last executing test programs: 15.528258229s ago: executing program 2 (id=803): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40000f63c) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000000)={0x80, 0x10, 0x2, 0x0, 0x56, 0x101, 0x0}) chdir(&(0x7f00000003c0)='./bus\x00') r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078) 13.322292671s ago: executing program 2 (id=808): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x6) eventfd(0x10000f7) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2}) close_range(r0, 0xffffffffffffffff, 0x0) 11.637523599s ago: executing program 1 (id=812): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40000f63c) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000000)={0x80, 0x10, 0x2, 0x0, 0x56, 0x101, 0x0}) chdir(&(0x7f00000003c0)='./bus\x00') open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) 11.609944053s ago: executing program 0 (id=814): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@init_itable}, {@resuid}, {@stripe={'stripe', 0x3d, 0x40}}]}, 0x3, 0x463, &(0x7f0000000340)="$eJzs281vFOUfAPDvTLvlxw+wFfGFF7WKxsaXlgIqBw9qNPGAiYke9Ni0C0EWatqaCCEKxuDJGBPvxqP/gie9GOPJxKveDQkxXABPa2Z3BnaX3aUsu11gP59k4Hnmpc/325mn+8w8OwGMrOnsnyRia0T8GRGT9WrzDtP1/65cOrN49dKZxSSq1Xf/SWr7Xb50ZrHYtThuS16ZSSPSL5LY3abd1VOnjy9UKuWVvD63duKjudVTp184dmLhaPlo+eT+Q4cOHph/+aX9L/Ylzyymy7s+Xd6z860Pvnn78FdN+bfk0SfT3TY+Xa32ubnh2tZQTsaHGAi3ZCwistNVqvX/yRiL6ydvMt78fKjBAQNVrVarWzpvPlsF7mFJNNd1eRgVxQd9dv9bLK2DgFcHN/wYuouv1W+Asryv5Et9y3ik+T6llvvbfpqOiPfP/vtdtsRgnkMAADT5KRv/PN9u/JfGQw373ZfPDU1FxP0RsT0iHoiIHRHxYERt34cj4pFbbL91kuTG8U96oafE1ikb/72Sz201j/+K0V9MjeW1bbX8S8mRY5Xyvvx3MhOlTVl9vksbP7/xx9edtjWO/7Ila78YC+ZxXBjf1HzM0sLawu3k3OjiuYhd4+3yT67NBCQRsTMidvXYxrFnf9jTadvN8++iD/NM1e8jnqmf/7PRkn8h6T4/Ofe/qJT3zRVXxY1++/38O53av638+yA7//9ve/1fy38qKeZr0yivrN56G+f/+rLjPU2v1/9E8l6tPJGv+2RhbW1lPmIiOVwPunH9/uvHFvVi/yz/mb3t+//2uP6b2B0R2UX8aEQ8FhGP57E/ERFPRsTeLvn/+vpTH/ae/2Bl+S+t9/xXKuWVhsJEtK5pXxg7/suPTY1O3ZD/1e7n/2CtNJOvWc/fv/XEVenpagYAAIC7TxoRWyNJZ6+V03R2tv59+R0RaWV5de25I8sfn1yqvyMwFaW0eNI12fA8dD6/ra/Xz0VE/asFxfYD+XPjb8c21+qzi8uVpWEnDyNuS4f+n/l7bNjRAQPnfS0YXfo/jK519v977JV1IHz+w0hr0/83DyMOYOO1+/z/bAhxABuvpf+b9oMR4v4fRlen/l+d3OBAgA1X7/+G/TBiVjfHzV+S71ooflKPh9+zhSjdEWEMrBDpHRFGa6EUEXdAGHd/Ybh/lwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrlvwAAAP//HArhUQ==") syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 11.420556783s ago: executing program 2 (id=815): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001000030400000000fdffff0000000300", @ANYBLOB="0000f0ff4000000014001280090001007663616e0000000004000680080040"], 0x3c}}, 0x0) 10.668359531s ago: executing program 3 (id=816): syz_open_dev$video4linux(&(0x7f0000000000), 0x3fe, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f00000000c0)=0x3, 0x4) r1 = syz_open_dev$media(&(0x7f0000000080), 0x34, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f00000002c0)) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000100)=0xffffffffffffffff) ioctl$MEDIA_REQUEST_IOC_QUEUE(r6, 0x7c80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x40204706, &(0x7f0000000040)={0x1, 0x0, 0x5, 0x0, 0x0, "3eccd8f9d200000500"}) 10.249481653s ago: executing program 2 (id=817): fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000300)='acl\x00\x9a\v\x9e\xd4\x10\x18\xe6\xca\xf1\x0f\xc8H\xc8#A@\x9a\xe4r\x89h8\x1b\xab\x84<\x85\xe5\x88j_<(nW4\xe4\xbb\xe9PF\x1b|\xc4\xa1\xa0\x9e\x81\xa0lZS\'\x8f\x91\xf7\x03\xa2\x8cd\x1f\xd3y\xce\x1asj\x98\xb5\x95\xdf\x915\a\x97=\xa9\xe7A\x12\xc2\xf5_\x11\b\x00\x00\x00\x00\x00\x00\x00\x1c\x1e:^\xdeNT\xe8O\xe8\x1ez\x9e\xc8\x8eo@Ti\xf6\xe5F\x0fv\xf1H\xdf\xf1\xe1\x9en\xc1\xd1\xca\xca\x89\"\xe4\x9c\xe6\xc2\xd8\xaa\xf6\f>\x19\x15t=\x1eXp\xba~\xb8xd>\x92LO\x06\xa3\xfdS\x01\xd1GE\x0f\x98L\x99#\xef5\xed[H\x104\xcd\xe23l\xd1\x9fc5\x87\xb4\xd7\xf6\xecr)\x0f\xc7\xe4\x1d[\x82\xc3\x18\xa4{\xecF\x81\xdb', 0x0, 0xffffffffffffff9c) syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d0009058223"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340)) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2}) 9.310231598s ago: executing program 0 (id=819): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010001090003206d0414c340000000000109022400010000a0000904000001030101000921000800012203000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000001180)=ANY=[], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000240)={0xe7, &(0x7f0000000200)={0x0, 0x11, 0x1, "d3"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='@0J'], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0}) 9.173399154s ago: executing program 1 (id=820): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000003a61000000000000000a5800000006465efe2c0004802800018007000100637400001c0002800800014000000002080002400000001408000440000000170900010073797a30000000000900020073797a3200000000"], 0x80}}, 0x24004800) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x20004000) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r2 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(0x0, r3, 0x0) io_uring_enter(r2, 0x207a98, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000480)=""/179, 0xb3) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket(0x10, 0x6, 0x4) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) setrlimit(0x1, &(0x7f0000000000)={0x5, 0x3ff}) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet(r6, &(0x7f0000000280)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x4}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 9.172341754s ago: executing program 3 (id=821): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ptrace(0x10, 0x0) ptrace$getregset(0x4205, 0x0, 0x402, &(0x7f0000000240)={&(0x7f0000000180)=""/108, 0x6c}) r3 = socket(0x28, 0x1, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffa1, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[], 0x40}}, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}}], 0x2, 0x2004000) ioprio_set$pid(0x2, 0x0, 0x6000) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/rcu_normal', 0x14f242, 0x42) connect$packet(r3, &(0x7f0000000500)={0x28}, 0x14) connect$packet(r3, &(0x7f0000000000)={0x28, 0x4, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) 7.840652014s ago: executing program 3 (id=822): gettid() madvise(&(0x7f0000bde000/0x1000)=nil, 0x1000, 0xb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, 0x0, 0x0) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r2 = socket$packet(0x11, 0x2, 0x300) syz_open_dev$video4linux(&(0x7f00000001c0), 0x2, 0x40080) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) sendto$inet6(r3, 0x0, 0xfffffffffffffe33, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e20, 0x800000, @empty, 0x9}, 0x1c) recvmmsg(r3, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000040)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendto$packet(r2, &(0x7f0000000400)="205ae946", 0x4, 0x20008801, &(0x7f00000002c0)={0x11, 0x88a8, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) 7.838503785s ago: executing program 4 (id=823): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioprio_set$pid(0x2, 0x0, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)) chdir(&(0x7f0000000440)='./bus\x00') r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xaa, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) 6.577006246s ago: executing program 4 (id=824): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)}], 0x1}], 0x1, 0x8004) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x7) mkdirat(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$usbfs(0x0, 0x200800000800078, 0x80501) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x500000, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) poll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2}], 0x1, 0x7f) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x200100, 0x0) 6.294358084s ago: executing program 1 (id=825): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x6) eventfd(0x10000f7) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2}) close_range(r0, 0xffffffffffffffff, 0x0) 6.162556045s ago: executing program 2 (id=826): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0xc000) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x2c, &(0x7f00000006c0)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 5.947964706s ago: executing program 1 (id=827): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f00000000c0)={[{@user_xattr}, {@noquota}, {@init_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x1e2c}}, {@usrquota}, {@quota}, {@mb_optimize_scan}]}, 0x3, 0x4d5, &(0x7f0000001300)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYGxtaZ/61JdCn0uh5E8ohUD7XkppCW2SPvShrYrkq8ZxZVvGP+RYnw8c33PuvdL3HMk60rnncm8AbetcRIxEREdEXIyI3nR9Jk2xspqq+z15fG+8mpKoVG59nkSSrqs/V5IuT6QP646Iv/0l4p/JD+OWlpZnxgqF/EJazpVn53OlpeVL07NjU/mp/NzI0ODV4WvDV4YHdq2t1//0yUv/eePP19/97Z2PRj+78K9qtXrSbWvb0YyVJvdbbXpX7bWo64yIhe0EO8A60vZ0tboiAAA0pfob/8cR8cuIePpqq2sDAAAA7IXKH3ri6ySiAgAAABxamdo5sEkmm54L0BOZTDa7eg7vT+N4plAslX8zWVycm1g9V7YvujKT04X8QHqucF90JdXyYC3/rHx5XXkoIk5FxP96j9XK2fFiYaLVBz8AAACgTZxYN/7/snd1/A8AAAAcMn2trgAAAACw54z/AQAA4PDbcPyfdO5vRQAAAIC98NcbN6qpUr//9cTtpcWZ4u1LE/nSTHZ2cTw7XlyYz04Vi1O1a/bNbvV8hWJx/ncxt3g3V86XyrnS0vLobHFxrjxau6/3aN59ogEAAGD/nfrFgw+TiFj5/bFaqjqSbmtirD6yt7UD9lJme7sne1UPYP91tLoCQMs4wRfal/l4YIuB/f/Xlbd52AAAADgI+n+2o/l/84HwAjOQh/Zl/h/al/l/aF/m/6HNHd16l+6NNrzXxPM7SggAAAdCTy0lmWw6F9gTmUw2G3GydluArmRyupAfiIgfRcQHvV1Hq+XBVlcaAAAAAAAAAAAAAAAAAAAAAAAAAF4wlUoSFQAAAOBQi8h8mqS36OrvPd+z/vjAkeSr3toyIu68duvlu2Pl8sJgdf0X368vv5Kuv9yKIxgAAADAevVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC76cnje+P1tJ9xH/0xIvoaxe+M7tqy++3eiDj+NInONY9LIqJjF+Kv3I+I043iJ9VqRV9ai/XxMxFxrMXxT+xCfGhnD6r9z0ijz18mztWWjT9/nWnaqUfnNur/MvX+r9bPNer/TjYZ48zDt3Ibxr8fcaazcf9Tj5/ssP/9x9+XlzfaVnk9or/h90/yXKxceXY+V1pavjQ9OzaVn8rPDQ0NXh2+NnxleCA3OV3Ip38bxvjvz9/5drP2H98gft8W7T/fZPu/eXj38U82iX/hV43f/9ObxK++9r9Ovweq2/vr+ZXV/Fpn33z/7LpVR9bGn9ig/Vu9/xeabP/Fm//+uMldAYB9UFpanhkrFPILMjI7yNT/nw5KfWTSzM30jdn2w1vXJwEAAHvj2Y/+VtcEAAAAAAAAAAAAAAAAAAAA2tdzF/3qiIjdvgjZ0eevLNDduqYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzquwAAAP//e4jN8A==") lchown(&(0x7f0000000040)='.\x00', 0xee00, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB='\x00\x00\x00']) r2 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 5.862247763s ago: executing program 0 (id=828): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000f0ff4000000014001280090001007663616e0000000004000680080040"], 0x3c}}, 0x0) 4.316693784s ago: executing program 3 (id=829): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$video4linux(0x0, 0xd36, 0x18bc80) ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000001cc0)=0x8000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SIOCRSSCAUSE(0xffffffffffffffff, 0x89e1, &(0x7f0000000180)=0x4) r5 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r5, &(0x7f0000000340)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) bind$rxrpc(r5, &(0x7f0000001280)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e21, @local}}, 0x24) r6 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r6, 0x0, 0x2, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r6, &(0x7f0000000000)='./file1\x00', r6, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f0000001200)='./file1\x00') ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000400)={0xf0f020}) syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f00000005c0)='./file1\x00', 0xc248, &(0x7f0000000000), 0x83, 0x5f6, &(0x7f0000001740)="$eJzs3c9rHGUfAPDvzCZp0uZ90768iC2KAQ8tSNOkFque2nqwh4IFexDx0NAkNXT7gyYVWwum4EFBQcSrSC/+A96ldw+CCOrNs1BFKh5UujK7M82a7qQhTTJp5vOB2TzPM5N9nm9mn8wzs/vsBFBbo9lDGrE7Ik4nESNd64ajs3I03+7Ob9fPZEsSrdarvyaR5GXF9nfznzuyhyRiMCK+PRbxv8b99c5dvXZustnqeDfiwPz5Swfmrl7bP3t+8uz02ekLEwefP3R4/IWJQxNrEmcR1/ETrzzx0XtvPjfzXXN/EkfiVP87U7EkjrUyGqNxNw8xy7eSTnlfRBzOEj3+Lo+aLRBCrTXy12N/RDwWI9Fo5zpGYvbDShsHrKtWI6IF1FSi/0NNFeOA4tx+Pc6DN7PbRzsnQPfH39e5NhKD7XOj7XeSrjOjzrWNnWtQf1bH39f3fJYtUXIdom8N6imzcKN9+adH/Em7bTvbkWbxp/86189+ZzwiBvL2vfQQbei+RrLRr78s/nh8ZfF374cs/iP5z6z82CrrH12Sr1v/A6Aat47mB/KFLLd4/MuOxsX4J3qMf4Z7HLtWo+rjX/n4rzjeD7bHPemScVgSESd7P2X/0oKfPjj+SVn93eO/bMnqL8aCG+H2jYg9S+J/Pws2H/9k8Sc99n+2yekV1vHy978cL1tXdfytmxF7S8a/hSy1zPuTB2Zmm9PjnceedXz19RtflNVfdfzZ/t++zPi/bP9nZZdWWMeXJ2+eL1s3/MD4058HklPt1EBe8vbk/PzliYiB5ES+SVf5weXbUmxTPEcW/76ne/f/5eIfKv5lrsCl187dKVv3kPv/bmuFG5bJ4p9a5f7/OP87PMgfr195smzdcvGv5LkBAAAAAACARWn7PdgkHbuXTtOxsc4c3v/H9rR5cW7+mZmLVy5MRexrfx6yPy3e6R7p5JMsP5F/HrbIH1ySfzYidkXEp42hdn7szMXmVNXBAwAAAAAAAAAAAAAAAAAAwCaxI5//X9yD6fdGZ/4/UBPreYM5YHPT/6G+2v0/rboVQBUc/6G+9H+oL/0f6kv/h/rS/6G++krSwNanz0N96f8AAAAAsCXteurWj0lELLw41F4yA/m6/kpbBqw3fRzqq1F1A4DK3Hvr3/R/qJ0Vjf//bG2LiFZr/ZsDVCDpVdgeHORfDFrW+W/1/E0AAAAAAAAAAAAAYB3s3W3+P9SVaX9QXw8x/99XB8Ajzlf/Q305xwceNIt/sGyF+f8AAAAAAAAAAAAAsGGG20uSjuVzgYcjTcfGIv4TETujP5mZbU6PR8R/I+KHRv+2LD9RdaMBAAAAAAAAAAAAAAAAAABgi5m7eu3cZLM5fbk78dd9JVs7UdwFdbO0pzsRycZXOhQRmyH2VSbS5bfp6ypJIhayPV95mzuJ2Ki63vqm84pfLNm2dJsq/ysBAAAAAAAAAAAAAAAAAEA9dc097m3P5xvcIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYeIv3/1+/RNUxAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPpn8CAAD//9ROPtM=") munmap(&(0x7f0000003000/0x3000)=nil, 0x3000) 4.25202739s ago: executing program 4 (id=830): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1000, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000200)='./file0\x00', r3, r4) write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x76e1c523, 0x401, 0x4, 0x3, 0x0, 0x0, 0x0, 0x100, 0xa4001f7e}}, 0x50) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r5 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000080)={0x19}) openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x585400, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ecbb5}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r5, {0x2, 0x4e24, @empty}, 0x0, 0x3, 0x2, 0x1}}, 0x2e) close(0xffffffffffffffff) 4.226781236s ago: executing program 0 (id=831): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, r3, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) 3.196404907s ago: executing program 4 (id=832): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)=@abs={0x1, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20004004}, 0x10000) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2, 0x0, 0x200}, 0x18) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x7fff}, 0x1c) sendto$inet6(r3, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r3, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_uring_setup(0x4d3f, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.911663412s ago: executing program 4 (id=833): socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ptrace(0x10, 0x0) ptrace$getregset(0x4205, 0x0, 0x402, &(0x7f0000000240)={&(0x7f0000000180)=""/108, 0x6c}) r3 = socket(0x28, 0x1, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffa1, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[], 0x40}}, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}}], 0x2, 0x2004000) ioprio_set$pid(0x2, 0x0, 0x6000) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/rcu_normal', 0x14f242, 0x42) connect$packet(r3, &(0x7f0000000500)={0x28}, 0x14) connect$packet(r3, &(0x7f0000000000)={0x28, 0x4, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) 2.399849765s ago: executing program 1 (id=834): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0x40}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}, {&(0x7f0000000300)=""/225, 0xe1}], 0x2, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0) 2.365717138s ago: executing program 0 (id=835): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf") r0 = socket(0x8, 0x3, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, 0x0, 0x0) 2.223800048s ago: executing program 3 (id=836): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x20004000) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_io_uring_setup(0x234, 0x0, 0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(0x0, r2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000480)=""/179, 0xb3) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket(0x10, 0x6, 0x4) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) setrlimit(0x1, &(0x7f0000000000)={0x5, 0x3ff}) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 2.123924194s ago: executing program 2 (id=837): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) syz_io_uring_setup(0x1714, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_procfs$pagemap(0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2.059481584s ago: executing program 1 (id=838): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_procfs$pagemap(0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020) 1.461472172s ago: executing program 0 (id=839): socket$netlink(0x10, 0x3, 0x9) socket$nl_netfilter(0x10, 0x3, 0xc) fanotify_init(0x202, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote, r3}, 0x14) 1.085417182s ago: executing program 3 (id=840): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010001090003206d0414c340000000000109022400010000a0000904000001030101000921000800012203000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000001180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='@0J'], 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 4 (id=841): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)}], 0x1}], 0x1, 0x8004) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x7) mkdirat(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$usbfs(0x0, 