last executing test programs: 1m34.986751711s ago: executing program 0 (id=898): r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x0) r1 = dup(r0) write$binfmt_elf32(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c464a030103ff0700000000000002000300040000003e03000038000000d600000097700000fe032000010007000c0007000000000003"], 0x58) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 1m34.759666386s ago: executing program 0 (id=901): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x9, 0x0, 0x81, 0xfffffff9, 0xa}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000001, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) remap_file_pages(&(0x7f0000603000/0x3000)=nil, 0x3000, 0x0, 0x4, 0x1) 1m33.610370653s ago: executing program 0 (id=905): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000003000)={0x3c, r0, 0x801, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "1d9d000600"}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0b}]}]}, 0x3c}}, 0x0) 1m33.387615933s ago: executing program 0 (id=909): socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000100)={[{@utf8}, {@gid}, {}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@errors_remount}, {@namecase}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@errors_remount}]}, 0x1, 0x152b, &(0x7f0000000a00)="$eJzs3AmYjtXbAPD7Puc8Y0zS2yTLcM65H95kOSZJsiTJkiRJkmRLSJrkLwmJIVvSkIRkGZJlCMkyMWns+74kJEmTJCHZkvNdir/66r8vvuub+3ddzzXnfs9zn+c87/0+8yyzfNN5SI1GNas2ICL4l+AvX5IBIBYABgDANQAQAEDZ+LLxF/pzSkz+1zbC/r0eSrvSM2BXEtc/e+P6Z29c/+yN65+9cf2zN65/9sb1z964/oxlZ5umFbiWl+y78PP/7IzP//+PZJUa88WaUtd3AYj5e1O4/tkb1///reDvWYnrn71x/bOr2Cs9AfZ/AB//2UGOv9jD9c/euP6MZWdX+vnzf36Rf7UfItnhPfgr+88YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjP0XnPaXKQC41L7S82KMMcYYY4wxxti/j89xpWfAGGOMMcYYY4yx/zwEARIUBBADOSAWckIcCAC4GnLDNRCBayEeroM8cD3khXyQHwpAAhSEQqDBgAWCEApDEYjCDVAUboRiUBxKQElwUAoS4SYoDTdDGbgFysKtUA5ug/JQASpCJbgdKsMdUAXuhKpwF1SD6lADasLdUAvugdpwL9SB+6Au3A/14AGoDw9CA3gIGsLD0AgegcbwKDSBptAMmkOLfyr/BegOL0IP6AnJ0At6w0vQB/pCP+gPA+BlGAivwCB4FVJgMAyB12AovA7D4A0YDiNgJLwJo+AtGA1jYCyMg1QYDxPgbZgI78AkmAxTYCqkwTSYDu/CDJgJs+A9mA3vwxyYC/NgPqTDB7AAFkIGfAiL4CPIhMWwBJbCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A474GPYCZ/ALtgNe/5cv38k/9Sv8j+FvdAFAQEFClSoMAZjMBZjMQ7jMBfmwtyYGyMYwXiMxzyYB/NiXsyP+TEBE7AQFkKDBgkJC2NhjGIUi2JRLIbFsASWQIcOEzERS+PNWAbLYFksi+WwHJbHClgBK2ElrIyVsQpWwapYFathNayBNfBuvBt7YW2sjXWwDtbFupceT2EDbIANsSE2wkbYGBtjE2yCzbAZtsAW2BJbYitshW2wDbbFttgO22ESJmF7bI8dsAN2xI7YCTthZ+yMXbArds16IQfgi/gi9sRqohf2xt7YB1Ny9MP+2B9fxoH4Cr6Cr2IKDsYh+Bq+hq/jMDyJw3EEjsSRWFm8haNxDJIYh6mYihNwAk7EiTgJJ+NknIppOA2n43ScgTNxJr6Hs/F9fB/n4lycj+mYjgtwIWZgBi7CU5iJi3EJLsVluByX4UpchStxDa7FNbge1+NG3IibcTNuxa24Hbfjx6gA8BPcjbsxBffiXtyH+3A/7scDeACzMAsP4kE8hIfwMB7GI3gEj+IxPI7H8ASewJN4Ck/jaTyLZ/EcPpfwVcOPi69OAXGBEkrEiBgRK2JFnIgTuUQukVvkFhEREfEiXuQReURekVfkF/lFgkgQhUQhYYQRJMIYABBRERVFRVFRTBQTJUQJ4YQTiSJRlBalRRlRRpQVt4py4jZRXlQQrV0lUUlUFm1cFXGnqCqqimqiuqghaoqaopaoJWqL2qKOqCPqirqinnhA1Be9sB8+JC5UppEYjI3FEGwimgp58QhoKYZhK9FatBFPiBE4HNuJli5JPC3ai9HYQfxJjMFnRScxDjuL50UX0VV0Ey+I7qKV6yF6iknYS/QWU7GP6Cv6if5iBlYX7+HsnDXEqyJFDBZDxGtiPr4uhok3xHAxQowUb4pR4i0xWowRY8U4kSrGiwnibTFRvCMmicliipgq0sQ0MV28K2aImWKWeE/MFu+LOWKumCfmi3TxgVggFooM8aFYJD4SmWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrvYIT4WO8UnYpfYLfaIT8Ve8ZnYJz4X+8UX4oD4UmSJr8RB8bU4JL4Rh8W34oj4ThwVx8Rx8b04IX4QJ8UpcVqcEWfFj+Kc+EmcF16ARCmklEoGMkbmkLEyp4yTV8lcMrj47l4r4+V1Mo+8XuaV+WR+WUAmyIKykNTSSCtJhrKwLCKj8gZZVN4oi8nisoQsKZ0sJRPlTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiv2yjmqwua8ia8m6ZDPfI2vJeWUfeJ+vK+2U9+YCsLx+UDeRDsqF8WDaSj8jG8lHZRDaVzWRz2UI+JlvKx2Ur2Vq2kU/ItvJJ2U4+JZPk07K99Bc/Is/KTvI52Vk+L7vIrrKb/Emel172kD0l9ALZW74k+8i+sp/sLwfIl+VA+YocJF+VKXKwHCJfk0Pl63KYfEMOlyPkSPmmHCXfkqPlGDlWjpOpcrycIN+WE+U7cpKcLKfIqTJNTpP9Lo40S8q/mf/2r/MvnHrlNDno561vlJvkZrlFbpXb5Ha5Q34sd8qdcpfcJffIPXKv3Cv3yX1yv9wvD8gDMktmyYPyoDwkD8nD8rA8Io/Io/KYPCO/lyfkD/KkPCVPyTPyrDwrz118D0ChEkoqpQIVo3KoWJVTxamrVC51tcqtrlERda2KV9epPOp6lVflU/lVAZWgCqpCSiujrCIVqsKqiIqqG/DiB0aVUCWVU6VUorrpH8lXRdWNqpgq/pv8S/NL/gvza6FaqJaqpWqlWqk2qo1qq9qqdqqdSlJJqr1qrzqoDqqj6qg6qU6qs+qsuqguqpvqprqr7qqH6qGSVbLqrV5SfVRf1U/1VwPUy2qgGqgGqUEqRaWoIWqIGqqGqmFqmBquhquRaqQapUap0Wq0GqvGqlSVqiaoCWqimqgmqUlqipqi0lSamq6mqxlqhpqlZqnZaraao+aoeWqeSlfpaoFaoDJUhlqkFqlMtVgtVkvVUrVcLVcr1Uq1Wq1Wa9VatV6tV5lqk9qktqgtapvapnaoHWqn2ql2qV1qj9qj9qq9ap/ap/ar/eqAOqCyVJY6qA6qQ+qQOqwOqyPqiDqqjqrj6rg6oU6ok+qkOq1Oq7PqrDqnzqnz6ryCQIAIRKACFcQEMUFsEBvEBXFBriBXkDvIHUSCSBAfxAd5guuDvEG+IH9QIEgICgaFAh2YwAbiYtGjwQ1B0eDGoFhQPCgRlAxcUCpIDG4KSgc3B2WCW4Kywa1BueC2oHxQIagYVApuDyoHdwRVgjuDqsFdQbWgelAjqBncHdQK7glqB/cGdYL7grrB/UG94IGgfvBg0CB4KGgYPBw0Ch4JGgePBk2CpkGzoHnQ4t86vvcn8z3ueuieOln30r31S7qP7qv76f56gH5ZD9Sv6EH6VZ2iB+sh+jU9VL+uh+k39HA9Qo/Ub+pR+i09Wo/RY/U4narH6wn6bT1Rv6Mn6cl6ip6q0/Q0PV2/q2fomXqWfk/P1u/rOXqunqfn63T9gV6gF+oM/aFepD/SmXqxXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoT/WO/UnepferffoT/Ve/Znepz/X+/UX+oD+Umfpr/RB/bU+pL/Rh/W3+oj+Th/Vx/Rx/b0+oX/QJ/UpfVqf0Wf1j/qc/kmf1/7Cxf2F07tRRpkYE2NiTayJM3Eml8llcpvcJmIiJt7Emzwmj8lr8pr8Jr9JMAmmkClkLiBDprApbKImaoqaoqaYKWZKmBLGGWcSTaIpbUqbMqaMKWvKmnKmnClvypuKpqK53dxu7jB3mDvNneYuc5epbqqbmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYZqaZaWFamJampWllWpk2po1pa9qadqadSTJJpr1pbzqYDqaj6Wg6mU6ms+lsupguppvpZrqb7qaH6WGSTbLpbXqbPqaP6Wf6mQFmgBloBppBZpBJMSlmiBlihpqhZpgZZoabEWbkhQtV85YZbcaYsWacSTWpZoKZYCaaiWaSmWSmmCkmzaSZ6Wa6mWFmmFlmlpltZps5Zo6ZZ+aZdJNuFpgFJsNkmEVmkck0mWaJWWKWmWVmhVlhVplVZo1ZY9bBOrPBbDCbzCazxWwx28w2s8PsMDvNTrPL7DJ7zB6z1+w1+8w+s9/sNwfMAZNlssxBc9AcMofMYXPYHDFHzFFz1Bw3x80Jc8KcNCfNaXPanDX5Lp4vvYm1OW2cvcrmslfb3PYa+7/j/LaATbAFbSGrbV6b7zexsdYWs8VtCVvSOlvKJtqbfheXtxVsRVvJ3m4r2ztsld/Ftew9tra919ax99ma9u7fxHXt/baefcTWRwSwTW1D29w2so/YxvZR28Q2tc1sc9vWPmnb2adskn3atrfP/C5eYBfaVXa1XWPX2l12tz1tz9hD9ht71v5oe9iedoB92Q60r9hB9lWbYgf/Lh5p37Sj7Ft2tB1jx9pxv4un2Kk2zU6z0+27doad+bs43X5gZ9sMO8fOtfPs/J/jC3PKsB/aRfYjm2kDWGKX2mV2uV1hV/55rkvtervBbrQ77Sd2i91qt9ntdselC2G72+6xn9q99jN70H5t99sv7AF72GbZr36OL+zfYfutPWK/s0ftMXvcfm9P2B/UpewL+/69/cmet94CIQFJUhRQDOWgWMpJcXQV5aKrKTddQxG6luLpOspD11Neykf5qQAlUEEqRJoMWSIKqTAVoSjdQJemV4JKkqNSlEg3UWm6mcrQLVSWbqVydBuVpwpUkSrR7VSZ7qAqdCdVpbuoGlWnGlST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pkepCTWlZtScWtBj1JIep1bUmtrQE9SWnqR29BQl0dPUnp6hDvQn6kjPUid6jjrT89SFulI3eoG604vUg3pSMvWi3vQS9aG+1I/60wB6mQbSKzSIXqUUGkxD6DUaSq/TMHqDhtMIGklv0ih6i0bTGBpL4yiVxtMEepsm0js0iSbTFJpKaTSNptO7NINm0ix6j2bT+zSH5tI8mk/p9AEtoIWUQR/SIvqIMmkxLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDvqYdtIntIt20x76lPbSZ7SPPqf99AUdoC8pi76ig/Q1HaJv6DB963vSd3SUjtFx+p5O0A90kk7RaTpDZ+lHOkc/0XnyBCGGIpShCoMwJswRxoY5w7jwqjBXeHWYO7wmjITXhvHhdWGe8Powb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGwxvCouGNYbGweFgiLBm6sFSYGN4Ulg5vDsuEt4Rlw1vDcuFtYfmwQvjIfZXC28PK4R1hlfDOsGp4V1gtrB7WCGuGd4e1wnvC2uG9YZ3wvrBMeH9YL3wgrB8+GDYIHwobhg+HjcJHwsbho2GTsGnYLGwetggfC1uGj4etwtZhm/CJsG34ZNgufCpMCp8O24fP/Nx//8K/3J8c9gp7hy+FL4Xe3yvnRedH06MfRBdEF0Yzoh9GF0U/imZGF0eXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGva+ZAxw64aRTLnAxLoeLdTldnLvK5XJXu9zuGhdx17p4d53L4653eV0+l98VcAmuoCvktDPOOnKhK+yKuKi7wRV1N7pirrgr4Uo650q5RNfctXAtXEv3uGvlWrs27gn3hHvSPemeck+5p11794zr4P7kOrpnXSf3nHvOPe+6uK6um3vBdXfjc/9yTCa73q636+P6uH6unxvgBriBbqAb5Aa5FJfihrghbqgb6oa5YW64G+5GupFulBvlRrvRbqwb61JdqpvgJriJbqKb5Ca5KW6KS3Npbrqb7ma4Ga7yzF+2MsfNcfPcPJfu0t0Cd+GaMcMtcotcpst0S9wSt8wtcyvcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXM73A630+10u/w1vwzq9rp9bp/b7/a7A+5Ll+W+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZcaGR+ZEHk7MjHyTmRSZHJkSmRqJC0yLTI98m5kRmRmZFbkvcjsyPuROZG5kXmR+ZH0yAeRBZGFkYzIh5FFkY8imZHFkSWRpZFlkeUR7wtuCX1hX8RH/Q2+qL/RF/PFfQlf0jtfyif6m3xpf7Mv42/xZf2tvpy/zZf3FXxF/6hv4pv6Zr65b+Ef8y39476Vb+3b+Cd8W/+kb+ef8kn+ad/eP+M7+D/5jv5Z38k/5zv7530X39V38y/47v5F38P39Mm+l+/tX/J9fF/fz/f3A/zLfqB/xQ/yr/oUP9gP8a/5of51P8y/4Yf7EX5kzJt+1KVbZBjnU/14P8G/7Sf6d/wkP9lP8VN9mp/mp/t3/Qw/08/y7/nZ/n0/x8/18/x8n+4/8Av8Qp/hP/SL/Ec+0y++9FDSr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wH/ud/hO/y+/2e/ynfq//zO/zn/v9/gt/wH/ps/xX/qD/2h/y3/jD/lt/xH/nj/pj/rj/3p/wP/iT/pQ/7c/4s/5Hf87/5M/z36wxxhhjjP1dxl9uit/2/PI4v9cf5IhfrdwbAK7eWiDr1/0XrijX5f2l3VcktI0AwNM9Oz90aalWLTk5+eK6mRKCInMBLv0k6IIYuBwvhjbwJCRBayj9h/PvK7qepb8xfvRWgLhf5cTC5fjy+J8DYPIfjP/YEyMXlAtPx/+V8ecCFCtyOScnXI4XQ5ufn6+0hjJ/Yf75Wv6N+ef8IhWg1a9ycsHl+PL8E+FxeAaSfrMmY4wxxhhjjDH2i76iYsdL95+XfuPzj+7PE9TlnBxwOf5b9+eMMcYYY4wxxhi78p7t2u2px5KSWnf8xxtV/qmsv7vRGP5TI3PjDxveA1x6RQHAvzggwIWG/G/uxeb/yrZSLh46/7tr2RkfwP+NUv7zjbF/fuUKf2NijDHGGGOM/dtdvvr/7evqSk2IMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLhv4b/1fsSu8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9TwAAAP//HmP+kg==") mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x2014050, 0x0) 1m32.812905027s ago: executing program 0 (id=913): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1m32.383693624s ago: executing program 0 (id=917): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000300)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@fmask={'fmask', 0x3d, 0xa0}}, {@errors_remount}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@dmask}, {@namecase}, {@dmask={'dmask', 0x3d, 0x1}}, {@errors_continue}, {@keep_last_dots}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {@utf8}]}, 0x1, 0x152f, &(0x7f0000000880)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x1, 0x3a, 0x8, 0xffffffffffffffff}) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 1m32.007383016s ago: executing program 32 (id=917): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000300)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@fmask={'fmask', 0x3d, 0xa0}}, {@errors_remount}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@dmask}, {@namecase}, {@dmask={'dmask', 0x3d, 0x1}}, {@errors_continue}, {@keep_last_dots}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {@utf8}]}, 0x1, 0x152f, &(0x7f0000000880)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x1, 0x3a, 0x8, 0xffffffffffffffff}) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 44.280816307s ago: executing program 2 (id=1275): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000280)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x10000000}}, 0x10) bind$tipc(r0, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x2}}, 0x10) sendmsg$tipc(r0, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0) 43.983385277s ago: executing program 2 (id=1278): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000005c0)=@newtaction={0x44c, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x438, 0x1, [@m_police={0x434, 0x2, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x28, 0xfffffff8, 0x3, 0x4, 0xffffffc0, 0x6, 0x5, 0x5, 0x2, 0x117, 0x10000, 0x8001, 0x2, 0x1, 0x7, 0x9, 0x80000000, 0xaa, 0x3ff, 0x4, 0x9, 0x0, 0x51, 0xf, 0x2, 0x1, 0x10000, 0x200, 0x7, 0x2, 0x4, 0x8, 0x101, 0x8, 0x0, 0x3, 0xe, 0x66d, 0x80000000, 0x3, 0x1, 0x8, 0x2, 0x7fff, 0xd, 0x4, 0x1ff, 0xffff, 0x7f, 0xfffffffd, 0x40, 0x7, 0x3, 0x400, 0x6, 0x8, 0x2, 0x1, 0x7, 0x9, 0x594, 0x0, 0x2900, 0x100, 0x4, 0x305c000, 0x7, 0xfffffff7, 0x7, 0x800, 0x5, 0xf24, 0x5, 0x7fffffff, 0x923, 0x101, 0x1155, 0x3, 0x1, 0x0, 0xffffffff, 0xcd2, 0xfffffffa, 0x800, 0x4, 0x81, 0x3, 0x0, 0x3, 0xf, 0x1, 0x1, 0xe, 0x3b2, 0x6, 0x4, 0x1ff, 0x6, 0x5, 0x1000, 0xe6, 0x7fff, 0x1, 0x8c, 0x1, 0x80, 0xfffffffb, 0x5, 0x7f0, 0xfffffff0, 0xffff, 0xfffffff7, 0xcfb6, 0x6, 0x4, 0x1194, 0xaf, 0xa, 0x2, 0xe0, 0x0, 0x7f, 0x6, 0x0, 0x2, 0x9a7, 0x7a2, 0x5, 0x83f, 0xa36e58b, 0x100, 0x9, 0x7, 0x8, 0x2, 0x1, 0xfffffffe, 0x1242, 0x579, 0x3, 0x5, 0x7, 0x0, 0x4, 0x8d, 0x3, 0x4, 0x5, 0x8, 0xc, 0x6, 0xffffffff, 0xaebe, 0x9, 0x90a, 0x7, 0x3, 0x2, 0x80000000, 0x9, 0x9, 0x5, 0xfffffff1, 0x3cd, 0xc, 0x4, 0x2, 0x9, 0x6, 0x4, 0x4, 0x7, 0x0, 0x2, 0x1, 0x5, 0x7f, 0xe6ef, 0x9, 0x6, 0x1, 0x7, 0x0, 0x7fffffff, 0x7, 0x0, 0x8, 0x9, 0x5, 0x8, 0x0, 0x6, 0x7, 0x1, 0x401, 0x8762, 0x9, 0x0, 0x4, 0x4, 0xff, 0x3, 0xc, 0x8, 0xf, 0x2, 0x6, 0x80000000, 0x3, 0x7f, 0xfffffffc, 0x2, 0x61, 0x8, 0x100, 0x5, 0xc56, 0xe, 0x0, 0x8, 0x8, 0x6, 0x9, 0x5b0, 0x6, 0xffff, 0x5f3, 0xc5f8, 0x1000, 0x2, 0x9, 0x7, 0x1, 0x1, 0x3, 0x0, 0x2, 0x200, 0x253a, 0xb, 0x9, 0x3, 0x0, 0xf, 0x1, 0x4, 0x2, 0x1000, 0x7, 0xb96, 0x3, 0xff, 0x8, 0x9, 0xb]}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x44c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000740)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010002000000fcdbdf25310000000c000180080001"], 0x20}}, 0x4000000) 43.662404876s ago: executing program 2 (id=1282): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x43, 0x3}, 0x1}}, 0x10) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x1, {{0x41, 0x3}}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x9d3354bba4295a8d, {{0x41}}}, 0x10) 43.327835996s ago: executing program 2 (id=1283): syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000f80)='./file0\x00', 0x0, &(0x7f0000002480)=ANY=[@ANYBLOB='mode=00000000000000000000202,umask=00000000000000000000002,dmode=00000000000000000100002,gid=forget,longad,shortad,novrs,iocharset=cp437,uid=forget,umask=00000000000000000000006,dmode=00000000000000000000010,gid=', @ANYRESDEC=0x0, @ANYRES32=0x0], 0x1, 0xc58, &(0x7f00000000c0)="$eJzs3UFsHNd9B+D/G+2KSxutmDhRnTQuNm2RyorlypJiKlbhrmqabQBZFkIxtwBciZS6NUUSJNXIRtoyvfTQQ4Ci6CEnAq1RIEUDowmCHpnWBZKLD0WAAj0RLWwERQ9sESCngMHMvqWWNGnToihR0vfZ1G939r2Z9+atZ2RBb14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG/9/L5k8+l+90KAOBeujj25ZOn3P8B4JFy2f//AwAAAAAAAAAAAADAQZeiiCcixdzFtTRRve9qXOjUb94aHxndvtpgqmoeqsqXP43nTp0+84Xnh8/28kJn5gPq322fjlfHLp9vvjR7Y25+amFharI5PtO5Ojs5tes97LX+VserE9C88drNyWvXFpqnnj296eNbQ+8NPH506Nzw0yee6pUdHxkdHbtdpNFfvnbHDenaaYbH4SjiRKR45js/Se2IKGLv56Jxb8d+q8GqE8erToyPjFYdme60ZxbLDy/1TkQR0eyr1Oqdo+3HImr1e9qHnbUilsrmlw0+XnZvbK49374yPdW81J5f7Cx2ZmcupW5ry/40o4izKWI5IlYH3r+7ehRRixTfOrKWrkTEod55+Hw1MXjndhT72MddKNvZrEcsFw/AmB1gA1HEK5Hip28fi6v5OlNdaz4X8UqZ3494s8wXI1L5xTgT8e423yMeTLUo4i/L8T+3liar60HvunLhK80vzVyb7Svbu658xPvD+64U9+n+MLgl740Dfm1qRBHt6oq/lu78NzsAAAAAAAAAAAAAAAAA3G2DUcSnIsXL//7H1bziqOalHzk3/PtDv9Q/Z/zJD9lPWfbZiFgqdjcn93CeGHgpXUrpPs8lfpQ1oog/yfP/vnG/GwMAAAAAAAAAAAAAAAAAAPBIK+LHkeKFd46l5ehfU7wzc715uX1lursqbG/t396a6evr6+vN1M1WzomcSzmXc67kXO1mNe+/ql/k+jknci7lXM65knM1ZxzK9XO2ck7kXMq5nHMl52rOqOX6OVs5J3Iu5VzOuZJzNWcckLV7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeJkUU8fNI8c2vraVIEdGKmIhurgzc79YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKWBVMR3I0XzD1ob22oRkap/u46Vv5yJ1uEyPx6t4TJfjNb5nO0qa61v3If2szf1VMSPIsVA462NAc/jX+++2/gaxJtfv/3u07VuHup9OPTewONHj5wbHv21J3d6nbZrwPELnZmbt5rjI6OjY32ba/noH+/bNpSPW9ydrhMRC6+/8Vp7enpq/s5flF+BHT5aX1//s/Ioez3EAXmRajv29JF8UQ7tAWjGPnawtqvC9QPQ1H0ZXB525f3/3Ujx2+/8Z++GX93/axslNu7w8bM/vX3/f2HrjnZ5/69trZfv/+U9fbv7/xN9217Ivxup1yIaizfm6kcjGguvv3Gic6N9fer61MyZkye/ODz8xdMn64cjGtc601N9r/Z+rgAAAAAAAAAAAAAAAADuqVTE70aK9o/WUjMiblXztYbODT994qlDcaiab7Vp3varY5fPN1+avTE3P7WwMDXZHJ/pXJ2dnNrt4RrVdK/xkdF96cyHGtzn9g82Xpqde32+c/0PF7f9/LHG+SsLi/Ptq9t/HINRRLT6txyvGjw+Mlo1errTnqmqXtp2Mv1HV09F/FekuHqmmT6bt+X5/1tn+G+a/7+0dUf7NP//Y33bymOmVMTPIsVv/dWT8dmqnY/F+85ZLvd3keL42c/kcnG4LNdrQ/e5At2ZgWXZ/4sU//TzzWV78yGfuF32uV2f2AdEOf5HIsV3/+Lb8et52+bnP2w//o9t3dE+jf8n+rY9tul5BXvuOnn8T0SKF594K34jb/ug53/0nr1xLBfeeD7HPo3/J/u2DeXj/ubd6ToAAAAAAAAAAMADrZ6K+PtI8YPRWno+b9vN3/+b3Lqjffr7X7/St23y7qxX9KEv9nxSAQAAAOCAqKcifhwpri++tTGHevP87775n79ze/7nSNryafXnfL9cPTfgbv75X7+hfNyJvXcbAAAAAAAAAAAAAAAAAAAADpSUing+r6c+Uc3nn9xxPfWVSPHy/zyTy6WjZbneOvBD1a+Ni7MzJ85PT89ebS+2r0xPNcfm2lenyrqfiBRrf/uZXLeo1lfvrTffXeO9UYuIai32+Ugx+g+9st212Htrk3fXA++uxV6W/Vik+O9/3Fy2t471J2+XPVWW/ZtI8dV/3r7s0dtlT5dlvx0pfvjVZq/sY2XZ3vNRu88kbfxRRDx7dbbYh1EBAAAAAAAAAAAAAAAAAADgUVNPRfx5pPjfG8sbc/nz+v/1vreVN7/et97/Freqdf6HqvX/d3p9J+v/V88VWNrpqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HBKUcQbkWLu4lpaGSjfdzUudGZu3hofGd2+2mCqah6qypc/jedOnT7zheeHz/byg+vfbZ+KV8cun2++NHtjbn5qYWFqsjk+07k6Ozm16z3sXL9xRy06Xp2A5o3Xbk5eu7bQPPXs6U0f3xp6b+Dxo0Pnhp8+8VSv7PjI6OhYX5la/Y6OvK20w/bDUcRfR4pnvvOT9IOBiCI+8Fzsyod8d/bbYNWJ41UnxkdGq45Md9ozi+WHl3onooho9lVq9c7RPRiLPWlFLJXNLxt8vOze2Fx7vn1leqp5qT2/2FnszM5cSt3Wlv1pRhFnU8RyRKwOvH939SjitUjxrSNr6V8GIg71zsPnL459+eSpndtR7GMfd6FsZ7MesVw8AGN2gA1EEd+LFD99+1j860BELbo/8bmIV8r8fsSb0R3vVH4xzkS8u833iAdTLYr4/3L8z62ltwfK60HvunLhK80vzVyb7Svbu64cqPvD9/7jo9YYvBuH3bUDfm1qRBE/rK74a+nf/HcNAAAAAAAAAAAAAAAAcIAU8auR4oV3jqVqfvDGnOLOzPXm5faV6e60vt7cv96c6fX19fVm6mYr50TOpZzLOVdyruaMItfP2Sqzsb4+kd8v5VzOuZJzNWccyvVztnJO5FzKuZxzJedqzqjl+jlbOSdyLuVczrmSczVnHJC5ewAAAAAAAAAAAAAAAAAAwMOlqP5J8c2vraX1ge760hPRzRXrgT70fhEAAP//cjv0Pg==") syz_mount_image$exfat(0x0, &(0x7f0000000300)='./bus\x00', 0x448c, 0x0, 0x0, 0x0, &(0x7f0000000300)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 42.337494194s ago: executing program 2 (id=1292): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0700000004000000000900000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000004000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 41.31983574s ago: executing program 2 (id=1298): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioprio_set$uid(0x3, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0) 40.776511453s ago: executing program 33 (id=1298): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioprio_set$uid(0x3, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0) 3.007647771s ago: executing program 1 (id=1642): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x31, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffffff}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @alu={0x4, 0x0, 0x4, 0x0, 0x8, 0xfffffffffffffff0}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffff8}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x5}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x4000000b}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7fb}}, @tail_call, @map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe25c}]}, 0x0, 0x6, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0) 2.811564174s ago: executing program 1 (id=1645): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@deltclass={0x468, 0x29, 0x100, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xffe0}, {0x4, 0x9}, {0xb, 0xc}}, [@c_atm={{0x8}, {0x2c, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0x4, 0x3}}, @TCA_ATM_HDR={0x1d, 