last executing test programs: 5m46.619064203s ago: executing program 0 (id=317): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000002300)=""/4113, &(0x7f00000000c0)=0x1011) 5m45.973472516s ago: executing program 0 (id=320): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5m45.360637184s ago: executing program 0 (id=324): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41100, 0x3}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'geneve0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x88a8ffff, &(0x7f0000000140)={0x11, 0x88a8, r1}, 0x14) 5m43.387412573s ago: executing program 0 (id=331): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x81012, r0, 0x0) 5m42.118026064s ago: executing program 0 (id=338): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x164) r2 = fanotify_init(0x2, 0x1000) fanotify_mark(r2, 0x541, 0x40001019, r1, 0x0) fanotify_mark(r2, 0x541, 0x40001019, r0, 0x0) 5m40.996128988s ago: executing program 0 (id=343): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x380}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000113000/0x3000)=nil, 0x400000, 0x3, 0x2}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) 5m39.299380911s ago: executing program 32 (id=343): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x380}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000113000/0x3000)=nil, 0x400000, 0x3, 0x2}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) 3.50626217s ago: executing program 4 (id=1845): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='2', 0x1, 0x4fed0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 3.200753446s ago: executing program 5 (id=1847): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000001200)={0x48, 0x8, r2, 0x0, 0x7fff, 0x2, &(0x7f0000000480)='|0', 0x5}) 3.122309808s ago: executing program 1 (id=1848): syz_mount_image$minix(&(0x7f0000000900), &(0x7f0000000080)='./file0\x00', 0x1010c8a, &(0x7f0000000240)=ANY=[], 0x81, 0x1eb, &(0x7f0000000700)="$eJzs281O1FAYxvGnnU9RAb82rkxc6MYZHSZRdnIB3oA7ApUQixpxAzFRNt6Hl+HOO/EGINGtm5rTaS3V9tgPpx2d/y9h5uXQp+c04S2nBARgaa2Hr44c9cIqCIJ3tyQ9fSKpa432G1kggLkJnFnT5+lnDw/tKQD/hs7X7PFBboN/igs3vgtofR4rAzBfZ1udcB/w2ZG+fHu7cxp99AruH862XKkTfXIu35eGhfInTvh+syudnssPlD6B8z5n//Jxlr8Tvib5C0XXH82/ovT8Kz9Hc5hHJuPEDd/u3paCtdmXTP6ipEuSLktalbQWPWtdkXQ1Y/7dX+a/kZrse8GrAcox332j1Eihtk3nR5YDBva86Z5n+753v9SsiV6Uf1Ax34/yk5r5jYr5QZQf7bz0d3OPelzx7ICd+1v/l2Pv/1VLMvn1YZ3+79bsf2CZHR4dP9/2fe91+cKtlMovNPzLJ6RotYg3kmbE3Kb/nPpQdgpz+gW40pJF/Gy6KOvJLtq7JwFoxvjNwavx4dHxvf2D7T1vz3sxmW4+mm5Mpg83x+G+fFxndw5gkSU/9Isdb/+TIAAAAAAAAAAAAAAA0IZrkq63vQgAAAAAjWji34navkYAAAAAAAAAAAAAAAAAAADgf/EjAAD//yjJL00=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) 3.119477834s ago: executing program 4 (id=1849): ioctl$VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$KVM_HYPERV_EVENTFD(r1, 0xc048aec8, &(0x7f00000005c0)={0x20000085}) 3.041138487s ago: executing program 2 (id=1850): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f00000000c0)={@remote, r2}, 0x14) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000001f40)=ANY=[@ANYBLOB="24000000000000002900000032000000fe80000000000000f0ff0000000000bb", @ANYRES32=r2, @ANYBLOB="0000000018"], 0x40}}], 0x1, 0x4000005) 2.760351648s ago: executing program 3 (id=1851): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f00000000c0)='tmpfs\x00', 0xa145c7, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') lseek(r1, 0xfff, 0x0) 2.735509989s ago: executing program 5 (id=1852): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000300)='./file0\x00', 0x8000, &(0x7f0000001dc0)={0x81, 0xa, 0x80000, {r0}}, 0x20) 2.499366324s ago: executing program 2 (id=1853): ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x1, 0x3}}) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000040)={{&(0x7f00004be000/0x2000)=nil, 0x2000}, 0x1}) 2.498976376s ago: executing program 1 (id=1854): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x5, 0xd, 0x3, 0x4, 0x13, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x2, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_LINK={0xfffffefa, 0x3, 0x80000000}]}}]}, 0x7c}}, 0x24040084) 2.398846696s ago: executing program 4 (id=1855): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000008"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.200569662s ago: executing program 3 (id=1856): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000001800)={'#! ', './file1/../file0', [{0x20, '.\\'}, {0x20, '%^\\\x93\xca\xe9[\x04\fu\xd3\x10.\xee\\Q$e\xa9=B\x19I\xd2Le\x14P\x86\xd3\xe5b\x93y\xdf\xfb\x17B7\a\x9c\xb5?\x0f\xc8\x9b\x9aol)\x87Z\xcc\xa5\xc2\xffb\xb8\x00\xbb\n\xcb\xb1\xdaa\x18\xacG\t\x8e\x00*\xf8R\xa9\x8e\xaaUw\xc0!\x1fa\xf5\xecf\x14B\xd4\xd4\r\x143Y=\xa6!\x94P\xdb\x81vr\x8c\xfd/6\x16\xd8&\x96\xb0o\xae'}, {0x20, '/dev/loop#\x00,\xc5\x18\xf4tn\xbbq\xe9\x01 \x83zY\x14\xf5\xb69\x14\x11\xdc5\x95\xfb\x03~\x1b\x1d\v}\x11d 4\xbfA\x1e/\xfc\xc3\xb8\x02\xe7J\x00\v{\xd1\x9c\xe8C\x97@-g\xdee\x1b\xb8\x00\x00'}, {0x20, '&/&'}], 0xa, "521299a432289bea0aa53f5db534de379d0418026c1f265a707f7b5008ab99f2c9a997ad079ea398ccfcdc48da03fd070a2913b99836792d5dd5992db64276c3aebed24145776c2f03ce2c7c32dc"}, 0x125) write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd0000000300"}}) 2.170746716s ago: executing program 5 (id=1857): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r1 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2}, 0x80, 0x0}, 0xb80b) sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)="bd30bc791f4874b56406f853f8f0eadad664503b45fdb7b5c366689c837fdcf97beeb608f932e7f6b1064bf8eb2988e5258f75bbfc67db851fd69e822e11ddbc831f38ec6042f83c6b19e118b1008b9773f855edfbe4992597d344434d21ef227e185ca24220383a9a7eaf89505198df0822fc282d7121e88706d9259ffbf4330b4470dfa2d3ac9bdcf39321dffa57dc9741b5a298f7389d4ff31c34309978a255aa4bcba98d1d4ea88fa4cc71fd520bc0b48b090fb639b91a2473f36851ad334f1819756321a85d8692a3e9c0eddbc6a2491a6150d7044625b37f0d6766781e8ef66b3bdabfb2e4914a80b0", 0x59}, {&(0x7f0000002740)="e7b1ce5f7f89191227d596ad4f45a385f858d305d38cee3167b3ef9755633af767c39a186facb9077e6db2883aab7e9c13ccd4b95c4cd36dd45d0f47c5d9596f7f521523baa513c7ecab4ea2c9488a861a4079a7e7048ffbaaefb0f03fca4842651502634853800bb5ffba2c43c34f5820aea51765d11307a713bda1d65524bd6f7c1a5437c0ce088a8bd4a6dcd03955d0e6d3e25b33be6c61fbf0e30a9f8cf73a95c3b8a5c651504fe7752bb435742f6da3e64dd9e15cc8cfdde09f67012b13cee8198f123781db28f6386dfbce28d56cd47142504ee48c284999c3bbeeab6ab0aa08d866e312b497de81752079eed44da14db97fe6564e40f17812426bdd64cc124104028baa4c2887fb4e889b77c6f47e61e366c7811dc3d9b74d18316143f26d7f3e12025d230b6e5ad8bf1f60c24d3c2547dd4f4d7c125e8b5a012fbe4b1b162b9cea0e126815044f61d5de7503d78ec87e5447a047b002d90a37d76387d41bb6c721c16faf29a90eb551e1d036fc32b2b96ab1fc14520118a60585f7cfafea003cab7db8277afc144c661f73a47d5a2e3c5f4ee7acbf6ec47a05683231184c657e1ef5c56848056a2272306c96bf954747a04415345dcacd810ac0ce9d18ea17995a39bc4c647c24cd6e9ba4cf63ebabe4b651504436f2a6f277ade4325101ad2123536439e10b3ccb8ad6ae402f98724121c33dcf077abb17de6779e3986efa0bea3c607596a016dc193abfd655b6ed186953c6ef49e03cbfb4f137fb46d078dcd21ccf7b50aacf6953642a4c6d7b52a5cd87bd5a8be6f479ae5da28fd42af8a966163caebe0a9af773e3476f4ba7ae9f9540f30d4cae2ae6df080e5db4a5ed47086e5ac71c47b02850db5d5be0a7208a540ff2d763194064188bd938f9964b226624b87a810489535284210a9c84a35d897eeb8d848a43d926c08ff2f7937ee9e17215d3580e118ec290ee4c7191f34d82aef17058f8f5aaedbb73d2abc1f8909a2150cb3317f711455919ef4cbe017c6b6e406460221dfa229258144c7e3fe2a48459dbcf0b9982c2b003b51925e40955e1bfc535d2ef476b16cee8d6f250180772138cb67ca6704d5396e6867fbcd4ed46042f5376407dde454e8dbe6e46ff50ea2eefe5814d388eddc6a3d0d113c82bb6a8f7c4ea6d8b58ffcedaf77554b988df3c55380d5b15f29d32ef3021e47890bd647c9f371ddd62514714828dabb02a3f8c1c9548fcb28157cf02db1589540e898b1da1d394c859b11f4fc95fe6338cb133fe46bdf1ff83784e27741fde2872b4a0cbd90d5e8a8210cf3d21c7208e6b9be70091d3eb18b79cc36780bf12d23082bac6d6311848662617c3682859150ef25d1a1966ad478cbef16f055e7b62419735a2cc4cbefd963c29c8d94dfbadf92495bb60746f831a9537d56f7abb9f318c30194994859eebf5e11b017ea402fe1b4a07cba0f56277d7ac8e7d1d3af15d1da6715784fdb0311bf0afd19e18170eaa9369ac7743ae188314b2796953fc51a02f65e28c73c4e6720f18a57ed9361b90f08a0301b5f862063ffd726ab7757cc5ae43cff4243a7c6c81ca5d2b2dceb4f033fa1db514371821279dcb6fa51403f12fd5fcd208b1a4b95315d353f25b70de04dcc8713de72c83fe8ccb1c04b3bb4a0cbee43a36a05d250822526dc8443eae625fd57404d26dc9801be4d066b5ce5fa934aebbb9cb21c6f9780c6e071a418a4ad60d86596824c382f76b88b3ae2401c9c1345acac5d365f6eb065080e287fa12b6a7559f1081b847c54c7caa852ce4b11a45a44d9543aa872e68ed639d11475f89275a22482eda4253adf5cc26b0ef8ba200c04ae21deaaa584f76aed412ade8da894f95420a4a0a3d6ed31a84854e0ef48bc971654070986031b84cf880ab7bfe707b0f3675ea27293e8a872f", 0xfffffe99}], 0x2}, 0x80) 1.967481958s ago: executing program 2 (id=1858): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 1.89095984s ago: executing program 1 (id=1859): openat2$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x4c0, 0x10}, 0x18) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x89901) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='\x00', 0x89101) fchdir(r1) move_mount(0xffffffffffffff9c, 0x0, r0, 0x0, 0x46) 1.798065402s ago: executing program 4 (id=1860): capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x0, 0x10ffff, 0xfffffffd}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x0, 0x0) 1.724519899s ago: executing program 3 (id=1861): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000a80)=0x1, 0x4) r1 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000980)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x3f, 0x0}, @in=@local, 0xee24, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x200000004, 0x40000000007, 0x20000a0de, 0x100000000, 0x0, 0x200000003, 0x9}, {0x5}, 0x5, 0x0, 0x1, 0x0, 0x6, 0x3}, {{@in=@remote, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x3502, 0x3, 0x8, 0x0, 0x9075, 0xef, 0xc5e}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x8}}, 0x7}, 0x1c) 1.61484421s ago: executing program 5 (id=1862): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x803, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0) 1.362334965s ago: executing program 2 (id=1863): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000180)={r2, 0x7}, 0x8) 1.352098959s ago: executing program 1 (id=1864): syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$urandom(0xffffffffffffff9c, &(0x7f0000000100), 0x20000, 0x0) r0 = syz_io_uring_setup(0x589, &(0x7f0000000780)={0x0, 0x4f5c, 0x10100, 0x0, 0x59}, &(0x7f00000000c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0) 1.249807302s ago: executing program 3 (id=1865): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) 1.098566802s ago: executing program 4 (id=1866): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000200)={[{@nombcache}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@nombcache}, {@nobarrier}, {@init_itable}, {@errors_remount}]}, 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$trusted_overlay_upper(&(0x7f0000000080)='./file1\x00', &(0x7f0000000840), &(0x7f00000012c0)=ANY=[], 0x361, 0x1) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000100)="0d000000246804003199aee6fdb9291b3091ec1a2d41d2270a00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf35844", 0xe1}], 0x1) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f00000001c0)=ANY=[], 0xfe37, 0x0) 1.001288118s ago: executing program 5 (id=1867): r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x11dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x1, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f03, 0x642, 0x3, 0x7, 0xffffffff, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x0, 0x8, 0x129432e2, 0xcb, 0xf6, 0xb, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x7, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x73b, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0xa1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7f, 0x7fff, 0x4, 0x0, 0x6, 0x2, 0x9, 0x20000004, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x0, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8ce, 0x9, 0x1, 0x1, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x6, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0x4ccd, 0x7, 0x53cf697b, 0x7, 0x6, 0x54fe12d6, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x3, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x0, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x8ad, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x3, 0x6, 0x1, 0x10000, 0x2, 0x8, 0x2b91, 0x4, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x918) ppoll(&(0x7f0000000100)=[{r0, 0x3a1}], 0x1, 0x0, 0x0, 0x0) 758.493228ms ago: executing program 1 (id=1868): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e23, @loopback}, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0x1a000}}, 0x0) sendmsg$rds(r0, &(0x7f0000001180)={0x0, 0x0, 0x0}, 0x0) 680.441313ms ago: executing program 2 (id=1869): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x4000050, &(0x7f00000001c0)={0x11, 0xf7, 0x0, 0x1, 0xd8, 0x6, @multicast}, 0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'erspan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b032200eb1025120212475400f6a13bb1000000080086dd4803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) 680.005503ms ago: executing program 3 (id=1870): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x5, 0x8, 0xf}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r1}, 0xc) 363.436499ms ago: executing program 5 (id=1871): sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fadbdf255200000008"], 0x44}, 0x1, 0x0, 0x0, 0x20048084}, 0x4000000) socket$kcm(0x11, 0xa, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000000000000008100000081"], 0x48) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00', 0x1}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 209.474245ms ago: executing program 1 (id=1872): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x48}}, './file0\x00'}) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000e40)='\b', 0x17ff}], 0x5) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 70.622781ms ago: executing program 3 (id=1873): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x9, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x76, 0x6, {0x7f, 0x3, 0x34, 0xfff5}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x157c}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x64}}, 0x0) 458.104µs ago: executing program 4 (id=1874): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYRES32=0x0], 0x47, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000000)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@resuid}, {@jqfmt_vfsv1}, {@errors_remount}, {@nobh}, {@usrjquota, 0x2e}], [], 0x2e}, 0x1, 0x46f, &(0x7f0000000580)="$eJzs20tvG0UcAPD/OnH6JqGURx9AoCAiHkmTFuiBCwikXpCQ4FCOIU2r0rRBTZBoVdGAUDmifgLgiMQn4AQXBJxAXEHigoSQKtQLhQNatPZu6ya28Stxi38/ye3M7mxm/rs79uyMHcDAGs/+SSK2R8RPIxGj1ezNBcar/127emHur6sX5pJI01f/SCrl/rx6Ya4oWhy3Lc9MlCJKHySxt069S+fOn5pdWJg/m+enlk+/NbV07vxTJ0/Pnpg/MX9m5vDhQwenn31m5umexLkja+uedxf37T7y+uWX545efuPbz7Pt2/P9tXFUjXVd53iM33wuazwa8Wuapl3XcavYUZNOhvvYENoyFBHZ5Spn/T9GYyhuXLzReOn9vjYOWFdpmqab1mwdKhIrKfA/lkS/WwD0R/FBnz3/Fq8NHH703ZXnqw9AWdzX8ld1z3CU8jLlVc+3vTQeEUdX/v44e0XdeQgAgN76Mhv/PFlv/FeKe2rK3RHVtaGxiLgzInZGxF0RsSsi7o6olL03Iu5rs/7xVfm1458ftnQUWIuy8d9z+drWzeO/YvQXY0N5bkcl/nJy/OTC/IH8nExEeVOWn25Sx1cv/vhRo32147/sldVfjAXzdvw+vGqC7tjs8mw3Mde68l7EnuF68SfXVwKSiNgdEXs6+PvZOTv5+Gf7Gu3/7/ib6ME6U/ppxGPV678Sq+IvJM3XJ6c2x8L8ganirljru+8vvdKo/q7i74Hs+m+te/9fj38sqV2vXWq/jks/f9jwmabT+38kea2SHsm3vTO7vHx2OmIkWVm7febGsUW+KJ/FP7G/fv/fGfHPJ/lxeyMiu4nvj4gHIuLBvO0PRcTDEbG/SfzfvPDIm53Hv76y+I+1df3bTwyd+vqLRvW3dv0PVVIT+ZZW3v9abWA35w4AAABuF0nlO/BJaTKf49wepdLkZPU7/Ltia2lhcWn5ieOLb585Vv2u/FiUS8VM12jNfOh0Pjdc5GdW5Q9W5o3TNE23VPKTc4sL67WmDrRmW4P+n/ltqN+tA9ZdW+tojX7RBtyW/F4TBpf+D4Or1f5fXud2ABvP5z8Mrnr9/2LEtT40BdhgPv9hcOn/MLj0fxhc+j8MpG5+198ssfNIx4enXdW+OQ+sw8N/WZez0SwxtIF19TIRpbq7yhFxi7SwSaJ0azSjmtgUEa0Wvtjpjd12os9vTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3ybwAAAP//pCzokA==") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48041, 0x0) rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000000)='./file1\x00') 0s ago: executing program 2 (id=1875): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg(r0, &(0x7f0000000540)={0x1, {&(0x7f0000000940)=""/89, 0x59, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000740)={0x2, 0x0, {&(0x7f0000001140)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000e40)=""/187, 0xfffffd83, 0x0, 0x2, 0x3}}, 0x48) kernel console output (not intermixed with test programs): 