last executing test programs: 2m48.239003438s ago: executing program 1 (id=473): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000780)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000d00)={0x2, 0x5, 0x10, 0x4, 0xc, 0x0, 0x0, 0x10, [@sadb_x_sec_ctx={0x1, 0x18, 0xa, 0x10}, @sadb_address={0x3, 0x7, 0x2b, 0x0, 0x0, @in={0x2, 0x4e24, @local}}, @sadb_key={0x1, 0x9}, @sadb_address={0x5, 0x7, 0xcd, 0x0, 0x0, @in6={0xa, 0x4e23, 0xfffffff7, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x1}}]}, 0x60}, 0x1, 0x7}, 0x4) 2m47.48515194s ago: executing program 1 (id=475): r0 = inotify_init1(0x800) inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x2000775) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x10e) read(r1, 0x0, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) 2m47.27410162s ago: executing program 1 (id=478): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0x1218088, &(0x7f00000005c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae356940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c1a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b52a0352a82c794995bbb97c82fcde79d14fb20e5127150de"], 0x4a, 0x2d1, &(0x7f0000000c80)="$eJzs3U9rI2UcB/DfpOlk1ENy8CTCDrgHT4vdm3hJkV0Qe3LJYfWgxd0FaYKwCwX/YNyTVy8ePPgKBMGL72IvvgPBq+DNFRZGZjLTTGraJtpUbD+fS3995vnO8zzp0zQ55OkHL08O7uXx4PHnv0SWJdEZxjCeJjGITjS+jAXDrwMA+D97WhTxezGzTi6JiGxz0wIANmi1v//defnjhUwLANigO3fffXt3b+/WO1lkcXvy1eGofGdffp1d330QH8U47sdr0Y9nEdXrhPqNf1nfLopi2s1Lg7g+mR6OyuTk/Sf1/Xd/i6jyO9GPwVGserVR5d/au7VTxfNeKz8t5/F8Pf6wzN+Mfrx4FF7I35zl83Y+Rmm8+kpr/jeiHz9/GB/HOO5Vk5jnv9jJ8zeLb/747L1yemU+mR6OelW/uWLrIn8uAAAAAAAAAAAAAAAAAAAAAABcbjfy5vCd/Fpcn5RN9fk7W8/Suk/dZTBPlddnVdI0tc4HKk2L+G52pOD2wnjz83268VK3fbAgAAAAAAAAAAAAAAAAAAAAXF2PPvn0YH88vv/wXIrmNIBuRPx5J+Kf3mfYarkWp3fu1WPuj8edulzo8yRtt8RW0yeJOHUa5SLO6WE5q3guOzbnpvj+h3KB69wwa7W8vnyB22et627v3+6NZncd7CfLx+pF05LVm+TbNGLeJ40Vx0pPulREe/udteR06aX+2mtPX6iK6Yl9imTJFm0Vb/w6u163JHHslyitHtWlo2/XRSt+bG+stJ8jm8X//lyRVKd19DbxNAQAAAAAAAAAAAAAAAAAACx8xrv87qfFi49PjXYKHwUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JKY////NYppHV6hcxoPH/3HSwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAK+CsAAP//cutM2w==") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 2m45.85313983s ago: executing program 1 (id=485): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) open$dir(&(0x7f0000000200)='./file0/file0\x00', 0x100, 0x184) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2925099, 0x0) umount2(&(0x7f0000000000)='./file0/file0\x00', 0x8) 2m45.723307056s ago: executing program 1 (id=487): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x202, 0x40) write$UHID_INPUT(r0, &(0x7f0000001dc0)={0x8, {"00303a150d1e8781901b09e2ccd28566214e8fe724bfabbe47aabcd9915ef6c7c8186fe92c6f0622a5a63850cbde3ea98f0344731a4f79ff70e4ad7f4bc360864b2d6254a8e1a54e7f386f974a5ebc461cd060bc80019e6b39de95b98d913e0df7a80acdfca6e88d1522a20e23edc9204e4b1c03fe35b2c1663102b74ff748558483c89ad619c58b7ce3e735894e69ee38402104842b362fd3ab424658a242ebc66c957dd77fe97ef7c99f946ef7ae3b1c7c92d844aacff7ed3fa6775d16f726a693a447954dc2a9047074a054afa0b228aa6669e374997ac9ef68cf9edb7d780aa9fa05ed5a24924190e8cd07af6ea1cd6d5c8ddc5567ffbee8f15696dc535c8fb331a71e3d5133591e4d1a1c6439e19f323dda510111777071dbd5af0b30d77a3db49ca536578ef6200de176f7218875e9979d90e064e003abb97f12b0f1d84ff7913fc1e22eeac691cbe335589fe75ca11891ea3a9a26f3f7350a946724197d2d13dd06faae99d68b1cc62938855c4f828f1256e62f9bb6d0b350af1d89c8b22f19b1854d8fcd537c25b104b0762a38aec5cbefeaca381a69e40b1f30167bcf02e99bf6674d5967f7c9eb1c7d6b4585745d2c6bddaf5d0b8db6b7678b034b420d1d5b6f6a54603b5c6aad09c8832a0ebfbc5b35801a867f90b7bb3df192ab5389f705960ceab0af4dfeba50b187e6d5f621397d21aa3d193111879c6d5a84579e072e6d04df0f8bf2e760d9bab57bb74fd4fa348b9e162615910422bccacf39341bd59f41e05c678d2acdd5d4b3ac74fa4485359b32348f0b928bd1b440dff2d841e646335367ed4c87c0e39f0df1098a0d9f5e4864be05d07398b5bbbec035eb893d5096f8e2d1afd0c7688a2fed31ec163f4c0c1d533f0edce8a567e2155f93f5a961cfe5a07f6450fe130fa3d4f61584c2922b9b0e06c3137010c1f792fb996a46cd8d55038092af8e13c4c445fe289620699947e337fcb1567d5b8b62ee8f4259d2546bc57fae9bdaa430ab51965e111b90222cba923e13b9a5511e08add75a9375fb0b966a66c54109a7e0cbec748d7c30cd3bbe5bf193565c929c4e536a73f9b8679fa207b8c6807e4aa87601e9774bd93dfccd4f316a4577d1e15b0f5b966948f634a2879bb6e6b4c36ef37a9f9efe4a38bba94bcf5cc9a9524cbd556eff32e0592d74c478d9993b3f550e4d4f661d3bad321150dea21d9d36fb9da53b312bdcaf7cbedc52eb8ffdef9c5df273c6da3e620d6953ad8580d39861a92ae689bb75a49a13734df052dfc6f058fef731868ac6afe84b39e463af04e8f3cc885545a4c015629fd1a649c9b0a85434132a558067b449fbb69d44f638dd417211059c1b17331d6f54c2da8f02b7dae57da1984002ef219633fe4bf82df95e81b00f966920ef8037b7f0186a1b7c57b673a34a7d3f3326004e72e5712022afcdd51084e37e26a3b624ddb0d3c8d722c3b097dfd668c4ab2fbd6f2d0b8295ea841e45e6b62d9d3829b9df730efafcf01bccb7ccea627db3323e57f3d7466fc17c72a4340b34e96bf7498aac7a313922b377a77d548a9746a6d6ff750695c3acac547dd4221bbdbe04373e7cd752b2b3ec793666b67bc6a3d36e570e4bc8bed6910e48651c1ebe75f77e7a5a438644d5a46f6bbe56a8d9291f05d8c1071fa6e33040dd77bade2d9d35d2f9c702bdf6f27dda27b38e097f1b3313695c058770de3fbd507beb794986f9cc7e05ce25250e2e895152a8386a732c4c3c67427217176dda27036725a26f86e632125b9c02f0730572a2c1042ef6434b2800d962ae77f021b970d8d243b4b8b0dd85a9366621d763f6791e2b615d9f677b5a0b5f2ac6b1050a6933412d4459ca98145eb7d42c49953ad508e2e72f773d7385c42c02aac7765f2cc8f5f9e81af780619bb7115c3609eed50146f2445d8aa0e63e177f8c8c277060e4f42c9eff6c577ec0af0cc59623a057111fe80cef6e7cb54eb9aec20f83e37e5ceb1d4d3f8a540bd1babb39752f0d929ed8c70a45534724ada1439a43a3a24b18841d9ea1f89f14005c2df332965e1925ecf07d7cd8ef96fefe5a9c2daf0504630bc75b6e1ea2664ba1e5635106988fddf9e29d337e4c519e30cf4ff4b744c7f7434cdec01c9e1b2e32ca160e9f61b2c9170eeda86a49e216448fcf78c84b1763d766cec7e995f1b081b6e38b1b7739d78c1c3e6b55f4d4bd8678d933ddff11915148d1b162410a5dc3390f44539e4a6c2363c37858169041581555dd592ba3f5f8621ee76756dea04184b91d6bc1dc6cfb1bf9378cdcf181bd66df31478dd25327eaa8693b3b74af1639423d240647c9a99f5b5c6e9a6200559a90e3db0a5684af5712c6cfe28bb04aa9ca8ec750cde1da9f508c967d2b52417c37ab1a6418c78844be54cf00c255e6c4f711eb20f6d5afcbc374a16ea5a9c409da48b06a8134e2aaf4b5ba54c7e9b0b147156315bc7f29ae9bcac52cee2e0a7777729a6bb5ad9c6eda1badd9a1d7e30573bf60769b70d06d6be399dda53bd515fa57ec161b90f7b543c0a2324c9f0d360da99f7bd920e2f399e131469a79215ff6a1dc9663b22113150ae95bc2fae294a6628430a84afbc4741deec9837d75daa7ea6b5706700e92e9aaaa6a722c4448892b50fbeda724eea56910672f404fb874dbd7db99afafb0d4a914128627e8df3e4327c1acfdb585890fe49546d3d9dceb48478e3a89f6edf926f483f81ad482e4261db113396bdfce4f3a54a7b7b2f47140edf318c3dac2b9480cf819e3649db24099ef665fb9cca149f5b63ed9d473511e814c05eb024eca30cc1f2e55b589a0fee8077ba01cef9a633270a3809773c0caf9e272a89d77ee251ed1fea9e943eda6802c0a8d74a7b42e63d286431b7d491761ab8e1f8d6e0f6482adde0268c84891b5053c078074311caf39304af9a964bdafa4dee5e83e61b88497913c5e85b1fc396b745c95be4693573bf9f2c932895ea64c27ec96d98591bc09f8b6478be8464b1e201d7efc3a54f38c81b6bc13c051a6675ec50ef2b68fff0217b1f732448f5210b226cbed1b2a9ee8cf0c9fc1121b433952fd458737eb51eff30a0ce8203ee692fa5decb965523d85c4502f2a5f3d52c1a70c9b8ac635a618f5e83b6c12dc02ca6014dfd4fa4625fe79d74a43cef9ce6b438e496236dd856965551317b07525c915ae8a5eaa39ca2f2084ef466d7b093f8b2af82eb66a45bd20ed296101881ac6c34c47ed0385a34a243f2521ef070b99f492d133fc832e26276d07128e353858813eea51e3b0d32856a30b4311f8fb36391fb27529ec707722e1fb41bfc7d26c230894840827e573c69cb4d5f74b68ee1811cb70daf46cf813dcf83df1e9d441bcf75902bd1e6f6244cdcc42e3d45d66af17d3c2bcdd86402b8eedcabc60cd808841b8a8d3e7d6997b3910edd32026b5c3d339e1f8058660e2b2a14623974bec834ec2baa525b5d56c68e4b4d28c95ec0208efd66310bcafb20898b885af393f68cbfb41f4d79dd55944a0b047e9b79b7a0fc4b47e0e58ab2662b68887f6ba7a68f913d3711b72cb3c3e31fe5ff80360520c9c84849fbcc249f507d36c8b2d1d78f709c67ef0bfec74d3e29aa2ee7c338a9e0f0035107dbc2e88dcd86288f771f8ad5f737df1396d00fce058310f823d43848cb481afd0027e0c2cab42fa0077d7560e4dd85b5c13f7ba54bc0bb8a94414c17f82a927f9e31cb0dfa17c7878737c8db87f9e3ec6f33b2e594155539563604966686740cb4d64ad9614d398da996e2f8c04de6c16b68a253851876c04ac65717f1a61587f67d5dabec2ea0d8b9a12599280754f418053ace42ba4cae373d81a28474b612fad8bb4f3cdfa1eaab60a81042a2a579c3d656e1c590a2c17970577bdb1d1f3d9b5865176e4409afa6ac145fde0df1df728b7c523c8a4ca300d78ae804abfc20a65d64927523d458afdbd3fc602d6c2258113781f6711be4cd4291482d0fc2408b4d4b03ff477a4b9dc476a7309475a0ef79378ccabd230f43aff420f9550025a9fc2131391ce57d998eccee237ee4bdef0876e529a274b398ca1cf84c4b71d187d01211b5544267f6d915bae83074d711d2242d1cfa988116c054dc1b403cc64ed604240e8778dab16a14b9a49183a6922f070f1a70dcfcf14b920a4b6f04fe338988666f71859d828b5f9f5874146cb450489afb60d53fba4abdec96c74e248545c4bead614790b9f6a311ce566bac4737b57f6d7a1588559cedd43c107b198c8cc5338d9b9d8ada0d8be209199a78c54ee973f4a056650be3efb27f6e6657ddada590c465ff0b6b45b3a692570749877cebafdfaded3318d06ad162a129371d78aab31fa62f9756186de2e4033eb121ff218a00534594a0153a18cab5d33131681b1c3ce97ddf4127289d1b72ba4885267d7aa0e27e58e41bf255469b283ab9603b476098d50e3bcbe44c059090ba15ce494850aa0a5ff1a3358a0f90a1965c13fa53d3964e9419b72f8f9cbef9b2e001cf8e83ce72f1d1c33a20e46a66ac76e7d124d63dbf2ec4372afc29eece9347c9eae3a29e8f6e42b2c2e85c67831645e67aa3ad58382b68d3f2aaadd6ce8d199832632082921116cca6f7cf2f3895be1222d1d6822ed05a4c045bd84121158d881e9180f622fac59295790016217d07b9c4527e5d087bf84b11042638ece8382b5879f22232bc287f81889893b0e0bd8415dd7266a814e80b3705aa121d8990279e9ecfe0f10c8bdfa7d12a61dd29a240cb45ed544bc29a4e105464fb814ce756b6b8b2929fc2b21a005f6537e712992c6057c9328bd2bde3e8fd83363fd9da1747eaaa43ea27d9d1871aaec644cdbf94d29fb124100dcfc78fdd269c9d191b7bd7d65ee68d7d9c45581b7437fdb9ae876ef8c259a2aca64fd0e4288982e2f2f4897b884ec20574c2ac7b3d4b440f1ccc6f31861340e2835c6c39e04cdd6c17fb8831ab2be8f54f99912b97a993f90ab142e11d271cb8dd0f695cf53921de6390c06df1ac7b55e13ecde62677d5335ad41e13cef7e8d7b421c7296992a1ce2cec0eb69e96f4b139d7b229929509ee3581952ccdff21a779d2a7f7fbe137fcebbc24def70cef7d63d18f2ba5f087197d7fda0dfd3648ceba31606c37297d486f55f75d9cf4adc33f75edfff2422e9a1d52381959dbc9ad4b5cdd2aa0d9d7c26c9b71b7c242d222025539f16b762a33089ad9370c34444d7d6e71ac54c7910aa0e0d63abacd51097baf08a6f5c3b81fd364010e43d9876ffbf529741dd98e88d1d940cf2419ba4b81a48b9cc8749f2383bd0a57b4c09f6c0fd4b44fb0b74ae4a0b318732be9f6e731277623596fe98c55cadb89f139bfa778316b5465b88dfe6fa7282ab231fd4ec49edecc6ac7fb70acf6e89a48e54f19d54f7170b91ec43cb67119f49e62a5311fef9a9b1c0430889cb9f5a6e8f1b787434aee8ec08a543916cb3fa74f9fd5a3d65a2ce3fc57c9892df139aced988dd5905e9721c12f009d4afa7783c25fa4a5d72629bb8d4b5fa635479e22a616e6c005eb9e6d818aeac25b0e0fbc2174d8d721a5cd20d7c3c7f8052268e42e790fba5a9729a927fd30c01d253fac1e31e1334b6c36b38f068ffb479c036d928700af668a1cb390d39c4989fc548eabf4ec27b5323109f1bfec782f7aa21ed3084e693acb97b49baef8793d96ef5305f574fa897352d9974be7b6aeb0f49cbff6700", 0x1000}}, 0x1006) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)={0x28, 0x4, 0x0, {0x6, 0x1}}, 0x28) syz_mount_image$udf(&(0x7f0000000f40), &(0x7f0000000f80)='./file1\x00', 0x0, &(0x7f0000002480)=ANY=[@ANYBLOB='mode=00000000000000000000202,umask=00000000000000000000002,dmode=00000000000000000100002,gid=forget,longad,shortad,novrs,iocharset=cp437,uid=forget,umask=00000000000000000000006,dmode=00000000000000000000010,gid=', @ANYRESDEC=0x0, @ANYBLOB="010000006e6963622c73657373696f6e08003030303030303030303030303030303030ff352c00"], 0x1, 0xc58, &(0x7f00000000c0)="$eJzs3UFsHNd9B+D/G+2KSxutmDhRnTQuNm2RyorlypJiKlbhrmqabQBZFkIxtwBciZS6NUUSJNXIRtoyvfTQQ4Ci6CEnAq1RIEUDowmCHpnWBZKLD0WAAj0RLWwERQ9sESCngMHMvqWWNGnToihR0vfZ1G939r2Z9+atZ2RBb14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG/9/L5k8+l+90KAOBeujj25ZOn3P8B4JFy2f//AwAAAAAAAAAAAADAQZeiiCcixdzFtTRRve9qXOjUb94aHxndvtpgqmoeqsqXP43nTp0+84Xnh8/28kJn5gPq322fjlfHLp9vvjR7Y25+amFharI5PtO5Ojs5tes97LX+VserE9C88drNyWvXFpqnnj296eNbQ+8NPH506Nzw0yee6pUdHxkdHbtdpNFfvnbHDenaaYbH4SjiRKR45js/Se2IKGLv56Jxb8d+q8GqE8erToyPjFYdme60ZxbLDy/1TkQR0eyr1Oqdo+3HImr1e9qHnbUilsrmlw0+XnZvbK49374yPdW81J5f7Cx2ZmcupW5ry/40o4izKWI5IlYH3r+7ehRRixTfOrKWrkTEod55+Hw1MXjndhT72MddKNvZrEcsFw/AmB1gA1HEK5Hip28fi6v5OlNdaz4X8UqZ3494s8wXI1L5xTgT8e423yMeTLUo4i/L8T+3liar60HvunLhK80vzVyb7Svbu658xPvD+64U9+n+MLgl740Dfm1qRBHt6oq/lu78NzsAAAAAAAAAAAAAAAAA3G2DUcSnIsXL//7H1bziqOalHzk3/PtDv9Q/Z/zJD9lPWfbZiFgqdjcn93CeGHgpXUrpPs8lfpQ1oog/yfP/vnG/GwMAAAAAAAAAAAAAAAAAAPBIK+LHkeKFd46l5ehfU7wzc715uX1lursqbG/t396a6evr6+vN1M1WzomcSzmXc67kXO1mNe+/ql/k+jknci7lXM65knM1ZxzK9XO2ck7kXMq5nHMl52rOqOX6OVs5J3Iu5VzOuZJzNWcckLV7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeJkUU8fNI8c2vraVIEdGKmIhurgzc79YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKWBVMR3I0XzD1ob22oRkap/u46Vv5yJ1uEyPx6t4TJfjNb5nO0qa61v3If2szf1VMSPIsVA462NAc/jX+++2/gaxJtfv/3u07VuHup9OPTewONHj5wbHv21J3d6nbZrwPELnZmbt5rjI6OjY32ba/noH+/bNpSPW9ydrhMRC6+/8Vp7enpq/s5flF+BHT5aX1//s/Ioez3EAXmRajv29JF8UQ7tAWjGPnawtqvC9QPQ1H0ZXB525f3/3Ujx2+/8Z++GX93/axslNu7w8bM/vX3/f2HrjnZ5/69trZfv/+U9fbv7/xN9217Ivxup1yIaizfm6kcjGguvv3Gic6N9fer61MyZkye/ODz8xdMn64cjGtc601N9r/Z+rgAAAAAAAAAAAAAAAADuqVTE70aK9o/WUjMiblXztYbODT994qlDcaiab7Vp3varY5fPN1+avTE3P7WwMDXZHJ/pXJ2dnNrt4RrVdK/xkdF96cyHGtzn9g82Xpqde32+c/0PF7f9/LHG+SsLi/Ptq9t/HINRRLT6txyvGjw+Mlo1errTnqmqXtp2Mv1HV09F/FekuHqmmT6bt+X5/1tn+G+a/7+0dUf7NP//Y33bymOmVMTPIsVv/dWT8dmqnY/F+85ZLvd3keL42c/kcnG4LNdrQ/e5At2ZgWXZ/4sU//TzzWV78yGfuF32uV2f2AdEOf5HIsV3/+Lb8et52+bnP2w//o9t3dE+jf8n+rY9tul5BXvuOnn8T0SKF594K34jb/ug53/0nr1xLBfeeD7HPo3/J/u2DeXj/ubd6ToAAAAAAAAAAMADrZ6K+PtI8YPRWno+b9vN3/+b3Lqjffr7X7/St23y7qxX9KEv9nxSAQAAAOCAqKcifhwpri++tTGHevP87775n79ze/7nSNryafXnfL9cPTfgbv75X7+hfNyJvXcbAAAAAAAAAAAAAAAAAAAADpSUing+r6c+Uc3nn9xxPfWVSPHy/zyTy6WjZbneOvBD1a+Ni7MzJ85PT89ebS+2r0xPNcfm2lenyrqfiBRrf/uZXLeo1lfvrTffXeO9UYuIai32+Ugx+g+9st212Htrk3fXA++uxV6W/Vik+O9/3Fy2t471J2+XPVWW/ZtI8dV/3r7s0dtlT5dlvx0pfvjVZq/sY2XZ3vNRu88kbfxRRDx7dbbYh1EBAAAAAAAAAAAAAAAAAADgUVNPRfx5pPjfG8sbc/nz+v/1vreVN7/et97/Freqdf6HqvX/d3p9J+v/V88VWNrpqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HBKUcQbkWLu4lpaGSjfdzUudGZu3hofGd2+2mCqah6qypc/jedOnT7zheeHz/byg+vfbZ+KV8cun2++NHtjbn5qYWFqsjk+07k6Ozm16z3sXL9xRy06Xp2A5o3Xbk5eu7bQPPXs6U0f3xp6b+Dxo0Pnhp8+8VSv7PjI6OhYX5la/Y6OvK20w/bDUcRfR4pnvvOT9IOBiCI+8Fzsyod8d/bbYNWJ41UnxkdGq45Md9ozi+WHl3onooho9lVq9c7RPRiLPWlFLJXNLxt8vOze2Fx7vn1leqp5qT2/2FnszM5cSt3Wlv1pRhFnU8RyRKwOvH939SjitUjxrSNr6V8GIg71zsPnL459+eSpndtR7GMfd6FsZ7MesVw8AGN2gA1EEd+LFD99+1j860BELbo/8bmIV8r8fsSb0R3vVH4xzkS8u833iAdTLYr4/3L8z62ltwfK60HvunLhK80vzVyb7Svbu64cqPvD9/7jo9YYvBuH3bUDfm1qRBE/rK74a+nf/HcNAAAAAAAAAAAAAAAAcIAU8auR4oV3jqVqfvDGnOLOzPXm5faV6e60vt7cv96c6fX19fVm6mYr50TOpZzLOVdyruaMItfP2Sqzsb4+kd8v5VzOuZJzNWccyvVztnJO5FzKuZxzJedqzqjl+jlbOSdyLuVczrmSczVnHJC5ewAAAAAAAAAAAAAAAAAAwMOlqP5J8c2vraX1ge760hPRzRXrgT70fhEAAP//cjv0Pg==") r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x10c) fcntl$setlease(r1, 0x400, 0x0) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') r2 = socket$inet6(0xa, 0x2, 0x0) mkdirat(r0, &(0x7f00000000c0)='./file0\x00', 0x2) sendmmsg$inet6(r2, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000002280)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast2}}}], 0x28, 0x7ffffff7}}], 0x1, 0x0) read$FUSE(r0, &(0x7f0000002e00)={0x2020}, 0x2020) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 2m45.17730121s ago: executing program 1 (id=490): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000950e000000000000c1560000850000001900000095"], &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2m44.588950585s ago: executing program 32 (id=490): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000950e000000000000c1560000850000001900000095"], &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 16.115235095s ago: executing program 5 (id=1025): bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000002600)='binder\x00', 0x2200892, 0x0) read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r5, 0x0, 0x8008000000010, &(0x7f0000000180), 0x0) 7.537707165s ago: executing program 5 (id=1053): syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000001700)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRESHEX, @ANYRES16=0x0, @ANYBLOB="a5efc35603e7564b7345d63ddd28921043052d3444293a3cccdcbbfe66420d245c069405350a418630348ac28237dffd6396393abb1c54e8b62fa09afa9dd6143056389d59d83d642d9c199a7ee26b39bb83b6c59ab057c4cdda6edf7b8eac48ee1f2a5e0c4e0ccc25cf9b5449", @ANYRES32, @ANYRESHEX, @ANYRESHEX, @ANYRES16], 0x1, 0x5c3, &(0x7f00000017c0)="$eJzs3E1v3MYZAOChLEULBTUKBI0dx0AYJwf3YGV3VcsQ0oO3FCUx2V0uSCqQT0VQy6lQKS3qFmh886Vt0BY99Vzk2lOP/VP5C1XB/ZD1ZW38uW3xPIDN4fLlzDsUMYMldhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBAl681mKwrdrL+9Ez9dsl7kvQuOT+r714nNCQshhPmjdkOI6n+h0QhXRx9dfetJ7A/q/26EK6O9K6ERQvh3Izx68+3vf/zW/Fx94kIUhQsSei0efvXoF5/v7+/+etaJvASH0bOfs5n2szLPep3NNM7KPF5bXW1+tLVRxhtZNy3vlVXai5Mi7VR5Ed9M7oYQ1lbidPlevt3fXO900/hm8sO4tbZ251a72VyNP1kepJ2izPsffbJcJltZt5v1N4cx9eFb7ffCnfpG/DSr4irt9OL4wd7+7sq0JOug1ncJak8Lajfb7Var3W6t3l67fafZbIzv1qMP5punhNOnzM/+puW1eyM0/lTfKMOdyRj3xssdyeHZHSZ/nXUKAAAAwCsWDZ+xR8On81eHpY2smzZPxBxGM0sPAAAAeAmGX+2vjB8AhHA1RGe//wMAAAD/2/54co1dOLnGLkRRKAeL0WSpymDnw+igU5c6B5dGH106XWO1cS26PK5kuFmdH+8l6fXonVHQO5Pob8ebB9PyiIpiIXr8YgmEP4dro5hr90fb+5Mjo1aWNrJuupzk3Y9bodO5PFelO9Vvv9z7XQhFcXjp637vchQe7O3vLv/sl/v3h7k8rmt5fDD+hcSZH0qczGUxHMvlN0frHsc9vnuyxwvDBzF1r7/u95ZG7TYH3fmj/s8Nzz488ye9oP+/D++OYt5dGm2XTva/UbfZWj6n98ezaA12PlwcNzbu+cKzZXF9FHP95gf15oOb4yMLx7JoT8uiffz6j65FmHsZWRy/FisXZHEY9vZ3V14wC4BZeXB6FhrNu+HJ/H9m3h0Pb/Hpqi4Y5abM7vUUPnV2//mFrfxzqR7R3x/FvH9t/slcfGpEb06bV5rfcV4P4fy+/iPc+PvfQtgONybBT5tj63b/cmJWjQ6+qU/45ky7k5XmZbcd1TuXFg9+Fd5++NWjW3sHn3+x+8Xul+32ymrzR83m7XZYGHZjvDH3AHCOtPg2Wqr+EBVFNvhpa22t1am20rjIk0/jIlvfTOOsX6VFstXpb6bxoMirPMm7deGzbD0t43J7MMiLKt7Ii3iQl9nO8M0v8fjVL2Xa6/SrLCkH3bRTpnGS96tOUsXrWZnEg+2fdLNyKy2GJ5eDNMk2sqRTZXk/LvPtIkmX47hM02OB2Xrar7KNrC7240GR9TrFvfizvLvdS+P1tEyKbFDlowonbWX9jbzoDatdnvXFBoD/Eg/D+A12R6+ye+ZCaEyJOa/dM89IAYDX5vQsvTjrhAAAAAAAAAAAAAAAgDOOL9f78XhR3guvCLyw0AhHhRBeRRN33zzv0HuvqDvPWQghzL/SJiYvTpp5T/8/Co26MBdmncbkPYvPW08UQpge/L06ZlYjEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA83X8CAAD//yYFj/o=") name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x0) 