0x3, "b27ce56d7bd66b577e2a00fa2a6f8cad70c37fd0b6897c949b"}]}}, @c_cbq={{0x8}, {0x408, 0x2, [@TCA_CBQ_RTAB={0x404, 0x6, [0x1, 0x80000001, 0x0, 0x7, 0x6, 0x10001, 0x1, 0x0, 0x87e0, 0x44, 0x1c, 0xebe, 0x8, 0x2, 0x8001, 0x10000, 0x6, 0x6, 0x5, 0x4, 0x8, 0xc, 0x6, 0xfff, 0x1, 0x9, 0xffffff40, 0x5, 0x7, 0xa, 0x8529, 0x0, 0x1bc2, 0x2, 0x7, 0x5690bb00, 0x0, 0x1, 0x4ac9, 0x6, 0x7fff, 0xa3, 0x7, 0x2, 0x81, 0x1, 0x4, 0xffff710f, 0x10000, 0x2, 0x1, 0xe541380, 0x40, 0x0, 0x100, 0x6, 0x40, 0x5, 0x6, 0x8, 0x1, 0x4, 0x2, 0x9, 0x4, 0x3, 0xfd, 0x440f, 0x6, 0x3b, 0x7, 0x1, 0x5, 0x1, 0x38000040, 0x1, 0x4, 0x3ff, 0x8, 0x2, 0x9, 0x7, 0x8, 0x1, 0xd6, 0x2, 0x4, 0x0, 0x30, 0xccf1, 0x7fa7, 0xffff, 0x878a, 0x1, 0xfffffff8, 0x4, 0x2, 0x6, 0x7, 0x9, 0x1, 0x50000000, 0x8, 0x7fffffff, 0xffff, 0x2, 0x6, 0x4, 0x2, 0xd13, 0x3, 0x7ff, 0x2, 0xfff, 0x6, 0xfffffffd, 0x24f0, 0x0, 0x6, 0x8, 0x80000000, 0xff, 0x6, 0xfffffffb, 0xffff7fff, 0xb02, 0x2, 0x9, 0x200, 0x80000001, 0x0, 0xa6, 0x2, 0x80000000, 0x5, 0xfffffff9, 0x2, 0x0, 0x4, 0x7, 0x47, 0xc0, 0xd1b7, 0x2, 0x8, 0xdde3, 0x0, 0x4, 0x80000000, 0x9, 0x6, 0x9, 0x100, 0x6, 0x1, 0x6, 0xe, 0xfffffff8, 0x2, 0x5, 0x7, 0x611, 0x0, 0x8, 0x0, 0x3, 0x2, 0x3, 0x3, 0x6, 0x4, 0x7, 0x9, 0x94, 0xe74, 0x80000000, 0x63, 0x8, 0x3, 0x0, 0x7, 0x6, 0x155a, 0x2, 0x401, 0x5, 0x7ff, 0x8, 0x4, 0x2, 0xbf4b, 0x2, 0x1, 0x401, 0x7, 0x0, 0x6, 0x800, 0x2, 0x0, 0x9, 0x9, 0x4, 0x4, 0x29, 0x800, 0x4, 0x45df, 0x9, 0x7fff, 0x2, 0x7f, 0x8, 0x0, 0x5, 0x2, 0x0, 0x6, 0x90, 0xfffffff7, 0x3, 0x8, 0x200, 0xff, 0x5, 0x9, 0x6, 0x4, 0x6, 0x400, 0x9d, 0x7fffffff, 0x80, 0xb, 0xffff, 0x6, 0x2, 0xa, 0x12a1, 0x5, 0x8, 0x4, 0x3, 0x7, 0xe755, 0x0, 0xa65f, 0x3, 0x6dbc, 0x7, 0x2, 0x1, 0x7f, 0x100, 0x401, 0xc6]}]}}]}, 0x468}, 0x1, 0x0, 0x0, 0x8000}, 0x200048c5) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0) 2.619980871s ago: executing program 1 (id=1646): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f00000000c0)={0x8f, 0x0, 0xb}) 2.484450107s ago: executing program 1 (id=1647): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) getsockopt$TIPC_NODE_RECVQ_DEPTH(r0, 0x10f, 0x83, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2.013468425s ago: executing program 4 (id=1653): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x30, r1, 0x5, 0x4, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac0c]}]]}, 0x30}}, 0x0) 1.879241312s ago: executing program 5 (id=1655): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0xc001001b, 0x0, 0x6f}]}) 1.793412243s ago: executing program 4 (id=1656): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x10800, &(0x7f0000000080)=ANY=[], 0x1, 0x18c, &(0x7f0000000200)="$eJzskj2r01AYx38nyU2vohcFp7vYofgyaNNUxU3Huru5WNpYi6naJqAtBSMiHRzE0U/QryH4BXQQwbVzkeLiIpHzknCqH+Ge35B/nn+e85znOTmPs2nWAP7slgPuovA54qsQBMBFob2tp/WD0W9G32vhi8m7Z/w3Ro+z+SI0OU3Oa+NJP02TWRP4pbzayu689tiqUt93y4F8eQiUZVlKbwgynTNWjg9MrZzjAC6oIco6Rw4ig8tAO588b2fzxbXxpD9KRsnT2O/eim5E0c24/WicJpF+CmsLMwpSrwKNQ2rk9wPgrYl/so+wWpOcBnGKB/XasDrDI8G/eNbaSgWf6r4aYfW/4D6XkG29KKo60m2pKgFqpB4C3wSdwOpP73WoPlwfPEuHKwSiWrYmqGt0NhzUQWwH3dsFZ3WplSnZMtozuja6AXW1fvzevzJBIZ/vTHSlgJCX/TyfdeSc+k3wCsjzWexVXnyusA9M7vrR2x/us/ff2TocDofD4XA4HA7HSeNvAAAA//99JHhE") chdir(&(0x7f00000000c0)='./file0\x00') listxattr(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=""/228, 0xe4) 1.655687237s ago: executing program 3 (id=1658): unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="f3"], 0x0) ioctl$EVIOCGLED(r0, 0x80284504, &(0x7f0000000000)=""/52) 1.585793743s ago: executing program 5 (id=1659): r0 = fsopen(&(0x7f0000000000)='nfsd\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000040)='\'\x95)\x00', &(0x7f0000000080)="f1", 0x1) 1.451704077s ago: executing program 6 (id=1660): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) 1.365263955s ago: executing program 3 (id=1661): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x40000) ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 1.293532542s ago: executing program 4 (id=1662): r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xc0002009}) ppoll(&(0x7f00000022c0)=[{r1, 0x2}], 0x1, &(0x7f0000002340), 0x0, 0x0) 1.223874489s ago: executing program 5 (id=1663): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000240)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/140, 0x8c}], 0x1, 0x0, 0x0) 1.021817213s ago: executing program 4 (id=1664): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0xfffc}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x400}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008894}, 0x20004890) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)={0x54, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x140449c7}, 0x40080) 996.548665ms ago: executing program 6 (id=1665): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0x0, 0x9}, 0x0, [0x0, 0x0, 0x200, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x1, 0x7, 0x0, 0x0, 0xffffffff, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x3], [0x3f, 0x0, 0x8, 0xb16, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xd, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0xffffffff, 0xfffffffe, 0x0, 0xff, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffa, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xe, 0xffffffff], [0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xddc, 0x0, 0x0, 0xfffffffc, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7, 0x4], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc045, 0x0, 0x16, 0x0, 0x4, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe, 0x0, 0x0, 0xffffffff, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) 982.538391ms ago: executing program 5 (id=1666): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x1, 0xfffff034}, {0x48, 0x0, 0x40, 0x3}, {0x6, 0x37, 0x0, 0x9}]}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000380)={@local, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x9, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x6, 0x0, 0xe7}}}}}}, 0x0) 954.717537ms ago: executing program 3 (id=1667): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newsa={0x15c, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfefffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0xf, 0x81, 0x9, 0x100}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@rand_addr=0x64010102, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x9ba3, 0x4, 0x8251c, 0x5, 0xfffffffffffffffc, 0x4}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x9, 0x3fc}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x844) 771.750993ms ago: executing program 4 (id=1668): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000140)=[{0x50, 0x0, 0xfd, 0x80000000}, {0x6, 0xba, 0x2, 0xefff}]}, 0x10) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x20, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}}, 0x20}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) 734.164588ms ago: executing program 5 (id=1669): unshare(0x26020480) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000080)=0x2, 0x4) 682.180609ms ago: executing program 3 (id=1670): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x2c, r2, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0xffbffffc}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 680.452556ms ago: executing program 6 (id=1671): openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 502.432226ms ago: executing program 4 (id=1672): r0 = syz_io_uring_setup(0xd86, &(0x7f0000000140)={0x0, 0x2c32, 0x400, 0x1, 0x89}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000380)='./cgroup\x00', 0x2, 0x298f82}) io_uring_enter(r0, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f) 490.221306ms ago: executing program 3 (id=1673): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 473.794573ms ago: executing program 1 (id=1674): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a801800018014000a"], 0x4c}}, 0x0) 453.659435ms ago: executing program 5 (id=1675): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0xef, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0x0, @in6=@local, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000003e40)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9bb759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5c768a40538be5f76e9c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5ffff000000000000c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be9b0220836729028b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb3596b61675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e959212181d4bf32ed89c96d421c8171698c49403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb6ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751beed5f79de29a67a579150bfb31232d296b9d2977ed027ca90af7088d6466f1501d96a32bfa3cf9ab0dcd626ac9341833e92685af6917ae05473ae4768341426e244159b3c3e002b6f8ee80cbe6e26c816ab92658d956d849cd3a21ebf4b143d338035cd91f087633aa668e0644b05dc5a7937cd5fb62bd08242a858aeeda8c0cbb4fc2478a8155b859e88493f322702277939832bd4a1d8109f98c5a187564c9eb80acc63ac57459593c81ce8998e38ea231b81ebaa6b242ebdf382d70232f1d8e516a8eaf39d09ea40198cf1b72eb5ce5327d3a3861470be47a9a9dbf569e6f6f474fd1448adfd70c4f4a4487edaf193a00a808389a110a4286905ba81309735f6ac5d2ba7ab2be01fa25c11dbb3170258e9d9fed944fd85c03336a49f7016517a1988bc84ee301e167d3cf88c46c4eba6e2bfd099acd2eec5c624679aa7ebab76061a9ca792bffe3d6df4dbe70b5cab6299a51e63826fd0bda4846d06e322ebd745e73da718ba0c93e7567df9ed7ea8d2fdbde44e65a4cd01748b784d392645d013d1424c6e7f141f67ef620df8a8bac03489bf70423fa9f2c79c41d5b6496ae17718b5044c5cadb43264b290ebfcd9d5236d0b14e280fd3fcbb2fa330dcc58f44ed0b12c9299e74ea56ffefb003034230e20886f502e6df00aa138e9c8761d107bdea8d57b64345f91e055c6f52356aec1ce68e612e94224407bcf7b1df9f2aec27d44b0b9a944d16236"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff892f00004000633277fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 391.79087ms ago: executing program 6 (id=1676): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="31032fbd7000fddbdf250800000008000300", @ANYRES32=r2, @ANYBLOB="05002d000100000008000600", @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x8814}, 0x20000084) 235.812348ms ago: executing program 1 (id=1677): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r0) close(r0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x81902) 179.383107ms ago: executing program 6 (id=1678): r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x8, &(0x7f0000000200)={0x77359400}, 0x1, 0x4, 0x1}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000140)={0x5, r0, 0x1c, {0x9, 0x1}, 0x6}, 0x1) 176.354762ms ago: executing program 3 (id=1679): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file2\x00', 0x8, &(0x7f0000000080)={[{@nodioread_nolock}, {@noload}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") syz_mount_image$fuse(0x0, &(0x7f0000002f40)='./bus\x00', 0x1020020, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) llistxattr(&(0x7f0000002300)='./file0\x00', 0x0, 0xfffffdf3) 0s ago: executing program 6 (id=1680): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000003c0)={0x1, 0x0, [{0x3, 0x1, 0x0, 0x0, @sint={0x98b4, 0xffff0000}}]}) kernel console output (not intermixed with test programs): USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 174.922967][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.951749][ T5906] usb 4-1: Product: syz [ 174.965308][ T5906] usb 4-1: Manufacturer: syz [ 174.975433][ T809] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 174.989524][ T5906] usb 4-1: SerialNumber: syz [ 174.998567][ T809] usb 3-1: config 0 has no interface number 0 [ 175.033047][ T809] usb 3-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 175.060729][ T809] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.077869][ T5906] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 175.106082][ T809] usb 3-1: Product: syz [ 175.123918][ T809] usb 3-1: Manufacturer: syz [ 175.143847][ T809] usb 3-1: SerialNumber: syz [ 175.178383][ T809] usb 3-1: config 0 descriptor?? [ 175.194752][ T809] usb 3-1: selecting invalid altsetting 1 [ 175.211082][ T809] dvb_ttusb_budget: ttusb_init_controller: error [ 175.240617][ T809] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 175.258260][ T5914] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 175.274929][ T7828] loop0: detected capacity change from 0 to 32768 [ 175.304582][ T7828] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.694 (7828) [ 175.378849][ T7828] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 175.432487][ T7828] BTRFS info (device loop0): using blake2b checksum algorithm [ 175.614993][ T7828] BTRFS info (device loop0): enabling ssd optimizations [ 175.615023][ T7828] BTRFS info (device loop0): turning on async discard [ 175.615042][ T7828] BTRFS info (device loop0): enabling free space tree [ 175.702604][ T809] DVB: Unable to find symbol stv0299_attach() [ 175.787763][ T809] DVB: Unable to find symbol tda8083_attach() [ 175.804321][ T809] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 175.837800][ T809] usb 3-1: USB disconnect, device number 4 [ 175.970578][ T92] usb 4-1: USB disconnect, device number 8 [ 176.084549][ T5841] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 176.305295][ T7845] loop4: detected capacity change from 0 to 40427 [ 176.366846][ T5914] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 176.415292][ T7845] F2FS-fs (loop4): build fault injection rate: 771 [ 176.422627][ T5914] ath9k_htc: Failed to initialize the device [ 176.459771][ T92] usb 4-1: ath9k_htc: USB layer deinitialized [ 176.479973][ T7845] F2FS-fs (loop4): invalid crc value [ 176.809090][ T7884] loop0: detected capacity change from 0 to 4096 [ 176.949745][ T7845] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 177.043535][ T7892] loop3: detected capacity change from 0 to 4096 [ 177.047817][ T7845] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 177.128388][ T7892] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.467311][ T5858] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.668351][ T5914] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 177.786244][ T7896] loop2: detected capacity change from 0 to 32768 [ 177.824259][ T7896] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.711 (7896) [ 177.870880][ T5914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.883055][ T7896] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 177.904537][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.917317][ T7896] BTRFS info (device loop2): using blake2b checksum algorithm [ 177.955354][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.982174][ T7912] pim6reg: entered allmulticast mode [ 177.992754][ T5914] usb 2-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00 [ 178.012303][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.048656][ T5914] usb 2-1: config 0 descriptor?? [ 178.164688][ T7896] BTRFS info (device loop2 state E): setting nodatasum [ 178.200009][ T7896] BTRFS info (device loop2 state E): setting nodatacow [ 178.249110][ T7896] BTRFS info (device loop2 state E): disabling log replay at mount time [ 178.276712][ T7896] BTRFS info (device loop2 state E): turning on async discard [ 178.304434][ T7896] BTRFS info (device loop2 state E): enabling free space tree [ 178.312444][ T7896] BTRFS info (device loop2 state E): force clearing of disk cache [ 178.321753][ T7896] BTRFS info (device loop2 state E): enabling auto defrag [ 178.541652][ T7935] loop3: detected capacity change from 0 to 256 [ 178.585572][ T5846] BTRFS info (device loop2 state E): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 178.611883][ T7935] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5cb490d, utbl_chksum : 0xe619d30d) [ 178.756248][ T5914] usb 2-1: USB disconnect, device number 4 [ 180.842568][ T8004] loop4: detected capacity change from 0 to 64 [ 180.891112][ T8006] loop1: detected capacity change from 0 to 256 [ 180.969400][ T8006] FAT-fs (loop1): Directory bread(block 64) failed [ 180.991538][ T8006] FAT-fs (loop1): Directory bread(block 65) failed [ 181.017053][ T8006] FAT-fs (loop1): Directory bread(block 66) failed [ 181.046417][ T8006] FAT-fs (loop1): Directory bread(block 67) failed [ 181.070818][ T8006] FAT-fs (loop1): Directory bread(block 68) failed [ 181.099215][ T8006] FAT-fs (loop1): Directory bread(block 69) failed [ 181.120964][ T8006] FAT-fs (loop1): Directory bread(block 70) failed [ 181.139695][ T8006] FAT-fs (loop1): Directory bread(block 71) failed [ 181.161535][ T8006] FAT-fs (loop1): Directory bread(block 72) failed [ 181.183172][ T8006] FAT-fs (loop1): Directory bread(block 73) failed [ 181.582172][ T7996] loop0: detected capacity change from 0 to 32768 [ 181.598197][ T7996] xfs: Deprecated parameter 'attr2' [ 181.618811][ T7996] XFS: attr2 mount option is deprecated. [ 181.646196][ T7996] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 181.763386][ T7996] XFS (loop0): Ending clean mount [ 181.797677][ T7996] XFS (loop0): Quotacheck needed: Please wait. [ 181.932001][ T8036] netlink: 148 bytes leftover after parsing attributes in process `syz.3.762'. [ 182.068198][ T7996] XFS (loop0): Quotacheck: Done. [ 182.242505][ T5841] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 182.778990][ T8059] macsec2: entered promiscuous mode [ 182.790513][ T8059] macsec2: entered allmulticast mode [ 182.802333][ T8059] bridge0: entered allmulticast mode [ 182.824746][ T8059] bridge0: port 3(macsec2) entered blocking state [ 182.845494][ T8061] loop0: detected capacity change from 0 to 128 [ 182.857177][ T8018] loop1: detected capacity change from 0 to 32768 [ 182.862387][ T8059] bridge0: port 3(macsec2) entered disabled state [ 182.870341][ T8061] EXT4-fs: Ignoring removed bh option [ 182.932979][ T8018] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 182.982736][ T8061] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 183.021051][ T8059] bridge0: left allmulticast mode [ 183.046203][ T8018] XFS (loop1): Ending clean mount [ 183.129157][ T8061] ext4 filesystem being mounted at /158/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 183.267447][ T8053] loop4: detected capacity change from 0 to 32768 [ 183.324748][ T5841] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 183.358453][ T8053] XFS (loop4): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 183.399115][ T5849] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 183.794288][ T8053] XFS (loop4): Starting recovery (logdev: internal) [ 183.866943][ T8053] XFS (loop4): Ending recovery (logdev: internal) [ 184.091850][ T8077] loop3: detected capacity change from 0 to 40427 [ 184.113812][ T8077] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 184.133023][ T8077] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 184.147326][ T30] audit: type=1326 audit(1774548434.613:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.184800][ T30] audit: type=1326 audit(1774548434.613:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.217178][ T30] audit: type=1326 audit(1774548434.623:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.250684][ T5850] XFS (loop4): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 184.266487][ T30] audit: type=1326 audit(1774548434.623:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.292057][ T30] audit: type=1326 audit(1774548434.623:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.314936][ T30] audit: type=1326 audit(1774548434.633:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.338498][ T30] audit: type=1326 audit(1774548434.633:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.368147][ T30] audit: type=1326 audit(1774548434.633:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 184.593136][ T8077] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 184.731431][ T8077] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 184.774111][ T8077] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 184.969074][ T5858] syz-executor: attempt to access beyond end of device [ 184.969074][ T5858] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 185.030447][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 185.030482][ T5858] Tainted: [L]=SOFTLOCKUP [ 185.030489][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 185.030502][ T5858] Call Trace: [ 185.030510][ T5858] [ 185.030519][ T5858] dump_stack_lvl+0xe8/0x150 [ 185.030558][ T5858] f2fs_stop_checkpoint+0x3c7/0x590 [ 185.030598][ T5858] f2fs_write_end_io+0x12e5/0x17a0 [ 185.030655][ T5858] __submit_merged_bio+0x256/0x6a0 [ 185.030694][ T5858] __submit_merged_write_cond+0x3c9/0x4e0 [ 185.030735][ T5858] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 185.030795][ T5858] f2fs_write_data_pages+0x287e/0x34f0 [ 185.030826][ T5858] ? __lock_acquire+0x6b5/0x2cf0 [ 185.030898][ T5858] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 185.030949][ T5858] ? __pfx_css_rstat_updated+0x10/0x10 [ 185.031011][ T5858] ? unwind_next_frame+0xa6/0x2550 [ 185.031030][ T5858] ? rcu_is_watching+0x15/0xb0 [ 185.031048][ T5858] ? __kasan_check_byte+0x12/0x40 [ 185.031069][ T5858] ? __bfs+0x153/0x290 [ 185.031096][ T5858] ? __pfx_hlock_conflict+0x10/0x10 [ 185.031141][ T5858] ? lockdep_unlock+0x5d/0xd0 [ 185.031166][ T5858] ? __lock_acquire+0x146e/0x2cf0 [ 185.031231][ T5858] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 185.031265][ T5858] do_writepages+0x32e/0x550 [ 185.031304][ T5858] ? do_raw_spin_unlock+0xf5/0x210 [ 185.031335][ T5858] filemap_fdatawrite+0x1e9/0x2f0 [ 185.031365][ T5858] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 185.031447][ T5858] ? do_raw_spin_unlock+0xf5/0x210 [ 185.031478][ T5858] f2fs_sync_dirty_inodes+0x30e/0x830 [ 185.031526][ T5858] f2fs_write_checkpoint+0x9df/0x26a0 [ 185.031590][ T5858] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 185.031688][ T5858] kill_f2fs_super+0x314/0x730 [ 185.031717][ T5858] ? __pfx_kill_f2fs_super+0x10/0x10 [ 185.031755][ T5858] ? lockdep_hardirqs_on+0x7a/0x110 [ 185.031798][ T5858] deactivate_locked_super+0xbc/0x130 [ 185.031831][ T5858] cleanup_mnt+0x437/0x4d0 [ 185.031863][ T5858] ? _raw_spin_unlock_irq+0x23/0x50 [ 185.031892][ T5858] task_work_run+0x1d9/0x270 [ 185.031922][ T5858] ? __pfx_task_work_run+0x10/0x10 [ 185.031958][ T5858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.031985][ T5858] exit_to_user_mode_loop+0xed/0x480 [ 185.032014][ T5858] ? rcu_is_watching+0x15/0xb0 [ 185.032036][ T5858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.032059][ T5858] do_syscall_64+0x33e/0xf80 [ 185.032083][ T5858] ? trace_irq_disable+0x3b/0x140 [ 185.032109][ T5858] ? clear_bhb_loop+0x40/0x90 [ 185.032136][ T5858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.032157][ T5858] RIP: 0033:0x7f8a0339d9d7 [ 185.032177][ T5858] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 185.032195][ T5858] RSP: 002b:00007fffe68e1fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 185.032218][ T5858] RAX: 0000000000000000 RBX: 00007f8a03432050 RCX: 00007f8a0339d9d7 [ 185.032232][ T5858] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffe68e2060 [ 185.032245][ T5858] RBP: 00007fffe68e2060 R08: 00007fffe68e3060 R09: 00000000ffffffff [ 185.032259][ T5858] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe68e30f0 [ 185.032271][ T5858] R13: 00007f8a03432050 R14: 000000000002d229 R15: 00007fffe68e3130 [ 185.032309][ T5858] [ 185.363498][ T5858] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 185.796817][ T8123] loop2: detected capacity change from 0 to 32768 [ 185.838396][ T8123] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.794 (8123) [ 185.863026][ T8123] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 185.863065][ T8123] BTRFS info (device loop2): using sha256 checksum algorithm [ 185.863123][ T8123] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 186.058531][ T8123] BTRFS info (device loop2): rebuilding free space tree [ 186.165225][ T8123] BTRFS info (device loop2): disabling free space tree [ 186.180999][ T8123] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 186.206720][ T8123] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 186.304001][ T8123] BTRFS info (device loop2): turning off barriers [ 186.334008][ T8123] BTRFS info (device loop2): turning on sync discard [ 186.351423][ T8123] BTRFS info (device loop2): enabling disk space caching [ 186.366804][ T8123] BTRFS info (device loop2): force clearing of disk cache [ 186.384214][ T8123] BTRFS info (device loop2): enabling auto defrag [ 186.477464][ T30] audit: type=1800 audit(1774548436.933:118): pid=8123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.794" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 186.716919][ T8109] loop0: detected capacity change from 0 to 40427 [ 186.752341][ T8109] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 186.760568][ T8123] BTRFS warning (device loop2): discard failed for extent [5357568, 5365759]: errno=-512 unknown [ 186.773947][ T8109] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 186.791520][ T8123] BTRFS info (device loop2): balance: start -sprofiles=0x4000000000000,usage=8..0,drange=1580..6,vrange=0..3,limit=5..3 [ 186.809801][ T8109] F2FS-fs (loop0): invalid crc value [ 186.848236][ T8123] BTRFS info (device loop2): balance: ended with status: 0 [ 186.929899][ T8123] BTRFS warning (device loop2): discard failed for extent [5365760, 5373951]: errno=-512 unknown [ 187.069583][ T5846] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 187.148798][ T8109] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 187.279174][ T8109] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 187.305425][ T8109] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 188.000762][ T8158] loop3: detected capacity change from 0 to 32768 [ 188.011522][ T8182] loop2: detected capacity change from 0 to 128 [ 188.060207][ T8158] ea_get: invalid extended attribute [ 188.132516][ T8158] ffff8880584a9e00: 04 00 00 00 .... [ 188.285459][ T8185] loop2: detected capacity change from 0 to 128 [ 188.397290][ T8185] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 188.433704][ T8185] hpfs: filesystem error: improperly stopped [ 188.455845][ T8185] hpfs: You really don't want any checks? You are crazy... [ 188.492210][ T8185] hpfs: hpfs_map_sector(): read error [ 188.512059][ T8185] hpfs: code page support is disabled [ 188.534403][ T8185] hpfs: hpfs_map_4sectors(): unaligned read [ 188.546759][ T8185] hpfs: hpfs_map_4sectors(): unaligned read [ 188.569634][ T8185] hpfs: filesystem error: unable to find root dir [ 189.189986][ T8180] loop4: detected capacity change from 0 to 32768 [ 190.054652][ T8194] loop2: detected capacity change from 0 to 32768 [ 190.070174][ T8196] loop3: detected capacity change from 0 to 40427 [ 190.098119][ T8194] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 190.123029][ T8196] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 190.155910][ T8196] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 190.171042][ T8196] F2FS-fs (loop3): invalid crc value [ 190.217888][ T8194] XFS (loop2): Ending clean mount [ 190.369244][ T30] audit: type=1800 audit(1774548440.833:119): pid=8194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.817" name="file2" dev="loop2" ino=4423 res=0 errno=0 [ 190.504847][ T8196] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 190.590424][ T8196] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 190.606310][ T8196] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 190.727504][ T5846] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 191.538441][ T8242] orangefs_mount: mount request failed with -4 [ 191.850581][ T8270] netlink: 4556 bytes leftover after parsing attributes in process `syz.0.847'. [ 192.157475][ T8284] IPv6: NLM_F_CREATE should be specified when creating new route [ 192.533237][ T8298] loop3: detected capacity change from 0 to 1024 [ 192.538575][ T8301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.862'. [ 192.564388][ T8298] EXT4-fs: Ignoring removed nomblk_io_submit option [ 192.577904][ T8301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.862'. [ 192.623402][ T8301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.862'. [ 192.655864][ T8301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.862'. [ 192.667475][ T8298] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 192.688251][ T8298] System zones: 0-1, 3-36 [ 192.822385][ T8298] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.102793][ T5858] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.285282][ T8327] loop3: detected capacity change from 0 to 16 [ 193.359367][ T8327] erofs (device loop3): rootino(nid 36) is not a directory(i_mode 66700) [ 193.395741][ T8327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.872'. [ 193.433418][ T8327] ip6gre1: entered promiscuous mode [ 193.454446][ T8327] ip6gre1: entered allmulticast mode [ 193.754108][ T8320] loop1: detected capacity change from 0 to 32768 [ 193.796463][ T8320] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 193.854372][ T8320] JBD2: Ignoring recovery information on journal [ 194.094563][ T8349] loop4: detected capacity change from 0 to 256 [ 194.102263][ T8320] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 194.127691][ T8340] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.210985][ T8340] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.291675][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.298413][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.464117][ T5849] ocfs2: Unmounting device (7,1) on (node local) [ 194.892843][ T8367] loop1: detected capacity change from 0 to 256 [ 195.258074][ T8357] loop0: detected capacity change from 0 to 32768 [ 195.266747][ T809] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 195.340282][ T8357] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 195.377663][ T8359] loop3: detected capacity change from 0 to 32768 [ 195.390820][ T8357] XFS (loop0): Ending clean mount [ 195.402518][ T8359] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.889 (8359) [ 195.429927][ T809] usb 2-1: Using ep0 maxpacket: 16 [ 195.443541][ T8359] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 195.500327][ T809] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 195.517627][ T8359] BTRFS info (device loop3): using crc32c checksum algorithm [ 195.536458][ T8363] loop4: detected capacity change from 0 to 40427 [ 195.555353][ T8363] F2FS-fs (loop4): invalid crc value [ 195.563552][ T809] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 195.590474][ T809] usb 2-1: config 0 interface 0 has no altsetting 0 [ 195.627263][ T809] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 195.659932][ T5841] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 195.688141][ T809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.778323][ T809] usb 2-1: config 0 descriptor?? [ 195.832732][ T8359] BTRFS info (device loop3): setting nodatasum [ 195.843981][ T8363] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 195.863358][ T8359] BTRFS info (device loop3): setting nodatacow [ 195.902593][ T8359] BTRFS info (device loop3): turning on async discard [ 195.927430][ T8363] F2FS-fs (loop4): Start checkpoint disabled! [ 195.952742][ T8359] BTRFS info (device loop3): enabling free space tree [ 196.006135][ T8359] BTRFS info (device loop3): enabling auto defrag [ 196.035917][ T8359] BTRFS info (device loop3): max_inline set to 0 [ 196.148314][ T8363] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 196.198628][ T8363] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 196.217387][ T809] hid (null): global environment stack underflow [ 196.243490][ T809] hid (null): unknown global tag 0xe [ 196.265582][ T809] hid (null): invalid report_size -1133080641 [ 196.297747][ T809] hid (null): unknown global tag 0xc [ 196.305527][ T809] hid (null): unknown global tag 0xc [ 196.322970][ T809] hid (null): unknown global tag 0xc [ 196.344219][ T809] hid (null): report_id 4399 is invalid [ 196.369685][ T5858] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 196.515233][ T809] usb 2-1: USB disconnect, device number 5 [ 196.533445][ T12] kworker/u8:0: attempt to access beyond end of device [ 196.533445][ T12] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 196.631661][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 196.631697][ T12] Tainted: [L]=SOFTLOCKUP [ 196.631705][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 196.631718][ T12] Workqueue: writeback wb_workfn (flush-7:4) [ 196.631751][ T12] Call Trace: [ 196.631760][ T12] [ 196.631769][ T12] dump_stack_lvl+0xe8/0x150 [ 196.631813][ T12] f2fs_stop_checkpoint+0x3c7/0x590 [ 196.631851][ T12] f2fs_write_end_io+0x12e5/0x17a0 [ 196.631899][ T12] __submit_merged_bio+0x256/0x6a0 [ 196.631938][ T12] __submit_merged_write_cond+0x3c9/0x4e0 [ 196.631979][ T12] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 196.632035][ T12] f2fs_write_data_pages+0x287e/0x34f0 [ 196.632066][ T12] ? rcu_is_watching+0x15/0xb0 [ 196.632131][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 196.632182][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 196.632247][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 196.632303][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 196.632353][ T12] ? set_shrinker_bit+0x7c/0x350 [ 196.632382][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 196.632420][ T12] do_writepages+0x32e/0x550 [ 196.632455][ T12] ? reacquire_held_locks+0x104/0x190 [ 196.632475][ T12] ? writeback_sb_inodes+0x463/0x19d0 [ 196.632510][ T12] __writeback_single_inode+0x133/0x10e0 [ 196.632539][ T12] ? do_raw_spin_unlock+0xf5/0x210 [ 196.632570][ T12] writeback_sb_inodes+0x979/0x19d0 [ 196.632596][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 196.632661][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 196.632685][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 196.632761][ T12] ? rcu_is_watching+0x15/0xb0 [ 196.632801][ T12] wb_writeback+0x445/0xb00 [ 196.632834][ T12] ? queue_io+0x2b1/0x470 [ 196.632871][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 196.632895][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 196.632942][ T12] wb_workfn+0x3f8/0xf10 [ 196.632961][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 196.632989][ T12] ? look_up_lock_class+0x57/0x110 [ 196.633039][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 196.633070][ T12] ? do_raw_spin_unlock+0xf5/0x210 [ 196.633103][ T12] ? process_scheduled_works+0xa70/0x1860 [ 196.633137][ T12] ? process_scheduled_works+0xa70/0x1860 [ 196.633178][ T12] ? process_scheduled_works+0xa70/0x1860 [ 196.633207][ T12] ? process_scheduled_works+0xa70/0x1860 [ 196.633241][ T12] process_scheduled_works+0xb5d/0x1860 [ 196.633314][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 196.633353][ T12] ? assign_work+0x3d5/0x5e0 [ 196.633391][ T12] worker_thread+0xa53/0xfc0 [ 196.633461][ T12] kthread+0x388/0x470 [ 196.633486][ T12] ? __pfx_worker_thread+0x10/0x10 [ 196.633515][ T12] ? __pfx_kthread+0x10/0x10 [ 196.633541][ T12] ret_from_fork+0x514/0xb70 [ 196.633577][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 196.633606][ T12] ? __switch_to+0xc7d/0x1420 [ 196.633639][ T12] ? __pfx_kthread+0x10/0x10 [ 196.633665][ T12] ret_from_fork_asm+0x1a/0x30 [ 196.633709][ T12] [ 196.995519][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 197.333906][ T8397] loop2: detected capacity change from 0 to 32768 [ 197.394019][ T8397] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.894 (8397) [ 197.509394][ T8397] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 197.529807][ T8397] BTRFS info (device loop2): using crc32c checksum algorithm [ 197.607951][ T8413] loop3: detected capacity change from 0 to 4096 [ 197.723422][ T8397] BTRFS info (device loop2): enabling ssd optimizations [ 197.741627][ T8433] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 197.745195][ T8397] BTRFS info (device loop2): turning on flush-on-commit [ 197.784728][ T8397] BTRFS info (device loop2): enabling free space tree [ 197.804976][ T8397] BTRFS info (device loop2): enabling auto defrag [ 