3942][ T8564] loop8: unable to read partition table [ 416.701983][ T8564] loop8: partition table beyond EOD, truncated [ 416.709356][ T8564] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 417.901785][ T8581] loop5: detected capacity change from 0 to 128 [ 419.202401][ T8597] use of bytesused == 0 is deprecated and will be removed in the future, [ 419.211166][ T8597] use the actual size instead. [ 420.181693][ T8617] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 421.801709][ T8635] loop5: detected capacity change from 0 to 7 [ 421.846921][ T6929] loop5: [POWERTEC] p1 [ 421.852819][ T6929] loop5: p1 size 20971520 extends beyond EOD, truncated [ 421.929463][ T8635] loop5: [POWERTEC] p1 [ 421.956659][ T8635] loop5: p1 size 20971520 extends beyond EOD, truncated [ 422.004429][ T24] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 422.226425][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 422.315704][ T24] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 422.324798][ T24] usb 2-1: config 0 has no interface number 0 [ 422.412492][ T24] usb 2-1: config 0 interface 184 has no altsetting 0 [ 422.504753][ T24] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 422.514992][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.524138][ T24] usb 2-1: Product: syz [ 422.528975][ T24] usb 2-1: Manufacturer: syz [ 422.533742][ T24] usb 2-1: SerialNumber: syz [ 422.632367][ T24] usb 2-1: config 0 descriptor?? [ 422.695689][ T24] smsc75xx v1.0.0 [ 422.703517][ T6158] udevd[6158]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 422.952131][ T6158] udevd[6158]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 423.339609][ T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 423.350865][ T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 423.615373][ T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 423.626828][ T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 423.636904][ T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 423.706250][ T24] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 423.736573][ T24] usb 2-1: USB disconnect, device number 10 [ 424.462909][ T8673] loop2: detected capacity change from 0 to 8 [ 426.297379][ T8698] loop2: detected capacity change from 0 to 2048 [ 426.375172][ T8702] syzkaller1: entered promiscuous mode [ 426.381068][ T8702] syzkaller1: entered allmulticast mode [ 426.430244][ T8698] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 426.504879][ T8698] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 426.572255][ T8698] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 427.052813][ T8713] loop4: detected capacity change from 0 to 256 [ 427.123597][ T8713] exfat: Deprecated parameter 'utf8' [ 427.235015][ T8713] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 427.362932][ T30] audit: type=1800 audit(1770023778.694:11): pid=8713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.966" name="file1" dev="loop4" ino=1048632 res=0 errno=0 [ 427.544829][ T30] audit: type=1800 audit(1770023778.694:12): pid=8713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.966" name="file1" dev="loop4" ino=1048632 res=0 errno=0 [ 427.568063][ T30] audit: type=1800 audit(1770023778.694:13): pid=8713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.966" name="file1" dev="loop4" ino=1048632 res=0 errno=0 [ 428.008219][ T8726] loop1: detected capacity change from 0 to 1024 [ 428.435455][ T12] hfsplus: b-tree write err: -5, ino 4 [ 429.931180][ T8744] loop1: detected capacity change from 0 to 32768 [ 429.993072][ T8744] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.981 (8744) [ 430.045865][ T8744] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 430.056459][ T8744] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 430.065542][ T8744] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 430.165478][ T8751] netlink: 8 bytes leftover after parsing attributes in process `syz.2.985'. [ 430.298305][ T8744] BTRFS info (device loop1): enabling ssd optimizations [ 430.305945][ T8744] BTRFS info (device loop1): enabling disk space caching [ 430.313155][ T8744] BTRFS info (device loop1): force clearing of disk cache [ 430.321069][ T8744] BTRFS info (device loop1): enabling auto defrag [ 430.327823][ T8744] BTRFS info (device loop1): max_inline set to 0 [ 430.511931][ T5783] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 431.017486][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 431.085466][ T8780] netlink: 9 bytes leftover after parsing attributes in process `syz.1.989'. [ 431.121413][ T8780] netlink: 9 bytes leftover after parsing attributes in process `syz.1.989'. [ 431.268352][ T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00 [ 431.278034][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.368263][ T10] usb 3-1: config 0 descriptor?? [ 431.921989][ T10] wacom 0003:056A:0027.0008: unknown main item tag 0x0 [ 431.929533][ T10] wacom 0003:056A:0027.0008: unknown main item tag 0x0 [ 431.936984][ T10] wacom 0003:056A:0027.0008: unknown main item tag 0x0 [ 432.101634][ T8795] loop5: detected capacity change from 0 to 128 [ 432.124869][ T10] usb 3-1: USB disconnect, device number 8 [ 434.147244][ T10] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 434.370458][ T10] usb 3-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00 [ 434.380107][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.469542][ T10] usb 3-1: config 0 descriptor?? [ 434.867358][ T8831] loop4: detected capacity change from 0 to 256 [ 434.991954][ T10] smartjoyplus 0003:0925:8866.0009: unbalanced collection at end of report description [ 435.020603][ T8831] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d) [ 435.071735][ T10] smartjoyplus 0003:0925:8866.0009: parse failed [ 435.078920][ T10] smartjoyplus 0003:0925:8866.0009: probe with driver smartjoyplus failed with error -22 [ 435.215279][ T10] usb 3-1: USB disconnect, device number 9 [ 436.185751][ T8835] loop1: detected capacity change from 0 to 32768 [ 436.203873][ T8835] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1015 (8835) [ 436.225654][ T8835] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 436.237070][ T8835] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 436.246193][ T8835] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 436.413977][ T8835] BTRFS info (device loop1): rebuilding free space tree [ 436.443510][ T8835] BTRFS info (device loop1): disabling free space tree [ 436.450898][ T8835] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 436.461393][ T8835] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 436.500539][ T8835] BTRFS info (device loop1): enabling ssd optimizations [ 436.509691][ T8835] BTRFS info (device loop1): turning on async discard [ 436.517226][ T8835] BTRFS info (device loop1): enabling disk space caching [ 436.524552][ T8835] BTRFS info (device loop1): force clearing of disk cache [ 436.531836][ T8835] BTRFS info (device loop1): use zstd compression, level 3 [ 436.921791][ T5783] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 437.725853][ T8872] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1025'. [ 438.026077][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 438.231289][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 438.271609][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 438.283329][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 438.293626][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 438.507918][ T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 438.517838][ T10] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 438.528705][ T10] usb 6-1: Manufacturer: syz [ 438.801836][ T10] usb 6-1: config 0 descriptor?? [ 438.828146][ T8886] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1030'. [ 439.293267][ T10] appleir 0003:05AC:8243.000A: unknown main item tag 0x0 [ 439.430298][ T10] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 439.585165][ T10] usb 6-1: USB disconnect, device number 2 [ 440.801393][ T8897] loop1: detected capacity change from 0 to 32768 [ 440.809885][ T8894] fido_id[8894]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 440.942181][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 440.950069][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 440.962207][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 440.970252][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 440.978119][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 440.987770][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 440.996728][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 441.004477][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 441.014423][ T5834] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 441.026957][ T8897] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 441.460333][ T8897] XFS (loop1): Ending clean mount [ 441.474009][ T8897] XFS (loop1): Quotacheck needed: Please wait. [ 441.512553][ T5834] hid-generic 0103:0004:0000.000B: hidraw0: HID v0.02 Device [syz0] on syz1 [ 441.737013][ T8897] XFS (loop1): Quotacheck: Done. [ 441.840093][ T5783] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 442.216578][ T8915] loop2: detected capacity change from 0 to 4096 [ 442.291629][ T8918] fido_id[8918]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 443.006830][ T8921] loop5: detected capacity change from 0 to 8192 [ 443.016229][ T8933] loop4: detected capacity change from 0 to 512 [ 443.132613][ T8933] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 443.273652][ T8933] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1045: invalid indirect mapped block 4294967295 (level 1) [ 443.342847][ T8933] EXT4-fs (loop4): Remounting filesystem read-only [ 443.406275][ T8933] EXT4-fs (loop4): 2 truncates cleaned up [ 443.414340][ T8933] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 444.017237][ T5784] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.702132][ T8966] loop5: detected capacity change from 0 to 1024 [ 445.751894][ T8968] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 445.853906][ T8966] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 446.370245][ T6929] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 446.382839][ T8977] loop1: detected capacity change from 0 to 512 [ 446.490267][ T8977] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 446.564894][ T8977] ext4 filesystem being mounted at /198/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 446.912984][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.471615][ T8995] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 448.173171][ T9006] loop2: detected capacity change from 0 to 128 [ 448.265692][ T9006] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 448.417652][ T9006] ext4 filesystem being mounted at /215/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 448.944281][ T9018] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 448.951411][ T9018] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 449.017846][ T5782] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 449.026019][ T9019] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1077'. [ 449.112174][ T9019] hsr_slave_0: left promiscuous mode [ 449.150316][ T9019] hsr_slave_1: left promiscuous mode [ 450.176406][ T9038] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1087'. [ 450.731419][ T9034] loop4: detected capacity change from 0 to 32768 [ 450.741170][ T9034] xfs: Deprecated parameter 'attr2' [ 450.746730][ T9034] XFS: attr2 mount option is deprecated. [ 450.828797][ T9034] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 450.853584][ T9035] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 451.113962][ T9034] XFS (loop4): Ending clean mount [ 451.149774][ T9034] XFS (loop4): Quotacheck needed: Please wait. [ 451.293111][ T9034] XFS (loop4): Quotacheck: Done. [ 451.455958][ T5784] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 452.103906][ T9060] loop5: detected capacity change from 0 to 32768 [ 452.180813][ T9060] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 452.404963][ T9060] XFS (loop5): Ending clean mount [ 452.435606][ T9060] XFS (loop5): Metadata CRC error detected at xfs_allocbt_read_verify+0xaf/0x2c0, xfs_bnobt block 0x8 [ 452.454453][ T9060] XFS (loop5): Unmount and run xfs_repair [ 452.460385][ T9060] XFS (loop5): First 128 bytes of corrupted metadata buffer: [ 452.469044][ T9060] 00000000: 41 42 33 42 7f 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 452.478344][ T9060] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 452.487608][ T9060] 00000020: 98 62 11 a9 7d 00 4e bf a5 76 e3 de 63 fa 2c bd .b..}.N..v..c.,. [ 452.496786][ T9060] 00000030: 00 00 00 00 c7 f0 f3 da 00 00 04 4e 00 00 00 02 ...........N.... [ 452.505998][ T9060] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 452.518667][ T9060] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 452.527905][ T9060] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 452.537087][ T9060] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 452.546349][ T9060] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x8 len 8 error 74 [ 452.561406][ T9060] XFS (loop5): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x740/0xe60 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 452.576625][ T9060] XFS (loop5): Please unmount the filesystem and rectify the problem(s) [ 452.715779][ T9074] netlink: 'syz.1.1094': attribute type 12 has an invalid length. [ 452.724150][ T9074] netlink: 'syz.1.1094': attribute type 29 has an invalid length. [ 452.732852][ T9074] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1094'. [ 452.742383][ T9074] netlink: 'syz.1.1094': attribute type 1 has an invalid length. [ 452.905259][ T6929] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 453.632694][ T9080] loop1: detected capacity change from 0 to 128 [ 453.835245][ T9080] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 453.980333][ T9080] ext4 filesystem being mounted at /205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 454.593953][ T5783] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 455.470272][ T9093] loop5: detected capacity change from 0 to 4096 [ 456.279097][ T9115] overlayfs: failed to clone lowerpath [ 456.666695][ T9105] loop4: detected capacity change from 0 to 40427 [ 456.684354][ T9105] F2FS-fs (loop4): Invalid log blocks per segment (1) [ 456.691456][ T9105] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 456.702952][ T9105] F2FS-fs (loop4): Image doesn't support compression [ 456.709982][ T9105] F2FS-fs (loop4): build fault injection rate: 690 [ 456.716987][ T9105] F2FS-fs (loop4): build fault injection type: 0x35f7 [ 456.735518][ T9104] loop1: detected capacity change from 0 to 512 [ 456.764667][ T9104] EXT4-fs: Ignoring removed oldalloc option [ 456.815361][ T9105] F2FS-fs (loop4): invalid crc value [ 456.832683][ T9104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 457.148281][ T9105] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 457.170808][ T9105] F2FS-fs (loop4): Start checkpoint disabled! [ 457.209289][ T9105] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 457.232830][ T9105] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 457.240226][ T9105] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 457.274916][ T9105] syz.4.1108: attempt to access beyond end of device [ 457.274916][ T9105] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 457.683529][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 459.667547][ T9141] loop4: detected capacity change from 0 to 32768 [ 459.705412][ T9141] (syz.4.1115,9141,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 459.727405][ T9141] (syz.4.1115,9141,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 459.785446][ T9134] loop5: detected capacity change from 0 to 4096 [ 459.847003][ T9141] JBD2: Ignoring recovery information on journal [ 459.913622][ T9143] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1121'. [ 459.917647][ T9134] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 459.999266][ T9141] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 460.027935][ T9134] ntfs3(loop5): ino=3, mi_enum_attr [ 460.448731][ T5784] ocfs2: Unmounting device (7,4) on (node local) [ 461.024452][ T30] audit: type=1326 audit(1770023812.354:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.193463][ T30] audit: type=1326 audit(1770023812.414:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.216341][ T30] audit: type=1326 audit(1770023812.414:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.239486][ T30] audit: type=1326 audit(1770023812.414:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.264039][ T30] audit: type=1326 audit(1770023812.434:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.287158][ T30] audit: type=1326 audit(1770023812.434:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.310232][ T30] audit: type=1326 audit(1770023812.444:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.333014][ T30] audit: type=1326 audit(1770023812.444:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.355763][ T30] audit: type=1326 audit(1770023812.444:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 461.380413][ T30] audit: type=1326 audit(1770023812.464:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9151 comm="syz.3.