7.379412501s ago: executing program 2 (id=1055): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c) sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x6, 0x10, 0x8001, 0x9}, &(0x7f00000000c0)=0x18) 7.264958336s ago: executing program 3 (id=1056): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000200), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x1a2) fallocate(r3, 0x0, 0xbf5, 0x2000402) 7.18109289s ago: executing program 5 (id=1057): syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000640), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x74ed00, 0x0, 0x0, 0x40f00, 0x33, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file2\x00', 0x404, &(0x7f0000000300), 0x3, 0x434, &(0x7f0000000680)="$eJzs289rHFUcAPDv7Cap6Q+zlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tHpamd2ZZHezmybpJlvdzwemfW/mLe/73Zm3+2ZeNoCeNZL+k0Tsj4jfI2KoVm1sMFL779bK0vTfK0vTSVQqb/2VVNvdXFmazpvmr9uXV/oiCp8lcaRFvwuXr5yfKpdnL2X18cUL748vXL7y3NyFqXOz52YvTp4+ffLExAunJp/vSJ5pXjeHP5o/evi1d669MX3m2rs/f5vk+Tfl0SEjGx18slLpcHfddaCunPR1MRC2pFgbptFfHf9DUYy1kzcUr37a1eCAHVWpVCoPtD+8XAH+x5LodgRAd+Rf9On9b77t0tTjrnDjpdoNUJr3rWyrHemLQtamv+n+tpNGIuLM8j9fpVvszHMIAIAG36fzn2dbzf8KUf9c6N5sDaUUEfdFxMGIOBURhyLi/ohq2wcj4qEt9t+8SLJ+/lO4vq3ENimd/72YrW01zv/y2V+UilntQDX//uTsXHn2ePaejEb/nrQ+sUEfP7zy2xftjtXP/9It7T+fC2ZxXO/b0/iamanFqTvJud6NTyKG+1rln6yuBCQRcTgihrfZx9zT3xxtd+z2+W+gA+tMla8jnqqd/+Voyj+XbLw+OX5PlGePj+dXxXq//Hr1zXb931H+HZCe/70tr//V/EtJ/Xrtwtb7uPrH523vabZ7/Q8kbzfs+3BqcfHSRMRA8not6Pr9k03tJtfap/mPHms9/g/G2jtxJCLSi/jhiHgkIh7NYn8sIh6PiGMb5P/Ty0+8t/38d1aa/8yWzv9aYSCa97QuFM//+F1Dp6Wt5J+e/5PV0mi2ZzOff5uJa3tXMwAAAPz3FCJifySFsdVyoTA2Vvsb/kOxt1CeX1h85uz8Bxdnar8RKEV/IX/SNVT3PHQiu63P65NN9RPZc+Mvi4PV+tj0fHmm28lDj9vXZvyn/ix2Ozpgx/m9FvQu4x96V9P4L3UrDmD3+f6H3tVi/A92Iw5g97X6/v+4C3EAu69p/Fv2gx7i/h96l/EPvcv4h560MBi3/5G8gsK6QhTuijAUdqjQ7U8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzvg3AAD//xJ85uU=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x8000000004) dup(0xffffffffffffffff) writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 6.49294136s ago: executing program 2 (id=1059): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\r\x00\x00\x00', @ANYRES32=0x1, @ANYRES8=0x0, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX], 0x50) getpid() r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) fchdir(r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r4, &(0x7f0000000f80)=""/4096, 0x1000) 6.145526605s ago: executing program 3 (id=1061): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4) 5.508964012s ago: executing program 5 (id=1062): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xab, @loopback, 0x10001}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @loopback, 0x23}, 0x1c) r1 = dup(r0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x4080}, 0x8080) r2 = socket(0xa, 0x3, 0xff) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0x4000002}, 0x1c) syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@random="cfb14e407d33", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0x1, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x8001, {0x2, 0x6, "081331", 0x9, 0xff, 0x0, @loopback, @loopback, [@fragment={0x3b, 0x0, 0xe, 0x0, 0x0, 0x3, 0x65}]}}}}}}}, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0xffffffffffffffa0, 0xfa00, {0xffffffffffffffff, 0x10c}}, 0xfffffd88) 5.404980676s ago: executing program 0 (id=1063): bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000002600)='binder\x00', 0x2200892, 0x0) read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r5, 0x0, 0x8008000000010, &(0x7f0000000180), 0x0) 5.102751769s ago: executing program 2 (id=1064): r0 = fsopen(&(0x7f00000000c0)='configfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) r3 = inotify_init1(0x0) inotify_add_watch(r3, 0x0, 0xa4000271) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x24, 0x4, 0x8, 0x401, 0x0, 0x0, {0x3, 0x0, 0x2}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88f5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) lseek(r2, 0x50000000, 0x1) getdents64(r2, 0x0, 0x4f) 4.563114843s ago: executing program 3 (id=1066): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000005a0000008500000022000000180100002020702500000000002020200100000000000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x16, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@mpls_uc={0x8847, {[], @llc={@snap={0xab, 0x0, "84", "a54969", 0x16}}}}}}, 0x0) 4.41275975s ago: executing program 2 (id=1067): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000000000000000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000740)='./file0\x00', 0x800, &(0x7f00000006c0)=ANY=[], 0x5, 0x7fd, &(0x7f0000000840)="$eJzs3U1oHPfZAPBnZMmRlfc1Ie+LX2NsZ+LkBRscZSU7CiKFZLMayZOsdsXuKtiEkphaDsZyE+IGah/q+JLS0hJ66jHJoZf2VHppKbTQHtpTob32Fgj0kLS0t5aAyszs2pL14S/FNunvJ6z5eub/f+av9TwaSTMbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAkjZlabSKJZt5aPJlurjHTac9vsX3Q3q/XTLboNyIp/sXoaOytVu393+ub9xSfDsX+aml/jBaT0bj88J5Hnvuf4aHB/lsktN2GN1p58dLl86eXl5fevpUWRrY9p+3y3V+uWfzRWNziyM5lrbzbzufrc1mad9vp9NRU7ekTs910Nm9m3VPdXjafNjpZvdfupIcbR9KJ6eljaTZ+qr3YmpupN7N0uFr57FOTtdpU+tL4QlbvdNutp18a7zZO5M1m3pordyw2FzHPFi/El/Ne2svq82l69tzy0rG1Ke1al2QRNLFmzecrq5f2P/nIJ+98/I9zS5M3O9zJ2uTkxMTk5MRUEhG12vD1Fc9MP/NsrTZcu0Gsi7inL1oeQNt8Boc7N9Sv/9GMPFqxGCcj3fCjETPRiXbMx/UX8OrtfYP6//9P//UPW/X7/qr6X1X5of17r2/eF2X9P1gtHdys/ld973xok5y/qI/SV4pPF+NSXI7zcTqWYzmW4u0vpL9k+9oa2t7M5iKLVuTRjXbkMR/1ck3aX5PGdEzFVNTitTgRs9GNNGYjj2Zk0Y1T0Y1eZOUrqhGdyKIevWhHJ9I4HI04EmlMxHRMx7FII4vxOBXtWIxWzMVM1MtWzsa5ctyP3ZDXnm+9/os3/vjJB+VXaxA0sdUQvxtRBv19i6B1xVz957ZFxG+37wQOd2FlUP8BAACAL62k/Ol7cf0/EgfKudm8mb26JubVz27ca7j49O49TBMAAAC4C+Vv/vdHUs3EgUiK6//a2qCfjJSTh+5DfgAAAMDdS8p77IqL/7F4rJob3C5Vu9+5AQAAANuj/LX/wWIyFnGlXOH6HwAAAL5kXvlZf+bGZ+x/PHjG7tDCQ8mv/hadzkhy/MOTTyYX6kVc/cKOar/+5JVrLfZm9w3uJqjamhq+/HCxPNzI9ieDBwV/3r+ZoHq0wL7ha7uvzeOFXdXaJEmKBK4ubJpArElgd/8oriVQLsX34vEq5vEz1fTMYEt1tGOzeTMbb7Sbz01Evb57qJed7L3z9XPfjPLwv9Oa353E2XPLS+Nfe3P5TJnL1aKVqxf6x7vuOYpb5LIyuJ3iwPqnGxdNjZQ3YvT7Hav6ra0+/qGLu4uZoRvHYIs+34tD/1XGHBqrYsfWHv9o0efE+GZHP1Yd38S6Ix9e/8KqsjjVXyqyuHb7yHvxRDXzxOEnqskGWUxulUUxFpOrs6jGLIZuY/w3ySIeiYgPHr9y8sBoRHbsZlkcu8ssAO6Xs+VTf4oqVJ2eqyr0r5VKUf87nZGdsabuVDvc6lkuKXu5yTv5jBSn/luq7v9c2eKMfriKOVx9PzG8b4O6UtvgjP7Wubd+1z+jH//xDz/86sHf//SO6/roIGTXYObR3zw8FGUWu/pZXO5v6Ywk379WSaqq+lGx/qNN++02J5NiCHd848JbsefipctPnbtw+o2lN5Z2RsRU7Xit9kyS9L94K+V3DGoPABs4FAerQr7pe+xs8i485TcAZURyfKur6h2RPHrtTwqKmvhmLMeZOFrebRARj23c79iqP0M4Gof6yW581Tq26h1ejm50VXclrsUWdbKKndw4dsN2j60asf/7wRf59QCAe+HQTerwpvX/ekRy9CbX3Wtr+ZEq9sggg81reUQ8f29HAwD+M2Sdz5Kx3reTTidfeG1ienqi3juRpZ124+W0k8/MZWne6mWdGK635rJ0odPutRvtZjHzSj6TddPu4sJCu9NLZ9uddKHdzU+W7/ye9t/6vZvN11u9vNFdaGb1bpY22q1evdFLZ/JuI11YfLGZd09knXLn7kLWyGfzRr2Xt1tpt73YaWTjadrNslWB+UzW6uWzeTHbShc6+Xy9czUimovzWTqTdRudfKHXrhoc9JW3Ztud+bLZv+y+36MNAA+Gi5cunz+9vLz09p3N/PlWgjfvfXTkXh4rAFC5XqU//e8bt/nhOwAAAAAAAAAAAAAAPBju8v6/9TO7trfB0a1iVq5ErN+UrKys3EYXu+ImMTurkdoR2ztQ92Tm6ra0MxQbjfODM5Nsvun1558/v9nuL17Ze+LWurjp/5ThiOjf6vrupzt//n616YU7Opyh29/rTxFxB32tJFvE3OcTEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABs4N8BAAD//2uxZPA=") open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000080)=ANY=[@ANYBLOB="16000000020000001d"], 0x0) 3.811272715s ago: executing program 5 (id=1068): syz_open_dev$usbfs(0x0, 0x205, 0x40100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = open$dir(0x0, 0x80, 0x108) symlinkat(0x0, r3, &(0x7f00000002c0)='./file1\x00') sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r5 = openat$cgroup_devices(r4, &(0x7f0000000200)='devices.deny\x00', 0x2, 0x0) r6 = openat$cgroup_devices(r4, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) write$cgroup_devices(r5, 0x0, 0x8) write$cgroup_devices(r6, &(0x7f00000000c0)={'b', ' *:* ', 'rwm\x00'}, 0xa) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={0x0, 0x0}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r7, 0x1, 0x1}, 0x48) 3.723037669s ago: executing program 4 (id=1069): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x24}}, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0af33709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf495efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c57684224fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f6d7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f28a930f8fb5afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866414acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21510000009822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0be47c5aeb06ec1c054377d5532c370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5", 0x293, 0x4000, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000500)='./file0\x00', 0x2200810, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8, @ANYBLOB="479446063e5ae0e1eff9575273fe293386346b2af951ded4d42bb874cc5122cfde0a5dca160c4fa76f6039397c9440764c3fcb6e029a6817b26bd04516313e243da16e92c2b4460be01c7849e483dcde0ddc3f55174b930be9fd8169ff4be922c308874e8a1b0b9f838dacc9", @ANYRESDEC, @ANYRESOCT], 0x4, 0x25d, &(0x7f0000000f40)="$eJzs2s9rnEUcB+Dvm6a0pqQbf9uCOOhBvbw0OXtokBTEBUEboQrSt+aNLnndDXmXwIrYnBQ89ezJs3j0IAjSo5dc/As86CmXHHsQX0k2adMY0WKzG/R5Ljsw82HmnZkd5jBbr9z6aGV5MpaLfkxkWUxcjo24k8VMTMS+jXj5xWs/PvvWtXden2+3F95M6cr81dm5lNL5535495Nvnr/dP/f2t+e/PxObM+9tbc/9svnU5oWt369+2KlTp07dXj8V6Uav1y9uVGVa6tQreUq3qrKoy9Tp1uXaffXLVW91dZCK7tL01OpaWdep6A7SSjlI/V7qrw1S8UHR6aY8z9P0VPBvLH59p2liuzl9PZqmeeSrOHc7pn+OVmSPpuzxy9mT17OnN7IL203TGvdQORbW///twKF+NqL6fH1xfXH4O6yfX45OVFHGpWjFb7GzTfYMy1deay9cSrtm4rPq5l7+5vriqd38F/v52WjFzNH52WE+3Z8/E1MH+5/77rF44s/5X0+1F+aOzJ+Nl144kM+jFT+9H72oYil2svf6/3Q2pVffaB/KX9xtBwDwX5Onu468v+X5X9UP8w9wPzx0v5qMi5Pj/XYi6sHHK0VVlWsjKezsqX/QuDeC8WR7E/D3jZ+ZGNn8jKfw5ckYxjEVhudY3F3vh9zFQ/0Tnd7bkPsH4zinbgyHESN3b9HHPRIAAAAAAAAAAAAexKFHf63jeHI47m8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOtj8CAAD//13bww4=") r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) read$FUSE(r0, &(0x7f0000001180)={0x2020}, 0x2020) 3.688394921s ago: executing program 3 (id=1070): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000080)=0xc) truncate(&(0x7f0000000900)='./file1\x00', 0x3000000) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x48042, 0x8c) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) fallocate(r2, 0x10, 0x6, 0x10001) 3.268871018s ago: executing program 4 (id=1071): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x78, 0x78, 0x3, [@func={0xa, 0x0, 0x0, 0xc, 0x2}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x5, 0x1}}, @func={0xb, 0x0, 0x0, 0xc, 0x3}, @const={0x6, 0x0, 0x0, 0xa, 0x4}, @const={0x9}, @ptr={0x0, 0x0, 0x0, 0x2, 0x3}, @float={0x8, 0x0, 0x0, 0x10, 0x4}, @func_proto, @const={0x0, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x5f]}}, &(0x7f0000000000)=""/109, 0x93, 0x6d, 0x0, 0x0, 0x10000}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x8, 0x4008, 0xd, 0x1, 0xffffffffffffffff, 0x5}, 0x50) openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000040000000400000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x21, 0x3, 0x580, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x4b0, 0xffffffff, 0xffffffff, 0x4b0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private2, @private2, [], [], 'veth0\x00', 'syzkaller1\x00'}, 0x0, 0x220, 0x248, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'sit0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x8, 0x5}}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv0\x00', 'veth1\x00'}, 0x0, 0x200, 0x268, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private1, [], @ipv4=@remote}, {@ipv6=@dev, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@ipv4=@multicast2, [], @ipv6=@loopback}, {@ipv6=@rand_addr=' \x01\x00', [], @ipv4=@local}]}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5e0) 3.222126291s ago: executing program 0 (id=1072): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000080)=0xc) sendmsg$netlink(r1, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0xcc000) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x48042, 0x8c) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0) fallocate(r2, 0x10, 0x6, 0x10001) 2.618543336s ago: executing program 0 (id=1073): syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000640), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x74ed00, 0x0, 0x0, 0x40f00, 0x33, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file2\x00', 0x404, &(0x7f0000000300), 0x3, 0x434, &(0x7f0000000680)="$eJzs289rHFUcAPDv7Cap6Q+zlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tHpamd2ZZHezmybpJlvdzwemfW/mLe/73Zm3+2ZeNoCeNZL+k0Tsj4jfI2KoVm1sMFL779bK0vTfK0vTSVQqb/2VVNvdXFmazpvmr9uXV/oiCp8lcaRFvwuXr5yfKpdnL2X18cUL748vXL7y3NyFqXOz52YvTp4+ffLExAunJp/vSJ5pXjeHP5o/evi1d669MX3m2rs/f5vk+Tfl0SEjGx18slLpcHfddaCunPR1MRC2pFgbptFfHf9DUYy1kzcUr37a1eCAHVWpVCoPtD+8XAH+x5LodgRAd+Rf9On9b77t0tTjrnDjpdoNUJr3rWyrHemLQtamv+n+tpNGIuLM8j9fpVvszHMIAIAG36fzn2dbzf8KUf9c6N5sDaUUEfdFxMGIOBURhyLi/ohq2wcj4qEt9t+8SLJ+/lO4vq3ENimd/72YrW01zv/y2V+UilntQDX//uTsXHn2ePaejEb/nrQ+sUEfP7zy2xftjtXP/9It7T+fC2ZxXO/b0/iamanFqTvJud6NTyKG+1rln6yuBCQRcTgihrfZx9zT3xxtd+z2+W+gA+tMla8jnqqd/+Voyj+XbLw+OX5PlGePj+dXxXq//Hr1zXb931H+HZCe/70tr//V/EtJ/Xrtwtb7uPrH523vabZ7/Q8kbzfs+3BqcfHSRMRA8not6Pr9k03tJtfap/mPHms9/g/G2jtxJCLSi/jhiHgkIh7NYn8sIh6PiGMb5P/Ty0+8t/38d1aa/8yWzv9aYSCa97QuFM//+F1Dp6Wt5J+e/5PV0mi2ZzOff5uJa3tXMwAAAPz3FCJifySFsdVyoTA2Vvsb/kOxt1CeX1h85uz8Bxdnar8RKEV/IX/SNVT3PHQiu63P65NN9RPZc+Mvi4PV+tj0fHmm28lDj9vXZvyn/ix2Ozpgx/m9FvQu4x96V9P4L3UrDmD3+f6H3tVi/A92Iw5g97X6/v+4C3EAu69p/Fv2gx7i/h96l/EPvcv4h560MBi3/5G8gsK6QhTuijAUdqjQ7U8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzvg3AAD//xJ85uU=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x8000000004) dup(0xffffffffffffffff) writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 2.271436342s ago: executing program 4 (id=1074): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000600)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000400), 0x12) r2 = openat$cgroup_int(r0, &(0x7f0000000240)='memory.high\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000180)=0x3, 0x12) 2.013020562s ago: executing program 4 (id=1075): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f00000000c0)={'ip6tnl0\x00', 0x0, 0x2f, 0x8, 0x0, 0xfffff98e, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, 0x700, 0x8, 0xffffffff, 0x7}}) 1.967389965s ago: executing program 3 (id=1076): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4) 1.37935079s ago: executing program 4 (id=1077): syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x0, 0x19, &(0x7f0000000140)=ANY=[@ANYBLOB="050f19630114ecbeeb00000000000040000000000000000000"]}) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) eventfd(0x0) r1 = socket$key(0xf, 0x3, 0x2) r2 = socket(0x200000000000011, 0x3, 0xd) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000b00)={0x300, 0x0, &(0x7f0000000400)={&(0x7f0000000800)=ANY=[@ANYBLOB="020a06970300000028bd7008fcd1df25", @ANYRES8], 0x18}}, 0x40) 1.362403681s ago: executing program 0 (id=1078): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c) sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x7, 0x84, 0x2, 0x5, 0x5, 0xfd, 0x0, 0x0, 0xfd, 0x2, 0x3, 0x0, 0x2}, 0xe) recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001880)=""/4096, 0x1000}, 0xf8d}], 0x1, 0x140, 0x0) 1.099703822s ago: executing program 2 (id=1079): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000010000000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={r1, r0, 0x15, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x30) r2 = socket$inet_sctp(0x2, 0x1, 0x84) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@fallback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) getsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f0000000340)=""/22, &(0x7f0000000280)=0x16) 956.971819ms ago: executing program 2 (id=1080): r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_mount_image$erofs(&(0x7f00000005c0), &(0x7f0000000140)='./file2\x00', 0x810418, &(0x7f0000000000)=ANY=[@ANYRES8=0x0], 0x5, 0x1d6, &(0x7f0000000200)="$eJzsmb/P0kAYx7937Quvb4yJi4OLg68Ro5S2qGEhBhN3E/DXJpFK0AIGagIkDsTFxdHBxNV/wMHBycHNzVUHNTFxkNG55o5re7ZAwKmJz2c4vvfc3XPPHfAloSAI4r/l+7ffX59frbUuADiKQxRV/KeRzOHa/C8vH59/Ub/26s3n1x8Gx55cSedjAMJw+/2PAHjfMBBEnRSH6rUFHusb4Din9C0wnFH6LjhuKu2B4Y7SDzQ9jPbwPeve0O/c7/meLRpHNK5oqvr+JoDFnKEDYF+eLQyZNj6ezh62fd8bpcVeGO2TGdpVbLo/WV+Do676oj7xft1+9nQuKrZU3NbuzwGHo3QVDE2layjCsqzkSrTznzST/MY258+DOF7ORRkk8iVYOiK+0HHkxOLdx+yqH3kp/h+ENC4AmaFPB7vkEQ7wd6SgTGDlqsSfmAmc1fzJhBn7RyXoP6qMp7Nyr9/uel1v4LrVy/ZF277kVqQRLdsN/rcv/elAy7+XtUhJgRUwaQfByJkAwciJ++6y1Ry3+Xb4S67h0v84SqeXOcRHRR67uLqe6LeBSy16JWNt8QRBEARBEARBEARBEARBEDtxCkz+C6oeVIVrcK/L2X8CAAD//+lAY1E=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x21) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020660b, &(0x7f0000000040)={0x500, 