0x200800000800078, 0x80501) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x500000, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) poll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2}], 0x1, 0x7f) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x200100, 0x0) kernel console output (not intermixed with test programs): nable to read xattr id index table [ 190.349089][ T6886] loop3: detected capacity change from 0 to 32768 [ 190.963972][ T6886] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.223 (6886) [ 191.045074][ T6886] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 191.055609][ T6886] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 191.064236][ T6886] BTRFS info (device loop3): disk space caching is enabled [ 191.071562][ T6886] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 191.648474][ T6886] BTRFS info (device loop3): rebuilding free space tree [ 191.689718][ T6886] BTRFS info (device loop3): disabling free space tree [ 191.696897][ T6886] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 191.708697][ T6886] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 191.820923][ T6886] overlayfs: missing 'workdir' [ 191.857681][ T30] audit: type=1800 audit(1751616604.403:6): pid=6886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.223" name="bus" dev="loop3" ino=265 res=0 errno=0 [ 192.367591][ T5832] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 192.664207][ T6926] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 192.664207][ T6926] The task syz.0.232 (6926) triggered the difference, watch for misbehavior. [ 193.467677][ T6937] syz.2.233: attempt to access beyond end of device [ 193.467677][ T6937] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 193.523667][ T6937] syz.2.233: attempt to access beyond end of device [ 193.523667][ T6937] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 194.733231][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.740209][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.434323][ T5879] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 195.632358][ T5879] usb 1-1: config index 0 descriptor too short (expected 62914, got 27) [ 195.643831][ T5879] usb 1-1: config 17 has too many interfaces: 95, using maximum allowed: 32 [ 195.683089][ T5879] usb 1-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 195.702767][ T5879] usb 1-1: config 17 has 0 interfaces, different from the descriptor's value: 95 [ 195.718643][ T5879] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 195.736060][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.262978][ T5879] usb 1-1: string descriptor 0 read error: -71 [ 196.268855][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 196.275647][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 196.276741][ T5879] usb 1-1: USB disconnect, device number 5 [ 196.773875][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 196.784131][ T5829] Bluetooth: hci4: command 0x0406 tx timeout [ 196.790097][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 198.574384][ T3080] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 198.784726][ T3080] usb 5-1: device descriptor read/64, error -71 [ 199.064561][ T3080] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 199.204389][ T3080] usb 5-1: device descriptor read/64, error -71 [ 199.594754][ T3080] usb usb5-port1: attempt power cycle [ 200.434449][ T3080] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 200.556068][ T3080] usb 5-1: device descriptor read/8, error -71 [ 200.845391][ T3080] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 200.889035][ T3080] usb 5-1: device descriptor read/8, error -71 [ 200.957979][ T7005] loop2: detected capacity change from 0 to 512 [ 201.069545][ T7005] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.086505][ T3080] usb usb5-port1: unable to enumerate USB device [ 201.105377][ T7005] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.172688][ T7005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.251'. [ 201.733927][ T7012] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 202.121658][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.376740][ T7033] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 205.047002][ T5892] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 205.265558][ T5892] usb 1-1: Using ep0 maxpacket: 32 [ 205.294688][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 205.355993][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 205.411552][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 205.432095][ T5892] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 205.447327][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.473296][ T5892] usb 1-1: config 0 descriptor?? [ 205.494621][ T5892] hub 1-1:0.0: USB hub found [ 205.792130][ T5892] hub 1-1:0.0: 2 ports detected [ 205.797740][ T10] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 205.938529][ T7057] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 206.108698][ T10] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 206.230795][ T10] usb 5-1: config 0 has no interface number 0 [ 206.311462][ T10] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 206.324380][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.332700][ T10] usb 5-1: Product: syz [ 206.337829][ T10] usb 5-1: Manufacturer: syz [ 206.342526][ T10] usb 5-1: SerialNumber: syz [ 206.370102][ T10] usb 5-1: config 0 descriptor?? [ 206.583161][ T7056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.265'. [ 206.592615][ T7056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.265'. [ 207.506079][ T5892] hub 1-1:0.0: activate --> -90 [ 207.866184][ T10] usb 5-1: Firmware version (0.0) predates our first public release. [ 207.881259][ T10] usb 5-1: Please update to version 0.2 or newer [ 208.045142][ T7076] loop1: detected capacity change from 0 to 512 [ 208.081197][ T10] usb 5-1: USB disconnect, device number 10 [ 208.092544][ T7080] syz.3.269: attempt to access beyond end of device [ 208.092544][ T7080] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 208.105502][ T7080] syz.3.269: attempt to access beyond end of device [ 208.105502][ T7080] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 208.127221][ T7076] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.175899][ T7076] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 208.259536][ T7076] netlink: 4 bytes leftover after parsing attributes in process `syz.1.270'. [ 208.264686][ T977] usb 1-1: USB disconnect, device number 6 [ 209.278875][ T7088] netlink: 28 bytes leftover after parsing attributes in process `syz.3.272'. [ 209.288726][ T7088] netlink: 28 bytes leftover after parsing attributes in process `syz.3.272'. [ 209.946339][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.730076][ T7114] overlayfs: missing 'lowerdir' [ 211.742594][ T7114] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 212.937496][ T7125] syz.1.282: attempt to access beyond end of device [ 212.937496][ T7125] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 212.950647][ T7125] syz.1.282: attempt to access beyond end of device [ 212.950647][ T7125] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 216.593187][ T7158] loop3: detected capacity change from 0 to 40427 [ 216.610486][ T7158] F2FS-fs (loop3): invalid crc value [ 216.677487][ T7158] F2FS-fs (loop3): Start checkpoint disabled! [ 216.687446][ T7158] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 216.952095][ T7163] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 217.079562][ T7164] cgroup: Bad value for 'release_agent' [ 217.788883][ T997] kworker/u8:5: attempt to access beyond end of device [ 217.788883][ T997] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 217.854984][ T997] kworker/u8:5: attempt to access beyond end of device [ 217.854984][ T997] loop3: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 217.875102][ T997] CPU: 0 UID: 0 PID: 997 Comm: kworker/u8:5 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 217.875125][ T997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.875136][ T997] Workqueue: writeback wb_workfn (flush-7:3) [ 217.875163][ T997] Call Trace: [ 217.875171][ T997] [ 217.875180][ T997] dump_stack_lvl+0x189/0x250 [ 217.875211][ T997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.875231][ T997] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 217.875255][ T997] ? __pfx_queue_work_on+0x10/0x10 [ 217.875280][ T997] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 217.875303][ T997] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 217.875328][ T997] ? f2fs_hw_is_readonly+0x39b/0x470 [ 217.875354][ T997] f2fs_handle_critical_error+0x37c/0x540 [ 217.875383][ T997] f2fs_write_end_io+0x495/0x810 [ 217.875402][ T997] ? blkg_put+0x22/0x240 [ 217.875440][ T997] __submit_merged_bio+0x27a/0x6a0 [ 217.875483][ T997] __submit_merged_write_cond+0x255/0x530 [ 217.875513][ T997] f2fs_write_data_pages+0x261d/0x3000 [ 217.875576][ T997] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.875615][ T997] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 217.875681][ T997] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 217.875717][ T997] ? trace_f2fs_writepages+0x7f/0x200 [ 217.875738][ T997] ? f2fs_write_node_pages+0x478/0x6e0 [ 217.875764][ T997] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 217.875792][ T997] ? __lock_acquire+0xab9/0xd20 [ 217.875818][ T997] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.875841][ T997] do_writepages+0x32e/0x550 [ 217.875871][ T997] ? reacquire_held_locks+0x127/0x1d0 [ 217.875892][ T997] ? writeback_sb_inodes+0x384/0x1010 [ 217.875925][ T997] __writeback_single_inode+0x145/0xff0 [ 217.875947][ T997] ? do_raw_spin_unlock+0x122/0x240 [ 217.875970][ T997] writeback_sb_inodes+0x6c7/0x1010 [ 217.876025][ T997] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 217.876119][ T997] ? rcu_is_watching+0x15/0xb0 [ 217.876153][ T997] wb_writeback+0x43b/0xaf0 [ 217.876186][ T997] ? queue_io+0x3a1/0x590 [ 217.876212][ T997] ? __pfx_wb_writeback+0x10/0x10 [ 217.876244][ T997] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.876274][ T997] wb_workfn+0x409/0xef0 [ 217.876312][ T997] ? __pfx_wb_workfn+0x10/0x10 [ 217.876338][ T997] ? __lock_acquire+0xab9/0xd20 [ 217.876371][ T997] ? process_scheduled_works+0x9ef/0x17b0 [ 217.876401][ T997] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.876422][ T997] ? process_scheduled_works+0x9ef/0x17b0 [ 217.876442][ T997] ? process_scheduled_works+0x9ef/0x17b0 [ 217.876469][ T997] process_scheduled_works+0xae1/0x17b0 [ 217.876528][ T997] ? __pfx_process_scheduled_works+0x10/0x10 [ 217.876572][ T997] worker_thread+0x8a0/0xda0 [ 217.876628][ T997] kthread+0x70e/0x8a0 [ 217.876649][ T997] ? __pfx_worker_thread+0x10/0x10 [ 217.876670][ T997] ? __pfx_kthread+0x10/0x10 [ 217.876690][ T997] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.876712][ T997] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.876734][ T997] ? __pfx_kthread+0x10/0x10 [ 217.876752][ T997] ret_from_fork+0x3fc/0x770 [ 217.876778][ T997] ? __pfx_ret_from_fork+0x10/0x10 [ 217.876807][ T997] ? __switch_to_asm+0x39/0x70 [ 217.876822][ T997] ? __switch_to_asm+0x33/0x70 [ 217.876837][ T997] ? __pfx_kthread+0x10/0x10 [ 217.876856][ T997] ret_from_fork_asm+0x1a/0x30 [ 217.876893][ T997] [ 217.876900][ T997] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 218.284706][ T997] CPU: 1 UID: 0 PID: 997 Comm: kworker/u8:5 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 218.284731][ T997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.284743][ T997] Workqueue: writeback wb_workfn (flush-7:3) [ 218.284770][ T997] Call Trace: [ 218.284778][ T997] [ 218.284787][ T997] dump_stack_lvl+0x189/0x250 [ 218.284818][ T997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.284839][ T997] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 218.284863][ T997] ? __pfx_queue_work_on+0x10/0x10 [ 218.284888][ T997] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 218.284911][ T997] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 218.284936][ T997] ? f2fs_hw_is_readonly+0x39b/0x470 [ 218.284962][ T997] f2fs_handle_critical_error+0x37c/0x540 [ 218.284988][ T997] f2fs_write_end_io+0x495/0x810 [ 218.285008][ T997] ? blkg_put+0x22/0x240 [ 218.285043][ T997] __submit_merged_bio+0x27a/0x6a0 [ 218.285070][ T997] __submit_merged_write_cond+0x255/0x530 [ 218.285097][ T997] f2fs_write_data_pages+0x261d/0x3000 [ 218.285154][ T997] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 218.285190][ T997] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 218.285248][ T997] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 218.285282][ T997] ? trace_f2fs_writepages+0x7f/0x200 [ 218.285303][ T997] ? f2fs_write_node_pages+0x478/0x6e0 [ 218.285328][ T997] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 218.285354][ T997] ? __lock_acquire+0xab9/0xd20 [ 218.285379][ T997] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 218.285401][ T997] do_writepages+0x32e/0x550 [ 218.285429][ T997] ? reacquire_held_locks+0x127/0x1d0 [ 218.285451][ T997] ? writeback_sb_inodes+0x384/0x1010 [ 218.285498][ T997] __writeback_single_inode+0x145/0xff0 [ 218.285520][ T997] ? do_raw_spin_unlock+0x122/0x240 [ 218.285542][ T997] writeback_sb_inodes+0x6c7/0x1010 [ 218.285591][ T997] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 218.285660][ T997] ? rcu_is_watching+0x15/0xb0 [ 218.285692][ T997] wb_writeback+0x43b/0xaf0 [ 218.285723][ T997] ? queue_io+0x3a1/0x590 [ 218.285748][ T997] ? __pfx_wb_writeback+0x10/0x10 [ 218.285778][ T997] ? _raw_spin_unlock_irq+0x23/0x50 [ 218.285807][ T997] wb_workfn+0x409/0xef0 [ 218.285842][ T997] ? __pfx_wb_workfn+0x10/0x10 [ 218.285866][ T997] ? __lock_acquire+0xab9/0xd20 [ 218.285898][ T997] ? process_scheduled_works+0x9ef/0x17b0 [ 218.285926][ T997] ? _raw_spin_unlock_irq+0x23/0x50 [ 218.285947][ T997] ? process_scheduled_works+0x9ef/0x17b0 [ 218.285967][ T997] ? process_scheduled_works+0x9ef/0x17b0 [ 218.285990][ T997] process_scheduled_works+0xae1/0x17b0 [ 218.286043][ T997] ? __pfx_process_scheduled_works+0x10/0x10 [ 218.286083][ T997] worker_thread+0x8a0/0xda0 [ 218.286134][ T997] kthread+0x70e/0x8a0 [ 218.286154][ T997] ? __pfx_worker_thread+0x10/0x10 [ 218.286176][ T997] ? __pfx_kthread+0x10/0x10 [ 218.286194][ T997] ? _raw_spin_unlock_irq+0x23/0x50 [ 218.286215][ T997] ? lockdep_hardirqs_on+0x9c/0x150 [ 218.286236][ T997] ? __pfx_kthread+0x10/0x10 [ 218.286254][ T997] ret_from_fork+0x3fc/0x770 [ 218.286279][ T997] ? __pfx_ret_from_fork+0x10/0x10 [ 218.286307][ T997] ? __switch_to_asm+0x39/0x70 [ 218.286322][ T997] ? __switch_to_asm+0x33/0x70 [ 218.286337][ T997] ? __pfx_kthread+0x10/0x10 [ 218.286355][ T997] ret_from_fork_asm+0x1a/0x30 [ 218.286389][ T997] [ 218.290041][ T997] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 218.334681][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 218.484339][ T10] usb 5-1: device descriptor read/64, error -71 [ 218.862745][ T7171] netlink: 16 bytes leftover after parsing attributes in process `syz.2.296'. [ 218.894286][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 219.024312][ T10] usb 5-1: device descriptor read/64, error -71 [ 219.057228][ T7175] syz.0.295: attempt to access beyond end of device [ 219.057228][ T7175] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 219.070127][ T7175] syz.0.295: attempt to access beyond end of device [ 219.070127][ T7175] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 219.199591][ T10] usb usb5-port1: attempt power cycle [ 219.616095][ T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 219.661348][ T10] usb 5-1: device descriptor read/8, error -71 [ 219.822271][ T7183] loop0: detected capacity change from 0 to 2048 [ 219.867427][ T7183] NILFS (loop0): invalid segment: Magic number mismatch [ 219.897331][ T7183] NILFS (loop0): trying rollback from an earlier position [ 219.924746][ T10] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 219.940008][ T7183] NILFS (loop0): recovery complete [ 219.972693][ T10] usb 5-1: device descriptor read/8, error -71 [ 219.991507][ T7188] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 220.047866][ T7189] loop1: detected capacity change from 0 to 2048 [ 220.104633][ T10] usb usb5-port1: unable to enumerate USB device [ 220.589920][ T7189] NILFS (loop1): invalid segment: Magic number mismatch [ 220.655976][ T7189] NILFS (loop1): trying rollback from an earlier position [ 221.910518][ T7189] NILFS (loop1): recovery complete [ 222.209029][ T7193] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 223.262827][ T7200] Zero length message leads to an empty skb [ 225.219647][ T7213] loop1: detected capacity change from 0 to 512 [ 225.477369][ T7213] EXT4-fs: Ignoring removed oldalloc option [ 225.534679][ T7213] EXT4-fs (loop1): 1 truncate cleaned up [ 225.902986][ T7213] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.200206][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.665777][ T7231] syz.4.310: attempt to access beyond end of device [ 226.665777][ T7231] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0 [ 226.678678][ T7231] syz.4.310: attempt to access beyond end of device [ 226.678678][ T7231] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0 [ 227.440520][ T7239] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 