197.811934][ T8397] BTRFS info (device loop2): use lzo compression, level 1 [ 197.826720][ T8397] BTRFS info (device loop2): max_inline set to 4096 [ 198.458460][ T30] audit: type=1800 audit(1774548448.913:120): pid=8397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.894" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 198.628718][ T5846] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 198.890420][ T8452] loop0: detected capacity change from 0 to 256 [ 198.915422][ T8452] exfat: Deprecated parameter 'utf8' [ 198.940554][ T8452] exfat: Deprecated parameter 'namecase' [ 198.982108][ T8452] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 199.059139][ T30] audit: type=1326 audit(1774548449.523:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8453 comm="syz.4.911" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b6b99c799 code=0x0 [ 199.086931][ T5899] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 199.297003][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 199.309075][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.332213][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.359227][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 199.389451][ T5899] usb 2-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00 [ 199.418137][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.447530][ T8462] tap0: tun_chr_ioctl cmd 1074025681 [ 199.453297][ T5899] usb 2-1: config 0 descriptor?? [ 199.881745][ T5899] hid_parser_main: 28 callbacks suppressed [ 199.881767][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.914634][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.922066][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.936960][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.944140][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.951885][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.960178][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.969798][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x2 [ 199.977905][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.985049][ T5899] a4tech 0003:09DA:000A.0007: unknown main item tag 0x0 [ 199.993364][ T5899] a4tech 0003:09DA:000A.0007: item fetching failed at offset 38/41 [ 200.004145][ T5899] a4tech 0003:09DA:000A.0007: parse failed [ 200.024740][ T5899] a4tech 0003:09DA:000A.0007: probe with driver a4tech failed with error -22 [ 200.124006][ T5899] usb 2-1: USB disconnect, device number 6 [ 200.144804][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.479481][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.510975][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 200.524434][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 200.537933][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 200.552775][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 200.566084][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 200.744426][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.816121][ T8492] Illegal XDP return value 4294967289 on prog (id 44) dev N/A, expect packet loss! [ 200.938531][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.997551][ T8493] syzkaller0: tun_chr_ioctl cmd 1074812117 [ 201.207635][ T5899] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 201.349676][ T8510] netlink: 'syz.3.934': attribute type 11 has an invalid length. [ 201.377509][ T5899] usb 5-1: Using ep0 maxpacket: 16 [ 201.387427][ T8510] netlink: 190972 bytes leftover after parsing attributes in process `syz.3.934'. [ 201.418444][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.456604][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.508350][ T5899] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 201.548675][ T5899] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 201.600050][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.679182][ T5899] usb 5-1: config 0 descriptor?? [ 202.034191][ T36] bridge_slave_1: left promiscuous mode [ 202.052242][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.133666][ T5899] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 202.143887][ T5899] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 202.190395][ T8529] overlayfs: invalid origin (0000) [ 202.209231][ T36] bridge_slave_0: left allmulticast mode [ 202.226359][ T36] bridge_slave_0: left promiscuous mode [ 202.236681][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.328851][ T5899] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 202.369491][ T5899] microsoft 0003:045E:07DA.0008: no inputs found [ 202.391710][ T5899] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 202.530644][ T809] usb 5-1: USB disconnect, device number 3 [ 202.610474][ T5161] Bluetooth: hci0: command tx timeout [ 202.957359][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.973144][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.984185][ T36] bond0 (unregistering): Released all slaves [ 203.022800][ T8483] chnl_net:caif_netlink_parms(): no params data found [ 203.392251][ T8483] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.401110][ T8483] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.408851][ T8483] bridge_slave_0: entered allmulticast mode [ 203.418906][ T8483] bridge_slave_0: entered promiscuous mode [ 203.429055][ T8483] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.436381][ T8483] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.445941][ T8483] bridge_slave_1: entered allmulticast mode [ 203.455418][ T8483] bridge_slave_1: entered promiscuous mode [ 203.507567][ T8483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.533512][ T8483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.623898][ T8483] team0: Port device team_slave_0 added [ 203.645427][ T8483] team0: Port device team_slave_1 added [ 203.805119][ T8569] loop4: detected capacity change from 0 to 256 [ 203.890916][ T8569] FAT-fs (loop4): Directory bread(block 64) failed [ 203.930896][ T8569] FAT-fs (loop4): Directory bread(block 65) failed [ 203.963531][ T8569] FAT-fs (loop4): Directory bread(block 66) failed [ 203.998781][ T8569] FAT-fs (loop4): Directory bread(block 67) failed [ 204.025898][ T8569] FAT-fs (loop4): Directory bread(block 68) failed [ 204.045512][ T8569] FAT-fs (loop4): Directory bread(block 69) failed [ 204.075458][ T8569] FAT-fs (loop4): Directory bread(block 70) failed [ 204.103044][ T8569] FAT-fs (loop4): Directory bread(block 71) failed [ 204.131748][ T8569] FAT-fs (loop4): Directory bread(block 72) failed [ 204.151481][ T8569] FAT-fs (loop4): Directory bread(block 73) failed [ 204.166951][ T8581] loop1: detected capacity change from 0 to 512 [ 204.319468][ T8581] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 204.422060][ T8581] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 204.467179][ T8581] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.955: Corrupt directory, running e2fsck is recommended [ 204.492546][ T8581] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 204.501487][ T8581] EXT4-fs error (device loop1): ext4_iget_extra_inode:5028: inode #15: comm syz.1.955: corrupted in-inode xattr: e_name out of bounds [ 204.569431][ T8581] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 204.574258][ T8581] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.955: couldn't read orphan inode 15 (err -117) [ 204.583615][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 204.583656][ C1] EXT4-fs (loop1): initial error at time 1774548455: ext4_iget_extra_inode:5028: inode 15 [ 204.583690][ C1] EXT4-fs (loop1): last error at time 1774548455: ext4_iget_extra_inode:5028: inode 15 [ 204.663559][ T8483] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.689099][ T8581] loop1: lost filesystem error report for type 5 error -117 [ 204.689691][ T5842] Bluetooth: hci0: command tx timeout [ 204.711690][ T8483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 204.722302][ T8581] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.739046][ T8483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.764581][ T8483] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.772024][ T8483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 204.798341][ T8483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 204.963272][ T8581] EXT4-fs error (device loop1): ext4_xattr_set_entry:1670: inode #2: comm syz.1.955: corrupted xattr entries [ 204.992409][ T8581] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 205.031991][ T8581] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 205.055048][ T8581] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.955: Corrupt directory, running e2fsck is recommended [ 205.165150][ T8483] hsr_slave_0: entered promiscuous mode [ 205.205981][ T8483] hsr_slave_1: entered promiscuous mode [ 205.244236][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.261269][ T8483] debugfs: 'hsr0' already exists in 'hsr' [ 205.287389][ T8483] Cannot create hsr debugfs directory [ 205.440641][ T8608] loop3: detected capacity change from 0 to 512 [ 205.491924][ T8608] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.510133][ T8608] ext4 filesystem being mounted at /183/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 205.749336][ T30] audit: type=1800 audit(1774548456.213:122): pid=8608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.963" name="file3" dev="loop3" ino=18 res=0 errno=0 [ 205.796380][ T36] hsr_slave_0: left promiscuous mode [ 205.838812][ T36] hsr_slave_1: left promiscuous mode [ 205.874573][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.903973][ T5858] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.916879][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.934519][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.982905][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.155804][ T36] veth1_macvtap: left promiscuous mode [ 206.181204][ T36] veth0_macvtap: left promiscuous mode [ 206.200957][ T36] veth1_vlan: left promiscuous mode [ 206.213877][ T36] veth0_vlan: left promiscuous mode [ 206.231423][ T8604] loop4: detected capacity change from 0 to 32768 [ 206.292822][ T8604] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 206.365251][ T8604] XFS (loop4): Ending clean mount [ 206.376316][ T8604] XFS (loop4): Quotacheck needed: Please wait. [ 206.542917][ T8604] XFS (loop4): Quotacheck: Done. [ 206.631932][ T36] pim6reg (unregistering): left allmulticast mode [ 206.650523][ T5850] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 206.766774][ T5842] Bluetooth: hci0: command tx timeout [ 207.061079][ T36] team0 (unregistering): Port device team_slave_1 removed [ 207.083092][ T36] team0 (unregistering): Port device team_slave_0 removed [ 207.731999][ T8655] gtp0: entered promiscuous mode [ 207.746202][ T8655] gtp0: entered allmulticast mode [ 208.052696][ T8672] loop2: detected capacity change from 0 to 128 [ 208.146834][ T8672] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 208.167013][ T8667] input: syz0 as /devices/virtual/input/input9 [ 208.252780][ T8672] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 208.794296][ T8691] program syz.1.990 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 208.849775][ T5842] Bluetooth: hci0: command tx timeout [ 209.004829][ T8483] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 209.064855][ T8694] loop1: detected capacity change from 0 to 2048 [ 209.107442][ T8483] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 209.134246][ T8694] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 209.172182][ T8483] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 209.210700][ T8483] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 209.525891][ T8483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.600136][ T8483] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.658859][ T1352] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.666109][ T1352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.765022][ T1352] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.772289][ T1352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.938382][ T8683] loop4: detected capacity change from 0 to 32768 [ 210.175321][ T8686] loop2: detected capacity change from 0 to 40427 [ 210.221086][ T8686] F2FS-fs (loop2): build fault injection rate: 14 [ 210.259981][ T8686] F2FS-fs (loop2): build fault injection type: 0xe4 [ 210.302376][ T8686] F2FS-fs (loop2): invalid crc value [ 210.372613][ T8686] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 210.802305][ T8686] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 210.914487][ T8686] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 210.920418][ T8736] loop3: detected capacity change from 0 to 1024 [ 211.051217][ T8483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.087518][ T8736] hfsplus: b-tree write err: -5, ino 2 [ 211.106878][ T8686] CIFS: iocharset name too long [ 211.139958][ T8736] hfsplus: bad catalog entry type [ 211.317296][ T1352] hfsplus: b-tree write err: -5, ino 25 [ 211.335088][ T1352] hfsplus: b-tree write err: -5, ino 4 [ 211.359831][ T1352] hfsplus: b-tree write err: -5, ino 2 [ 211.379071][ T1352] hfsplus: b-tree write err: -5, ino 26 [ 211.566344][ T8717] loop1: detected capacity change from 0 to 32768 [ 211.633503][ T8717] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.997 (8717) [ 211.720416][ T8717] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 211.755985][ T8717] BTRFS info (device loop1): using sha256 checksum algorithm [ 212.004994][ T8717] BTRFS info (device loop1): enabling ssd optimizations [ 212.028226][ T8717] BTRFS info (device loop1): turning on async discard [ 212.035072][ T8717] BTRFS info (device loop1): enabling free space tree [ 212.264700][ T8483] veth0_vlan: entered promiscuous mode [ 212.328049][ T8483] veth1_vlan: entered promiscuous mode [ 212.470442][ T5849] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 212.493016][ T8483] veth0_macvtap: entered promiscuous mode [ 212.544777][ T8483] veth1_macvtap: entered promiscuous mode [ 212.646044][ T8483] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.700909][ T8483] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.774164][ T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.823384][ T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.842748][ T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.901261][ T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.318605][ T1031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.345393][ T1031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.388776][ T8774] loop3: detected capacity change from 0 to 32768 [ 213.406907][ T8790] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 213.421683][ T8774] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1004 (8774) [ 213.450855][ T8790] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.462642][ T8790] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.503185][ T8774] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 213.544558][ T8774] BTRFS info (device loop3): using sha256 checksum algorithm [ 213.557895][ T8794] loop1: detected capacity change from 0 to 128 [ 213.609803][ T8794] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 213.623760][ T8794] hpfs: filesystem error: improperly stopped [ 213.631440][ T8794] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 213.639782][ T8794] hpfs: You really don't want any checks? You are crazy... [ 213.647863][ T8794] hpfs: Code page index out of array [ 213.654404][ T8794] hpfs: code page support is disabled [ 213.660395][ T8794] hpfs: hpfs_map_4sectors(): unaligned read [ 213.675590][ T8794] hpfs: hpfs_map_4sectors(): unaligned read [ 213.696467][ T8794] hpfs: filesystem error: unable to find root dir [ 213.791298][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.803569][ T8774] BTRFS info (device loop3): enabling ssd optimizations [ 213.816197][ T8774] BTRFS info (device loop3): turning on async discard [ 213.823661][ T8774] BTRFS info (device loop3): enabling free space tree [ 213.859956][ T8794] hpfs: hpfs_map_sector(): read error [ 213.890128][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.977156][ T8794] hpfs: hpfs_map_sector(): read error [ 214.234071][ T5858] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 214.387676][ T8823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1014'. [ 215.027486][ T8819] loop2: detected capacity change from 0 to 40427 [ 215.063104][ T8819] F2FS-fs (loop2): build fault injection rate: 771 [ 215.084409][ T8819] F2FS-fs (loop2): invalid crc value [ 215.218482][ T8825] loop5: detected capacity change from 0 to 32768 [ 215.353834][ T8819] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 215.382859][ T8819] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 215.437102][ T8825] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 215.622453][ T8825] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 215.747090][ T8825] XFS (loop5): Starting recovery (logdev: internal) [ 215.822846][ T8847] loop3: detected capacity change from 0 to 2048 [ 215.847516][ T8825] XFS (loop5): Ending recovery (logdev: internal) [ 215.882670][ T8849] loop4: detected capacity change from 0 to 512 [ 215.937840][ T8849] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 216.050317][ T8847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.087876][ T8847] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.222937][ T8483] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 216.345524][ T1015] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 216.856385][ T8865] loop1: detected capacity change from 0 to 512 [ 216.889227][ T8865] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 216.942886][ T8865] EXT4-fs (loop1): 1 truncate cleaned up [ 216.998636][ T5858] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.016512][ T8865] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.021391][ T8870] loop2: detected capacity change from 0 to 164 [ 217.091558][ T30] audit: type=1800 