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f561fb9aeb9 code=0x7ffc0000 [ 462.804145][ T9168] overlayfs: invalid origin (000000790066696c6530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 463.031670][ T9172] loop4: detected capacity change from 0 to 512 [ 463.156648][ T9172] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 463.191888][ T9172] ext4 filesystem being mounted at /223/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 463.265837][ T9172] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1124: corrupted inode contents [ 463.300552][ T9172] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #2: comm syz.4.1124: mark_inode_dirty error [ 463.354777][ T6797] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 463.365628][ T9172] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1124: corrupted inode contents [ 463.414846][ T5834] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 463.459766][ T9180] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1124: corrupted inode contents [ 463.517086][ T9180] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #2: comm syz.4.1124: mark_inode_dirty error [ 463.567721][ T6797] usb 2-1: Using ep0 maxpacket: 8 [ 463.573584][ T9180] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1124: corrupted inode contents [ 463.611768][ T9183] loop2: detected capacity change from 0 to 128 [ 463.630072][ T9180] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.1124: mark_inode_dirty error [ 463.632643][ T6797] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 463.647618][ T5834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.651525][ T6797] usb 2-1: config 1 has no interface number 0 [ 463.662947][ T5834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.678510][ T5834] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 463.691778][ T5834] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 463.701135][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.730292][ T9180] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1124: corrupted inode contents [ 463.755682][ T9183] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 463.769485][ T9180] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #2: comm syz.4.1124: mark_inode_dirty error [ 463.788102][ T9183] hpfs: filesystem error: improperly stopped [ 463.794621][ T9183] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 463.802737][ T9183] hpfs: You really don't want any checks? You are crazy... [ 463.827883][ T6797] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.839283][ T6797] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 463.864597][ T9181] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1124: corrupted inode contents [ 463.879918][ T9183] hpfs: hpfs_map_sector(): read error [ 463.885649][ T9183] hpfs: code page support is disabled [ 463.909151][ T6797] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40 [ 463.918814][ T6797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.927031][ T5834] usb 6-1: config 0 descriptor?? [ 463.934022][ T6797] usb 2-1: Product: syz [ 463.939022][ T6797] usb 2-1: Manufacturer: syz [ 463.943793][ T6797] usb 2-1: SerialNumber: syz [ 463.961135][ T9183] hpfs: hpfs_map_4sectors(): unaligned read [ 463.977102][ T9183] hpfs: hpfs_map_4sectors(): unaligned read [ 463.983268][ T9183] hpfs: filesystem error: unable to find root dir [ 464.440726][ T5784] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 464.550754][ T5834] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 464.757781][ T5834] usb 6-1: USB disconnect, device number 3 [ 464.888056][ T6797] cdc_ncm 2-1:1.1: bind() failure [ 465.146965][ T5834] usb 2-1: USB disconnect, device number 11 [ 465.335359][ T9195] sctp: [Deprecated]: syz.3.1141 (pid 9195) Use of struct sctp_assoc_value in delayed_ack socket option. [ 465.335359][ T9195] Use struct sctp_sack_info instead [ 466.207071][ T9197] loop2: detected capacity change from 0 to 32768 [ 466.296666][ T9197] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 466.360201][ T9193] fido_id[9193]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 466.613833][ T9197] XFS (loop2): Ending clean mount [ 466.630420][ T9197] XFS (loop2): Quotacheck needed: Please wait. [ 466.709238][ T9197] XFS (loop2): Quotacheck: Done. [ 467.070376][ T5782] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 467.391474][ T9224] loop5: detected capacity change from 0 to 1024 [ 467.458337][ T9224] EXT4-fs: Ignoring removed orlov option [ 467.634757][ T9224] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 467.777170][ T9231] loop4: detected capacity change from 0 to 1024 [ 467.991191][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 467.991265][ T30] audit: type=1804 audit(1770023819.324:26): pid=9231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1153" name="/newroot/226/file1/file1" dev="loop4" ino=20 res=1 errno=0 [ 468.212188][ T6929] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 469.048009][ T9235] loop1: detected capacity change from 0 to 32768 [ 469.080737][ T1135] hfsplus: b-tree write err: -5, ino 4 [ 469.205091][ T9235] XFS (loop1): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 469.857892][ T9235] XFS (loop1): Starting recovery (logdev: internal) [ 469.939667][ T9235] XFS (loop1): Ending recovery (logdev: internal) [ 470.144548][ T5783] XFS (loop1): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 470.315836][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.322527][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 471.625362][ T9266] loop2: detected capacity change from 0 to 32768 [ 471.635174][ T9266] xfs: Deprecated parameter 'attr2' [ 471.640546][ T9266] XFS: attr2 mount option is deprecated. [ 471.771370][ T9266] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 471.958694][ T9266] XFS (loop2): Ending clean mount [ 471.972290][ T9266] XFS (loop2): Quotacheck needed: Please wait. [ 472.056251][ T9266] XFS (loop2): Quotacheck: Done. [ 472.413879][ T5782] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 472.617395][ T9290] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 472.624147][ T9290] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 472.634999][ T9290] vhci_hcd vhci_hcd.0: Device attached [ 472.721724][ T9293] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(6) [ 472.728487][ T9293] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 472.738394][ T9293] vhci_hcd vhci_hcd.0: Device attached [ 472.787277][ T9290] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(5) [ 472.794011][ T9290] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 472.802573][ T9290] vhci_hcd vhci_hcd.0: Device attached [ 472.867883][ T9293] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(8) [ 472.874624][ T9293] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 472.883012][ T9293] vhci_hcd vhci_hcd.0: Device attached [ 472.907198][ T5834] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 472.945227][ T9303] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(13) [ 472.952045][ T9303] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 472.960174][ T9303] vhci_hcd vhci_hcd.0: Device attached [ 473.048464][ T9301] vhci_hcd: connection closed [ 473.049692][ T49] vhci_hcd vhci_hcd.1: stop threads [ 473.049916][ T9294] vhci_hcd: connection closed [ 473.054979][ T49] vhci_hcd vhci_hcd.1: release socket [ 473.062113][ T9291] vhci_hcd: connection reset by peer [ 473.065106][ T49] vhci_hcd vhci_hcd.1: disconnect device [ 473.070521][ T9297] vhci_hcd: connection closed [ 473.082106][ T9304] vhci_hcd: connection closed [ 473.181742][ T49] vhci_hcd vhci_hcd.1: stop threads [ 473.192398][ T49] vhci_hcd vhci_hcd.1: release socket [ 473.198933][ T49] vhci_hcd vhci_hcd.1: disconnect device [ 473.243651][ T49] vhci_hcd vhci_hcd.1: stop threads [ 473.249481][ T49] vhci_hcd vhci_hcd.1: release socket [ 473.256535][ T49] vhci_hcd vhci_hcd.1: disconnect device [ 473.340617][ T49] vhci_hcd vhci_hcd.1: stop threads [ 473.348844][ T49] vhci_hcd vhci_hcd.1: release socket [ 473.355008][ T49] vhci_hcd vhci_hcd.1: disconnect device [ 473.409352][ T49] vhci_hcd vhci_hcd.1: stop threads [ 473.415038][ T49] vhci_hcd vhci_hcd.1: release socket [ 473.420911][ T49] vhci_hcd vhci_hcd.1: disconnect device [ 474.407590][ T9325] loop5: detected capacity change from 0 to 512 [ 474.492381][ T9325] EXT4-fs: Ignoring removed oldalloc option [ 475.004670][ T9323] loop2: detected capacity change from 0 to 40427 [ 475.062578][ T9323] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 475.070648][ T9323] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 475.092379][ T9323] F2FS-fs (loop2): invalid crc value [ 475.461635][ T9323] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 475.513204][ T9323] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 475.520844][ T9323] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 475.537746][ T9325] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 476.141250][ T6929] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.431281][ T9339] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1187'. [ 478.116432][ T5834] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 478.230108][ T9366] loop2: detected capacity change from 0 to 512 [ 478.435978][ T9366] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 478.545916][ T9366] ext4 filesystem being mounted at /239/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 479.851557][ T9366] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.1194: corrupted inode contents [ 480.234860][ T9366] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #2: comm syz.2.1194: mark_inode_dirty error [ 480.589763][ T9366] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.1194: corrupted inode contents [ 480.825845][ T9414] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.1194: corrupted inode contents [ 480.951606][ T9414] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #2: comm syz.2.1194: mark_inode_dirty error [ 481.016220][ T9414] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.1194: corrupted inode contents [ 481.072130][ T9414] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1194: mark_inode_dirty error [ 481.157717][ T9414] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.1194: corrupted inode contents [ 481.235644][ T9414] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #2: comm syz.2.1194: mark_inode_dirty error [ 481.323481][ T9418] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.1194: corrupted inode contents [ 481.616466][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 482.168836][ T9475] loop5: detected capacity change from 0 to 16 [ 482.256118][ T9475] erofs (device loop5): mounted with root inode @ nid 36. [ 483.117734][ T9492] loop6: detected capacity change from 0 to 7 [ 483.175463][ T9492] Dev loop6: unable to read RDB block 7 [ 483.181537][ T9492] loop6: unable to read partition table [ 483.202284][ T9493] GUP no longer grows the stack in syz.2.1218 (9493): 200000004000-20000000a000 (200000002000) [ 483.213891][ T9493] CPU: 0 UID: 0 PID: 9493 Comm: syz.2.1218 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 483.214057][ T9493] Tainted: [L]=SOFTLOCKUP [ 483.214106][ T9493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 483.214184][ T9493] Call Trace: [ 483.214233][ T9493] [ 483.214278][ T9493] __dump_stack+0x26/0x30 [ 483.214440][ T9493] dump_stack_lvl+0x14c/0x1c0 [ 483.214594][ T9493] dump_stack+0x1e/0x25 [ 483.214730][ T9493] __get_user_pages+0x44ea/0x5f00 [ 483.214884][ T9493] ? kmsan_get_metadata+0xf1/0x160 [ 483.215086][ T9493] ? filter_irq_stacks+0x13f/0x190 [ 483.215243][ T9493] ? kmsan_get_metadata+0xf1/0x160 [ 483.215462][ T9493] get_user_pages_remote+0x468/0x1390 [ 483.215624][ T9493] ? stack_depot_save_flags+0x35/0x790 [ 483.215766][ T9493] ? kmsan_get_metadata+0xf1/0x160 [ 483.215966][ T9493] ? access_remote_vm+0x4e/0x70 [ 483.216128][ T9493] __access_remote_vm+0x2f8/0xfe0 [ 483.216382][ T9493] access_remote_vm+0x4e/0x70 [ 483.216551][ T9493] proc_pid_cmdline_read+0xac1/0x1a30 [ 483.216754][ T9493] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 483.216900][ T9493] vfs_readv+0x931/0xf30 [ 483.217060][ T9493] ? kmsan_get_metadata+0xf1/0x160 [ 483.217234][ T9493] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 483.217474][ T9493] __x64_sys_preadv+0x2a3/0x510 [ 483.217659][ T9493] x64_sys_call+0x3033/0x3e70 [ 483.217826][ T9493] do_syscall_64+0xc9/0xf80 [ 483.217980][ T9493] ? clear_bhb_loop+0x40/0x90 [ 483.218121][ T9493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.218272][ T9493] RIP: 0033:0x7fbc1d79aeb9 [ 483.218466][ T9493] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 483.218585][ T9493] RSP: 002b:00007fbc1e5e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 483.218716][ T9493] RAX: ffffffffffffffda RBX: 00007fbc1da15fa0 RCX: 00007fbc1d79aeb9 [ 483.218812][ T9493] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 483.218894][ T9493] RBP: 00007fbc1d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 483.218975][ T9493] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 483.219055][ T9493] R13: 00007fbc1da16038 R14: 00007fbc1da15fa0 R15: 00007fffb8716158 [ 483.219185][ T9493] [ 483.459290][ T9492] loop6: partition table beyond EOD, truncated [ 483.465848][ T9492] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 484.623817][ T9511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1226'. [ 485.004040][ T9520] loop1: detected capacity change from 0 to 128 [ 485.363506][ T9524] loop5: detected capacity change from 0 to 2048 [ 485.493042][ T9524] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 485.525649][ T9524] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 485.535366][ T9524] UDF-fs: Scanning with blocksize 512 failed [ 485.608251][ T9524] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 485.729691][ T30] audit: type=1800 audit(1770023837.064:27): pid=9524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1232" name="file1" dev="loop5" ino=838 res=0 errno=0 [ 486.317235][ T9536] fuse: Bad value for 'fd' [ 486.855496][ T9540] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1241'. [ 486.865267][ T9542] loop1: detected capacity change from 0 to 512 [ 486.997652][ T9542] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 487.072697][ T9542] ext4 filesystem being mounted at /232/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 487.602605][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 487.795097][ T9558] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 487.801840][ T9558] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 487.810507][ T9558] vhci_hcd vhci_hcd.0: Device attached [ 487.906379][ T9561] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(6) [ 487.913127][ T9561] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 487.921105][ T9561] vhci_hcd vhci_hcd.0: Device attached [ 487.941925][ T9558] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(5) [ 487.948669][ T9558] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 487.957884][ T9558] vhci_hcd vhci_hcd.0: Device attached [ 488.004454][ T9561] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(8) [ 488.011199][ T9561] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 488.019308][ T9561] vhci_hcd vhci_hcd.0: Device attached [ 488.065070][ T9571] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(10) [ 488.071899][ T9571] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 488.080188][ T9571] vhci_hcd vhci_hcd.0: Device attached [ 488.114701][ T6797] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 488.181182][ T9566] vhci_hcd: connection closed [ 488.181731][ T9569] vhci_hcd: connection closed [ 488.192519][ T9573] vhci_hcd: connection closed [ 488.205151][ T5891] vhci_hcd vhci_hcd.4: stop threads [ 488.215692][ T5891] vhci_hcd vhci_hcd.4: release socket [ 488.221312][ T5891] vhci_hcd vhci_hcd.4: disconnect device [ 488.229329][ T9559] vhci_hcd: connection reset by peer [ 488.238232][ T9562] vhci_hcd: connection closed [ 488.275836][ T5891] vhci_hcd vhci_hcd.4: stop threads [ 488.286386][ T5891] vhci_hcd vhci_hcd.4: release socket [ 488.293900][ T5891] vhci_hcd vhci_hcd.4: disconnect device [ 488.366681][ T9578] loop2: detected capacity change from 0 to 256 [ 488.414921][ T5891] vhci_hcd vhci_hcd.4: stop threads [ 488.420526][ T5891] vhci_hcd vhci_hcd.4: release socket [ 488.427126][ T5891] vhci_hcd vhci_hcd.4: disconnect device [ 488.489284][ T5891] vhci_hcd vhci_hcd.4: stop threads [ 488.494857][ T5891] vhci_hcd vhci_hcd.4: release socket [ 488.501574][ T5891] vhci_hcd vhci_hcd.4: disconnect device [ 488.585383][ T5891] vhci_hcd vhci_hcd.4: stop threads [ 488.590797][ T5891] vhci_hcd vhci_hcd.4: release socket [ 488.596988][ T5891] vhci_hcd vhci_hcd.4: disconnect device [ 488.608110][ T9578] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 491.266361][ T5834] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 491.482665][ T5834] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 491.492253][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.500894][ T5834] usb 2-1: Product: syz [ 491.505719][ T5834] usb 2-1: Manufacturer: syz [ 491.510505][ T5834] usb 2-1: SerialNumber: syz [ 491.623049][ T5834] usb 2-1: config 0 descriptor?? [ 491.910309][ T10] usb 2-1: USB disconnect, device number 12 [ 492.328289][ T6158] udevd[6158]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 492.515018][ T5834] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 492.635787][ T9642] loop5: detected capacity change from 0 to 4096 [ 492.675135][ T9642] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 492.729193][ T5834] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 492.741203][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 492.753046][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 492.763248][ T5834] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 492.776964][ T5834] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 492.786402][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.999792][ T5834] usb 5-1: config 0 descriptor?? [ 493.162391][ T9649] raw_sendmsg: syz.1.1284 forgot to set AF_INET. Fix it! [ 493.291159][ T9652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1285'. [ 493.569069][ T5834] hid_parser_main: 2 callbacks suppressed [ 493.569169][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.590518][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.598612][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.606459][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.614112][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.624551][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.632232][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.641513][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.649301][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 493.657109][ T5834] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 494.087716][ T9651] loop2: detected capacity change from 0 to 40427 [ 494.100779][ T6797] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 494.126693][ T9651] F2FS-fs (loop2): invalid crc value [ 494.477317][ T9651] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 494.490083][ T9651] F2FS-fs (loop2): Start checkpoint disabled! [ 494.517619][ T5834] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 494.575549][ T9651] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 494.587067][ T9651] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 494.593780][ T5834] usb 5-1: USB disconnect, device number 9 [ 495.041015][ T9435] kworker/u8:26: attempt to access beyond end of device [ 495.041015][ T9435] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 495.058033][ T9435] CPU: 0 UID: 0 PID: 9435 Comm: kworker/u8:26 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 495.058198][ T9435] Tainted: [L]=SOFTLOCKUP [ 495.058246][ T9435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 495.058346][ T9435] Workqueue: writeback wb_workfn (flush-7:2) [ 495.058504][ T9435] Call Trace: [ 495.058551][ T9435] [ 495.058601][ T9435] __dump_stack+0x26/0x30 [ 495.058747][ T9435] dump_stack_lvl+0x14c/0x1c0 [ 495.058910][ T9435] dump_stack+0x1e/0x25 [ 495.059047][ T9435] f2fs_handle_critical_error+0xa6f/0xc20 [ 495.059280][ T9435] f2fs_stop_checkpoint+0x65/0x80 [ 495.059412][ T9435] f2fs_write_end_io+0x1013/0x2470 [ 495.059608][ T9435] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 495.059743][ T9435] bio_endio+0xf92/0x10e0 [ 495.059890][ T9435] submit_bio_noacct+0x200d/0x2960 [ 495.060095][ T9435] submit_bio+0x57a/0x620 [ 495.060235][ T9435] f2fs_submit_write_bio+0x92/0x250 [ 495.060431][ T9435] __submit_merged_bio+0x16f/0x6a0 [ 495.060601][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 495.060798][ T9435] __submit_merged_write_cond+0x44a/0x990 [ 495.061000][ T9435] f2fs_write_data_pages+0x4d18/0x57a0 [ 495.061282][ T9435] ? f2fs_balance_fs_bg+0x11ee/0x1250 [ 495.061456][ T9435] ? stack_depot_save_flags+0x35/0x790 [ 495.061597][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.061783][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.061963][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 495.062159][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.062337][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.062519][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 495.062705][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.062886][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 495.063075][ T9435] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 495.063211][ T9435] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 495.063345][ T9435] do_writepages+0x3f2/0x860 [ 495.063488][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 495.063677][ T9435] ? queue_io+0x721/0x790 [ 495.063811][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.064025][ T9435] __writeback_single_inode+0x101/0x1180 [ 495.064193][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.064370][ T9435] writeback_sb_inodes+0xb2d/0x1f10 [ 495.064609][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 495.064817][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 495.065018][ T9435] wb_writeback+0x4d0/0xc00 [ 495.065179][ T9435] ? queue_io+0x421/0x790 [ 495.065332][ T9435] wb_workfn+0x397/0x1900 [ 495.065460][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 495.065664][ T9435] ? __pfx_wb_workfn+0x10/0x10 [ 495.065787][ T9435] process_scheduled_works+0xae7/0x1d60 [ 495.066045][ T9435] worker_thread+0x1741/0x1de0 [ 495.066266][ T9435] kthread+0xd5a/0xf00 [ 495.066402][ T9435] ? __pfx_worker_thread+0x10/0x10 [ 495.066606][ T9435] ? __pfx_kthread+0x10/0x10 [ 495.066736][ T9435] ret_from_fork+0x207/0x6f0 [ 495.066910][ T9435] ? __switch_to+0x521/0x750 [ 495.067060][ T9435] ? __pfx_kthread+0x10/0x10 [ 495.067198][ T9435] ret_from_fork_asm+0x1a/0x30 [ 495.067400][ T9435] [ 495.369160][ T9435] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 495.909419][ T9670] Invalid argument reading file caps for ./file0 [ 495.927384][ T9663] fido_id[9663]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 496.318371][ T9674] input: syz1 as /devices/virtual/input/input9 [ 496.985448][ T6797] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 497.188240][ T6797] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 497.199035][ T6797] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 497.231224][ T6797] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 497.240988][ T6797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 497.249389][ T6797] usb 5-1: SerialNumber: syz [ 497.577464][ T6797] usb 5-1: 0:2 : does not exist [ 497.892151][ T6797] usb 5-1: USB disconnect, device number 10 [ 498.095733][ T9696] vivid-000: disconnect [ 498.159283][ T9695] vivid-000: reconnect [ 498.207196][ T6158] udevd[6158]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 498.382633][ T9698] bond0: option lp_interval: invalid value (18446744073709551612) [ 498.390938][ T9698] bond0: option lp_interval: allowed values 1 - 2147483647 [ 499.191135][ T30] audit: type=1326 audit(1770023850.524:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.289746][ T30] audit: type=1326 audit(1770023850.554:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.313169][ T30] audit: type=1326 audit(1770023850.554:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.335939][ T30] audit: type=1326 audit(1770023850.554:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.360153][ T30] audit: type=1326 audit(1770023850.554:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.383393][ T30] audit: type=1326 audit(1770023850.554:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.406225][ T30] audit: type=1326 audit(1770023850.564:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.428828][ T30] audit: type=1326 audit(1770023850.564:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.451135][ T9717] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1313'. [ 499.451553][ T30] audit: type=1326 audit(1770023850.564:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 499.484948][ T30] audit: type=1326 audit(1770023850.564:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9713 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc1d79aeb9 code=0x7ffc0000 [ 500.347920][ T9733] loop2: detected capacity change from 0 to 1024 [ 500.369946][ T9731] veth1_to_hsr: entered promiscuous mode [ 500.391720][ T9731] macvlan2: entered promiscuous mode [ 500.766136][ T5891] hfsplus: b-tree write err: -5, ino 4 [ 501.165324][ T6797] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 501.203334][ T9743] loop2: detected capacity change from 0 to 2048 [ 501.262254][ T9743] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 501.281680][ T9743] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 501.290028][ T9743] UDF-fs: Scanning with blocksize 512 failed [ 501.371880][ T9743] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 501.382794][ T6797] usb 2-1: config 0 interface 0 has no altsetting 0 [ 501.390019][ T6797] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 501.401095][ T6797] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.450002][ T6797] usb 2-1: config 0 descriptor?? [ 502.209026][ T9756] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 502.290049][ T9756] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 502.373808][ T6797] video4linux radio48: keene_cmd_main failed (-71) [ 502.381012][ T6797] radio-keene 2-1:0.0: V4L2 device registered as radio48 [ 502.455178][ T6797] usb 2-1: USB disconnect, device number 13 [ 504.393527][ T9762] loop4: detected capacity change from 0 to 65536 [ 504.518025][ T9762] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 504.640587][ T9762] XFS (loop4): Ending clean mount [ 504.669718][ T9762] XFS (loop4): Quotacheck needed: Please wait. [ 504.707555][ T9762] XFS (loop4): Quotacheck: Done. [ 504.738823][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 504.738898][ T30] audit: type=1800 audit(1770023856.054:48): pid=9762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1332" name="file2" dev="loop4" ino=39 res=0 errno=0 [ 505.141432][ T5784] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 510.000020][ T9854] loop2: detected capacity change from 0 to 256 [ 510.303419][ T9851] loop1: detected capacity change from 0 to 4096 [ 510.340760][ T9851] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 510.573577][ T9851] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 510.928732][ T6797] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 511.171580][ T6797] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 511.181953][ T6797] usb 5-1: config 0 interface 0 has no altsetting 0 [ 511.291220][ T6797] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 511.302050][ T6797] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 511.311484][ T6797] usb 5-1: Product: syz [ 511.316045][ T6797] usb 5-1: Manufacturer: syz [ 511.320871][ T6797] usb 5-1: SerialNumber: syz [ 511.457098][ T6797] usb 5-1: config 0 descriptor?? [ 511.577649][ T6797] usb 5-1: selecting invalid altsetting 0 [ 511.710027][ T9875] netlink: 'syz.1.1377': attribute type 2 has an invalid length. [ 511.816134][ T6797] usb 5-1: USB disconnect, device number 11 [ 512.241795][ T7829] udevd[7829]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 512.963883][ T9884] o2cb: This node has not been configured. [ 512.972007][ T9884] o2cb: Cluster check failed. Fix errors before retrying. [ 512.980279][ T9884] (syz.4.1382,9884,0):user_dlm_register:674 ERROR: status = -22 [ 512.988514][ T9884] (syz.4.1382,9884,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "bus" [ 512.995333][ T9882] loop1: detected capacity change from 0 to 32768 [ 513.144863][ T9882] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 513.343094][ T9882] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50. [ 513.485439][ T9882] XFS (loop1): Ending clean mount [ 513.793326][ T5783] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 514.461658][ T9904] loop4: detected capacity change from 0 to 64 [ 515.359517][ T9917] loop2: detected capacity change from 0 to 128 [ 515.462167][ T9917] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 515.547175][ T9917] hpfs: filesystem error: improperly stopped [ 515.553382][ T9917] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 515.561571][ T9917] hpfs: You really don't want any checks? You are crazy... [ 515.664443][ T9917] hpfs: hpfs_map_sector(): read error [ 515.669994][ T9917] hpfs: code page support is disabled [ 515.721557][ T9917] hpfs: hpfs_map_4sectors(): unaligned read [ 515.790868][ T9917] hpfs: hpfs_map_4sectors(): unaligned read [ 515.797068][ T9917] hpfs: filesystem error: unable to find root dir [ 517.392102][ T9933] loop1: detected capacity change from 0 to 32768 [ 517.485596][ T9933] [ 517.485596][ T9933] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 517.485596][ T9933] [ 517.695723][ T5783] [ 517.695723][ T5783] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 517.695723][ T5783] [ 517.742937][ T5783] [ 517.742937][ T5783] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 517.742937][ T5783] [ 518.471364][ T9948] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1408'. [ 518.495517][ T9950] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 518.975620][ T5834] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 519.194442][ T5834] usb 2-1: Using ep0 maxpacket: 32 [ 519.258823][ T5834] usb 2-1: config 0 has no interfaces? [ 519.265360][ T5834] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 519.275017][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.386916][ T5834] usb 2-1: config 0 descriptor?? [ 519.520715][ T9960] loop4: detected capacity change from 0 to 256 [ 519.664063][ T9962] loop2: detected capacity change from 0 to 512 [ 519.719544][ T5834] usb 2-1: USB disconnect, device number 14 [ 519.737443][ T9960] exFAT-fs (loop4): failed to test first cluster bit of root dir(5) [ 519.789282][ T9962] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 519.951324][ T9962] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 21) has entry past directory size at pos 128 [ 520.002866][ T9965] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 21) has entry past directory size at pos 128 [ 520.116163][ T9964] loop5: detected capacity change from 0 to 1024 [ 520.765112][ T9411] hfsplus: b-tree write err: -5, ino 4 [ 520.804865][ T5834] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 521.008040][ T9969] loop1: detected capacity change from 0 to 512 [ 521.027811][ T5834] usb 5-1: Using ep0 maxpacket: 32 [ 521.076255][ T5834] usb 5-1: config 0 has an invalid interface number: 172 but max is 0 [ 521.084822][ T5834] usb 5-1: config 0 has no interface number 0 [ 521.098492][ T9969] EXT4-fs: Ignoring removed i_version option [ 521.105258][ T9969] EXT4-fs: Ignoring removed bh option [ 521.181926][ T5834] usb 5-1: config 0 interface 172 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 521.310487][ T5834] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 521.320323][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.329004][ T5834] usb 5-1: Product: syz [ 521.333528][ T5834] usb 5-1: Manufacturer: syz [ 521.338554][ T5834] usb 5-1: SerialNumber: syz [ 521.627294][ T5834] usb 5-1: config 0 descriptor?? [ 521.722717][ T5834] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 521.732740][ T9969] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 521.801584][ T9969] ext4 filesystem being mounted at /268/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 522.571205][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 522.905693][ T5834] input: gspca_pac7302 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input10 [ 523.487251][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.495127][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.502553][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.510327][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.521197][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.530202][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.539586][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.549006][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.566431][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.574414][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.581872][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.591661][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.599253][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.607599][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.614827][ T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 523.615183][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.631831][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.640294][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.647757][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.655472][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.662965][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.670620][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.678576][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.686151][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.693606][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.701347][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.708781][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.716320][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.726346][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.733768][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.741359][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.748806][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.756317][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.763710][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.771284][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.778663][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.786214][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.793960][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.804472][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.811971][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.820791][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.832318][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.842117][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.849711][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.857251][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.864758][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.872253][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.880298][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.888024][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.895807][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.903257][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.911036][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.918440][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.926200][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.935512][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.944104][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.947956][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 523.951826][ T5834] usb 5-1: USB disconnect, device number 12 [ 523.956369][ C1] gspca_pac7302 5-1:0.172: URB error -71, resubmitting [ 523.956444][ C1] gspca_main: Resubmit URB failed with error -19 [ 524.080737][ T10] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 524.121357][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 524.132868][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 524.143648][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 524.154141][ T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 524.167737][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 524.177253][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.778339][T10000] loop4: detected capacity change from 0 to 512 [ 524.804647][ T10] usb 2-1: usb_control_msg returned -32 [ 524.810517][ T10] usbtmc 2-1:16.0: can't read capabilities [ 524.816420][T10002] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1429'. [ 526.551892][ T5834] usb 2-1: USB disconnect, device number 15 [ 527.065257][T10026] loop8: detected capacity change from 0 to 8 [ 527.083799][T10026] Dev loop8: unable to read RDB block 8 [ 527.090084][T10026] loop8: unable to read partition table [ 527.099035][T10026] loop8: partition table beyond EOD, truncated [ 527.108629][T10026] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 528.246256][T10019] loop4: detected capacity change from 0 to 32768 [ 528.256034][T10019] xfs: Deprecated parameter 'attr2' [ 528.261510][T10019] XFS: attr2 mount option is deprecated. [ 528.352161][T10033] netlink: 'syz.1.1437': attribute type 4 has an invalid length. [ 528.405275][T10019] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 528.721649][T10019] XFS (loop4): Ending clean mount [ 528.773016][T10019] XFS (loop4): Quotacheck needed: Please wait. [ 528.844433][T10019] XFS (loop4): Quotacheck: Done. [ 528.954830][ T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 528.993237][ T5784] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 529.176488][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 529.218218][ T10] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 529.226785][ T10] usb 2-1: config 0 has no interface number 0 [ 529.299347][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 529.309157][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.317612][ T10] usb 2-1: Product: syz [ 529.322080][ T10] usb 2-1: Manufacturer: syz [ 529.327035][ T10] usb 2-1: SerialNumber: syz [ 529.438079][ T10] usb 2-1: config 0 descriptor?? [ 529.691210][ T10] uvcvideo 2-1:0.31: probe with driver uvcvideo failed with error -22 [ 529.765613][ T10] usb 2-1: USB disconnect, device number 16 [ 531.676722][T10084] loop2: detected capacity change from 0 to 512 [ 531.746506][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.753319][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 531.918699][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 532.163191][ T10] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 532.173691][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 532.269840][ T10] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 532.279942][ T10] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 532.288525][ T10] usb 6-1: Product: syz [ 532.292879][ T10] usb 6-1: Manufacturer: syz [ 532.297887][ T10] usb 6-1: SerialNumber: syz [ 532.412815][ T10] usb 6-1: config 0 descriptor?? [ 532.461952][ T10] usb 6-1: selecting invalid altsetting 0 [ 532.567000][T10093] loop2: detected capacity change from 0 to 128 [ 532.720265][ T5834] usb 6-1: USB disconnect, device number 4 [ 532.856326][T10092] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 532.865407][T10092] FAT-fs (loop2): Filesystem has been set read-only [ 532.937639][T10097] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1466'. [ 532.949289][T10097] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1466'. [ 533.032365][T10097] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1466'. [ 533.043506][T10097] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1466'. [ 533.162700][ T7829] udevd[7829]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 533.441781][T10101] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1468'. [ 533.736045][ T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 533.990417][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 534.004536][ T10] usb 3-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 534.013805][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.096491][ T10] usb 3-1: config 0 descriptor?? [ 534.412896][T10116] loop4: detected capacity change from 0 to 512 [ 534.483696][T10116] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 534.586949][T10116] EXT4-fs (loop4): 1 truncate cleaned up [ 534.593408][ T10] waltop 0003:172F:0501.000E: unbalanced collection at end of report description [ 534.620207][ T10] waltop 0003:172F:0501.000E: probe with driver waltop failed with error -22 [ 534.642945][T10116] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 534.669434][T10116] EXT4-fs (loop4): shut down requested (1) [ 534.792158][ T10] usb 3-1: USB disconnect, device number 10 [ 534.850158][ T5784] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 535.490484][ T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 535.738505][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 535.766164][ T6797] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 535.795155][ T10] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 535.845241][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 535.855796][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 535.866141][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 535.876944][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 535.890534][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 535.900088][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.107027][ T6797] usb 2-1: Using ep0 maxpacket: 8 [ 536.123021][ T6797] usb 2-1: too many endpoints for config 0 interface 0 altsetting 33: 193, using maximum allowed: 30 [ 536.164654][ T6797] usb 2-1: config 0 interface 0 altsetting 33 has 1 endpoint descriptor, different from the interface descriptor's value: 193 [ 536.179278][ T6797] usb 2-1: config 0 interface 0 has no altsetting 0 [ 536.186542][ T6797] usb 2-1: New USB device found, idVendor=056a, idProduct=00fa, bcdDevice= 0.00 [ 536.196440][ T6797] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.449453][ T6797] usb 2-1: config 0 descriptor?? [ 536.568113][ T10] usb 5-1: usb_control_msg returned -32 [ 536.574612][ T10] usbtmc 5-1:16.0: can't read capabilities [ 536.935426][ T6797] wacom 0003:056A:00FA.000F: unbalanced collection at end of report description [ 536.982281][ T6797] wacom 0003:056A:00FA.000F: parse failed [ 536.988999][ T6797] wacom 0003:056A:00FA.000F: probe with driver wacom failed with error -22 [ 537.219524][T10140] loop5: detected capacity change from 0 to 512 [ 537.784921][ T5793] Bluetooth: hci0: unexpected event for opcode 0x1004 [ 537.869797][ T5834] usb 2-1: USB disconnect, device number 17 [ 538.241060][T10140] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.345179][T10140] ext4 filesystem being mounted at /201/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 538.426296][T10140] EXT4-fs (loop5): shut down requested (1) [ 538.441987][T10140] EXT4-fs (loop5): resizing filesystem from 256 to 2 blocks [ 538.449982][T10140] EXT4-fs warning (device loop5): ext4_resize_fs:2042: can't shrink FS - resize aborted [ 538.471031][ T24] usb 5-1: USB disconnect, device number 13 [ 538.555253][ T5834] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 538.633158][ T6929] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.751849][ T5834] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 538.762468][ T5834] usb 2-1: config 0 interface 0 has no altsetting 0 [ 538.855519][ T5834] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 538.865004][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 538.873362][ T5834] usb 2-1: Product: syz [ 538.880025][ T5834] usb 2-1: Manufacturer: syz [ 538.885909][ T5834] usb 2-1: SerialNumber: syz [ 538.949904][ T5834] usb 2-1: config 0 descriptor?? [ 539.886390][T10157] loop5: detected capacity change from 0 to 40427 [ 539.987746][ T5834] usb 2-1: selecting invalid altsetting 0 [ 540.093322][T10161] loop2: detected capacity change from 0 to 32768 [ 540.129719][T10157] F2FS-fs (loop5): invalid crc value [ 540.157418][T10161] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 540.433304][T10157] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 540.484080][T10157] F2FS-fs (loop5): Start checkpoint disabled! [ 540.524127][ T5834] usb 2-1: USB disconnect, device number 18 [ 540.639977][T10157] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0 [ 540.649488][T10157] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 541.071411][ T6397] udevd[6397]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 541.578233][ T9408] kworker/u8:16: attempt to access beyond end of device [ 541.578233][ T9408] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 541.593228][ T9408] CPU: 0 UID: 0 PID: 9408 Comm: kworker/u8:16 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 541.593394][ T9408] Tainted: [L]=SOFTLOCKUP [ 541.593447][ T9408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 541.593562][ T9408] Workqueue: writeback wb_workfn (flush-7:5) [ 541.593712][ T9408] Call Trace: [ 541.593760][ T9408] [ 541.593810][ T9408] __dump_stack+0x26/0x30 [ 541.594009][ T9408] dump_stack_lvl+0x14c/0x1c0 [ 541.594158][ T9408] dump_stack+0x1e/0x25 [ 541.594291][ T9408] f2fs_handle_critical_error+0xa6f/0xc20 [ 541.594513][ T9408] f2fs_stop_checkpoint+0x65/0x80 [ 541.594655][ T9408] f2fs_write_end_io+0x1013/0x2470 [ 541.594841][ T9408] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 541.594974][ T9408] bio_endio+0xf92/0x10e0 [ 541.595117][ T9408] submit_bio_noacct+0x200d/0x2960 [ 541.595309][ T9408] submit_bio+0x57a/0x620 [ 541.595453][ T9408] f2fs_submit_write_bio+0x92/0x250 [ 541.595638][ T9408] __submit_merged_bio+0x16f/0x6a0 [ 541.595807][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.595999][ T9408] __submit_merged_write_cond+0x44a/0x990 [ 541.596198][ T9408] f2fs_write_data_pages+0x4d18/0x57a0 [ 541.596457][ T9408] ? rb_commit+0x1d0/0xbb0 [ 541.596610][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.596788][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.596958][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.597127][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.597305][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.597476][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.597654][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.597830][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.597994][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.598161][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.598330][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.598497][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.598677][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.598845][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.599019][ T9408] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 541.599149][ T9408] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 541.599278][ T9408] do_writepages+0x3f2/0x860 [ 541.599412][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.599598][ T9408] ? queue_io+0x721/0x790 [ 541.599726][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.599912][ T9408] __writeback_single_inode+0x101/0x1180 [ 541.600064][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.600247][ T9408] writeback_sb_inodes+0xb2d/0x1f10 [ 541.600492][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.600697][ T9408] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 541.600881][ T9408] wb_writeback+0x4d0/0xc00 [ 541.601033][ T9408] ? queue_io+0x421/0x790 [ 541.601179][ T9408] wb_workfn+0x397/0x1900 [ 541.601298][ T9408] ? kmsan_get_metadata+0xf1/0x160 [ 541.601492][ T9408] ? __pfx_wb_workfn+0x10/0x10 [ 541.601615][ T9408] process_scheduled_works+0xae7/0x1d60 [ 541.601838][ T9408] worker_thread+0x1741/0x1de0 [ 541.602053][ T9408] kthread+0xd5a/0xf00 [ 541.602172][ T9408] ? __pfx_worker_thread+0x10/0x10 [ 541.602352][ T9408] ? __pfx_kthread+0x10/0x10 [ 541.602473][ T9408] ret_from_fork+0x207/0x6f0 [ 541.602638][ T9408] ? __switch_to+0x521/0x750 [ 541.602777][ T9408] ? __pfx_kthread+0x10/0x10 [ 