 8-0:1.0: 1 port detected [ 189.892727][ T6863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.262'. [ 189.903005][ T6863] bridge_slave_1: left allmulticast mode [ 189.909145][ T6863] bridge_slave_1: left promiscuous mode [ 189.917672][ T6863] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.084784][ T6863] bridge_slave_0: left allmulticast mode [ 190.148497][ T6863] bridge_slave_0: left promiscuous mode [ 190.180794][ T6863] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.328570][ T6870] loop2: detected capacity change from 0 to 64 [ 191.461965][ T6892] netlink: 108 bytes leftover after parsing attributes in process `syz.1.269'. [ 191.782175][ T6874] netlink: 'syz.2.267': attribute type 2 has an invalid length. [ 191.828395][ T6895] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:0 [ 192.087622][ T6907] hub 8-0:1.0: USB hub found [ 192.093943][ T6907] hub 8-0:1.0: 1 port detected [ 194.467620][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.485547][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.516941][ T6947] netlink: 'syz.2.279': attribute type 2 has an invalid length. [ 194.742119][ T6956] hub 8-0:1.0: USB hub found [ 194.749149][ T6956] hub 8-0:1.0: 1 port detected [ 195.579192][ T6959] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:0 [ 197.603607][ C0] sched: RT throttling activated [ 198.927148][ T7002] hub 8-0:1.0: USB hub found [ 198.935273][ T7002] hub 8-0:1.0: 1 port detected [ 200.691826][ T7017] netlink: 'syz.1.294': attribute type 2 has an invalid length. [ 201.426005][ T7035] loop3: detected capacity change from 0 to 8 [ 201.448519][ T7035] SQUASHFS error: xz decompression failed, data probably corrupt [ 201.458377][ T7035] SQUASHFS error: Failed to read block 0x108: -5 [ 201.466239][ T7035] SQUASHFS error: Unable to read metadata cache entry [106] [ 201.475223][ T7035] SQUASHFS error: Unable to read inode 0x11f [ 201.544208][ T5772] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 201.660863][ T5790] Bluetooth: hci0: command 0x0406 tx timeout [ 201.671085][ T5790] Bluetooth: hci2: command 0x0406 tx timeout [ 201.678664][ T5790] Bluetooth: hci1: command 0x0406 tx timeout [ 201.891512][ T7047] hub 8-0:1.0: USB hub found [ 201.897664][ T7047] hub 8-0:1.0: 1 port detected [ 203.796879][ T7068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.308'. [ 203.951076][ T7070] loop1: detected capacity change from 0 to 8 [ 203.975274][ T7070] SQUASHFS error: xz decompression failed, data probably corrupt [ 203.986479][ T7070] SQUASHFS error: Failed to read block 0x108: -5 [ 203.993718][ T7070] SQUASHFS error: Unable to read metadata cache entry [106] [ 204.002308][ T7070] SQUASHFS error: Unable to read inode 0x11f [ 204.178707][ T7072] netlink: 'syz.2.310': attribute type 2 has an invalid length. [ 204.411175][ T7080] hub 8-0:1.0: USB hub found [ 204.419300][ T7080] hub 8-0:1.0: 1 port detected [ 205.614203][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 206.563702][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 206.573015][ T8] usb 4-1: config 0 has an invalid interface number: 119 but max is 0 [ 206.591983][ T8] usb 4-1: config 0 has no interface number 0 [ 206.602238][ T8] usb 4-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 206.645375][ T8] usb 4-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 206.708824][ T8] usb 4-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 207.445722][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 207.462335][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.479836][ T8] usb 4-1: Product: syz [ 207.489438][ T8] usb 4-1: Manufacturer: syz [ 207.503794][ T8] usb 4-1: SerialNumber: syz [ 207.511330][ T8] usb 4-1: config 0 descriptor?? [ 207.538984][ T8] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.119/input/input8 [ 207.947025][ T3556] usb 4-1: USB disconnect, device number 2 [ 208.702648][ T7141] hub 8-0:1.0: USB hub found [ 208.709285][ T7141] hub 8-0:1.0: 1 port detected [ 209.540960][ T7150] netlink: 'syz.2.326': attribute type 2 has an invalid length. [ 211.490761][ T5784] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 211.743896][ T5784] usb 2-1: Using ep0 maxpacket: 32 [ 211.801332][ T5784] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.854095][ T5784] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 211.929050][ T5784] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 211.958564][ T5784] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x1C, skipping [ 211.995894][ T5784] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 26 [ 212.025026][ T5784] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 212.038393][ T5784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 212.052566][ T5784] usb 2-1: SerialNumber: syz [ 212.062697][ T7163] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 212.080107][ T5784] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 212.088414][ T5784] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 212.096052][ T5784] cdc_acm: probe of 2-1:1.0 failed with error -22 [ 212.354207][ T7163] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 212.465728][ T7185] hub 8-0:1.0: USB hub found [ 212.471716][ T7185] hub 8-0:1.0: 1 port detected [ 213.218637][ T5784] usb 2-1: USB disconnect, device number 4 [ 214.570514][ T7216] hub 8-0:1.0: USB hub found [ 214.575782][ T7216] hub 8-0:1.0: 1 port detected [ 216.312939][ T7221] loop0: detected capacity change from 0 to 256 [ 216.380904][ T7221] exfat: Deprecated parameter 'utf8' [ 216.429060][ T7221] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d) [ 216.796436][ T27] audit: type=1800 audit(1781934655.761:15): pid=7221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.349" name="file1" dev="loop0" ino=1048593 res=0 errno=0 [ 216.797964][ T787] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 217.086356][ T787] usb 2-1: Using ep0 maxpacket: 16 [ 217.107087][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 217.126356][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 217.148816][ T787] usb 2-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 217.166782][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.190401][ T787] usb 2-1: Product: syz [ 217.200596][ T787] usb 2-1: Manufacturer: syz [ 217.286063][ T787] usb 2-1: SerialNumber: syz [ 217.303424][ T787] usb 2-1: config 0 descriptor?? [ 217.322580][ T7235] Invalid argument reading file caps for ./file0 [ 217.561203][ T787] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 217.572191][ T787] imon 2-1:0.0: unable to initialize intf0, err -19 [ 217.624041][ T787] imon:imon_probe: failed to initialize context! [ 217.631437][ T787] imon 2-1:0.0: unable to register, err -19 [ 217.636051][ T7243] hub 8-0:1.0: USB hub found [ 217.644717][ T7243] hub 8-0:1.0: 1 port detected [ 218.460079][ T787] usb 2-1: USB disconnect, device number 5 [ 219.604016][ T5856] IPVS: starting estimator thread 0... [ 220.994189][ T5792] Bluetooth: hci3: link tx timeout [ 220.999781][ T5792] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 221.063844][ T7268] IPVS: using max 24 ests per chain, 57600 per kthread [ 222.760688][ T7298] hub 8-0:1.0: USB hub found [ 222.767282][ T7298] hub 8-0:1.0: 1 port detected [ 223.019879][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 225.911522][ T27] audit: type=1326 audit(1781934664.871:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7323 comm="syz.0.383" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f944af9ce59 code=0x0 [ 226.153759][ T7330] hub 8-0:1.0: USB hub found [ 226.162386][ T7330] hub 8-0:1.0: 1 port detected [ 227.121632][ T7341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.387'. [ 227.132045][ T7341] bridge_slave_1: left allmulticast mode [ 227.137901][ T7341] bridge_slave_1: left promiscuous mode [ 227.145023][ T7341] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.351573][ T7341] bridge_slave_0: left allmulticast mode [ 227.358262][ T7341] bridge_slave_0: left promiscuous mode [ 227.365729][ T7341] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.468097][ T7346] loop1: detected capacity change from 0 to 128 [ 227.554367][ T7346] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a80ec018, mo2=0002] [ 227.594461][ T7346] System zones: 1-3, 19-19, 35-36 [ 227.794362][ T7346] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 228.522596][ T7352] can: request_module (can-proto-3) failed. [ 228.594252][ T7346] ext4 filesystem being mounted at /103/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 229.376104][ T5778] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 230.260151][ T27] audit: type=1326 audit(1781934669.221:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.1.395" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1d6f9ce59 code=0x0 [ 230.501855][ T7374] hub 8-0:1.0: USB hub found [ 230.511115][ T7374] hub 8-0:1.0: 1 port detected [ 233.223812][ T7386] can: request_module (can-proto-3) failed. [ 233.496198][ T7391] netlink: 4 bytes leftover after parsing attributes in process `syz.1.400'. [ 233.506883][ T7391] bridge_slave_1: left allmulticast mode [ 233.515137][ T7391] bridge_slave_1: left promiscuous mode [ 233.522359][ T7391] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.759448][ T7391] bridge_slave_0: left allmulticast mode [ 233.767213][ T7391] bridge_slave_0: left promiscuous mode [ 233.773368][ T7391] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.810401][ T7401] loop3: detected capacity change from 0 to 256 [ 235.880834][ T7401] FAT-fs (loop3): Directory bread(block 64) failed [ 235.892615][ T7401] FAT-fs (loop3): Directory bread(block 65) failed [ 235.908832][ T7401] FAT-fs (loop3): Directory bread(block 66) failed [ 235.919378][ T7401] FAT-fs (loop3): Directory bread(block 67) failed [ 235.931496][ T7401] FAT-fs (loop3): Directory bread(block 68) failed [ 235.947652][ T7401] FAT-fs (loop3): Directory bread(block 69) failed [ 235.955222][ T7401] FAT-fs (loop3): Directory bread(block 70) failed [ 235.986462][ T7401] FAT-fs (loop3): Directory bread(block 71) failed [ 235.997297][ T7401] FAT-fs (loop3): Directory bread(block 72) failed [ 236.006873][ T7401] FAT-fs (loop3): Directory bread(block 73) failed [ 236.127124][ T27] audit: type=1326 audit(1781934675.051:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7404 comm="syz.2.405" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b3579ce59 code=0x0 [ 236.430603][ T7414] hub 8-0:1.0: USB hub found [ 236.435439][ T7414] hub 8-0:1.0: 1 port detected [ 236.574273][ T7401] syz.3.403 uses obsolete (PF_INET,SOCK_PACKET) [ 238.461314][ T7429] can: request_module (can-proto-3) failed. [ 238.795364][ T7431] block device autoloading is deprecated and will be removed. [ 240.332100][ T27] audit: type=1326 audit(1781934679.291:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.3.415" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c2799ce59 code=0x0 [ 240.570577][ T7455] hub 8-0:1.0: USB hub found [ 240.575718][ T7455] hub 8-0:1.0: 1 port detected [ 241.536112][ T7457] netlink: 88 bytes leftover after parsing attributes in process `syz.0.416'. [ 242.046379][ T7471] can: request_module (can-proto-3) failed. [ 243.964889][ T7489] loop1: detected capacity change from 0 to 512 [ 244.023180][ T7489] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 244.083746][ T7489] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 244.158352][ T7489] EXT4-fs (loop1): orphan cleanup on readonly fs [ 244.216974][ T7489] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #13: comm syz.1.425: iget: bad i_size value: 12154761577498 [ 244.280291][ T7489] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.425: couldn't read orphan inode 13 (err -117) [ 244.331486][ T7489] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 244.519463][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.530362][ T27] audit: type=1326 audit(1781934683.481:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.2.427" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b3579ce59 code=0x0 [ 244.800076][ T7503] hub 8-0:1.0: USB hub found [ 244.805841][ T7503] hub 8-0:1.0: 1 port detected [ 245.274133][ T7504] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 247.990631][ T27] audit: type=1326 audit(1781934686.951:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7533 comm="syz.3.437" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c2799ce59 code=0x0 [ 248.229338][ T7544] hub 8-0:1.0: USB hub found [ 248.234405][ T7544] hub 8-0:1.0: 1 port detected [ 250.556438][ T7568] loop1: detected capacity change from 0 to 8 [ 251.246545][ T7568] SQUASHFS error: xz decompression failed, data probably corrupt [ 251.254581][ T7568] SQUASHFS error: Failed to read block 0x108: -5 [ 251.261044][ T7568] SQUASHFS error: Unable to read metadata cache entry [106] [ 251.271966][ T7568] SQUASHFS error: Unable to read inode 0x11f [ 251.899046][ T7578] Invalid argument reading file caps for ./file0 [ 253.268635][ T7598] loop1: detected capacity change from 0 to 8 [ 253.294289][ T7598] SQUASHFS error: xz decompression failed, data probably corrupt [ 253.302107][ T7598] SQUASHFS error: Failed to read block 0x108: -5 [ 253.308698][ T7598] SQUASHFS error: Unable to read metadata cache entry [106] [ 253.316014][ T7598] SQUASHFS error: Unable to read inode 0x11f [ 253.556177][ T5772] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 255.908646][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.915075][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.714639][ T7661] netlink: 88 bytes leftover after parsing attributes in process `syz.0.483'. [ 259.079278][ T7677] loop0: detected capacity change from 0 to 128 [ 259.102160][ T7677] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 259.353682][ T5856] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 259.580832][ T5856] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 259.649676][ T5856] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 259.719573][ T5856] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 259.867217][ T5856] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 259.995510][ T5856] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 260.141420][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 260.190278][ T5856] usb 3-1: Product: syz [ 260.200420][ T5856] usb 3-1: Manufacturer: syz [ 260.248390][ T7675] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 260.304541][ T5856] cdc_wdm 3-1:1.0: skipping garbage [ 260.309817][ T5856] cdc_wdm 3-1:1.0: skipping garbage [ 260.336752][ T5856] cdc_wdm: probe of 3-1:1.0 failed with error -22 [ 260.505045][ T5856] usb 3-1: USB disconnect, device