audit(1774548467.553:123): pid=8865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1027" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 217.342404][ T8872] loop3: detected capacity change from 0 to 128 [ 217.405956][ T8872] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 217.573433][ T30] audit: type=1800 audit(1774548468.033:124): pid=8878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1025" name="file1" dev="loop3" ino=94 res=0 errno=0 [ 217.597363][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.698799][ T8880] loop2: detected capacity change from 0 to 2048 [ 217.732270][ T8880] EXT4-fs: Ignoring removed i_version option [ 217.738328][ T8872] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 217.820029][ T8880] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.914001][ T8880] ext4 filesystem being mounted at /213/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.166475][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.449501][ T8899] loop5: detected capacity change from 0 to 256 [ 218.648211][ T8904] netlink: 'syz.2.1040': attribute type 3 has an invalid length. [ 218.694892][ T8904] netlink: 'syz.2.1040': attribute type 3 has an invalid length. [ 218.819949][ T8904] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1040'. [ 219.089747][ T8890] loop3: detected capacity change from 0 to 32768 [ 219.178220][ T8890] JBD2: Ignoring recovery information on journal [ 219.415237][ T8890] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 220.021472][ T5858] ocfs2: Unmounting device (7,3) on (node local) [ 220.162478][ T8949] loop4: detected capacity change from 0 to 16 [ 220.234606][ T8952] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1060'. [ 220.251010][ T8949] erofs (device loop4): mounted with root inode @ nid 36. [ 221.552257][ T8960] loop4: detected capacity change from 0 to 32768 [ 221.595766][ T8960] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 221.726220][ T8960] XFS (loop4): Ending clean mount [ 221.770414][ T8960] XFS (loop4): Quotacheck needed: Please wait. [ 221.927630][ T9007] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode [ 221.973198][ T9007] macvlan2: entered promiscuous mode [ 222.102222][ T8960] XFS (loop4): Quotacheck: Done. [ 222.205587][ T5914] kernel read not supported for file /sysvipc/shm (pid: 5914 comm: kworker/0:5) [ 222.259783][ T5850] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 222.729812][ T9031] openvswitch: netlink: EtherType 50a is less than min 600 [ 224.013378][ T9033] loop5: detected capacity change from 0 to 40427 [ 224.058712][ T9033] F2FS-fs (loop5): build fault injection rate: 174 [ 224.085941][ T9033] F2FS-fs (loop5): build fault injection type: 0x3bfe8c [ 224.135042][ T9033] F2FS-fs (loop5): invalid crc value [ 224.354451][ T9073] tap0: tun_chr_ioctl cmd 1074812118 [ 224.481268][ T9033] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 224.579049][ T9033] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 225.111588][ T9033] syz.5.1091: attempt to access beyond end of device [ 225.111588][ T9033] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 225.350132][ T8483] syz-executor: attempt to access beyond end of device [ 225.350132][ T8483] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 225.424704][ T8483] CPU: 0 UID: 0 PID: 8483 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 225.424740][ T8483] Tainted: [L]=SOFTLOCKUP [ 225.424747][ T8483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 225.424760][ T8483] Call Trace: [ 225.424768][ T8483] [ 225.424777][ T8483] dump_stack_lvl+0xe8/0x150 [ 225.424816][ T8483] f2fs_stop_checkpoint+0x3c7/0x590 [ 225.424855][ T8483] f2fs_write_end_io+0x12e5/0x17a0 [ 225.424907][ T8483] __submit_merged_bio+0x256/0x6a0 [ 225.424955][ T8483] __submit_merged_write_cond+0x3c9/0x4e0 [ 225.424997][ T8483] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 225.425058][ T8483] f2fs_write_data_pages+0x287e/0x34f0 [ 225.425090][ T8483] ? __lock_acquire+0x6b5/0x2cf0 [ 225.425166][ T8483] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 225.425217][ T8483] ? __pfx_css_rstat_updated+0x10/0x10 [ 225.425280][ T8483] ? unwind_next_frame+0xa6/0x2550 [ 225.425301][ T8483] ? rcu_is_watching+0x15/0xb0 [ 225.425319][ T8483] ? __kasan_check_byte+0x12/0x40 [ 225.425341][ T8483] ? __bfs+0x153/0x290 [ 225.425369][ T8483] ? __pfx_hlock_conflict+0x10/0x10 [ 225.425418][ T8483] ? lockdep_unlock+0x5d/0xd0 [ 225.425445][ T8483] ? __lock_acquire+0x146e/0x2cf0 [ 225.425511][ T8483] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 225.425544][ T8483] do_writepages+0x32e/0x550 [ 225.425583][ T8483] ? do_raw_spin_unlock+0xf5/0x210 [ 225.425615][ T8483] filemap_fdatawrite+0x1e9/0x2f0 [ 225.425645][ T8483] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 225.425728][ T8483] ? do_raw_spin_unlock+0xf5/0x210 [ 225.425757][ T8483] f2fs_sync_dirty_inodes+0x30e/0x830 [ 225.425796][ T8483] f2fs_write_checkpoint+0x9df/0x26a0 [ 225.425817][ T8483] ? __lock_acquire+0x6b5/0x2cf0 [ 225.425887][ T8483] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 225.425983][ T8483] kill_f2fs_super+0x314/0x730 [ 225.426014][ T8483] ? __pfx_kill_f2fs_super+0x10/0x10 [ 225.426051][ T8483] ? lockdep_hardirqs_on+0x7a/0x110 [ 225.426095][ T8483] deactivate_locked_super+0xbc/0x130 [ 225.426130][ T8483] cleanup_mnt+0x437/0x4d0 [ 225.426162][ T8483] ? _raw_spin_unlock_irq+0x23/0x50 [ 225.426189][ T8483] task_work_run+0x1d9/0x270 [ 225.426220][ T8483] ? __pfx_task_work_run+0x10/0x10 [ 225.426257][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.426282][ T8483] exit_to_user_mode_loop+0xed/0x480 [ 225.426310][ T8483] ? rcu_is_watching+0x15/0xb0 [ 225.426332][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.426356][ T8483] do_syscall_64+0x33e/0xf80 [ 225.426380][ T8483] ? trace_irq_disable+0x3b/0x140 [ 225.426406][ T8483] ? clear_bhb_loop+0x40/0x90 [ 225.426434][ T8483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.426455][ T8483] RIP: 0033:0x7fb33eb9d9d7 [ 225.426476][ T8483] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 225.426493][ T8483] RSP: 002b:00007ffd711e8298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 225.426517][ T8483] RAX: 0000000000000000 RBX: 00007fb33ec32050 RCX: 00007fb33eb9d9d7 [ 225.426530][ T8483] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd711e8350 [ 225.426542][ T8483] RBP: 00007ffd711e8350 R08: 00007ffd711e9350 R09: 00000000ffffffff [ 225.426556][ T8483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd711e93e0 [ 225.426569][ T8483] R13: 00007fb33ec32050 R14: 0000000000036eeb R15: 00007ffd711e9420 [ 225.426608][ T8483] [ 225.777371][ T9039] loop3: detected capacity change from 0 to 40427 [ 225.856802][ T8483] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 226.217870][ T9039] F2FS-fs (loop3): build fault injection rate: 771 [ 226.233823][ T9039] F2FS-fs (loop3): invalid crc value [ 226.239836][ T5906] loop5: lost filesystem error report for type 5 error -108 [ 226.244372][ T9039] F2FS-fs (loop3): Failed to start F2FS issue_checkpoint_thread (-4) [ 226.770662][ T9121] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1117'. [ 226.882178][ T9124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1119'. [ 226.894730][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1117'. [ 227.509904][ T9132] loop2: detected capacity change from 0 to 8192 [ 229.048995][ T9178] loop3: detected capacity change from 0 to 32768 [ 229.130544][ T9178] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 229.140948][ T9178] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 229.309522][ T9178] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 229.327636][ T5899] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 229.376982][ T5899] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 229.802083][ T5899] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 425ms [ 229.876432][ T5899] gfs2: fsid=syz:syz.0: jid=0: Done [ 229.907686][ T9178] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 229.969207][ T9197] loop5: detected capacity change from 0 to 8192 [ 230.330128][ T9214] loop2: detected capacity change from 0 to 512 [ 230.397961][ T9214] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.482055][ T9178] gfs2: fsid=syz:syz.0: found 2 quota changes [ 230.901410][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.206381][ T9232] random: crng reseeded on system resumption [ 231.380885][ T9234] block device autoloading is deprecated and will be removed. [ 231.398027][ T5899] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 231.566901][ T5899] usb 3-1: Using ep0 maxpacket: 32 [ 231.583416][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.610853][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.647452][ T5899] usb 3-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 231.658287][ T9241] loop5: detected capacity change from 0 to 4096 [ 231.672209][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.699280][ T9241] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512). [ 231.761514][ T5899] usb 3-1: config 0 descriptor?? [ 232.101924][ T9249] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 232.122013][ T9249] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 232.338294][ T5899] nintendo 0003:057E:200E.0009: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.2-1/input0 [ 232.478623][ T5899] nintendo 0003:057E:200E.0009: Failed charging grip handshake [ 232.538889][ T5899] nintendo 0003:057E:200E.0009: Failed to initialize controller; ret=-110 [ 232.613243][ T5899] nintendo 0003:057E:200E.0009: probe - fail = -110 [ 232.641052][ T5899] nintendo 0003:057E:200E.0009: probe with driver nintendo failed with error -110 [ 232.681246][ T5899] usb 3-1: USB disconnect, device number 5 [ 232.732341][ T9257] fido_id[9257]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:057E:200E.0009/report_descriptor': No such device [ 233.163094][ T9267] netlink: 'syz.1.1160': attribute type 10 has an invalid length. [ 233.200059][ T9267] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.207930][ T9267] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.245567][ T9267] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.252869][ T9267] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.260690][ T9267] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.267954][ T9267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.303760][ T9267] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 233.312499][ T9271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1160'. [ 233.351152][ T9271] bridge_slave_1: left allmulticast mode [ 233.391220][ T9259] loop3: detected capacity change from 0 to 32768 [ 233.414727][ T9259] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1156 (9259) [ 233.438517][ T9271] bridge_slave_1: left promiscuous mode [ 233.445177][ T9271] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.472605][ T9259] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 233.505806][ T9259] BTRFS info (device loop3): using crc32c checksum algorithm [ 233.511475][ T9273] loop5: detected capacity change from 0 to 2048 [ 233.531290][ T9271] bridge_slave_0: left allmulticast mode [ 233.539547][ T9271] bridge_slave_0: left promiscuous mode [ 233.562873][ T9271] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.652015][ T9273] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.669838][ T9271] bond0: (slave bridge0): Releasing backup interface [ 233.689967][ T9259] BTRFS info (device loop3): enabling ssd optimizations [ 233.703866][ T9273] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.720739][ T9259] BTRFS info (device loop3): turning on flush-on-commit [ 233.755672][ T9259] BTRFS info (device loop3): enabling free space tree [ 233.785841][ T9259] BTRFS info (device loop3): enabling auto defrag [ 233.807863][ T9259] BTRFS info (device loop3): use lzo compression, level 1 [ 233.835216][ T9259] BTRFS info (device loop3): max_inline set to 4096 [ 233.896505][ T9297] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1163: bg 0: block 345: padding at end of block bitmap is not set [ 233.951113][ T9297] EXT4-fs (loop5): Remounting filesystem read-only [ 234.011677][ T1015] EXT4-fs warning (device loop5): ext4_convert_unwritten_extents:5037: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30 [ 234.191329][ T8483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.223142][ T30] audit: type=1800 audit(1774548484.683:125): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1156" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 234.707020][ T5858] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 234.865525][ T9303] loop2: detected capacity change from 0 to 32768 [ 234.932603][ T9303] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1167 (9303) [ 234.984163][ T9303] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 235.006649][ T9303] BTRFS info (device loop2): using crc32c checksum algorithm [ 235.108432][ T9307] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 235.161091][ T9308] syz.1.1170 (9308) used greatest stack depth: 17816 bytes left [ 235.203747][ T9307] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 235.211607][ T9303] BTRFS info (device loop2): enabling ssd optimizations [ 235.233466][ T9303] BTRFS info (device loop2): turning on flush-on-commit [ 235.253836][ T9307] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 235.275224][ T9307] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 235.296442][ T9307] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 235.308510][ T9303] BTRFS info (device loop2): enabling free space tree [ 235.328673][ T9307] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 235.334833][ T9303] BTRFS info (device loop2): enabling auto defrag [ 235.341477][ T9303] BTRFS info (device loop2): use lzo compression, level 1 [ 235.349119][ T9303] BTRFS info (device loop2): max_inline set to 4096 [ 235.409209][ T9307] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 235.574496][ T9344] netlink: 'syz.3.1178': attribute type 10 has an invalid length. [ 235.637762][ T9344] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.645548][ T9344] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.698601][ T9347] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1178'. [ 235.744978][ T9344] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.752316][ T9344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.759945][ T9344] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.767194][ T9344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.837910][ T9344] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 235.880985][ T9347] bridge_slave_1: left allmulticast mode [ 235.894563][ T5846] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 235.916825][ T9347] bridge_slave_1: left promiscuous mode [ 235.943806][ T9347] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.038349][ T9347] bridge_slave_0: left allmulticast mode [ 236.067768][ T9347] bridge_slave_0: left promiscuous mode [ 236.077380][ T9351] loop5: detected capacity change from 0 to 1024 [ 236.096207][ T9347] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.144728][ T9316] loop4: detected capacity change from 0 to 32768 [ 236.188648][ T9351] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.201137][ T9316] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1173 (9316) [ 236.366952][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.390766][ T9316] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 236.401410][ T9316] BTRFS info (device loop4): using crc32c checksum algorithm [ 236.455421][ T9347] bond0: (slave bridge0): Releasing backup interface [ 236.558292][ T9316] BTRFS info (device loop4): enabling ssd optimizations [ 236.569527][ T9316] BTRFS info (device loop4): turning on flush-on-commit [ 236.616281][ T8483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.639261][ T9316] BTRFS info (device loop4): enabling free space tree [ 236.672530][ T9316] BTRFS info (device loop4): enabling auto defrag [ 236.706434][ T9316] BTRFS info (device loop4): use lzo compression, level 1 [ 236.774441][ T9316] BTRFS info (device loop4): max_inline set to 4096 [ 236.885023][ T9381] program syz.5.1183 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.148419][ T5850] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 237.249280][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 237.326835][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 237.333017][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout [ 237.339741][ T5161] Bluetooth: hci3: command 0x0c1a tx timeout [ 237.466289][ T30] audit: type=1326 audit(1774548487.913:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 237.620649][ T30] audit: type=1326 audit(1774548487.913:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 237.683427][ T30] audit: type=1326 audit(1774548487.923:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 237.742327][ T30] audit: type=1326 audit(1774548487.923:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 237.765561][ T30] audit: type=1326 audit(1774548487.963:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 237.863315][ T30] audit: type=1326 audit(1774548487.963:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 237.973368][ T30] audit: type=1326 audit(1774548487.963:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 238.074149][ T30] audit: type=1326 audit(1774548487.963:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b9f9c799 code=0x7ffc0000 [ 238.141735][ T9414] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1200'. [ 238.171693][ T9414] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1200'. [ 238.200952][ T9416] loop4: detected capacity change from 0 to 256 [ 238.218503][ T9416] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 238.729985][ T9427] sctp: [Deprecated]: syz.3.1206 (pid 9427) Use of int in max_burst socket option. [ 238.729985][ T9427] Use struct sctp_assoc_value instead [ 239.065801][ T9431] netlink: 27 bytes