0x10000002000003, 0x0, 0x0, 0x300}) setns(r0, 0x0) 275.546387ms ago: executing program 3 (id=1081): unshare(0x6020400) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)={@cgroup=r2, r0, 0x12, 0x6}, 0x10) 215.32478ms ago: executing program 4 (id=1082): bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000002600)='binder\x00', 0x2200892, 0x0) read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r5, 0x0, 0x8008000000010, &(0x7f0000000180), 0x0) 144.987823ms ago: executing program 5 (id=1083): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000080)=0xc) sendmsg$netlink(r1, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0xcc000) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x48042, 0x8c) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0) fallocate(r2, 0x10, 0x6, 0x10001) 73.570876ms ago: executing program 0 (id=1084): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x8, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x10c5408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r0, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x2, 0x3}) 0s ago: executing program 0 (id=1085): openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f00000027c0)=""/4096, &(0x7f0000000100)=0x1000) kernel console output (not intermixed with test programs): [ 79.871743][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 79.911544][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 79.927075][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 79.937326][ T4681] loop4: detected capacity change from 0 to 164 [ 79.947894][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 79.958567][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 79.967027][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 79.974919][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 80.005859][ T4255] blk_print_req_error: 60 callbacks suppressed [ 80.005871][ T4255] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 80.376844][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 81.014294][ T4707] loop0: detected capacity change from 0 to 512 [ 81.126968][ T4707] EXT4-fs error (device loop0): ext4_get_branch:178: inode #13: block 2: comm syz.0.113: invalid block [ 81.193432][ T4710] fuse: Bad value for 'fd' [ 81.207747][ T4707] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.113: invalid indirect mapped block 10 (level 1) [ 81.238633][ T4707] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.113: invalid indirect mapped block 8 (level 1) [ 81.261701][ T4707] EXT4-fs (loop0): 1 truncate cleaned up [ 81.270580][ T4707] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 81.414326][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 81.577060][ T4718] loop4: detected capacity change from 0 to 2048 [ 81.605214][ T4718] EXT4-fs: Ignoring removed mblk_io_submit option [ 81.778224][ T4718] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 81.925350][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 82.175742][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 82.219635][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 82.228767][ T4733] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 82.314645][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 82.449700][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 82.528426][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 82.838033][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 82.883612][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 82.904477][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 82.919500][ T4729] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 83.005392][ T4749] fuse: Bad value for 'fd' [ 83.042826][ T4747] loop1: detected capacity change from 0 to 2048 [ 83.109131][ T4747] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 84.017599][ T4760] loop2: detected capacity change from 0 to 128 [ 84.121549][ T4760] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 84.187208][ T4760] ext4 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 84.286269][ T4770] loop3: detected capacity change from 0 to 512 [ 84.314873][ T4770] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 84.379429][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 84.442162][ T4770] EXT4-fs (loop3): 1 orphan inode deleted [ 84.447915][ T4770] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 84.464757][ T4770] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.467583][ T4440] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 84.579320][ T26] audit: type=1800 audit(1764200455.166:3): pid=4770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.132" name="bus" dev="loop3" ino=16 res=0 errno=0 [ 84.580026][ T4440] EXT4-fs error (device loop3): ext4_release_dquot:6845: comm kworker/u4:9: Failed to release dquot type 1 [ 84.712925][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 84.937096][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 85.008718][ T4791] fuse: Bad value for 'fd' [ 86.917524][ T4824] fuse: Bad value for 'fd' [ 87.720582][ T4307] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 87.739573][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 87.777812][ T4838] loop3: detected capacity change from 0 to 512 [ 87.839840][ T4838] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.155: inode has both inline data and extents flags [ 87.869387][ T4838] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.155: couldn't read orphan inode 15 (err -117) [ 87.901655][ T4838] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 87.912208][ T4307] usb 1-1: Using ep0 maxpacket: 16 [ 87.926051][ T4307] usb 1-1: config 0 interface 0 has no altsetting 0 [ 87.942833][ T4307] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 87.994195][ T4307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.043786][ T4307] usb 1-1: config 0 descriptor?? [ 88.089276][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 88.469972][ T4829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.494518][ T4829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.536070][ T4307] hid (null): invalid report_size -266181755 [ 88.558173][ T4307] hid (null): global environment stack underflow [ 88.606929][ T4848] loop2: detected capacity change from 0 to 16 [ 88.642676][ T4848] erofs: (device loop2): mounted with root inode @ nid 36. [ 88.765806][ T4745] usb 1-1: USB disconnect, device number 3 [ 88.894454][ T4854] fuse: Invalid rootmode [ 90.525700][ T4876] loop0: detected capacity change from 0 to 1024 [ 90.575452][ T4876] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 90.657245][ T4876] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 90.679298][ T4876] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.780883][ T4876] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.168: inode has both inline data and extents flags [ 90.795336][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 90.820010][ T4873] loop1: detected capacity change from 0 to 512 [ 90.820499][ T4876] EXT4-fs (loop0): Remounting filesystem read-only [ 90.980110][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 91.627772][ T4897] fuse: Invalid rootmode [ 93.416409][ T4923] loop4: detected capacity change from 0 to 2048 [ 93.578985][ T4923] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 93.804483][ T4932] netlink: 40 bytes leftover after parsing attributes in process `syz.1.185'. [ 94.351932][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 94.361670][ T4944] fuse: Invalid rootmode [ 95.911106][ T4970] netlink: 12 bytes leftover after parsing attributes in process `syz.4.197'. [ 96.562887][ T4988] fuse: Unknown parameter '00000000000000000000' [ 96.669285][ T4992] loop3: detected capacity change from 0 to 128 [ 96.783255][ T4992] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 96.818399][ T4992] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 96.851073][ T4996] loop4: detected capacity change from 0 to 512 [ 96.989165][ T4996] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 97.021882][ T4996] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.066997][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 97.169657][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 97.212432][ T5001] loop1: detected capacity change from 0 to 128 [ 97.279002][ T5001] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 97.322368][ T5001] ext4 filesystem being mounted at /31/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 97.447355][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 97.557793][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 98.044022][ T5019] loop3: detected capacity change from 0 to 512 [ 98.133238][ T5019] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 98.137308][ T5026] fuse: Unknown parameter '00000000000000000000' [ 98.156220][ T5019] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 98.281261][ T5019] EXT4-fs (loop3): shut down requested (2) [ 98.294292][ T5027] kvm: pic: level sensitive irq not supported [ 98.294468][ T5027] kvm: pic: non byte read [ 98.343234][ T5027] kvm: pic: level sensitive irq not supported [ 98.343294][ T5027] kvm: pic: non byte read [ 98.357721][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 98.705169][ T5042] binder: 5041:5042 ioctl c0306201 200000000080 returned -14 [ 99.209251][ T5058] fuse: Unknown parameter '00000000000000000000' [ 99.481202][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 100.000749][ T5068] loop4: detected capacity change from 0 to 1024 [ 100.879016][ T5087] fuse: Unknown parameter 'user00000000000000000000' [ 101.290463][ T4745] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 101.486576][ T4745] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 101.496707][ T4745] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 101.534770][ T4745] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 101.580579][ T4745] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 101.588588][ T4745] usb 5-1: SerialNumber: syz [ 101.609987][ T4745] usb 5-1: 0:2 : does not exist [ 102.058421][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 102.768526][ T5104] loop4: detected capacity change from 0 to 2048 [ 102.800267][ T5104] UDF-fs: warning (device loop4): udf_fill_super: No partition found (2) [ 104.139234][ T4314] usb 5-1: USB disconnect, device number 2 [ 104.172214][ T5107] loop0: detected capacity change from 0 to 1024 [ 104.223118][ T5113] loop2: detected capacity change from 0 to 128 [ 104.436874][ T5118] syz.2.246: attempt to access beyond end of device [ 104.436874][ T5118] loop2: rw=2049, sector=145, nr_sectors = 336 limit=128 [ 104.618489][ T5123] fuse: Unknown parameter 'user00000000000000000000' [ 105.011455][ T5132] loop4: detected capacity change from 0 to 1024 [ 105.086956][ T26] audit: type=1800 audit(1764200475.676:4): pid=5132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.253" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 105.161459][ T4340] hfsplus: b-tree write err: -5, ino 4 [ 105.600496][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 106.709778][ T5152] loop0: detected capacity change from 0 to 1024 [ 106.876815][ T4340] hfsplus: b-tree write err: -5, ino 4 [ 107.176750][ T5163] loop3: detected capacity change from 0 to 1024 [ 107.294948][ T5165] fuse: Unknown parameter 'user00000000000000000000' [ 107.437096][ T5170] loop4: detected capacity change from 0 to 256 [ 107.526776][ T5170] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 107.542080][ T5172] loop3: detected capacity change from 0 to 1024 [ 107.595207][ T5172] EXT4-fs: inline encryption not supported [ 107.607947][ T5172] EXT4-fs: Ignoring removed orlov option [ 107.638794][ T5172] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800c019, mo2=0002] [ 107.655458][ T5172] System zones: 0-1, 3-12 [ 107.690570][ T4314] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 107.698877][ T5172] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 107.927168][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 108.190620][ T4314] usb 3-1: Using ep0 maxpacket: 8 [ 108.216017][ T4314] usb 3-1: config 8 has an invalid interface number: 20 but max is 0 [ 108.388701][ T4314] usb 3-1: config 8 has no interface number 0 [ 108.420344][ T4314] usb 3-1: config 8 interface 20 altsetting 7 endpoint 0xC has invalid maxpacket 1592, setting to 64 [ 108.485507][ T4314] usb 3-1: config 8 interface 20 altsetting 7 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 108.529177][ T4314] usb 3-1: config 8 interface 20 altsetting 7 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 108.665304][ T4314] usb 3-1: config 8 interface 20 has no altsetting 0 [ 108.704914][ T4314] usb 3-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=26.61 [ 108.716480][ T4314] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.736048][ T4314] usb 3-1: Product: syz [ 108.740228][ T4314] usb 3-1: Manufacturer: syz [ 108.754299][ T4314] usb 3-1: SerialNumber: syz [ 108.790900][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 108.993599][ T4314] keyspan 3-1:8.20: Keyspan 1 port adapter converter detected [ 109.012298][ T4314] keyspan 3-1:8.20: found no endpoint descriptor for endpoint 84 [ 109.042019][ T4314] keyspan 3-1:8.20: found no endpoint descriptor for endpoint 81 [ 109.070921][ T4314] keyspan 3-1:8.20: found no endpoint descriptor for endpoint 82 [ 109.098142][ T4314] keyspan 3-1:8.20: found no endpoint descriptor for endpoint 1 [ 109.119902][ T4314] keyspan 3-1:8.20: found no endpoint descriptor for endpoint 2 [ 109.138225][ T4314] keyspan 3-1:8.20: found no endpoint descriptor for endpoint 83 [ 109.152362][ T4314] keyspan 3-1:8.20: unsupported endpoint type 0 [ 109.172921][ T4314] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 109.186149][ T4314] usb 3-1: USB disconnect, device number 2 [ 109.209199][ T4314] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 109.237514][ T4314] keyspan 3-1:8.20: device disconnected [ 109.957958][ T5215] loop1: detected capacity change from 0 to 512 [ 109.999058][ T5215] EXT4-fs: Ignoring removed oldalloc option [ 110.048156][ T5217] loop2: detected capacity change from 0 to 512 [ 110.085473][ T5215] EXT4-fs (loop1): 1 truncate cleaned up [ 110.108546][ T5217] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 110.109007][ T5215] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 110.117617][ T5217] ext4 filesystem being mounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 112.274027][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 112.431453][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 112.578750][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 112.879542][ T5241] team0: Port device team_slave_0 removed [ 112.897463][ T5247] fuse: Unknown parameter 'user_i00000000000000000000' [ 113.049797][ T5251] netlink: 40 bytes leftover after parsing attributes in process `syz.1.288'. [ 113.429788][ T47] Bluetooth: Unexpected continuation frame (len 10) [ 114.052245][ T5264] loop1: detected capacity change from 0 to 512 [ 114.076224][ T5264] ext4: Unknown parameter 'grpquota.nouid32' [ 114.209291][ T5264] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2196: inode #15: comm syz.1.293: corrupted in-inode xattr [ 114.247233][ T5264] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.293: couldn't read orphan inode 15 (err -117) [ 114.273253][ T5269] loop0: detected capacity change from 0 to 1024 [ 114.280546][ T5269] EXT4-fs: Ignoring removed oldalloc option [ 114.286465][ T5269] EXT4-fs: Ignoring removed bh option [ 114.308252][ T5269] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 114.321358][ T5264] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 114.532377][ T5269] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 114.693319][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 114.812503][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 114.837310][ T5282] loop2: detected capacity change from 0 to 128 [ 114.867079][ T5284] fuse: Unknown parameter 'user_i00000000000000000000' [ 116.098275][ T5305] loop2: detected capacity change from 0 to 1024 [ 116.525950][ T5315] loop2: detected capacity change from 0 to 1024 [ 116.600166][ T5315] EXT4-fs: Ignoring removed nomblk_io_submit option [ 116.660008][ T5315] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 117.328042][ T5324] fuse: Unknown parameter 'user_id00000000000000000000' [ 117.344815][ T5325] Illegal XDP return value 4294967294 on prog (id 76) dev syz_tun, expect packet loss! [ 117.521731][ T5315] syz.2.310 (5315) used greatest stack depth: 20560 bytes left [ 117.769581][ T5331] fuse: Bad value for 'fd' [ 117.891011][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 119.395846][ T5345] loop4: detected capacity change from 0 to 1024 [ 119.449621][ T5345] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 119.532864][ T5345] EXT4-fs warning (device loop4): ext4_enable_quotas:7061: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 119.553586][ T5345] EXT4-fs (loop4): mount failed [ 119.594255][ T5356] fuse: Unknown parameter 'user_id00000000000000000000' [ 119.738328][ T5359] loop0: detected capacity change from 0 to 2048 [ 119.787087][ T5359] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 119.899196][ T5364] loop4: detected capacity change from 0 to 1024 [ 120.534672][ T5382] loop2: detected capacity change from 0 to 1024 [ 120.652616][ T5382] hfsplus: xattr searching failed [ 120.673550][ T5382] hfsplus: xattr searching failed [ 120.678791][ T26] audit: type=1800 audit(1764200499.269:5): pid=5382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.332" name="file1" dev="loop2" ino=3 res=0 errno=0 [ 120.727072][ T5382] hfsplus: xattr searching failed [ 120.889313][ T4377] hfsplus: bad catalog file entry [ 120.895027][ T4377] hfsplus: b-tree write err: -5, ino 3 [ 121.021012][ T5389] fuse: Unknown parameter 'user_id00000000000000000000' [ 122.102193][ T5413] loop0: detected capacity change from 0 to 256 [ 122.467775][ T26] audit: type=1400 audit(1764200501.059:6): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=5416 comm="syz.3.345" [ 122.910481][ T4333] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 123.103637][ T4333] usb 3-1: Using ep0 maxpacket: 8 [ 123.116034][ T4333] usb 3-1: unable to get BOS descriptor or descriptor too short [ 123.140476][ T5227] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 123.158871][ T4333] usb 3-1: config 7 has an invalid interface number: 41 but max is 2 [ 123.178011][ T4333] usb 3-1: config 7 has an invalid interface number: 155 but max is 2 [ 123.224258][ T4333] usb 3-1: config 7 has no interface number 1 [ 123.249340][ T4333] usb 3-1: config 7 has no interface number 2 [ 123.277597][ T4333] usb 3-1: config 7 interface 0 has no altsetting 0 [ 123.306352][ T4333] usb 3-1: config 7 interface 155 has no altsetting 0 [ 123.341469][ T5227] usb 2-1: Using ep0 maxpacket: 32 [ 123.352913][ T5227] usb 2-1: unable to get BOS descriptor or descriptor too short [ 123.362161][ T4333] usb 3-1: string descriptor 0 read error: -22 [ 123.397371][ T4333] usb 3-1: New USB device found, idVendor=1199, idProduct=9001, bcdDevice=fc.d6 [ 123.418116][ T5227] usb 2-1: config 128 has an invalid interface number: 127 but max is 3 [ 123.454860][ T5227] usb 2-1: config 128 has an invalid descriptor of length 213, skipping remainder of the config [ 123.465955][ T4333] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.552966][ T5227] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 123.572922][ T5438] loop0: detected capacity change from 0 to 1024 [ 123.592706][ T5227] usb 2-1: config 128 has no interface number 0 [ 123.607574][ T5227] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 49979, setting to 1024 [ 123.633151][ T5227] usb 2-1: config 128 interface 127 altsetting 14 has an invalid endpoint with address 0xBB, skipping [ 123.656577][ T5227] usb 2-1: config 128 interface 127 altsetting 14 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 123.680864][ T5438] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 123.686165][ T5227] usb 2-1: config 128 interface 127 has no altsetting 0 [ 123.718574][ T5227] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 123.744937][ T4333] usb 3-1: Could not set interface, error -71 [ 123.799784][ T4333] usb 3-1: USB disconnect, device number 3 [ 123.807707][ T5227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.846519][ T5227] usb 2-1: Product: syz [ 123.860580][ T5227] usb 2-1: Manufacturer: syz [ 123.870155][ T5227] usb 2-1: SerialNumber: syz [ 123.893665][ T5430] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 123.904170][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 124.035818][ T5443] loop3: detected capacity change from 0 to 4096 [ 124.051215][ T5443] EXT4-fs: Ignoring removed nomblk_io_submit option [ 124.082028][ T5443] EXT4-fs (loop3): Test dummy encryption mode enabled [ 124.107959][ T5443] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 124.130505][ T5443] System zones: 0-5 [ 124.154345][ T5443] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 124.222362][ T5450] loop0: detected capacity change from 0 to 256 [ 124.229768][ T5450] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.250856][ T5227] usb 2-1: USB disconnect, device number 2 [ 124.388532][ T5450] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.425197][ T5450] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 124.501760][ T4255] udevd[4255]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 124.778694][ T5462] binder_alloc: 5461: binder_alloc_buf, no vma [ 124.930799][ T5467] loop0: detected capacity change from 0 to 512 [ 124.985275][ T5467] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 125.000501][ T5467] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.047934][ T26] audit: type=1800 audit(1764200503.639:7): pid=5467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.361" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 125.082529][ T5471] loop2: detected capacity change from 0 to 512 [ 125.100804][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 125.117278][ T5443] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 125.141122][ T5471] EXT4-fs (loop2): Test dummy encryption mode enabled [ 125.151079][ T5471] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 125.164602][ T5471] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.362: bad orphan inode 131083 [ 125.190490][ T5471] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 125.344680][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 125.379669][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 125.521562][ T5486] syz.2.366 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 125.544160][ T5487] loop3: detected capacity change from 0 to 16 [ 125.552282][ T5485] loop0: detected capacity change from 0 to 128 [ 125.570359][ T5487] erofs: (device loop3): mounted with root inode @ nid 36. [ 125.609419][ T5485] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 125.677689][ T5485] ext4 filesystem being mounted at /75/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 125.766728][ T5493] loop3: detected capacity change from 0 to 256 [ 125.788077][ T5485] EXT4-fs (loop0): shut down requested (1) [ 125.794177][ T5493] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.813110][ T5485] fscrypt (loop0, inode 12): Error -5 getting encryption context [ 125.834208][ T5493] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 125.850478][ T126] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 125.876777][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 125.887249][ T5493] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 125.981426][ T5227] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 126.005752][ T5495] loop0: detected capacity change from 0 to 512 [ 126.054155][ T126] usb 3-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x98, skipping [ 126.075182][ T5495] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 126.087502][ T126] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 126.094508][ T5495] ext4 filesystem being mounted at /76/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.120476][ T126] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.148993][ T5488] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 126.170516][ T5488] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 126.179151][ T5227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.182423][ T126] usb 3-1: invalid MIDI in EP 0 [ 126.200773][ T5227] usb 5-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.00 [ 126.215940][ T5227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.255493][ T5227] usb 5-1: config 0 descriptor?? [ 126.303501][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 126.320213][ T126] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 126.387667][ T5501] loop3: detected capacity change from 0 to 512 [ 126.433482][ T4314] usb 3-1: USB disconnect, device number 4 [ 126.463463][ T5503] udevd[5503]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 126.484673][ T5501] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 126.526615][ T5501] EXT4-fs error (device loop3): ext4_lookup:1858: inode #14: comm syz.3.372: unexpected EA_INODE flag [ 126.548131][ T5507] loop0: detected capacity change from 0 to 1024 [ 126.621185][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 126.691297][ T5227] hid-generic 0003:18D1:503C.0003: unbalanced collection at end of report description [ 126.704110][ T4377] hfsplus: b-tree write err: -5, ino 4 [ 126.711793][ T5227] hid-generic: probe of 0003:18D1:503C.0003 failed with error -22 [ 126.898509][ T5227] usb 5-1: USB disconnect, device number 3 [ 126.958014][ T5515] loop3: detected capacity change from 0 to 4096 [ 126.982687][ T5517] loop0: detected capacity change from 0 to 512 [ 127.017797][ T5515] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 127.087812][ T5517] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 127.225791][ T5517] ext4 filesystem being mounted at /79/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 127.757257][ T5529] loop2: detected capacity change from 0 to 256 [ 127.943763][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 127.975717][ T5529] FAT-fs (loop2): Directory bread(block 64) failed [ 128.003043][ T5529] FAT-fs (loop2): Directory bread(block 65) failed [ 128.060657][ T5529] FAT-fs (loop2): Directory bread(block 66) failed [ 128.067202][ T5529] FAT-fs (loop2): Directory bread(block 67) failed [ 128.100240][ T5529] FAT-fs (loop2): Directory bread(block 68) failed [ 128.125172][ T5529] FAT-fs (loop2): Directory bread(block 69) failed [ 128.147166][ T5529] FAT-fs (loop2): Directory bread(block 70) failed [ 128.155086][ T5529] FAT-fs (loop2): Directory bread(block 71) failed [ 128.156815][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 128.228827][ T5529] FAT-fs (loop2): Directory bread(block 72) failed [ 128.262344][ T5529] FAT-fs (loop2): Directory bread(block 73) failed [ 131.249596][ T5588] loop2: detected capacity change from 0 to 1024 [ 131.371082][ T5588] hfsplus: bad catalog folder entry [ 131.428538][ T5593] loop4: detected capacity change from 0 to 256 [ 131.510459][ T5593] FAT-fs (loop4): Directory bread(block 1285) failed [ 131.586829][ T5595] loop2: detected capacity change from 0 to 1024 [ 131.618490][ T5593] FAT-fs (loop4): Directory bread(block 1285) failed [ 131.627013][ T5595] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 131.663066][ T5595] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (49802!=20869) [ 131.684052][ T5601] loop0: detected capacity change from 0 to 1024 [ 131.721991][ T5595] EXT4-fs error (device loop2): ext4_get_journal_inode:5730: inode #5: comm syz.2.403: unexpected bad inode w/o EXT4_IGET_BAD [ 131.810547][ T5595] EXT4-fs (loop2): no journal found [ 131.815770][ T5595] EXT4-fs (loop2): can't get journal size [ 131.867397][ T5595] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 132.167595][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 132.584055][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.592648][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.105512][ T5629] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 133.114743][ T4321] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 133.306116][ T5632] loop1: detected capacity change from 0 to 512 [ 133.314885][ T4321] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 133.332597][ T4321] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 133.367555][ T4321] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 133.395416][ T5632] EXT4-fs: Ignoring removed i_version option [ 133.426558][ T4321] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 133.437322][ T5632] EXT4-fs: Ignoring removed bh option [ 133.488925][ T4321] usb 1-1: SerialNumber: syz [ 133.514404][ T5632] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 133.559094][ T4321] usb 1-1: 0:2 : does not exist [ 133.577900][ T5632] ext4 filesystem being mounted at /78/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 133.988413][ T5639] loop0: detected capacity change from 0 to 2048 [ 134.008929][ T5639] UDF-fs: warning (device loop0): udf_fill_super: No partition found (2) [ 134.429041][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 135.671573][ T5227] usb 1-1: USB disconnect, device number 4 [ 135.756251][ T5661] loop4: detected capacity change from 0 to 1024 [ 135.772255][ T5661] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 135.790944][ T5661] EXT4-fs (loop4): invalid journal inode [ 135.804429][ T5661] EXT4-fs (loop4): can't get journal size [ 135.849739][ T5661] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 136.017030][ T5667] loop2: detected capacity change from 0 to 256 [ 136.074200][ T5667] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 136.088392][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 136.122537][ T5669] loop0: detected capacity change from 0 to 128 [ 136.131571][ T5667] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 136.182119][ T5667] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 136.478634][ T5677] loop2: detected capacity change from 0 to 1024 [ 136.507094][ T5675] loop4: detected capacity change from 0 to 512 [ 136.521285][ T5677] EXT4-fs: Ignoring removed nomblk_io_submit option [ 136.552730][ T5675] ext4: Unknown parameter 'smackfsfloor' [ 136.600175][ T5677] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 136.655522][ T5677] Zero length message leads to an empty skb [ 137.009855][ T5688] loop4: detected capacity change from 0 to 128 [ 137.069835][ T5688] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 137.086197][ T5688] ext4 filesystem being mounted at /94/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 137.192346][ T5694] binder: 5693:5694 ioctl c0306201 0 returned -14 [ 137.224037][ T5694] binder: 5693:5694 ioctl f50f 0 returned -22 [ 137.350578][ T4333] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 137.440130][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 137.459284][ T5697] loop3: detected capacity change from 0 to 512 [ 137.511066][ T5697] EXT4-fs: Ignoring removed nobh option [ 137.545651][ T4333] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.576171][ T4333] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 137.657510][ T5697] EXT4-fs (loop3): 1 orphan inode deleted [ 137.681692][ T4501] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 137.720564][ T5697] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 137.722423][ T5701] loop0: detected capacity change from 0 to 2048 [ 137.736404][ T4333] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 137.774577][ T4501] EXT4-fs error (device loop3): ext4_release_dquot:6845: comm kworker/u4:10: Failed to release dquot type 1 [ 137.793589][ T5701] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 137.807064][ T4333] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 137.827315][ T5697] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.845546][ T26] audit: type=1800 audit(1764200516.439:8): pid=5701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.440" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 137.883456][ T4333] usb 2-1: SerialNumber: syz [ 137.999426][ T4333] usb 2-1: 0:2 : does not exist [ 138.036743][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 138.047602][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 138.181744][ T22] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 138.339813][ T5690] loop1: detected capacity change from 0 to 2048 [ 138.351482][ T5690] UDF-fs: warning (device loop1): udf_fill_super: No partition found (2) [ 138.487170][ T4307] usb 2-1: USB disconnect, device number 3 [ 138.524043][ T22] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 138.543496][ T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.750056][ T22] usb 4-1: config 0 descriptor?? [ 138.791066][ T22] cp210x 4-1:0.0: cp210x converter detected [ 139.182848][ T22] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 139.301479][ T22] usb 4-1: cp210x converter now attached to ttyUSB0 [ 139.412905][ T4307] usb 4-1: USB disconnect, device number 2 [ 139.480976][ T4307] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 139.516695][ T4307] cp210x 4-1:0.0: device disconnected [ 140.339854][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 140.490302][ T5740] loop3: detected capacity change from 0 to 164 [ 140.530783][ T5740] isofs_fill_super: root inode is not a directory. Corrupted media? [ 140.644518][ T4255] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 140.740973][ T5746] loop4: detected capacity change from 0 to 16 [ 140.914307][ T5746] erofs: (device loop4): mounted with root inode @ nid 36. [ 140.937139][ T5738] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 142.229540][ T5758] loop4: detected capacity change from 0 to 1024 [ 142.331874][ T5761] loop0: detected capacity change