last executing test programs: 1m17.03420004s ago: executing program 2 (id=243): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2c2b01, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x1000100, 0x7, 0x6361, 0x805, 0x9, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x1}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008050}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x30004061}, 0x4000000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1m13.455761087s ago: executing program 2 (id=251): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000fc0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x173b2a7e, @mcast2, 0x19}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000800000000000000040000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5121b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a0100000000000000e28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c251112e2a59ea0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe91bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6c597eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e64103602000000db47d7990d5a007faccb2f86660079f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab2127cd472a2e4a7f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d8418351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="8857c5fc68d9", 0x6}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001540)=ANY=[], 0x310}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000600)="bc868b1f94d77ed4496d", 0xa}], 0x1}}], 0x4, 0x28048005) 1m13.063879105s ago: executing program 2 (id=253): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20d00, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0xff, 0xffffffff, 0xfffffffd, 0x7, "ff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f00000001c0)={0xffffef01, 0x6, 0x2823, 0xada1, 0x0, "65abe401feff800000000000006564db6600", 0x41}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)=0xd) 1m11.69026796s ago: executing program 2 (id=257): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x30}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2}}, {@nobh}, {@errors_remount}, {@i_version}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) (fail_nth: 1) 1m10.979928884s ago: executing program 2 (id=261): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./bus\x00', 0x1000840, &(0x7f0000000280)={[{@fat=@codepage={'codepage', 0x3d, '1251'}}, {@iocharset={'iocharset', 0x3d, 'cp949'}}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@shortname_mixed}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'macceltic'}}, {@shortname_lower}, {@uni_xlate}, {@numtail}, {@uni_xlate}, {@utf8no}]}, 0x3, 0x350, &(0x7f0000000c00)="$eJzs3U9oI1UYAPAvO2nSLqztQVgUhNGboGVb8aCnlqULi7moBP8cxOB2VZoqNBjsHpqtF/EoeNSTNw968LBnERTx5sGrK8iqeNC9Lbg4kmTSTJq02xWya9nf7xC+vvd9ee81QzOddF5fXYmNCzNx8fr1azE7W4ryytmVuFGKhUhi4HKMq0xoAwCOhxtZFn9lfUcsKU15SgDAlPXe/18/VWh575vD8jPv/gBw7OW//88dljN7UMfbU5kSADBlY9f/Hxnprox+1F8u/FUAAHBcPf/Sy8+s1iKeS9PZiM332/V2PZ4e9q9ejDejGetxJubjZkT/RKH7UOo9njtfWzuTpmknfl2IereiXY/Y7LTr/TOF1aRXX42lmI+FvD4/28iyLDn3ZW1tKe2JiMud3vixWWrXZ+JkPv5PJ2M9liON+8fqI87X1pbT/Anqm4P6TsTu8LpFd/6LMR8/vNb7/OJCdGsHpzW1tZ2lND2b1Ubq2/VqL6/vwCsgAAAAAAAAAAAAAAAAAAAAAADwnyymexb29r/Jhvv3LC5O6O/tj9Ovz/cH2u3vD5RVs8iyP999vP5BEiP7A+3fn6ddL8eJu7t0AAAAAAAAAAAAAAAAAAAA+N9obVei0Wyub7W2L20Ug85Wa/tERHRb3vru86/nYjznFkE5H6PQleZNlzYaWTJIzpKRnDxIuoMPWj67sjfjYk51bxUTp1E9uKvZPPXwLx8PWx5KBs/8zzAnickLTPZNoxhs3tef0u18o/aC5VvkXM2y7KDynVfGq6IUUb79F+7wIOsG315744EnWqef7LV8lfU9+tj8C1c/+vT3jUazO3L0XsHKVutmttHIv558sB0cJIXjpxT9oFI8EsqHle+OtjSSH/948cEPvz/a6Fmx5Z0JOUl/OV/s76r0g+6K93XNTRprZsLBP4Xg9CcrjSs7P/921KrCDwkbdQAAAAAAAAAAAAAAAAAAwB1RuFc8l9/sO3NY1VPPTn9mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDnDP//fyHYHWs5SvB3J8a7qutbrYjK3V4mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3uH8DAAD//27YbqM=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) (fail_nth: 1) 1m8.723763826s ago: executing program 2 (id=266): socket$inet6(0xa, 0x3, 0x3c) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x122) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000640)=ANY=[@ANYBLOB="004e7f0ace1e38dbf63009e371585c7cb407e94976ce6e5e30d1c2876772ae2033d56404ad5524fbaf28ac9b201c4e176fdb72517995343fcec788dd128ac45b3e0f1ca43b35fc307199a01230ed374b06b25f66e60751df707108d4e1404da3c8bc5b499a866ba065610e18c48c1578a92069b5beefa2bd73e27d10c3fd39b41b0f1e802d49b46205fc1eaaefdfb9d71d9a658d8d588c8b38eef72a0c386b845c57e528fbc5a3728bff76b15b22e23fce78a46ec5f556d10db65dc93659cc1aebd985354cd4618b92e4987764e1aa83180adfc215fb1dc43c83137b5abab425303e0259662579df0b66d7ec3292a66b6c4bbbdcacb8063611900c7aa2c6aa103cabd98da200a88800f615e9588991268928a336b537f965606ac48cd231714277c3005e27cc9e173812ef705da78ba16d83404bd3874367ef3ebf7d7894bd372a64a351609b3f8707caf2239f685d62ba6b4559821d2eb84831770b1f308452acfcde68ed38e8d71409d382c29b69b31acde376e151336dafc0937f6eaa8512a3df538674087e16540cabd42445748858ec3d83e8df9d8fa6eff5b31fce1a447883bafd6acb466d7350251052729e14a0ddcb4776cb6046c17e280ee55ad13b36ea5fd075f95df95aa73fba9cb794c8d1d23dff6752dbb5b307"], 0x44, 0x6fd, &(0x7f0000000940)="$eJzs3U1sHHfZAPBn1uuxN5XcbZO01atXitWICBpIbC8lQUIiVAj5UKFIXHpdEqexvHYj20VOhIgLFI5wQjn0UITMoSfUA1IRB0Q5IyFxRblH4h5xYNHMzq73w17vEn8k4feTZuc/M/+PZ57MzM7OxtoA/mctvhOT25HE4sW3t7Llhzu1xsOd2mq7HBFTEWlRuxQRyVpE8nnEtWhNcTpbWVRI9hvnzUeffXThwSe11lK5mPL6pWHtdjWHjLBdTDEbERPFfEzl/fq7EW8N9Hd/rK6TTtxZws63EwcnrTlge5zmI5y3wNPufsTE5B7rqxGnImK6dR9QvCu23rOfaWNd5QAAAODpNHFQhRcfx+PYipnjCQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeD0nrNwOTYiq1y7ORtH//Py3WZdL0hOMd7ssHbP/w1jEFAgAAAAAAAABH4tPii/tzj+NxbMVMe30zyb/zfz1fOJO/vhDvx0YsxXpciq2ox2ZsxnrMR0zOdHWYbtU3N9fnB1v+KrKWzWbzftFyISKqAy0X9gm0dMg7DgAAAAAAAADPpx/HYsycdBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAtiZhozfLpTLtcjVI5IqYjIs3qbUf8sV1+lv3ppAMAAACAo1cp5jPJv1uFZpJ/5n8l/9w/He/HWmzGcmxGI5biZv4soPWpv/S37Vrj4U5tNZsGO/7WP8eKI+8xIibig31GnstrnO20WIzvxPfiYszG9ViP5fhB1GMzlmI2KtlORD2SqFZaTy+q7Tj3jvdaz9L1/tjO9S2/lkdSiVuxnMd2KW6k0Xpsku9DNuZrXaP9Po3oG/GDLDvJNwsj5uhm17/XL4vnMoXmiyP2cTSq+Z5PdjIyl+W+yMZLw3M/5nHSP9J8lDrPoM7sjpIt9o/Uzvn3x8n5qdZsOnv5WW/OD9uYj9L6M7EQpeLoi3ilN+d3vvDg5d7GX/r7n6/fLq2t3L61cfEId+lJzB5UYbJd6M9ErSsTrw4/+opMNLJMbI+eicn+FdOjtjxaaZGN/FI04tXy23mpHq93HYLvxc1YiisxF/NxNebi67EQtc4Rlk1ne/Jarq325iQ/10qD17fKkODPf7Gr0s8PqHy8sry81JXX7itdNd9WrLn2i5jrOvpeHn70jf0ukI3/f0U5G+MnnXecp0FPJoprczu608Mz8etm9rrRWFtZv12/M+J4F4p5dtp+2Htt/s3oUfe/ux+G7HjJrrjlfCnPSaV9vGTbTnei7c1XWnzj0mpXGth2trOtGjOxHN/d90xNi3u4wZ5a217t3vaP3StnWtzftLf13OXEe9HI70L6HHipBuCYnXrjVFp5VPlr5ePKTyu3K29PvzV1der/05j8S/kPE78r/bb0jeSN+Dh+FDMnHSkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPNu7eW6k3GkvrnUJM96950kK671jDC1E6sM7OC6N1GNWI4WMlRSE93H1/FguV6FvT/oWlJ+3504gYUid94uCTsY+xsQtZHg6lw2azldR8TXNijObldqu965RjYzpW6kl5jzNuavcsiOpKvfGvZk/zSnSdMsBz7vLm6p3LG3fvfWV5tf7u0rtLawtXr1y9Uvva/Fcv31puLM21Xk86SuAobNy9N7HH6oFfugUAAAAAAAAAAACeHsX//t/8r/+YoXxAnXR9Y++Rzx33rgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPqMV3YnI7kpifuzSXLT/cqTWyqV3erVmOiFJEJD+MSD6PuBatKapd3SX7jfPmo88+uvDgk9puX+V2/dKwdqPZLqaYjYiJYn6wqT26GezvRmue9tQYS9LZwyxh59uJg5P2nwAAAP//ltf3AQ==") 1m8.309331014s ago: executing program 32 (id=266): socket$inet6(0xa, 0x3, 0x3c) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x122) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000640)=ANY=[@ANYBLOB="004e7f0ace1e38dbf63009e371585c7cb407e94976ce6e5e30d1c2876772ae2033d56404ad5524fbaf28ac9b201c4e176fdb72517995343fcec788dd128ac45b3e0f1ca43b35fc307199a01230ed374b06b25f66e60751df707108d4e1404da3c8bc5b499a866ba065610e18c48c1578a92069b5beefa2bd73e27d10c3fd39b41b0f1e802d49b46205fc1eaaefdfb9d71d9a658d8d588c8b38eef72a0c386b845c57e528fbc5a3728bff76b15b22e23fce78a46ec5f556d10db65dc93659cc1aebd985354cd4618b92e4987764e1aa83180adfc215fb1dc43c83137b5abab425303e0259662579df0b66d7ec3292a66b6c4bbbdcacb8063611900c7aa2c6aa103cabd98da200a88800f615e9588991268928a336b537f965606ac48cd231714277c3005e27cc9e173812ef705da78ba16d83404bd3874367ef3ebf7d7894bd372a64a351609b3f8707caf2239f685d62ba6b4559821d2eb84831770b1f308452acfcde68ed38e8d71409d382c29b69b31acde376e151336dafc0937f6eaa8512a3df538674087e16540cabd42445748858ec3d83e8df9d8fa6eff5b31fce1a447883bafd6acb466d7350251052729e14a0ddcb4776cb6046c17e280ee55ad13b36ea5fd075f95df95aa73fba9cb794c8d1d23dff6752dbb5b307"], 0x44, 0x6fd, &(0x7f0000000940)="$eJzs3U1sHHfZAPBn1uuxN5XcbZO01atXitWICBpIbC8lQUIiVAj5UKFIXHpdEqexvHYj20VOhIgLFI5wQjn0UITMoSfUA1IRB0Q5IyFxRblH4h5xYNHMzq73w17vEn8k4feTZuc/M/+PZ57MzM7OxtoA/mctvhOT25HE4sW3t7Llhzu1xsOd2mq7HBFTEWlRuxQRyVpE8nnEtWhNcTpbWVRI9hvnzUeffXThwSe11lK5mPL6pWHtdjWHjLBdTDEbERPFfEzl/fq7EW8N9Hd/rK6TTtxZws63EwcnrTlge5zmI5y3wNPufsTE5B7rqxGnImK6dR9QvCu23rOfaWNd5QAAAODpNHFQhRcfx+PYipnjCQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeD0nrNwOTYiq1y7ORtH//Py3WZdL0hOMd7ssHbP/w1jEFAgAAAAAAAABH4tPii/tzj+NxbMVMe30zyb/zfz1fOJO/vhDvx0YsxXpciq2ox2ZsxnrMR0zOdHWYbtU3N9fnB1v+KrKWzWbzftFyISKqAy0X9gm0dMg7DgAAAAAAAADPpx/HYsycdBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAtiZhozfLpTLtcjVI5IqYjIs3qbUf8sV1+lv3ppAMAAACAo1cp5jPJv1uFZpJ/5n8l/9w/He/HWmzGcmxGI5biZv4soPWpv/S37Vrj4U5tNZsGO/7WP8eKI+8xIibig31GnstrnO20WIzvxPfiYszG9ViP5fhB1GMzlmI2KtlORD2SqFZaTy+q7Tj3jvdaz9L1/tjO9S2/lkdSiVuxnMd2KW6k0Xpsku9DNuZrXaP9Po3oG/GDLDvJNwsj5uhm17/XL4vnMoXmiyP2cTSq+Z5PdjIyl+W+yMZLw3M/5nHSP9J8lDrPoM7sjpIt9o/Uzvn3x8n5qdZsOnv5WW/OD9uYj9L6M7EQpeLoi3ilN+d3vvDg5d7GX/r7n6/fLq2t3L61cfEId+lJzB5UYbJd6M9ErSsTrw4/+opMNLJMbI+eicn+FdOjtjxaaZGN/FI04tXy23mpHq93HYLvxc1YiisxF/NxNebi67EQtc4Rlk1ne/Jarq325iQ/10qD17fKkODPf7Gr0s8PqHy8sry81JXX7itdNd9WrLn2i5jrOvpeHn70jf0ukI3/f0U5G+MnnXecp0FPJoprczu608Mz8etm9rrRWFtZv12/M+J4F4p5dtp+2Htt/s3oUfe/ux+G7HjJrrjlfCnPSaV9vGTbTnei7c1XWnzj0mpXGth2trOtGjOxHN/d90xNi3u4wZ5a217t3vaP3StnWtzftLf13OXEe9HI70L6HHipBuCYnXrjVFp5VPlr5ePKTyu3K29PvzV1der/05j8S/kPE78r/bb0jeSN+Dh+FDMnHSkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPNu7eW6k3GkvrnUJM96950kK671jDC1E6sM7OC6N1GNWI4WMlRSE93H1/FguV6FvT/oWlJ+3504gYUid94uCTsY+xsQtZHg6lw2azldR8TXNijObldqu965RjYzpW6kl5jzNuavcsiOpKvfGvZk/zSnSdMsBz7vLm6p3LG3fvfWV5tf7u0rtLawtXr1y9Uvva/Fcv31puLM21Xk86SuAobNy9N7HH6oFfugUAAAAAAAAAAACeHsX//t/8r/+YoXxAnXR9Y++Rzx33rgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPqMV3YnI7kpifuzSXLT/cqTWyqV3erVmOiFJEJD+MSD6PuBatKapd3SX7jfPmo88+uvDgk9puX+V2/dKwdqPZLqaYjYiJYn6wqT26GezvRmue9tQYS9LZwyxh59uJg5P2nwAAAP//ltf3AQ==") 2.840069417s ago: executing program 0 (id=488): shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffc000/0x3000)=nil) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x8480, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xb, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdir(&(0x7f0000000300)='./bus\x00', 0x166) rmdir(&(0x7f0000000100)='./bus\x00') setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff) ioctl$RTC_PIE_OFF(r0, 0x7006) 2.487819753s ago: executing program 0 (id=493): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) fstatfs(0xffffffffffffffff, 0x0) 2.470973674s ago: executing program 4 (id=495): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000040)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="42010102"], 0x4) 2.296065247s ago: executing program 3 (id=497): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r2, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write(r2, &(0x7f0000000180)="a1", 0x1) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000002c0)={0x0, 0x0, 0x1, 'M'}, 0x9) 1.967319344s ago: executing program 4 (id=499): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0xa, &(0x7f0000000180)=ANY=[@ANYBLOB="186600000100000000000000ff7f0000850000005200000058440000060000000000000000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="000000000000000018420000faffffff0000000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x5, 0xa3, &(0x7f0000000340)=""/163, 0x41100, 0x18, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x2, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x0, 0x0, 0x11, 0x1}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000540)=[r0, r0, r0], &(0x7f0000000580)=[{0x4, 0x5, 0xb, 0x2}], 0x10, 0x6}, 0x94) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'tunl0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = memfd_secret(0x0) ftruncate(r2, 0x51a9497) r3 