541.602900][ T9408] ret_from_fork_asm+0x1a/0x30 [ 541.603086][ T9408] [ 541.624130][T10164] loop4: detected capacity change from 0 to 65536 [ 541.629971][ T9408] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 541.800605][ T5793] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 541.915914][T10161] XFS (loop2): Ending clean mount [ 541.922216][T10161] XFS (loop2): Quotacheck needed: Please wait. [ 541.990519][ T5793] Bluetooth: hci0: Injecting HCI hardware error event [ 542.000651][ T5793] Bluetooth: hci0: hardware error 0x00 [ 542.033085][T10164] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 542.091332][T10164] XFS (loop4): Ending clean mount [ 542.100303][T10164] XFS (loop4): Quotacheck needed: Please wait. [ 542.231145][T10164] XFS (loop4): Quotacheck: Done. [ 542.344658][ T30] audit: type=1800 audit(1770023893.664:49): pid=10164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1494" name="bus" dev="loop4" ino=42 res=0 errno=0 [ 542.401390][T10161] XFS (loop2): Quotacheck: Done. [ 542.608301][ T5784] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 542.746034][ T5782] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 544.045062][ T5793] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 544.890384][T10203] loop5: detected capacity change from 0 to 40427 [ 545.018048][T10208] loop2: detected capacity change from 0 to 32768 [ 545.097956][T10208] (syz.2.1505,10208,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 545.112330][T10203] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010) [ 545.121787][T10203] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 545.132113][T10203] F2FS-fs (loop5): Image doesn't support compression [ 545.139227][T10203] F2FS-fs (loop5): build fault injection type: 0x4 [ 545.152067][T10208] (syz.2.1505,10208,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 545.249292][T10203] F2FS-fs (loop5): invalid crc value [ 545.576890][T10203] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 545.606052][T10203] F2FS-fs (loop5): Start checkpoint disabled! [ 545.655837][T10203] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0 [ 545.686107][T10203] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 545.693606][T10203] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 545.709493][T10208] JBD2: Ignoring recovery information on journal [ 545.802728][T10210] loop4: detected capacity change from 0 to 32768 [ 545.824980][T10210] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1504 (10210) [ 545.918160][T10210] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 545.929246][T10210] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 545.938350][T10210] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 545.964943][T10208] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 546.374628][ T30] audit: type=1800 audit(1770023897.644:50): pid=10208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1505" name="file1" dev="loop2" ino=16978 res=0 errno=0 [ 546.396487][ T30] audit: type=1804 audit(1770023897.664:51): pid=10224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1505" name="/newroot/296/file0/file1" dev="loop2" ino=16978 res=1 errno=0 [ 546.841153][T10210] BTRFS info (device loop4): rebuilding free space tree [ 546.896572][T10210] BTRFS info (device loop4): disabling free space tree [ 546.903912][T10210] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 546.914740][T10210] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 546.955804][T10210] BTRFS info (device loop4): checking UUID tree [ 546.997877][T10210] BTRFS warning (device loop4): failed to start uuid_rescan task [ 547.006186][T10210] BTRFS warning (device loop4): failed to check the UUID tree: -4 [ 547.132480][T10210] BTRFS error (device loop4): open_ctree failed: -4 [ 547.257679][ T5782] ocfs2: Unmounting device (7,2) on (node local) [ 549.014001][T10249] loop1: detected capacity change from 0 to 128 [ 549.134064][T10249] EXT4-fs: Ignoring removed nobh option [ 549.331664][T10249] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 549.439128][T10249] ext4 filesystem being mounted at /288/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 549.878425][ T6797] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 549.976044][ T5783] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 550.105065][ T6797] usb 3-1: Using ep0 maxpacket: 32 [ 550.130258][ T6797] usb 3-1: config 0 interface 0 has no altsetting 0 [ 550.154935][ T6797] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 550.164877][ T6797] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.173075][ T6797] usb 3-1: Product: syz [ 550.177709][ T6797] usb 3-1: Manufacturer: syz [ 550.182474][ T6797] usb 3-1: SerialNumber: syz [ 550.317135][ T6797] usb 3-1: config 0 descriptor?? [ 550.787643][ T6797] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 551.446014][ T6797] usb 3-1: USB disconnect, device number 11 [ 552.429842][T10287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1528'. [ 552.695175][T10290] binder: 10289:10290 ioctl c0306201 200000000480 returned -14 [ 554.578481][T10319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'. [ 555.116082][T10326] loop5: detected capacity change from 0 to 1024 [ 556.333065][T10345] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.1553'. [ 557.013015][T10354] loop5: detected capacity change from 0 to 128 [ 557.043717][T10354] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 557.122361][T10354] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 559.702340][T10394] loop4: detected capacity change from 0 to 1024 [ 559.723504][T10394] EXT4-fs: Ignoring removed mblk_io_submit option [ 560.677808][T10396] loop1: detected capacity change from 0 to 40427 [ 560.695249][T10396] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 560.702069][T10396] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 560.733169][T10394] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 561.110659][T10396] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 561.140783][T10413] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1582'. [ 561.197259][T10396] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 561.207455][T10396] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 561.327766][ T5784] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 563.034598][ T6797] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 563.230569][ T6797] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 563.239307][ T6797] usb 2-1: config 0 has no interface number 0 [ 563.294718][ T6797] usb 2-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 563.306451][ T6797] usb 2-1: config 0 interface 67 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 563.455437][ T6797] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 563.465177][ T6797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.473368][ T6797] usb 2-1: Product: syz [ 563.477980][ T6797] usb 2-1: Manufacturer: syz [ 563.482745][ T6797] usb 2-1: SerialNumber: syz [ 563.627679][ T6797] usb 2-1: config 0 descriptor?? [ 563.635451][T10429] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 563.643318][T10429] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 563.676735][T10438] loop5: detected capacity change from 0 to 64 [ 563.712303][ T6797] smsc95xx v2.0.0 [ 563.972444][T10429] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 564.034143][T10429] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 564.690505][T10451] loop4: detected capacity change from 0 to 128 [ 565.030536][ T6797] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71 [ 565.041915][ T6797] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 565.128765][T10453] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1600'. [ 565.131567][ T6797] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 565.220558][ T6797] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 565.252583][T10456] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1600'. [ 565.311368][ T6797] usb 2-1: USB disconnect, device number 19 [ 566.743289][T10461] loop2: detected capacity change from 0 to 40427 [ 566.850212][T10461] F2FS-fs (loop2): invalid crc value [ 567.120264][T10461] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 567.131486][T10461] F2FS-fs (loop2): Start checkpoint disabled! [ 567.160161][T10461] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 567.175732][T10461] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 567.576381][ T9435] kworker/u8:26: attempt to access beyond end of device [ 567.576381][ T9435] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 567.591078][ T9435] CPU: 0 UID: 0 PID: 9435 Comm: kworker/u8:26 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 567.591246][ T9435] Tainted: [L]=SOFTLOCKUP [ 567.591299][ T9435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 567.591402][ T9435] Workqueue: writeback wb_workfn (flush-7:2) [ 567.591559][ T9435] Call Trace: [ 567.591607][ T9435] [ 567.591663][ T9435] __dump_stack+0x26/0x30 [ 567.591820][ T9435] dump_stack_lvl+0x14c/0x1c0 [ 567.591979][ T9435] dump_stack+0x1e/0x25 [ 567.592120][ T9435] f2fs_handle_critical_error+0xa6f/0xc20 [ 567.592346][ T9435] f2fs_stop_checkpoint+0x65/0x80 [ 567.592485][ T9435] f2fs_write_end_io+0x1013/0x2470 [ 567.592680][ T9435] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 567.592820][ T9435] bio_endio+0xf92/0x10e0 [ 567.592964][ T9435] submit_bio_noacct+0x200d/0x2960 [ 567.593156][ T9435] submit_bio+0x57a/0x620 [ 567.593306][ T9435] f2fs_submit_write_bio+0x92/0x250 [ 567.593488][ T9435] __submit_merged_bio+0x16f/0x6a0 [ 567.593665][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.593870][ T9435] __submit_merged_write_cond+0x44a/0x990 [ 567.594071][ T9435] f2fs_write_data_pages+0x4d18/0x57a0 [ 567.594322][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.594503][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.594682][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.594860][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.595037][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.595207][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.595366][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.595534][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.595711][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.595878][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.596055][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.596219][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.596387][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.596570][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.596748][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.596915][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.597092][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.597272][ T9435] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 567.597419][ T9435] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 567.597569][ T9435] do_writepages+0x3f2/0x860 [ 567.597712][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.597902][ T9435] ? queue_io+0x721/0x790 [ 567.598039][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.598238][ T9435] __writeback_single_inode+0x101/0x1180 [ 567.598399][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.598593][ T9435] writeback_sb_inodes+0xb2d/0x1f10 [ 567.598846][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.599054][ T9435] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 567.599250][ T9435] wb_writeback+0x4d0/0xc00 [ 567.599411][ T9435] ? queue_io+0x421/0x790 [ 567.599566][ T9435] wb_workfn+0x397/0x1900 [ 567.599698][ T9435] ? kmsan_get_metadata+0xf1/0x160 [ 567.599904][ T9435] ? __pfx_wb_workfn+0x10/0x10 [ 567.600029][ T9435] process_scheduled_works+0xae7/0x1d60 [ 567.600267][ T9435] worker_thread+0x1741/0x1de0 [ 567.600488][ T9435] kthread+0xd5a/0xf00 [ 567.600615][ T9435] ? __pfx_worker_thread+0x10/0x10 [ 567.600858][ T9435] ? __pfx_kthread+0x10/0x10 [ 567.600982][ T9435] ret_from_fork+0x207/0x6f0 [ 567.601152][ T9435] ? __switch_to+0x521/0x750 [ 567.601302][ T9435] ? __pfx_kthread+0x10/0x10 [ 567.601435][ T9435] ret_from_fork_asm+0x1a/0x30 [ 567.601630][ T9435] [ 567.940696][ T9435] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 569.476920][ T6797] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 569.710139][ T6797] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 569.718879][ T6797] usb 2-1: config 0 has no interface number 0 [ 569.779322][ T6797] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 569.788982][ T6797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.798053][ T6797] usb 2-1: Product: syz [ 569.804431][ T6797] usb 2-1: Manufacturer: syz [ 569.809311][ T6797] usb 2-1: SerialNumber: syz [ 569.960424][ T6797] usb 2-1: config 0 descriptor?? [ 570.780006][T10497] loop5: detected capacity change from 0 to 65 [ 570.823123][T10497] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway [ 570.970929][ T30] audit: type=1804 audit(1770023922.304:52): pid=10497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1619" name=2F6E6577726F6F742F3232362FE91F7189591E9233614B2F627573 dev="loop5" ino=3 res=1 errno=0 [ 571.090787][ T6797] usb 2-1: Firmware version (0.0) predates our first public release. [ 571.099676][ T6797] usb 2-1: Please update to version 0.2 or newer [ 571.313581][ T6797] usb 2-1: USB disconnect, device number 20 [ 572.750479][T10503] loop5: detected capacity change from 0 to 32768 [ 573.505862][T10505] loop1: detected capacity change from 0 to 32768 [ 573.600534][T10505] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 573.619097][T10514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1608'. [ 573.632991][T10503] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 573.802885][T10514] ip6gretap0 (unregistering): left promiscuous mode [ 573.895690][T10505] XFS (loop1): Ending clean mount [ 573.924888][T10505] XFS (loop1): Quotacheck needed: Please wait. [ 574.015003][T10505] XFS (loop1): Quotacheck: Done. [ 574.040460][T10503] XFS (loop5): Ending clean mount [ 574.071023][T10503] XFS (loop5): Quotacheck needed: Please wait. [ 574.189420][T10503] XFS (loop5): Quotacheck: Done. [ 574.444609][ T5783] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 574.464009][ T5834] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 574.555765][ T6929] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 574.709224][ T5834] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 574.722291][ T5834] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 574.733447][ T5834] usb 5-1: config 1 interface 0 has no altsetting 0 [ 574.942131][ T5834] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 574.951644][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.960162][ T5834] usb 5-1: Product: syz [ 574.964640][ T5834] usb 5-1: Manufacturer: syz [ 574.969505][ T5834] usb 5-1: SerialNumber: syz [ 575.120035][T10529] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 575.138664][T10529] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 576.362834][ T5834] (unnamed net_device) (uninitialized): Assigned a random MAC address: 56:9c:3e:ef:26:92 [ 576.484773][ T5834] rtl8150 5-1:1.0: eth5: rtl8150 is detected [ 576.637279][ T5834] usb 5-1: USB disconnect, device number 14 [ 577.077691][ T30] audit: type=1326 audit(1770023928.384:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10546 comm="syz.1.1632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818d9aeb9 code=0x7fc00000 [ 580.159351][T10586] loop5: detected capacity change from 0 to 8 [ 580.286314][T10586] SQUASHFS error: lzo decompression failed, data probably corrupt [ 580.294994][T10586] SQUASHFS error: Failed to read block 0x91: -5 [ 580.301396][T10586] SQUASHFS error: Unable to read metadata cache entry [8f] [ 580.309061][T10586] SQUASHFS error: Unable to read inode 0x11f [ 580.890834][T10592] loop2: detected capacity change from 0 to 1024 [ 580.973922][T10592] EXT4-fs: Ignoring removed mblk_io_submit option [ 581.080977][T10592] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 581.668630][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 581.906430][T10607] mmap: syz.1.1653 (10607) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 582.052806][T10609] batadv_slave_1: entered promiscuous mode [ 582.086937][T10608] batadv_slave_1: left promiscuous mode [ 582.266567][T10611] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1656'. [ 582.739244][T10618] loop4: detected capacity change from 0 to 128 [ 582.817908][T10618] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 