227.465895][ T7241] syz.1.309: attempt to access beyond end of device [ 227.465895][ T7241] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 227.479149][ T7241] syz.1.309: attempt to access beyond end of device [ 227.479149][ T7241] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 228.545844][ T30] audit: type=1400 audit(1751616641.083:7): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3AF4F9904E7FDB3635A70D23C73EEAF23A3F503280080CA26230668AD9DCF8B061228F8599D34E45087D21AA56759E1651B3DD467BDEF390C76D pid=7243 comm="syz.4.313" [ 229.341499][ T7251] loop0: detected capacity change from 0 to 512 [ 229.388189][ T7251] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 229.422116][ T7251] EXT4-fs (loop0): 1 truncate cleaned up [ 229.435990][ T7251] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.541379][ T7258] overlayfs: conflicting lowerdir path [ 229.622333][ T30] audit: type=1800 audit(1751616642.163:8): pid=7251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.314" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 229.671629][ T7260] loop3: detected capacity change from 0 to 512 [ 229.675358][ T7253] loop1: detected capacity change from 0 to 4096 [ 229.739483][ T7253] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 229.798550][ T7260] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.900591][ T7260] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 229.929836][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.963208][ T7260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.317'. [ 230.709509][ T7268] loop0: detected capacity change from 0 to 512 [ 230.765714][ T7268] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 230.897720][ T7268] EXT4-fs (loop0): 1 truncate cleaned up [ 230.905280][ T7268] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 231.048613][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.074611][ T7278] overlayfs: conflicting lowerdir path [ 231.144640][ T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 231.164707][ T30] audit: type=1800 audit(1751616643.713:9): pid=7268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.318" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 231.827330][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 231.841309][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.880641][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.023763][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.091370][ T24] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 232.101846][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.118705][ T24] usb 2-1: config 0 descriptor?? [ 233.523308][ T7298] syz.4.325: attempt to access beyond end of device [ 233.523308][ T7298] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0 [ 233.536408][ T7298] syz.4.325: attempt to access beyond end of device [ 233.536408][ T7298] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0 [ 233.594688][ T24] ft260 0003:0403:6030.0005: failed to retrieve chip version [ 233.614656][ T24] ft260 0003:0403:6030.0005: probe with driver ft260 failed with error -5 [ 233.740352][ T7301] loop2: detected capacity change from 0 to 2048 [ 233.766971][ T7301] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 234.047946][ T7303] syz.0.323: attempt to access beyond end of device [ 234.047946][ T7303] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 234.060889][ T7303] syz.0.323: attempt to access beyond end of device [ 234.060889][ T7303] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 234.771293][ T7308] loop4: detected capacity change from 0 to 4096 [ 234.791123][ T7308] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512). [ 234.803553][ T7312] loop0: detected capacity change from 0 to 512 [ 235.779740][ T7312] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.765237][ T7312] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.778621][ T3080] usb 2-1: USB disconnect, device number 4 [ 236.841287][ T7312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.330'. [ 237.641774][ T3080] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 238.324945][ T3080] usb 3-1: Using ep0 maxpacket: 32 [ 238.364269][ T3080] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.379947][ T3080] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 238.409515][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.410967][ T3080] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 238.514225][ T3080] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.539272][ T3080] usb 3-1: config 0 descriptor?? [ 238.900633][ T7360] syz.1.339: attempt to access beyond end of device [ 238.900633][ T7360] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 238.914547][ T7360] syz.1.339: attempt to access beyond end of device [ 238.914547][ T7360] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 238.962335][ T3080] usb 3-1: string descriptor 0 read error: -32 [ 238.974615][ T3080] usb 3-1: USB disconnect, device number 7 [ 239.353621][ T7363] syz.3.340: attempt to access beyond end of device [ 239.353621][ T7363] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 239.366676][ T7363] syz.3.340: attempt to access beyond end of device [ 239.366676][ T7363] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 241.016490][ T7375] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 241.649753][ T7377] loop0: detected capacity change from 0 to 4096 [ 241.700140][ T7377] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512). [ 242.106044][ T7389] syz.4.347: attempt to access beyond end of device [ 242.106044][ T7389] nbd4: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 242.119696][ T7389] SQUASHFS error: Failed to read block 0x0: -5 [ 242.126211][ T7389] unable to read squashfs_super_block [ 242.188763][ T7390] o2cb: This node has not been configured. [ 242.195387][ T7390] o2cb: Cluster check failed. Fix errors before retrying. [ 242.203209][ T7390] (syz.4.347,7390,1):user_dlm_register:674 ERROR: status = -22 [ 242.210855][ T7390] (syz.4.347,7390,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 242.664268][ T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 242.728214][ T7388] netlink: 28 bytes leftover after parsing attributes in process `syz.1.349'. [ 243.752109][ T7388] netlink: 28 bytes leftover after parsing attributes in process `syz.1.349'. [ 244.541509][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 244.582914][ T24] usb 5-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6 [ 244.604410][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.631206][ T24] usb 5-1: config 0 descriptor?? [ 245.125629][ T24] HFC-S_USB 5-1:0.0: probe with driver HFC-S_USB failed with error -5 [ 245.175632][ T24] usb 5-1: USB disconnect, device number 15 [ 245.713393][ T7410] loop4: detected capacity change from 0 to 512 [ 246.006108][ T7416] loop3: detected capacity change from 0 to 1764 [ 246.013456][ T7416] iso9660: Unknown parameter 'de' [ 246.160091][ T7410] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 246.198668][ T7410] EXT4-fs (loop4): 1 truncate cleaned up [ 246.239550][ T7410] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.451886][ T7410] overlayfs: conflicting lowerdir path [ 246.458499][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 246.502721][ T30] audit: type=1800 audit(1751616659.043:10): pid=7410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.355" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 246.624214][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 246.639533][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 246.665805][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 246.719220][ T7427] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 246.734309][ T24] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 246.818118][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 246.830635][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 246.848041][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.862103][ T24] usb 4-1: Product: syz [ 246.869365][ T24] usb 4-1: Manufacturer: syz [ 246.873982][ T24] usb 4-1: SerialNumber: syz [ 246.910750][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.765253][ T24] usb 4-1: 0:2 : does not exist [ 248.944679][ T24] usb 4-1: USB disconnect, device number 7 [ 249.057518][ T6064] udevd[6064]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 249.309602][ T7448] loop0: detected capacity change from 0 to 2048 [ 249.628442][ T7448] NILFS (loop0): invalid segment: Magic number mismatch [ 249.655910][ T7448] NILFS (loop0): trying rollback from an earlier position [ 249.670903][ T7446] loop3: detected capacity change from 0 to 4096 [ 249.763673][ T7446] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 249.777937][ T7448] NILFS (loop0): recovery complete [ 249.861784][ T7458] random: crng reseeded on system resumption [ 250.126535][ T7457] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 254.120213][ T7473] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 255.704803][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.712581][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.345909][ T7493] loop4: detected capacity change from 0 to 512 [ 256.356897][ T7493] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 256.398722][ T7493] EXT4-fs (loop4): 1 truncate cleaned up [ 256.405592][ T7493] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.454803][ T977] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 256.501370][ T7493] overlayfs: conflicting lowerdir path [ 256.614292][ T5879] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 256.634295][ T977] usb 4-1: Using ep0 maxpacket: 32 [ 256.651114][ T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.673703][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.703270][ T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.739260][ T977] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 256.769070][ T977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.791533][ T7502] loop2: detected capacity change from 0 to 4096 [ 256.801633][ T7502] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 256.821439][ T977] usb 4-1: config 0 descriptor?? [ 256.844310][ T5879] usb 2-1: Using ep0 maxpacket: 32 [ 257.155740][ T5879] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 257.357059][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 257.582635][ T7509] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 258.007900][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 258.018869][ T5879] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 258.028749][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.051653][ T5879] usb 2-1: config 0 descriptor?? [ 258.072266][ T977] ft260 0003:0403:6030.0006: failed to retrieve chip version [ 258.085918][ T5879] hub 2-1:0.0: USB hub found [ 258.103104][ T977] ft260 0003:0403:6030.0006: probe with driver ft260 failed with error -5 [ 258.565500][ T5879] hub 2-1:0.0: 2 ports detected [ 258.918060][ T7522] loop0: detected capacity change from 0 to 512 [ 258.947396][ T7522] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.103796][ T7522] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.155463][ T7522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.385'. [ 259.784308][ T5879] hub 2-1:0.0: activate --> -90 [ 259.851438][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.996089][ T24] usb 4-1: USB disconnect, device number 8 [ 260.244417][ T977] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 260.575418][ T5949] usb 2-1: USB disconnect, device number 5 [ 260.582981][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 260.791796][ T977] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 260.924734][ T977] usb 1-1: config 0 has no interface number 0 [ 260.933650][ T977] usb 1-1: config 0 interface 184 has no altsetting 0 [ 260.947132][ T977] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 260.963517][ T977] usb 1-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3 [ 260.976476][ T977] usb 1-1: Product: syz [ 260.980651][ T977] usb 1-1: Manufacturer: syz [ 260.986183][ T977] usb 1-1: SerialNumber: syz [ 261.121802][ T977] usb 1-1: config 0 descriptor?? [ 261.132353][ T977] smsc75xx v1.0.0 [ 261.513598][ T7551] loop3: detected capacity change from 0 to 4096 [ 261.537966][ T7551] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 261.624416][ T5949] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 261.770603][ T977] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 261.821085][ T977] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 262.563361][ T5949] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 262.641255][ T5949] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 262.641411][ T977] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 262.701726][ T977] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 262.714259][ T977] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 262.744588][ T977] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61 [ 262.764011][ T5949] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 262.904696][ T5949] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 262.929792][ T5949] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 262.941091][ T5949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.000643][ T5949] usb 3-1: config 0 descriptor?? [ 263.094984][ T7566] loop4: detected capacity change from 0 to 512 [ 263.155995][ T7566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.175082][ T7566] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 263.175277][ T7570] overlayfs: missing 'lowerdir' [ 263.244732][ T7566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.397'. [ 263.344536][ T977] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 263.644386][ T7576] loop1: detected capacity change from 0 to 1024 [ 263.810199][ T5949] plantronics 0003:047F:FFFF.0007: ignoring exceeding usage max [ 263.954403][ T977] usb 4-1: Using ep0 maxpacket: 32 [ 263.961567][ T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.972846][ T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.983144][ T977] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 263.999308][ T5949] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 264.002314][ T977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.155796][ T7573] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 264.163096][ T10] usb 1-1: USB disconnect, device number 7 [ 264.210509][ T977] usb 4-1: config 0 descriptor?? [ 264.354755][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.399139][ T7585] loop1: detected capacity change from 0 to 512 [ 264.558455][ T7585] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.852305][ T977] ft260 0003:0403:6030.0008: failed to retrieve chip version [ 264.861191][ T7585] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 264.882666][ T977] ft260 0003:0403:6030.0008: probe with driver ft260 failed with error -5 [ 264.920885][ T7585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.400'. [ 265.488871][ T5949] usb 3-1: USB disconnect, device number 8 [ 265.851506][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.215069][ T7612] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 266.563824][ T7608] loop4: detected capacity change from 0 to 4096 [ 266.591957][ T7608] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512). [ 266.603136][ T7606] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 267.670583][ T24] usb 4-1: USB disconnect, device number 9 [ 267.842004][ T7623] loop1: detected capacity change from 0 to 512 [ 268.013712][ T7627] overlayfs: missing 'lowerdir' [ 268.206799][ T7630] loop2: detected capacity change from 0 to 1024 [ 268.315847][ T7623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 268.387100][ T7623] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 268.556767][ T7623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.408'. [ 268.691193][ T7633] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 268.757104][ T7635] loop0: detected capacity change from 0 to 2048 [ 268.877906][ T7635] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 268.913370][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.956517][ T7645] loop2: detected capacity change from 0 to 512 [ 270.150946][ T7645] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.200429][ T7645] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.870902][ T7657] netlink: 4 bytes leftover after parsing attributes in process `syz.2.415'. [ 271.576417][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.764235][ T7665] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 271.982649][ T7668] loop0: detected capacity change from 0 to 512 [ 272.084515][ T7668] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 272.182198][ T7674] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 272.207099][ T7668] EXT4-fs (loop0): 1 truncate cleaned up [ 272.285532][ T7676] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 272.324829][ T3080] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 272.395608][ T7668] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 272.674248][ T3080] usb 3-1: Using ep0 maxpacket: 32 [ 272.687268][ T3080] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 272.690698][ T30] audit: type=1800 audit(1751616685.233:11): pid=7668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.420" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 