number 4 [ 262.857545][ T7736] loop2: detected capacity change from 0 to 256 [ 262.878706][ T7736] ip6t_rpfilter: unknown options [ 262.900008][ T7736] x_tables: unsorted underflow at hook 2 [ 266.431157][ T7779] netlink: 4 bytes leftover after parsing attributes in process `syz.3.522'. [ 269.810665][ T7805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.535'. [ 270.869573][ T7815] netlink: 'syz.3.532': attribute type 2 has an invalid length. [ 271.856895][ T7824] can: request_module (can-proto-3) failed. [ 273.344353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 273.887623][ T7835] 9pnet_fd: p9_fd_create_tcp (7835): problem connecting socket to 127.0.0.1 [ 275.398943][ T7860] loop1: detected capacity change from 0 to 512 [ 275.486663][ T5772] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 276.111169][ T7871] can: request_module (can-proto-3) failed. [ 276.172499][ T7878] netlink: 'syz.1.549': attribute type 2 has an invalid length. [ 279.146210][ T7915] loop0: detected capacity change from 0 to 512 [ 279.157571][ T7915] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 279.992500][ T7926] can: request_module (can-proto-3) failed. [ 281.433894][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 281.707413][ T7947] loop2: detected capacity change from 0 to 1024 [ 281.747306][ T5772] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 282.171206][ T7956] syz_tun: entered allmulticast mode [ 282.219050][ T7956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.564'. [ 282.568224][ T7944] syz_tun: left allmulticast mode [ 283.746740][ T7964] can: request_module (can-proto-3) failed. [ 283.973476][ T7971] loop2: detected capacity change from 0 to 8192 [ 285.650997][ T7981] netlink: 'syz.1.563': attribute type 2 has an invalid length. [ 287.906096][ T5791] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 287.920290][ T5792] Bluetooth: hci4: command 0x1003 tx timeout [ 288.798190][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.2.573'. [ 289.628202][ T8008] can: request_module (can-proto-3) failed. [ 291.878578][ T8031] loop2: detected capacity change from 0 to 8192 [ 293.802249][ T8034] netlink: 'syz.1.582': attribute type 2 has an invalid length. [ 294.863323][ T8057] netlink: 4 bytes leftover after parsing attributes in process `syz.2.587'. [ 296.311603][ T8061] loop1: detected capacity change from 0 to 1024 [ 296.349182][ T8061] EXT4-fs (loop1): Can't support bigalloc feature without extents feature [ 296.349182][ T8061] [ 296.360314][ T8061] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 296.852144][ T8077] ubi0: attaching mtd0 [ 296.895606][ T8077] ubi0: scanning is finished [ 296.900422][ T8077] ubi0: empty MTD device detected [ 297.342660][ T8077] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 297.350663][ T8077] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 297.357990][ T8077] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 297.364997][ T8077] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 297.372386][ T8077] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 297.379229][ T8077] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 297.387312][ T8077] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 206900041 [ 297.397280][ T8077] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 297.409751][ T8078] ubi0: background thread "ubi_bgt0d" started, PID 8078 [ 298.024214][ T8092] netlink: 'syz.0.594': attribute type 2 has an invalid length. [ 298.291884][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.597'. [ 299.200369][ T8118] loop3: detected capacity change from 0 to 1024 [ 299.222999][ T8118] EXT4-fs: Ignoring removed oldalloc option [ 299.297721][ T8118] EXT4-fs: Ignoring removed orlov option [ 299.397786][ T8118] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c118, mo2=0002] [ 299.420079][ T8118] System zones: 0-1, 3-12 [ 299.431409][ T8118] EXT4-fs (loop3): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 300.122640][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 301.437032][ T8159] netlink: 'syz.1.609': attribute type 2 has an invalid length. [ 302.021496][ T8182] loop0: detected capacity change from 0 to 512 [ 302.089231][ T8182] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 302.553954][ T8182] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 302.562222][ T8182] EXT4-fs (loop0): orphan cleanup on readonly fs [ 302.572526][ T8182] Quota error (device loop0): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 302.584932][ T8182] EXT4-fs warning (device loop0): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 302.600353][ T8182] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 302.635029][ T8182] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #16: comm syz.0.614: corrupted inode contents [ 302.650686][ T8182] EXT4-fs (loop0): Remounting filesystem read-only [ 302.658703][ T8182] EXT4-fs (loop0): 1 truncate cleaned up [ 302.666360][ T8182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 302.958135][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.027500][ T8198] netlink: 88 bytes leftover after parsing attributes in process `syz.0.621'. [ 304.232032][ T8205] netlink: 'syz.2.624': attribute type 2 has an invalid length. [ 305.147824][ T8215] loop3: detected capacity change from 0 to 1024 [ 305.166691][ T8215] EXT4-fs: Ignoring removed bh option [ 305.300846][ T8215] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.342367][ T8215] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2855: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 306.385358][ T8244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.634'. [ 306.394373][ T8244] bridge_slave_1: left allmulticast mode [ 306.400046][ T8244] bridge_slave_1: left promiscuous mode [ 306.405884][ T8244] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.417486][ T8244] bridge_slave_0: left allmulticast mode [ 306.423166][ T8244] bridge_slave_0: left promiscuous mode [ 306.429007][ T8244] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.770344][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.378785][ T8262] netlink: 'syz.3.636': attribute type 2 has an invalid length. [ 309.079864][ T8279] syzkaller0: entered promiscuous mode [ 309.122835][ T8279] syzkaller0: entered allmulticast mode [ 309.624091][ T8299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.646'. [ 310.672774][ T8317] netlink: 'syz.1.650': attribute type 2 has an invalid length. [ 311.624375][ T8327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.656'. [ 312.618612][ T8347] binder_alloc: 8345: binder_alloc_buf, no vma [ 312.911053][ T8355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.666'. [ 313.199004][ T8360] netlink: 'syz.1.668': attribute type 2 has an invalid length. [ 314.149607][ T8374] binder_alloc: 8372: binder_alloc_buf, no vma [ 314.180624][ T8376] loop1: detected capacity change from 0 to 512 [ 314.222038][ T8376] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 314.244730][ T8376] EXT4-fs error (device loop1): mb_free_blocks:1970: group 0, inode 11: block 200:freeing already freed block (bit 199); block bitmap corrupt. [ 314.309892][ T8376] EXT4-fs (loop1): 1 truncate cleaned up [ 314.331754][ T8376] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 314.544811][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.970925][ T8399] netlink: 4 bytes leftover after parsing attributes in process `syz.2.678'. [ 317.375630][ T8422] loop0: detected capacity change from 0 to 4096 [ 317.500810][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.575889][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.674162][ T8422] EXT4-fs (loop0): Test dummy encryption mode enabled [ 317.737495][ T8422] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8842c018, mo2=0003] [ 317.844001][ T8422] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 319.625376][ T8427] netlink: 12 bytes leftover after parsing attributes in process `syz.0.682'. [ 319.668679][ T8427] netlink: 12 bytes leftover after parsing attributes in process `syz.0.682'. [ 320.238965][ T8422] fscrypt (loop0): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 320.719587][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.951300][ T8444] binder_alloc: 8443: binder_alloc_buf, no vma [ 322.261689][ T8464] loop1: detected capacity change from 0 to 8 [ 322.550194][ T8464] SQUASHFS error: zlib decompression failed, data probably corrupt [ 322.558821][ T8464] SQUASHFS error: Failed to read block 0x4de: -5 [ 322.566292][ T8464] SQUASHFS error: zlib decompression failed, data probably corrupt [ 322.574453][ T8464] SQUASHFS error: Failed to read block 0x4df: -5 [ 322.582175][ T8464] SQUASHFS error: zlib decompression failed, data probably corrupt [ 322.590381][ T8464] SQUASHFS error: Failed to read block 0x4e0: -5 [ 322.603202][ T8464] SQUASHFS error: zlib decompression failed, data probably corrupt [ 322.655193][ T8464] SQUASHFS error: Failed to read block 0x4de: -5 [ 322.722425][ T27] audit: type=1800 audit(1781934761.621:22): pid=8464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.691" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 323.185220][ T8464] syz.1.691 (8464) used greatest stack depth: 20184 bytes left [ 324.250893][ T8481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.699'. [ 325.068343][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.2.706'. [ 326.139071][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.709'. [ 326.154219][ T8510] binder: BINDER_SET_CONTEXT_MGR already set [ 326.162342][ T8510] binder: 8509:8510 ioctl 4018620d 200000000040 returned -16 [ 326.579916][ T8525] netlink: 4 bytes leftover after parsing attributes in process `syz.1.715'. [ 326.897439][ T8534] binder: BINDER_SET_CONTEXT_MGR already set [ 326.913119][ T8534] binder: 8533:8534 ioctl 4018620d 200000000040 returned -16 [ 327.085916][ T8539] netlink: 4 bytes leftover after parsing attributes in process `syz.0.721'. [ 328.026346][ T8555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.727'. [ 328.221449][ T8559] binder: BINDER_SET_CONTEXT_MGR already set [ 328.231783][ T8559] binder: 8557:8559 ioctl 4018620d 200000000040 returned -16 [ 328.475494][ T8567] loop3: detected capacity change from 0 to 128 [ 328.580789][ T8566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.731'. [ 328.841045][ T8573] netlink: 4 bytes leftover after parsing attributes in process `syz.1.736'. [ 329.165748][ T8587] binder: BINDER_SET_CONTEXT_MGR already set [ 329.171893][ T8587] binder: 8586:8587 ioctl 4018620d 200000000040 returned -16 [ 329.679748][ T8597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.743'. [ 330.773936][ T8611] netlink: 4 bytes leftover after parsing attributes in process `syz.1.746'. [ 330.839251][ T8614] loop2: detected capacity change from 0 to 1024 [ 330.897990][ T8614] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 331.836149][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.183074][ T8637] tap0: tun_chr_ioctl cmd 35111 [ 332.210732][ T8639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.753'. [ 332.443285][ T8646] netlink: 4 bytes leftover after parsing attributes in process `syz.1.757'. [ 334.046452][ T8678] netlink: 4 bytes leftover after parsing attributes in process `syz.0.765'. [ 334.340601][ T8687] netlink: 4 bytes leftover after parsing attributes in process `syz.0.768'. [ 335.534293][ T8708] netlink: 4 bytes leftover after parsing attributes in process `syz.2.778'. [ 335.553899][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.0.776'. [ 336.867039][ T8727] netlink: 4 bytes leftover after parsing attributes in process `syz.2.787'. [ 337.149235][ T8737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.789'. [ 337.561903][ T8748] loop0: detected capacity change from 0 to 2048 [ 337.635047][ T8748] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 337.849434][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 338.029955][ T8760] netlink: 4 bytes leftover after parsing attributes in process `syz.0.796'. [ 338.398442][ T8771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.801'. [ 339.642804][ T8791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.807'. [ 339.941444][ T8801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.811'. [ 340.025775][ T8803] loop2: detected capacity change from 0 to 256 [ 340.339247][ T8803] FAT-fs (loop2): Directory bread(block 64) failed [ 340.346085][ T8803] FAT-fs (loop2): Directory bread(block 65) failed [ 340.353574][ T8803] FAT-fs (loop2): Directory bread(block 66) failed [ 340.360316][ T8803] FAT-fs (loop2): Directory bread(block 67) failed [ 340.367802][ T8803] FAT-fs (loop2): Directory bread(block 68) failed [ 340.374835][ T8803] FAT-fs (loop2): Directory bread(block 69) failed [ 340.382092][ T8803] FAT-fs (loop2): Directory bread(block 70) failed [ 340.389009][ T8803] FAT-fs (loop2): Directory bread(block 71) failed [ 340.396391][ T8803] FAT-fs (loop2): Directory bread(block 72) failed [ 340.403078][ T8803] FAT-fs (loop2): Directory bread(block 73) failed [ 341.727540][ T8808] netlink: 'syz.0.813': attribute type 2 has an invalid length. [ 342.403448][ T8830] loop1: detected capacity change from 0 to 128 [ 342.414985][ T8830] FAT-fs (loop1): Unrecognized mount option "discard¬uni_xlate=1" or missing value [ 342.449035][ T8830] netlink: 'syz.1.817': attribute type 11 has an invalid length. [ 342.686686][ T8830] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 342.709981][ T8830] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 342.779565][ T8838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.819'. [ 342.985403][ T8840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.820'. [ 344.577874][ T8863] loop0: detected capacity change from 0 to 8 [ 344.626797][ T8863] SQUASHFS error: zlib decompression failed, data probably corrupt [ 344.634873][ T8863] SQUASHFS error: Failed to read block 0x4de: -5 [ 344.703334][ T8864] binder: 8857:8864 ioctl 4018620d 0 returned -22 [ 345.398562][ T8863] SQUASHFS error: zlib decompression failed, data probably corrupt [ 345.406835][ T8863] SQUASHFS error: Failed to read block 0x4df: -5 [ 345.413393][ T8863] SQUASHFS error: zlib decompression failed, data probably corrupt [ 345.421514][ T8863] SQUASHFS error: Failed to read block 0x4e0: -5 [ 345.428645][ T8863] SQUASHFS error: zlib decompression failed, data probably corrupt [ 345.436737][ T8863] SQUASHFS error: Failed to read block 0x4de: -5 [ 345.462201][ T27] audit: type=1800 audit(1781934784.411:23): pid=8863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.824" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 