from 0 to 512 [ 142.399653][ T5761] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 142.590540][ T47] Bluetooth: hci0: command 0x0c1a tx timeout [ 142.847959][ T5761] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.460: inode has both inline data and extents flags [ 143.101377][ T5763] loop3: detected capacity change from 0 to 2048 [ 143.150859][ T5763] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 143.161735][ T5761] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.460: couldn't read orphan inode 15 (err -117) [ 143.202463][ T5761] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 143.272923][ T26] audit: type=1804 audit(1764200521.869:9): pid=5761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.460" name="/newroot/96/file0/file2" dev="loop0" ino=16 res=1 errno=0 [ 143.324016][ T5772] Bluetooth: MGMT ver 1.22 [ 143.345901][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 143.382435][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 143.562082][ T5779] loop0: detected capacity change from 0 to 512 [ 143.594603][ T5779] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 143.663221][ T5779] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 143.697893][ T5779] FAT-fs (loop0): Filesystem has been set read-only [ 143.780529][ T4745] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 145.197925][ T5789] loop1: detected capacity change from 0 to 128 [ 145.380722][ T47] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.386900][ T4279] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 145.768623][ T4745] usb 4-1: Using ep0 maxpacket: 16 [ 145.777275][ T5788] mmap: syz.1.467 (5788): VmData 25976832 exceed data ulimit 9868. Update limits or use boot option ignore_rlimit_data. [ 145.783668][ T4745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.840931][ T4745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.876960][ T4745] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 145.938289][ T4745] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.959056][ T4745] usb 4-1: config 0 descriptor?? [ 146.175543][ T5804] loop2: detected capacity change from 0 to 128 [ 146.308721][ T5809] netlink: 'syz.4.471': attribute type 4 has an invalid length. [ 146.316461][ T5809] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.471'. [ 146.390642][ T5804] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 146.464603][ T4745] hid-multitouch 0003:1FD2:6007.0004: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 146.552673][ T5804] ext4 filesystem being mounted at /93/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 146.846865][ T4745] usb 4-1: USB disconnect, device number 3 [ 146.991101][ T5812] fido_id[5812]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 147.161132][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 147.190291][ T5823] loop1: detected capacity change from 0 to 256 [ 148.284896][ T5837] loop3: detected capacity change from 0 to 1024 [ 148.292707][ T5835] loop4: detected capacity change from 0 to 128 [ 148.301501][ T5837] EXT4-fs: inline encryption not supported [ 148.326169][ T5837] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 148.338074][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.351125][ T5835] FAT-fs (loop4): Filesystem has been set read-only [ 148.399329][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.428214][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.442337][ T5837] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 148.491110][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.520615][ T5835] syz.4.482: attempt to access beyond end of device [ 148.520615][ T5835] loop4: rw=0, sector=1029, nr_sectors = 1 limit=128 [ 148.545052][ T5835] buffer_io_error: 60 callbacks suppressed [ 148.545063][ T5835] Buffer I/O error on dev loop4, logical block 1029, async page read [ 148.610021][ T5846] loop2: detected capacity change from 0 to 1024 [ 148.616599][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.625522][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.672669][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.691489][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 148.803156][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.820683][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.838205][ T5846] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 148.850664][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.874193][ T5846] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.896743][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.932454][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.932645][ T5846] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.486: inode has both inline data and extents flags [ 148.950480][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.984962][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 148.998650][ T5851] loop3: detected capacity change from 0 to 2048 [ 149.030493][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 149.049713][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 149.090284][ T5851] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 149.106621][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 149.230750][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 149.280822][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 149.355224][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 149.356425][ T4696] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.375034][ T5835] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 149.385367][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 149.395629][ T5857] loop2: detected capacity change from 0 to 512 [ 149.437937][ T5835] syz.4.482: attempt to access beyond end of device [ 149.437937][ T5835] loop4: rw=0, sector=1029, nr_sectors = 1 limit=128 [ 149.476133][ T5835] Buffer I/O error on dev loop4, logical block 1029, async page read [ 149.485222][ T26] audit: type=1800 audit(1764200528.079:10): pid=5835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.482" name="file2" dev="loop4" ino=1048617 res=0 errno=0 [ 149.512214][ T5857] EXT4-fs error (device loop2): ext4_quota_enable:7017: inode #4: comm syz.2.489: iget: bad extended attribute block 1 [ 149.548771][ T5835] syz.4.482 (5835) used greatest stack depth: 19216 bytes left [ 149.558548][ T5857] EXT4-fs error (device loop2): ext4_quota_enable:7020: comm syz.2.489: Bad quota inode: 4, type: 1 [ 149.583352][ T4696] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.596803][ T5857] EXT4-fs warning (device loop2): ext4_enable_quotas:7061: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 149.636641][ T5857] EXT4-fs (loop2): mount failed [ 149.694092][ T4696] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.816021][ T4696] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.930123][ T5863] loop4: detected capacity change from 0 to 1024 [ 150.053258][ T5863] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 150.510694][ T4745] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 150.842720][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 150.869000][ T4745] usb 3-1: device descriptor read/all, error -61 [ 151.060449][ T4745] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 151.129272][ T4333] hid-generic 0005:16C2:5505.0005: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa [ 151.220479][ T4745] usb 3-1: device descriptor read/64, error -71 [ 151.341491][ T4745] usb usb3-port1: attempt power cycle [ 151.499000][ T5891] loop0: detected capacity change from 0 to 736 [ 151.581483][ T4279] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 151.595722][ T4279] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 151.604388][ T4279] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 151.617609][ T4279] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 151.625572][ T4279] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 151.635135][ T4279] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 151.638206][ T5891] rock: directory entry would overflow storage [ 151.692038][ T5891] rock: sig=0x3b10, size=4, remaining=3 [ 151.750496][ T4745] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 151.791087][ T4745] usb 3-1: device descriptor read/8, error -71 [ 152.075328][ T4745] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 152.098249][ T5908] loop3: detected capacity change from 0 to 512 [ 152.647595][ T5908] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 152.820716][ T5908] ext4 filesystem being mounted at /90/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 153.051652][ T4745] usb 3-1: device descriptor read/8, error -71 [ 153.294877][ T4745] usb usb3-port1: unable to enumerate USB device [ 153.711011][ T4279] Bluetooth: hci3: command 0x0409 tx timeout [ 153.948986][ T5895] chnl_net:caif_netlink_parms(): no params data found [ 154.210159][ T5932] loop2: detected capacity change from 0 to 1024 [ 154.227157][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 154.547512][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.578987][ T5895] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.601634][ T5895] device bridge_slave_0 entered promiscuous mode [ 154.620474][ T126] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 154.679180][ T5944] loop2: detected capacity change from 0 to 2048 [ 154.749524][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.762439][ T5944] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 154.766880][ T5895] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.806422][ T5895] device bridge_slave_1 entered promiscuous mode [ 154.820634][ T126] usb 1-1: Using ep0 maxpacket: 8 [ 154.846620][ T126] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 154.880465][ T126] usb 1-1: config 0 has no interface number 0 [ 154.902287][ T126] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 154.939714][ T126] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.954901][ T126] usb 1-1: Product: syz [ 154.960663][ T126] usb 1-1: Manufacturer: syz [ 154.970717][ T126] usb 1-1: SerialNumber: syz [ 154.990089][ T126] usb 1-1: config 0 descriptor?? [ 155.014568][ T4696] device hsr_slave_0 left promiscuous mode [ 155.032808][ T4696] device hsr_slave_1 left promiscuous mode [ 155.049573][ T4696] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.067563][ T4696] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.091683][ T4696] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.109331][ T4696] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.143308][ T4696] device bridge_slave_1 left promiscuous mode [ 155.150465][ T4696] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.218132][ T126] usb 1-1: USB disconnect, device number 5 [ 155.329464][ T4696] device bridge_slave_0 left promiscuous mode [ 155.368643][ T4696] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.554169][ T4696] device veth1_macvtap left promiscuous mode [ 155.568734][ T4696] device veth0_macvtap left promiscuous mode [ 155.703069][ T4696] device veth1_vlan left promiscuous mode [ 155.780662][ T4279] Bluetooth: hci3: command 0x041b tx timeout [ 155.882779][ T4696] device veth0_vlan left promiscuous mode [ 157.267574][ T5984] loop4: detected capacity change from 0 to 512 [ 157.295982][ T5984] ext4: Unknown parameter 'noacl' [ 157.871049][ T4279] Bluetooth: hci3: command 0x040f tx timeout [ 158.196058][ T4696] team0 (unregistering): Port device team_slave_1 removed [ 158.262803][ T4696] team0 (unregistering): Port device team_slave_0 removed [ 158.334129][ T5992] loop4: detected capacity change from 0 to 256 [ 158.362978][ T5992] exFAT-fs (loop4): failed to load upcase table (idx : 0x000103c2, chksum : 0xe64499b9, utbl_chksum : 0xe619d30d) [ 158.364168][ T4696] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 158.430055][ T4696] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 159.736981][ T4696] bond0 (unregistering): Released all slaves [ 159.940519][ T4279] Bluetooth: hci3: command 0x0419 tx timeout [ 160.543960][ T5895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.597724][ T5895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.629328][ T6003] loop2: detected capacity change from 0 to 1024 [ 160.664044][ T6003] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 160.930020][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.997328][ T6015] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.054001][ T6015] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 161.185789][ T5895] team0: Port device team_slave_0 added [ 161.242599][ T5895] team0: Port device team_slave_1 added [ 161.383352][ T6024] loop3: detected capacity change from 0 to 128 [ 162.089758][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 162.114962][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.169070][ T5895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 162.291872][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 162.298827][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.444116][ T5895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.604940][ T5895] device hsr_slave_0 entered promiscuous mode [ 163.614408][ T6057] loop3: detected capacity change from 0 to 512 [ 163.688049][ T6057] EXT4-fs (loop3): Test dummy encryption mode enabled [ 163.753613][ T6057] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 163.780903][ T5895] device hsr_slave_1 entered promiscuous mode [ 163.788229][ T5895] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 163.795866][ T5895] Cannot create hsr debugfs directory [ 163.808963][ T6057] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (4742!=33349) [ 163.862908][ T6057] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e01c, mo2=0102] [ 164.170003][ T6057] EXT4-fs (loop3): orphan cleanup on readonly fs [ 164.480548][ T6057] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.535: bg 0: block 4: invalid block bitmap [ 164.551443][ T6057] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 164.593292][ T6057] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.535: attempt to clear invalid blocks 33619980 len 1 [ 164.681594][ T6057] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.535: invalid indirect mapped block 1811939328 (level 0) [ 164.708630][ T6070] loop0: detected capacity change from 0 to 128 [ 164.716819][ T6057] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.535: invalid indirect mapped block 2185560079 (level 1) [ 164.787992][ T6057] EXT4-fs (loop3): 1 truncate cleaned up [ 164.798113][ T6057] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 164.843382][ T6070] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 164.875820][ T6070] ext4 filesystem being mounted at /112/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 164.920264][ T5895] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 165.534217][ T5895] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 165.651143][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 165.652914][ T5895] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 165.667015][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 165.735172][ T5895] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 165.877727][ T6090] loop3: detected capacity change from 0 to 512 [ 165.953767][ T6090] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 165.972406][ T6090] EXT4-fs warning (device loop3): dx_probe:869: inode #2: comm syz.3.540: Unimplemented hash flags: 0x0001 [ 166.074562][ T6090] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.540: Corrupt directory, running e2fsck is recommended [ 166.152014][ T6090] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 3: comm syz.3.540: path /101/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=4294967295, rec_len=7, size=1024 fake=0 [ 166.185225][ T6103] loop4: detected capacity change from 0 to 2048 [ 166.227202][ T6103] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 166.240770][ T5895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.319674][ T6103] UDF-fs: unknown compression code (0) [ 166.335543][ T5833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.354743][ T5833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.399299][ T5895] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.432328][ T6112] loop2: detected capacity change from 0 to 512 [ 166.469909][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.490649][ T6112] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 166.529700][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.581150][ T4501] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.588238][ T4501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.597809][ T6112] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 166.639330][ T6112] ext4 filesystem being mounted at /110/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 166.761368][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 166.818916][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 166.862070][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.977455][ T6128] loop4: detected capacity change from 0 to 128 [ 