272.773909][ T3080] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 272.852740][ T3080] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 273.124766][ T3080] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.167904][ T3080] usb 3-1: config 0 descriptor?? [ 273.191542][ T3080] hub 3-1:0.0: bad descriptor, ignoring hub [ 273.329811][ T3080] hub 3-1:0.0: probe with driver hub failed with error -5 [ 273.335160][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.339054][ T3080] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 273.550405][ T7686] overlayfs: missing 'lowerdir' [ 273.924743][ T30] audit: type=1400 audit(1751616686.393:12): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3AF4F9904E7FDB3635A70D23C73EEAF23A3F503280080CA26230668AD9DCF8B061228F8599D34E45087D21AA56759E1651B3DD467BDEF390C76D pid=7683 comm="syz.3.424" [ 273.953297][ C0] vkms_vblank_simulate: vblank timer overrun [ 274.018056][ T7686] loop0: detected capacity change from 0 to 1024 [ 274.383019][ T7698] loop1: detected capacity change from 0 to 2048 [ 274.406051][ T7695] netlink: 28 bytes leftover after parsing attributes in process `syz.4.426'. [ 274.444908][ T7698] NILFS (loop1): invalid segment: Magic number mismatch [ 274.460931][ T7695] netlink: 28 bytes leftover after parsing attributes in process `syz.4.426'. [ 274.473558][ T7698] NILFS (loop1): trying rollback from an earlier position [ 274.495639][ T7702] loop3: detected capacity change from 0 to 512 [ 274.974602][ T7698] NILFS (loop1): recovery complete [ 275.032546][ T7702] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.056856][ T7713] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 275.068602][ T7702] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 275.234670][ T7715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.429'. [ 276.231983][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.357304][ T5879] usb 3-1: USB disconnect, device number 9 [ 276.997194][ T5833] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 278.254879][ T5833] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 278.280600][ T5833] usb 4-1: config 0 has no interface number 0 [ 279.611202][ T5833] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 279.655282][ T7742] overlayfs: missing 'lowerdir' [ 279.710322][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.749359][ T5833] usb 4-1: Product: syz [ 279.885215][ T5833] usb 4-1: config 0 descriptor?? [ 279.954446][ T5833] usb 4-1: can't set config #0, error -71 [ 279.964514][ T5833] usb 4-1: USB disconnect, device number 10 [ 279.999285][ T7742] loop2: detected capacity change from 0 to 1024 [ 280.624042][ T7753] syz.3.440: attempt to access beyond end of device [ 280.624042][ T7753] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 280.636997][ T7753] syz.3.440: attempt to access beyond end of device [ 280.636997][ T7753] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 280.694695][ T30] audit: type=1400 audit(1751616692.733:13): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3AF4F9904E7FDB3635A70D23C73EEAF23A3F503280080CA26230668AD9DCF8B061228F8599D34E45087D21AA56759E1651B3DD467BDEF390C76D pid=7744 comm="syz.1.439" [ 285.861821][ T7802] syz.3.452: attempt to access beyond end of device [ 285.861821][ T7802] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 285.875999][ T7802] syz.3.452: attempt to access beyond end of device [ 285.875999][ T7802] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 288.013269][ T7818] overlayfs: missing 'lowerdir' [ 288.371336][ T7829] loop4: detected capacity change from 0 to 1024 [ 288.583916][ T7835] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 288.753470][ T7835] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 289.028781][ T7841] loop2: detected capacity change from 0 to 40427 [ 289.075661][ T7841] F2FS-fs (loop2): invalid crc value [ 289.162399][ T7841] F2FS-fs (loop2): Start checkpoint disabled! [ 289.503640][ T7841] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 289.574373][ T5914] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 289.769445][ T7849] cgroup: Bad value for 'release_agent' [ 290.220121][ T5914] usb 5-1: Using ep0 maxpacket: 32 [ 290.564310][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.575896][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.603081][ T5914] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 290.612570][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.623235][ T13] kworker/u8:1: attempt to access beyond end of device [ 290.623235][ T13] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 290.649552][ T5914] usb 5-1: config 0 descriptor?? [ 290.756699][ T13] kworker/u8:1: attempt to access beyond end of device [ 290.756699][ T13] loop2: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 290.782321][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 290.782346][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 290.782357][ T13] Workqueue: writeback wb_workfn (flush-7:2) [ 290.782399][ T13] Call Trace: [ 290.782407][ T13] [ 290.782415][ T13] dump_stack_lvl+0x189/0x250 [ 290.782446][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.782467][ T13] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 290.782492][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 290.782524][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 290.782547][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 290.782572][ T13] ? f2fs_hw_is_readonly+0x39b/0x470 [ 290.782599][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 290.782628][ T13] f2fs_write_end_io+0x495/0x810 [ 290.782649][ T13] ? blkg_put+0x22/0x240 [ 290.782687][ T13] __submit_merged_bio+0x27a/0x6a0 [ 290.782715][ T13] __submit_merged_write_cond+0x255/0x530 [ 290.782745][ T13] f2fs_write_data_pages+0x261d/0x3000 [ 290.782804][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 290.782841][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 290.782907][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 290.782944][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 290.782966][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 290.782992][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 290.783020][ T13] ? __lock_acquire+0xab9/0xd20 [ 290.783046][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 290.783068][ T13] do_writepages+0x32e/0x550 [ 290.783099][ T13] ? reacquire_held_locks+0x127/0x1d0 [ 290.783120][ T13] ? writeback_sb_inodes+0x384/0x1010 [ 290.783152][ T13] __writeback_single_inode+0x145/0xff0 [ 290.783174][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 290.783197][ T13] writeback_sb_inodes+0x6c7/0x1010 [ 290.783253][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 290.783327][ T13] ? rcu_is_watching+0x15/0xb0 [ 290.783362][ T13] wb_writeback+0x43b/0xaf0 [ 290.783394][ T13] ? queue_io+0x3a1/0x590 [ 290.783419][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 290.783452][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 290.783482][ T13] wb_workfn+0x409/0xef0 [ 290.783528][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 290.783553][ T13] ? __lock_acquire+0xab9/0xd20 [ 290.783588][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 290.783618][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 290.783639][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 290.783659][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 290.783683][ T13] process_scheduled_works+0xae1/0x17b0 [ 290.783741][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 290.783781][ T13] worker_thread+0x8a0/0xda0 [ 290.783845][ T13] kthread+0x70e/0x8a0 [ 290.783867][ T13] ? __pfx_worker_thread+0x10/0x10 [ 290.783888][ T13] ? __pfx_kthread+0x10/0x10 [ 290.783908][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 290.783930][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.783952][ T13] ? __pfx_kthread+0x10/0x10 [ 290.783971][ T13] ret_from_fork+0x3fc/0x770 [ 290.783996][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 290.784026][ T13] ? __switch_to_asm+0x39/0x70 [ 290.784041][ T13] ? __switch_to_asm+0x33/0x70 [ 290.784055][ T13] ? __pfx_kthread+0x10/0x10 [ 290.784074][ T13] ret_from_fork_asm+0x1a/0x30 [ 290.784110][ T13] [ 290.784118][ T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 291.246266][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 291.246291][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.246302][ T13] Workqueue: writeback wb_workfn (flush-7:2) [ 291.246333][ T13] Call Trace: [ 291.246340][ T13] [ 291.246348][ T13] dump_stack_lvl+0x189/0x250 [ 291.246378][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.246399][ T13] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 291.246421][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 291.246445][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 291.246468][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 291.246492][ T13] ? f2fs_hw_is_readonly+0x39b/0x470 [ 291.246529][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 291.246558][ T13] f2fs_write_end_io+0x495/0x810 [ 291.246580][ T13] ? blkg_put+0x22/0x240 [ 291.246617][ T13] __submit_merged_bio+0x27a/0x6a0 [ 291.246647][ T13] __submit_merged_write_cond+0x255/0x530 [ 291.246677][ T13] f2fs_write_data_pages+0x261d/0x3000 [ 291.246738][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 291.246775][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 291.246843][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 291.246881][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 291.246904][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 291.246930][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 291.246959][ T13] ? __lock_acquire+0xab9/0xd20 [ 291.246985][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 291.247009][ T13] do_writepages+0x32e/0x550 [ 291.247039][ T13] ? reacquire_held_locks+0x127/0x1d0 [ 291.247060][ T13] ? writeback_sb_inodes+0x384/0x1010 [ 291.247094][ T13] __writeback_single_inode+0x145/0xff0 [ 291.247117][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 291.247140][ T13] writeback_sb_inodes+0x6c7/0x1010 [ 291.247197][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 291.247273][ T13] ? rcu_is_watching+0x15/0xb0 [ 291.247308][ T13] wb_writeback+0x43b/0xaf0 [ 291.247342][ T13] ? queue_io+0x3a1/0x590 [ 291.247368][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 291.247402][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 291.247433][ T13] wb_workfn+0x409/0xef0 [ 291.247473][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 291.247507][ T13] ? __lock_acquire+0xab9/0xd20 [ 291.247542][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 291.247573][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 291.247594][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 291.247614][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 291.247638][ T13] process_scheduled_works+0xae1/0x17b0 [ 291.247699][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 291.247743][ T13] worker_thread+0x8a0/0xda0 [ 291.247799][ T13] kthread+0x70e/0x8a0 [ 291.247821][ T13] ? __pfx_worker_thread+0x10/0x10 [ 291.247842][ T13] ? __pfx_kthread+0x10/0x10 [ 291.247862][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 291.247883][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.247905][ T13] ? __pfx_kthread+0x10/0x10 [ 291.247924][ T13] ret_from_fork+0x3fc/0x770 [ 291.247950][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 291.247980][ T13] ? __switch_to_asm+0x39/0x70 [ 291.247995][ T13] ? __switch_to_asm+0x33/0x70 [ 291.248009][ T13] ? __pfx_kthread+0x10/0x10 [ 291.248028][ T13] ret_from_fork_asm+0x1a/0x30 [ 291.248066][ T13] [ 291.248428][ T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 293.560030][ T5914] ft260 0003:0403:6030.0009: failed to retrieve chip version [ 293.567941][ T5914] ft260 0003:0403:6030.0009: probe with driver ft260 failed with error -71 [ 293.580532][ T5914] usb 5-1: USB disconnect, device number 16 [ 295.200971][ T7884] overlayfs: missing 'lowerdir' [ 295.582092][ T7892] syz.0.476: attempt to access beyond end of device [ 295.582092][ T7892] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 295.595421][ T7892] SQUASHFS error: Failed to read block 0x0: -5 [ 295.601724][ T7892] unable to read squashfs_super_block [ 295.658144][ T7893] o2cb: This node has not been configured. [ 295.664065][ T7893] o2cb: Cluster check failed. Fix errors before retrying. [ 295.671317][ T7893] (syz.0.476,7893,1):user_dlm_register:674 ERROR: status = -22 [ 295.678985][ T7893] (syz.0.476,7893,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 295.839385][ T7897] loop3: detected capacity change from 0 to 1024 [ 296.354116][ T5949] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 296.424063][ T7885] netlink: 28 bytes leftover after parsing attributes in process `syz.4.477'. [ 296.434448][ T7885] netlink: 28 bytes leftover after parsing attributes in process `syz.4.477'. [ 296.686745][ T5949] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 296.708591][ T5949] usb 1-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6 [ 297.274727][ T5949] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.305244][ T5949] usb 1-1: config 0 descriptor?? [ 297.324592][ T5960] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 297.338385][ T5949] HFC-S_USB 1-1:0.0: probe with driver HFC-S_USB failed with error -5 [ 297.814332][ T7890] loop0: detected capacity change from 0 to 32768 [ 297.821294][ T7890] o2cb: This node has not been configured. [ 297.827230][ T7890] o2cb: Cluster check failed. Fix errors before retrying. [ 297.834392][ T7890] (syz.0.476,7890,1):user_dlm_register:674 ERROR: status = -22 [ 297.841947][ T7890] (syz.0.476,7890,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file0" [ 297.847750][ T7913] loop2: detected capacity change from 0 to 40427 [ 297.880043][ T7913] F2FS-fs (loop2): invalid crc value [ 297.964508][ T7913] F2FS-fs (loop2): Start checkpoint disabled! [ 297.979291][ T7913] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 297.994438][ T5960] usb 2-1: Using ep0 maxpacket: 16 [ 298.002421][ T5960] usb 2-1: config 7 has an invalid interface number: 76 but max is 0 [ 298.161248][ T5960] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 298.171879][ T5960] usb 2-1: config 7 has no interface number 0 [ 298.178149][ T5960] usb 2-1: config 7 interface 76 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 298.193809][ T5960] usb 2-1: config 7 interface 76 has no altsetting 0 [ 298.212055][ T5960] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=b7.d3 [ 298.888288][ T7920] cgroup: Bad value for 'release_agent' [ 299.234462][ T43] usb 1-1: USB disconnect, device number 8 [ 299.240418][ T5960] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.259577][ T5960] usb 2-1: Product: syz [ 299.263777][ T5960] usb 2-1: Manufacturer: syz [ 299.268512][ T5960] usb 2-1: SerialNumber: syz [ 299.322304][ T6137] kworker/u8:9: attempt to access beyond end of device [ 299.322304][ T6137] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 299.388473][ T6137] kworker/u8:9: attempt to access beyond end of device [ 299.388473][ T6137] loop2: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 299.424699][ T6137] CPU: 0 UID: 0 PID: 6137 Comm: kworker/u8:9 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 299.424734][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.424746][ T6137] Workqueue: writeback wb_workfn (flush-7:2) [ 299.424773][ T6137] Call Trace: [ 299.424781][ T6137] [ 299.424789][ T6137] dump_stack_lvl+0x189/0x250 [ 299.424821][ T6137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.424842][ T6137] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 299.424865][ T6137] ? __pfx_queue_work_on+0x10/0x10 [ 299.424891][ T6137] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 299.424913][ T6137] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 299.424938][ T6137] ? f2fs_hw_is_readonly+0x39b/0x470 [ 299.424965][ T6137] f2fs_handle_critical_error+0x37c/0x540 [ 299.424992][ T6137] f2fs_write_end_io+0x495/0x810 [ 299.425013][ T6137] ? blkg_put+0x22/0x240 [ 299.425050][ T6137] __submit_merged_bio+0x27a/0x6a0 [ 299.425079][ T6137] __submit_merged_write_cond+0x255/0x530 [ 299.425109][ T6137] f2fs_write_data_pages+0x261d/0x3000 [ 299.425173][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 299.425210][ T6137] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 299.425278][ T6137] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 299.425315][ T6137] ? trace_f2fs_writepages+0x7f/0x200 [ 299.425336][ T6137] ? f2fs_write_node_pages+0x478/0x6e0 [ 299.425363][ T6137] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 299.425391][ T6137] ? __lock_acquire+0xab9/0xd20 [ 299.425417][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 299.425440][ T6137] do_writepages+0x32e/0x550 [ 299.425470][ T6137] ? reacquire_held_locks+0x127/0x1d0 [ 299.425492][ T6137] ? writeback_sb_inodes+0x384/0x1010 [ 299.425525][ T6137] __writeback_single_inode+0x145/0xff0 [ 299.425548][ T6137] ? do_raw_spin_unlock+0x122/0x240 [ 299.425571][ T6137] writeback_sb_inodes+0x6c7/0x1010 [ 299.425627][ T6137] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 299.425702][ T6137] ? rcu_is_watching+0x15/0xb0 [ 299.425745][ T6137] wb_writeback+0x43b/0xaf0 [ 