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$PIO_UNIMAPCLR(r3, 0x4b68, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = gettid() r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) read$ptp(r5, 0x0, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x4, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.967155563s ago: executing program 3 (id=500): open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1, 0x0, 0xff}, 0x18) setxattr$trusted_overlay_redirect(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) 1.791916516s ago: executing program 3 (id=502): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000280), 0x3, 0x4cd, &(0x7f0000002200)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/75) 1.60098747s ago: executing program 1 (id=503): syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0xfe, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x2, @loopback, @loopback}}}}}}, 0x0) 1.459952333s ago: executing program 0 (id=504): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 1.399994814s ago: executing program 1 (id=505): r0 = socket$inet(0x2, 0x803, 0x1) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000100)='\b', 0x1}, {0x0}], 0x2, &(0x7f00000001c0)=[@ip_tos_u8={{0x11, 0x0, 0x7}}], 0x18}, 0x84) 1.297869546s ago: executing program 1 (id=506): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) 1.259007887s ago: executing program 0 (id=507): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newtfilter={0x88, 0x2c, 0xe27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r4, {0xc, 0xc}, {}, {0x5, 0xf}}, [@TCA_RATE={0x5, 0x5, {0x9, 0x7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x50, 0x2, [@TCA_CGROUP_ACT={0x4c, 0x1, [@m_sample={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x7, 0x81, 0x8, 0xfff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x88}}, 0x20040054) 1.115932449s ago: executing program 3 (id=508): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40050) 873.572604ms ago: executing program 1 (id=509): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10) r0 = syz_open_dev$usbfs(&(0x7f0000000200), 0x76, 0x103901) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000080)=@usbdevfs_disconnect={0x5}) 776.357936ms ago: executing program 4 (id=510): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000012c0)='sys_enter\x00', r1}, 0x10) set_robust_list(&(0x7f0000001300)={0x0, 0x5}, 0x18) 664.115678ms ago: executing program 3 (id=511): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c) 663.824328ms ago: executing program 1 (id=512): ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)=0x0) capset(&(0x7f0000000240)={0x20080522, r0}, &(0x7f0000000280)={0xfff, 0x1, 0x3, 0x3, 0x3, 0x9}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b700000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x14, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47d0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10) r3 = epoll_create1(0x0) r4 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0xa000000d}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000080000085000000060000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x7fff}, 0x18) r6 = socket$kcm(0x29, 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socket(0x10, 0x3, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000002c0), 0x8) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x80]}, 0x8, 0x1800) 548.05803ms ago: executing program 0 (id=513): bpf$PROG_LOAD(0x5, 0x0, 0xff08) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast}) 496.108051ms ago: executing program 4 (id=514): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000100)='\b', 0x1}, {0x0}], 0x2, &(0x7f00000001c0)=[@ip_tos_u8={{0x11, 0x0, 0x7}}], 0x18}, 0x84) 259.886146ms ago: executing program 1 (id=515): syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d65656b416d6f64653d3078303030303010303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESHEX], 0xfe, 0x677, &(0x7f0000000c00)="$eJzs3UtvG9fdx/HfUNT1AYwHbREYhmOd2A0goy5NUrECwV2UHQ6lSUkOMUMV0ipwYykwTDmt7QK1Nqk2vQDtG+gumyz6Igp0nXXfQJcFgnZXoBsWc+NFnBFp3ew234+Q8HDOf+b85+I5GpFzRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJZdL5crlppue2fX5LPrvtc6pT5e2rzuxoW7U9uVrPA/LS3pejzp+neG1e+E/7utm/G7m1oKX5Z09H/v/P/DbxcL6fynJHQWet0Fvnh19PRRr7f//Gyt9a2zzHcpJjJRYYa5tpy2G3huq7blGDfwzObGRvn+diMwDbfpBHtB12kZ23cKXc83a/ZdU9ncXDdOac/baW/Va00nnfjh96vl8ob5aDHZ/fc/KgX2tttsuu2tKCasDmMWB0eIU2sZc/Ckt78+LckwqDJLUHVaULVcrVYq1Wpl48Hmgw/L5eLEhPIJmogYHrRvz87HVbqgMzdwfoWw//+bJTW1pLZ2tCuT+WOrLl+eWjn1ibT/f/++c2q7o/1/2stfH1bfUNT/34rf3crr/3NyMTLRDFk1Vs70s/280Csd6akeqaee9vX8Ypa7enEZXu7PllSUXAXy5KqlmrbkyCRTjDa1oQ2V9bG21VAgo4ZcNeUo0J4CdeWoFe0TX45q6sqTL6M12boro4o2tal1GTkqaU+edtTWluqq6V/9fv9AT6Ltvn5KjkqDKrMEFQfH4GRQXv//08/jOV6v/8f/nsGxM0MM8Mb1k+v/fHNZE1cvLyMAAAAAAHDRrOiv71b02f27kvpquE2n/KbTAgAAAAAAFyj65P9m+DIflt6VlXP937/63AAAAAAAwMWwonvsLEkr0Zf6reGdULN8CSDz5gAAAAAAAPB2iT7/v7Ug9aOh1VZlvdb1PwAAAAAA+C/w25Ex9ovpGLv99GP9gqSgs2j9+R+L8uet487ud63DWlhTO0xiJr4B0G3csIqKB+qNxutdkBS9s52bVjI+cDIIphUP7Ct9fTBtrH/LP5HAwlz654uMBK4djSSwUUze6fd6L455L2n38VFBUU3cykrDbTol22s+rKhWu1boOrvdXzx78kvJH6znwZPefumTz3qPo1yOw0nHh2Een4+lU5iWy8tovIXonousNV5WI23yd+3WihW1W07Xf061w8JoQ7Ot/691O465vRK/rhyle0DWr5JCpRTtsuHaR6NDWMMsKifXPGtH5GSxFGVxJ465s3Ynfknzi/fC0vfmpGppch/4o1lUR7OYvi2sf05siylZhMfCepjFX8IF5WSx/npZTOwRAHhTDoa9UDSI+eQY+yf73Yyz3HLymnuWm967/3C8lZd/7Mc3HM5JRfUXk+6ln9+vKDyjr8VhC/Eo7sUbGWf0ctKvLCnnjF4+R+8WtvWn4TOQkqfVJDXFQRb/7vf7DytRu3840at+Ec7wRW67QbM6F27C+y8PfxYNgB/6dP/T/WfV6vpG+YNy+UFV89FqJC/0PQCADNOfsTMesTTszwZ99weDq+rHf38/Lo31u98afKWgpE/0mXp6rHvpIwRWs9tdGfkawr3Jq9YwNvqtYzy2onu5V3VRXzoSWx3EziudZfz3hWHs+mXvBgAArtTtKf3wyf4/69r9XnrdvXYj87p7vC8/+YTgvNjKFW8JAAC+ORz/a2ul+xvL993Ox5XNzUqtu+0Y37N/bHy3vuUYt911fHu71t5yTMf3up7tNU3H16JbdwIT7HQ6nt81Dc83HS9wd6Mnv5vk0e+B06q1u64ddJpOLXCM7bW7Nbtr6m5gm87Oj5pusO340cxBx7HdhmvXuq7XNoG3LNspGRM4zkigW3faXbfhhsW26fhuq+bvmZ94zZ2WY+pOYPtup+vFC0zbctsNz29Fiy2pf9qDDgEA+MZ48ero6aNeb//5KYVjxYX0+2hJ1VcZwQtZC3zDqwgAAE6glwYAAAAAAAAAAAAAAAAAAAAA4O03y/1/pxbSmwLTKfPKCJYGU35+baYlWxpO+fKv58rwDIXCySnJSLv96bN/FReKWTHLYWFBUi/d/KMxx1MTm8uYK6+wOtOaKi4UL34bLktZR8KlFX5wMH4cTsSElZlVi4OtWjz/P4eswrMvc6qmH1GL49tw4bQVHC8UJT1fOMcuuNrzEICr958AAAD//7gMOck=") mmap(&(0x7f00002e9000/0x3000)=nil, 0x3000, 0x3000003, 0x4031, 0xffffffffffffffff, 0xb6f8000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80680, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00'}, 0x10) r1 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0) sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4) socket$unix(0x1, 0x5, 0x0) socket(0x400000000010, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r6}, 0x18) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r3, @ANYBLOB="a9f496fc5cfd7094faf8b3eb8d01803ee43d0529119e349ee156d14a786e432a83dc54d2b821f2cd9a91809e5793c78f7d3d8a4cca7371599ce68905f036f04190e69b88f635dd8e751fd9b5288e"], 0x44}, 0x1, 0x0, 0x0, 0x40850}, 0x0) mlockall(0x7) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r9, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000bc0000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x2}, 0x94) 259.585435ms ago: executing program 3 (id=516): sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000425bd70000400000055000000"], 0x14}, 0x1, 0x0, 0x0, 0x240440d1}, 0x10000) r0 = syz_usb_connect(0x3, 0x1c, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000240), 0x0, 0x0, 0x0) lchown(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x7}, 0x18) r5 = gettid() sendmsg$unix(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYRES8, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYRES64=r0, @ANYRES32=r1, @ANYBLOB="0000000018"], 0xa0}, 0x4004881) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x2, {0x3}}, 0x18) write$evdev(0xffffffffffffffff, &(0x7f0000000040), 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r6) pipe(&(0x7f0000000040)) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r9, 0x0, 0x8000000000000}, 0x18) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@block_validity}]}, 0x0, 0x46c, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYuiIKIo6KEeY7ItodtGmii2FpuKeBKkoGfxKPoXeBNB1JPg1ZMnKRTtpa2nyMzOpJttNrFmk4nd3w82+74z7+48T+br3ffdDaBrDWV/kogdEfFbRAw0qksbDDWerl05N3n9yrnJJBYWXv8zydtdvXJusmxavm57URlOI9KPkmIjS82eOXtiol6vnS7qo3Mn3x6dPXP2iXdPThyvHa+dGj9y5PChsaefGn+yI3lmeV3d98HM/r0vvnnxlcmjF9/66Zss3h3F+uY8OmUoS/yvhVzrukc7vbGK7WwqJ70VBsIt6YmIbHf15ef/QPTEjZ03EC98WGlwwLrK7k1b2q+eXwBuY0lUHQFQjfJGn33+LR8b1PXYFC4/2/gAlOV9rXg01vRGWrTpa/l820lDEXF0/u8vskes0zgEAECzTyY/fzl7fv/61y9lfY+BxTVp3JM//57/3VXMoQxGxJ0RsTsi7oqIPRFxd0Te9t6IuG+N8dzc/0kvrfEtV5T1/54p5raW9v/K3l8M9hS1nXn+fcmx6XrtYPE/GY6+LVl9bIVtfPf8r5+2W9fc/8se2fbLvmARx6XelgG6qYm5ibxT2gGXL0Ts610u/2RxJiCJiL0Rse/W3npXWZh+7Kv97Rqtnv8KOjDPtPBllt58lv98tORfSprnJ6dvmp8c3Rr12sHR8qi42c+/fPxau+2vKf8OuFxrPDft/9Ymg0nzfO1sZ7f/H4//tD95I59n7i+WvTcxN3d6LKI/yS9nS5eP33htWS/bZ8f/8IHlz//dxWuy/O+PiOwgfiAiHoyIh4rYH46IRyLiwAo5/vjc6vlHWtH+vxAxtez1b/H4b9n/t17oOfHDt+22/+/2/+G8NFwsya9/q1gunOxy0RrgWv53AAAA8H+R5t+BT9KRxXKajow0vsO/J+5I6zOzc48fm3nn1FTju/KD0ZeWI10DxXhofbpeG0vmi3dsjI+OF2PF5XjpoWLc+LOebXl9ZHKmPlVx7tDttrc5/zN/9FQdHbDOti27dLx/wwMBKtA6j54urZ5/NVwM4Hbl99rQvVY5/9ONigPYeO7/0L2WO//Pt9TNBcDtyf0fupfzH7pU+n3VEQAVcv+HrrSW3/WvY2Hr5gijmsJm3Sl5IaIspJsiHoV1KlR9ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiMfwIAAP//2wzmew==") 254.826316ms ago: executing program 4 (id=517): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000080)=r1}, 0x20) r2 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000340)=ANY=[@ANYBLOB="000202"], 0x18) 225.558136ms ago: executing program 0 (id=518): socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) read(r1, &(0x7f00000019c0)=""/4097, 0x1001) 0s ago: executing program 4 (id=519): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x800000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000300)='stack\x00') pread64(r3, &(0x7f00000002c0)=""/19, 0x13, 0x4) kernel console output (not intermixed with test programs): 0 R09: 0000000000000000 [ 137.831204][ T6382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.839212][ T6382] R13: 00007f7fcb1d6128 R14: 00007f7fcb1d6090 R15: 00007ffdd8963fc8 [ 137.847235][ T6382] [ 137.850756][ T6382] ERROR: Out of memory at tomoyo_realpath_from_path. [ 138.470558][ T6386] loop3: detected capacity change from 0 to 64 [ 139.372536][ T6388] loop2: detected capacity change from 0 to 40427 [ 139.415016][ T6388] F2FS-fs (loop2): invalid crc value [ 139.429001][ T6386] MINIX-fs: bad superblock or unable to read bitmaps [ 139.440970][ T6388] F2FS-fs (loop2): Found nat_bits in checkpoint [ 139.670356][ T6388] F2FS-fs (loop2): Start checkpoint disabled! [ 139.832112][ T6388] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 140.252051][ T5845] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 140.641443][ T374] kworker/u4:5: attempt to access beyond end of device [ 140.641443][ T374] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 140.762192][ T5845] usb 4-1: Using ep0 maxpacket: 8 [ 140.783798][ T374] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 140.790906][ T374] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 140.816998][ T5845] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.834318][ T5845] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.844983][ T5845] usb 4-1: New USB device found, idVendor=056a, idProduct=0304, bcdDevice= 0.00 [ 140.860930][ T6397] bridge: RTM_NEWNEIGH with invalid ether address [ 140.867511][ T5845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.893078][ T5845] usb 4-1: config 0 descriptor?? [ 140.982908][ T1118] kworker/u4:6: attempt to access beyond end of device [ 140.982908][ T1118] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 141.035500][ T1118] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 141.066653][ T1118] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 141.136811][ T6399] loop1: detected capacity change from 0 to 16 [ 141.196982][ T6399] erofs: (device loop1): erofs_read_inode: bogus i_mode (0) @ nid 18446744073575399424 [ 141.339517][ T5845] wacom 0003:056A:0304.0001: unbalanced delimiter at end of report description [ 141.388550][ T5845] wacom 0003:056A:0304.0001: parse failed [ 141.395845][ T5845] wacom: probe of 