582.869282][T10618] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 583.293980][ T5784] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 584.783906][T10638] loop5: detected capacity change from 0 to 32768 [ 584.793702][T10638] btrfs: Deprecated parameter 'usebackuproot' [ 584.800190][T10638] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 584.813625][T10638] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1668 (10638) [ 584.845811][T10638] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 584.859264][T10638] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 585.006967][ T5891] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 585.021160][T10638] BTRFS error (device loop5): failed to load root extent [ 585.028763][T10638] BTRFS warning (device loop5): try to load backup roots slot 1 [ 585.045844][ T9441] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 585.059756][T10638] BTRFS warning (device loop5): couldn't read tree root [ 585.068930][T10638] BTRFS warning (device loop5): try to load backup roots slot 2 [ 585.078210][ T9441] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 585.089360][T10638] BTRFS warning (device loop5): couldn't read tree root [ 585.096736][T10638] BTRFS warning (device loop5): try to load backup roots slot 3 [ 585.130475][T10638] BTRFS info (device loop5): rebuilding free space tree [ 585.178673][T10638] BTRFS info (device loop5): checking UUID tree [ 585.188252][T10638] BTRFS info (device loop5): enabling ssd optimizations [ 585.196071][T10638] BTRFS info (device loop5): turning on sync discard [ 585.202922][T10638] BTRFS info (device loop5): enabling free space tree [ 585.210073][T10638] BTRFS info (device loop5): force clearing of disk cache [ 585.217548][T10638] BTRFS info (device loop5): enabling auto defrag [ 585.224151][T10638] BTRFS info (device loop5): trying to use backup root at mount time [ 585.232676][T10638] BTRFS info (device loop5): use zstd compression, level 3 [ 585.620095][ T6929] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 587.232143][T10679] loop2: detected capacity change from 0 to 128 [ 588.282744][T10690] loop1: detected capacity change from 0 to 512 [ 588.321083][T10692] trusted_key: syz.2.1683 sent an empty control message without MSG_MORE. [ 588.502860][T10690] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 588.695107][T10690] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 588.801755][ T30] audit: type=1804 audit(1770023940.134:54): pid=10690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1682" name="/newroot/320/file1/file1" dev="loop1" ino=15 res=1 errno=0 [ 589.305886][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 590.303454][T10720] loop5: detected capacity change from 0 to 128 [ 590.866698][T10717] loop2: detected capacity change from 0 to 32768 [ 590.959297][T10717] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 591.065294][T10717] XFS (loop2): Ending clean mount [ 591.077633][T10717] XFS (loop2): Quotacheck needed: Please wait. [ 591.176938][T10717] XFS (loop2): Quotacheck: Done. [ 591.209322][T10717] XFS (loop2): syz.2.1695 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 591.386383][ T5782] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 592.185584][T10745] Bluetooth: MGMT ver 1.23 [ 593.032643][T10755] loop2: detected capacity change from 0 to 128 [ 593.098370][T10755] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 593.164974][T10755] hpfs: filesystem error: improperly stopped [ 593.171423][T10755] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 593.179706][T10755] hpfs: You really don't want any checks? You are crazy... [ 593.192588][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 593.200725][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 593.311231][T10755] hpfs: hpfs_map_sector(): read error [ 593.317052][T10755] hpfs: code page support is disabled [ 593.415869][T10755] hpfs: hpfs_map_4sectors(): unaligned read [ 593.444975][T10755] hpfs: hpfs_map_4sectors(): unaligned read [ 593.451192][T10755] hpfs: filesystem error: unable to find root dir [ 593.567813][T10755] hpfs: hpfs_map_4sectors(): unaligned read [ 593.593838][T10755] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at aib [ 594.232521][T10767] ------------[ cut here ]------------ [ 594.238810][T10767] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x391/0x650, CPU#0: syz.5.1711/10767 [ 594.249965][T10767] Modules linked in: [ 594.254097][T10767] CPU: 0 UID: 0 PID: 10767 Comm: syz.5.1711 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 594.266175][T10767] Tainted: [L]=SOFTLOCKUP [ 594.270636][T10767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 594.282924][T10767] RIP: 0010:rate_control_rate_init+0x391/0x650 [ 594.290313][T10767] Code: b8 a0 f2 e9 a2 fd ff ff 8b 3a e8 ea b8 a0 f2 e9 b8 fd ff ff 89 df e8 de b8 a0 f2 4d 85 f6 0f 85 50 fe ff ff e8 70 ce f7 f1 90 <0f> 0b 90 e8 c7 7c cc f1 e9 43 01 00 00 8b 7d d4 e8 ba b8 a0 f2 e9 [ 594.310439][T10767] RSP: 0018:ffff888023ca31a8 EFLAGS: 00010283 [ 594.316923][T10767] RAX: ffffffff900594a0 RBX: 0000000000000000 RCX: 0000000000080000 [ 594.325258][T10767] RDX: ffffc90017000000 RSI: 00000000000002a1 RDI: 00000000000002a2 [ 594.333476][T10767] RBP: ffff888023ca3238 R08: ffffea000000000f R09: 0000000000000000 [ 594.341765][T10767] R10: ffff88812c2730e0 R11: 0000000000000002 R12: 0000000000000000 [ 594.350067][T10767] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88812ca73670 [ 594.358463][T10767] FS: 00007f4ac44736c0(0000) GS:ffff8881aa858000(0000) knlGS:0000000000000000 [ 594.367856][T10767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 594.374837][T10767] CR2: 00007f8c7d884000 CR3: 0000000099a74000 CR4: 00000000003526f0 [ 594.384841][T10767] Call Trace: [ 594.389296][T10767] [ 594.392423][T10767] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 594.398674][T10767] rate_control_rate_init_all_links+0x60/0x6f0 [ 594.405226][T10767] sta_apply_auth_flags+0x2a6/0x6e0 [ 594.410667][T10767] sta_apply_parameters+0x1c38/0x2260 [ 594.416692][T10767] ieee80211_add_station+0x72e/0x9f0 [ 594.422246][T10767] ? __pfx_ieee80211_add_station+0x10/0x10 [ 594.428488][T10767] rdev_add_station+0x80/0x3d0 [ 594.433528][T10767] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 594.439831][T10767] nl80211_new_station+0x361f/0x36e0 [ 594.445570][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 594.451021][T10767] ? rtnl_unlock+0x17/0x20 [ 594.455824][T10767] ? __pfx_nl80211_new_station+0x10/0x10 [ 594.461706][T10767] genl_family_rcv_msg_doit+0x338/0x3f0 [ 594.467694][T10767] genl_rcv_msg+0xac5/0xc00 [ 594.472427][T10767] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 594.478201][T10767] ? __pfx_nl80211_new_station+0x10/0x10 [ 594.485812][T10767] ? __pfx_nl80211_post_doit+0x10/0x10 [ 594.491564][T10767] netlink_rcv_skb+0x54d/0x680 [ 594.497402][T10767] ? __pfx_genl_rcv_msg+0x10/0x10 [ 594.502691][T10767] genl_rcv+0x41/0x60 [ 594.507111][T10767] ? __pfx_genl_rcv+0x10/0x10 [ 594.511998][T10767] netlink_unicast+0xf04/0x12b0 [ 594.517376][T10767] netlink_sendmsg+0x10b2/0x1250 [ 594.522608][T10767] ? __pfx_netlink_sendmsg+0x10/0x10 [ 594.528301][T10767] ? __pfx_netlink_sendmsg+0x10/0x10 [ 594.533809][T10767] ____sys_sendmsg+0xfe7/0x1080 [ 594.539166][T10767] ___sys_sendmsg+0x271/0x3b0 [ 594.544135][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 594.549633][T10767] ? __rcu_read_unlock+0x6c/0xd0 [ 594.555025][T10767] ? __fget_files+0x3b4/0x4a0 [ 594.559965][T10767] ? __fget_files+0x3b9/0x4a0 [ 594.565162][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 594.570564][T10767] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 594.576973][T10767] __x64_sys_sendmsg+0x211/0x3e0 [ 594.582154][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 594.589385][T10767] x64_sys_call+0x1c60/0x3e70 [ 594.595205][T10767] do_syscall_64+0xc9/0xf80 [ 594.599961][T10767] ? clear_bhb_loop+0x40/0x90 [ 594.605065][T10767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.611210][T10767] RIP: 0033:0x7f4ac359aeb9 [ 594.615963][T10767] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 594.636151][T10767] RSP: 002b:00007f4ac4473028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 594.645057][T10767] RAX: ffffffffffffffda RBX: 00007f4ac3815fa0 RCX: 00007f4ac359aeb9 [ 594.653235][T10767] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 594.661693][T10767] RBP: 00007f4ac3608c1f R08: 0000000000000000 R09: 0000000000000000 [ 594.670030][T10767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 594.678426][T10767] R13: 00007f4ac3816038 R14: 00007f4ac3815fa0 R15: 00007ffcca6553d8 [ 594.688442][T10767] [ 594.691618][T10767] ---[ end trace 0000000000000000 ]--- [ 595.033923][T10767] ------------[ cut here ]------------ [ 595.040041][T10767] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x391/0x650, CPU#0: syz.5.1711/10767 [ 595.051183][T10767] Modules linked in: [ 595.055584][T10767] CPU: 0 UID: 0 PID: 10767 Comm: syz.5.1711 Tainted: G W L syzkaller #0 PREEMPT(voluntary) [ 595.067514][T10767] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 595.072841][T10767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 595.083334][T10767] RIP: 0010:rate_control_rate_init+0x391/0x650 [ 595.090154][T10767] Code: b8 a0 f2 e9 a2 fd ff ff 8b 3a e8 ea b8 a0 f2 e9 b8 fd ff ff 89 df e8 de b8 a0 f2 4d 85 f6 0f 85 50 fe ff ff e8 70 ce f7 f1 90 <0f> 0b 90 e8 c7 7c cc f1 e9 43 01 00 00 8b 7d d4 e8 ba b8 a0 f2 e9 [ 595.111877][T10767] RSP: 0018:ffff888023ca3300 EFLAGS: 00010287 [ 595.119021][T10767] RAX: ffffffff900594a0 RBX: 0000000000000000 RCX: 0000000000080000 [ 595.127417][T10767] RDX: ffffc90017000000 RSI: 0000000000039f70 RDI: 0000000000039f71 [ 595.135707][T10767] RBP: ffff888023ca3390 R08: ffffea000000000f R09: 0000000000000000 [ 595.143848][T10767] R10: ffff88812c2730e0 R11: ffffffff81825630 R12: 0000000000000000 [ 595.152182][T10767] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88812ca73670 [ 595.160474][T10767] FS: 00007f4ac44736c0(0000) GS:ffff8881aa858000(0000) knlGS:0000000000000000 [ 595.169757][T10767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 595.176788][T10767] CR2: 000000110c483e5e CR3: 0000000099a74000 CR4: 00000000003526f0 [ 595.185121][T10767] Call Trace: [ 595.188526][T10767] [ 595.191604][T10767] rate_control_rate_init_all_links+0x60/0x6f0 [ 595.199765][T10767] ieee80211_add_station+0x98d/0x9f0 [ 595.206142][T10767] ? __pfx_ieee80211_add_station+0x10/0x10 [ 595.212204][T10767] rdev_add_station+0x80/0x3d0 [ 595.217370][T10767] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 595.223469][T10767] nl80211_new_station+0x361f/0x36e0 [ 595.229199][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 595.234900][T10767] ? rtnl_unlock+0x17/0x20 [ 595.239626][T10767] ? __pfx_nl80211_new_station+0x10/0x10 [ 595.245741][T10767] genl_family_rcv_msg_doit+0x338/0x3f0 [ 595.251614][T10767] genl_rcv_msg+0xac5/0xc00 [ 595.256506][T10767] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 595.262139][T10767] ? __pfx_nl80211_new_station+0x10/0x10 [ 595.268260][T10767] ? __pfx_nl80211_post_doit+0x10/0x10 [ 595.274027][T10767] netlink_rcv_skb+0x54d/0x680 [ 595.279323][T10767] ? __pfx_genl_rcv_msg+0x10/0x10 [ 595.284956][T10767] genl_rcv+0x41/0x60 [ 595.289156][T10767] ? __pfx_genl_rcv+0x10/0x10 [ 595.294059][T10767] netlink_unicast+0xf04/0x12b0 [ 595.299344][T10767] netlink_sendmsg+0x10b2/0x1250 [ 595.307047][T10767] ? __pfx_netlink_sendmsg+0x10/0x10 [ 595.312582][T10767] ? __pfx_netlink_sendmsg+0x10/0x10 [ 595.318259][T10767] ____sys_sendmsg+0xfe7/0x1080 [ 595.323452][T10767] ___sys_sendmsg+0x271/0x3b0 [ 595.328513][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 595.333961][T10767] ? __rcu_read_unlock+0x6c/0xd0 [ 595.339233][T10767] ? __fget_files+0x3b4/0x4a0 [ 595.344348][T10767] ? __fget_files+0x3b9/0x4a0 [ 595.349305][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 595.354899][T10767] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 595.360985][T10767] __x64_sys_sendmsg+0x211/0x3e0 [ 595.366330][T10767] ? kmsan_get_metadata+0xf1/0x160 [ 595.371738][T10767] x64_sys_call+0x1c60/0x3e70 [ 595.376985][T10767] do_syscall_64+0xc9/0xf80 [ 595.381723][T10767] ? clear_bhb_loop+0x40/0x90 [ 595.386813][T10767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.392931][T10767] RIP: 0033:0x7f4ac359aeb9 [ 595.397744][T10767] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 595.419556][T10767] RSP: 002b:00007f4ac4473028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 595.429005][T10767] RAX: ffffffffffffffda RBX: 00007f4ac3815fa0 RCX: 00007f4ac359aeb9 [ 595.437428][T10767] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 595.445721][T10767] RBP: 00007f4ac3608c1f R08: 0000000000000000 R09: 0000000000000000 [ 595.453960][T10767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.462280][T10767] R13: 00007f4ac3816038 R14: 00007f4ac3815fa0 R15: 00007ffcca6553d8 [ 595.470615][T10767] [ 595.473781][T10767] ---[ end trace 0000000000000000 ]--- [ 595.818310][T10775] loop1: detected capacity change from 0 to 40427 [ 595.836611][T10775] F2FS-fs (loop1): Invalid log blocks per segment (1) [ 595.843569][T10775] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 595.856086][T10775] F2FS-fs (loop1): Image doesn't support compression [ 595.863044][T10775] F2FS-fs (loop1): build fault injection rate: 690 [ 595.871210][T10775] F2FS-fs (loop1): build fault injection type: 0x35f7 [ 595.896346][T10775] F2FS-fs (loop1): invalid crc value [ 596.263105][T10775] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 596.288217][T10775] F2FS-fs (loop1): Start checkpoint disabled! [ 596.299335][T10775] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 596.315190][T10775] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 596.322433][T10775] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 596.398032][T10775] block device autoloading is deprecated and will be removed. [ 596.494780][ T6797] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 596.545638][T10786] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1728'. [ 596.682147][ T6797] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 596.694422][ T6797] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 596.703685][ T6797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.069260][ T6797] usb 5-1: config 0 descriptor?? [ 597.099275][T10780] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 597.290971][T10793] loop2: detected capacity change from 0 to 8 [ 597.330347][T10792] loop5: detected capacity change from 0 to 512 [ 597.498989][T10792] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.1722: Invalid inode bitmap blk 4 in block_group 0 [ 597.580921][T10792] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 597.723232][ T6797] elan 0003:04F3:0755.0010: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 597.820406][T10799] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 597.970143][ T24] usb 5-1: USB disconnect, device number 15 [ 598.421173][ T6929] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 598.746033][T10800] fido_id[10800]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 599.246070][ T24] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 599.452219][ T24] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 599.462729][ T24] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 599.478277][ T24] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 599.488469][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.904655][ T24] usb 6-1: usb_control_msg returned -32 [ 599.915153][ T24] usbtmc 6-1:16.0: can't read capabilities [ 600.260261][T10823] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90 [ 602.123496][ T24] usb 6-1: USB disconnect, device number 5 [ 602.379936][T10855] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1745'. [ 602.540798][T10862] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1749'. [ 602.567159][T10864] batadv_slave_1: entered promiscuous mode [ 602.579898][T10863] batadv_slave_1: left promiscuous mode [ 602.962146][T10870] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1752'. [ 603.098074][T10872] loop5: detected capacity change from 0 to 1024 [ 603.135589][T10872] EXT4-fs: inline encryption not supported [ 603.245834][T10872] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 603.842171][T10885] fuse: Bad value for 'fd' [ 604.012768][ T6929] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 604.745000][T10891] loop1: detected capacity change from 0 to 4096 [ 