345.482153][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 347.535999][ T8861] netlink: 'syz.1.826': attribute type 2 has an invalid length. [ 348.045880][ T8889] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 348.712206][ T1134] Bluetooth: hci4: Frame reassembly failed (-84) [ 349.147036][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.844'. [ 350.845030][ T5792] Bluetooth: hci4: command 0xfc11 tx timeout [ 350.852019][ T5791] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 352.301736][ T8957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.853'. [ 353.522508][ T8977] loop2: detected capacity change from 0 to 512 [ 353.576942][ T8977] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 353.810279][ T8977] EXT4-fs (loop2): 1 truncate cleaned up [ 353.835210][ T8977] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 354.073811][ T8986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.865'. [ 354.519207][ T5791] Bluetooth: hci3: command 0x0406 tx timeout [ 354.607164][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.936412][ T1134] Bluetooth: hci4: Frame reassembly failed (-84) [ 356.983758][ T5791] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 357.677408][ T5791] Bluetooth: hci3: command 0x0406 tx timeout [ 357.885379][ T9021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.875'. [ 358.379102][ T9030] loop0: detected capacity change from 0 to 2048 [ 358.586568][ T9030] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 358.754664][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 359.999259][ T9052] netlink: 4 bytes leftover after parsing attributes in process `syz.3.887'. [ 361.146692][ T9065] loop0: detected capacity change from 0 to 2048 [ 361.339634][ T9065] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 361.554679][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 362.428744][ T9084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.898'. [ 362.826619][ T9096] can: request_module (can-proto-3) failed. [ 363.586503][ T9110] loop0: detected capacity change from 0 to 2048 [ 363.639983][ T9110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 363.869622][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 365.106362][ T9129] netlink: 4 bytes leftover after parsing attributes in process `syz.2.910'. [ 366.656030][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.919'. [ 367.243090][ T9172] can: request_module (can-proto-3) failed. [ 369.401529][ T9196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.931'. [ 371.062211][ T9221] loop2: detected capacity change from 0 to 512 [ 371.106094][ T9221] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 371.164476][ T9215] can: request_module (can-proto-3) failed. [ 371.195048][ T9221] EXT4-fs (loop2): 1 truncate cleaned up [ 371.205978][ T9221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 371.653866][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 371.663173][ T5791] Bluetooth: hci4: command 0xfc11 tx timeout [ 372.337109][ T5792] Bluetooth: hci2: unexpected event for opcode 0x2006 [ 372.664608][ T9236] loop0: detected capacity change from 0 to 128 [ 372.702331][ T9236] EXT4-fs (loop0): Test dummy encryption mode enabled [ 372.755806][ T9236] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 372.835270][ T9236] ext4 filesystem being mounted at /238/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 373.386811][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.639785][ T5777] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 373.826125][ T9251] netlink: 4 bytes leftover after parsing attributes in process `syz.2.942'. [ 374.661499][ T9274] Invalid argument reading file caps for ./file0 [ 376.294118][ T5791] Bluetooth: hci4: command 0xfc11 tx timeout [ 376.302387][ T5792] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 376.521192][ T9293] netlink: 4 bytes leftover after parsing attributes in process `syz.0.954'. [ 376.779984][ T9297] block nbd0: not configured, cannot reconfigure [ 377.304194][ T9312] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 377.376215][ T9312] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 377.593621][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 378.304773][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 378.647316][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 378.667010][ T9] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 378.695992][ T9] usb 1-1: can't read configurations, error -71 [ 378.777450][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.783990][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.882980][ T9329] netlink: 4 bytes leftover after parsing attributes in process `syz.3.966'. [ 379.325445][ T9338] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 379.347220][ T9338] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 380.578426][ T9353] Set syz1 is full, maxelem 14 reached [ 381.277316][ T9367] Invalid argument reading file caps for ./file0 [ 383.627093][ T9400] loop3: detected capacity change from 0 to 4096 [ 383.740036][ T9403] Invalid argument reading file caps for ./file0 [ 384.289138][ T9400] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 384.613966][ T9400] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #15: comm syz.3.991: corrupted inode contents [ 384.694563][ T9400] EXT4-fs error (device loop3): ext4_dirty_inode:6143: inode #15: comm syz.3.991: mark_inode_dirty error [ 384.746707][ T9400] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #15: comm syz.3.991: corrupted inode contents [ 384.805651][ T9400] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.991: mark_inode_dirty error [ 384.837847][ T9400] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #15: comm syz.3.991: corrupted inode contents [ 384.884068][ T9400] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.991: mark_inode_dirty error [ 384.902622][ T9400] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #15: comm syz.3.991: corrupted inode contents [ 384.938782][ T9400] EXT4-fs error (device loop3): ext4_truncate:4301: inode #15: comm syz.3.991: mark_inode_dirty error [ 384.998426][ T9400] EXT4-fs error (device loop3) in ext4_setattr:5682: Corrupt filesystem [ 385.020985][ T9400] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #15: comm syz.3.991: corrupted inode contents [ 385.083797][ T9400] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 385.262938][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.164118][ T9438] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1002'. [ 386.526479][ T3462] nci: nci_rsp_packet: unknown rsp opcode 0x7 [ 386.653975][ T9456] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1008'. [ 386.847545][ T9460] mac80211_hwsim hwsim2 syzkaller0: left promiscuous mode [ 386.862134][ T9460] mac80211_hwsim hwsim2 syzkaller0: left allmulticast mode [ 386.976569][ T9465] loop1: detected capacity change from 0 to 1024 [ 387.003350][ T9465] EXT4-fs error (device loop1): __ext4_fill_super:5517: comm syz.1.1012: inode #2: comm syz.1.1012: iget: illegal inode # [ 387.030270][ T9465] EXT4-fs (loop1): Remounting filesystem read-only [ 387.061176][ T9465] EXT4-fs (loop1): get root inode failed [ 387.081275][ T9465] EXT4-fs (loop1): mount failed [ 387.447981][ T9477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1017'. [ 387.631868][ T9485] binder: 9484:9485 ioctl 4018620d 0 returned -22 [ 389.377969][ T9448] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 389.750635][ T9510] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1028'. [ 390.006738][ T9519] binder: 9518:9519 ioctl 4018620d 0 returned -22 [ 391.007896][ T3462] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 391.346696][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1041'. [ 391.507487][ T9549] loop3: detected capacity change from 0 to 8192 [ 393.743177][ T9553] binder: 9552:9553 ioctl 4018620d 0 returned -22 [ 395.232364][ T9573] loop1: detected capacity change from 0 to 1024 [ 395.278696][ T9573] EXT4-fs: Ignoring removed oldalloc option [ 395.326939][ T9573] EXT4-fs: Ignoring removed orlov option [ 395.370849][ T9573] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c118, mo2=0002] [ 395.386713][ T9573] System zones: 0-1, 3-12 [ 395.400750][ T9573] EXT4-fs (loop1): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.224218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 396.507072][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 396.937535][ T9598] loop3: detected capacity change from 0 to 2048 [ 396.989893][ T9598] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 397.021520][ T9598] ext4 filesystem being mounted at /240/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 397.650297][ T9602] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 5 vs 4156096517 free clusters [ 397.668532][ T9602] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1 with error 28 [ 397.681389][ T9602] EXT4-fs (loop3): This should not happen!! Data will be lost [ 397.681389][ T9602] [ 397.691245][ T9602] EXT4-fs (loop3): Total free blocks count 0 [ 397.697386][ T9602] EXT4-fs (loop3): Free/Dirty block details [ 397.703562][ T9602] EXT4-fs (loop3): free_blocks=66497544192 [ 397.709658][ T9602] EXT4-fs (loop3): dirty_blocks=16 [ 397.714977][ T9602] EXT4-fs (loop3): Block reservation details [ 397.721085][ T9602] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 397.921343][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.099388][ T9617] fuse: Bad value for 'group_id' [ 399.180621][ T9619] binder: 9618:9619 ioctl 4018620d 0 returned -22 [ 399.287940][ T9623] loop1: detected capacity change from 0 to 256 [ 399.291352][ T9621] syzkaller0: entered promiscuous mode [ 399.310701][ T9621] syzkaller0: entered allmulticast mode [ 399.311989][ T9623] FAT-fs (loop1): Unrecognized mount option "utRyjd×ůf8=1" or missing value [ 399.355218][ T9625] sctp: [Deprecated]: syz.2.1065 (pid 9625) Use of struct sctp_assoc_value in delayed_ack socket option. [ 399.355218][ T9625] Use struct sctp_sack_info instead [ 399.413893][ T9621] tipc: Started in network mode [ 399.419461][ T9621] tipc: Node identity 82d4da65aae, cluster identity 4711 [ 399.437769][ T9621] tipc: Enabled bearer , priority 0 [ 399.483767][ T9620] tipc: Resetting bearer [ 399.600395][ T9620] tipc: Disabling bearer [ 400.853671][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 400.904929][ T9649] binder: 9648:9649 ioctl 4018620d 0 returned -22 [ 401.011775][ T9653] (null): rxe_set_mtu: Set mtu to 1024 [ 401.026363][ T9653] xfrm0 speed is unknown, defaulting to 1000 [ 401.050062][ T9653] xfrm0 speed is unknown, defaulting to 1000 [ 401.066499][ T9653] xfrm0 speed is unknown, defaulting to 1000 [ 401.317504][ T5821] xfrm0 speed is unknown, defaulting to 1000 [ 401.324185][ T9653] infiniband syz0: set active [ 401.332536][ T9653] infiniband syz0: added xfrm0 [ 401.456340][ T9653] RDS/IB: syz0: added [ 401.469430][ T9653] smc: adding ib device syz0 with port count 1 [ 401.484111][ T9653] smc: ib device syz0 port 1 has pnetid [ 401.495518][ T5821] xfrm0 speed is unknown, defaulting to 1000 [ 401.527701][ T9653] xfrm0 speed is unknown, defaulting to 1000 [ 401.881351][ T9653] xfrm0 speed is unknown, defaulting to 1000 [ 402.121896][ T9664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1079'. [ 402.235851][ T9653] xfrm0 speed is unknown, defaulting to 1000 [ 402.484867][ T9676] binder: 9675:9676 ioctl 4018620d 0 returned -22 [ 402.601053][ T9653] xfrm0 speed is unknown, defaulting to 1000 [ 402.657603][ T9682] loop2: detected capacity change from 0 to 128 [ 402.742200][ T9682] syz.2.1087: attempt to access beyond end of device [ 402.742200][ T9682] loop2: rw=2049, sector=145, nr_sectors = 79 limit=128 [ 402.868216][ T9681] syz.2.1087: attempt to access beyond end of device [ 402.868216][ T9681] loop2: rw=524288, sector=145, nr_sectors = 79 limit=128 [ 402.930248][ T9682] syz.2.1087: attempt to access beyond end of device [ 402.930248][ T9682] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 402.980973][ T9682] syz.2.1087: attempt to access beyond end of device [ 402.980973][ T9682] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 403.582657][ T9682] syz.2.1087: attempt to access beyond end of device [ 403.582657][ T9682] loop2: rw=2049, sector=225, nr_sectors = 48 limit=128 [ 405.342627][ T9706] binder: 9704:9706 ioctl c0306201 0 returned -14 [ 405.593836][ T9714] loop0: detected capacity change from 0 to 512 [ 405.700836][ T9714] EXT4-fs (loop0): 1 truncate cleaned up [ 405.722890][ T9714] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 406.405092][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.631481][ T9728] syzkaller0: entered promiscuous mode [ 406.646591][ T9728] syzkaller0: entered allmulticast mode [ 406.674245][ T9728] tipc: Started in network mode [ 406.679279][ T9728] tipc: Node identity 4695189af22b, cluster identity 4711 [ 406.691412][ T9728] tipc: Enabled bearer , priority 0 [ 406.741725][ T9725] tipc: Resetting bearer [ 406.788062][ T9735] binder: 9733:9735 ioctl c0306201 0 returned -14 [ 406.803950][ T9725] tipc: Disabling bearer [ 406.838581][ T9737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1105'. [ 407.095416][ T9746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1108'. [ 407.107599][ T9748] binder: 9747:9748 ioctl c0306201 0 returned -14 [ 407.826070][ T9757] Invalid argument reading file caps for ./file0 [ 408.550746][ T9760] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 408.562194][ T9761] binder: 9759:9761 ioctl c0306201 0 returned -14 [ 408.564422][ T9760] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 408.771118][ T9765] syzkaller0: entered promiscuous mode [ 408.793086][ T9765] syzkaller0: entered allmulticast mode [ 408.799337][ T9770] loop0: detected capacity change from 0 to 512 [ 408.827517][ T9773] binder: 9772:9773 ioctl c0306201 0 returned -14 [ 408.835614][ T9765] tipc: Enabled bearer , priority 0 [ 408.862303][ T9770] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 408.862419][ T9764] tipc: Resetting bearer [ 408.949259][ T9777] loop3: detected capacity change from 0 to 512 [ 408.951300][ T9770] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.1118: bg 0: block 104: invalid block bitmap [ 408.957567][ T9764] tipc: Disabling bearer [ 408.976090][ T9777] EXT4-fs: Ignoring removed bh option [ 408.987074][ T9777] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 408.999420][ T9770] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 409.021212][ T9770] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1118: invalid indirect mapped block 1 (level 1) [ 409.022579][ T9777] EXT4-fs (loop3): 1 truncate cleaned up [ 409.046449][ T9770] EXT4-fs (loop0): 1 truncate cleaned up [ 409.050958][ T9777] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 409.054184][ T9770] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 409.103234][ T9770] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 409.130002][ T9770] overlayfs: failed to look up (fi) for ino (-13) [ 409.206450][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 409.360811][ T9784] syzkaller0: entered promiscuous mode [ 409.387043][ T9784] syzkaller0: entered allmulticast mode [ 409.634937][ T9787] IPVS: Error connecting to the multicast addr [ 410.118985][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.404796][ T9801] syzkaller0: entered promiscuous mode [ 410.410334][ T9801] syzkaller0: entered allmulticast mode [ 410.432751][ T9801] tipc: Enabled bearer , priority 0 [ 410.445247][ T9800] tipc: Resetting bearer [ 410.516952][ T9800] tipc: Disabling bearer [ 410.724593][ T9807] loop2: detected capacity change from 0 to 1024 [ 410.757413][ T9807] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 410.931559][ T9813] netlink: 'syz.3.1133': attribute type 2 has an invalid length. [ 411.271315][ T9807] EXT4-fs error (device loop2): ext4_get_first_dir_block:3595: inode #11: comm syz.2.1132: directory missing '.' [ 411.593978][ T9807] EXT4-fs (loop2): Remounting filesystem read-only [ 411.647043][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 412.118579][ T9832] binder: BINDER_SET_CONTEXT_MGR already set [ 412.137045][ T9832] binder: 9829:9832 ioctl 4018620d 200000000040 returned -16 [ 412.670110][ T9846] tipc: Started in network mode [ 412.689688][ T9846] tipc: Node identity be50bf3632e6, cluster identity 4711 [ 412.724450][ T9846] tipc: Enabled bearer , priority 0 [ 412.877611][ T9859] netlink: 'syz.2.1143': attribute type 2 has an invalid length. [ 413.482775][ T9845] tipc: Disabling bearer [ 413.604799][ T9864] netlink: 'syz.1.1144': attribute type 10 has an invalid length. [ 413.653041][ T9864] team0: Port device dummy0 added [ 413.713032][ T9862] netlink: 'syz.1.1144': attribute type 10 has an invalid length. [ 413.895100][ T9862] team0: Port device dummy0 removed [ 413.911628][ T9875] loop2: detected capacity change from 0 to 512 [ 413.930717][ T9862] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 413.945101][ T9875] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 413.998415][ T9875] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.1147: bg 0: block 104: invalid block bitmap [ 414.019713][ T9875] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 414.056527][ T9875] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1147: invalid indirect mapped block 1 (level 1) [ 414.105721][ T9875] EXT4-fs (loop2): 1 truncate cleaned up [ 414.113270][ T9875] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 414.237310][ T9875] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 414.380528][ T9875] overlayfs: failed to look up (fi) for ino (-13) [ 414.640514][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.918095][ T9899] syzkaller0: entered promiscuous mode [ 414.939882][ T9899] syzkaller0: entered allmulticast mode [ 414.961438][ T9899] tipc: Enabled bearer , priority 0 [ 414.991199][ T9898] tipc: Resetting bearer [ 415.044794][ T9898] tipc: Disabling bearer [ 415.068374][ T9901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1153'. [ 415.126154][ T9903] netlink: 'syz.2.1155': attribute type 2 has an invalid length. [ 416.622547][ T9952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1166'. [ 417.423687][ T5791] Bluetooth: hci3: command 0x0406 tx timeout [ 417.586690][ T9971] netlink: 'syz.1.1170': attribute type 2 has an invalid length. [ 417.931124][ T9975] fuse: Unknown parameter 'grou00000000000000000000' [ 418.270028][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1176'. [ 419.114413][T10007] fuse: Unknown parameter 'grou00000000000000000000' [ 419.175480][T10012] 9pnet_fd: Insufficient options for proto=fd [ 419.318152][T10013] netlink: 'syz.0.1184': attribute type 2 has an invalid length. [ 420.300493][T10020] loop1: detected capacity change from 0 to 512 [ 420.343655][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 420.864827][T10020] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 420.873072][T10020] EXT4-fs (loop1): orphan cleanup on readonly fs [ 420.883130][T10020] Quota error (device loop1): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 420.895057][T10020] EXT4-fs warning (device loop1): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 420.911170][T10020] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 420.929557][T10020] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.1185: corrupted inode contents [ 420.950324][T10020] EXT4-fs (loop1): Remounting filesystem read-only [ 420.957623][T10020] EXT4-fs (loop1): 1 truncate cleaned up [ 420.964568][T10020] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 421.199306][T10030] binder: 10027:10030 ioctl c0306201 0 returned -14 [ 421.216983][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.829166][T10057] 9pnet_fd: Insufficient options for proto=fd [ 422.926881][T10084] binder: 10083:10084 ioctl c0306201 0 returned -14 [ 423.052460][T10085] loop1: detected capacity change from 0 to 512 [ 423.180325][T10085] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 423.190442][T10085] EXT4-fs (loop1): orphan cleanup on readonly fs [ 423.257499][T10085] Quota error (device loop1): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 423.269909][T10085] EXT4-fs warning (device loop1): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 423.285363][T10085] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 423.313880][T10085] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.1197: corrupted inode contents [ 423.327818][T10085] EXT4-fs (loop1): Remounting filesystem read-only [ 423.339006][T10085] EXT4-fs (loop1): 1 truncate cleaned up [ 423.351278][T10085] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 423.620457][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.793145][T10096] fuse: Unknown parameter 'group_i00000000000000000000' [ 423.867882][T10098] netlink: 'syz.3.1203': attribute type 29 has an invalid length. [ 423.889627][T10098] netlink: 'syz.3.1203': attribute type 29 has an invalid length. [ 423.917136][T10098] netlink: 'syz.3.1203': attribute type 29 has an invalid length. [ 424.923826][T10110] binder: 10109:10110 ioctl c0306201 0 returned -14 [ 425.289924][T10116] loop1: detected capacity change from 0 to 512 [ 425.334982][T10116] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 425.344942][T10116] EXT4-fs (loop1): orphan cleanup on readonly fs [ 425.357890][T10116] Quota error (device loop1): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 425.370318][T10116] EXT4-fs warning (device loop1): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 425.385730][T10116] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 425.407235][T10116] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.1208: corrupted inode contents [ 425.433623][T10116] EXT4-fs (loop1): Remounting filesystem read-only [ 425.441759][T10116] EXT4-fs (loop1): 1 truncate cleaned up [ 425.454291][T10116] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 425.763090][T10122] fuse: Unknown parameter 'group_i00000000000000000000' [ 425.893144][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.042121][T10126] loop3: detected capacity change from 0 to 512 [ 426.060702][T10129] loop1: detected capacity change from 0 to 512 [ 426.066820][T10126] EXT4-fs: Ignoring removed bh option [ 426.088812][T10126] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 426.101089][T10129] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 426.142344][T10126] EXT4-fs (loop3): 1 truncate cleaned up [ 426.158189][T10129] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.1212: bg 0: block 104: invalid block bitmap [ 426.164699][T10126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 426.298711][T10129] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 426.356848][T10129] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1212: invalid indirect mapped block 1 (level 1) [ 426.383224][T10129] EXT4-fs (loop1): 1 truncate cleaned up [ 426.393347][T10129] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 426.413727][T10129] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 426.786405][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 427.049576][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 427.081453][T10142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1217'. [ 427.201880][T10144] binder: BINDER_SET_CONTEXT_MGR already set [ 427.209380][T10144] binder: 10143:10144 ioctl 4018620d 200000000040 returned -16 [ 428.553828][T10158] loop3: detected capacity change from 0 to 512 [ 428.639456][T10158] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 428.649742][T10158] EXT4-fs (loop3): orphan cleanup on readonly fs [ 428.661963][T10158] Quota error (device loop3): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 428.674529][T10158] EXT4-fs warning (device loop3): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 428.690064][T10158] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 428.711388][T10158] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #16: comm syz.3.1222: corrupted inode contents [ 428.892022][T10158] EXT4-fs (loop3): Remounting filesystem read-only [ 428.900224][T10158] EXT4-fs (loop3): 1 truncate cleaned up [ 428.979438][T10158] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 429.285044][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 429.380740][T10164] Invalid argument reading file caps for ./file0 [ 430.284433][T10168] loop2: detected capacity change from 0 to 512 [ 430.291686][T10168] EXT4-fs: Ignoring removed bh option [ 430.336887][T10168] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 430.567689][T10168] EXT4-fs (loop2): 1 truncate cleaned up [ 430.704261][T10168] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 431.562443][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.718719][T10182] fuse: Unknown parameter 'group_i00000000000000000000' [ 432.473828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 432.656975][T10188] binder: BINDER_SET_CONTEXT_MGR already set [ 432.674052][T10188] binder: 10185:10188 ioctl 4018620d 200000000040 returned -16 [ 432.694700][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1232'. [ 432.922746][T10192] tipc: Enabled bearer , priority 0 [ 432.989897][T10191] tipc: Disabling bearer [ 433.964521][T10202] binder: 10201:10202 ioctl 4018620d 0 returned -22 [ 434.695144][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 435.674015][T10228] Invalid argument reading file caps for ./file0 [ 436.015931][T10231] tipc: Enabled bearer , priority 0 [ 436.048844][T10230] tipc: Disabling bearer [ 438.441994][T10264] netlink: 'syz.3.1255': attribute type 2 has an invalid length. [ 439.508219][T10281] syzkaller0: entered promiscuous mode [ 439.533589][T10281] syzkaller0: entered allmulticast mode [ 439.806198][T10289] loop3: detected capacity change from 0 to 512 [ 439.832813][T10289] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 439.857983][T10289] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.1259: bg 0: block 104: invalid block bitmap [ 439.874274][T10289] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 439.902215][T10289] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1259: invalid indirect mapped block 1 (level 1) [ 439.929522][T10289] EXT4-fs (loop3): 1 truncate cleaned up [ 439.946370][T10289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 439.979483][T10295] Invalid argument reading file caps for ./file0 [ 440.017860][T10289] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 440.086946][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.244179][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.250554][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.304058][ T5791] Bluetooth: hci4: command 0xfc11 tx timeout [ 440.338813][ T5792] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 442.338622][T10325] netlink: 'syz.0.1266': attribute type 2 has an invalid length. [ 443.975194][T10336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1269'. [ 445.352727][T10357] loop1: detected capacity change from 0 to 512 [ 446.681924][T10357] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 446.802333][T10357] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.1275: bg 0: block 104: invalid block bitmap [ 446.885528][T10357] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 446.913296][T10366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1278'. [ 446.944259][T10357] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1275: invalid indirect mapped block 1 (level 1) [ 446.983711][T10357] EXT4-fs (loop1): 1 truncate cleaned up [ 446.990683][T10357] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 447.180187][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.384854][T10371] loop1: detected capacity change from 0 to 1024 [ 447.400939][T10371] EXT4-fs: Ignoring removed nomblk_io_submit option [ 447.536609][T10371] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6002c028, mo2=0102] [ 447.560888][T10371] System zones: 0-1, 3-12 [ 447.579690][T10371] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 447.759083][T10373] loop3: detected capacity change from 0 to 4096 [ 447.817328][T10373] EXT4-fs: Ignoring removed nomblk_io_submit option [ 447.837555][T10373] EXT4-fs (loop3): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 448.375490][T10373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 448.530148][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 448.643885][T10382] netlink: 'syz.0.1277': attribute type 2 has an invalid length. [ 449.696191][T10388] Invalid argument reading file caps for ./file0 [ 450.485901][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.614747][T10403] tipc: Started in network mode [ 450.619702][T10403] tipc: Node identity 76657468115f, cluster identity 4711 [ 450.631937][T10406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1287'. [ 450.654654][T10403] tipc: Enabled bearer , priority 0 [ 451.718584][T10425] loop2: detected capacity change from 0 to 1024 [ 451.794738][ T5821] tipc: Node number set to 1731884136 [ 451.822533][T10425] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 452.018101][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 452.103848][T10436] netlink: 'syz.0.1291': attribute type 2 has an invalid length. [ 452.833101][T10442] tipc: Resetting bearer [ 452.873659][T10442] tipc: Resetting bearer [ 453.124951][T10456] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1297'. [ 453.284551][T10457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1298'. [ 454.158778][T10469] Invalid argument reading file caps for ./file0 [ 456.478809][T10500] netlink: 'syz.1.1306': attribute type 2 has an invalid length. [ 456.822545][T10504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1308'. [ 460.534807][T10536] Invalid argument reading file caps for ./file0 [ 461.707262][T10544] binder: 10543:10544 ioctl c0306201 0 returned -14 [ 461.935899][T10551] netlink: 'syz.0.1323': attribute type 2 has an invalid length. [ 463.717680][T10567] tipc: Resetting bearer [ 463.856649][T10567] tipc: Resetting bearer [ 463.865263][T10572] tipc: Enabled bearer , priority 0 [ 463.960863][T10568] tipc: Disabling bearer [ 464.036849][T10578] fuse: Bad value for 'fd' [ 464.322685][T10589] sock: sock_set_timeout: `syz.3.1330' (pid 10589) tries to set negative timeout [ 465.256323][T10595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1331'. [ 466.540733][T10610] fuse: Invalid rootmode [ 466.884889][T10617] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1339'. [ 466.910892][T10620] Invalid argument reading file caps for ./file0 [ 467.852913][T10627] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1342'. [ 470.342320][T10657] fuse: Invalid rootmode [ 470.350479][T10660] loop3: detected capacity change from 0 to 128 [ 470.437886][T10660] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 470.493820][T10660] ext4 filesystem being mounted at /316/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 471.309632][T10667] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1350'. [ 471.420719][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 474.432906][T10701] fuse: Invalid rootmode [ 474.528117][T10703] loop3: detected capacity change from 0 to 512 [ 474.744219][T10703] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 474.752487][T10703] EXT4-fs (loop3): orphan cleanup on readonly fs [ 474.776263][T10703] Quota error (device loop3): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 474.788291][T10703] EXT4-fs warning (device loop3): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 474.803842][T10703] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 474.813633][T10703] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #16: comm syz.3.1358: corrupted inode contents [ 474.924539][T10703] EXT4-fs (loop3): Remounting filesystem read-only [ 474.931387][T10703] EXT4-fs (loop3): 1 truncate cleaned up [ 474.939509][T10703] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 475.639702][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.069039][T10725] tipc: Enabling of bearer rejected, failed to enable media [ 476.601855][T10737] loop3: detected capacity change from 0 to 2048 [ 476.812663][T10737] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 476.926087][T10737] ext4 filesystem being mounted at /322/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 477.069595][T10737] fs-verity: sha512 using implementation "sha512-avx2" [ 478.057597][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 478.428296][T10761] loop2: detected capacity change from 0 to 2048 [ 478.507153][T10761] loop2: p1 p2 p3 [ 478.507153][T10761] p1: [ 478.533316][T10761] loop2: p1 size 16779263 extends beyond EOD, truncated [ 478.594259][T10761] loop2: p2 size 458752 extends beyond EOD, truncated [ 478.640007][T10761] loop2: p3 start 3036741376 is beyond EOD, truncated [ 478.728636][T10765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1375'. [ 478.774995][ T5144] loop2: p1 p2 p3 [ 478.774995][ T5144] p1: [ 478.801090][ T5144] loop2: p1 size 16779263 extends beyond EOD, truncated [ 478.820942][ T5144] loop2: p2 size 458752 extends beyond EOD, truncated [ 478.876938][ T5144] loop2: p3 start 3036741376 is beyond EOD, truncated [ 479.281545][ T5771] udevd[5771]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 479.306958][ T5768] udevd[5768]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 479.322410][ T5770] udevd[5770]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 479.608429][ T5792] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 481.544788][T10795] Invalid argument reading file caps for ./file0 [ 481.791556][T10798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1384'. [ 481.854916][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1385'. [ 482.281740][T10810] fuse: Bad value for 'rootmode' [ 482.402419][T10809] loop2: detected capacity change from 0 to 2048 [ 482.686050][T10809] loop2: p1 p2 p3 [ 482.686050][T10809] p1: [ 483.019536][T10809] loop2: p1 size 16779263 extends beyond EOD, truncated [ 483.422473][T10809] loop2: p2 size 458752 extends beyond EOD, truncated [ 483.463165][T10809] loop2: p3 start 3036741376 is beyond EOD, truncated [ 484.777797][ T5144] loop2: p1 p2 p3 [ 484.777797][ T5144] p1: [ 484.853778][ T5144] loop2: p1 size 16779263 extends beyond EOD, truncated [ 484.876713][ T5144] loop2: p2 size 458752 extends beyond EOD, truncated [ 484.909576][ T5144] loop2: p3 start 3036741376 is beyond EOD, truncated [ 485.416023][T10836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1395'. [ 485.457052][ T5772] udevd[5772]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 485.477509][ T5770] udevd[5770]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 485.490638][ T5768] udevd[5768]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 485.579452][ T5770] udevd[5770]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 485.592853][ T5768] udevd[5768]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 485.604362][ T5772] udevd[5772]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 485.896040][T10840] fuse: Unknown parameter 'use00000000000000000000' [ 487.978054][T10857] loop0: detected capacity change from 0 to 2048 [ 488.097283][T10859] loop1: detected capacity change from 0 to 128 [ 488.153324][T10859] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 488.157203][T10857] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 488.193602][T10859] ext4 filesystem being mounted at /346/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 488.342604][T10857] ext4 filesystem being mounted at /347/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 489.148857][ T5778] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 489.207977][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.334407][T10870] mac80211_hwsim hwsim2 syzkaller0: left promiscuous mode [ 489.342351][T10869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1405'. [ 489.356913][T10870] mac80211_hwsim hwsim2 syzkaller0: left allmulticast mode [ 489.378628][T10870] tipc: Resetting bearer [ 489.414404][T10872] loop0: detected capacity change from 0 to 512 [ 489.435786][T10870] tipc: Resetting bearer [ 489.458256][T10872] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 489.538966][T10872] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.1406: bg 0: block 104: invalid block bitmap [ 489.683800][T10872] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 489.695218][T10872] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1406: invalid indirect mapped block 1 (level 1) [ 489.804281][T10875] fuse: Unknown parameter 'use00000000000000000000' [ 489.828938][T10872] EXT4-fs (loop0): 1 truncate cleaned up [ 489.855887][T10872] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 489.934004][T10872] overlayfs: missing 'lowerdir' [ 490.493828][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.634663][T10897] loop0: detected capacity change from 0 to 512 [ 492.693354][T10897] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 492.750412][T10897] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 492.846760][T10897] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 492.890329][T10897] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 492.898985][T10897] System zones: 0-2, 18-18, 34-35 [ 492.912684][T10897] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 492.953973][T10907] Invalid argument reading file caps for ./file0 [ 493.035013][T10897] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.1412: bg 0: block 353: padding at end of block bitmap is not set [ 493.081087][T10897] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 493.245193][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 493.899003][T10922] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1416'. [ 493.945353][T10924] fuse: Unknown parameter 'use00000000000000000000' [ 494.624928][T10939] Set syz1 is full, maxelem 14 reached [ 494.980931][T10943] loop1: detected capacity change from 0 to 512 [ 494.999490][T10942] loop3: detected capacity change from 0 to 512 [ 495.033264][T10943] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.1423: invalid block [ 495.107440][T10943] EXT4-fs (loop1): Remounting filesystem read-only [ 495.127589][T10942] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 495.171443][T10942] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 495.182778][T10943] EXT4-fs (loop1): 2 truncates cleaned up [ 495.191525][T10943] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 495.247343][T10942] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.1424: Invalid block bitmap block 0 in block_group 0 [ 495.303731][T10942] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 495.376149][T10942] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.1424: attempt to clear invalid blocks 983261 len 1 [ 495.394854][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 495.455008][T10942] EXT4-fs error (device loop3): __ext4_get_inode_loc:4496: comm syz.3.1424: Invalid inode table block 0 in block_group 0 [ 495.533618][T10942] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 495.567855][T10942] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 495.623639][T10942] EXT4-fs error (device loop3): __ext4_get_inode_loc:4496: comm syz.3.1424: Invalid inode table block 0 in block_group 0 [ 495.667007][T10942] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 495.695895][T10942] EXT4-fs error (device loop3): ext4_truncate:4301: inode #11: comm syz.3.1424: mark_inode_dirty error [ 495.721955][T10942] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 495.733651][T10942] EXT4-fs error (device loop3): __ext4_get_inode_loc:4496: comm syz.3.1424: Invalid inode table block 0 in block_group 0 [ 495.837964][T10942] EXT4-fs (loop3): 1 truncate cleaned up [ 495.854959][T10942] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 496.035189][T10959] fuse: Unknown parameter 'user_i00000000000000000000' [ 496.483935][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 496.734601][T10965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1429'. [ 496.807058][T10963] loop2: detected capacity change from 0 to 4096 [ 496.899591][T10963] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 496.960998][T10963] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 497.010822][T10972] loop3: detected capacity change from 0 to 512 [ 497.051535][T10972] EXT4-fs: Ignoring removed bh option [ 497.101714][T10972] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 497.181349][T10972] EXT4-fs (loop3): 1 truncate cleaned up [ 497.192174][T10972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 498.059485][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.140089][T10986] fuse: Unknown parameter 'user_i00000000000000000000' [ 498.149719][T10984] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 498.189562][T10984] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 498.232770][T10984] tipc: Enabling of bearer rejected, already enabled [ 498.461860][T10993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1441'. [ 498.824004][T11000] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1443'. [ 499.771701][T11015] loop1: detected capacity change from 0 to 512 [ 499.831637][T11015] EXT4-fs: Ignoring removed bh option [ 499.868044][T11015] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 499.880038][T11015] EXT4-fs (loop1): 1 truncate cleaned up [ 499.895310][T11015] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 499.994417][T11018] fuse: Unknown parameter 'user_i00000000000000000000' [ 501.362019][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.456784][T11031] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1451'. [ 501.530390][T11036] tipc: Enabling of bearer rejected, failed to enable media [ 501.656713][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.663333][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 505.817756][T11064] fuse: Unknown parameter 'user_id00000000000000000000' [ 505.859831][T11066] loop0: detected capacity change from 0 to 512 [ 505.869956][T11066] EXT4-fs: Ignoring removed bh option [ 505.907005][T11066] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 505.988891][T11066] EXT4-fs (loop0): 1 truncate cleaned up [ 506.144984][T11066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 506.463874][T11074] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1461'. [ 506.996224][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 507.196098][T11083] tipc: Enabling of bearer rejected, already enabled [ 507.359026][T11085] Invalid argument reading file caps for ./file0 [ 507.426954][T11088] tipc: Resetting bearer [ 507.626878][T11090] overlayfs: failed to resolve './bus': -2 [ 508.797998][T11101] loop0: detected capacity change from 0 to 128 [ 508.866611][T11101] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 509.043522][T11101] ext4 filesystem being mounted at /370/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 509.641786][T11108] fuse: Unknown parameter 'user_id00000000000000000000' [ 509.884768][T11110] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1472'. [ 509.905887][ T5777] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 509.959994][T11114] loop3: detected capacity change from 0 to 512 [ 510.011756][T11112] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1473'. [ 510.147732][T11114] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 510.336449][T11114] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.1471: bg 0: block 104: invalid block bitmap [ 510.435809][T11125] Invalid argument reading file caps for ./file0 [ 510.597383][T11114] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 510.610074][T11114] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1471: invalid indirect mapped block 1 (level 1) [ 510.702294][T11114] EXT4-fs (loop3): 1 truncate cleaned up [ 510.723208][T11127] loop2: detected capacity