leftover after parsing attributes in process `syz.3.1208'. [ 239.212224][ T9420] loop1: detected capacity change from 0 to 32768 [ 239.234482][ T9420] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1203 (9420) [ 239.292513][ T9420] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 239.321062][ T9420] BTRFS info (device loop1): using crc32c checksum algorithm [ 239.408651][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 239.525344][ T9420] BTRFS info (device loop1): enabling ssd optimizations [ 239.544795][ T9420] BTRFS info (device loop1): turning on flush-on-commit [ 239.554139][ T9420] BTRFS info (device loop1): enabling free space tree [ 239.563020][ T9420] BTRFS info (device loop1): enabling auto defrag [ 239.576992][ T9420] BTRFS info (device loop1): use lzo compression, level 1 [ 239.612564][ T9420] BTRFS info (device loop1): max_inline set to 4096 [ 239.722166][ T9423] loop4: detected capacity change from 0 to 40427 [ 239.754285][ T9423] F2FS-fs (loop4): build fault injection rate: 14 [ 239.776026][ T9423] F2FS-fs (loop4): build fault injection type: 0xe4 [ 239.800575][ T9423] F2FS-fs (loop4): invalid crc value [ 239.856050][ T9423] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 240.043246][ T9423] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 240.134227][ T5849] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 240.182437][ T9423] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 240.253399][ T9464] netlink: 'syz.2.1215': attribute type 13 has an invalid length. [ 240.328138][ T9465] netlink: 'syz.2.1215': attribute type 16 has an invalid length. [ 240.347861][ T9465] netlink: 'syz.2.1215': attribute type 17 has an invalid length. [ 240.393238][ T9423] F2FS-fs (loop4): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x89d/0x2060 [ 240.601501][ T5850] syz-executor: attempt to access beyond end of device [ 240.601501][ T5850] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 240.705923][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 240.705959][ T5850] Tainted: [L]=SOFTLOCKUP [ 240.705967][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 240.705980][ T5850] Call Trace: [ 240.705988][ T5850] [ 240.705998][ T5850] dump_stack_lvl+0xe8/0x150 [ 240.706038][ T5850] f2fs_stop_checkpoint+0x3c7/0x590 [ 240.706077][ T5850] f2fs_write_end_io+0x12e5/0x17a0 [ 240.706123][ T5850] __submit_merged_bio+0x256/0x6a0 [ 240.706161][ T5850] __submit_merged_write_cond+0x3c9/0x4e0 [ 240.706201][ T5850] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 240.706257][ T5850] f2fs_write_data_pages+0x287e/0x34f0 [ 240.706289][ T5850] ? unwind_next_frame+0xa6/0x2550 [ 240.706361][ T5850] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 240.706391][ T5850] ? is_bpf_text_address+0x26/0x2b0 [ 240.706432][ T5850] ? arch_stack_walk+0xfb/0x150 [ 240.706484][ T5850] ? add_lock_to_list+0xc7/0x100 [ 240.706511][ T5850] ? lockdep_unlock+0x5d/0xd0 [ 240.706537][ T5850] ? __lock_acquire+0x146e/0x2cf0 [ 240.706595][ T5850] ? do_raw_spin_lock+0x12b/0x2f0 [ 240.706632][ T5850] ? do_raw_spin_unlock+0xf5/0x210 [ 240.706658][ T5850] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 240.706692][ T5850] do_writepages+0x32e/0x550 [ 240.706734][ T5850] ? do_raw_spin_unlock+0xf5/0x210 [ 240.706764][ T5850] filemap_fdatawrite+0x1e9/0x2f0 [ 240.706793][ T5850] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 240.706866][ T5850] ? do_raw_spin_unlock+0xf5/0x210 [ 240.706895][ T5850] f2fs_sync_dirty_inodes+0x30e/0x830 [ 240.706932][ T5850] f2fs_write_checkpoint+0x9df/0x26a0 [ 240.706952][ T5850] ? __lock_acquire+0x6b5/0x2cf0 [ 240.707015][ T5850] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 240.707096][ T5850] kill_f2fs_super+0x314/0x730 [ 240.707125][ T5850] ? __pfx_kill_f2fs_super+0x10/0x10 [ 240.707160][ T5850] ? lockdep_hardirqs_on+0x7a/0x110 [ 240.707200][ T5850] deactivate_locked_super+0xbc/0x130 [ 240.707233][ T5850] cleanup_mnt+0x437/0x4d0 [ 240.707264][ T5850] ? _raw_spin_unlock_irq+0x23/0x50 [ 240.707290][ T5850] task_work_run+0x1d9/0x270 [ 240.707320][ T5850] ? __pfx_task_work_run+0x10/0x10 [ 240.707360][ T5850] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.707383][ T5850] exit_to_user_mode_loop+0xed/0x480 [ 240.707411][ T5850] ? rcu_is_watching+0x15/0xb0 [ 240.707431][ T5850] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.707453][ T5850] do_syscall_64+0x33e/0xf80 [ 240.707477][ T5850] ? trace_irq_disable+0x3b/0x140 [ 240.707502][ T5850] ? clear_bhb_loop+0x40/0x90 [ 240.707527][ T5850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.707547][ T5850] RIP: 0033:0x7f6b6b99d9d7 [ 240.707567][ T5850] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 240.707584][ T5850] RSP: 002b:00007ffc400c8458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 240.707605][ T5850] RAX: 0000000000000000 RBX: 00007f6b6ba32050 RCX: 00007f6b6b99d9d7 [ 240.707619][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc400c8510 [ 240.707631][ T5850] RBP: 00007ffc400c8510 R08: 00007ffc400c9510 R09: 00000000ffffffff [ 240.707646][ T5850] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc400c95a0 [ 240.707659][ T5850] R13: 00007f6b6ba32050 R14: 000000000003ab52 R15: 00007ffc400c95e0 [ 240.707693][ T5850] [ 241.124825][ T5850] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 241.327819][ T5906] loop4: lost filesystem error report for type 5 error -108 [ 241.357655][ T9469] loop1: detected capacity change from 0 to 32768 [ 241.394877][ T9465] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 241.412527][ T9469] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1214 (9469) [ 241.462574][ T9469] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 241.487535][ T5161] Bluetooth: hci0: command 0x0c1a tx timeout [ 241.526628][ T9469] BTRFS info (device loop1): using crc32c checksum algorithm [ 241.726786][ T9469] BTRFS info (device loop1): enabling ssd optimizations [ 241.743957][ T9469] BTRFS info (device loop1): turning on flush-on-commit [ 241.751463][ T9469] BTRFS info (device loop1): enabling free space tree [ 241.758757][ T9469] BTRFS info (device loop1): enabling auto defrag [ 241.765367][ T9469] BTRFS info (device loop1): use lzo compression, level 1 [ 241.773093][ T9469] BTRFS info (device loop1): max_inline set to 4096 [ 242.030981][ T9498] random: crng reseeded on system resumption [ 242.096892][ T809] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 242.131941][ T5849] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 242.299043][ T809] usb 3-1: Using ep0 maxpacket: 16 [ 242.331850][ T809] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.386845][ T809] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 242.424265][ T809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.478375][ T809] usb 3-1: config 0 descriptor?? [ 242.935390][ T809] mcp2221 0003:04D8:00DD.000A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 243.213042][ T9500] loop5: detected capacity change from 0 to 32768 [ 243.241483][ T9500] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1225 (9500) [ 243.303587][ T9500] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 243.347798][ T9500] BTRFS info (device loop5): using crc32c checksum algorithm [ 243.430522][ T809] usb 3-1: USB disconnect, device number 6 [ 243.544405][ T9500] BTRFS info (device loop5): enabling ssd optimizations [ 243.576896][ T5161] Bluetooth: hci0: command 0x0c1a tx timeout [ 243.607056][ T9500] BTRFS info (device loop5): turning on flush-on-commit [ 243.637570][ T9500] BTRFS info (device loop5): enabling free space tree [ 243.686642][ T9500] BTRFS info (device loop5): enabling auto defrag [ 243.709040][ T9500] BTRFS info (device loop5): use lzo compression, level 1 [ 243.743674][ T9500] BTRFS info (device loop5): max_inline set to 4096 [ 243.936840][ T5980] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 244.127542][ T5980] usb 4-1: Using ep0 maxpacket: 32 [ 244.148218][ T5980] usb 4-1: config 51 has an invalid interface number: 208 but max is 0 [ 244.190060][ T5980] usb 4-1: config 51 has no interface number 0 [ 244.210726][ T8483] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 244.221305][ T5980] usb 4-1: config 51 interface 208 has no altsetting 0 [ 244.239948][ T5980] usb 4-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=8b.70 [ 244.261419][ T5980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.281782][ T5980] usb 4-1: Product: syz [ 244.290492][ T5980] usb 4-1: Manufacturer: syz [ 244.300958][ T5980] usb 4-1: SerialNumber: syz [ 244.927390][ T9558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1242'. [ 245.082715][ T9565] loop1: detected capacity change from 0 to 2048 [ 245.170762][ T5980] f81534a_ctrl 4-1:51.208: failed to enable ports: -71 [ 245.181015][ T9565] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 245.209214][ T5980] f81534a_ctrl 4-1:51.208: probe with driver f81534a_ctrl failed with error -71 [ 245.237174][ T5980] usb 4-1: USB disconnect, device number 9 [ 245.291486][ T9565] ext4 filesystem being mounted at /243/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 245.322510][ T5906] IPVS: starting estimator thread 0... [ 245.439516][ T9560] cgroup: fork rejected by pids controller in /syz5 [ 245.448461][ T9575] IPVS: using max 34 ests per chain, 81600 per kthread [ 245.479070][ T9593] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1243: bg 0: block 345: padding at end of block bitmap is not set [ 245.528041][ T9593] EXT4-fs (loop1): Remounting filesystem read-only [ 245.568280][ T1015] EXT4-fs warning (device loop1): ext4_convert_unwritten_extents:5037: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30 [ 245.875316][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.910383][ T9821] loop3: detected capacity change from 0 to 64 [ 246.444784][ T9832] Zero length message leads to an empty skb [ 247.885180][ T9877] loop1: detected capacity change from 0 to 4096 [ 248.139995][ T9889] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 248.336968][ T30] audit: type=1800 audit(1774548498.793:134): pid=9877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1271" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 248.589979][ T9900] loop5: detected capacity change from 0 to 1024 [ 248.625220][ T9900] EXT4-fs: Ignoring removed bh option [ 248.709412][ T9900] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 249.040326][ T9912] loop2: detected capacity change from 0 to 2048 [ 249.091064][ T9912] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 249.198468][ T9912] overlayfs: upper fs needs to support d_type. [ 249.379106][ T9912] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 249.409267][ T9912] overlayfs: failed to set xattr on upper [ 249.439656][ T9912] overlayfs: ...falling back to redirect_dir=nofollow. [ 249.488788][ T9903] loop4: detected capacity change from 0 to 32768 [ 249.498187][ T9912] overlayfs: ...falling back to index=off. [ 249.516935][ T9912] overlayfs: ...falling back to uuid=null. [ 249.562408][ T8483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.618040][ T9903] JBD2: Ignoring recovery information on journal [ 249.808290][ T9903] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 249.961869][ T5846] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 250.003312][ T5846] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 250.038005][ T9939] loop1: detected capacity change from 0 to 2048 [ 250.117415][ T9942] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 250.299702][ T5850] ocfs2: Unmounting device (7,4) on (node local) [ 250.357229][ T9945] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 250.382136][ T9945] syzkaller1: linktype set to 825 [ 250.441731][ T9942] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 250.485205][ T9942] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 250.586746][ T9942] Remounting filesystem read-only [ 250.639295][ T5849] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 250.900303][ T9954] loop1: detected capacity change from 0 to 4096 [ 250.948057][ T9954] NILFS (loop1): invalid segment: Checksum error in segment payload [ 250.977773][ T9954] NILFS (loop1): trying rollback from an earlier position [ 251.036347][ T9954] NILFS (loop1): recovery complete [ 251.050401][ T9960] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 251.107828][ T1031] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.553530][ T1031] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.686216][ T9969] loop5: detected capacity change from 0 to 4096 [ 251.844922][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 251.872710][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 251.884533][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 251.906459][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 251.919069][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 251.935495][ T1031] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.080512][ T9977] loop4: detected capacity change from 0 to 2048 [ 252.171645][ T9977] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.198173][ T9977] ext4 filesystem being mounted at /279/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 252.213462][ T1031] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.405310][ T9987] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1305: bg 0: block 345: padding at end of block bitmap is not set [ 252.490486][ T9987] EXT4-fs (loop4): Remounting filesystem read-only [ 252.525539][ T9977] EXT4-fs warning (device loop4): ext4_es_cache_extent:1082: inode #15: comm syz.4.1305: ES cache extent failed: add [0,16,112,0x1] conflict with existing [1,15,113,0x12] [ 252.525539][ T9977] [ 252.564949][ T12] EXT4-fs warning (device loop4): ext4_convert_unwritten_extents:5037: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30 [ 252.811790][ T5850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.886344][ T9968] loop3: detected capacity change from 0 to 40427 [ 252.911263][ T9968] F2FS-fs (loop3): invalid crc value [ 253.242846][ T9968] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 253.378163][ T9968] F2FS-fs (loop3): Start checkpoint disabled! [ 253.451039][ T1031] bridge_slave_1: left allmulticast mode [ 253.481422][ T1031] bridge_slave_1: left promiscuous mode [ 253.512623][ T1031] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.550430][ T9968] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 253.575204][ T9968] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 253.588299][ T1031] bridge_slave_0: left allmulticast mode [ 253.614789][ T1031] bridge_slave_0: left promiscuous mode [ 253.641307][ T1031] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.050479][ T5161] Bluetooth: hci1: command tx timeout [ 254.559265][ T1031] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.592047][ T1031] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.609532][ T1031] bond0 (unregistering): Released all slaves [ 254.672631][ T9973] chnl_net:caif_netlink_parms(): no params data found [ 255.377947][T10060] netlink: 'syz.3.1329': attribute type 21 has an invalid length. [ 255.544909][ T9973] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.562284][ T9973] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.583179][ T9973] bridge_slave_0: entered allmulticast mode [ 255.628449][ T9973] bridge_slave_0: entered promiscuous mode [ 255.686363][ T9973] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.714824][ T9973] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.732048][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.742234][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.752338][ T9973] bridge_slave_1: entered allmulticast mode [ 255.808751][ T9973] bridge_slave_1: entered promiscuous mode [ 255.885228][ T1031] hsr_slave_0: left promiscuous mode [ 255.896800][ T92] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 255.914723][ T1031] hsr_slave_1: left promiscuous mode [ 255.932195][ T1031] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.955687][ T1031] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.985877][ T1031] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.006088][ T1031] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 256.059871][ T1031] veth1_macvtap: left promiscuous mode [ 256.076941][ T1031] veth0_macvtap: left promiscuous mode [ 256.084048][ T1031] veth1_vlan: left promiscuous mode [ 256.096966][ T92] usb 4-1: Using ep0 maxpacket: 8 [ 256.103706][ T1031] veth0_vlan: left promiscuous mode [ 256.115241][ T92] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 256.126629][ T5161] Bluetooth: hci1: command tx timeout [ 256.138196][ T92] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 256.148477][ T92] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 256.159806][ T92] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 256.173239][ T92] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 256.182439][ T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.240169][T10090] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1336'. [ 256.414629][ T92] usb 4-1: usb_control_msg returned -32 [ 256.424248][ T92] usbtmc 4-1:16.0: can't read capabilities [ 256.472760][ T92] usb 4-1: USB disconnect, device number 10 [ 256.643854][ T1031] team0 (unregistering): Port device team_slave_1 removed [ 256.668465][ T1031] team0 (unregistering): Port device team_slave_0 removed [ 256.883072][T10090] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1336'. [ 256.932710][ T9973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.955356][ T9973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.099199][ T9973] team0: Port device team_slave_0 added [ 257.152336][ T9973] team0: Port device team_slave_1 added [ 257.367985][ T9973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.414696][ T9973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 257.523913][ T9973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.604227][ T9973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.637580][ T9973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 257.756813][ T9973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.865668][ T1031] IPVS: stop unused estimator thread 0... [ 257.958055][T10120] loop5: detected capacity change from 0 to 2048 [ 258.011335][T10120] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 258.079432][T10120] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 258.124160][ T9973] hsr_slave_0: entered promiscuous mode [ 258.130213][T10120] UDF-fs: Scanning with blocksize 512 failed [ 258.164277][ T9973] hsr_slave_1: entered promiscuous mode [ 258.206761][ T5161] Bluetooth: hci1: command tx timeout [ 258.212493][T10120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 258.412515][ T30] audit: type=1800 audit(1774548508.873:135): pid=10127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1348" name="file1" dev="loop5" ino=838 res=0 errno=0 [ 258.521781][T10131] loop3: detected capacity change from 0 to 512 [ 258.639314][T10131] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.693577][T10131] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.755401][T10131] EXT4-fs error (device loop3): ext4_add_entry:2415: inode #12: comm syz.3.1351: Directory hole found for htree leaf block 0 [ 258.776068][T10139] netlink: 'syz.4.1353': attribute type 10 has an invalid length. [ 258.853235][T10139] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.953322][T10139] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 259.005488][T10141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 259.019587][ T5858] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.053434][T10141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 259.098775][T10141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 259.136216][T10141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.190651][T10141] bond0: (slave batadv0): Releasing backup interface [ 259.231650][T10149] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 259.242947][T10116] loop1: detected capacity change from 0 to 40427 [ 259.326691][T10116] F2FS-fs (loop1): build fault injection rate: 771 [ 259.343587][T10116] F2FS-fs (loop1): invalid crc value [ 259.685970][T10116] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 259.760754][T10116] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 259.995764][ T9973] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 260.010383][T10158] loop4: detected capacity change from 0 to 8192 [ 260.043320][ T9973] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 260.070286][ T5849] syz-executor: attempt to access beyond end of device [ 260.070286][ T5849] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 260.089111][ T9973] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 260.134607][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 260.134643][ T5849] Tainted: [L]=SOFTLOCKUP [ 260.134650][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 260.134676][ T5849] Call Trace: [ 260.134684][ T5849] [ 260.134694][ T5849] dump_stack_lvl+0xe8/0x150 [ 260.134734][ T5849] f2fs_stop_checkpoint+0x3c7/0x590 [ 260.134773][ T5849] f2fs_write_end_io+0x12e5/0x17a0 [ 260.134824][ T5849] __submit_merged_bio+0x256/0x6a0 [ 260.134864][ T5849] __submit_merged_write_cond+0x3c9/0x4e0 [ 260.134906][ T5849] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 260.134967][ T5849] f2fs_write_data_pages+0x287e/0x34f0 [ 260.135004][ T5849] ? unwind_next_frame+0xa6/0x2550 [ 260.135070][ T5849] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 260.135101][ T5849] ? is_bpf_text_address+0x26/0x2b0 [ 260.135153][ T5849] ? arch_stack_walk+0xfb/0x150 [ 260.135214][ T5849] ? add_lock_to_list+0xc7/0x100 [ 260.135240][ T5849] ? lockdep_unlock+0x5d/0xd0 [ 260.135267][ T5849] ? __lock_acquire+0x146e/0x2cf0 [ 260.135332][ T5849] ? do_raw_spin_lock+0x12b/0x2f0 [ 260.135373][ T5849] ? do_raw_spin_unlock+0xf5/0x210 [ 260.135399][ T5849] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 260.135435][ T5849] do_writepages+0x32e/0x550 [ 260.135474][ T5849] ? do_raw_spin_unlock+0xf5/0x210 [ 260.135505][ T5849] filemap_fdatawrite+0x1e9/0x2f0 [ 260.135536][ T5849] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 260.135609][ T5849] ? preempt_schedule_common+0x82/0xd0 [ 260.135635][ T5849] ? preempt_schedule_thunk+0x16/0x30 [ 260.135671][ T5849] f2fs_sync_dirty_inodes+0x30e/0x830 [ 260.135712][ T5849] f2fs_write_checkpoint+0x9df/0x26a0 [ 260.135778][ T5849] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 260.135852][ T5849] ? kfree+0x1c5/0x640 [ 260.135880][ T5849] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 260.135916][ T5849] kill_f2fs_super+0x314/0x730 [ 260.135946][ T5849] ? __pfx_kill_f2fs_super+0x10/0x10 [ 260.135985][ T5849] ? lockdep_hardirqs_on+0x7a/0x110 [ 260.136029][ T5849] deactivate_locked_super+0xbc/0x130 [ 260.136063][ T5849] cleanup_mnt+0x437/0x4d0 [ 260.136094][ T5849] ? _raw_spin_unlock_irq+0x23/0x50 [ 260.136122][ T5849] task_work_run+0x1d9/0x270 [ 260.136168][ T5849] ? __pfx_task_work_run+0x10/0x10 [ 260.136210][ T5849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.136234][ T5849] exit_to_user_mode_loop+0xed/0x480 [ 260.136262][ T5849] ? rcu_is_watching+0x15/0xb0 [ 260.136284][ T5849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.136307][ T5849] do_syscall_64+0x33e/0xf80 [ 260.136332][ T5849] ? trace_irq_disable+0x3b/0x140 [ 260.136357][ T5849] ? clear_bhb_loop+0x40/0x90 [ 260.136384][ T5849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.136404][ T5849] RIP: 0033:0x7f553979d9d7 [ 260.136426][ T5849] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 260.136443][ T5849] RSP: 002b:00007fff40221728 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 260.136465][ T5849] RAX: 0000000000000000 RBX: 00007f5539832050 RCX: 00007f553979d9d7 [ 260.136479][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff402217e0 [ 260.136492][ T5849] RBP: 00007fff402217e0 R08: 00007fff402227e0 R09: 00000000ffffffff [ 260.136506][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff40222870 [ 260.136518][ T5849] R13: 00007f5539832050 R14: 000000000003f747 R15: 00007fff402228b0 [ 260.136555][ T5849] [ 260.484193][ T9973] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 260.492917][ T5161] Bluetooth: hci1: command tx timeout [ 260.523038][ T5849] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 260.546380][T10146] loop5: detected capacity change from 0 to 40427 [ 260.561828][T10146] F2FS-fs (loop5): build fault injection rate: 771 [ 260.569939][T10146] F2FS-fs (loop5): invalid crc value [ 260.693016][T10146] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 260.891354][T10146] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 260.997784][T10184] af_packet: tpacket_rcv: packet too big, clamped from 125 to 4294967286. macoff=82 [ 261.182270][ T8483] syz-executor: attempt to access beyond end of device [ 261.182270][ T8483] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 261.241609][ T9973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 261.264819][ T8483] CPU: 1 UID: 0 PID: 8483 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 261.264854][ T8483] Tainted: [L]=SOFTLOCKUP [ 261.264863][ T8483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 261.264876][ T8483] Call Trace: [ 261.264884][ T8483] [ 261.264893][ T8483] dump_stack_lvl+0xe8/0x150 [ 261.264933][ T8483] f2fs_stop_checkpoint+0x3c7/0x590 [ 261.264968][ T8483] f2fs_write_end_io+0x12e5/0x17a0 [ 261.265029][ T8483] __submit_merged_bio+0x256/0x6a0 [ 261.265068][ T8483] __submit_merged_write_cond+0x3c9/0x4e0 [ 261.265110][ T8483] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 261.265165][ T8483] f2fs_write_data_pages+0x287e/0x34f0 [ 261.265197][ T8483] ? __lock_acquire+0x6b5/0x2cf0 [ 261.265271][ T8483] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 261.265321][ T8483] ? __pfx_css_rstat_updated+0x10/0x10 [ 261.265382][ T8483] ? unwind_next_frame+0xa6/0x2550 [ 261.265402][ T8483] ? rcu_is_watching+0x15/0xb0 [ 261.265420][ T8483] ? __kasan_check_byte+0x12/0x40 [ 261.265442][ T8483] ? __bfs+0x153/0x290 [ 261.265470][ T8483] ? __pfx_hlock_conflict+0x10/0x10 [ 261.265514][ T8483] ? lockdep_unlock+0x5d/0xd0 [ 261.265540][ T8483] ? __lock_acquire+0x146e/0x2cf0 [ 261.265604][ T8483] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 261.265639][ T8483] do_writepages+0x32e/0x550 [ 261.265678][ T8483] ? do_raw_spin_unlock+0xf5/0x210 [ 261.265709][ T8483] filemap_fdatawrite+0x1e9/0x2f0 [ 261.265739][ T8483] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 261.265823][ T8483] ? do_raw_spin_unlock+0xf5/0x210 [ 261.265855][ T8483] f2fs_sync_dirty_inodes+0x30e/0x830 [ 261.265897][ T8483] f2fs_write_checkpoint+0x9df/0x26a0 [ 261.265964][ T8483] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 261.266047][ T8483] ? kfree+0x1c5/0x640 [ 261.266075][ T8483] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 261.266108][ T8483] kill_f2fs_super+0x314/0x730 [ 261.266138][ T8483] ? __pfx_kill_f2fs_super+0x10/0x10 [ 261.266177][ T8483] ? lockdep_hardirqs_on+0x7a/0x110 [ 261.266222][ T8483] deactivate_locked_super+0xbc/0x130 [ 261.266256][ T8483] cleanup_mnt+0x437/0x4d0 [ 261.266292][ T8483] ? _raw_spin_unlock_irq+0x23/0x50 [ 261.266320][ T8483] task_work_run+0x1d9/0x270 [ 261.266352][ T8483] ? __pfx_task_work_run+0x10/0x10 [ 261.266388][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.266413][ T8483] exit_to_user_mode_loop+0xed/0x480 [ 261.266441][ T8483] ? rcu_is_watching+0x15/0xb0 [ 261.266464][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.266488][ T8483] do_syscall_64+0x33e/0xf80 [ 261.266517][ T8483] ? trace_irq_disable+0x3b/0x140 [ 261.266542][ T8483] ? clear_bhb_loop+0x40/0x90 [ 261.266568][ T8483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.266590][ T8483] RIP: 0033:0x7fb33eb9d9d7 [ 261.266609][ T8483] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 261.266627][ T8483] RSP: 002b:00007ffd711e8298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 261.266649][ T8483] RAX: 0000000000000000 RBX: 00007fb33ec32050 RCX: 00007fb33eb9d9d7 [ 261.266664][ T8483] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd711e8350 [ 261.266676][ T8483] RBP: 00007ffd711e8350 R08: 00007ffd711e9350 R09: 00000000ffffffff [ 261.266691][ T8483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd711e93e0 [ 261.266704][ T8483] R13: 00007fb33ec32050 R14: 000000000003fb95 R15: 00007ffd711e9420 [ 261.266742][ T8483] [ 261.465544][ T9973] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.557710][ T8483] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 261.715350][T10189] netem: change failed [ 261.742367][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.749728][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.789964][ T1015] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.797204][ T1015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.109750][T10195] loop4: detected capacity change from 0 to 128 [ 262.898470][ T9973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 263.488975][T10236] loop4: detected capacity change from 0 to 128 [ 263.596380][T10239] program syz.1.1377 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.795521][T10243] loop4: detected capacity change from 0 to 1024 [ 264.039832][ T36] hfsplus: b-tree write err: -5, ino 25 [ 264.092517][ T36] hfsplus: b-tree write err: -5, ino 4 [ 264.139837][ T36] hfsplus: b-tree write err: -5, ino 2 [ 264.152345][ T36] hfsplus: b-tree write err: -5, ino 17 [ 264.218038][ T9973] veth0_vlan: entered promiscuous mode [ 264.272035][ T9973] veth1_vlan: entered promiscuous mode [ 264.419728][T10259] serio: Serial port ttyS3 [ 264.698436][ T9973] veth0_macvtap: entered promiscuous mode [ 264.743424][ T9973] veth1_macvtap: entered promiscuous mode [ 264.859912][ T9973] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.890056][T10271] input: syz0 as /devices/virtual/input/input12 [ 264.907523][T10253] loop5: detected capacity change from 0 to 32768 [ 264.969988][ T9973] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 265.117404][ T137] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.154777][ T137] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.197158][ T137] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.226618][ T137] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.667443][ T137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.696193][ T137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.844870][ T1015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.884487][ T1015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.963129][T10291] loop3: detected capacity change from 0 to 256 [ 266.045003][T10291] FAT-fs (loop3): Directory bread(block 64) failed [ 266.075426][T10291] FAT-fs (loop3): Directory bread(block 65) failed [ 266.104356][T10291] FAT-fs (loop3): Directory bread(block 66) failed [ 266.126103][T10291] FAT-fs (loop3): Directory bread(block 67) failed [ 266.160894][T10291] FAT-fs (loop3): Directory bread(block 68) failed [ 266.192532][T10291] FAT-fs (loop3): Directory bread(block 69) failed [ 266.224094][T10291] FAT-fs (loop3): Directory bread(block 70) failed [ 266.245006][T10291] FAT-fs (loop3): Directory bread(block 71) failed [ 266.259966][T10291] FAT-fs (loop3): Directory bread(block 72) failed [ 266.275681][T10291] FAT-fs (loop3): Directory bread(block 73) failed [ 266.388453][ T30] audit: type=1800 audit(1774548516.853:136): pid=10291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1399" name=7B92 dev="loop3" ino=1048717 res=0 errno=0 [ 266.964600][T10307] loop6: detected capacity change from 0 to 32768 [ 267.064460][T10307] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 267.072744][T10307] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 267.160583][T10307] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 267.170498][ T5899] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 267.179035][ T5899] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 267.510839][ T5899] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 331ms [ 267.545899][ T5899] gfs2: fsid=syz:syz.0: jid=0: Done [ 267.571626][T10307] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 268.004494][T10307] gfs2: fsid=syz:syz.0: found 2 quota changes [ 269.113498][T10368] loop1: detected capacity change from 0 to 256 [ 269.128247][T10368] exfat: Deprecated parameter 'utf8' [ 269.178860][T10368] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 269.317230][T10370] bond1: ARP target 9.0.0.0 is already present [ 269.345016][T10370] bond1: option arp_ip_target: invalid value (9) [ 269.360806][T10370] bond1 (unregistering): Released all slaves [ 269.562238][T10382] loop1: detected capacity change from 0 to 64 [ 270.033800][T10399] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1439'. [ 270.060871][T10399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1439'. [ 270.165033][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1441'. [ 270.195877][T10399] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1439'. [ 270.213801][T10405] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1441'. [ 270.216680][T10399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1439'. [ 270.249604][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1441'. [ 270.288434][T10405] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1441'. [ 270.319978][T10405] netlink: 'syz.6.1441': attribute type 6 has an invalid length. [ 270.465040][T10399] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1439'. [ 270.490167][T10399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1439'. [ 270.641497][T10416] loop1: detected capacity change from 0 to 1024 [ 270.701401][T10416] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 270.722532][T10416] ext4 filesystem being mounted at /295/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.902229][T10416] EXT4-fs error (device loop1): ext4_readdir:265: inode #12: block 80: comm syz.1.1445: path /: bad entry in directory: directory entry overrun - offset=296, inode=0, rec_len=1024, size=1024 fake=0 [ 270.942352][T10423] loop4: detected capacity change from 0 to 4096 [ 270.980094][T10416] EXT4-fs (loop1): Remounting filesystem read-only [ 271.142538][T10423] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 271.182543][T10423] ntfs3(loop4): Failed to load $Extend (-22). [ 271.220253][T10423] ntfs3(loop4): Failed to initialize $Extend. [ 271.240377][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 271.545735][T10424] loop6: detected capacity change from 0 to 32768 [ 271.591011][T10424] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1447 (10424) [ 271.654362][T10424] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 271.693640][T10424] BTRFS info (device loop6): using crc32c checksum algorithm [ 271.758769][ T36] BTRFS warning (device loop6): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 271.783556][T10424] BTRFS warning (device loop6): couldn't read tree root [ 271.799837][T10424] BTRFS warning (device loop6): try to load backup roots slot 1 [ 271.812316][ T12] BTRFS warning (device loop6): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 271.857960][T10424] BTRFS warning (device loop6): couldn't read tree root [ 271.868317][T10424] BTRFS warning (device loop6): try to load backup roots slot 2 [ 271.907441][ T12] BTRFS error (device loop6): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 271.939038][T10424] BTRFS warning (device loop6): couldn't read tree root [ 271.959245][ T92] kernel read not supported for file /dsp1 (pid: 92 comm: kworker/1:2) [ 271.968211][T10424] BTRFS warning (device loop6): try to load backup roots slot 3 [ 272.034224][T10424] BTRFS info (device loop6): checking UUID tree [ 272.057210][T10424] BTRFS info (device loop6): setting nodatasum [ 272.080668][T10424] BTRFS info (device loop6): enabling ssd optimizations [ 272.107581][T10424] BTRFS info (device loop6): turning on flush-on-commit [ 272.145740][T10424] BTRFS info (device loop6): turning on async discard [ 