299.425778][ T6137] ? queue_io+0x3a1/0x590 [ 299.425805][ T6137] ? __pfx_wb_writeback+0x10/0x10 [ 299.425838][ T6137] ? _raw_spin_unlock_irq+0x23/0x50 [ 299.425868][ T6137] wb_workfn+0x409/0xef0 [ 299.425906][ T6137] ? __pfx_wb_workfn+0x10/0x10 [ 299.425932][ T6137] ? __lock_acquire+0xab9/0xd20 [ 299.425966][ T6137] ? process_scheduled_works+0x9ef/0x17b0 [ 299.425996][ T6137] ? _raw_spin_unlock_irq+0x23/0x50 [ 299.426017][ T6137] ? process_scheduled_works+0x9ef/0x17b0 [ 299.426037][ T6137] ? process_scheduled_works+0x9ef/0x17b0 [ 299.426061][ T6137] process_scheduled_works+0xae1/0x17b0 [ 299.426121][ T6137] ? __pfx_process_scheduled_works+0x10/0x10 [ 299.426165][ T6137] worker_thread+0x8a0/0xda0 [ 299.426221][ T6137] kthread+0x70e/0x8a0 [ 299.426243][ T6137] ? __pfx_worker_thread+0x10/0x10 [ 299.426264][ T6137] ? __pfx_kthread+0x10/0x10 [ 299.426284][ T6137] ? _raw_spin_unlock_irq+0x23/0x50 [ 299.426306][ T6137] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.426329][ T6137] ? __pfx_kthread+0x10/0x10 [ 299.426355][ T6137] ret_from_fork+0x3fc/0x770 [ 299.426381][ T6137] ? __pfx_ret_from_fork+0x10/0x10 [ 299.426411][ T6137] ? __switch_to_asm+0x39/0x70 [ 299.426426][ T6137] ? __switch_to_asm+0x33/0x70 [ 299.426441][ T6137] ? __pfx_kthread+0x10/0x10 [ 299.426459][ T6137] ret_from_fork_asm+0x1a/0x30 [ 299.426498][ T6137] [ 299.431097][ T6137] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 299.694270][ T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 299.797922][ T7926] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 299.882843][ T7930] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 300.430414][ T5960] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 300.547190][ T6137] CPU: 0 UID: 0 PID: 6137 Comm: kworker/u8:9 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 300.547214][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.547225][ T6137] Workqueue: writeback wb_workfn (flush-7:2) [ 300.547252][ T6137] Call Trace: [ 300.547260][ T6137] [ 300.547268][ T6137] dump_stack_lvl+0x189/0x250 [ 300.547296][ T6137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.547315][ T6137] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 300.547336][ T6137] ? __pfx_queue_work_on+0x10/0x10 [ 300.547359][ T6137] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 300.547381][ T6137] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 300.547406][ T6137] ? f2fs_hw_is_readonly+0x39b/0x470 [ 300.547429][ T6137] f2fs_handle_critical_error+0x37c/0x540 [ 300.547455][ T6137] f2fs_write_end_io+0x495/0x810 [ 300.547474][ T6137] ? blkg_put+0x22/0x240 [ 300.547507][ T6137] __submit_merged_bio+0x27a/0x6a0 [ 300.547531][ T6137] __submit_merged_write_cond+0x255/0x530 [ 300.547556][ T6137] f2fs_write_data_pages+0x261d/0x3000 [ 300.547611][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 300.547654][ T6137] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 300.547712][ T6137] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 300.547744][ T6137] ? trace_f2fs_writepages+0x7f/0x200 [ 300.547765][ T6137] ? f2fs_write_node_pages+0x478/0x6e0 [ 300.547788][ T6137] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 300.547813][ T6137] ? __lock_acquire+0xab9/0xd20 [ 300.547838][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 300.547860][ T6137] do_writepages+0x32e/0x550 [ 300.547887][ T6137] ? reacquire_held_locks+0x127/0x1d0 [ 300.547906][ T6137] ? writeback_sb_inodes+0x384/0x1010 [ 300.547937][ T6137] __writeback_single_inode+0x145/0xff0 [ 300.547959][ T6137] ? do_raw_spin_unlock+0x122/0x240 [ 300.547981][ T6137] writeback_sb_inodes+0x6c7/0x1010 [ 300.548029][ T6137] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 300.548094][ T6137] ? rcu_is_watching+0x15/0xb0 [ 300.548126][ T6137] wb_writeback+0x43b/0xaf0 [ 300.548155][ T6137] ? queue_io+0x3a1/0x590 [ 300.548180][ T6137] ? __pfx_wb_writeback+0x10/0x10 [ 300.548211][ T6137] ? _raw_spin_unlock_irq+0x23/0x50 [ 300.548239][ T6137] wb_workfn+0x409/0xef0 [ 300.548273][ T6137] ? __pfx_wb_workfn+0x10/0x10 [ 300.548297][ T6137] ? __lock_acquire+0xab9/0xd20 [ 300.548328][ T6137] ? process_scheduled_works+0x9ef/0x17b0 [ 300.548357][ T6137] ? _raw_spin_unlock_irq+0x23/0x50 [ 300.548378][ T6137] ? process_scheduled_works+0x9ef/0x17b0 [ 300.548398][ T6137] ? process_scheduled_works+0x9ef/0x17b0 [ 300.548421][ T6137] process_scheduled_works+0xae1/0x17b0 [ 300.548475][ T6137] ? __pfx_process_scheduled_works+0x10/0x10 [ 300.548528][ T6137] worker_thread+0x8a0/0xda0 [ 300.548579][ T6137] kthread+0x70e/0x8a0 [ 300.548600][ T6137] ? __pfx_worker_thread+0x10/0x10 [ 300.548627][ T6137] ? __pfx_kthread+0x10/0x10 [ 300.548646][ T6137] ? _raw_spin_unlock_irq+0x23/0x50 [ 300.548668][ T6137] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.548691][ T6137] ? __pfx_kthread+0x10/0x10 [ 300.548709][ T6137] ret_from_fork+0x3fc/0x770 [ 300.548735][ T6137] ? __pfx_ret_from_fork+0x10/0x10 [ 300.548763][ T6137] ? __switch_to_asm+0x39/0x70 [ 300.548778][ T6137] ? __switch_to_asm+0x33/0x70 [ 300.548793][ T6137] ? __pfx_kthread+0x10/0x10 [ 300.548811][ T6137] ret_from_fork_asm+0x1a/0x30 [ 300.548847][ T6137] [ 300.548854][ T6137] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 300.611448][ T5960] snd-usb-audio 2-1:7.76: probe with driver snd-usb-audio failed with error -2 [ 300.995331][ T7934] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 301.374521][ T5960] usb 2-1: USB disconnect, device number 6 [ 301.444233][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 301.592858][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.599704][ T6064] udevd[6064]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:7.76/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 301.738131][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.748357][ T24] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 301.757466][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.768211][ T24] usb 4-1: config 0 descriptor?? [ 302.567169][ T24] ft260 0003:0403:6030.000A: chip code: 6424 8183 [ 302.882346][ T24] ft260 0003:0403:6030.000A: failed to retrieve system status [ 302.911719][ T24] ft260 0003:0403:6030.000A: probe with driver ft260 failed with error -32 [ 303.675975][ T7965] overlayfs: missing 'lowerdir' [ 303.686949][ T7961] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 304.395390][ T7976] overlayfs: overlapping lowerdir path [ 304.438217][ T7971] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 304.447005][ T7971] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 304.510940][ T7975] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 304.554337][ T5879] usb 4-1: USB disconnect, device number 11 [ 305.311093][ T7987] loop0: detected capacity change from 0 to 512 [ 306.179650][ T7994] loop2: detected capacity change from 0 to 512 [ 306.216847][ T7994] EXT4-fs: Ignoring removed oldalloc option [ 306.273861][ T7987] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.309262][ T7994] EXT4-fs (loop2): 1 truncate cleaned up [ 306.320995][ T7994] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.334797][ T7987] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 306.402350][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.496'. [ 306.691691][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.776780][ T8011] overlayfs: missing 'lowerdir' [ 306.926503][ T8013] loop3: detected capacity change from 0 to 1764 [ 306.933806][ T8013] iso9660: Unknown parameter 'de' [ 307.526122][ T7998] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 307.764393][ T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 307.868278][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.948795][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 307.985888][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 308.168900][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 308.181974][ T24] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 308.193779][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 308.214399][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 308.376874][ T8025] syz.1.504: attempt to access beyond end of device [ 308.376874][ T8025] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 308.390614][ T8025] syz.1.504: attempt to access beyond end of device [ 308.390614][ T8025] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 309.732704][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.964896][ T24] usb 4-1: Product: syz [ 309.969115][ T24] usb 4-1: Manufacturer: syz [ 309.973718][ T24] usb 4-1: SerialNumber: syz [ 310.060983][ T24] usb 4-1: can't set config #1, error -71 [ 310.378091][ T8039] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 310.986233][ T24] usb 4-1: USB disconnect, device number 12 [ 312.918446][ T8061] loop1: detected capacity change from 0 to 2048 [ 313.168714][ T8061] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 313.436894][ T8073] overlayfs: missing 'lowerdir' [ 314.033999][ T8071] netlink: 28 bytes leftover after parsing attributes in process `syz.3.517'. [ 314.043370][ T8071] netlink: 28 bytes leftover after parsing attributes in process `syz.3.517'. [ 315.074857][ T8070] loop2: detected capacity change from 0 to 2048 [ 315.262670][ T8070] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 315.428291][ T8084] syz.0.518: attempt to access beyond end of device [ 315.428291][ T8084] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 315.443258][ T8084] syz.0.518: attempt to access beyond end of device [ 315.443258][ T8084] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 317.073834][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.080363][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.260534][ T8108] fuse: Bad value for 'fd' [ 319.080078][ T8120] overlayfs: missing 'lowerdir' [ 319.983985][ T8129] netlink: 28 bytes leftover after parsing attributes in process `syz.3.530'. [ 319.993603][ T8129] netlink: 28 bytes leftover after parsing attributes in process `syz.3.530'. [ 321.034353][ T5914] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 321.095320][ T5879] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 321.568380][ T5914] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 321.576652][ T5914] usb 3-1: config 0 has no interface number 0 [ 321.604842][ T5879] usb 2-1: Using ep0 maxpacket: 32 [ 321.613915][ T5914] usb 3-1: config 0 interface 1 altsetting 0 has an endpoint descriptor with address 0x54, changing to 0x4 [ 321.635118][ T5879] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 321.648172][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 321.669805][ T5914] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x4 has invalid maxpacket 59471, setting to 8 [ 321.708049][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 321.724834][ T8146] overlayfs: missing 'lowerdir' [ 321.731821][ T5914] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 321.764403][ T5879] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 321.889927][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.901302][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.912416][ T5914] usb 3-1: config 0 descriptor?? [ 321.926956][ T5879] usb 2-1: config 0 descriptor?? [ 321.945241][ T5879] hub 2-1:0.0: USB hub found [ 321.964409][ T8147] loop0: detected capacity change from 0 to 1024 [ 322.058191][ T5914] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 322.242701][ T5879] hub 2-1:0.0: 2 ports detected [ 322.938123][ T5960] usb 3-1: USB disconnect, device number 10 [ 323.669038][ T8173] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 323.808104][ T5879] hub 2-1:0.0: activate --> -90 [ 324.324264][ T5879] usb 2-1: Failed to suspend device, error -71 [ 324.343646][ T5914] usb 2-1: USB disconnect, device number 7 [ 324.597269][ T8179] loop4: detected capacity change from 0 to 64 [ 327.276028][ T8203] overlayfs: missing 'lowerdir' [ 327.300596][ T8202] loop1: detected capacity change from 0 to 512 [ 327.507948][ T8204] loop4: detected capacity change from 0 to 1024 [ 327.607087][ T8202] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.644403][ T8202] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 327.752018][ T8202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.549'. [ 328.022543][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.339972][ T8217] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 329.200522][ T8224] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 329.581979][ T8229] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 329.911763][ T8234] loop4: detected capacity change from 0 to 64 [ 331.437227][ T5835] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 331.833444][ T8254] syz.2.562: attempt to access beyond end of device [ 331.833444][ T8254] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 331.853810][ T8254] syz.2.562: attempt to access beyond end of device [ 331.853810][ T8254] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 332.045484][ T5914] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 332.479608][ T5914] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 332.530741][ T5914] usb 1-1: config 0 has no interface number 0 [ 332.565134][ T8260] loop3: detected capacity change from 0 to 8 [ 332.578404][ T8260] syz.3.565: attempt to access beyond end of device [ 332.578404][ T8260] loop3: rw=2048, sector=36028797018963960, nr_sectors = 16 limit=8 [ 332.580336][ T5914] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 332.604314][ T8260] SQUASHFS error: Failed to read block 0xfffffffffffffffa: -5 [ 332.628860][ T8260] unable to read xattr id index table [ 332.648401][ T8264] overlayfs: missing 'lowerdir' [ 332.664257][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.672281][ T5914] usb 1-1: Product: syz [ 332.874251][ T5914] usb 1-1: Manufacturer: syz [ 332.884267][ T5914] usb 1-1: SerialNumber: syz [ 332.903573][ T5914] usb 1-1: config 0 descriptor?? [ 333.682138][ T8268] loop1: detected capacity change from 0 to 1024 [ 333.682138][ T8271] loop4: detected capacity change from 0 to 64 [ 333.683758][ T8267] loop3: detected capacity change from 0 to 32768 [ 333.704916][ T8267] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.565 (8267) [ 333.731813][ T8267] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 333.742874][ T8267] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 333.751431][ T8267] BTRFS info (device loop3): disk space caching is enabled [ 333.758637][ T8267] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 334.017976][ T8267] BTRFS info (device loop3): rebuilding free space tree [ 334.034877][ T8267] BTRFS info (device loop3): disabling free space tree [ 334.041791][ T8267] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 334.053061][ T8267] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 334.233141][ T8292] loop2: detected capacity change from 0 to 512 [ 334.647751][ T8297] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 334.765443][ T8292] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 334.831724][ T8292] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 334.882408][ T5914] usb 1-1: non-Atmel transceiver xxxx3800 [ 334.909695][ T8292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.571'. [ 335.143251][ T5914] usb 1-1: Firmware version (0.0) predates our first public release. [ 335.215511][ T5914] usb 1-1: Please update to version 0.2 or newer [ 335.238485][ T5914] usb 1-1: atusb_probe: initialization failed, error = -19 [ 335.267441][ T5914] usb 1-1: USB disconnect, device number 9 [ 335.480748][ T5832] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 335.620235][ T8307] overlayfs: failed to resolve './file1': -2 [ 335.854516][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.577217][ T5912] IPVS: starting estimator thread 0... [ 336.678682][ T8318] syz.4.576: attempt to access beyond end of device [ 336.678682][ T8318] nbd4: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 336.691956][ T8318] SQUASHFS error: Failed to read block 0x0: -5 [ 336.698389][ T8318] unable to read squashfs_super_block [ 336.759772][ T8319] o2cb: This node has not been configured. [ 336.765696][ T8319] o2cb: Cluster check failed. Fix errors before retrying. [ 336.772964][ T8319] (syz.4.576,8319,1):user_dlm_register:674 ERROR: status = -22 [ 336.780624][ T8319] (syz.4.576,8319,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 337.260109][ T8319] loop4: detected capacity change from 0 to 32768 [ 337.267652][ T8319] o2cb: This node has not been configured. [ 337.273445][ T8319] o2cb: Cluster check failed. Fix errors before retrying. [ 337.280577][ T8319] (syz.4.576,8319,1):user_dlm_register:674 ERROR: status = -22 [ 337.288117][ T8319] (syz.4.576,8319,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file0" [ 337.424235][ T8316] IPVS: using max 36 ests per chain, 86400 per kthread [ 338.152226][ T8326] overlayfs: missing 'lowerdir' [ 338.414038][ T8332] loop3: detected capacity change from 0 to 1024 [ 338.507203][ T8334] loop1: detected capacity change from 0 to 64 [ 338.674297][ T5912] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 338.874276][ T5912] usb 1-1: Using ep0 maxpacket: 32 [ 338.882492][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.894664][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 338.908409][ T5912] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 