change from 0 to 512 [ 510.735935][T11127] EXT4-fs: Ignoring removed i_version option [ 510.738369][T11114] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 510.751920][T11127] EXT4-fs: Ignoring removed bh option [ 510.788279][T11127] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.1477: inode #13: comm syz.2.1477: iget: illegal inode # [ 510.811535][T11114] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 510.876759][T11127] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.1477: couldn't read orphan inode 13 (err -117) [ 510.945584][T11127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 511.000252][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 511.002156][T11127] EXT4-fs (loop2): shut down requested (1) [ 511.142800][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.946379][T11145] netlink: 'syz.0.1481': attribute type 2 has an invalid length. [ 513.965096][T11155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1483'. [ 514.763274][T11172] syz_tun: entered allmulticast mode [ 515.012870][T11174] pimreg: entered allmulticast mode [ 515.083176][T11172] xfrm0 speed is unknown, defaulting to 1000 [ 515.318151][T11184] fuse: Unknown parameter 'user_id00000000000000000000' [ 515.381398][T11186] Invalid argument reading file caps for ./file0 [ 515.787520][T11171] syz_tun: left allmulticast mode [ 516.923303][T11207] netlink: 'syz.2.1491': attribute type 2 has an invalid length. [ 517.856395][T11219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1494'. [ 518.163775][T11230] fuse: Bad value for 'fd' [ 518.660787][T11244] Invalid argument reading file caps for ./file0 [ 521.330045][T11263] fuse: Bad value for 'fd' [ 522.879215][T11283] Invalid argument reading file caps for ./file0 [ 523.290186][T11282] can: request_module (can-proto-3) failed. [ 523.851931][T11295] loop2: detected capacity change from 0 to 2048 [ 523.937144][T11295] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 523.965945][T11295] ext4 filesystem being mounted at /403/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 524.005928][T11295] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 5 vs 4156096517 free clusters [ 524.028172][T11295] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1 with error 28 [ 524.040846][T11295] EXT4-fs (loop2): This should not happen!! Data will be lost [ 524.040846][T11295] [ 524.050628][T11295] EXT4-fs (loop2): Total free blocks count 0 [ 524.057191][T11295] EXT4-fs (loop2): Free/Dirty block details [ 524.063213][T11295] EXT4-fs (loop2): free_blocks=66497544192 [ 524.069309][T11295] EXT4-fs (loop2): dirty_blocks=16 [ 524.074771][T11295] EXT4-fs (loop2): Block reservation details [ 524.080979][T11295] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 524.128492][T11306] loop3: detected capacity change from 0 to 1024 [ 524.150730][T11306] EXT4-fs: Ignoring removed i_version option [ 524.159467][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 524.168693][T11306] EXT4-fs: inline encryption not supported [ 524.184654][T11306] EXT4-fs (loop3): Test dummy encryption mode enabled [ 524.219065][T11306] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 525.296220][T11313] tipc: Resetting bearer [ 525.594225][T11320] 9pnet_fd: Insufficient options for proto=fd [ 525.732526][T11323] Invalid argument reading file caps for ./file0 [ 525.993617][ T3556] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 526.193599][ T3556] usb 4-1: Using ep0 maxpacket: 16 [ 526.211695][ T3556] usb 4-1: unable to get BOS descriptor or descriptor too short [ 526.226088][ T3556] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 526.236194][ T3556] usb 4-1: can't read configurations, error -71 [ 526.426969][T11325] loop0: detected capacity change from 0 to 512 [ 526.435088][T11325] EXT4-fs: Ignoring removed bh option [ 526.454225][T11325] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 526.509440][T11325] EXT4-fs (loop0): 1 truncate cleaned up [ 526.517553][T11325] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 526.556212][T11331] loop2: detected capacity change from 0 to 512 [ 526.564779][T11331] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 526.667784][T11331] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.1525: bg 0: block 104: invalid block bitmap [ 526.738449][T11331] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 526.790150][T11331] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1525: invalid indirect mapped block 1 (level 1) [ 526.833602][T11331] EXT4-fs (loop2): 1 truncate cleaned up [ 526.840591][T11331] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 526.897601][T11331] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 526.943057][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.000353][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.360013][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.629628][T11344] tipc: Resetting bearer [ 527.652341][T11344] tipc: Resetting bearer [ 528.955547][T11354] xfrm0 speed is unknown, defaulting to 1000 [ 529.099382][T11362] Invalid argument reading file caps for ./file0 [ 529.984755][T11367] loop1: detected capacity change from 0 to 8192 [ 530.958221][T11372] can: request_module (can-proto-3) failed. [ 533.164507][T11420] netlink: 'syz.0.1549': attribute type 2 has an invalid length. [ 534.174577][T11435] loop1: detected capacity change from 0 to 512 [ 534.182028][T11435] EXT4-fs: Ignoring removed bh option [ 534.226586][T11435] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 534.303115][T11435] EXT4-fs (loop1): 1 truncate cleaned up [ 534.347534][T11435] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 535.688826][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.004832][T11482] netlink: 'syz.1.1564': attribute type 2 has an invalid length. [ 538.641696][T11484] can: request_module (can-proto-3) failed. [ 538.870036][T11493] loop0: detected capacity change from 0 to 512 [ 538.904605][T11493] EXT4-fs: Ignoring removed bh option [ 538.923745][T11493] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 539.101714][T11493] EXT4-fs (loop0): 1 truncate cleaned up [ 539.138448][T11493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 539.905119][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 541.820996][T11516] syz.1.1571 (11516): drop_caches: 2 [ 541.937977][T11520] Invalid argument reading file caps for ./file0 [ 542.901575][T11538] netlink: 'syz.0.1576': attribute type 2 has an invalid length. [ 544.125303][T11543] can: request_module (can-proto-3) failed. [ 544.567656][T11552] loop3: detected capacity change from 0 to 128 [ 544.675045][T11552] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 544.726978][T11552] ext4 filesystem being mounted at /367/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 545.109199][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 547.709201][ T27] audit: type=1326 audit(1781934986.661:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11576 comm="syz.2.1574" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b3579ce59 code=0x0 [ 548.350896][T11587] loop0: detected capacity change from 0 to 4096 [ 548.388261][T11587] EXT4-fs: Ignoring removed nomblk_io_submit option [ 548.463857][T11587] EXT4-fs (loop0): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 548.508663][T11587] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 548.879200][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.564634][T11610] loop0: detected capacity change from 0 to 512 [ 549.635523][T11610] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 549.776598][T11610] EXT4-fs (loop0): orphan cleanup on readonly fs [ 549.906191][T11610] Quota error (device loop0): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 550.141613][T11610] EXT4-fs warning (device loop0): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 550.337474][T11610] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 550.395371][T11610] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #16: comm syz.0.1594: corrupted inode contents [ 550.488771][T11610] EXT4-fs (loop0): Remounting filesystem read-only [ 550.500313][T11610] EXT4-fs (loop0): 1 truncate cleaned up [ 550.528377][T11610] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 550.950655][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.869426][T11632] loop2: detected capacity change from 0 to 4096 [ 552.901031][T11632] EXT4-fs: Ignoring removed nomblk_io_submit option [ 552.945338][T11632] EXT4-fs (loop2): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 553.007935][T11632] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 553.153176][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.263305][T11650] loop2: detected capacity change from 0 to 512 [ 553.276071][T11650] EXT4-fs: Ignoring removed bh option [ 553.291174][T11650] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 553.315125][T11650] EXT4-fs (loop2): 1 truncate cleaned up [ 553.322423][T11650] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 554.567115][T11660] loop0: detected capacity change from 0 to 512 [ 554.630240][T11660] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 554.649012][T11660] EXT4-fs (loop0): orphan cleanup on readonly fs [ 554.678562][T11660] Quota error (device loop0): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 554.714273][T11660] EXT4-fs warning (device loop0): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 554.734197][T11660] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 554.751460][T11660] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #16: comm syz.0.1608: corrupted inode contents [ 554.773578][T11660] EXT4-fs (loop0): Remounting filesystem read-only [ 554.790831][T11660] EXT4-fs (loop0): 1 truncate cleaned up [ 554.804271][T11660] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 555.979059][T11640] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 556.156420][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 556.385041][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 556.505789][T11679] loop3: detected capacity change from 0 to 4096 [ 556.516453][T11679] EXT4-fs: Ignoring removed nomblk_io_submit option [ 556.545880][T11679] EXT4-fs (loop3): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 556.603657][T11679] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 556.892703][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.405325][T11697] syzkaller0: entered promiscuous mode [ 557.415915][T11697] syzkaller0: entered allmulticast mode [ 557.443644][T11697] tipc: Enabled bearer , priority 0 [ 557.457068][T11696] tipc: Resetting bearer [ 558.362000][T11696] tipc: Disabling bearer [ 558.500298][T11703] loop0: detected capacity change from 0 to 8 [ 558.784662][T11703] SQUASHFS error: xz decompression failed, data probably corrupt [ 558.833950][T11703] SQUASHFS error: Failed to read block 0x108: -5 [ 558.862680][T11703] SQUASHFS error: Unable to read metadata cache entry [106] [ 558.885074][T11703] SQUASHFS error: Unable to read inode 0x11f [ 558.968897][ T27] audit: type=1326 audit(1781934997.921:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11712 comm="syz.1.1624" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1d6f9ce59 code=0x0 [ 559.136070][ T5844] libceph: connect (1)[c::]:6789 error -101 [ 559.146981][T11720] hub 8-0:1.0: USB hub found [ 559.151980][T11720] hub 8-0:1.0: 1 port detected [ 559.158550][ T5844] libceph: mon0 (1)[c::]:6789 connect error [ 559.466129][ T9] libceph: connect (1)[c::]:6789 error -101 [ 559.472409][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 559.744549][T11714] ceph: No mds server is up or the cluster is laggy [ 560.060785][T11734] loop3: detected capacity change from 0 to 512 [ 560.096281][T11734] EXT4-fs: Ignoring removed bh option [ 560.137959][T11734] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 560.188880][T11734] EXT4-fs (loop3): 1 truncate cleaned up [ 560.214825][T11734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 561.006236][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 562.129713][ T27] audit: type=1326 audit(1781935001.091:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11755 comm="syz.3.1636" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c2799ce59 code=0x0 [ 562.193185][T11765] loop0: detected capacity change from 0 to 512 [ 562.212784][T11765] EXT4-fs: Ignoring removed bh option [ 562.499888][T11774] hub 8-0:1.0: USB hub found [ 562.504985][T11774] hub 8-0:1.0: 1 port detected [ 562.518231][T11765] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 563.120835][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.252327][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.463755][T11765] EXT4-fs (loop0): 1 truncate cleaned up [ 563.470132][T11765] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 563.489771][ T5844] libceph: connect (1)[c::]:6789 error -101 [ 563.495954][ T5844] libceph: mon0 (1)[c::]:6789 connect error [ 563.527635][T11768] ceph: No mds server is up or the cluster is laggy [ 564.140871][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 565.638047][ T27] audit: type=1326 audit(1781935004.591:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.1.1649" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1d6f9ce59 code=0x0 [ 566.471970][T11813] loop0: detected capacity change from 0 to 512 [ 566.495178][T11813] EXT4-fs: Ignoring removed bh option [ 566.506330][T11813] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 566.590745][T11820] hub 8-0:1.0: USB hub found [ 566.595739][T11820] hub 8-0:1.0: 1 port detected [ 567.041223][T11813] EXT4-fs (loop0): 1 truncate cleaned up [ 567.069402][T11813] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 567.862198][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.119667][T11848] loop0: detected capacity change from 0 to 8 [ 569.188841][T11848] SQUASHFS error: xz decompression failed, data probably corrupt [ 569.972247][T11848] SQUASHFS error: Failed to read block 0x108: -5 [ 569.979086][T11848] SQUASHFS error: Unable to read metadata cache entry [106] [ 570.004440][T11848] SQUASHFS error: Unable to read inode 0x11f [ 572.063518][ T27] audit: type=1326 audit(1781935011.021:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.2.1662" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b3579ce59 code=0x0 [ 572.426251][T11883] hub 8-0:1.0: USB hub found [ 572.427423][T11883] hub 8-0:1.0: 1 port detected [ 574.670367][T11904] loop1: detected capacity change from 0 to 4096 [ 574.705578][T11904] EXT4-fs: Ignoring removed nomblk_io_submit option [ 574.724874][T11904] EXT4-fs (loop1): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 