272.183097][T10424] BTRFS info (device loop6): enabling free space tree [ 272.217714][T10424] BTRFS info (device loop6): trying to use backup root at mount time [ 272.259883][T10424] BTRFS info (device loop6): max_inline set to 0 [ 272.689818][ T9973] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 273.158989][T10479] cgroup: fork rejected by pids controller in /syz3 [ 273.815071][T10521] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.901872][T10811] loop5: detected capacity change from 0 to 64 [ 274.359884][T10521] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.534788][T10829] sctp: [Deprecated]: syz.6.1482 (pid 10829) Use of struct sctp_assoc_value in delayed_ack socket option. [ 274.534788][T10829] Use struct sctp_sack_info instead [ 274.675586][T10521] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.968358][T10521] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.063891][T10838] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1486'. [ 275.101102][T10838] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 275.421270][T10852] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 275.428772][T10853] program syz.6.1489 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 275.684854][ T1015] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.905754][ T137] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.935330][T10863] loop3: detected capacity change from 0 to 2048 [ 275.959544][ T30] audit: type=1326 audit(1774548526.423:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10864 comm="syz.5.1494" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb33eb9c799 code=0x0 [ 276.004174][T10863] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 276.060811][ T137] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.083152][ T30] audit: type=1800 audit(1774548526.543:138): pid=10863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1492" name="file1" dev="loop3" ino=1367 res=0 errno=0 [ 276.210169][ T137] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.833463][T10902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1502'. [ 277.222790][T10917] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1507'. [ 277.480719][T10922] netlink: 'syz.3.1509': attribute type 14 has an invalid length. [ 277.555569][T10927] loop1: detected capacity change from 0 to 512 [ 277.579976][T10927] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 277.612115][T10927] EXT4-fs (loop1): orphan cleanup on readonly fs [ 277.682462][T10927] EXT4-fs warning (device loop1): ext4_enable_quotas:7236: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 277.886122][T10927] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 277.919387][T10927] EXT4-fs error (device loop1): ext4_ext_check_inode:521: inode #13: comm syz.1.1508: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 277.970414][T10927] loop1: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 277.976531][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 277.992229][ C1] EXT4-fs (loop1): last error at time 1774548528: ext4_ext_check_inode:521: inode 13 [ 278.016385][T10927] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1508: couldn't read orphan inode 13 (err -117) [ 278.030280][T10927] loop1: lost filesystem error report for type 5 error -117 [ 278.044303][T10927] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 278.155332][T10927] EXT4-fs (loop1): shut down requested (0) [ 278.376973][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.451179][T10981] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input13 [ 279.553456][T10957] loop4: detected capacity change from 0 to 32768 [ 279.553464][T10953] loop5: detected capacity change from 0 to 40427 [ 279.572809][T10953] F2FS-fs (loop5): Small segment_count (9 < 1 * 24) [ 279.601686][T10953] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 279.661762][T10957] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 279.884290][T10957] XFS (loop4): Ending clean mount [ 279.944084][T10957] XFS (loop4): Quotacheck needed: Please wait. [ 280.063022][T10953] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 280.077307][T11007] netlink: 'syz.1.1531': attribute type 10 has an invalid length. [ 280.179145][T10953] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 280.197860][T10957] XFS (loop4): Quotacheck: Done. [ 280.208271][T10953] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 280.433637][ T8483] syz-executor: attempt to access beyond end of device [ 280.433637][ T8483] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 280.495309][ T8483] CPU: 0 UID: 0 PID: 8483 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 280.495342][ T8483] Tainted: [L]=SOFTLOCKUP [ 280.495349][ T8483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 280.495361][ T8483] Call Trace: [ 280.495369][ T8483] [ 280.495377][ T8483] dump_stack_lvl+0xe8/0x150 [ 280.495414][ T8483] f2fs_stop_checkpoint+0x3c7/0x590 [ 280.495449][ T8483] f2fs_write_end_io+0x12e5/0x17a0 [ 280.495492][ T8483] __submit_merged_bio+0x256/0x6a0 [ 280.495528][ T8483] __submit_merged_write_cond+0x3c9/0x4e0 [ 280.495565][ T8483] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 280.495617][ T8483] f2fs_write_data_pages+0x287e/0x34f0 [ 280.495687][ T8483] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 280.495764][ T8483] ? unwind_next_frame+0xa6/0x2550 [ 280.495783][ T8483] ? rcu_is_watching+0x15/0xb0 [ 280.495801][ T8483] ? __kasan_check_byte+0x12/0x40 [ 280.495821][ T8483] ? __bfs+0x153/0x290 [ 280.495849][ T8483] ? __pfx_hlock_conflict+0x10/0x10 [ 280.495889][ T8483] ? lockdep_unlock+0x5d/0xd0 [ 280.495914][ T8483] ? __lock_acquire+0x146e/0x2cf0 [ 280.495971][ T8483] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 280.496004][ T8483] do_writepages+0x32e/0x550 [ 280.496039][ T8483] ? do_raw_spin_unlock+0xf5/0x210 [ 280.496068][ T8483] filemap_fdatawrite+0x1e9/0x2f0 [ 280.496097][ T8483] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 280.496170][ T8483] ? do_raw_spin_unlock+0xf5/0x210 [ 280.496200][ T8483] f2fs_sync_dirty_inodes+0x30e/0x830 [ 280.496246][ T8483] f2fs_write_checkpoint+0x9df/0x26a0 [ 280.496302][ T8483] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 280.496381][ T8483] kill_f2fs_super+0x314/0x730 [ 280.496408][ T8483] ? __pfx_kill_f2fs_super+0x10/0x10 [ 280.496443][ T8483] ? lockdep_hardirqs_on+0x7a/0x110 [ 280.496483][ T8483] deactivate_locked_super+0xbc/0x130 [ 280.496517][ T8483] cleanup_mnt+0x437/0x4d0 [ 280.496547][ T8483] ? _raw_spin_unlock_irq+0x23/0x50 [ 280.496590][ T8483] task_work_run+0x1d9/0x270 [ 280.496620][ T8483] ? __pfx_task_work_run+0x10/0x10 [ 280.496654][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.496678][ T8483] exit_to_user_mode_loop+0xed/0x480 [ 280.496706][ T8483] ? rcu_is_watching+0x15/0xb0 [ 280.496728][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.496751][ T8483] do_syscall_64+0x33e/0xf80 [ 280.496775][ T8483] ? trace_irq_disable+0x3b/0x140 [ 280.496801][ T8483] ? clear_bhb_loop+0x40/0x90 [ 280.496827][ T8483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.496848][ T8483] RIP: 0033:0x7fb33eb9d9d7 [ 280.496868][ T8483] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 280.496885][ T8483] RSP: 002b:00007ffd711e8298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 280.496908][ T8483] RAX: 0000000000000000 RBX: 00007fb33ec32050 RCX: 00007fb33eb9d9d7 [ 280.496922][ T8483] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd711e8350 [ 280.496935][ T8483] RBP: 00007ffd711e8350 R08: 00007ffd711e9350 R09: 00000000ffffffff [ 280.496949][ T8483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd711e93e0 [ 280.496962][ T8483] R13: 00007fb33ec32050 R14: 00000000000446d9 R15: 00007ffd711e9420 [ 280.496997][ T8483] [ 280.512165][ T30] audit: type=1326 audit(1774548530.963:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 280.745956][ T8483] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 280.968747][ T5850] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 280.987124][ T30] audit: type=1326 audit(1774548531.143:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.010012][ T30] audit: type=1326 audit(1774548531.323:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.034999][ T30] audit: type=1326 audit(1774548531.323:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.093652][ T30] audit: type=1326 audit(1774548531.323:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.119169][ T30] audit: type=1326 audit(1774548531.323:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.206717][ T30] audit: type=1326 audit(1774548531.323:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.229614][ T30] audit: type=1326 audit(1774548531.323:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.274716][T11027] loop6: detected capacity change from 0 to 256 [ 281.275497][T11024] loop1: detected capacity change from 0 to 64 [ 281.284229][ T30] audit: type=1326 audit(1774548531.323:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.353314][ T30] audit: type=1326 audit(1774548531.353:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f553979c799 code=0x7ffc0000 [ 281.461827][ T30] audit: type=1326 audit(1774548531.353:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11019 comm="syz.1.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f553975cfce code=0x7ffc0000 [ 281.675692][T11033] loop6: detected capacity change from 0 to 64 [ 281.854639][T11037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1540'. [ 282.181184][T11044] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 282.613345][T11063] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1557'. [ 282.788561][T11069] xt_hashlimit: size too large, truncated to 1048576 [ 283.433049][T11093] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1570'. [ 283.923386][T11105] loop3: detected capacity change from 0 to 16 [ 283.950655][T11105] erofs (device loop3): mounted with root inode @ nid 36. [ 284.019284][T11105] erofs (device loop3): xattr_isize 12 of nid 49 is not supported yet [ 285.274007][T11147] tipc: New replicast peer: 255.255.255.255 [ 285.324608][T11147] tipc: Enabled bearer , priority 10 [ 285.612375][T11163] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 285.995568][T11194] input: syz1 as /devices/virtual/input/input14 [ 286.014550][T11165] cgroup: fork rejected by pids controller in /syz1 [ 286.475685][T11408] loop5: detected capacity change from 0 to 512 [ 286.524072][T11408] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 286.537172][T11161] loop4: detected capacity change from 0 to 32768 [ 286.553455][T11161] JBD2: Ignoring recovery information on journal [ 286.605623][T11408] EXT4-fs (loop5): 1 truncate cleaned up [ 286.617289][T11161] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 286.668606][T11408] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 286.698626][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 286.698641][ T30] audit: type=1800 audit(1774548537.163:152): pid=11408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1614" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 286.777401][ T8483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.115691][ T5850] ocfs2: Unmounting device (7,4) on (node local) [ 287.272384][T11582] loop6: detected capacity change from 0 to 128 [ 287.313257][T11582] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 287.467229][ T29] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 287.636646][ T29] usb 6-1: Using ep0 maxpacket: 32 [ 287.661666][ T29] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 287.690222][ T29] usb 6-1: config 0 has no interface number 0 [ 287.725863][ T29] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 287.768404][ T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.803026][ T29] usb 6-1: Product: syz [ 287.809895][ T29] usb 6-1: Manufacturer: syz [ 287.818481][ T29] usb 6-1: SerialNumber: syz [ 287.830541][ T29] usb 6-1: config 0 descriptor?? [ 288.293947][ T29] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 288.345707][ T29] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 288.594358][ T29] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 288.630454][ T29] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 288.679040][ T29] usb 6-1: USB disconnect, device number 2 [ 288.956068][T11617] cgroup: fork rejected by pids controller in /syz6 [ 289.225131][T11819] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 289.234334][T11819] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 289.480222][T12029] netlink: 'syz.1.1645': attribute type 83 has an invalid length. [ 290.124341][T12139] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1651'. [ 290.568614][T12151] loop4: detected capacity change from 0 to 8 [ 290.694457][T12151] SQUASHFS error: Failed to read block 0x2d7: -5 [ 290.736658][T12151] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 291.665260][ T5906] kernel read not supported for file /vcs (pid: 5906 comm: kworker/0:3) [ 291.852275][T12187] netlink: 'syz.1.1674': attribute type 10 has an invalid length. [ 292.128387][T12200] loop3: detected capacity change from 0 to 512 [ 292.198142][T12194] Oops: general protection fault, probably for non-canonical address 0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI [ 292.210085][T12194] KASAN: maybe wild-memory-access in range [0xdead000000000120-0xdead000000000127] [ 292.212891][T12200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 292.219399][T12194] CPU: 0 UID: 0 PID: 12194 Comm: syz.1.1677 Tainted: G L syzkaller #0 PREEMPT(full) [ 292.219432][T12194] Tainted: [L]=SOFTLOCKUP [ 292.219441][T12194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 292.257184][T12194] RIP: 0010:__umount_mnt+0x24e/0x490 [ 292.262520][T12194] Code: 85 e4 74 61 4d 8d be f8 00 00 00 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 9c 3e e3 ff 4d 8b 2f 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 e7 e8 74 3f e3 ff 4d 89 2c 24 4d 85 ed 74 [ 292.282157][T12194] RSP: 0018:ffffc900064bfa20 EFLAGS: 00010a06 [ 292.288247][T12194] RAX: 1bd5a00000000024 RBX: ffff88807c50f888 RCX: ffff88802e2d0000 [ 292.296237][T12194] RDX: 0000000000000000 RSI: ffffffff8e8d81e0 RDI: ffff88807c50f8f8 [ 292.304235][T12194] RBP: dffffc0000000000 R08: ffffffff90127bf7 R09: 1ffffffff2024f7e [ 292.312222][T12194] R10: dffffc0000000000 R11: fffffbfff2024f7f R12: dead000000000122 [ 292.320211][T12194] R13: dead000000000100 R14: ffff88807c50f880 R15: ffff88807c50f978 [ 292.328197][T12194] FS: 000055555d2cc500(0000) GS:ffff888125442000(0000) knlGS:0000000000000000 [ 292.337144][T12194] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 292.343734][T12194] CR2: 000000110c3f5884 CR3: 000000007d5ec000 CR4: 00000000003526f0 [ 292.351723][T12194] Call Trace: [ 292.355011][T12194] [ 292.357956][T12194] umount_tree+0x925/0xd90 [ 292.362393][T12194] ? evict+0x61e/0xb10 [ 292.366486][T12194] ? __pfx_umount_tree+0x10/0x10 [ 292.371452][T12194] ? evict+0x61e/0xb10 [ 292.375529][T12194] put_mnt_ns+0x1d6/0x2f0 [ 292.379880][T12194] ? __pfx_nsfs_evict+0x10/0x10 [ 292.384756][T12194] evict+0x61e/0xb10 [ 292.388674][T12194] ? __pfx_evict+0x10/0x10 [ 292.393111][T12194] ? do_raw_spin_unlock+0xf5/0x210 [ 292.398239][T12194] ? _raw_spin_unlock+0x28/0x50 [ 292.403101][T12194] ? iput+0xb25/0xe80 [ 292.407113][T12194] __dentry_kill+0x1a2/0x5e0 [ 292.411729][T12194] ? finish_dput+0xad/0x480 [ 292.416250][T12194] finish_dput+0xc9/0x480 [ 292.420594][T12194] __fput+0x691/0xa70 [ 292.424598][T12194] task_work_run+0x1d9/0x270 [ 292.429210][T12194] ? __pfx_task_work_run+0x10/0x10 [ 292.434341][T12194] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.440428][T12194] exit_to_user_mode_loop+0xed/0x480 [ 292.445742][T12194] ? rcu_is_watching+0x15/0xb0 [ 292.450521][T12194] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.456600][T12194] do_syscall_64+0x33e/0xf80 [ 292.461213][T12194] ? trace_irq_disable+0x3b/0x140 [ 292.466255][T12194] ? clear_bhb_loop+0x40/0x90 [ 292.470951][T12194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.476854][T12194] RIP: 0033:0x7f553979c799 [ 292.481283][T12194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 292.500899][T12194] RSP: 002b:00007fff40222618 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 292.509329][T12194] RAX: 0000000000000000 RBX: 00007f5539a17da0 RCX: 00007f553979c799 [ 292.517311][T12194] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 292.525292][T12194] RBP: 00007f5539a17da0 R08: 00007f5539a16038 R09: 0000000000000000 [ 292.533271][T12194] R10: 00000000005fb6f4 R11: 0000000000000246 R12: 00000000000477da [ 292.541256][T12194] R13: 00007f5539a1609c R14: 0000000000047517 R15: 00007f5539a16090 [ 292.549245][T12194] [ 292.552282][T12194] Modules linked in: [ 292.558243][T12194] ---[ end trace 0000000000000000 ]--- [ 292.565212][T12194] RIP: 0010:__umount_mnt+0x24e/0x490 [ 292.570734][T12194] Code: 85 e4 74 61 4d 8d be f8 00 00 00 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 9c 3e e3 ff 4d 8b 2f 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 e7 e8 74 3f e3 ff 4d 89 2c 24 4d 85 ed 74 [ 292.590638][T12194] RSP: 0018:ffffc900064bfa20 EFLAGS: 00010a06 [ 292.596741][T12194] RAX: 1bd5a00000000024 RBX: ffff88807c50f888 RCX: ffff88802e2d0000 [ 292.605251][T12194] RDX: 0000000000000000 RSI: ffffffff8e8d81e0 RDI: ffff88807c50f8f8 [ 292.613666][T12194] RBP: dffffc0000000000 R08: ffffffff90127bf7 R09: 1ffffffff2024f7e [ 292.621915][T12194] R10: dffffc0000000000 R11: fffffbfff2024f7f R12: dead000000000122 [ 292.629952][T12194] R13: dead000000000100 R14: ffff88807c50f880 R15: ffff88807c50f978 [ 292.637974][T12194] FS: 000055555d2cc500(0000) GS:ffff888125442000(0000) knlGS:0000000000000000 [ 292.647239][T12194] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 292.653857][T12194] CR2: 000000110c3f5884 CR3: 000000007d5ec000 CR4: 00000000003526f0 [ 292.661884][T12194] Kernel panic - not syncing: Fatal exception [ 292.668509][T12194] Kernel Offset: disabled [ 292.672841][T12194] Rebooting in 86400 seconds..