167.099132][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.264432][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 167.432359][ T4501] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.439498][ T4501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.745222][ T6133] loop2: detected capacity change from 0 to 1024 [ 167.752327][ T6133] EXT4-fs: Ignoring removed nomblk_io_submit option [ 168.258990][ T6133] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 168.559454][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.590672][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.625195][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.660661][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.673212][ T6148] loop0: detected capacity change from 0 to 2048 [ 168.691008][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.708358][ T6148] EXT4-fs: inline encryption not supported [ 168.716540][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.732513][ T6148] EXT4-fs: Ignoring removed orlov option [ 168.760996][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.780482][ T6148] ext4: Unknown parameter 'dont_appraise' [ 168.804935][ T6151] loop4: detected capacity change from 0 to 2048 [ 168.817742][ T5895] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 168.865402][ T6151] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.879423][ T5895] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.883329][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 168.901848][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.913448][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.122132][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.130855][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.375339][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.693302][ T6159] loop2: detected capacity change from 0 to 2048 [ 169.831182][ T6159] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 169.862816][ T6167] netlink: 104 bytes leftover after parsing attributes in process `syz.4.558'. [ 169.976573][ T6169] EXT4-fs error (device loop2): ext4_do_update_inode:5268: inode #12: comm syz.2.556: corrupted inode contents [ 170.103947][ T6169] EXT4-fs error (device loop2): ext4_try_add_inline_entry:1354: inode #12: comm syz.2.556: mark_inode_dirty error [ 170.174138][ T6169] EXT4-fs error (device loop2): ext4_do_update_inode:5268: inode #12: comm syz.2.556: corrupted inode contents [ 170.198548][ T6174] loop0: detected capacity change from 0 to 1024 [ 170.234849][ T6169] EXT4-fs error (device loop2): ext4_delete_inline_entry:1809: inode #12: comm syz.2.556: mark_inode_dirty error [ 171.124099][ T6169] EXT4-fs error (device loop2) in ext4_delete_inline_entry:1812: Corrupt filesystem [ 171.149033][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 171.196117][ T6169] EXT4-fs warning (device loop2): ext4_rename_delete:3778: inode #12: comm syz.2.556: Deleting old file: nlink 2, error=-117 [ 171.196292][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 171.257584][ T6169] EXT4-fs error (device loop2): ext4_do_update_inode:5268: inode #12: comm syz.2.556: corrupted inode contents [ 171.480200][ T4501] hfsplus: b-tree write err: -5, ino 3 [ 171.874212][ T5895] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.882624][ T6169] EXT4-fs error (device loop2): ext4_rename:4030: inode #12: comm syz.2.556: mark_inode_dirty error [ 171.969987][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 173.084840][ T6207] loop3: detected capacity change from 0 to 4096 [ 173.143755][ T6207] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 173.608247][ T6208] loop2: detected capacity change from 0 to 2048 [ 173.860357][ T6208] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 173.930245][ T6208] UDF-fs: Scanning with blocksize 512 failed [ 173.966965][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 173.997145][ T6208] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.088470][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 174.140703][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 174.224674][ T6233] loop3: detected capacity change from 0 to 1024 [ 174.231276][ T6189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 174.239471][ T6189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 174.267193][ T6233] EXT4-fs: Ignoring removed nomblk_io_submit option [ 174.291662][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 174.299761][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 174.320924][ T6233] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 174.365231][ T5895] device veth0_vlan entered promiscuous mode [ 174.410322][ T5895] device veth1_vlan entered promiscuous mode [ 174.510443][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 174.531359][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 174.599627][ T6242] loop4: detected capacity change from 0 to 512 [ 174.655252][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.888207][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.908102][ T6242] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 174.917380][ T6242] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.214647][ T26] audit: type=1804 audit(1764200569.622:11): pid=6242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.572" name="/newroot/129/file1/file2" dev="loop4" ino=16 res=1 errno=0 [ 175.275189][ T5895] device veth0_macvtap entered promiscuous mode [ 175.423707][ T5895] device veth1_macvtap entered promiscuous mode [ 175.494146][ T6248] loop0: detected capacity change from 0 to 256 [ 176.000465][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.032348][ T5503] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 176.046142][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 176.054603][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.108274][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.174532][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.268236][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.306710][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.337002][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.383823][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.418272][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.455917][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.523253][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.675504][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.693656][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.650097][ T6265] loop4: detected capacity change from 0 to 512 [ 177.657784][ T6265] EXT4-fs: Ignoring removed mblk_io_submit option [ 178.873562][ T6265] EXT4-fs: Mount option(s) incompatible with ext2 [ 178.913506][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.980006][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.990647][ T5895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.001380][ T5895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.043348][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.101447][ T6189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 179.127795][ T6189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 179.181930][ T6270] 9pnet_fd: Insufficient options for proto=fd [ 179.182889][ T6189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 179.219993][ T6268] loop0: detected capacity change from 0 to 2048 [ 179.221430][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 179.242055][ T6189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 179.321766][ T6268] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 179.344301][ T5895] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.370415][ T5895] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.379774][ T5895] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.434864][ T6268] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.450493][ T5895] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.694863][ T4377] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.729764][ T4377] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.846750][ T6286] binder: 6283:6286 ioctl c0306201 200000000080 returned -14 [ 180.139798][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 180.470979][ T4377] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.510115][ T4377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.565006][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 180.740609][ T4270] Bluetooth: hci0: command 0x0406 tx timeout [ 180.746725][ T4270] Bluetooth: hci1: command 0x0406 tx timeout [ 180.859791][ T6310] loop5: detected capacity change from 0 to 512 [ 180.867022][ T6310] EXT4-fs: Ignoring removed oldalloc option [ 180.893889][ T6310] EXT4-fs (loop5): 1 truncate cleaned up [ 180.899898][ T6310] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 181.023772][ T4270] Bluetooth: hci2: command 0x0406 tx timeout [ 182.125859][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 183.168293][ T6327] loop4: detected capacity change from 0 to 1024 [ 183.191914][ T6327] EXT4-fs: Ignoring removed nomblk_io_submit option [ 183.543021][ T6333] loop2: detected capacity change from 0 to 1024 [ 183.617553][ T6333] EXT4-fs: inline encryption not supported [ 183.647084][ T6327] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 183.695409][ T6333] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 183.832776][ T6333] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 183.971894][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 184.132156][ T6351] loop2: detected capacity change from 0 to 512 [ 184.206618][ T6351] EXT4-fs: Ignoring removed bh option [ 184.280707][ T6351] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 184.395737][ T6360] loop3: detected capacity change from 0 to 512 [ 184.415365][ T6351] EXT4-fs (loop2): 1 truncate cleaned up [ 184.448200][ T6351] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 184.620686][ T6360] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 184.629650][ T6360] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.750072][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 184.787411][ T6367] loop0: detected capacity change from 0 to 8 [ 184.878833][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 184.882337][ T4267] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294901760 (level 0) [ 184.977284][ T4267] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294967295 (level 1) [ 185.017887][ T4267] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 65535 (level 2) [ 185.045487][ T6370] bridge: RTM_NEWNEIGH with invalid ether address [ 185.121536][ T6373] device syzkaller0 entered promiscuous mode [ 185.128762][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 185.199639][ T6375] loop0: detected capacity change from 0 to 128 [ 185.258364][ T6375] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 185.760874][ T4270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 185.772724][ T4270] CPU: 1 PID: 4270 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 185.780299][ T4270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 185.790362][ T4270] Workqueue: hci1 hci_rx_work [ 185.795086][ T4270] Call Trace: [ 185.798363][ T4270] [ 185.801299][ T4270] dump_stack_lvl+0x168/0x22e [ 185.805989][ T4270] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 185.811629][ T4270] ? show_regs_print_info+0x12/0x12 [ 185.816828][ T4270] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 185.822477][ T4270] sysfs_create_dir_ns+0x252/0x280 [ 185.827594][ T4270] ? sysfs_warn_dup+0xa0/0xa0 [ 185.832272][ T4270] ? mark_lock+0x94/0x320 [ 185.836613][ T4270] ? do_raw_spin_unlock+0x11d/0x230 [ 185.841827][ T4270] kobject_add_internal+0x6b8/0xc80 [ 185.847045][ T4270] kobject_add+0x152/0x210 [ 185.851476][ T4270] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 185.857119][ T4270] ? kobject_init+0x1d0/0x1d0 [ 185.861810][ T4270] ? get_device_parent+0x8b/0x3f0 [ 185.866853][ T4270] ? get_device_parent+0x121/0x3f0 [ 185.871982][ T4270] device_add+0x483/0xfb0 [ 185.876317][ T4270] ? kmem_cache_free+0xf7/0x290 [ 185.881181][ T4270] hci_conn_add_sysfs+0xd1/0x1e0 [ 185.886132][ T4270] le_conn_complete_evt+0xfec/0x15d0 [ 185.891419][ T4270] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 185.897071][ T4270] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 185.903315][ T4270] ? kasan_check_range+0x1ab/0x290 [ 185.908447][ T4270] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 185.914099][ T4270] ? skb_pull_data+0xf7/0x200 [ 185.918787][ T4270] hci_le_conn_complete_evt+0x183/0x440 [ 185.924344][ T4270] ? hci_remote_host_features_evt+0x270/0x270 [ 185.930422][ T4270] hci_event_packet+0x791/0x1210 [ 185.935379][ T4270] ? bis_list+0x280/0x280 [ 185.939723][ T4270] ? kcov_remote_start+0x27/0x7e0 [ 185.944758][ T4270] ? hci_send_to_monitor+0x9c/0x4a0 [ 185.949967][ T4270] hci_rx_work+0x3eb/0xd40 [ 185.954412][ T4270] ? process_one_work+0x7a1/0x1160 [ 185.959529][ T4270] process_one_work+0x898/0x1160 [ 185.964488][ T4270] ? worker_detach_from_pool+0x240/0x240 [ 185.970146][ T4270] ? _raw_spin_lock_irq+0xab/0xe0 [ 185.975200][ T4270] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 185.980591][ T4270] ? kthread_data+0x4b/0xc0 [ 185.985118][ T4270] worker_thread+0xaa2/0x1250 [ 185.989841][ T4270] kthread+0x29d/0x330 [ 185.993928][ T4270] ? worker_clr_flags+0x1a0/0x1a0 [ 185.998972][ T4270] ? kthread_blkcg+0xd0/0xd0 [ 186.003593][ T4270] ret_from_fork+0x1f/0x30 [ 186.008039][ T4270] [ 186.020295][ T4270] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 186.038250][ T4270] Bluetooth: hci1: failed to register connection device [ 186.341229][ T6400] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.348507][ T6400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.616452][ T6408] input: syz1 as /devices/virtual/input/input6 [ 187.448568][ T6416] loop2: detected capacity change from 0 to 1024 [ 187.561784][ T6416] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 187.801543][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 188.654393][ T6433] loop2: detected capacity change from 0 to 1024 [ 188.955045][ T40] hfsplus: b-tree write err: -5, ino 4 [ 190.025425][ T6453] loop0: detected capacity change from 0 to 764 [ 190.058026][ T6453] rock: directory entry would overflow storage [ 190.064284][ T6453] rock: sig=0x4654, size=5, remaining=4 [ 190.092121][ T6453] isofs: Unable to find the ".." directory for NFS. [ 192.625708][ T6485] loop2: detected capacity change from 0 to 128 [ 192.634901][ T6483] loop3: detected capacity change from 0 to 512 [ 192.665653][ T6487] loop0: detected capacity change from 0 to 512 [ 192.672871][ T6485] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 192.688045][ T6485] ext4 filesystem being mounted at /125/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 192.691549][ T6487] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 192.740898][ T4279] Bluetooth: hci1: command 0x0406 tx timeout [ 192.793473][ T6483] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 192.826466][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 192.978868][ T6483] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 193.214641][ T6483] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.630: bg 0: block 248: padding at end of block bitmap is not set [ 193.249044][ T6483] Quota error (device loop3): write_blk: dquota write failed [ 194.082651][ T6499] sched: RT throttling activated [ 194.850895][ T6483] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 194.902651][ T6483] EXT4-fs error (device loop3): ext4_acquire_dquot:6809: comm syz.3.630: Failed to acquire dquot type 1 [ 194.952835][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.959145][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.009583][ T6483] EXT4-fs (loop3): 1 truncate cleaned up [ 195.073679][ T6483] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 195.219119][ T6510] loop5: detected capacity change from 0 to 1024 [ 195.311509][ T6510] EXT4-fs: Ignoring removed orlov option [ 195.419448][ T6516] loop4: detected capacity change from 0 to 512 [ 195.443954][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 196.223428][ T6516] FAT-fs (loop4): Directory bread(block 199916) failed [ 196.246829][ T6510] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 196.261168][ T6516] FAT-fs (loop4): Directory bread(block 199917) failed [ 196.278296][ T6516] FAT-fs (loop4): Directory bread(block 199918) failed [ 196.383394][ T6516] FAT-fs (loop4): Directory bread(block 199919) failed [ 196.431152][ T6516] FAT-fs (loop4): Directory bread(block 199920) failed [ 196.498617][ T6516] FAT-fs (loop4): Directory bread(block 199921) failed [ 196.536579][ T6516] FAT-fs (loop4): Directory bread(block 199922) failed [ 196.578207][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 196.590222][ T6516] FAT-fs (loop4): Directory bread(block 199923) failed [ 196.727915][ T6532] loop0: detected capacity change from 0 to 512 [ 196.827186][ T6532] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 196.836552][ T6532] ext4 filesystem being mounted at /139/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.950603][ T26] audit: type=1804 audit(1764200599.480:12): pid=6532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.643" name="/newroot/139/file1/file2" dev="loop0" ino=16 res=1 errno=0 [ 197.472793][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 197.504578][ T6516] FAT-fs (loop4): FAT read failed (blocknr 128) [ 197.673279][ T6549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.646'. [ 197.717819][ T6551] loop2: detected capacity change from 0 to 512 [ 197.780459][ T5227] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 197.808944][ T6551] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.648: invalid indirect mapped block 4294967295 (level 1) [ 197.848601][ T6555] loop3: detected capacity change from 0 to 128 [ 197.901067][ T6551] EXT4-fs (loop2): Remounting filesystem read-only [ 197.906270][ T6555] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 197.907681][ T6551] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.648: invalid indirect mapped block 4294967295 (level 1) [ 197.960856][ T6551] EXT4-fs (loop2): Remounting filesystem read-only [ 197.967623][ T6551] EXT4-fs (loop2): 2 truncates cleaned up [ 197.974901][ T6551] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 197.985548][ T5227] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 197.995907][ T5227] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 198.011573][ T5227] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 198.025575][ T5227] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 198.034800][ T5227] usb 6-1: SerialNumber: syz [ 198.056732][ T5227] usb 6-1: 0:2 : does not exist [ 198.071494][ T6555] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.264877][ T6563] loop4: detected capacity change from 0 to 128 [ 198.491221][ T6565] xt_policy: neither incoming nor outgoing policy selected [ 198.595077][ T6565] input: syz1 as /devices/virtual/input/input7 [ 199.678315][ T6555] syz.3.649 (pid 6555) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 199.743455][ T6541] loop5: detected capacity change from 0 to 2048 [ 199.755148][ T6541] UDF-fs: warning (device loop5): udf_fill_super: No partition found (2) [ 200.034313][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 200.090105][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 200.373596][ T4321] usb 6-1: USB disconnect, device number 2 [ 200.921470][ T6581] netlink: 'syz.3.654': attribute type 12 has an invalid length. [ 201.083703][ T6583] loop0: detected capacity change from 0 to 2048 [ 202.651451][ T6583] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 202.767419][ T6607] EXT4-fs error (device loop0): ext4_do_update_inode:5268: inode #12: comm syz.0.656: corrupted inode contents [ 202.888279][ T6607] EXT4-fs error (device loop0): ext4_setent:3695: inode #12: comm syz.0.656: mark_inode_dirty error [ 202.960976][ T6612] loop3: detected capacity change from 0 to 1024 [ 203.200214][ T6621] loop2: detected capacity change from 0 to 128 [ 203.869454][ T4440] hfsplus: b-tree write err: -5, ino 8 [ 203.876370][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 203.925196][ T6623] loop5: detected capacity change from 0 to 512 [ 203.998889][ T6623] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 204.021440][ T6627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.668'. [ 204.239161][ T6635] loop0: detected capacity change from 0 to 512 [ 204.337584][ T6623] EXT4-fs (loop5): 1 truncate cleaned up [ 204.424729][ T6623] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 204.455999][ T6635] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 204.465398][ T6635] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 204.485994][ T4321] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 204.540469][ T26] audit: type=1804 audit(1764200607.120:13): pid=6635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.667" name="/newroot/144/file1/file2" dev="loop0" ino=16 res=1 errno=0 [ 204.756741][ T4321] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 204.823839][ T4321] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 204.988965][ T6643] loop2: detected capacity change from 0 to 1024 [ 204.997400][ T6643] EXT4-fs: Ignoring removed nomblk_io_submit option [ 205.131496][ T6643] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 205.178041][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 205.225803][ T4321] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 205.815089][ T4321] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 205.880534][ T4321] usb 5-1: SerialNumber: syz [ 205.961115][ T6657] loop3: detected capacity change from 0 to 256 [ 205.980109][ T4321] usb 5-1: 0:2 : does not exist [ 206.038983][ T6657] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010895, chksum : 0x816c887a, utbl_chksum : 0xe619d30d) [ 206.071280][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 206.336627][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 206.352405][ T6663] loop0: detected capacity change from 0 to 16 [ 206.415377][ T6663] erofs: (device loop0): mounted with root inode @ nid 36. [ 206.422497][ T6665] loop3: detected capacity change from 0 to 512 [ 206.639057][ T6665] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 206.653633][ T6669] loop2: detected capacity change from 0 to 1024 [ 207.256744][ T6673] loop5: detected capacity change from 0 to 128 [ 207.800634][ T6665] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 207.850070][ T6665] ext4 filesystem being mounted at /129/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 207.911533][ T4307] usb 5-1: USB disconnect, device number 4 [ 208.170301][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 208.205583][ T6687] loop4: detected capacity change from 0 to 256 [ 208.238964][ T6683] loop0: detected capacity change from 0 to 2048 [ 208.319845][ T6687] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d) [ 208.717813][ T6704] loop3: detected capacity change from 0 to 1024 [ 208.757987][ T6704] EXT4-fs: Ignoring removed nomblk_io_submit option [ 208.843001][ T6707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.688'. [ 208.867096][ T6704] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 209.460583][ T128] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 209.579232][ T4314] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 210.240536][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 210.310718][ T128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 210.334801][ T128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 210.361409][ T128] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 210.383446][ T128] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 210.399872][ T128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.434849][ T6734] loop3: detected capacity change from 0 to 1024 [ 210.452072][ T128] usb 1-1: config 0 descriptor?? [ 210.457921][ T6708] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 210.480509][ T4314] usb 5-1: Using ep0 maxpacket: 16 [ 210.492044][ T4314] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.505083][ T4314] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.522292][ T4314] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 210.528771][ T22] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 210.536103][ T4314] usb 5-1: config 0 interface 0 has no altsetting 0 [ 210.571702][ T4314] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 210.600840][ T4314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.619838][ T4314] usb 5-1: config 0 descriptor?? [ 210.742195][ T22] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 210.772771][ T22] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 210.800154][ T22] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 210.828900][ T22] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 210.847548][ T22] usb 6-1: SerialNumber: syz [ 210.875332][ T22] usb 6-1: 0:2 : does not exist [ 210.910064][ T128] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd [ 210.930655][ T128] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 211.003717][ T128] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 211.220922][ T4314] usb 1-1: USB disconnect, device number 6 [ 211.308488][ T6757] fido_id[6757]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 211.318680][ T4307] usb 5-1: USB disconnect, device number 5 [ 211.546584][ T6767] loop3: detected capacity change from 0 to 1024 [ 211.578991][ T6767] EXT4-fs: Ignoring removed nomblk_io_submit option [ 211.632867][ T6767] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 212.278732][ T6777] loop5: detected capacity change from 0 to 2048 [ 212.369465][ T6777] UDF-fs: warning (device loop5): udf_fill_super: No partition found (2) [ 212.409287][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 212.575210][ T4314] usb 6-1: USB disconnect, device number 3 [ 212.592385][ T6789] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 212.622953][ T6789] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.631089][ T6789] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.831201][ T6792] loop2: detected capacity change from 0 to 1024 [ 213.243226][ T6810] loop0: detected capacity change from 0 to 1024 [ 213.250289][ T6810] EXT4-fs: Ignoring removed nomblk_io_submit option [ 213.472314][ T22] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 213.505337][ T6815] loop3: detected capacity change from 0 to 1024 [ 213.522977][ T6810] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 213.577781][ T6815] EXT4-fs: Ignoring removed nomblk_io_submit option [ 213.664483][ T22] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 213.667522][ T6815] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 213.677839][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.701873][ T22] usb 3-1: Product: syz [ 213.709257][ T22] usb 3-1: Manufacturer: syz [ 213.719207][ T22] usb 3-1: SerialNumber: syz [ 213.731379][ T22] usb 3-1: config 0 descriptor?? [ 213.743193][ T22] ch341 3-1:0.0: ch341-uart converter detected [ 214.035159][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 214.113113][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 214.237072][ T6831] loop5: detected capacity change from 0 to 128 [ 214.367626][ T4279] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 214.694363][ T6840] netlink: 'syz.0.722': attribute type 29 has an invalid length. [ 215.129995][ T22] usb 3-1: ch341-uart converter now attached to ttyUSB0 [ 215.409091][ T4314] usb 3-1: USB disconnect, device number 9 [ 215.628375][ T4314] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 215.837106][ T4314] ch341 3-1:0.0: device disconnected [ 216.710549][ T4307] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 216.896000][ T6865] loop2: detected capacity change from 0 to 512 [ 216.926138][ T4307] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 217.020508][ T4307] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 217.058257][ T6865] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 217.223755][ T6865] EXT4-fs (loop2): invalid journal inode [ 217.290201][ T4307] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 217.346542][ T6865] EXT4-fs (loop2): can't get journal size [ 217.469815][ T4307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 217.503440][ T6871] loop5: detected capacity change from 0 to 1024 [ 217.518911][ T6865] EXT4-fs (loop2): 1 truncate cleaned up [ 217.537405][ T6871] EXT4-fs: Ignoring removed nomblk_io_submit option [ 217.549151][ T4307] usb 1-1: SerialNumber: syz [ 217.556699][ T6865] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 217.578422][ T6871] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 217.603923][ T6865] EXT4-fs warning (device loop2): verify_group_input:151: Cannot add at group 9 (only 1 groups) [ 217.619477][ T4307] usb 1-1: 0:2 : does not exist [ 217.764125][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 218.500081][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 218.938453][ T6897] loop0: detected capacity change from 0 to 2048 [ 218.953729][ T6908] loop2: detected capacity change from 0 to 512 [ 218.984230][ T6897] UDF-fs: warning (device loop0): udf_fill_super: No partition found (2) [ 219.045913][ T6908] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 219.067583][ T6908] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 219.162433][ T6908] EXT4-fs (loop2): orphan cleanup on readonly fs [ 219.240768][ T6908] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 219.261253][ T6908] EXT4-fs warning (device loop2): ext4_enable_quotas:7061: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 219.336637][ T6908] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 219.361327][ T6908] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.736: bg 0: block 40: padding at end of block bitmap is not set [ 219.466695][ T6908] EXT4-fs (loop2): Remounting filesystem read-only [ 219.480619][ T6908] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 219.530735][ T6908] EXT4-fs (loop2): Remounting filesystem read-only [ 219.538150][ T6908] EXT4-fs (loop2): 1 truncate cleaned up [ 219.564788][ T6908] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 219.613267][ T4307] usb 1-1: USB disconnect, device number 7 [ 219.654752][ T6908] EXT4-fs (loop2): shut down requested (2) [ 219.776316][ T6935] loop5: detected capacity change from 0 to 8192 [ 219.814320][ T6938] loop3: detected capacity change from 0 to 256 [ 219.932602][ T6938] binfmt_misc: register: failed to install interpreter file ./file0 [ 220.063598][ T6943] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 220.069814][ T6943] pim6reg0: linktype set to 769 [ 222.313593][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 223.102914][ T6968] loop4: detected capacity change from 0 to 256 [ 223.196462][ T6968] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 223.215598][ T6971] loop2: detected capacity change from 0 to 1024 [ 223.233753][ T6976] loop0: detected capacity change from 0 to 512 [ 223.269790][ T6968] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 223.289300][ T6971] EXT4-fs: Ignoring removed nomblk_io_submit option [ 223.299306][ T6976] EXT4-fs (loop0): Test dummy encryption mode enabled [ 223.346410][ T6976] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 223.352226][ T6968] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 223.409859][ T6976] EXT4-fs (loop0): 1 truncate cleaned up [ 223.424188][ T6978] loop5: detected capacity change from 0 to 1024 [ 223.472780][ T6971] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 223.505695][ T6976] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 223.583874][ T6978] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 223.640562][ T6978] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.705429][ T6978] EXT4-fs error (device loop5): ext4_lookup:1858: inode #15: comm syz.5.754: inode has both inline data and extents flags [ 223.889139][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 223.925644][ T7006] loop3: detected capacity change from 0 to 256 [ 224.017796][ T6976] fscrypt (loop0): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 224.062375][ T7003] loop4: detected capacity change from 0 to 4096 [ 224.079987][ T6997] fscrypt (loop0): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 224.475669][ T7003] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 224.629978][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 225.024007][ T7029] loop5: detected capacity change from 0 to 1024 [ 225.038945][ T7029] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 225.049993][ T7029] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 225.073084][ T7029] EXT4-fs error (device loop5): ext4_ext_check_inode:520: inode #3: comm syz.5.762: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 225.092736][ T7029] EXT4-fs (loop5): no journal found [ 225.098247][ T7029] EXT4-fs (loop5): can't get journal size [ 225.133601][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 225.214113][ T7029] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 225.646386][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 226.707090][ T7047] loop3: detected capacity change from 0 to 512 [ 227.033441][ T7047] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 227.042806][ T7047] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.376178][ T7053] loop0: detected capacity change from 0 to 16 [ 227.401054][ T4262] EXT4-fs (loop3): unmounting filesystem. [ 227.411033][ T7053] erofs: (device loop0): mounted with root inode @ nid 36. [ 227.445387][ T7056] xt_policy: neither incoming nor outgoing policy selected [ 227.486199][ T7053] syz.0.766: attempt to access beyond end of device [ 227.486199][ T7053] loop0: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 227.539435][ T7053] syz.0.766: attempt to access beyond end of device [ 227.539435][ T7053] loop0: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 227.785792][ T7064] loop2: detected capacity change from 0 to 1024 [ 227.811140][ T7064] EXT4-fs: Ignoring removed nomblk_io_submit option [ 227.906163][ T7064] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 227.926337][ T7076] loop5: detected