0003:056A:0304.0001 failed with error -22 [ 141.557591][ T5845] usb 4-1: USB disconnect, device number 4 [ 142.002491][ T5881] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 142.494451][ T5881] usb 1-1: device descriptor read/64, error -71 [ 142.507686][ T6411] FAULT_INJECTION: forcing a failure. [ 142.507686][ T6411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.526183][ T6411] CPU: 1 PID: 6411 Comm: syz.2.140 Not tainted syzkaller #0 [ 142.533617][ T6411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 142.543704][ T6411] Call Trace: [ 142.547034][ T6411] [ 142.550002][ T6411] dump_stack_lvl+0x16c/0x230 [ 142.554727][ T6411] ? show_regs_print_info+0x20/0x20 [ 142.559966][ T6411] ? load_image+0x3b0/0x3b0 [ 142.564503][ T6411] ? __might_fault+0xaa/0x120 [ 142.569235][ T6411] ? __lock_acquire+0x7c80/0x7c80 [ 142.574302][ T6411] should_fail_ex+0x39d/0x4d0 [ 142.579035][ T6411] _copy_from_user+0x2f/0xe0 [ 142.579063][ T6411] ___sys_sendmsg+0x159/0x290 [ 142.579092][ T6411] ? __sys_sendmsg+0x270/0x270 [ 142.579136][ T6411] ? __lock_acquire+0x7c80/0x7c80 [ 142.598418][ T6411] __se_sys_sendmsg+0x1a5/0x270 [ 142.603293][ T6411] ? __x64_sys_sendmsg+0x80/0x80 [ 142.608257][ T6411] ? lockdep_hardirqs_on+0x98/0x150 [ 142.613477][ T6411] do_syscall_64+0x55/0xb0 [ 142.617909][ T6411] ? clear_bhb_loop+0x40/0x90 [ 142.622597][ T6411] ? clear_bhb_loop+0x40/0x90 [ 142.627284][ T6411] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 142.633203][ T6411] RIP: 0033:0x7fea1318eba9 [ 142.637656][ T6411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.657287][ T6411] RSP: 002b:00007fea14055038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.665717][ T6411] RAX: ffffffffffffffda RBX: 00007fea133d5fa0 RCX: 00007fea1318eba9 [ 142.673702][ T6411] RDX: 00000000040040c4 RSI: 0000200000000000 RDI: 0000000000000005 [ 142.681685][ T6411] RBP: 00007fea14055090 R08: 0000000000000000 R09: 0000000000000000 [ 142.689666][ T6411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.697647][ T6411] R13: 00007fea133d6038 R14: 00007fea133d5fa0 R15: 00007ffc9c0688d8 [ 142.705648][ T6411] [ 143.073382][ T6413] loop3: detected capacity change from 0 to 40427 [ 143.109084][ T6413] F2FS-fs (loop3): invalid crc value [ 143.117415][ T6413] F2FS-fs (loop3): Found nat_bits in checkpoint [ 143.153438][ T5881] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 143.174552][ T6413] F2FS-fs (loop3): Start checkpoint disabled! [ 143.187323][ T6413] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 143.213102][ T6195] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 143.344978][ T5881] usb 1-1: device descriptor read/64, error -71 [ 143.502250][ T5881] usb usb1-port1: attempt power cycle [ 144.360578][ T6195] usb 2-1: config 25 has too many interfaces: 181, using maximum allowed: 32 [ 144.402630][ T6195] usb 2-1: config 25 has an invalid descriptor of length 0, skipping remainder of the config [ 144.498188][ T6195] usb 2-1: config 25 has 0 interfaces, different from the descriptor's value: 181 [ 144.649549][ T6195] usb 2-1: New USB device found, idVendor=046d, idProduct=a2fd, bcdDevice=5e.26 [ 144.772172][ T6195] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.193569][ T6430] FAULT_INJECTION: forcing a failure. [ 145.193569][ T6430] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.218209][ T6430] CPU: 0 PID: 6430 Comm: syz.0.148 Not tainted syzkaller #0 [ 145.225566][ T6430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 145.235634][ T6430] Call Trace: [ 145.238926][ T6430] [ 145.241870][ T6430] dump_stack_lvl+0x16c/0x230 [ 145.246576][ T6430] ? asm_sysvec_call_function_single+0x1a/0x20 [ 145.252744][ T6430] ? show_regs_print_info+0x20/0x20 [ 145.257954][ T6430] ? asm_sysvec_call_function_single+0x1a/0x20 [ 145.264140][ T6430] should_fail_ex+0x39d/0x4d0 [ 145.268830][ T6430] _copy_from_user+0x2f/0xe0 [ 145.273435][ T6430] __se_sys_io_uring_setup+0x139/0x250 [ 145.278902][ T6430] ? __x64_sys_io_uring_setup+0x60/0x60 [ 145.284502][ T6430] ? lockdep_hardirqs_on+0x98/0x150 [ 145.289714][ T6430] do_syscall_64+0x55/0xb0 [ 145.294141][ T6430] ? clear_bhb_loop+0x40/0x90 [ 145.298840][ T6430] ? clear_bhb_loop+0x40/0x90 [ 145.303535][ T6430] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 145.309456][ T6430] RIP: 0033:0x7f7fcaf8eba9 [ 145.313916][ T6430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.333548][ T6430] RSP: 002b:00007f7fcbea0fc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 145.341984][ T6430] RAX: ffffffffffffffda RBX: 00007f7fcb1d6090 RCX: 00007f7fcaf8eba9 [ 145.349999][ T6430] RDX: 0000200000001040 RSI: 0000200000000140 RDI: 000000000000010d [ 145.357980][ T6430] RBP: 0000200000000140 R08: 0000000000000000 R09: 0000200000001040 [ 145.365967][ T6430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.373949][ T6430] R13: 0000200000001200 R14: 000000000000010d R15: 0000200000001040 [ 145.381950][ T6430] [ 145.917759][ T6432] bridge: RTM_NEWNEIGH with invalid ether address [ 146.234436][ T374] kworker/u4:5: attempt to access beyond end of device [ 146.234436][ T374] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 146.308210][ T374] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 146.340025][ T374] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 146.374326][ T374] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 146.603598][ T6439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.706155][ T6439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.745169][ T6439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.745563][ T6439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.832123][ T5881] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 146.847596][ T6444] loop0: detected capacity change from 0 to 1024 [ 147.013160][ T6444] FAULT_INJECTION: forcing a failure. [ 147.013160][ T6444] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 147.013306][ T6444] CPU: 0 PID: 6444 Comm: syz.0.153 Not tainted syzkaller #0 [ 147.013327][ T6444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 147.013338][ T6444] Call Trace: [ 147.013346][ T6444] [ 147.013355][ T6444] dump_stack_lvl+0x16c/0x230 [ 147.013388][ T6444] ? show_regs_print_info+0x20/0x20 [ 147.013412][ T6444] ? load_image+0x3b0/0x3b0 [ 147.013432][ T6444] ? __lock_acquire+0x7c80/0x7c80 [ 147.013450][ T6444] ? snprintf+0xdb/0x120 [ 147.013465][ T6444] should_fail_ex+0x39d/0x4d0 [ 147.013488][ T6444] _copy_to_user+0x2f/0xa0 [ 147.013505][ T6444] simple_read_from_buffer+0xe7/0x150 [ 147.013530][ T6444] proc_fail_nth_read+0x1e3/0x250 [ 147.013551][ T6444] ? proc_fault_inject_write+0x340/0x340 [ 147.013572][ T6444] ? fsnotify_perm+0x271/0x5e0 [ 147.013593][ T6444] ? proc_fault_inject_write+0x340/0x340 [ 147.013611][ T6444] vfs_read+0x27e/0x920 [ 147.013633][ T6444] ? kernel_read+0x1e0/0x1e0 [ 147.013652][ T6444] ? __fget_files+0x28/0x4d0 [ 147.013670][ T6444] ? __fget_files+0x44a/0x4d0 [ 147.013694][ T6444] ? __fdget_pos+0x2a3/0x330 [ 147.013710][ T6444] ? ksys_read+0x75/0x250 [ 147.013729][ T6444] ksys_read+0x147/0x250 [ 147.013749][ T6444] ? vfs_write+0x940/0x940 [ 147.013769][ T6444] ? lockdep_hardirqs_on+0x98/0x150 [ 147.013793][ T6444] do_syscall_64+0x55/0xb0 [ 147.013811][ T6444] ? clear_bhb_loop+0x40/0x90 [ 147.013825][ T6444] ? clear_bhb_loop+0x40/0x90 [ 147.013840][ T6444] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 147.013863][ T6444] RIP: 0033:0x7f7fcaf8d5bc [ 147.013876][ T6444] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 147.013887][ T6444] RSP: 002b:00007f7fcbea1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 147.013903][ T6444] RAX: ffffffffffffffda RBX: 00007f7fcb1d6090 RCX: 00007f7fcaf8d5bc [ 147.013914][ T6444] RDX: 000000000000000f RSI: 00007f7fcbea10a0 RDI: 0000000000000008 [ 147.013922][ T6444] RBP: 00007f7fcbea1090 R08: 0000000000000000 R09: 0000000000000000 [ 147.013931][ T6444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.013939][ T6444] R13: 00007f7fcb1d6128 R14: 00007f7fcb1d6090 R15: 00007ffdd8963fc8 [ 147.013961][ T6444] [ 147.783195][ T5881] usb 3-1: config 0 has an invalid interface number: 197 but max is 0 [ 148.039424][ T5881] usb 3-1: config 0 has an invalid interface number: 255 but max is 0 [ 148.050074][ T1118] hfsplus: b-tree write err: -5, ino 4 [ 148.161270][ T5881] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 148.187310][ T5881] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 148.198243][ T8] usb 2-1: USB disconnect, device number 5 [ 148.228860][ T5881] usb 3-1: config 0 has no interface number 0 [ 148.237497][ T5881] usb 3-1: config 0 has no interface number 1 [ 148.280662][ T5881] usb 3-1: config 0 interface 197 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8 [ 148.320287][ T5881] usb 3-1: config 0 interface 197 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 148.384258][ T5881] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 148.444913][ T8] kernel write not supported for file /107/loginuid (pid: 8 comm: kworker/0:0) [ 148.473040][ T5881] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 148.620504][ T6454] loop0: detected capacity change from 0 to 64 [ 148.759147][ T6454] MINIX-fs: bad superblock or unable to read bitmaps [ 148.837384][ T5881] usb 3-1: config 0 interface 255 has no altsetting 0 [ 149.145332][ T5881] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42 [ 149.242007][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.275349][ T5881] usb 3-1: Product: syz [ 149.307873][ T5881] usb 3-1: Manufacturer: syz [ 149.314216][ T5881] usb 3-1: SerialNumber: syz [ 149.329022][ T5881] usb 3-1: config 0 descriptor?? [ 149.346594][ T6438] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 149.371562][ T5881] usb 3-1: can't set config #0, error -71 [ 149.973308][ T5881] usb 3-1: USB disconnect, device number 8 [ 150.196083][ T6463] loop3: detected capacity change from 0 to 2048 [ 150.204788][ T6467] bridge: RTM_NEWNEIGH with invalid ether address [ 150.301757][ T6463] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.344865][ T6472] FAULT_INJECTION: forcing a failure. [ 150.344865][ T6472] name fail_futex, interval 1, probability 0, space 0, times 1 [ 150.415828][ T6472] CPU: 1 PID: 6472 Comm: syz.1.161 Not tainted syzkaller #0 [ 150.423190][ T6472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 150.433283][ T6472] Call Trace: [ 150.436596][ T6472] [ 150.439556][ T6472] dump_stack_lvl+0x16c/0x230 [ 150.444276][ T6472] ? file_end_write+0x159/0x250 [ 150.449168][ T6472] ? show_regs_print_info+0x20/0x20 [ 150.454415][ T6472] ? load_image+0x3b0/0x3b0 [ 150.458966][ T6472] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 150.464673][ T6472] ? mutex_unlock+0x10/0x10 [ 150.469229][ T6472] should_fail_ex+0x39d/0x4d0 [ 150.473959][ T6472] __se_sys_futex+0x171/0x3f0 [ 150.478679][ T6472] ? __x64_sys_futex+0xf0/0xf0 [ 150.483490][ T6472] ? __x64_sys_futex+0x21/0xf0 [ 150.488297][ T6472] do_syscall_64+0x55/0xb0 [ 150.492759][ T6472] ? clear_bhb_loop+0x40/0x90 [ 150.497490][ T6472] ? clear_bhb_loop+0x40/0x90 [ 150.502211][ T6472] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 150.508155][ T6472] RIP: 0033:0x7fead7f8eba9 [ 150.512614][ T6472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.532270][ T6472] RSP: 002b:00007fead8d70038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 150.540709][ T6472] RAX: ffffffffffffffda RBX: 00007fead81d5fa0 RCX: 00007fead7f8eba9 [ 150.548707][ T6472] RDX: 0000000000000002 RSI: 000000000000000b RDI: 00002000000002c0 [ 150.556705][ T6472] RBP: 00007fead8d70090 R08: 00002000000004c0 R09: 0000000000000002 [ 150.564703][ T6472] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 150.572702][ T6472] R13: 00007fead81d6038 R14: 00007fead81d5fa0 R15: 00007fff05bd7658 [ 150.580702][ T6472] [ 151.257296][ T6473] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 151.841639][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.505686][ T6494] loop3: detected capacity change from 0 to 64 [ 152.631452][ T6494] MINIX-fs: bad superblock or unable to read bitmaps [ 153.438716][ T6495] sched: RT throttling activated [ 153.693061][ T6501] program syz.2.169 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.366458][ T6503] bridge: RTM_NEWNEIGH with invalid ether address [ 154.540276][ T6506] FAULT_INJECTION: forcing a failure. [ 154.540276][ T6506] name failslab, interval 1, probability 0, space 0, times 0 [ 154.554283][ T6506] CPU: 0 PID: 6506 Comm: syz.0.172 Not tainted syzkaller #0 [ 154.561606][ T6506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 154.571675][ T6506] Call Trace: [ 154.574969][ T6506] [ 154.577908][ T6506] dump_stack_lvl+0x16c/0x230 [ 154.582606][ T6506] ? show_regs_print_info+0x20/0x20 [ 154.587817][ T6506] ? load_image+0x3b0/0x3b0 [ 154.592330][ T6506] ? __might_sleep+0xe0/0xe0 [ 154.596935][ T6506] ? __lock_acquire+0x7c80/0x7c80 [ 154.601977][ T6506] should_fail_ex+0x39d/0x4d0 [ 154.606709][ T6506] should_failslab+0x9/0x20 [ 154.611229][ T6506] slab_pre_alloc_hook+0x59/0x310 [ 154.616285][ T6506] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 154.622041][ T6506] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 154.627772][ T6506] __kmem_cache_alloc_node+0x53/0x260 [ 154.633162][ T6506] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 154.638902][ T6506] __kmalloc+0xa4/0x240 [ 154.643077][ T6506] tomoyo_realpath_from_path+0xe3/0x5d0 [ 154.648652][ T6506] tomoyo_path_number_perm+0x1ea/0x590 [ 154.654130][ T6506] ? tomoyo_path_number_perm+0x1ba/0x590 [ 154.659779][ T6506] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 154.665255][ T6506] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 154.671286][ T6506] ? asm_sysvec_call_function_single+0x1a/0x20 [ 154.677463][ T6506] security_file_ioctl+0x70/0xa0 [ 154.682423][ T6506] __se_sys_ioctl+0x48/0x170 [ 154.687035][ T6506] do_syscall_64+0x55/0xb0 [ 154.691476][ T6506] ? clear_bhb_loop+0x40/0x90 [ 154.696163][ T6506] ? clear_bhb_loop+0x40/0x90 [ 154.700850][ T6506] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 154.706761][ T6506] RIP: 0033:0x7f7fcaf8eba9 [ 154.711188][ T6506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.730804][ T6506] RSP: 002b:00007f7fcbea1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 154.739236][ T6506] RAX: ffffffffffffffda RBX: 00007f7fcb1d6090 RCX: 00007f7fcaf8eba9 [ 154.747211][ T6506] RDX: 00002000000002c0 RSI: 0000000000000001 RDI: 0000000000000004 [ 154.755204][ T6506] RBP: 00007f7fcbea1090 R08: 0000000000000000 R09: 0000000000000000 [ 154.763186][ T6506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.771168][ T6506] R13: 00007f7fcb1d6128 R14: 00007f7fcb1d6090 R15: 00007ffdd8963fc8 [ 154.779167][ T6506] [ 154.786785][ T6506] ERROR: Out of memory at tomoyo_realpath_from_path. [ 154.800353][ T6506] program syz.0.172 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 155.505176][ T6511] program syz.2.174 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 156.820052][ T6518] FAULT_INJECTION: forcing a failure. [ 156.820052][ T6518] name failslab, interval 1, probability 0, space 0, times 0 [ 156.833089][ T6518] CPU: 0 PID: 6518 Comm: syz.1.176 Not tainted syzkaller #0 [ 156.840403][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 156.850467][ T6518] Call Trace: [ 156.853757][ T6518] [ 156.856695][ T6518] dump_stack_lvl+0x16c/0x230 [ 156.861386][ T6518] ? show_regs_print_info+0x20/0x20 [ 156.866613][ T6518] ? load_image+0x3b0/0x3b0 [ 156.871152][ T6518] ? __might_sleep+0xe0/0xe0 [ 156.875779][ T6518] ? __lock_acquire+0x7c80/0x7c80 [ 156.880857][ T6518] should_fail_ex+0x39d/0x4d0 [ 156.885582][ T6518] should_failslab+0x9/0x20 [ 156.890126][ T6518] slab_pre_alloc_hook+0x59/0x310 [ 156.895188][ T6518] kmem_cache_alloc+0x5a/0x2e0 [ 156.899961][ T6518] ? getname_flags+0xbb/0x500 [ 156.904660][ T6518] getname_flags+0xbb/0x500 [ 156.909194][ T6518] do_sys_openat2+0xcb/0x1c0 [ 156.913793][ T6518] ? do_sys_open+0xe0/0xe0 [ 156.918207][ T6518] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 156.924190][ T6518] ? lock_chain_count+0x20/0x20 [ 156.929039][ T6518] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 156.935022][ T6518] __x64_sys_openat+0x139/0x160 [ 156.939896][ T6518] do_syscall_64+0x55/0xb0 [ 156.944315][ T6518] ? clear_bhb_loop+0x40/0x90 [ 156.949014][ T6518] ? clear_bhb_loop+0x40/0x90 [ 156.953704][ T6518] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 156.959645][ T6518] RIP: 0033:0x7fead7f8d510 [ 156.964071][ T6518] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 156.983684][ T6518] RSP: 002b:00007fead8d4eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 156.992126][ T6518] RAX: ffffffffffffffda RBX: 0000000000101301 RCX: 00007fead7f8d510 [ 157.000115][ T6518] RDX: 0000000000101301 RSI: 00007fead8d4ec10 RDI: 00000000ffffff9c [ 157.008090][ T6518] RBP: 00007fead8d4ec10 R08: 0000000000000000 R09: 0000000000000000 [ 157.016069][ T6518] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd [ 157.024055][ T6518] R13: 00007fead81d6128 R14: 00007fead81d6090 R15: 00007fff05bd7658 [ 157.032063][ T6518] [ 157.411616][ T6519] loop2: detected capacity change from 0 to 4096 [ 157.434264][ T6519] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 157.543668][ T6519] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 157.817735][ T6508] loop3: detected capacity change from 0 to 32768 [ 157.951850][ T6529] loop1: detected capacity change from 0 to 64 [ 158.029155][ T6529] MINIX-fs: bad superblock or unable to read bitmaps [ 158.484703][ T6508] read_mapping_page failed! [ 158.523148][ T6508] diRead: read_metapage failed [ 159.444097][ T6544] loop1: detected capacity change from 0 to 16 [ 159.503527][ T6544] erofs: (device loop1): mounted with root inode @ nid 36. [ 159.536550][ T6546] netlink: 'syz.0.183': attribute type 5 has an invalid length. [ 159.572434][ T6546] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.183'. [ 159.646920][ T6544] erofs: (device loop1): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 159.684855][ T6544] erofs: (device loop1): z_erofs_readahead: readahead error at folio 9 @ nid 36 [ 159.712533][ T6535] binder: BINDER_SET_CONTEXT_MGR already set [ 159.762220][ T6544] erofs: (device loop1): z_erofs_readahead: readahead error at folio 8 @ nid 36 [ 159.786419][ T6535] binder: 6532:6535 ioctl 4018620d 200000004a80 returned -16 [ 159.820268][ T6544] erofs: (device loop1): z_erofs_readahead: readahead error at folio 6 @ nid 36 [ 159.835176][ T6544] erofs: (device loop1): z_erofs_readahead: readahead error at folio 4 @ nid 36 [ 159.876405][ T6544] syz.1.185: attempt to access beyond end of device [ 159.876405][ T6544] loop1: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 159.880824][ T6550] loop2: detected capacity change from 0 to 16 [ 159.932524][ T6544] syz.1.185: attempt to access beyond end of device [ 159.932524][ T6544] loop1: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 159.955084][ T6550] erofs: (device loop2): mounted with root inode @ nid 36. [ 159.963433][ T6544] syz.1.185: attempt to access beyond end of device [ 159.963433][ T6544] loop1: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 159.978092][ T6544] syz.1.185: attempt to access beyond end of device [ 159.978092][ T6544] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 159.993048][ T6544] syz.1.185: attempt to access beyond end of device [ 159.993048][ T6544] loop1: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 160.008504][ T6552] loop3: detected capacity change from 0 to 128 [ 160.047778][ T6552] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 160.079375][ T6554] loop0: detected capacity change from 0 to 128 [ 160.100391][ T6554] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 160.131531][ T6552] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 160.177447][ T6554] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 160.210586][ T6552] ext4 filesystem being mounted at /44/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 160.251017][ T6554] ext4 filesystem being mounted at /52/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 160.320690][ T6195] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 160.562183][ T6195] usb 3-1: Using ep0 maxpacket: 32 [ 160.580620][ T6195] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 160.598863][ T6563] FAULT_INJECTION: forcing a failure. [ 160.598863][ T6563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.610071][ T6195] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 160.613191][ T6563] CPU: 0 PID: 6563 Comm: syz.0.188 Not tainted syzkaller #0 [ 160.621264][ T6195] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 160.628313][ T6563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 160.628329][ T6563] Call Trace: [ 160.628337][ T6563] [ 160.628345][ T6563] dump_stack_lvl+0x16c/0x230 [ 160.628378][ T6563] ? show_regs_print_info+0x20/0x20 [ 160.628401][ T6563] ? load_image+0x3b0/0x3b0 [ 160.628423][ T6563] ? __lock_acquire+0x7c80/0x7c80 [ 160.628451][ T6563] should_fail_ex+0x39d/0x4d0 [ 160.628481][ T6563] strncpy_from_user+0x36/0x2e0 [ 160.628516][ T6563] path_setxattr+0xf3/0x550 [ 160.686310][ T6563] ? vfs_write+0x586/0x940 [ 160.690779][ T6563] ? simple_xattrs_free+0x150/0x150 [ 160.696037][ T6563] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 160.702038][ T6563] ? lock_chain_count+0x20/0x20 [ 160.706914][ T6563] __x64_sys_setxattr+0xbb/0xd0 [ 160.711774][ T6563] do_syscall_64+0x55/0xb0 [ 160.716202][ T6563] ? clear_bhb_loop+0x40/0x90 [ 160.720890][ T6563] ? clear_bhb_loop+0x40/0x90 [ 160.725579][ T6563] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 160.731497][ T6563] RIP: 0033:0x7f7fcaf8eba9 [ 160.735935][ T6563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.755575][ T6563] RSP: 002b:00007f7fcbea1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 160.764006][ T6563] RAX: ffffffffffffffda RBX: 00007f7fcb1d6090 RCX: 00007f7fcaf8eba9 [ 160.771997][ T6563] RDX: 0000200000000200 RSI: 0000200000000080 RDI: 0000200000000000 [ 160.779980][ T6563] RBP: 00007f7fcbea1090 R08: 0000000000000000 R09: 0000000000000000 [ 160.787958][ T6563] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001 [ 160.795938][ T6563] R13: 00007f7fcb1d6128 R14: 00007f7fcb1d6090 R15: 00007ffdd8963fc8 [ 160.803931][ T6563] [ 160.867851][ T6195] usb 3-1: Product: syz [ 160.917003][ T6195] usb 3-1: Manufacturer: syz [ 160.968012][ T6195] usb 3-1: SerialNumber: syz [ 161.466099][ T6566] loop1: detected capacity change from 0 to 64 [ 162.713096][ T6195] usb 3-1: config 0 descriptor?? [ 162.726380][ T6566] MINIX-fs: bad superblock or unable to read bitmaps [ 162.758968][ T5787] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 162.801591][ T6550] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 162.853252][ T5799] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 162.962776][ T5786] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 163.047749][ T6195] usb 3-1: can't set config #0, error -71 [ 163.064818][ T6195] usb 3-1: USB disconnect, device number 9 [ 163.211833][ T6572] FAULT_INJECTION: forcing a failure. [ 163.211833][ T6572] name failslab, interval 1, probability 0, space 0, times 0 [ 163.254438][ T6574] loop3: detected capacity change from 0 to 1024 [ 163.260564][ T6572] CPU: 0 PID: 6572 Comm: syz.1.193 Not tainted syzkaller #0 [ 163.268140][ T6572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 163.275522][ T6574] EXT4-fs: Ignoring removed nomblk_io_submit option [ 163.278212][ T6572] Call Trace: [ 163.278224][ T6572] [ 163.291091][ T6572] dump_stack_lvl+0x16c/0x230 [ 163.295831][ T6572] ? show_regs_print_info+0x20/0x20 [ 163.301078][ T6572] ? load_image+0x3b0/0x3b0 [ 163.305627][ T6572] ? __might_sleep+0xe0/0xe0 [ 163.310264][ T6572] ? __lock_acquire+0x7c80/0x7c80 [ 163.315340][ T6572] should_fail_ex+0x39d/0x4d0 [ 163.320068][ T6572] should_failslab+0x9/0x20 [ 163.324599][ T6572] slab_pre_alloc_hook+0x59/0x310 [ 163.329657][ T6572] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 163.335406][ T6572] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 163.341155][ T6572] __kmem_cache_alloc_node+0x53/0x260 [ 163.346553][ T6572] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 163.352299][ T6572] __kmalloc+0xa4/0x240 [ 163.356476][ T6572] tomoyo_realpath_from_path+0xe3/0x5d0 [ 163.362055][ T6572] tomoyo_path_number_perm+0x1ea/0x590 [ 163.367535][ T6572] ? tomoyo_path_number_perm+0x1ba/0x590 [ 163.373189][ T6572] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 163.378668][ T6572] ? ksys_write+0x1c1/0x250 [ 163.383211][ T6572] ? __fget_files+0x28/0x4d0 [ 163.387822][ T6572] security_file_ioctl+0x70/0xa0 [ 163.392780][ T6572] __se_sys_ioctl+0x48/0x170 [ 163.397395][ T6572] do_syscall_64+0x55/0xb0 [ 163.401828][ T6572] ? clear_bhb_loop+0x40/0x90 [ 163.406518][ T6572] ? clear_bhb_loop+0x40/0x90 [ 163.411207][ T6572] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 163.417121][ T6572] RIP: 0033:0x7fead7f8eba9 [ 163.421558][ T6572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.442134][ T6572] RSP: 002b:00007fead8d70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.450578][ T6572] RAX: ffffffffffffffda RBX: 00007fead81d5fa0 RCX: 00007fead7f8eba9 [ 163.458573][ T6572] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000006 [ 163.466568][ T6572] RBP: 00007fead8d70090 R08: 0000000000000000 R09: 0000000000000000 [ 163.474562][ T6572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.482553][ T6572] R13: 00007fead81d6038 R14: 00007fead81d5fa0 R15: 00007fff05bd7658 [ 163.490645][ T6572] [ 163.522123][ T6574] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 163.533090][ T6572] ERROR: Out of memory at tomoyo_realpath_from_path. [ 163.562234][ T6574] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 163.638948][ T6574] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.090520][ T6573] loop2: detected capacity change from 0 to 32768 [ 165.151111][ T6573] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 165.199166][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.383497][ T6573] XFS (loop2): Ending clean mount [ 165.398569][ T6599] bridge: RTM_NEWNEIGH with invalid ether address [ 165.435798][ T6594] loop1: detected capacity change from 0 to 4096 [ 165.502111][ T5799] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 165.747470][ T6603] tipc: Enabled bearer , priority 0 [ 165.801057][ T6606] syzkaller0: entered promiscuous mode [ 165.825308][ T6606] syzkaller0: entered allmulticast mode [ 165.834003][ T5789] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 165.891902][ T6603] tipc: Resetting bearer [ 165.918903][ T6602] tipc: Resetting bearer [ 165.955980][ T6602] tipc: Disabling bearer [ 166.204955][ T6611] loop3: detected capacity change from 0 to 64 [ 166.930878][ T6611] MINIX-fs: bad superblock or unable to read bitmaps [ 166.985604][ T5942] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 167.030232][ T6613] autofs4:pid:6613:autofs_fill_super: called with bogus options [ 167.309769][ T6618] loop2: detected capacity change from 0 to 128 [ 167.346496][ T6618] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 167.385792][ T6618] hpfs: filesystem error: improperly stopped [ 168.077591][ T6627] loop0: detected capacity change from 0 to 64 [ 168.092136][ T6618] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 168.127383][ T6627] MINIX-fs: bad superblock or unable to read bitmaps [ 168.187848][ T6618] hpfs: You really don't want any checks? You are crazy... [ 168.232848][ T6618] hpfs: hpfs_map_sector(): read error [ 168.238302][ T6618] hpfs: code page support is disabled [ 168.256850][ T6618] hpfs: hpfs_map_4sectors(): unaligned read [ 168.276503][ T6618] hpfs: hpfs_map_4sectors(): unaligned read [ 168.288606][ T6618] hpfs: filesystem error: unable to find root dir [ 169.069281][ T6631] bridge: RTM_NEWNEIGH with invalid ether address [ 169.101562][ T6638] loop2: detected capacity change from 0 to 16 [ 169.114249][ T6637] loop0: detected capacity change from 0 to 1024 [ 169.125701][ T6637] EXT4-fs: Ignoring removed nomblk_io_submit option [ 169.135427][ T6638] erofs: (device loop2): mounted with root inode @ nid 36. [ 169.150083][ T6637] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 169.163253][ T6637] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 169.200823][ T6637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.439086][ T6646] loop1: detected capacity change from 0 to 8192 [ 169.446616][ T6647] erofs: (device loop2): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 169.457738][ T6647] erofs: (device loop2): z_erofs_readahead: readahead error at folio 9 @ nid 36 [ 169.467595][ T6647] erofs: (device loop2): z_erofs_readahead: readahead error at folio 8 @ nid 36 [ 169.477442][ T6647] erofs: (device loop2): z_erofs_readahead: readahead error at folio 6 @ nid 36 [ 169.486906][ T6647] erofs: (device loop2): z_erofs_readahead: readahead error at folio 4 @ nid 36 [ 169.516890][ T6647] syz.2.210: attempt to access beyond end of device [ 169.516890][ T6647] loop2: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 169.539463][ T6646] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 169.570278][ T6647] syz.2.210: attempt to access beyond end of device [ 169.570278][ T6647] loop2: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 169.584358][ T6646] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 169.585990][ T6647] syz.2.210: attempt to access beyond end of device [ 169.585990][ T6647] loop2: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 169.609051][ T6647] syz.2.210: attempt to access beyond end of device [ 169.609051][ T6647] loop2: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 169.631137][ T6647] syz.2.210: attempt to access beyond end of device [ 169.631137][ T6647] loop2: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 169.677683][ T28] kauditd_printk_skb: 223 callbacks suppressed [ 169.678083][ T28] audit: type=1326 audit(1757843462.816:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6636 comm="syz.2.210" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea1318eba9 code=0x0 [ 169.735044][ T6646] REISERFS (device loop1): using ordered data mode [ 169.754457][ T6646] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 169.776647][ T6646] REISERFS (device loop1): checking transaction log (loop1) [ 169.785851][ T6646] REISERFS (device loop1): Using r5 hash to sort names [ 170.042297][ T6653] loop3: detected capacity change from 0 to 64 [ 170.380018][ T6653] MINIX-fs: bad superblock or unable to read bitmaps [ 170.834593][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.933902][ T6657] loop2: detected capacity change from 0 to 16 [ 170.971102][ T6657] erofs: (device loop2): mounted with root inode @ nid 36. [ 171.016902][ T6657] erofs: (device loop2): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 171.146910][ T6659] loop1: detected capacity change from 0 to 64 [ 171.366991][ T6659] MINIX-fs: bad superblock or unable to read bitmaps [ 171.841241][ T6663] loop2: detected capacity change from 0 to 2048 [ 171.886500][ T6667] tipc: Enabled bearer , priority 0 [ 171.900813][ T6667] syzkaller0: entered promiscuous mode [ 171.906484][ T6667] syzkaller0: entered allmulticast mode [ 172.443676][ T6663] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.449802][ T6667] tipc: Resetting bearer [ 172.494706][ T6663] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 172.517522][ T6663] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 22 with error 28 [ 172.533709][ T6663] EXT4-fs (loop2): This should not happen!! Data will be lost [ 172.533709][ T6663] [ 172.547137][ T6663] EXT4-fs (loop2): Total free blocks count 0 [ 172.548306][ T6666] tipc: Resetting bearer [ 172.560910][ T6663] EXT4-fs (loop2): Free/Dirty block details [ 172.567875][ T6663] EXT4-fs (loop2): free_blocks=2415919504 [ 172.574910][ T6663] EXT4-fs (loop2): dirty_blocks=32 [ 172.592564][ T6663] EXT4-fs (loop2): Block reservation details [ 172.598747][ T6663] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 172.653629][ T6666] tipc: Disabling bearer [ 172.907425][ T6663] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 172.921741][ T6678] bridge: RTM_NEWNEIGH with invalid ether address [ 173.326972][ T6680] loop3: detected capacity change from 0 to 512 [ 173.358762][ T6682] loop0: detected capacity change from 0 to 256 [ 173.373278][ T6682] exfat: Deprecated parameter 'utf8' [ 173.378667][ T6682] exfat: Deprecated parameter 'namecase' [ 173.399825][ T6680] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 173.402362][ T12] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 173.537262][ T6680] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001) [ 173.608031][ T6682] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 174.496993][ T6691] netlink: 72 bytes leftover after parsing attributes in process `syz.3.224'. [ 175.192146][ T6704] loop1: detected capacity change from 0 to 64 [ 175.327987][ T6704] MINIX-fs: bad superblock or unable to read bitmaps [ 176.022298][ T6706] bridge: RTM_NEWNEIGH with invalid ether address [ 176.150273][ T6714] tipc: Enabled bearer , priority 0 [ 176.885458][ T6712] syzkaller0: entered promiscuous mode [ 176.891011][ T6712] syzkaller0: entered allmulticast mode [ 177.065382][ T6712] tipc: Resetting bearer [ 177.114904][ T6711] tipc: Resetting bearer [ 177.180974][ T6722] FAULT_INJECTION: forcing a failure. [ 177.180974][ T6722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.220697][ T6711] tipc: Disabling bearer [ 177.222115][ T6722] CPU: 1 PID: 6722 Comm: syz.1.232 Not tainted syzkaller #0 [ 177.233779][ T6722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 177.243858][ T6722] Call Trace: [ 177.247175][ T6722] [ 177.250132][ T6722] dump_stack_lvl+0x16c/0x230 [ 177.254849][ T6722] ? show_regs_print_info+0x20/0x20 [ 177.260093][ T6722] ? load_image+0x3b0/0x3b0 [ 177.264628][ T6722] ? __lock_acquire+0x7c80/0x7c80 [ 177.269787][ T6722] ? snprintf+0xdb/0x120 [ 177.274069][ T6722] should_fail_ex+0x39d/0x4d0 [ 177.278785][ T6722] _copy_to_user+0x2f/0xa0 [ 177.283220][ T6722] simple_read_from_buffer+0xe7/0x150 [ 177.288615][ T6722] proc_fail_nth_read+0x1e3/0x250 [ 177.293666][ T6722] ? proc_fault_inject_write+0x340/0x340 [ 177.299322][ T6722] ? fsnotify_perm+0x271/0x5e0 [ 177.304113][ T6722] ? proc_fault_inject_write+0x340/0x340 [ 177.309782][ T6722] vfs_read+0x27e/0x920 [ 177.313992][ T6722] ? kernel_read+0x1e0/0x1e0 [ 177.318616][ T6722] ? __fget_files+0x28/0x4d0 [ 177.323242][ T6722] ? __fget_files+0x44a/0x4d0 [ 177.327938][ T6722] ? __fdget_pos+0x2a3/0x330 [ 177.332541][ T6722] ? ksys_read+0x75/0x250 [ 177.336897][ T6722] ksys_read+0x147/0x250 [ 177.341150][ T6722] ? vfs_write+0x940/0x940 [ 177.345585][ T6722] ? lockdep_hardirqs_on+0x98/0x150 [ 177.350804][ T6722] do_syscall_64+0x55/0xb0 [ 177.355231][ T6722] ? clear_bhb_loop+0x40/0x90 [ 177.359919][ T6722] ? clear_bhb_loop+0x40/0x90 [ 177.364611][ T6722] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 177.370517][ T6722] RIP: 0033:0x7fead7f8d5bc [ 177.374939][ T6722] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 177.394558][ T6722] RSP: 002b:00007fead8d4f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 177.402987][ T6722] RAX: ffffffffffffffda RBX: 00007fead81d6090 RCX: 00007fead7f8d5bc [ 177.410968][ T6722] RDX: 000000000000000f RSI: 00007fead8d4f0a0 RDI: 0000000000000006 [ 177.418957][ T6722] RBP: 00007fead8d4f090 R08: 0000000000000000 R09: 0000000000000000 [ 177.426946][ T6722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.434959][ T6722] R13: 00007fead81d6128 R14: 00007fead81d6090 R15: 00007fff05bd7658 [ 177.442986][ T6722] [ 177.447440][ T788] tipc: Node number set to 1554907968 [ 177.591332][ T6724] loop2: detected capacity change from 0 to 4096 [ 177.642226][ T6724] ntfs: (device loop2): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 178.072581][ T5102] Bluetooth: hci2: command 0x0405 tx timeout [ 178.206495][ T6734] tipc: Enabled bearer , priority 0 [ 178.842021][ T6734] syzkaller0: entered promiscuous mode [ 178.975919][ T6724] ntfs: volume version 3.1. [ 179.052054][ T6734] syzkaller0: entered allmulticast mode [ 179.063209][ T6724] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Size of index buffer (VCN 0x0) of directory inode 0x5 exceeds maximum size. [ 179.232070][ T788] tipc: Node number set to 3782546211 [ 179.245574][ T6724] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 179.260374][ T6734] netlink: 2 bytes leftover after parsing attributes in process `syz.3.236'. [ 179.394572][ T6744] loop1: detected capacity change