605.014745][ T6797] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 605.212791][ T6797] usb 6-1: Using ep0 maxpacket: 16 [ 605.264404][ T6797] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.276007][ T6797] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.286486][ T6797] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 605.299721][ T6797] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 605.309140][ T6797] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.422184][ T5891] ntfs3(loop1): ino=5, mi_enum_attr [ 605.429412][ T5891] ntfs3(loop1): ino=5, mi_enum_attr [ 605.547274][ T6797] usb 6-1: config 0 descriptor?? [ 605.605027][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 605.794446][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 605.823536][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 605.903401][ T24] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 605.913285][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.921698][ T24] usb 3-1: Product: syz [ 605.926407][ T24] usb 3-1: Manufacturer: syz [ 605.931224][ T24] usb 3-1: SerialNumber: syz [ 606.039916][ T24] usb 3-1: config 0 descriptor?? [ 606.055926][ T6797] microsoft 0003:045E:07DA.0011: ignoring exceeding usage max [ 606.075839][ T6797] microsoft 0003:045E:07DA.0011: ignoring exceeding usage max [ 606.083526][ T6797] microsoft 0003:045E:07DA.0011: usage index exceeded [ 606.090830][ T6797] microsoft 0003:045E:07DA.0011: item 0 0 2 2 parsing failed [ 606.232333][ T6797] microsoft 0003:045E:07DA.0011: parse failed [ 606.239243][ T6797] microsoft 0003:045E:07DA.0011: probe with driver microsoft failed with error -22 [ 606.348399][ T6797] usb 6-1: USB disconnect, device number 6 [ 606.622402][ T24] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 607.137252][ T24] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 607.213282][ T24] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 607.298783][ T24] usb 3-1: USB disconnect, device number 12 [ 607.723731][T10925] loop1: detected capacity change from 0 to 4096 [ 607.754132][T10925] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 608.035100][T10925] ntfs3(loop1): ino=1a, mi_enum_attr [ 608.040704][T10925] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 608.281870][T10938] netlink: 'syz.4.1780': attribute type 10 has an invalid length. [ 608.472012][T10933] bridge_slave_0: left allmulticast mode [ 608.478121][T10933] bridge_slave_0: left promiscuous mode [ 608.485935][T10933] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.710205][T10933] bridge_slave_1: left allmulticast mode [ 608.718313][T10933] bridge_slave_1: left promiscuous mode [ 608.725414][T10933] bridge0: port 2(bridge_slave_1) entered disabled state [ 608.936528][T10933] bond0: (slave bond_slave_0): Releasing backup interface [ 609.043876][T10933] bond0: (slave bond_slave_1): Releasing backup interface [ 609.215430][T10933] team0: Port device team_slave_0 removed [ 609.362163][T10933] team0: Port device team_slave_1 removed [ 609.412017][T10933] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 609.419865][T10933] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 609.472333][T10948] loop8: detected capacity change from 0 to 8 [ 609.502643][T10933] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 609.510836][T10933] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 609.555222][T10948] Dev loop8: unable to read RDB block 8 [ 609.561152][T10948] loop8: unable to read partition table [ 609.597932][T10948] loop8: partition table beyond EOD, truncated [ 609.604976][T10948] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 609.625020][T10933] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 609.692432][T10938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 609.772824][T10938] team0: Port device bond0 added [ 612.350438][T10962] loop5: detected capacity change from 0 to 65536 [ 612.418269][T10962] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 612.637846][T10990] loop2: detected capacity change from 0 to 8 [ 612.661647][T10962] XFS (loop5): Ending clean mount [ 612.772699][T10990] SQUASHFS error: xz decompression failed, data probably corrupt [ 612.779843][ T6929] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 612.780745][T10990] SQUASHFS error: Failed to read block 0x108: -5 [ 612.796052][T10990] SQUASHFS error: Unable to read metadata cache entry [106] [ 612.803587][T10990] SQUASHFS error: Unable to read inode 0x11f [ 613.291020][T10997] loop5: detected capacity change from 0 to 512 [ 613.431197][T10997] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 613.545967][T10997] ext4 filesystem being mounted at /263/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 613.780928][T10997] EXT4-fs error (device loop5): ext4_xattr_block_get:597: inode #12: comm syz.5.1805: corrupted xattr block 6: invalid header [ 613.866048][T10997] EXT4-fs (loop5): Remounting filesystem read-only [ 614.180330][ T6929] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.198553][ T9411] Quota error (device loop5): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 614.266513][ T9411] Quota error (device loop5): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 614.354871][ T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 614.608713][ T10] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 614.618229][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.736830][ T10] usb 5-1: config 0 descriptor?? [ 614.798439][ T10] cp210x 5-1:0.0: cp210x converter detected [ 615.233241][ T10] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 615.346294][ T10] usb 5-1: cp210x converter now attached to ttyUSB0 [ 615.513289][T10150] usb 5-1: USB disconnect, device number 16 [ 615.569971][T10150] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 615.691199][T10150] cp210x 5-1:0.0: device disconnected [ 617.033133][T11045] ------------[ cut here ]------------ [ 617.039965][T11045] WARNING: net/mac80211/iface.c:531 at ieee80211_do_stop+0x5a2/0x34e0, CPU#1: syz.5.1825/11045 [ 617.051111][T11045] Modules linked in: [ 617.055302][T11045] CPU: 1 UID: 0 PID: 11045 Comm: syz.5.1825 Tainted: G W L syzkaller #0 PREEMPT(voluntary) [ 617.067252][T11045] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 617.072596][T11045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 617.086465][T11045] RIP: 0010:ieee80211_do_stop+0x5a2/0x34e0 [ 617.093342][T11045] Code: 83 bd 70 ff ff ff 04 bf 00 00 00 00 0f 45 7d 90 45 84 e4 0f 45 7d 88 e8 dc 9d a1 f2 84 db 0f 84 b9 fe ff ff e8 6f b3 f8 f1 90 <0f> 0b 90 e9 b0 fe ff ff 44 89 f7 e8 9e 99 a1 f2 89 c7 e8 b7 9d a1 [ 617.115681][T11045] RSP: 0018:ffff8880519ff2a0 EFLAGS: 00010287 [ 617.121982][T11045] RAX: ffffffff9004afa1 RBX: 0000000000000001 RCX: 0000000000080000 [ 617.131039][T11045] RDX: ffffc90017000000 RSI: 000000000000185f RDI: 0000000000001860 [ 617.140879][T11045] RBP: ffff8880519ff410 R08: ffffea000000000f R09: 0000000000000001 [ 617.149201][T11045] R10: ffff8880511feee0 R11: ffffffff81000130 R12: ffff888053c6ce00 [ 617.159577][T11045] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000003 [ 617.168325][T11045] FS: 00007f4ac44736c0(0000) GS:ffff8881aa958000(0000) knlGS:0000000000000000 [ 617.178504][T11045] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 617.186505][T11045] CR2: 00007ffe53f8bd10 CR3: 0000000050ffa000 CR4: 00000000003526f0 [ 617.196561][T11045] Call Trace: [ 617.201691][T11045] [ 617.205659][T11045] ? kmsan_get_metadata+0xf1/0x160 [ 617.211065][T11045] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 617.219018][T11045] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 617.228355][T11045] ? ieee80211_stop_queues_by_reason+0x1d0/0x1f0 [ 617.237141][T11045] ieee80211_if_change_type+0x76a/0xf50 [ 617.242949][T11045] ? kmsan_get_metadata+0xf1/0x160 [ 617.248494][T11045] ieee80211_change_iface+0x76/0x660 [ 617.254036][T11045] ? kmsan_get_metadata+0xf1/0x160 [ 617.259548][T11045] ? __pfx_ieee80211_change_iface+0x10/0x10 [ 617.265812][T11045] cfg80211_change_iface+0x674/0x1180 [ 617.271469][T11045] nl80211_set_interface+0xf5c/0x1390 [ 617.277562][T11045] ? __pfx_nl80211_set_interface+0x10/0x10 [ 617.283624][T11045] genl_family_rcv_msg_doit+0x338/0x3f0 [ 617.289662][T11045] genl_rcv_msg+0xac5/0xc00 [ 617.295133][T11045] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 617.300768][T11045] ? __pfx_nl80211_set_interface+0x10/0x10 [ 617.307158][T11045] ? __pfx_nl80211_post_doit+0x10/0x10 [ 617.312921][T11045] netlink_rcv_skb+0x54d/0x680 [ 617.320304][T11045] ? __pfx_genl_rcv_msg+0x10/0x10 [ 617.326329][T11045] genl_rcv+0x41/0x60 [ 617.330548][T11045] ? __pfx_genl_rcv+0x10/0x10 [ 617.335643][T11045] netlink_unicast+0xf04/0x12b0 [ 617.340800][T11045] netlink_sendmsg+0x10b2/0x1250 [ 617.346136][T11045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.351906][T11045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.357598][T11045] ____sys_sendmsg+0xfe7/0x1080 [ 617.362701][T11045] ___sys_sendmsg+0x271/0x3b0 [ 617.368226][T11045] ? kmsan_get_metadata+0xf1/0x160 [ 617.373645][T11045] ? __rcu_read_unlock+0x6c/0xd0 [ 617.378987][T11045] ? __fget_files+0x3b4/0x4a0 [ 617.383924][T11045] ? __fget_files+0x3b9/0x4a0 [ 617.389074][T11045] ? kmsan_get_metadata+0xf1/0x160 [ 617.394697][T11045] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 617.400808][T11045] __x64_sys_sendmsg+0x211/0x3e0 [ 617.406162][T11045] ? kmsan_get_metadata+0xf1/0x160 [ 617.411567][T11045] x64_sys_call+0x1c60/0x3e70 [ 617.416824][T11045] do_syscall_64+0xc9/0xf80 [ 617.423804][T11045] ? clear_bhb_loop+0x40/0x90 [ 617.429603][T11045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.435904][T11045] RIP: 0033:0x7f4ac359aeb9 [ 617.440532][T11045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 617.461330][T11045] RSP: 002b:00007f4ac4473028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 617.470176][T11045] RAX: ffffffffffffffda RBX: 00007f4ac3815fa0 RCX: 00007f4ac359aeb9 [ 617.478460][T11045] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 617.486898][T11045] RBP: 00007f4ac3608c1f R08: 0000000000000000 R09: 0000000000000000 [ 617.495148][T11045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 617.503733][T11045] R13: 00007f4ac3816038 R14: 00007f4ac3815fa0 R15: 00007ffcca6553d8 [ 617.512161][T11045] [ 617.515471][T11045] ---[ end trace 0000000000000000 ]--- [ 617.845881][T11050] loop2: detected capacity change from 0 to 4096 [ 619.279764][T11067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1835'. [ 619.671725][T11071] macvlan0: entered promiscuous mode [ 620.897448][T11094] loop1: detected capacity change from 0 to 64 [ 621.630593][T11104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1854'. [ 622.475248][T11123] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 623.090205][T11133] loop4: detected capacity change from 0 to 1024 [ 623.187147][T11133] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 623.403095][T11133] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: comm syz.4.1866: inode #1919248754: comm syz.4.1866: iget: illegal inode # [ 623.491025][T11133] EXT4-fs (loop4): Remounting filesystem read-only [ 623.504650][T11133] EXT4-fs warning (device loop4): ext4_xattr_inode_inc_ref_all:1135: inode #19: comm syz.4.1866: cleanup dec ref error -30 [ 623.530585][T11133] EXT4-fs warning (device loop4): ext4_xattr_block_set:2200: inode #19: comm syz.4.1866: dec ref error=-30 [ 623.781084][ T5784] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.945643][ T9411] ===================================================== [ 623.953178][ T9411] BUG: KMSAN: uninit-value in n_tty_receive_buf_closing+0x77e/0xf00 [ 623.962330][ T9411] n_tty_receive_buf_closing+0x77e/0xf00 [ 623.968833][ T9411] n_tty_receive_buf_common+0x19c6/0x2610 [ 623.976357][ T9411] n_tty_receive_buf2+0x4c/0x60 [ 623.981992][ T9411] tty_ldisc_receive_buf+0xc6/0x2c0 [ 623.988145][ T9411] tty_port_default_receive_buf+0xd7/0x1a0 [ 623.994739][ T9411] flush_to_ldisc+0x43e/0xe40 [ 624.000126][ T9411] process_scheduled_works+0xae7/0x1d60 [ 624.006604][ T9411] worker_thread+0x1741/0x1de0 [ 624.012078][ T9411] kthread+0xd5a/0xf00 [ 624.016975][ T9411] ret_from_fork+0x207/0x6f0 [ 624.022299][ T9411] ret_from_fork_asm+0x1a/0x30 [ 624.027954][ T9411] [ 624.030867][ T9411] Uninit was created at: [ 624.035938][ T9411] __kmalloc_noprof+0xae9/0x1bf0 [ 624.041515][ T9411] __tty_buffer_request_room+0x3d4/0x7a0 [ 624.048029][ T9411] __tty_insert_flip_string_flags+0x157/0x6e0 [ 624.054912][ T9411] uart_insert_char+0x368/0x930 [ 624.060422][ T9411] serial8250_read_char+0x1ba/0x670 [ 624.066370][ T9411] serial8250_handle_irq+0x930/0x1110 [ 624.072355][ T9411] serial8250_default_handle_irq+0x116/0x370 [ 624.080088][ T9411] serial8250_interrupt+0xcb/0x420 [ 624.086073][ T9411] __handle_irq_event_percpu+0x118/0xed0 [ 624.092369][ T9411] handle_irq_event+0xe0/0x2a0 [ 624.097943][ T9411] handle_edge_irq+0x2a9/0xb30 [ 624.103351][ T9411] __common_interrupt+0x9d/0x180 [ 624.109519][ T9411] common_interrupt+0x94/0xb0 [ 624.115073][ T9411] asm_common_interrupt+0x2b/0x40 [ 624.120738][ T9411] [ 624.123610][ T9411] CPU: 0 UID: 0 PID: 9411 Comm: kworker/u8:17 Tainted: G W L syzkaller #0 PREEMPT(voluntary) [ 624.136217][ T9411] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 624.142000][ T9411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 624.152633][ T9411] Workqueue: events_unbound flush_to_ldisc [ 624.159262][ T9411] ===================================================== [ 624.167718][ T9411] Disabling lock debugging due to kernel taint [ 624.174389][ T9411] Kernel panic - not syncing: kmsan.panic set ... [ 624.180942][ T9411] CPU: 0 UID: 0 PID: 9411 Comm: kworker/u8:17 Tainted: G B W L syzkaller #0 PREEMPT(voluntary) [ 624.192697][ T9411] Tainted: [B]=BAD_PAGE, [W]=WARN, [L]=SOFTLOCKUP [ 624.199231][ T9411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 624.209590][ T9411] Workqueue: events_unbound flush_to_ldisc [ 624.215592][ T9411] Call Trace: [ 624.219012][ T9411] [ 624.222023][ T9411] __dump_stack+0x26/0x30 [ 624.226518][ T9411] dump_stack_lvl+0x50/0x1c0 [ 624.231278][ T9411] ? dump_stack+0x12/0x25 [ 624.235777][ T9411] dump_stack+0x1e/0x25 [ 624.240089][ T9411] vpanic+0x435/0xd40 [ 624.244244][ T9411] panic+0x15d/0x160 [ 624.248352][ T9411] kmsan_report+0x31a/0x320 [ 624.253058][ T9411] ? __msan_warning+0x1b/0x30 [ 624.257904][ T9411] ? n_tty_receive_buf_closing+0x77e/0xf00 [ 624.263918][ T9411] ? n_tty_receive_buf_common+0x19c6/0x2610 [ 624.270023][ T9411] ? n_tty_receive_buf2+0x4c/0x60 [ 624.275225][ T9411] ? tty_ldisc_receive_buf+0xc6/0x2c0 [ 624.280763][ T9411] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 624.286902][ T9411] ? flush_to_ldisc+0x43e/0xe40 [ 624.291894][ T9411] ? process_scheduled_works+0xae7/0x1d60 [ 624.297780][ T9411] ? worker_thread+0x1741/0x1de0 [ 624.302870][ T9411] ? kthread+0xd5a/0xf00 [ 624.307239][ T9411] ? ret_from_fork+0x207/0x6f0 [ 624.312159][ T9411] ? ret_from_fork_asm+0x1a/0x30 [ 624.317260][ T9411] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 624.323775][ T9411] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 624.330066][ T9411] ? common_interrupt+0x5e/0xb0 [ 624.335117][ T9411] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 624.340943][ T9411] ? virt_to_page_or_null+0x99/0x170 [ 624.346409][ T9411] ? kmsan_get_metadata+0xf1/0x160 [ 624.351699][ T9411] __msan_warning+0x1b/0x30 [ 624.356353][ T9411] n_tty_receive_buf_closing+0x77e/0xf00 [ 624.362313][ T9411] n_tty_receive_buf_common+0x19c6/0x2610 [ 624.368205][ T9411] ? finish_task_switch+0x141/0x8b0 [ 624.373725][ T9411] n_tty_receive_buf2+0x4c/0x60 [ 624.378740][ T9411] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 624.384520][ T9411] tty_ldisc_receive_buf+0xc6/0x2c0 [ 624.389910][ T9411] tty_port_default_receive_buf+0xd7/0x1a0 [ 624.395883][ T9411] flush_to_ldisc+0x43e/0xe40 [ 624.400761][ T9411] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 624.407351][ T9411] ? __pfx_flush_to_ldisc+0x10/0x10 [ 624.412705][ T9411] process_scheduled_works+0xae7/0x1d60 [ 624.418566][ T9411] worker_thread+0x1741/0x1de0 [ 624.423540][ T9411] kthread+0xd5a/0xf00 [ 624.427812][ T9411] ? __pfx_worker_thread+0x10/0x10 [ 624.433121][ T9411] ? __pfx_kthread+0x10/0x10 [ 624.437840][ T9411] ret_from_fork+0x207/0x6f0 [ 624.442599][ T9411] ? __switch_to+0x521/0x750 [ 624.447437][ T9411] ? __pfx_kthread+0x10/0x10 [ 624.452178][ T9411] ret_from_fork_asm+0x1a/0x30 [ 624.457139][ T9411] [ 624.460626][ T9411] Kernel Offset: disabled [ 624.464995][ T9411] Rebooting in 86400 seconds..