capacity change from 0 to 16 [ 228.010651][ T7076] erofs: (device loop5): mounted with root inode @ nid 36. [ 228.134733][ T7066] kvm [7065]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x91ed [ 229.140070][ T7093] loop3: detected capacity change from 0 to 128 [ 229.162170][ T7093] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 229.373080][ T7093] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 229.639781][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 229.971362][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 230.020355][ T7101] loop5: detected capacity change from 0 to 256 [ 230.039331][ T5833] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 230.289234][ T7108] loop0: detected capacity change from 0 to 512 [ 230.414961][ T7106] xt_policy: neither incoming nor outgoing policy selected [ 230.543462][ T7108] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 230.552826][ T7108] ext4 filesystem being mounted at /163/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 230.949279][ T4314] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 230.972841][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 231.050299][ T7116] loop4: detected capacity change from 0 to 2048 [ 231.139621][ T7116] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 231.162833][ T4314] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 231.210216][ T4314] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 231.406465][ T4314] usb 3-1: config 1 has no interface number 0 [ 231.416070][ T4314] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 231.427327][ T4314] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 231.438404][ T4314] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 231.481751][ T4314] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 231.575117][ T4314] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.677255][ T4314] usb 3-1: Product: syz [ 231.729443][ T4314] usb 3-1: Manufacturer: syz [ 231.792163][ T4314] usb 3-1: SerialNumber: syz [ 231.879215][ T7139] loop5: detected capacity change from 0 to 4096 [ 231.918414][ T7099] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 231.930739][ T7139] EXT4-fs (loop5): Test dummy encryption mode enabled [ 232.141116][ T7143] loop0: detected capacity change from 0 to 512 [ 232.149284][ T7143] EXT4-fs (loop0): Test dummy encryption mode enabled [ 232.164192][ T7143] EXT4-fs (loop0): can't mount with data_err=abort, fs mounted w/o journal [ 232.164199][ T7139] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 232.164272][ T7139] System zones: 0-5 [ 232.285975][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 232.342575][ T7139] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 232.408758][ T7099] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 232.873621][ T7139] Quota error (device loop5): do_check_range: Getting block 1024 out of range 0-5 [ 233.021675][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 233.177741][ T4314] cdc_ncm 3-1:1.1: bind() failure [ 234.150226][ T7166] loop0: detected capacity change from 0 to 512 [ 234.209763][ T7159] loop3: detected capacity change from 0 to 128 [ 234.412267][ T7166] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 234.421831][ T7166] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.679785][ T4321] usb 3-1: USB disconnect, device number 10 [ 234.745426][ T7171] loop4: detected capacity change from 0 to 512 [ 234.782410][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 234.793546][ T7171] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 234.830618][ T6652] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 234.876025][ T7171] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 235.040469][ T7171] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.795: bg 0: block 248: padding at end of block bitmap is not set [ 235.163280][ T7177] loop0: detected capacity change from 0 to 1764 [ 235.181560][ T7171] Quota error (device loop4): write_blk: dquota write failed [ 235.189025][ T7171] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 235.207706][ T7171] EXT4-fs error (device loop4): ext4_acquire_dquot:6809: comm syz.4.795: Failed to acquire dquot type 1 [ 235.215069][ T7182] loop3: detected capacity change from 0 to 128 [ 235.249828][ T7171] EXT4-fs (loop4): 1 truncate cleaned up [ 235.249857][ T7185] capability: warning: `syz.2.798' uses deprecated v2 capabilities in a way that may be insecure [ 235.255891][ T7171] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 235.275600][ T7182] FAT-fs (loop3): bogus number of reserved sectors [ 235.310452][ T7182] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 235.319764][ T7182] FAT-fs (loop3): Can't find a valid FAT filesystem [ 235.585019][ T4261] EXT4-fs (loop4): unmounting filesystem. [ 235.688742][ T7195] loop5: detected capacity change from 0 to 256 [ 236.222037][ T7192] loop0: detected capacity change from 0 to 1024 [ 236.231019][ T7192] EXT4-fs: Ignoring removed orlov option [ 236.373879][ T7192] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 236.396841][ T7192] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.120478][ T7192] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.801: inode has both inline data and extents flags [ 237.197319][ T7209] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.801: inode has both inline data and extents flags [ 237.415579][ T7218] loop2: detected capacity change from 0 to 512 [ 237.850692][ T7218] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 237.860087][ T7218] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.955695][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 238.212179][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 238.476913][ T7239] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 239.180562][ T7249] binder: 7240:7249 ioctl 4018620d 0 returned -22 [ 240.389195][ T7264] loop4: detected capacity change from 0 to 256 [ 240.963886][ T4255] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 242.766814][ T7292] loop2: detected capacity change from 0 to 2048 [ 243.415304][ T7301] loop4: detected capacity change from 0 to 128 [ 243.898653][ T7292] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 244.118860][ T26] audit: type=1804 audit(1764200654.706:14): pid=7292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.828" name="/newroot/163/bus/bus" dev="loop2" ino=18 res=1 errno=0 [ 244.533643][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 245.218225][ T7336] loop0: detected capacity change from 0 to 8192 [ 246.701700][ T7336] FAT-fs (loop0): error, clusters badly computed (2 != 1) [ 246.720614][ T7336] FAT-fs (loop0): Filesystem has been set read-only [ 248.579382][ T7364] loop5: detected capacity change from 0 to 128 [ 250.000141][ T7372] loop5: detected capacity change from 0 to 4096 [ 250.188126][ T7372] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 251.469754][ T5895] EXT4-fs (loop5): unmounting filesystem. [ 251.708248][ T7388] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.715942][ T7388] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.976837][ T7412] loop2: detected capacity change from 0 to 2048 [ 252.990546][ T7412] UDF-fs: bad mount option "gid=¯á0 [ 314.731975][ T5881] dump_stack_lvl+0x168/0x22e [ 314.736663][ T5881] ? __lock_acquire+0x7c50/0x7c50 [ 314.741697][ T5881] ? show_regs_print_info+0x12/0x12 [ 314.746915][ T5881] ? load_image+0x3b0/0x3b0 [ 314.751428][ T5881] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 314.756815][ T5881] ? __virt_addr_valid+0x188/0x540 [ 314.761934][ T5881] ? __virt_addr_valid+0x465/0x540 [ 314.767060][ T5881] ? __mutex_lock+0x56e/0xaf0 [ 314.771744][ T5881] print_report+0xa8/0x210 [ 314.776164][ T5881] kasan_report+0x10b/0x140 [ 314.780677][ T5881] ? __mutex_lock+0x56e/0xaf0 [ 314.785355][ T5881] __mutex_lock+0x56e/0xaf0 [ 314.789845][ T5881] ? __mutex_lock+0x3a5/0xaf0 [ 314.794510][ T5881] ? l2cap_unregister_user+0x66/0x1a0 [ 314.799870][ T5881] ? mutex_lock_nested+0x10/0x10 [ 314.804795][ T5881] ? __wake_up+0x11b/0x190 [ 314.809198][ T5881] ? __wake_up_bit+0x1e0/0x1e0 [ 314.813949][ T5881] ? _raw_spin_unlock+0x40/0x40 [ 314.818789][ T5881] l2cap_unregister_user+0x66/0x1a0 [ 314.823973][ T5881] hidp_session_thread+0x3c4/0x400 [ 314.829067][ T5881] ? hidp_session_get+0x80/0x80 [ 314.833904][ T5881] ? hidp_session_thread+0x400/0x400 [ 314.839170][ T5881] ? _raw_spin_unlock+0x40/0x40 [ 314.844004][ T5881] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 314.849890][ T5881] ? hidp_session_thread+0x400/0x400 [ 314.855181][ T5881] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 314.861060][ T5881] ? __kthread_parkme+0x162/0x1c0 [ 314.866074][ T5881] kthread+0x29d/0x330 [ 314.870126][ T5881] ? hidp_session_get+0x80/0x80 [ 314.874961][ T5881] ? kthread_blkcg+0xd0/0xd0 [ 314.879535][ T5881] ret_from_fork+0x1f/0x30 [ 314.883948][ T5881] [ 314.886950][ T5881] [ 314.889254][ T5881] Allocated by task 4273: [ 314.893562][ T5881] kasan_set_track+0x4b/0x70 [ 314.898135][ T5881] __kasan_kmalloc+0x8e/0xa0 [ 314.902708][ T5881] __kmalloc+0xb0/0x240 [ 314.906848][ T5881] hci_alloc_dev_priv+0x23/0x1d20 [ 314.911869][ T5881] vhci_create_device+0x13b/0x740 [ 314.916882][ T5881] vhci_write+0x39a/0x460 [ 314.921194][ T5881] vfs_write+0x44c/0x960 [ 314.925421][ T5881] ksys_write+0x143/0x240 [ 314.929735][ T5881] do_syscall_64+0x4c/0xa0 [ 314.934133][ T5881] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 314.940007][ T5881] [ 314.942310][ T5881] Freed by task 7407: [ 314.946268][ T5881] kasan_set_track+0x4b/0x70 [ 314.950842][ T5881] kasan_save_free_info+0x2d/0x50 [ 314.955855][ T5881] ____kasan_slab_free+0x126/0x1e0 [ 314.960953][ T5881] slab_free_freelist_hook+0x131/0x1a0 [ 314.966392][ T5881] __kmem_cache_free+0xb6/0x1f0 [ 314.971220][ T5881] bt_host_release+0x7e/0x90 [ 314.975793][ T5881] device_release+0x92/0x1c0 [ 314.980381][ T5881] kobject_put+0x21d/0x460 [ 314.984799][ T5881] vhci_release+0x87/0xd0 [ 314.989122][ T5881] __fput+0x22c/0x920 [ 314.993091][ T5881] task_work_run+0x1ca/0x250 [ 314.997681][ T5881] do_exit+0x93e/0x2400 [ 315.001858][ T5881] do_group_exit+0x217/0x2d0 [ 315.006438][ T5881] get_signal+0x1272/0x1350 [ 315.010930][ T5881] arch_do_signal_or_restart+0xb7/0x1240 [ 315.016547][ T5881] exit_to_user_mode_loop+0x70/0x110 [ 315.021817][ T5881] exit_to_user_mode_prepare+0xee/0x180 [ 315.027349][ T5881] syscall_exit_to_user_mode+0x16/0x40 [ 315.032798][ T5881] do_syscall_64+0x58/0xa0 [ 315.037201][ T5881] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 315.043083][ T5881] [ 315.045392][ T5881] Last potentially related work creation: [ 315.051087][ T5881] kasan_save_stack+0x3a/0x60 [ 315.055749][ T5881] __kasan_record_aux_stack+0xb2/0xc0 [ 315.061107][ T5881] insert_work+0x54/0x3c0 [ 315.065420][ T5881] __queue_work+0xba3/0xfb0 [ 315.069907][ T5881] queue_work_on+0x11d/0x1d0 [ 315.074482][ T5881] process_one_work+0x898/0x1160 [ 315.079400][ T5881] worker_thread+0xaa2/0x1250 [ 315.084057][ T5881] kthread+0x29d/0x330 [ 315.088113][ T5881] ret_from_fork+0x1f/0x30 [ 315.092514][ T5881] [ 315.094819][ T5881] Second to last potentially related work creation: [ 315.101381][ T5881] kasan_save_stack+0x3a/0x60 [ 315.106069][ T5881] __kasan_record_aux_stack+0xb2/0xc0 [ 315.111427][ T5881] insert_work+0x54/0x3c0 [ 315.115740][ T5881] __queue_work+0xba3/0xfb0 [ 315.120226][ T5881] call_timer_fn+0x1a0/0x670 [ 315.124797][ T5881] __run_timers+0x554/0x7d0 [ 315.129282][ T5881] run_timer_softirq+0x63/0xf0 [ 315.134032][ T5881] handle_softirqs+0x2a1/0x920 [ 315.138782][ T5881] __irq_exit_rcu+0x12f/0x220 [ 315.143454][ T5881] irq_exit_rcu+0x5/0x20 [ 315.147691][ T5881] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 315.153312][ T5881] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 315.159277][ T5881] [ 315.161589][ T5881] The buggy address belongs to the object at ffff88802ff8c000 [ 315.161589][ T5881] which belongs to the cache kmalloc-8k of size 8192 [ 315.175642][ T5881] The buggy address is located 96 bytes inside of [ 315.175642][ T5881] 8192-byte region [ffff88802ff8c000, ffff88802ff8e000) [ 315.188908][ T5881] [ 315.191218][ T5881] The buggy address belongs to the physical page: [ 315.197619][ T5881] page:ffffea0000bfe200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ff88 [ 315.207750][ T5881] head:ffffea0000bfe200 order:3 compound_mapcount:0 compound_pincount:0 [ 315.216057][ T5881] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 315.224034][ T5881] raw: 00fff00000010200 ffffea0001427600 dead000000000003 ffff888017442280 [ 315.232602][ T5881] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 315.241160][ T5881] page dumped because: kasan: bad access detected [ 315.247556][ T5881] page_owner tracks the page as allocated [ 315.253247][ T5881] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4263, tgid 4263 (syz-executor), ts 55743282998, free_ts 55273239462 [ 315.274584][ T5881] post_alloc_hook+0x173/0x1a0 [ 315.279335][ T5881] get_page_from_freelist+0x1a26/0x1ac0 [ 315.284867][ T5881] __alloc_pages+0x1df/0x4e0 [ 315.289441][ T5881] alloc_slab_page+0x5d/0x160 [ 315.294097][ T5881] new_slab+0x87/0x2c0 [ 315.298145][ T5881] ___slab_alloc+0xbc6/0x1230 [ 315.302801][ T5881] __kmem_cache_alloc_node+0x1a0/0x260 [ 315.308242][ T5881] __kmalloc+0xa0/0x240 [ 315.312382][ T5881] hci_alloc_dev_priv+0x23/0x1d20 [ 315.317390][ T5881] vhci_create_device+0x13b/0x740 [ 315.322399][ T5881] vhci_write+0x39a/0x460 [ 315.326711][ T5881] vfs_write+0x44c/0x960 [ 315.330938][ T5881] ksys_write+0x143/0x240 [ 315.335249][ T5881] do_syscall_64+0x4c/0xa0 [ 315.339647][ T5881] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 315.345524][ T5881] page last free stack trace: [ 315.350175][ T5881] free_unref_page_prepare+0x8b4/0x9a0 [ 315.355618][ T5881] free_unref_page+0x2e/0x3f0 [ 315.360279][ T5881] skb_release_data+0x499/0x7c0 [ 315.365115][ T5881] napi_consume_skb+0x12f/0x1d0 [ 315.369952][ T5881] net_rx_action+0x3d8/0xad0 [ 315.374526][ T5881] handle_softirqs+0x2a1/0x920 [ 315.379277][ T5881] __irq_exit_rcu+0x12f/0x220 [ 315.383942][ T5881] irq_exit_rcu+0x5/0x20 [ 315.388169][ T5881] common_interrupt+0xb5/0xd0 [ 315.392830][ T5881] asm_common_interrupt+0x22/0x40 [ 315.397870][ T5881] [ 315.400182][ T5881] Memory state around the buggy address: [ 315.405803][ T5881] ffff88802ff8bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.413858][ T5881] ffff88802ff8bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.421906][ T5881] >ffff88802ff8c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 315.429946][ T5881] ^ [ 315.437117][ T5881] ffff88802ff8c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 315.445157][ T5881] ffff88802ff8c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 315.453198][ T5881] ================================================================== [ 315.462096][ T5881] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 315.469307][ T5881] CPU: 1 PID: 5881 Comm: khidpd_16c25505 Not tainted syzkaller #0 [ 315.477118][ T5881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 315.487175][ T5881] Call Trace: [ 315.490456][ T5881] [ 315.493391][ T5881] dump_stack_lvl+0x168/0x22e [ 315.498076][ T5881] ? memcpy+0x3c/0x60 [ 315.502067][ T5881] ? show_regs_print_info+0x12/0x12 [ 315.507282][ T5881] ? load_image+0x3b0/0x3b0 [ 315.511800][ T5881] panic+0x2c9/0x710 [ 315.512460][ T8196] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 315.524106][ T5881] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 315.530276][ T5881] ? bpf_jit_dump+0xd0/0xd0 [ 315.534792][ T5881] ? _raw_spin_unlock_irqrestore+0xa5/0x100 [ 315.540725][ T5881] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 315.546629][ T5881] ? _raw_spin_unlock+0x40/0x40 [ 315.551494][ T5881] check_panic_on_warn+0x80/0xa0 [ 315.556443][ T5881] ? __mutex_lock+0x56e/0xaf0 [ 315.561126][ T5881] end_report+0x66/0x110 [ 315.565380][ T5881] kasan_report+0x118/0x140 [ 315.569893][ T5881] ? __mutex_lock+0x56e/0xaf0 [ 315.574577][ T5881] __mutex_lock+0x56e/0xaf0 [ 315.579088][ T5881] ? __mutex_lock+0x3a5/0xaf0 [ 315.583768][ T5881] ? l2cap_unregister_user+0x66/0x1a0 [ 315.589153][ T5881] ? mutex_lock_nested+0x10/0x10 [ 315.594092][ T5881] ? __wake_up+0x11b/0x190 [ 315.598515][ T5881] ? __wake_up_bit+0x1e0/0x1e0 [ 315.603291][ T5881] ? _raw_spin_unlock+0x40/0x40 [ 315.608149][ T5881] l2cap_unregister_user+0x66/0x1a0 [ 315.613353][ T5881] hidp_session_thread+0x3c4/0x400 [ 315.618470][ T5881] ? hidp_session_get+0x80/0x80 [ 315.623326][ T5881] ? hidp_session_thread+0x400/0x400 [ 315.628615][ T5881] ? _raw_spin_unlock+0x40/0x40 [ 315.633473][ T5881] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 315.639375][ T5881] ? hidp_session_thread+0x400/0x400 [ 315.644663][ T5881] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 315.650564][ T5881] ? __kthread_parkme+0x162/0x1c0 [ 315.655601][ T5881] kthread+0x29d/0x330 [ 315.659680][ T5881] ? hidp_session_get+0x80/0x80 [ 315.664537][ T5881] ? kthread_blkcg+0xd0/0xd0 [ 315.669122][ T5881] ret_from_fork+0x1f/0x30 [ 315.673530][ T5881] [ 315.676766][ T5881] Kernel Offset: disabled [ 315.681082][ T5881] Rebooting in 86400 seconds..