574.817187][T11904] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 574.939843][T11904] overlayfs: missing 'lowerdir' [ 575.036800][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 576.526305][T11928] loop2: detected capacity change from 0 to 128 [ 576.585823][T11928] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 576.705113][T11928] ext4 filesystem being mounted at /441/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 577.048675][T11938] loop3: detected capacity change from 0 to 4096 [ 577.074756][T11938] EXT4-fs: Ignoring removed nomblk_io_submit option [ 577.136985][T11938] EXT4-fs (loop3): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 577.188440][T11938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 577.211948][T11938] overlayfs: missing 'lowerdir' [ 577.316242][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 577.350740][ T5779] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 580.001870][T11965] loop1: detected capacity change from 0 to 4096 [ 580.009934][T11965] EXT4-fs: Ignoring removed nomblk_io_submit option [ 580.025379][T11965] EXT4-fs (loop1): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 580.072233][T11965] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 580.110029][T11965] overlayfs: missing 'lowerdir' [ 580.185237][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 581.869882][T11982] syzkaller0: entered promiscuous mode [ 581.883474][T11982] syzkaller0: entered allmulticast mode [ 581.927037][T11982] tipc: Enabled bearer , priority 0 [ 581.955690][T11981] tipc: Resetting bearer [ 582.054307][T11981] tipc: Disabling bearer [ 582.582618][T11996] loop0: detected capacity change from 0 to 4096 [ 582.607473][T11996] EXT4-fs: Ignoring removed nomblk_io_submit option [ 582.699041][T11996] EXT4-fs (loop0): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 582.769057][T11996] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 582.974948][T12000] overlayfs: missing 'lowerdir' [ 583.126590][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 583.979254][T12010] loop0: detected capacity change from 0 to 512 [ 585.385559][T12010] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 585.393998][T12010] EXT4-fs (loop0): orphan cleanup on readonly fs [ 585.402483][T12010] Quota error (device loop0): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 585.415157][T12010] EXT4-fs warning (device loop0): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 585.430621][T12010] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 585.448296][T12010] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #16: comm syz.0.1710: corrupted inode contents [ 585.474717][T12010] EXT4-fs (loop0): Remounting filesystem read-only [ 585.481614][T12010] EXT4-fs (loop0): 1 truncate cleaned up [ 585.488710][T12010] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 585.738698][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 587.823904][T12044] loop3: detected capacity change from 0 to 512 [ 589.034068][T12044] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 589.042649][T12044] EXT4-fs (loop3): orphan cleanup on readonly fs [ 589.212612][T12044] Quota error (device loop3): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 589.224639][T12044] EXT4-fs warning (device loop3): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 589.240392][T12044] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 589.257147][T12044] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #16: comm syz.3.1721: corrupted inode contents [ 589.269573][T12044] EXT4-fs (loop3): Remounting filesystem read-only [ 589.282016][T12044] EXT4-fs (loop3): 1 truncate cleaned up [ 589.291382][T12044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 589.931544][T12053] can: request_module (can-proto-3) failed. [ 590.041661][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 593.292937][T12104] loop1: detected capacity change from 0 to 8 [ 593.314335][T12104] SQUASHFS error: xz decompression failed, data probably corrupt [ 593.322141][T12104] SQUASHFS error: Failed to read block 0x108: -5 [ 593.328528][T12104] SQUASHFS error: Unable to read metadata cache entry [106] [ 593.335893][T12104] SQUASHFS error: Unable to read inode 0x11f [ 593.379298][ T5772] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 593.568783][ T27] audit: type=1326 audit(1781935032.531:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12113 comm="syz.3.1742" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c2799ce59 code=0x0 [ 593.806763][T12121] hub 8-0:1.0: USB hub found [ 593.811884][T12121] hub 8-0:1.0: 1 port detected [ 596.504980][T12150] can: request_module (can-proto-3) failed. [ 596.615535][T12154] loop1: detected capacity change from 0 to 8 [ 596.631438][T12154] SQUASHFS error: xz decompression failed, data probably corrupt [ 596.639359][T12154] SQUASHFS error: Failed to read block 0x108: -5 [ 596.645751][T12154] SQUASHFS error: Unable to read metadata cache entry [106] [ 596.653032][T12154] SQUASHFS error: Unable to read inode 0x11f [ 596.809245][T12160] loop2: detected capacity change from 0 to 512 [ 596.843174][T12160] EXT4-fs: Ignoring removed bh option [ 596.880784][T12160] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 596.948958][T12160] EXT4-fs (loop2): 1 truncate cleaned up [ 596.953507][ T27] audit: type=1326 audit(1781935035.911:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12165 comm="syz.1.1756" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1d6f9ce59 code=0x0 [ 596.969911][T12160] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 597.106861][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 597.159623][T12169] syzkaller0: entered promiscuous mode [ 597.169587][T12171] hub 8-0:1.0: USB hub found [ 597.175350][T12171] hub 8-0:1.0: 1 port detected [ 597.253695][T12169] syzkaller0: entered allmulticast mode [ 597.358889][T12169] tipc: Enabled bearer , priority 0 [ 597.393976][T12168] tipc: Resetting bearer [ 597.504312][T12168] tipc: Disabling bearer [ 597.834926][T12177] loop3: detected capacity change from 0 to 1024 [ 597.997182][T12177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 598.290153][ T3556] libceph: connect (1)[c::]:6789 error -101 [ 598.350860][ T3556] libceph: mon0 (1)[c::]:6789 connect error [ 598.807675][ T5856] libceph: connect (1)[c::]:6789 error -101 [ 598.854756][ T5856] libceph: mon0 (1)[c::]:6789 connect error [ 598.928914][T12190] ceph: No mds server is up or the cluster is laggy [ 598.956800][ T27] audit: type=1800 audit(1781935037.911:31): pid=12177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1760" name="file1" dev="overlay" ino=15 res=0 errno=0 [ 598.976558][ C1] vkms_vblank_simulate: vblank timer overrun [ 599.956437][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 599.976566][T12198] loop0: detected capacity change from 0 to 8 [ 599.991676][T12198] SQUASHFS error: xz decompression failed, data probably corrupt [ 600.000246][T12198] SQUASHFS error: Failed to read block 0x108: -5 [ 600.006607][T12198] SQUASHFS error: Unable to read metadata cache entry [106] [ 600.013958][T12198] SQUASHFS error: Unable to read inode 0x11f [ 600.130188][T12200] loop2: detected capacity change from 0 to 512 [ 600.161994][T12200] EXT4-fs: Ignoring removed bh option [ 600.198866][T12200] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 600.278678][T12205] syzkaller0: entered promiscuous mode [ 600.285550][T12205] syzkaller0: entered allmulticast mode [ 600.311772][T12205] tipc: Enabled bearer , priority 0 [ 600.385961][T12204] tipc: Resetting bearer [ 600.416473][T12200] EXT4-fs (loop2): 1 truncate cleaned up [ 600.424775][T12200] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 600.457379][T12204] tipc: Disabling bearer [ 600.555912][T12209] loop1: detected capacity change from 0 to 512 [ 600.738602][T12209] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 600.748706][T12209] EXT4-fs (loop1): orphan cleanup on readonly fs [ 600.761560][T12209] Quota error (device loop1): v2_read_file_info: Number of blocks too big for quota file size (66560 > 6144). [ 600.773967][T12209] EXT4-fs warning (device loop1): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 600.789369][T12209] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 600.809178][T12209] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.1767: corrupted inode contents [ 600.829068][T12209] EXT4-fs (loop1): Remounting filesystem read-only [ 600.837768][T12209] EXT4-fs (loop1): 1 truncate cleaned up [ 600.849800][T12209] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 601.134937][ T5778] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.145759][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.316952][ T27] audit: type=1326 audit(1781935040.271:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1770" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b3579ce59 code=0x0 [ 602.872033][T12226] hub 8-0:1.0: USB hub found [ 602.877102][T12226] hub 8-0:1.0: 1 port detected [ 603.075645][T12228] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 603.295166][T12232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1774'. [ 604.908282][T12244] loop0: detected capacity change from 0 to 512 [ 604.920620][T12244] EXT4-fs: Ignoring removed bh option [ 604.926904][T12244] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 604.964927][T12244] EXT4-fs (loop0): 1 truncate cleaned up [ 604.971936][T12244] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 605.285695][T12250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1780'. [ 605.461791][T12255] syzkaller0: entered promiscuous mode [ 605.471712][T12255] syzkaller0: entered allmulticast mode [ 605.534834][T12255] tipc: Enabled bearer , priority 0 [ 605.552191][T12254] tipc: Resetting bearer [ 605.617724][T12254] tipc: Disabling bearer [ 606.063873][ T5856] libceph: connect (1)[c::]:6789 error -101 [ 606.170199][ T5856] libceph: mon0 (1)[c::]:6789 connect error [ 606.633157][T12259] ceph: No mds server is up or the cluster is laggy [ 606.650956][ T5767] libceph: connect (1)[c::]:6789 error -101 [ 606.668525][ T5767] libceph: mon0 (1)[c::]:6789 connect error [ 606.931000][T12270] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1786'. [ 607.427148][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 607.714973][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1790'. [ 608.151847][ T8] libceph: connect (1)[c::]:6789 error -101 [ 608.236256][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 608.752143][ T8] libceph: connect (1)[c::]:6789 error -101 [ 608.758533][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 608.891435][T12292] ceph: No mds server is up or the cluster is laggy [ 608.929741][T12297] mac80211_hwsim hwsim2 syzkaller0: left promiscuous mode [ 608.937157][T12297] mac80211_hwsim hwsim2 syzkaller0: left allmulticast mode [ 608.948999][T12297] tipc: Resetting bearer [ 609.353908][T12303] loop0: detected capacity change from 0 to 1024 [ 609.515262][T12303] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 609.773027][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 611.415812][ T5767] libceph: connect (1)[c::]:6789 error -101 [ 611.520946][ T5767] libceph: mon0 (1)[c::]:6789 connect error [ 611.699818][T12327] ceph: No mds server is up or the cluster is laggy [ 612.403232][ T11] Bluetooth: hci4: Frame reassembly failed (-90) [ 612.446515][T12346] Bluetooth: hci4: Frame reassembly failed (-84) [ 612.500869][T12346] Bluetooth: hci4: Frame reassembly failed (-84) [ 612.654590][T12346] Bluetooth: hci4: Frame reassembly failed (-84) [ 612.668947][T12346] Bluetooth: hci4: Frame reassembly failed (-84) [ 613.511988][T12356] loop0: detected capacity change from 0 to 8 [ 613.528233][T12356] SQUASHFS error: xz decompression failed, data probably corrupt [ 613.536029][T12356] SQUASHFS error: Failed to read block 0x108: -5 [ 613.542348][T12356] SQUASHFS error: Unable to read metadata cache entry [106] [ 613.549688][T12356] SQUASHFS error: Unable to read inode 0x11f [ 613.633408][ T5772] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 614.367438][T12358] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 614.459959][ T5792] Bluetooth: hci4: command 0x1003 tx timeout [ 614.473523][ T5791] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 615.535497][T12389] loop1: detected capacity change from 0 to 8 [ 615.550625][T12389] SQUASHFS error: xz decompression failed, data probably corrupt [ 615.558480][T12389] SQUASHFS error: Failed to read block 0x108: -5 [ 615.565569][T12389] SQUASHFS error: Unable to read metadata cache entry [106] [ 615.572852][T12389] SQUASHFS error: Unable to read inode 0x11f [ 616.320243][T12099] libceph: connect (1)[c::]:6789 error -101 [ 616.396848][T12099] libceph: mon0 (1)[c::]:6789 connect error [ 616.747865][T12099] libceph: connect (1)[c::]:6789 error -101 [ 616.807546][T12099] libceph: mon0 (1)[c::]:6789 connect error [ 617.045397][T12395] ceph: No mds server is up or the cluster is laggy [ 617.119245][T12400] netlink: 'syz.2.1828': attribute type 2 has an invalid length. [ 617.967152][T12418] fuse: Bad value for 'fd' [ 618.235472][T12426] loop3: detected capacity change from 0 to 8 [ 618.256415][T12426] SQUASHFS error: xz decompression failed, data probably corrupt [ 618.264424][T12426] SQUASHFS error: Failed to read block 0x108: -5 [ 618.270775][T12426] SQUASHFS error: Unable to read metadata cache entry [106] [ 618.278135][T12426] SQUASHFS error: Unable to read inode 0x11f [ 620.714919][T12453] loop2: detected capacity change from 0 to 256 [ 622.009825][T12463] netlink: 'syz.0.1840': attribute type 2 has an invalid length. [ 622.278042][T12465] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 622.555928][T12472] fuse: Bad value for 'fd' [ 624.317922][T12492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1849'. [ 624.404630][T12493] Invalid argument reading file caps for ./file0 [ 624.559293][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.566043][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.188024][ T3556] libceph: connect (1)[c::]:6789 error -101 [ 625.268579][ T3556] libceph: mon0 (1)[c::]:6789 connect error [ 625.647982][ T3556] libceph: connect (1)[c::]:6789 error -101 [ 625.732180][ T3556] libceph: mon0 (1)[c::]:6789 connect error [ 625.934320][T12496] ceph: No mds server is up or the cluster is laggy [ 626.082693][T12500] netlink: 'syz.1.1851': attribute type 2 has an invalid length. [ 626.236961][T12503] fuse: Bad value for 'fd' [ 628.737653][T12522] loop2: detected capacity change from 0 to 128 [ 628.789013][T12522] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 