338.917572][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.932070][ T5912] usb 1-1: config 0 descriptor?? [ 339.501044][ T8339] syz.3.583: attempt to access beyond end of device [ 339.501044][ T8339] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 339.514746][ T8339] syz.3.583: attempt to access beyond end of device [ 339.514746][ T8339] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 340.443090][ T5912] ft260 0003:0403:6030.000B: chip code: 6424 8183 [ 340.474925][ T8345] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 340.624731][ T8349] overlayfs: failed to resolve './file1': -2 [ 340.906755][ T5912] ft260 0003:0403:6030.000B: failed to retrieve system status [ 341.022563][ T5912] ft260 0003:0403:6030.000B: probe with driver ft260 failed with error -5 [ 342.015215][ T8359] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 342.821925][ T5912] usb 1-1: USB disconnect, device number 10 [ 343.134039][ T8366] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 343.145809][ T8366] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 343.817500][ T8369] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 345.553677][ T8369] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 347.715957][ T5835] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 348.005714][ T5914] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 348.184370][ T5914] usb 1-1: device descriptor read/64, error -71 [ 348.434284][ T5914] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 349.641525][ T5914] usb 1-1: device descriptor read/64, error -71 [ 349.784627][ T5914] usb usb1-port1: attempt power cycle [ 349.853085][ T8407] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 350.533453][ T5914] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 350.616109][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 350.623382][ T5914] usb 1-1: device descriptor read/8, error -32 [ 350.900299][ T8416] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 350.909320][ T8416] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 351.387314][ T5912] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 351.897112][ T5912] usb 4-1: Using ep0 maxpacket: 32 [ 351.917258][ T5912] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 352.036602][ T5912] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 352.094208][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.625577][ T5912] usb 4-1: config 0 descriptor?? [ 352.757110][ T5912] hub 4-1:0.0: bad descriptor, ignoring hub [ 352.763060][ T5912] hub 4-1:0.0: probe with driver hub failed with error -5 [ 352.855032][ T5912] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 352.871349][ T8426] loop1: detected capacity change from 0 to 512 [ 352.902615][ T8426] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 352.969030][ T8426] EXT4-fs (loop1): 1 truncate cleaned up [ 352.992652][ T8426] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 353.023164][ T8431] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 353.035586][ T8426] overlay: Unknown parameter '/bus' [ 353.190268][ T8426] overlayfs: conflicting lowerdir path [ 353.254445][ T24] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 353.436755][ T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 353.488540][ T24] usb 3-1: config 0 has no interface number 0 [ 353.577735][ T24] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 59471, setting to 8 [ 353.625188][ T24] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 353.628403][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.653984][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.696839][ T8431] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 353.733783][ T24] usb 3-1: config 0 descriptor?? [ 353.741953][ T24] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 354.046673][ T8447] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 355.047349][ T8451] netlink: 28 bytes leftover after parsing attributes in process `syz.0.613'. [ 355.069743][ T8451] netlink: 28 bytes leftover after parsing attributes in process `syz.0.613'. [ 355.132623][ T5892] usb 3-1: USB disconnect, device number 11 [ 355.214586][ T5914] usb 4-1: USB disconnect, device number 13 [ 356.357058][ T8466] loop2: detected capacity change from 0 to 2048 [ 356.410103][ T8466] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 359.608854][ T8487] loop3: detected capacity change from 0 to 2048 [ 360.406987][ T8497] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 360.410921][ T5835] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 360.807274][ T5912] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 361.035339][ T8487] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 361.056065][ T5912] usb 5-1: Using ep0 maxpacket: 32 [ 361.216447][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 361.234380][ T5912] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 361.243520][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.931761][ T8504] overlayfs: missing 'lowerdir' [ 362.076078][ T8507] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 362.856891][ T5912] usb 5-1: config 0 descriptor?? [ 362.891262][ T5912] usb 5-1: can't set config #0, error -71 [ 362.900765][ T5912] usb 5-1: USB disconnect, device number 17 [ 363.781168][ T8518] loop1: detected capacity change from 0 to 2048 [ 363.812101][ T8518] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 364.116850][ T8525] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 365.412771][ T8547] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 366.630002][ T5912] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 366.999443][ T5912] usb 4-1: Using ep0 maxpacket: 32 [ 367.104115][ T5912] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 367.300268][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 367.349439][ T8561] overlayfs: missing 'lowerdir' [ 367.531801][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 367.724113][ T8568] overlayfs: failed to resolve './file1': -2 [ 368.544914][ T5912] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 368.581870][ T8571] loop1: detected capacity change from 0 to 1024 [ 369.224763][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.316107][ T5912] usb 4-1: config 0 descriptor?? [ 369.342099][ T5912] usb 4-1: can't set config #0, error -71 [ 369.931611][ T5912] usb 4-1: USB disconnect, device number 14 [ 370.339999][ T8585] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 371.070016][ T8592] loop1: detected capacity change from 0 to 2048 [ 371.123079][ T8592] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 371.124310][ T24] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 372.155241][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 372.476007][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.571196][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.623979][ T24] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 372.905007][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.964543][ T24] usb 5-1: config 0 descriptor?? [ 373.005718][ T5912] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 373.128342][ T8619] overlayfs: failed to resolve './file1': -2 [ 373.175400][ T5912] usb 2-1: Using ep0 maxpacket: 32 [ 373.247210][ T5912] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 373.755171][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 373.768443][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 373.864465][ T5912] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 373.873544][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.063681][ T5912] usb 2-1: config 0 descriptor?? [ 374.088204][ T5912] hub 2-1:0.0: USB hub found [ 374.300656][ T5912] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 374.376458][ T24] ft260 0003:0403:6030.000C: chip code: 6424 8183 [ 374.535503][ T5912] usbhid 2-1:0.0: can't add hid device: -71 [ 374.560140][ T5912] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 374.583762][ T24] ft260 0003:0403:6030.000C: failed to retrieve system status [ 374.627499][ T24] ft260 0003:0403:6030.000C: probe with driver ft260 failed with error -5 [ 374.629337][ T5912] usb 2-1: USB disconnect, device number 8 [ 376.119492][ T8639] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 376.630704][ T5949] usb 5-1: USB disconnect, device number 18 [ 376.903160][ T8646] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 377.047749][ T8648] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 377.683829][ T8655] loop1: detected capacity change from 0 to 512 [ 377.715428][ T8655] EXT4-fs: Ignoring removed oldalloc option [ 377.840933][ T8655] EXT4-fs (loop1): 1 truncate cleaned up [ 377.892493][ T8655] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 377.963444][ T8661] loop4: detected capacity change from 0 to 512 [ 378.006994][ T8661] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 378.060586][ T8661] EXT4-fs (loop4): 1 truncate cleaned up [ 378.100220][ T8661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 378.133441][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 378.152357][ T8666] overlayfs: failed to resolve './file1': -2 [ 378.211624][ T8665] loop2: detected capacity change from 0 to 256 [ 378.720147][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.727338][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.833958][ T8661] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 378.840390][ T8665] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 378.843598][ T8661] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 378.898850][ T8673] overlayfs: conflicting lowerdir path [ 378.916095][ T8665] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 379.636488][ T5912] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 379.649030][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 379.807795][ T5912] usb 1-1: Using ep0 maxpacket: 32 [ 379.841608][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 379.889497][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 379.909608][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 379.924675][ T5912] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 379.944889][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.005161][ T5912] usb 1-1: config 0 descriptor?? [ 380.038696][ T5912] hub 1-1:0.0: USB hub found [ 380.101405][ T8686] loop2: detected capacity change from 0 to 512 [ 380.127246][ T8686] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 380.136491][ T8684] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 380.219725][ T8687] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 380.584471][ T8686] EXT4-fs (loop2): 1 truncate cleaned up [ 380.638513][ T8686] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 380.642112][ T5912] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 381.115365][ T5912] usbhid 1-1:0.0: can't add hid device: -71 [ 381.131666][ T5912] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 381.153939][ T8686] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 381.185930][ T5912] usb 1-1: USB disconnect, device number 15 [ 381.193197][ T8686] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 381.268501][ T8694] overlayfs: conflicting lowerdir path [ 381.371070][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 381.734596][ T5912] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 381.944421][ T5912] usb 5-1: Using ep0 maxpacket: 32 [ 381.968320][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 382.008778][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 382.066614][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 382.745134][ T5835] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260 [ 383.495280][ T5912] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 383.528370][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.548786][ T5912] usb 5-1: config 0 descriptor?? [ 383.586673][ T5912] hub 5-1:0.0: USB hub found [ 383.881539][ T5912] hub 5-1:0.0: 2 ports detected [ 384.803318][ T8730] loop0: detected capacity change from 0 to 512 [ 384.842636][ T8730] EXT4-fs: Ignoring removed oldalloc option [ 384.954411][ T8730] EXT4-fs (loop0): 1 truncate cleaned up [ 385.035355][ T8730] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 385.698308][ T8741] syz.2.692: attempt to access beyond end of device [ 385.698308][ T8741] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 385.711761][ T8741] SQUASHFS error: Failed to read block 0x0: -5 [ 385.718283][ T8741] unable to read squashfs_super_block [ 386.104563][ T43] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 386.242544][ T5912] hub 5-1:0.0: activate --> -90 [ 386.342347][ T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.353490][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.363491][ T43] usb 3-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6 [ 386.414338][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.453119][ T43] usb 3-1: config 0 descriptor?? [ 386.462718][ T24] usb 5-1: USB disconnect, device number 19 [ 386.465000][ T5892] usb 5-1: Failed to suspend device, error -71 [ 386.516938][ T43] HFC-S_USB 3-1:0.0: probe with driver HFC-S_USB failed with error -5 [ 387.324612][ T5892] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 387.567275][ T8740] loop2: detected capacity change from 0 to 32768 [ 387.589439][ T8740] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.692 (8740) [ 387.611166][ T5892] usb 2-1: Using ep0 maxpacket: 32 [ 387.639190][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 387.679095][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 387.849426][ T8740] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 387.859884][ T8740] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 387.869314][ T8740] BTRFS info (device loop2): disk space caching is enabled [ 387.877894][ T8740] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 388.212184][ C0] wlan1: beacon TX faster than countdown (channel/color switch) completion [ 388.608581][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 388.610274][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 388.620017][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 388.631129][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 388.640237][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 388.649422][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 388.653508][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 388.658493][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 388.668264][ T5892] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 388.678288][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 388.695566][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 388.705244][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 388.715346][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 388.726573][ T8740] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 388.736583][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 388.799492][ T8740] BTRFS error (device loop2): open_ctree failed: -12 [ 388.824528][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.854321][ T5892] usb 2-1: config 0 descriptor?? [ 388.895423][ T5892] hub 2-1:0.0: USB hub found [ 389.014486][ T8788] loop3: detected capacity change from 0 to 512 [ 389.026057][ T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 389.064581][ T43] usb 3-1: USB disconnect, device number 12 [ 389.070771][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 389.111194][ T5892] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 389.134572][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 389.161461][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 389.179363][ T8790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.703'. [ 389.205432][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 389.226330][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.247705][ T8788] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 389.250955][ T24] usb 5-1: config 0 descriptor?? [ 389.368853][ T8788] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 389.392231][ T5892] usbhid 2-1:0.0: can't add hid device: -71 [ 389.417718][ T5892] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 389.431483][ T8797] binder: 8794:8797 ioctl c0306201 200000000540 returned -14 [ 389.484717][ T5892] usb 2-1: USB disconnect, device number 9 [ 389.514516][ T8788] netlink: 4 bytes leftover after parsing attributes in process `syz.3.702'. [ 389.688593][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 389.707490][ T24] plantronics 0003:047F:FFFF.000D: ignoring exceeding usage max [ 390.103173][ T24] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 390.407576][ T8812] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 390.624380][ T8813] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 391.897479][ T5892] usb 5-1: USB disconnect, device number 20 [ 392.871117][ T8833] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 392.882911][ T8833] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 393.919284][ T8845] overlayfs: missing 'lowerdir' [ 393.942566][ T8845] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 394.065481][ T8853] loop4: detected capacity change from 0 to 8 [ 394.084900][ T8853] syz.4.724: attempt to access beyond end of device [ 394.084900][ T8853] loop4: rw=2048, sector=36028797018963960, nr_sectors = 16 limit=8 [ 394.123172][ T8853] SQUASHFS error: Failed to read block 0xfffffffffffffffa: -5 [ 394.133165][ T8853] unable to read xattr id index table [ 394.154374][ T43] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 394.364746][ T8853] loop4: detected capacity change from 0 to 32768 [ 394.378596][ T8853] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.724 (8853) [ 394.399061][ T8853] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 394.409273][ T8853] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 394.417824][ T8853] BTRFS info (device loop4): disk space caching is enabled [ 394.425164][ T8853] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 394.439386][ T5912] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 394.454522][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 394.471267][ T43] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 394.603012][ T5912] usb 3-1: Using ep0 maxpacket: 32 [ 394.609944][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 394.616611][ T5912] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 394.652216][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 394.667094][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 394.684322][ T43] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 394.695302][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 394.714035][ T5912] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 394.720212][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.733186][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.758800][ T8853] BTRFS info (device loop4): rebuilding free space tree [ 394.769908][ T5912] usb 3-1: config 0 descriptor?? [ 394.786715][ T8853] BTRFS info (device loop4): disabling free space tree [ 394.793601][ T8853] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 394.803264][ T8853] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 394.912054][ T5912] hub 3-1:0.0: USB hub found [ 394.958058][ T43] usb 1-1: config 0 descriptor?? [ 395.008758][ T30] audit: type=1800 audit(1751616807.553:14): pid=8853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.724" name="bus" dev="overlay" ino=270 res=0 errno=0 [ 395.011252][ T43] hub 1-1:0.0: USB hub found [ 395.314961][ T5912] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 395.341348][ T43] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 395.557899][ T5912] usbhid 3-1:0.0: can't add hid device: -71 [ 395.566878][ T43] usbhid 1-1:0.0: can't add hid device: -71 [ 395.577119][ T5912] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 395.586299][ T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 395.607364][ T8877] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 395.673793][ T43] usb 1-1: USB disconnect, device number 16 [ 396.037530][ T8879] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 396.131615][ T5912] usb 3-1: USB disconnect, device number 13 [ 396.157698][ T5831] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 396.476958][ T8889] loop1: detected capacity change from 0 to 256 [ 396.504599][ T5914] IPVS: starting estimator thread 0... [ 396.638136][ T5912] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 396.959987][ T8889] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 396.990218][ T8889] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 397.016526][ T8890] IPVS: using max 33 ests per chain, 79200 per kthread [ 397.085952][ T5912] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 397.176819][ T5912] usb 3-1: config 0 has no interface number 0 [ 397.231075][ T5912] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 397.282748][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.309115][ T5912] usb 3-1: Product: syz [ 397.342333][ T5912] usb 3-1: Manufacturer: syz [ 397.348810][ T5912] usb 3-1: SerialNumber: syz [ 397.371650][ T5912] usb 3-1: config 0 descriptor?? [ 397.671221][ T8900] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 397.682827][ T8900] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 399.268202][ T8910] loop1: detected capacity change from 0 to 8 [ 399.407192][ T8910] syz.1.737: attempt to access beyond end of device [ 399.407192][ T8910] loop1: rw=2048, sector=36028797018963960, nr_sectors = 16 limit=8 [ 399.551743][ T5912] usb 3-1: non-Atmel transceiver xxxx3800 [ 399.797933][ T5912] usb 3-1: Firmware version (0.0) predates our first public release. [ 399.815507][ T8910] SQUASHFS error: Failed to read block 0xfffffffffffffffa: -5 [ 399.928414][ T5912] usb 3-1: Please update to version 0.2 or newer [ 399.937002][ T5912] usb 3-1: atusb_probe: initialization failed, error = -19 [ 399.964327][ T8910] unable to read xattr id index table [ 399.979117][ T5912] usb 3-1: USB disconnect, device number 14 [ 400.190373][ T8910] loop1: detected capacity change from 0 to 32768 [ 400.207438][ T8910] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.737 (8910) [ 400.225726][ T8910] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 400.235895][ T8910] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 400.244453][ T8910] BTRFS info (device loop1): disk space caching is enabled [ 400.251632][ T8910] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 400.282829][ T8919] loop3: detected capacity change from 0 to 512 [ 400.334515][ T5833] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 400.369995][ T8910] BTRFS info (device loop1): rebuilding free space tree [ 400.384109][ T8910] BTRFS info (device loop1): disabling free space tree [ 400.391531][ T8910] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 400.402179][ T8910] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 400.490760][ T8919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 400.533280][ T8919] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 400.571170][ T8919] netlink: 4 bytes leftover after parsing attributes in process `syz.3.739'. [ 400.606275][ T5833] usb 1-1: Using ep0 maxpacket: 32 [ 400.629450][ T30] audit: type=1800 audit(1751616813.173:15): pid=8910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.737" name="bus" dev="overlay" ino=270 res=0 errno=0 [ 400.855133][ T5912] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 400.999552][ T5833] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 401.024239][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 401.053079][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 401.063341][ T5833] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 401.072485][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.159092][ T8946] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 401.170674][ T8946] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 401.674235][ T5912] usb 5-1: Using ep0 maxpacket: 32 [ 401.685649][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 401.765517][ T5833] usb 1-1: config 0 descriptor?? [ 401.780018][ T5833] hub 1-1:0.0: USB hub found [ 401.782465][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.803661][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 401.876422][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 401.933082][ T5912] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 401.964097][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.000309][ T5833] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 402.015249][ T8948] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 402.064530][ T5912] usb 5-1: config 0 descriptor?? [ 402.065790][ T5827] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 402.175048][ T8949] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 402.236290][ T5912] hub 5-1:0.0: USB hub found [ 402.363330][ T5833] usbhid 1-1:0.0: can't add hid device: -71 [ 402.418634][ T5833] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 402.594395][ T5912] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 402.636183][ T5833] usb 1-1: USB disconnect, device number 17 [ 402.853196][ T5912] usbhid 5-1:0.0: can't add hid device: -71 [ 402.869908][ T5912] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 402.905143][ T5912] usb 5-1: USB disconnect, device number 21 [ 403.161518][ T8960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.747'. [ 403.176293][ T8960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.747'. [ 404.255159][ T8966] loop3: detected capacity change from 0 to 2048 [ 404.502032][ T5835] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260 [ 404.547427][ T8966] NILFS (loop3): invalid segment: Magic number mismatch [ 404.635034][ T8966] NILFS (loop3): trying rollback from an earlier position [ 404.723087][ T8966] NILFS (loop3): recovery complete [ 404.764267][ T8979] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 405.046829][ T5912] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 405.374397][ T5912] usb 3-1: Using ep0 maxpacket: 32 [ 405.447180][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 405.471939][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 405.538789][ T5912] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 405.569168][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.659815][ T5912] usb 3-1: config 0 descriptor?? [ 405.794249][ T5833] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 406.573301][ T8996] overlayfs: overlapping lowerdir path [ 406.574953][ T8995] syz.0.757: attempt to access beyond end of device [ 406.574953][ T8995] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 406.592149][ T8995] SQUASHFS error: Failed to read block 0x0: -5 [ 406.598788][ T8995] unable to read squashfs_super_block [ 406.748269][ T8998] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 406.806154][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 407.073277][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 407.137816][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 407.188735][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 407.243479][ T5833] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 407.265523][ T5912] ft260 0003:0403:6030.000E: chip code: 6424 8183 [ 407.286334][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.326632][ T5833] usb 5-1: config 0 descriptor?? [ 407.334381][ T5949] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 407.375763][ T9005] loop3: detected capacity change from 0 to 512 [ 407.416808][ T5912] ft260 0003:0403:6030.000E: failed to retrieve system status [ 407.427842][ T5912] ft260 0003:0403:6030.000E: probe with driver ft260 failed with error -5 [ 407.461400][ T9005] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 407.486802][ T9005] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 407.509735][ T9005] netlink: 4 bytes leftover after parsing attributes in process `syz.3.758'. [ 407.540710][ T5949] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 407.573791][ T5949] usb 1-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6 [ 407.593982][ T5949] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.622878][ T5949] usb 1-1: config 0 descriptor?? [ 407.658902][ T5949] HFC-S_USB 1-1:0.0: probe with driver HFC-S_USB failed with error -5 [ 407.789632][ T5833] plantronics 0003:047F:FFFF.000F: ignoring exceeding usage max [ 407.821419][ T5833] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 408.055672][ T8989] loop0: detected capacity change from 0 to 32768 [ 408.076368][ T8989] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.757 (8989) [ 408.131702][ T8989] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 408.143264][ T8989] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 408.153543][ T8989] BTRFS info (device loop0): disk space caching is enabled [ 408.161430][ T8989] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 408.320578][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 408.371949][ T8989] BTRFS info (device loop0): rebuilding free space tree [ 408.399651][ T8989] BTRFS info (device loop0): disabling free space tree [ 408.406816][ T8989] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 408.416557][ T8989] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 408.459444][ T9028] loop1: detected capacity change from 0 to 2048 [ 408.550397][ T9028] NILFS (loop1): invalid segment: Magic number mismatch [ 408.569930][ T9028] NILFS (loop1): trying rollback from an earlier position [ 408.653984][ T9028] NILFS (loop1): recovery complete [ 408.707637][ T9033] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 408.824377][ T9034] overlayfs: missing 'lowerdir' [ 410.001321][ T5833] usb 1-1: USB disconnect, device number 18 [ 410.203075][ T5841] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 410.439249][ T43] usb 3-1: USB disconnect, device number 15 [ 411.066260][ T24] usb 5-1: USB disconnect, device number 22 [ 411.259447][ T9049] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 411.270787][ T9049] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 412.169070][ T9057] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 412.188700][ T9057] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 413.564048][ T9073] netlink: 28 bytes leftover after parsing attributes in process `syz.1.763'. [ 413.585742][ T9073] netlink: 28 bytes leftover after parsing attributes in process `syz.1.763'. [ 415.842244][ T9088] loop2: detected capacity change from 0 to 512 [ 415.926704][ T9088] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 416.048010][ T9088] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 416.225868][ T9088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.771'. [ 416.838064][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.908416][ T5912] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 418.219036][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 418.389374][ T9108] syz.2.775: attempt to access beyond end of device [ 418.389374][ T9108] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 418.403405][ T9108] syz.2.775: attempt to access beyond end of device [ 418.403405][ T9108] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 418.771337][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 419.099068][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 419.109726][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 419.123011][ T5912] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 419.132372][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.144909][ T5912] usb 1-1: config 0 descriptor?? [ 420.041536][ T5912] plantronics 0003:047F:FFFF.0010: ignoring exceeding usage max [ 420.080560][ T9115] loop2: detected capacity change from 0 to 512 [ 420.085727][ T5912] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 420.384038][ T9115] EXT4-fs: Ignoring removed oldalloc option [ 420.717060][ T9124] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 420.812605][ T9115] EXT4-fs (loop2): 1 truncate cleaned up [ 420.925569][ T9126] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 421.214472][ T9115] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 421.529824][ T9135] fuse: Bad value for 'group_id' [ 421.534964][ T9135] fuse: Bad value for 'group_id' [ 422.475241][ T5833] usb 1-1: USB disconnect, device number 19 [ 422.553378][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.965840][ T9150] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 423.902479][ T9153] netlink: 28 bytes leftover after parsing attributes in process `syz.4.784'. [ 423.912111][ T9153] netlink: 28 bytes leftover after parsing attributes in process `syz.4.784'. [ 424.144124][ T9154] loop3: detected capacity change from 0 to 256 [ 424.465047][ T9154] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 424.494028][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.788'. [ 424.510526][ T9154] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 426.429794][ T5879] usb 1-1: new low-speed USB device number 20 using dummy_hcd [ 426.554448][ T5833] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 426.616853][ T5879] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 426.641120][ T9183] loop3: detected capacity change from 0 to 512 [ 426.654316][ T5879] usb 1-1: config 0 has no interface number 0 [ 426.660448][ T5879] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 59471, setting to 8 [ 426.767168][ T5879] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 426.780875][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.790450][ T9185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.797'. [ 426.799561][ T9185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.797'. [ 427.383437][ T5879] usb 1-1: config 0 descriptor?? [ 427.390302][ T9172] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 427.496267][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 427.496383][ T9183] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 427.510132][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 427.539629][ T9183] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 427.556876][ T5879] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 427.603628][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 427.647870][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 427.669948][ T9196] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 427.717481][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.794'. [ 427.782741][ T5879] usb 1-1: USB disconnect, device number 20 [ 427.837903][ T5833] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 427.849237][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.861594][ T5833] usb 5-1: config 0 descriptor?? [ 428.045780][ T9199] overlayfs: missing 'lowerdir' [ 428.149780][ T9201] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 428.646240][ T5833] plantronics 0003:047F:FFFF.0011: ignoring exceeding usage max [ 429.262671][ T5833] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 429.503786][ T9191] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 429.524401][ T9213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.801'. [ 429.612595][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.022228][ T9222] loop1: detected capacity change from 0 to 512 [ 430.177046][ T9222] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 430.217276][ T9222] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 430.301538][ T9222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.805'. [ 430.555733][ T5835] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 430.987734][ T9225] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 431.162633][ T9241] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 432.032937][ T5833] usb 5-1: USB disconnect, device number 23 [ 432.243560][ T9248] fuse: Bad value for 'group_id' [ 432.249298][ T9248] fuse: Bad value for 'group_id' [ 433.293434][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.434805][ T9259] loop0: detected capacity change from 0 to 512 [ 433.448939][ T9259] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 433.708180][ T9259] EXT4-fs (loop0): 1 truncate cleaned up [ 433.871057][ T9259] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 434.545432][ T9266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.815'. [ 435.053896][ T9276] overlayfs: missing 'lowerdir' [ 435.179813][ T9277] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 435.735893][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.224677][ T5835] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 436.907586][ T5879] usb 3-1: new low-speed USB device number 16 using dummy_hcd [ 437.034746][ T5914] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 437.464287][ T5914] usb 1-1: Using ep0 maxpacket: 32 [ 437.473170][ T5914] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 437.490466][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 437.502495][ T5879] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 437.510753][ T5879] usb 3-1: config 0 has no interface number 0 [ 437.535863][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 437.547175][ T5879] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 59471, setting to 8 [ 437.559833][ T5914] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 437.602645][ T9301] overlayfs: missing 'lowerdir' [ 438.260007][ T5879] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 438.279085][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.291889][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.576718][ T5914] usb 1-1: config 0 descriptor?? [ 438.605293][ T5879] usb 3-1: config 0 descriptor?? [ 438.641940][ T5914] hub 1-1:0.0: USB hub found [ 438.646821][ T5879] usb 3-1: can't set config #0, error -71 [ 438.670025][ T5879] usb 3-1: USB disconnect, device number 16 [ 438.988880][ T5914] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 439.948843][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.955205][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.227301][ T5914] usbhid 1-1:0.0: can't add hid device: -71 [ 440.501983][ T5914] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 440.513963][ T9315] loop1: detected capacity change from 0 to 512 [ 440.532981][ T5914] usb 1-1: USB disconnect, device number 21 [ 440.608998][ T9326] overlayfs: missing 'lowerdir' [ 440.816536][ T9315] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 440.854757][ T9315] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 441.639465][ T9337] loop3: detected capacity change from 0 to 1024 [ 441.674533][ T9315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.827'. [ 442.439595][ T9342] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 442.492767][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 442.703804][ T9349] loop0: detected capacity change from 0 to 512 [ 442.720128][ T9351] trusted_key: syz.1.834 sent an empty control message without MSG_MORE. [ 442.761620][ T9349] EXT4-fs: Ignoring removed oldalloc option [ 442.809715][ T9349] EXT4-fs (loop0): 1 truncate cleaned up [ 442.835866][ T9349] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 443.458746][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.244267][ T5949] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 444.412103][ T5949] usb 4-1: Using ep0 maxpacket: 32 [ 444.427397][ T5949] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 444.458605][ T5949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 444.499329][ T5949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 444.541589][ T5949] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 444.573855][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.625586][ T5949] usb 4-1: config 0 descriptor?? [ 444.645446][ T5949] hub 4-1:0.0: USB hub found [ 445.038534][ T5949] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 445.064463][ C0] ================================================================== [ 445.072553][ C0] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x471/0x4b0 [ 445.080459][ C0] Read of size 2 at addr ffff888056bab82a by task swapper/0/0 [ 445.087907][ C0] [ 445.090243][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 445.090267][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 445.090283][ C0] Call Trace: [ 445.090291][ C0] [ 445.090296][ C0] dump_stack_lvl+0x189/0x250 [ 445.090315][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 445.090325][ C0] ? rcu_is_watching+0x15/0xb0 [ 445.090339][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 445.090365][ C0] ? rcu_is_watching+0x15/0xb0 [ 445.090389][ C0] ? lock_release+0x4b/0x3e0 [ 445.090413][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 445.090430][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 445.090442][ C0] print_report+0xd2/0x2b0 [ 445.090455][ C0] ? rose_timer_expiry+0x471/0x4b0 [ 445.090469][ C0] kasan_report+0x118/0x150 [ 445.090485][ C0] ? rose_timer_expiry+0x471/0x4b0 [ 445.090505][ C0] rose_timer_expiry+0x471/0x4b0 [ 445.090533][ C0] call_timer_fn+0x17e/0x5f0 [ 445.090554][ C0] ? __pfx_rose_timer_expiry+0x10/0x10 [ 445.090580][ C0] ? call_timer_fn+0xbe/0x5f0 [ 445.090593][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 445.090607][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 445.090623][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 445.090637][ C0] ? __pfx_rose_timer_expiry+0x10/0x10 [ 445.090656][ C0] __run_timer_base+0x61a/0x860 [ 445.090675][ C0] ? ktime_get+0x3e/0x1f0 [ 445.090707][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 445.090725][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 445.090747][ C0] run_timer_softirq+0xb7/0x180 [ 445.090758][ C0] handle_softirqs+0x283/0x870 [ 445.090772][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 445.090785][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 445.090804][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 445.090824][ C0] __irq_exit_rcu+0xca/0x1f0 [ 445.090847][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 445.090874][ C0] irq_exit_rcu+0x9/0x30 [ 445.090889][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 445.090904][ C0] [ 445.090907][ C0] [ 445.090912][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 445.090928][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 445.090945][ C0] Code: 83 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 e2 18 00 f3 0f 1e fa fb f4 58 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 445.090961][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 [ 445.090980][ C0] RAX: 6b5ad243b1a08900 RBX: ffffffff8196c078 RCX: 6b5ad243b1a08900 [ 445.090995][ C0] RDX: 0000000000000001 RSI: ffffffff8d995825 RDI: ffffffff8be32500 [ 445.091009][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 445.091024][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fa17e30 [ 445.091035][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 445.091044][ C0] ? do_idle+0x1e8/0x510 [ 445.091060][ C0] default_idle+0x13/0x20 [ 445.091069][ C0] default_idle_call+0x74/0xb0 [ 445.091080][ C0] do_idle+0x1e8/0x510 [ 445.091095][ C0] ? __pfx_do_idle+0x10/0x10 [ 445.091125][ C0] cpu_startup_entry+0x44/0x60 [ 445.091149][ C0] rest_init+0x2de/0x300 [ 445.091169][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 445.091184][ C0] start_kernel+0x47d/0x500 [ 445.091196][ C0] x86_64_start_reservations+0x24/0x30 [ 445.091211][ C0] x86_64_start_kernel+0x143/0x1c0 [ 445.091224][ C0] common_startup_64+0x13e/0x147 [ 445.091238][ C0] [ 445.091243][ C0] [ 445.273762][ T5949] usbhid 4-1:0.0: can't add hid device: -71 [ 445.276333][ C0] Allocated by task 7381: [ 445.276353][ C0] kasan_save_track+0x3e/0x80 [ 445.276379][ C0] __kasan_kmalloc+0x93/0xb0 [ 445.276400][ C0] __kmalloc_cache_noprof+0x230/0x3d0 [ 445.276423][ C0] rose_add_node+0x23a/0xde0 [ 445.276446][ C0] rose_rt_ioctl+0xa48/0xfb0 [ 445.276468][ C0] rose_ioctl+0x3ce/0x8b0 [ 445.282685][ T5949] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 445.285000][ C0] sock_do_ioctl+0xdc/0x300 [ 445.285028][ C0] sock_ioctl+0x576/0x790 [ 445.480716][ C0] __se_sys_ioctl+0xfc/0x170 [ 445.485287][ C0] do_syscall_64+0xfa/0x3b0 [ 445.489771][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.495636][ C0] [ 445.497934][ C0] Freed by task 9138: [ 445.501886][ C0] kasan_save_track+0x3e/0x80 [ 445.506539][ C0] kasan_save_free_info+0x46/0x50 [ 445.511536][ C0] __kasan_slab_free+0x62/0x70 [ 445.516274][ C0] kfree+0x18e/0x440 [ 445.520146][ C0] rose_rt_device_down+0x473/0x4c0 [ 445.525233][ C0] rose_device_event+0x603/0x6a0 [ 445.530150][ C0] notifier_call_chain+0x1b3/0x3e0 [ 445.535238][ C0] __dev_notify_flags+0x18d/0x2e0 [ 445.540235][ C0] netif_change_flags+0xe8/0x1a0 [ 445.545146][ C0] dev_change_flags+0x130/0x260 [ 445.549968][ C0] dev_ioctl+0x7b4/0x1150 [ 445.554271][ C0] sock_do_ioctl+0x22c/0x300 [ 445.558839][ C0] sock_ioctl+0x576/0x790 [ 445.563146][ C0] __se_sys_ioctl+0xfc/0x170 [ 445.567709][ C0] do_syscall_64+0xfa/0x3b0 [ 445.572185][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.578053][ C0] [ 445.580354][ C0] The buggy address belongs to the object at ffff888056bab800 [ 445.580354][ C0] which belongs to the cache kmalloc-512 of size 512 [ 445.594377][ C0] The buggy address is located 42 bytes inside of [ 445.594377][ C0] freed 512-byte region [ffff888056bab800, ffff888056baba00) [ 445.608058][ C0] [ 445.610358][ C0] The buggy address belongs to the physical page: [ 445.616748][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888056bab800 pfn:0x56ba8 [ 445.626783][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 445.635253][ C0] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 445.643729][ C0] page_type: f5(slab) [ 445.647685][ C0] raw: 00fff00000000240 ffff88801a441c80 ffffea00015b0610 ffffea0000a4fa10 [ 445.656246][ C0] raw: ffff888056bab800 000000000010000f 00000000f5000000 0000000000000000 [ 445.664807][ C0] head: 00fff00000000240 ffff88801a441c80 ffffea00015b0610 ffffea0000a4fa10 [ 445.673452][ C0] head: ffff888056bab800 000000000010000f 00000000f5000000 0000000000000000 [ 445.682099][ C0] head: 00fff00000000002 ffffea00015aea01 00000000ffffffff 00000000ffffffff [ 445.690743][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 445.699382][ C0] page dumped because: kasan: bad access detected [ 445.705766][ C0] page_owner tracks the page as allocated [ 445.711450][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 59, tgid 59 (kworker/u8:4), ts 76790019700, free_ts 20324677367 [ 445.732432][ C0] post_alloc_hook+0x240/0x2a0 [ 445.737181][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 445.742704][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 445.748484][ C0] alloc_pages_mpol+0x232/0x4a0 [ 445.753311][ C0] allocate_slab+0x8a/0x370 [ 445.757787][ C0] ___slab_alloc+0xbeb/0x1410 [ 445.762439][ C0] __kmalloc_cache_noprof+0x296/0x3d0 [ 445.767791][ C0] __ipv6_dev_mc_inc+0x420/0xaf0 [ 445.772710][ C0] addrconf_dad_work+0x3d0/0x14b0 [ 445.777740][ C0] process_scheduled_works+0xae1/0x17b0 [ 445.783300][ C0] worker_thread+0x8a0/0xda0 [ 445.787895][ C0] kthread+0x70e/0x8a0 [ 445.791937][ C0] ret_from_fork+0x3fc/0x770 [ 445.796505][ C0] ret_from_fork_asm+0x1a/0x30 [ 445.801255][ C0] page last free pid 1 tgid 1 stack trace: [ 445.807034][ C0] __free_frozen_pages+0xb80/0xd80 [ 445.812119][ C0] free_contig_range+0x1bd/0x4a0 [ 445.817036][ C0] destroy_args+0x7e/0x5d0 [ 445.821428][ C0] debug_vm_pgtable+0x3fa/0x430 [ 445.826257][ C0] do_one_initcall+0x233/0x820 [ 445.831009][ C0] do_initcall_level+0x137/0x1f0 [ 445.835932][ C0] do_initcalls+0x69/0xd0 [ 445.840248][ C0] kernel_init_freeable+0x3d9/0x570 [ 445.845425][ C0] kernel_init+0x1d/0x1d0 [ 445.849734][ C0] ret_from_fork+0x3fc/0x770 [ 445.854313][ C0] ret_from_fork_asm+0x1a/0x30 [ 445.859055][ C0] [ 445.861358][ C0] Memory state around the buggy address: [ 445.866964][ C0] ffff888056bab700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 445.875004][ C0] ffff888056bab780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 445.883042][ C0] >ffff888056bab800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 445.891078][ C0] ^ [ 445.896425][ C0] ffff888056bab880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 445.904463][ C0] ffff888056bab900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 445.912493][ C0] ================================================================== [ 445.920661][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 445.927836][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 445.938939][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 445.948971][ C0] Call Trace: [ 445.952230][ C0] [ 445.955056][ C0] dump_stack_lvl+0x99/0x250 [ 445.959643][ C0] ? __asan_memcpy+0x40/0x70 [ 445.964218][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 445.969398][ C0] ? __pfx__printk+0x10/0x10 [ 445.973971][ C0] panic+0x2db/0x790 [ 445.977846][ C0] ? __pfx_panic+0x10/0x10 [ 445.982244][ C0] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 445.988119][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 445.993991][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 446.000293][ C0] ? print_memory_metadata+0x314/0x400 [ 446.005731][ C0] ? rose_timer_expiry+0x471/0x4b0 [ 446.010822][ C0] check_panic_on_warn+0x89/0xb0 [ 446.015734][ C0] ? rose_timer_expiry+0x471/0x4b0 [ 446.020915][ C0] end_report+0x78/0x160 [ 446.025148][ C0] kasan_report+0x129/0x150 [ 446.029638][ C0] ? rose_timer_expiry+0x471/0x4b0 [ 446.034732][ C0] rose_timer_expiry+0x471/0x4b0 [ 446.039669][ C0] call_timer_fn+0x17e/0x5f0 [ 446.044238][ C0] ? __pfx_rose_timer_expiry+0x10/0x10 [ 446.049682][ C0] ? call_timer_fn+0xbe/0x5f0 [ 446.054338][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 446.059427][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 446.064606][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 446.069783][ C0] ? __pfx_rose_timer_expiry+0x10/0x10 [ 446.075230][ C0] __run_timer_base+0x61a/0x860 [ 446.080060][ C0] ? ktime_get+0x3e/0x1f0 [ 446.084388][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 446.089737][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 446.095961][ C0] run_timer_softirq+0xb7/0x180 [ 446.100791][ C0] handle_softirqs+0x283/0x870 [ 446.105556][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 446.110299][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 446.115561][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 446.120735][ C0] __irq_exit_rcu+0xca/0x1f0 [ 446.125304][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 446.130482][ C0] irq_exit_rcu+0x9/0x30 [ 446.134702][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 446.140314][ C0] [ 446.143222][ C0] [ 446.146132][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 446.152088][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 446.157788][ C0] Code: 83 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 e2 18 00 f3 0f 1e fa fb f4 58 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 446.177369][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 [ 446.183416][ C0] RAX: 6b5ad243b1a08900 RBX: ffffffff8196c078 RCX: 6b5ad243b1a08900 [ 446.191365][ C0] RDX: 0000000000000001 RSI: ffffffff8d995825 RDI: ffffffff8be32500 [ 446.199314][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 446.207267][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fa17e30 [ 446.215219][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 446.223168][ C0] ? do_idle+0x1e8/0x510 [ 446.227394][ C0] default_idle+0x13/0x20 [ 446.231704][ C0] default_idle_call+0x74/0xb0 [ 446.236445][ C0] do_idle+0x1e8/0x510 [ 446.240495][ C0] ? __pfx_do_idle+0x10/0x10 [ 446.245063][ C0] cpu_startup_entry+0x44/0x60 [ 446.249804][ C0] rest_init+0x2de/0x300 [ 446.254024][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 446.259543][ C0] start_kernel+0x47d/0x500 [ 446.264027][ C0] x86_64_start_reservations+0x24/0x30 [ 446.269465][ C0] x86_64_start_kernel+0x143/0x1c0 [ 446.274560][ C0] common_startup_64+0x13e/0x147 [ 446.279654][ C0] [ 446.282914][ C0] Kernel Offset: disabled [ 446.287227][ C0] Rebooting in 86400 seconds..