628.814966][T12522] ext4 filesystem being mounted at /485/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 629.371001][ T5779] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 630.317080][T12551] fuse: Invalid rootmode [ 630.350224][T12545] netlink: 'syz.2.1862': attribute type 2 has an invalid length. [ 632.941002][T12570] loop0: detected capacity change from 0 to 128 [ 633.070615][T12570] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 633.162900][T12570] ext4 filesystem being mounted at /478/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 635.062254][ T5777] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 635.201827][T12587] syzkaller0: entered promiscuous mode [ 635.207717][T12587] syzkaller0: entered allmulticast mode [ 638.198066][T12641] loop2: detected capacity change from 0 to 128 [ 638.218569][T12641] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 638.235735][T12641] ext4 filesystem being mounted at /491/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 638.589669][ T5779] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 639.700210][T12624] netlink: 'syz.1.1878': attribute type 2 has an invalid length. [ 639.709488][T12645] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1881'. [ 640.587447][T12664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1888'. [ 641.136727][T12662] loop2: detected capacity change from 0 to 4096 [ 641.176555][T12662] EXT4-fs: Ignoring removed nomblk_io_submit option [ 641.227010][T12662] EXT4-fs (loop2): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 641.259911][T12667] loop3: detected capacity change from 0 to 128 [ 641.261042][T12662] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 641.282455][T12671] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1890'. [ 641.305756][T12667] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 641.381908][T12667] ext4 filesystem being mounted at /426/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 641.725189][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 642.484436][T12683] Invalid argument reading file caps for ./file0 [ 643.000669][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 643.077251][T12691] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 643.105576][T12691] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 643.283748][T12695] netlink: 'syz.2.1892': attribute type 2 has an invalid length. [ 643.470954][T12701] loop0: detected capacity change from 0 to 4096 [ 643.478504][T12701] EXT4-fs: Ignoring removed nomblk_io_submit option [ 644.426043][T12701] EXT4-fs (loop0): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 644.487683][T12701] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 644.787696][T12715] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1902'. [ 644.988668][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 645.530525][T12733] Invalid argument reading file caps for ./file0 [ 646.126386][T12735] syzkaller0: entered promiscuous mode [ 646.131941][T12735] syzkaller0: entered allmulticast mode [ 646.291142][T12739] loop3: detected capacity change from 0 to 256 [ 646.529035][T12742] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1904'. [ 647.481442][T12752] loop2: detected capacity change from 0 to 512 [ 647.629170][T12753] netlink: 'syz.0.1910': attribute type 2 has an invalid length. [ 647.645844][T12752] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 647.678218][T12752] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 647.688340][T12752] EXT4-fs (loop2): can't mount with commit=1, fs mounted w/o journal [ 648.737796][T12767] loop2: detected capacity change from 0 to 1024 [ 648.794292][T12767] EXT4-fs: Ignoring removed oldalloc option [ 648.800275][T12767] EXT4-fs: Ignoring removed orlov option [ 648.982934][T12767] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c118, mo2=0002] [ 649.013625][T12767] System zones: 0-1, 3-12 [ 649.120288][T12767] EXT4-fs (loop2): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 649.630730][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 649.860691][T12792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1918'. [ 650.253107][T12798] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1920'. [ 652.570234][T12825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1928'. [ 652.849558][T12828] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1930'. [ 652.890565][T12829] syzkaller0: entered promiscuous mode [ 652.896342][T12829] syzkaller0: entered allmulticast mode [ 653.018135][T12835] loop3: detected capacity change from 0 to 256 [ 653.035102][T12835] FAT-fs (loop3): Unrecognized mount option "sťortname=winnt" or missing value [ 654.216145][T12858] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1939'. [ 655.249750][T12871] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1942'. [ 655.686931][T12879] syzkaller0: entered promiscuous mode [ 655.702780][T12879] syzkaller0: entered allmulticast mode [ 655.730480][T12881] loop2: detected capacity change from 0 to 4096 [ 655.754615][T12881] EXT4-fs: Ignoring removed nomblk_io_submit option [ 655.798087][T12881] EXT4-fs (loop2): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 655.832539][T12881] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 656.225095][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 656.456675][T12899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1949'. [ 656.876013][T12907] syzkaller0: entered promiscuous mode [ 656.891824][T12907] syzkaller0: entered allmulticast mode [ 657.315036][T12917] loop0: detected capacity change from 0 to 4096 [ 657.335395][T12917] EXT4-fs: Ignoring removed nomblk_io_submit option [ 657.375582][T12917] EXT4-fs (loop0): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 657.412920][T12917] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 657.741582][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 658.829955][T12932] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1963'. [ 658.951794][T12938] syzkaller0: entered promiscuous mode [ 658.963556][T12938] syzkaller0: entered allmulticast mode [ 659.458340][T12953] loop0: detected capacity change from 0 to 4096 [ 659.492903][T12953] EXT4-fs: Ignoring removed nomblk_io_submit option [ 659.532549][T12953] EXT4-fs (loop0): stripe (34159) is not aligned with cluster size (16), stripe is disabled [ 659.733904][T12953] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 660.552399][T12967] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1973'. [ 660.610852][ T5777] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 660.862342][T12974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1974'. [ 661.620373][ T27] audit: type=1326 audit(1781935100.581:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12994 comm="syz.2.1983" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b3579ce59 code=0x0 [ 661.651186][T12997] loop3: detected capacity change from 0 to 512 [ 661.679192][T12997] EXT4-fs: Ignoring removed nobh option [ 661.840296][T12997] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #3: comm syz.3.1982: corrupted inode contents [ 661.879898][T13004] netlink: 'syz.1.1984': attribute type 2 has an invalid length. [ 662.042138][T13006] hub 8-0:1.0: USB hub found [ 662.048728][T13006] hub 8-0:1.0: 1 port detected [ 662.248031][T12997] EXT4-fs error (device loop3): ext4_dirty_inode:6143: inode #3: comm syz.3.1982: mark_inode_dirty error [ 662.804504][T12997] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #3: comm syz.3.1982: corrupted inode contents [ 662.826877][T13008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1985'. [ 662.854898][T12997] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.1982: mark_inode_dirty error [ 662.906226][T12997] BUG: unable to handle page fault for address: ffffffffffffff93 [ 662.914011][T12997] #PF: supervisor read access in kernel mode [ 662.920020][T12997] #PF: error_code(0x0000) - not-present page [ 662.926042][T12997] PGD cf35067 P4D cf35067 PUD cf37067 PMD 0 [ 662.932086][T12997] Oops: 0000 [#1] PREEMPT SMP KASAN [ 662.937525][T12997] CPU: 0 PID: 12997 Comm: syz.3.1982 Not tainted syzkaller #0 [ 662.945006][T12997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 662.955102][T12997] RIP: 0010:ext4_ext_map_blocks+0x2d21/0x6890 [ 662.961335][T12997] Code: 8b 7c 24 18 4d 85 ff 0f 84 b1 e2 ff ff e8 87 ba 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 e7 1d 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 10 49 8d 47 28 48 [ 662.981033][T12997] RSP: 0018:ffffc9000c5a6b40 EFLAGS: 00010246 [ 662.987167][T12997] RAX: 0000000000000000 RBX: 0000000000000029 RCX: 0000000000080000 [ 662.995134][T12997] RDX: ffffc9000cf89000 RSI: 00000000000580ea RDI: ffffffffffffff93 [ 663.003100][T12997] RBP: ffffc9000c5a6df0 R08: ffff88802c4a0000 R09: 0000000000000002 [ 663.011068][T12997] R10: 00000000ffffffe4 R11: 0000000000000002 R12: 0000000000000001 [ 663.019038][T12997] R13: 1ffff920018b4d94 R14: dffffc0000000000 R15: ffffffffffffff8b [ 663.027046][T12997] FS: 00007f8c2884b6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 663.035976][T12997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 663.042555][T12997] CR2: ffffffffffffff93 CR3: 000000002d3b8000 CR4: 00000000003506f0 [ 663.050526][T12997] Call Trace: [ 663.053872][T12997] [ 663.056877][T12997] ? lock_acquire+0x208/0x420 [ 663.061599][T12997] ? __might_sleep+0xe0/0xe0 [ 663.066205][T12997] ? ext4_ext_release+0x10/0x10 [ 663.071067][T12997] ext4_map_blocks+0x9db/0x1a90 [ 663.075924][T12997] ? ext4_issue_zeroout+0x250/0x250 [ 663.081125][T12997] ? stack_trace_save+0xaa/0x100 [ 663.086065][T12997] ? kasan_set_track+0x5f/0x70 [ 663.090849][T12997] ? kasan_set_track+0x4e/0x70 [ 663.095613][T12997] ? __kasan_kmalloc+0x8f/0xa0 [ 663.100373][T12997] ? __kmalloc+0xb7/0x240 [ 663.104726][T12997] ? get_free_dqblk+0x49/0x720 [ 663.109495][T12997] ext4_getblk+0x1c9/0x720 [ 663.113909][T12997] ? ext4_fill_super+0x5fb5/0x6870 [ 663.119044][T12997] ? get_tree_bdev+0x3e5/0x520 [ 663.123809][T12997] ? ext4_get_block_unwritten+0x100/0x100 [ 663.129542][T12997] ext4_bread+0x2a/0x170 [ 663.133789][T12997] ext4_quota_write+0x23b/0x580 [ 663.138644][T12997] ? ext4_quota_read+0x380/0x380 [ 663.143584][T12997] ? get_free_dqblk+0x49/0x720 [ 663.148353][T12997] ? rcu_is_watching+0x15/0xb0 [ 663.153121][T12997] get_free_dqblk+0x380/0x720 [ 663.157802][T12997] ? ext4_quota_read+0x380/0x380 [ 663.162750][T12997] do_insert_tree+0x253/0x10a0 [ 663.167520][T12997] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 663.173295][T12997] do_insert_tree+0xa1e/0x10a0 [ 663.178072][T12997] do_insert_tree+0xa1e/0x10a0 [ 663.182855][T12997] do_insert_tree+0xa1e/0x10a0 [ 663.187632][T12997] qtree_write_dquot+0x49f/0x5d0 [ 663.192576][T12997] ? qtree_entry_unused+0xe0/0xe0 [ 663.197604][T12997] ? down_write+0x16e/0x200 [ 663.202200][T12997] v2_write_dquot+0x10c/0x1a0 [ 663.206884][T12997] dquot_acquire+0x320/0x610 [ 663.211484][T12997] ext4_acquire_dquot+0x2ea/0x4d0 [ 663.216516][T12997] dqget+0x717/0xbb0 [ 663.220416][T12997] __dquot_initialize+0x3ad/0xd10 [ 663.225444][T12997] ? dquot_initialize+0x20/0x20 [ 663.230305][T12997] ext4_process_orphan+0x4c/0x2e0 [ 663.235333][T12997] ext4_orphan_cleanup+0xc33/0x1470 [ 663.240534][T12997] ? ext4_orphan_del+0xc90/0xc90 [ 663.245468][T12997] ? ext4_register_li_request+0x182/0x930 [ 663.251186][T12997] ? errseq_check_and_advance+0x66/0x120 [ 663.256876][T12997] ext4_fill_super+0x5fb5/0x6870 [ 663.261869][T12997] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 663.268144][T12997] ? __might_sleep+0xe0/0xe0 [ 663.272739][T12997] ? read_lock_is_recursive+0x20/0x20 [ 663.278116][T12997] ? snprintf+0xe9/0x140 [ 663.282421][T12997] ? down_read_killable+0x340/0x340 [ 663.287636][T12997] ? setup_bdev_super+0x56b/0x660 [ 663.292660][T12997] get_tree_bdev+0x3e5/0x520 [ 663.297249][T12997] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 663.303492][T12997] ? setup_bdev_super+0x660/0x660 [ 663.308516][T12997] ? apparmor_capable+0x137/0x1a0 [ 663.313590][T12997] ? bpf_lsm_capable+0x9/0x10 [ 663.318295][T12997] ? security_capable+0x89/0xb0 [ 663.323154][T12997] vfs_get_tree+0x8c/0x280 [ 663.327571][T12997] do_new_mount+0x24a/0xa40 [ 663.332112][T12997] __se_sys_mount+0x2e7/0x3d0 [ 663.336796][T12997] ? __x64_sys_mount+0xc0/0xc0 [ 663.341567][T12997] ? lockdep_hardirqs_on+0x98/0x150 [ 663.346814][T12997] ? __x64_sys_mount+0x20/0xc0 [ 663.351591][T12997] do_syscall_64+0x55/0xb0 [ 663.356013][T12997] ? clear_bhb_loop+0x40/0x90 [ 663.360687][T12997] ? clear_bhb_loop+0x40/0x90 [ 663.365364][T12997] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 663.371271][T12997] RIP: 0033:0x7f8c2799e0ca [ 663.375700][T12997] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 663.395326][T12997] RSP: 002b:00007f8c2884ae58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 663.403748][T12997] RAX: ffffffffffffffda RBX: 00007f8c2884aee0 RCX: 00007f8c2799e0ca [ 663.411720][T12997] RDX: 0000200000000340 RSI: 0000200000000980 RDI: 00007f8c2884aea0 [ 663.419692][T12997] RBP: 0000200000000340 R08: 00007f8c2884aee0 R09: 0000000000008000 [ 663.427663][T12997] R10: 0000000000008000 R11: 0000000000000246 R12: 0000200000000980 [ 663.435718][T12997] R13: 00007f8c2884aea0 R14: 0000000000000519 R15: 00002000000006c0 [ 663.443695][T12997] [ 663.446719][T12997] Modules linked in: [ 663.450616][T12997] CR2: ffffffffffffff93 [ 663.454765][T12997] ---[ end trace 0000000000000000 ]--- [ 663.460215][T12997] RIP: 0010:ext4_ext_map_blocks+0x2d21/0x6890 [ 663.466293][T12997] Code: 8b 7c 24 18 4d 85 ff 0f 84 b1 e2 ff ff e8 87 ba 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 e7 1d 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 10 49 8d 47 28 48 [ 663.485902][T12997] RSP: 0018:ffffc9000c5a6b40 EFLAGS: 00010246 [ 663.491978][T12997] RAX: 0000000000000000 RBX: 0000000000000029 RCX: 0000000000080000 [ 663.499946][T12997] RDX: ffffc9000cf89000 RSI: 00000000000580ea RDI: ffffffffffffff93 [ 663.507917][T12997] RBP: ffffc9000c5a6df0 R08: ffff88802c4a0000 R09: 0000000000000002 [ 663.515887][T12997] R10: 00000000ffffffe4 R11: 0000000000000002 R12: 0000000000000001 [ 663.523853][T12997] R13: 1ffff920018b4d94 R14: dffffc0000000000 R15: ffffffffffffff8b [ 663.531838][T12997] FS: 00007f8c2884b6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 663.540767][T12997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 663.547347][T12997] CR2: ffffffffffffff93 CR3: 000000002d3b8000 CR4: 00000000003506f0 [ 663.555394][T12997] Kernel panic - not syncing: Fatal exception [ 663.561678][T12997] Kernel Offset: disabled [ 663.565991][T12997] Rebooting in 86400 seconds..