from 0 to 64 [ 179.727703][ T6744] MINIX-fs: bad superblock or unable to read bitmaps [ 179.903860][ T6724] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 179.935430][ T6741] tipc: Resetting bearer [ 180.112309][ T6733] tipc: Resetting bearer [ 180.263881][ T6733] tipc: Disabling bearer [ 180.840199][ T6756] 9pnet_fd: Insufficient options for proto=fd [ 181.330407][ T6754] bridge: RTM_NEWNEIGH with invalid ether address [ 181.569109][ T6747] loop1: detected capacity change from 0 to 32768 [ 181.663304][ T6747] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.238 (6747) [ 181.678361][ T6760] loop0: detected capacity change from 0 to 64 [ 181.755455][ T6747] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 181.840386][ T6747] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 182.525219][ T6764] tipc: Enabled bearer , priority 0 [ 182.562018][ T6747] BTRFS info (device loop1): using free space tree [ 182.612526][ T6768] syzkaller0: entered promiscuous mode [ 182.619284][ T6768] syzkaller0: entered allmulticast mode [ 182.964383][ T6764] tipc: Resetting bearer [ 183.082116][ T6747] BTRFS info (device loop1): enabling ssd optimizations [ 183.089149][ T6747] BTRFS info (device loop1): auto enabling async discard [ 183.092548][ T6763] tipc: Resetting bearer [ 183.172655][ T6788] netlink: 20 bytes leftover after parsing attributes in process `syz.0.246'. [ 183.392377][ T6763] tipc: Disabling bearer [ 183.415198][ T5788] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 184.113539][ T6791] loop3: detected capacity change from 0 to 64 [ 184.201749][ T6791] MINIX-fs: bad superblock or unable to read bitmaps [ 184.353293][ T5799] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 185.633563][ T6808] 9pnet_fd: Insufficient options for proto=fd [ 186.993512][ T6823] loop2: detected capacity change from 0 to 512 [ 187.006260][ T6821] loop3: detected capacity change from 0 to 256 [ 187.019655][ T6823] EXT4-fs: Ignoring removed nobh option [ 187.038528][ T6823] EXT4-fs: Ignoring removed i_version option [ 187.059421][ T6823] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 187.087977][ T6823] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 187.128392][ T6823] EXT4-fs (loop2): 1 truncate cleaned up [ 187.154101][ T6823] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.166917][ T6826] bridge: RTM_NEWNEIGH with invalid ether address [ 187.223763][ T6823] FAULT_INJECTION: forcing a failure. [ 187.223763][ T6823] name failslab, interval 1, probability 0, space 0, times 0 [ 187.282229][ T6823] CPU: 1 PID: 6823 Comm: syz.2.257 Not tainted syzkaller #0 [ 187.289597][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 187.299692][ T6823] Call Trace: [ 187.303016][ T6823] [ 187.305993][ T6823] dump_stack_lvl+0x16c/0x230 [ 187.310730][ T6823] ? show_regs_print_info+0x20/0x20 [ 187.315971][ T6823] ? load_image+0x3b0/0x3b0 [ 187.320523][ T6823] ? __might_sleep+0xe0/0xe0 [ 187.325161][ T6823] ? __lock_acquire+0x7c80/0x7c80 [ 187.330231][ T6823] should_fail_ex+0x39d/0x4d0 [ 187.334955][ T6823] should_failslab+0x9/0x20 [ 187.339506][ T6823] slab_pre_alloc_hook+0x59/0x310 [ 187.344585][ T6823] ? kvmalloc_node+0x70/0x180 [ 187.349301][ T6823] ? kvmalloc_node+0x70/0x180 [ 187.354016][ T6823] __kmem_cache_alloc_node+0x53/0x260 [ 187.359510][ T6823] ? mutex_lock_nested+0x20/0x20 [ 187.364494][ T6823] ? kvmalloc_node+0x70/0x180 [ 187.369202][ T6823] __kmalloc_node+0xa4/0x230 [ 187.373833][ T6823] kvmalloc_node+0x70/0x180 [ 187.378378][ T6823] seq_read_iter+0x1fa/0xd50 [ 187.383004][ T6823] ? trace_raw_output_contention_end+0xd0/0xd0 [ 187.389202][ T6823] ? end_current_label_crit_section+0x149/0x170 [ 187.395482][ T6823] ? common_file_perm+0x198/0x1f0 [ 187.400558][ T6823] vfs_read+0x431/0x920 [ 187.404766][ T6823] ? kernel_read+0x1e0/0x1e0 [ 187.409397][ T6823] ? __fget_files+0x44a/0x4d0 [ 187.414120][ T6823] ? __fdget_pos+0x2a3/0x330 [ 187.418744][ T6823] ? ksys_read+0x75/0x250 [ 187.423127][ T6823] ksys_read+0x147/0x250 [ 187.427412][ T6823] ? vfs_write+0x940/0x940 [ 187.431877][ T6823] ? lockdep_hardirqs_on+0x98/0x150 [ 187.437120][ T6823] do_syscall_64+0x55/0xb0 [ 187.441570][ T6823] ? clear_bhb_loop+0x40/0x90 [ 187.446290][ T6823] ? clear_bhb_loop+0x40/0x90 [ 187.451004][ T6823] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 187.456941][ T6823] RIP: 0033:0x7fea1318eba9 [ 187.461394][ T6823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.481035][ T6823] RSP: 002b:00007fea14055038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 187.489464][ T6823] RAX: ffffffffffffffda RBX: 00007fea133d5fa0 RCX: 00007fea1318eba9 [ 187.497467][ T6823] RDX: 000000000000206e RSI: 0000200000006b40 RDI: 0000000000000004 [ 187.505451][ T6823] RBP: 00007fea14055090 R08: 0000000000000000 R09: 0000000000000000 [ 187.513432][ T6823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.521443][ T6823] R13: 00007fea133d6038 R14: 00007fea133d5fa0 R15: 00007ffc9c0688d8 [ 187.529441][ T6823] [ 187.688425][ T6833] loop0: detected capacity change from 0 to 64 [ 188.140266][ T6833] MINIX-fs: bad superblock or unable to read bitmaps [ 188.308710][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 188.347095][ T6835] tipc: Enabled bearer , priority 0 [ 188.424764][ T6831] tipc: Resetting bearer [ 188.448597][ T5789] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz-executor: corrupted in-inode xattr: overlapping e_value [ 188.486288][ T6830] tipc: Disabling bearer [ 188.495643][ T5789] EXT4-fs (loop2): Remounting filesystem read-only [ 188.506179][ T5789] EXT4-fs warning (device loop2): ext4_xattr_set_entry:1781: inode #15: comm syz-executor: unable to update i_inline_off [ 188.520772][ T5789] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 188.572090][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 188.586700][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 188.603625][ T6277] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.623721][ T9] usb 4-1: config 3 has an invalid interface number: 243 but max is 0 [ 188.652750][ T9] usb 4-1: config 3 has no interface number 0 [ 188.659986][ T9] usb 4-1: config 3 interface 243 altsetting 9 bulk endpoint 0x6 has invalid maxpacket 32 [ 188.718054][ T9] usb 4-1: config 3 interface 243 altsetting 9 has an invalid endpoint with address 0x72, skipping [ 188.741155][ T6839] loop0: detected capacity change from 0 to 128 [ 188.766353][ T9] usb 4-1: config 3 interface 243 has no altsetting 0 [ 188.788969][ T9] usb 4-1: New USB device found, idVendor=305a, idProduct=1405, bcdDevice=a4.69 [ 188.798462][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.803027][ T6839] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 188.816283][ T9] usb 4-1: Product: syz [ 188.816316][ T9] usb 4-1: Manufacturer: syz [ 188.816332][ T9] usb 4-1: SerialNumber: syz [ 188.822937][ T9] usb 4-1: Interface #243 referenced by multiple IADs [ 188.885601][ T6821] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 188.896344][ T6839] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 188.969617][ T6843] 9pnet_fd: Insufficient options for proto=fd [ 189.718546][ T28] audit: type=1804 audit(1757843482.856:238): pid=6845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.263" name="/newroot/74/file0/bus" dev="loop0" ino=115 res=1 errno=0 [ 189.798656][ T9] option 4-1:3.243: GSM modem (1-port) converter detected [ 189.839716][ T9] usb 4-1: USB disconnect, device number 5 [ 189.847711][ T9] option 4-1:3.243: device disconnected [ 190.062655][ T1118] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.277781][ T1118] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.420556][ T1118] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.470435][ T6850] bridge: RTM_NEWNEIGH with invalid ether address [ 190.576385][ T1118] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.742936][ T6847] loop1: detected capacity change from 0 to 32768 [ 190.774530][ T6847] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.265 (6847) [ 191.045393][ T6195] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 191.073484][ T6847] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 191.160221][ T6847] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 191.211551][ T6859] loop0: detected capacity change from 0 to 64 [ 191.415294][ T6859] MINIX-fs: bad superblock or unable to read bitmaps [ 191.672148][ T1118] tipc: Left network mode [ 191.693315][ T6847] BTRFS info (device loop1): force zlib compression, level 3 [ 191.700769][ T6847] BTRFS info (device loop1): force clearing of disk cache [ 191.813522][ T6847] BTRFS info (device loop1): setting nodatasum [ 191.819772][ T6847] BTRFS info (device loop1): use zlib compression, level 3 [ 191.845219][ T5792] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 191.864767][ T5792] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 191.876567][ T5792] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 191.884106][ T6847] BTRFS info (device loop1): enabling disk space caching [ 191.891355][ T6847] BTRFS info (device loop1): disk space caching is enabled [ 191.942297][ T5792] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 191.952149][ T6195] usb 4-1: Using ep0 maxpacket: 32 [ 191.954519][ T5792] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 191.964900][ T5792] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 191.973512][ T6195] usb 4-1: config 0 has an invalid descriptor of length 134, skipping remainder of the config [ 192.033548][ T6195] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 192.092456][ T6195] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 192.115324][ T6195] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.159284][ T6195] usb 4-1: config 0 descriptor?? [ 192.175958][ T6197] BTRFS warning (device loop1): checksum verify failed on logical 1052672 mirror 1 wanted 0xdff074e1be93285e found 0x2f5b44c1895b9de2 level 0 [ 192.212569][ T6195] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 192.269046][ T6847] BTRFS error (device loop1): failed to read chunk root [ 192.358240][ T6847] BTRFS error (device loop1): open_ctree failed: -5 [ 192.457823][ T5942] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by udevd (5942) [ 192.652471][ T6860] lo speed is unknown, defaulting to 1000 [ 192.792374][ T6860] lo speed is unknown, defaulting to 1000 [ 193.653074][ T6195] usb 4-1: USB disconnect, device number 6 [ 194.039576][ T6906] bridge: RTM_NEWNEIGH with invalid ether address [ 194.072179][ T5792] Bluetooth: hci0: command tx timeout [ 194.147174][ T6906] Bluetooth: MGMT ver 1.22 [ 194.478183][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.484929][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.531640][ T6917] loop1: detected capacity change from 0 to 64 [ 194.761465][ T6917] MINIX-fs: bad superblock or unable to read bitmaps [ 195.464829][ T6860] chnl_net:caif_netlink_parms(): no params data found [ 195.870758][ T6925] loop1: detected capacity change from 0 to 40427 [ 195.925373][ T6910] loop0: detected capacity change from 0 to 40427 [ 195.932514][ T6925] F2FS-fs (loop1): invalid crc value [ 195.943821][ T6910] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 195.954961][ T6910] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 195.955000][ T6925] F2FS-fs (loop1): Found nat_bits in checkpoint [ 196.010555][ T6925] F2FS-fs (loop1): Start checkpoint disabled! [ 196.019595][ T6910] F2FS-fs (loop0): build fault injection attr: rate: 18446, type: 0x7ffff [ 196.028329][ T6925] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 196.057980][ T6910] F2FS-fs (loop0): invalid crc value [ 196.113685][ T6910] F2FS-fs (loop0): Found nat_bits in checkpoint [ 196.155903][ T5792] Bluetooth: hci0: command tx timeout [ 196.203211][ T9] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 196.628287][ T1118] hsr_slave_0: left promiscuous mode [ 196.634973][ T1118] hsr_slave_1: left promiscuous mode [ 196.642832][ T1118] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.651093][ T1118] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.666874][ T1118] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.677194][ T1118] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.687801][ T1118] bridge_slave_1: left allmulticast mode [ 196.693747][ T1118] bridge_slave_1: left promiscuous mode [ 196.700325][ T1118] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.719883][ T6910] F2FS-fs (loop0): Start checkpoint disabled! [ 196.780691][ T6910] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 196.791605][ T1118] bridge_slave_0: left allmulticast mode [ 196.811624][ T1118] bridge_slave_0: left promiscuous mode [ 196.818677][ T6910] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 196.824342][ T9] usb 4-1: config 0 has an invalid interface number: 200 but max is 0 [ 196.832174][ T1118] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.852030][ T9] usb 4-1: config 0 has no interface number 0 [ 196.868416][ T9] usb 4-1: config 0 interface 200 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0 [ 196.912562][ T9] usb 4-1: config 0 interface 200 has no altsetting 0 [ 196.940818][ T9] usb 4-1: New USB device found, idVendor=0b57, idProduct=852a, bcdDevice=6d.39 [ 196.972234][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.980315][ T9] usb 4-1: Product: syz [ 196.986160][ T2990] kworker/u4:8: attempt to access beyond end of device [ 196.986160][ T2990] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 197.009433][ T1118] veth1_macvtap: left promiscuous mode [ 197.015561][ T9] usb 4-1: Manufacturer: syz [ 197.020211][ T9] usb 4-1: SerialNumber: syz [ 197.029200][ T1118] veth0_macvtap: left promiscuous mode [ 197.032269][ T2990] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 197.052147][ T9] usb 4-1: config 0 descriptor?? [ 197.063873][ T2990] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 197.066515][ T1118] veth1_vlan: left promiscuous mode [ 197.082030][ T2990] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 197.107442][ T1118] veth0_vlan: left promiscuous mode [ 197.707730][ T2990] kworker/u4:8: attempt to access beyond end of device [ 197.707730][ T2990] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 197.744637][ T2990] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 197.760649][ T2990] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 198.283067][ T5792] Bluetooth: hci0: command tx timeout [ 198.968286][ T9] input: Hanwang Art Master III 1308 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.200/input/input5 [ 199.034728][ T9] usb 4-1: USB disconnect, device number 7 [ 199.188106][ T6953] FAULT_INJECTION: forcing a failure. [ 199.188106][ T6953] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.201412][ T6953] CPU: 0 PID: 6953 Comm: syz.1.284 Not tainted syzkaller #0 [ 199.208711][ T6953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 199.218771][ T6953] Call Trace: [ 199.222071][ T6953] [ 199.225005][ T6953] dump_stack_lvl+0x16c/0x230 [ 199.229699][ T6953] ? show_regs_print_info+0x20/0x20 [ 199.234900][ T6953] ? load_image+0x3b0/0x3b0 [ 199.239406][ T6953] ? __might_fault+0xaa/0x120 [ 199.244085][ T6953] ? __lock_acquire+0x7c80/0x7c80 [ 199.249131][ T6953] should_fail_ex+0x39d/0x4d0 [ 199.253823][ T6953] _copy_from_user+0x2f/0xe0 [ 199.258419][ T6953] sk_setsockopt+0x276/0x29d0 [ 199.263123][ T6953] ? sockopt_capable+0x60/0x60 [ 199.267911][ T6953] ? aa_sk_perm+0x7fc/0x930 [ 199.272440][ T6953] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 199.278434][ T6953] ? aa_af_perm+0x2b0/0x2b0 [ 199.282948][ T6953] ? __fget_files+0x28/0x4d0 [ 199.287547][ T6953] ? aa_sock_opt_perm+0x74/0x100 [ 199.292492][ T6953] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 199.298044][ T6953] ? security_socket_setsockopt+0x7e/0xa0 [ 199.303772][ T6953] do_sock_setsockopt+0x11b/0x1a0 [ 199.308815][ T6953] __x64_sys_setsockopt+0x184/0x200 [ 199.314026][ T6953] do_syscall_64+0x55/0xb0 [ 199.318444][ T6953] ? clear_bhb_loop+0x40/0x90 [ 199.323130][ T6953] ? clear_bhb_loop+0x40/0x90 [ 199.327825][ T6953] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 199.333741][ T6953] RIP: 0033:0x7fead7f8eba9 [ 199.338172][ T6953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.357792][ T6953] RSP: 002b:00007fead8d70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 199.366212][ T6953] RAX: ffffffffffffffda RBX: 00007fead81d5fa0 RCX: 00007fead7f8eba9 [ 199.374188][ T6953] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000005 [ 199.382160][ T6953] RBP: 00007fead8d70090 R08: 0000000000000010 R09: 0000000000000000 [ 199.390147][ T6953] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 199.398116][ T6953] R13: 00007fead81d6038 R14: 00007fead81d5fa0 R15: 00007fff05bd7658 [ 199.406098][ T6953] [ 199.913302][ T6959] tty tty27: ldisc open failed (-12), clearing slot 26 [ 200.393631][ T5792] Bluetooth: hci0: command tx timeout [ 200.776355][ T6975] FAULT_INJECTION: forcing a failure. [ 200.776355][ T6975] name failslab, interval 1, probability 0, space 0, times 0 [ 200.963553][ T6979] loop0: detected capacity change from 0 to 64 [ 201.010294][ T6979] MINIX-fs: bad superblock or unable to read bitmaps [ 201.039328][ T6975] CPU: 0 PID: 6975 Comm: syz.3.290 Not tainted syzkaller #0 [ 201.046685][ T6975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 201.056776][ T6975] Call Trace: [ 201.060079][ T6975] [ 201.063037][ T6975] dump_stack_lvl+0x16c/0x230 [ 201.067762][ T6975] ? show_regs_print_info+0x20/0x20 [ 201.073003][ T6975] ? load_image+0x3b0/0x3b0 [ 201.077542][ T6975] ? __might_sleep+0xe0/0xe0 [ 201.082172][ T6975] ? __lock_acquire+0x7c80/0x7c80 [ 201.087241][ T6975] should_fail_ex+0x39d/0x4d0 [ 201.091960][ T6975] should_failslab+0x9/0x20 [ 201.096500][ T6975] slab_pre_alloc_hook+0x59/0x310 [ 201.101560][ T6975] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 201.107325][ T6975] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 201.113082][ T6975] __kmem_cache_alloc_node+0x53/0x260 [ 201.118513][ T6975] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 201.124292][ T6975] __kmalloc+0xa4/0x240 [ 201.128495][ T6975] tomoyo_realpath_from_path+0xe3/0x5d0 [ 201.134100][ T6975] tomoyo_path_number_perm+0x1ea/0x590 [ 201.139611][ T6975] ? tomoyo_path_number_perm+0x1ba/0x590 [ 201.145286][ T6975] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 201.150785][ T6975] ? ksys_write+0x1c1/0x250 [ 201.155361][ T6975] ? __fget_files+0x28/0x4d0 [ 201.160000][ T6975] security_file_ioctl+0x70/0xa0 [ 201.164974][ T6975] __se_sys_ioctl+0x48/0x170 [ 201.169607][ T6975] do_syscall_64+0x55/0xb0 [ 201.174055][ T6975] ? clear_bhb_loop+0x40/0x90 [ 201.178760][ T6975] ? clear_bhb_loop+0x40/0x90 [ 201.183467][ T6975] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 201.189401][ T6975] RIP: 0033:0x7f981178eba9 [ 201.193843][ T6975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.213483][ T6975] RSP: 002b:00007f9812698038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 201.221948][ T6975] RAX: ffffffffffffffda RBX: 00007f98119d5fa0 RCX: 00007f981178eba9 [ 201.229948][ T6975] RDX: 00002000000003c0 RSI: 000000004008af30 RDI: 0000000000000004 [ 201.237941][ T6975] RBP: 00007f9812698090 R08: 0000000000000000 R09: 0000000000000000 [ 201.245953][ T6975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.253954][ T6975] R13: 00007f98119d6038 R14: 00007f98119d5fa0 R15: 00007ffed5125998 [ 201.261976][ T6975] [ 201.472890][ T6975] ERROR: Out of memory at tomoyo_realpath_from_path. [ 201.567551][ T1118] team0 (unregistering): Port device team_slave_1 removed [ 202.065971][ T1118] team0 (unregistering): Port device team_slave_0 removed [ 202.200382][ T6982] loop3: detected capacity change from 0 to 8192 [ 202.217630][ T1118] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.249467][ T6982] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 202.264607][ T6982] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 202.275559][ T6982] REISERFS (device loop3): using ordered data mode [ 202.283590][ T6982] reiserfs: using flush barriers [ 202.301626][ T6982] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 202.327495][ T6982] REISERFS (device loop3): checking transaction log (loop3) [ 202.359375][ T6982] REISERFS (device loop3): Using r5 hash to sort names [ 202.367903][ T6982] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 202.392952][ T6982] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 202.413846][ T1118] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.481409][ T6982] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 202.552597][ T6982] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 202.967501][ T6990] loop3: detected capacity change from 0 to 256 [ 203.068514][ T6987] loop1: detected capacity change from 0 to 32768 [ 203.279824][ T6987] overlay: filesystem on ./bus not supported [ 203.322194][ T5845] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 203.475980][ T1118] bond0 (unregistering): Released all slaves [ 203.512575][ T5845] usb 4-1: Using ep0 maxpacket: 32 [ 203.534319][ T5845] usb 4-1: unable to get BOS descriptor or descriptor too short [ 203.550947][ T5845] usb 4-1: config 3 has an invalid interface number: 243 but max is 0 [ 203.565947][ T5845] usb 4-1: config 3 has no interface number 0 [ 203.578193][ T5845] usb 4-1: config 3 interface 243 altsetting 9 bulk endpoint 0x6 has invalid maxpacket 32 [ 203.589348][ T5845] usb 4-1: config 3 interface 243 altsetting 9 has an invalid endpoint with address 0x72, skipping [ 203.606443][ T5845] usb 4-1: config 3 interface 243 has no altsetting 0 [ 203.618624][ T5845] usb 4-1: New USB device found, idVendor=305a, idProduct=1405, bcdDevice=a4.69 [ 203.629511][ T5845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.649500][ T5845] usb 4-1: Product: syz [ 203.666809][ T5845] usb 4-1: Manufacturer: syz [ 203.686115][ T5845] usb 4-1: SerialNumber: syz [ 203.706353][ T5845] usb 4-1: Interface #243 referenced by multiple IADs [ 203.728068][ T6990] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 203.772829][ T8] lo speed is unknown, defaulting to 1000 [ 203.811561][ T6860] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.835387][ T6860] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.849543][ T6860] bridge_slave_0: entered allmulticast mode [ 203.857529][ T6860] bridge_slave_0: entered promiscuous mode [ 203.892173][ T6860] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.929833][ T6860] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.997037][ T6860] bridge_slave_1: entered allmulticast mode [ 204.013586][ T6860] bridge_slave_1: entered promiscuous mode [ 204.028150][ T5845] option 4-1:3.243: GSM modem (1-port) converter detected [ 204.109660][ T5845] usb 4-1: USB disconnect, device number 8 [ 204.148060][ T5845] option 4-1:3.243: device disconnected [ 204.292708][ T6993] loop1: detected capacity change from 0 to 40427 [ 204.314188][ T6993] F2FS-fs (loop1): invalid crc value [ 204.356961][ T6993] F2FS-fs (loop1): Found nat_bits in checkpoint [ 204.404597][ T6993] F2FS-fs (loop1): Start checkpoint disabled! [ 204.457570][ T6993] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 204.504002][ T6995] loop0: detected capacity change from 0 to 40427 [ 204.551988][ T6995] F2FS-fs (loop0): invalid crc value [ 204.599935][ T6995] F2FS-fs (loop0): Found nat_bits in checkpoint [ 204.690066][ T6995] F2FS-fs (loop0): Start checkpoint disabled! [ 204.748992][ T6999] FAULT_INJECTION: forcing a failure. [ 204.748992][ T6999] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 204.764097][ T6999] CPU: 1 PID: 6999 Comm: syz.1.295 Not tainted syzkaller #0 [ 204.771424][ T6999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 204.781504][ T6999] Call Trace: [ 204.784811][ T6999] [ 204.787771][ T6999] dump_stack_lvl+0x16c/0x230 [ 204.792488][ T6999] ? show_regs_print_info+0x20/0x20 [ 204.797717][ T6999] ? load_image+0x3b0/0x3b0 [ 204.802251][ T6999] ? __lock_acquire+0x7c80/0x7c80 [ 204.807308][ T6999] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 204.813234][ T6999] ? _raw_spin_unlock+0x40/0x40 [ 204.818121][ T6999] should_fail_ex+0x39d/0x4d0 [ 204.822844][ T6999] prepare_alloc_pages+0x1e2/0x5f0 [ 204.828028][ T6999] __alloc_pages+0x127/0x460 [ 204.832684][ T6999] ? zone_statistics+0x170/0x170 [ 204.837684][ T6999] pte_alloc_one+0x89/0x540 [ 204.842219][ T6999] ? pfn_modify_allowed+0x560/0x560 [ 204.847455][ T6999] ? mt_find+0x13e/0x5b0 [ 204.851735][ T6999] ? __lock_acquire+0x7c80/0x7c80 [ 204.856802][ T6999] __pte_alloc+0x22/0x2a0 [ 204.861177][ T6999] handle_mm_fault+0x3cc3/0x4920 [ 204.866162][ T6999] ? handle_mm_fault+0xd1/0x4920 [ 204.871154][ T6999] ? numa_migrate_prep+0x350/0x350 [ 204.876312][ T6999] ? lock_chain_count+0x20/0x20 [ 204.881205][ T6999] ? __lock_acquire+0x1334/0x7c80 [ 204.886268][ T6999] ? lock_mm_and_find_vma+0x9c/0x300 [ 204.891613][ T6999] do_user_addr_fault+0x738/0x12e0 [ 204.896786][ T6999] exc_page_fault+0x67/0x110 [ 204.901420][ T6999] asm_exc_page_fault+0x26/0x30 [ 204.906300][ T6999] RIP: 0010:filldir64+0x28e/0x680 [ 204.911363][ T6999] Code: 94 ff 4c 89 e7 4c 89 f6 e8 8f a4 94 ff 4d 01 f7 0f 88 55 02 00 00 4d 39 f7 0f 82 4c 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 60 <49> 89 46 08 48 8b 44 24 58 48 8b 4c 24 38 48 89 01 48 8b 44 24 10 [ 204.931003][ T6999] RSP: 0018:ffffc90003507980 EFLAGS: 00050216 [ 204.937113][ T6999] RAX: 0000000000000000 RBX: ffffc90003507e70 RCX: ffff888027fe5a00 [ 204.945138][ T6999] RDX: 0000000000000000 RSI: 0000200000fc4fbe RDI: 0000200000fc4fd6 [ 204.953144][ T6999] RBP: 0000000000000001 R08: 0000000000000011 R09: 0000000000000004 [ 204.961318][ T6999] R10: ffffc90003507b20 R11: fffff520006a0f66 R12: 0000200000fc4fd6 [ 204.969320][ T6999] R13: ffff8880216ad950 R14: 0000200000fc4fbe R15: 0000200000fc4fd6 [ 204.977360][ T6999] ? filldir+0x680/0x680 [ 204.981639][ T6999] f2fs_fill_dentries+0x6d7/0xbb0 [ 204.986728][ T6999] ? f2fs_empty_dir+0x250/0x250 [ 204.991616][ T6999] ? __filemap_get_folio+0x70a/0xbc0 [ 204.996949][ T6999] ? PageUptodate+0xd8/0x290 [ 205.001581][ T6999] ? f2fs_find_data_page+0x74/0x3a0 [ 205.006823][ T6999] f2fs_readdir+0x50d/0x8c0 [ 205.011389][ T6999] ? f2fs_fill_dentries+0xbb0/0xbb0 [ 205.016627][ T6999] ? read_lock_is_recursive+0x20/0x20 [ 205.022029][ T6999] ? __schedule+0x14da/0x44d0 [ 205.026743][ T6999] ? __fdget_pos+0x2a3/0x330 [ 205.031373][ T6999] ? mutex_lock_nested+0x20/0x20 [ 205.036352][ T6999] ? end_current_label_crit_section+0x149/0x170 [ 205.042639][ T6999] ? down_read_killable+0x1d0/0x340 [ 205.047883][ T6999] ? fsnotify_perm+0x271/0x5e0 [ 205.052698][ T6999] iterate_dir+0x1c2/0x580 [ 205.057159][ T6999] __se_sys_getdents64+0xe9/0x260 [ 205.062225][ T6999] ? __x64_sys_getdents64+0x80/0x80 [ 205.067460][ T6999] ? filldir+0x680/0x680 [ 205.071750][ T6999] ? lockdep_hardirqs_on+0x98/0x150 [ 205.076999][ T6999] do_syscall_64+0x55/0xb0 [ 205.081459][ T6999] ? clear_bhb_loop+0x40/0x90 [ 205.086181][ T6999] ? clear_bhb_loop+0x40/0x90 [ 205.090910][ T6999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 205.096852][ T6999] RIP: 0033:0x7fead7f8eba9 [ 205.101312][ T6999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.120955][ T6999] RSP: 002b:00007fead8d4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 205.129411][ T6999] RAX: ffffffffffffffda RBX: 00007fead81d6090 RCX: 00007fead7f8eba9 [ 205.137412][ T6999] RDX: 0000000000000050 RSI: 0000200000fc4fbe RDI: 000000000000000a [ 205.145416][ T6999] RBP: 00007fead8d4f090 R08: 0000000000000000 R09: 0000000000000000 [ 205.153418][ T6999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.161419][ T6999] R13: 00007fead81d6128 R14: 00007fead81d6090 R15: 00007fff05bd7658 [ 205.169438][ T6999] [ 205.372695][ T6995] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 205.413055][ T6860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.153300][ T6860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.627058][ T6860] team0: Port device team_slave_0 added [ 206.660076][ T6860] team0: Port device team_slave_1 added [ 206.683742][ T58] kworker/u4:4: attempt to access beyond end of device [ 206.683742][ T58] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 206.704987][ T1130] kworker/u4:7: attempt to access beyond end of device [ 206.704987][ T1130] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 206.733885][ T58] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 206.757336][ T58] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 206.764825][ T1130] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 206.771750][ T1130] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 206.806075][ T58] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 206.872149][ T1130] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 206.879164][ T1130] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 207.054448][ T6860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.061452][ T6860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.123171][ T6860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.178916][ T6860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.194073][ T5798] Bluetooth: hci2: command 0x0405 tx timeout [ 207.197095][ T5102] Bluetooth: hci1: command 0x0406 tx timeout [ 207.200164][ T5798] Bluetooth: hci3: command 0x0406 tx timeout [ 207.231997][ T6860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.362450][ T6860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.543673][ T6860] hsr_slave_0: entered promiscuous mode [ 207.572348][ T6860] hsr_slave_1: entered promiscuous mode [ 207.827623][ T7027] loop1: detected capacity change from 0 to 64 [ 208.049913][ T7032] hfs: hfs: Invalid key length: 94 [ 208.061262][ T7032] FAULT_INJECTION: forcing a failure. [ 208.061262][ T7032] name failslab, interval 1, probability 0, space 0, times 0 [ 208.074546][ T7032] CPU: 1 PID: 7032 Comm: syz.1.298 Not tainted syzkaller #0 [ 208.081870][ T7032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 208.091985][ T7032] Call Trace: [ 208.095297][ T7032] [ 208.098256][ T7032] dump_stack_lvl+0x16c/0x230 [ 208.102979][ T7032] ? show_regs_print_info+0x20/0x20 [ 208.108214][ T7032] ? load_image+0x3b0/0x3b0 [ 208.112749][ T7032] ? __might_sleep+0xe0/0xe0 [ 208.117394][ T7032] ? __lock_acquire+0x7c80/0x7c80 [ 208.122453][ T7032] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 208.128468][ T7032] should_fail_ex+0x39d/0x4d0 [ 208.133182][ T7032] should_failslab+0x9/0x20 [ 208.137721][ T7032] slab_pre_alloc_hook+0x59/0x310 [ 208.142778][ T7032] ? lockdep_hardirqs_on+0x98/0x150 [ 208.148013][ T7032] kmem_cache_alloc+0x5a/0x2e0 [ 208.152810][ T7032] ? getname_flags+0xbb/0x500 [ 208.157527][ T7032] getname_flags+0xbb/0x500 [ 208.162072][ T7032] __x64_sys_unlinkat+0xae/0xe0 [ 208.166953][ T7032] do_syscall_64+0x55/0xb0 [ 208.171399][ T7032] ? clear_bhb_loop+0x40/0x90 [ 208.176105][ T7032] ? clear_bhb_loop+0x40/0x90 [ 208.180815][ T7032] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 208.186803][ T7032] RIP: 0033:0x7fead7f8eba9 [ 208.191246][ T7032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.210882][ T7032] RSP: 002b:00007fead8d2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 208.219335][ T7032] RAX: ffffffffffffffda RBX: 00007fead81d6180 RCX: 00007fead7f8eba9 [ 208.227345][ T7032] RDX: 0000000000000200 RSI: 0000200000000040 RDI: 000000000000000b [ 208.235351][ T7032] RBP: 00007fead8d2e090 R08: 0000000000000000 R09: 0000000000000000 [ 208.243354][ T7032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.251356][ T7032] R13: 00007fead81d6218 R14: 00007fead81d6180 R15: 00007fff05bd7658 [ 208.259374][ T7032] [ 211.057857][ T6860] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 211.220257][ T6860] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 211.225983][ T6860] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 211.260528][ T6860] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 211.276953][ T5102] Bluetooth: hci1: unexpected event for opcode 0x0c13 [ 211.489986][ T7046] loop0: detected capacity change from 0 to 256 [ 211.690747][ T7057] loop3: detected capacity change from 0 to 64 [ 212.376620][ T7057] MINIX-fs: bad superblock or unable to read bitmaps [ 212.559568][ T6860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.629203][ T6860] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.660673][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.668026][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.676450][ T23] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 212.728438][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.735702][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.121064][ T7063] loop3: detected capacity change from 0 to 40427 [ 213.152603][ T7063] F2FS-fs (loop3): invalid crc value [ 213.178799][ T7063] F2FS-fs (loop3): Found nat_bits in checkpoint [ 213.231307][ T7063] F2FS-fs (loop3): Start checkpoint disabled! [ 213.242125][ T7063] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 213.252163][ T23] usb 1-1: Using ep0 maxpacket: 32 [ 213.259586][ T23] usb 1-1: unable to get BOS descriptor or descriptor too short [ 213.270709][ T23] usb 1-1: config 3 has an invalid interface number: 243 but max is 0 [ 214.036100][ T23] usb 1-1: config 3 has no interface number 0 [ 214.050655][ T23] usb 1-1: config 3 interface 243 altsetting 9 bulk endpoint 0x6 has invalid maxpacket 32 [ 214.061082][ T23] usb 1-1: config 3 interface 243 altsetting 9 has an invalid endpoint with address 0x72, skipping [ 214.072315][ T23] usb 1-1: config 3 interface 243 has no altsetting 0 [ 214.082150][ T23] usb 1-1: New USB device found, idVendor=305a, idProduct=1405, bcdDevice=a4.69 [ 214.091246][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.100163][ T23] usb 1-1: Product: syz [ 214.106337][ T23] usb 1-1: Manufacturer: syz [ 214.111034][ T23] usb 1-1: SerialNumber: syz [ 214.119523][ T23] usb 1-1: Interface #243 referenced by multiple IADs [ 214.132795][ T7046] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 214.423615][ T1130] kworker/u4:7: attempt to access beyond end of device [ 214.423615][ T1130] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 214.465626][ T1130] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 214.479543][ T23] option 1-1:3.243: GSM modem (1-port) converter detected [ 214.482049][ T1130] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 214.517652][ T7059] loop1: detected capacity change from 0 to 32768 [ 214.527731][ T1130] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 214.539591][ T6860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.540055][ T23] usb 1-1: USB disconnect, device number 8 [ 214.607646][ T23] option 1-1:3.243: device disconnected [ 214.646454][ T7059] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 214.823814][ T7059] XFS (loop1): Ending clean mount [ 214.873337][ T7059] XFS (loop1): Quotacheck needed: Please wait. [ 215.029371][ T7059] XFS (loop1): Quotacheck: Done. [ 215.147011][ T7059] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org. [ 215.300657][ T7097] tipc: Enabled bearer , priority 0 [ 215.333106][ T7097] syzkaller0: entered promiscuous mode [ 215.338666][ T7097] syzkaller0: entered allmulticast mode [ 215.409063][ T5788] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 215.464234][ T7097] tipc: Resetting bearer [ 215.563101][ T7096] tipc: Resetting bearer [ 215.655080][ T7096] tipc: Disabling bearer [ 215.710924][ T6860] veth0_vlan: entered promiscuous mode [ 215.778906][ T6860] veth1_vlan: entered promiscuous mode [ 215.918103][ T6860] veth0_macvtap: entered promiscuous mode [ 216.024949][ T6860] veth1_macvtap: entered promiscuous mode [ 216.031003][ T7112] netlink: 28 bytes leftover after parsing attributes in process `syz.0.311'. [ 216.083536][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 216.094336][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.113850][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 216.135759][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.220906][ T7116] FAULT_INJECTION: forcing a failure. [ 216.220906][ T7116] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.234610][ T7116] CPU: 0 PID: 7116 Comm: syz.3.312 Not tainted syzkaller #0 [ 216.241939][ T7116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 216.252017][ T7116] Call Trace: [ 216.255296][ T7116] [ 216.258230][ T7116] dump_stack_lvl+0x16c/0x230 [ 216.262918][ T7116] ? show_regs_print_info+0x20/0x20 [ 216.268119][ T7116] ? load_image+0x3b0/0x3b0 [ 216.272640][ T7116] ? __might_fault+0xaa/0x120 [ 216.277319][ T7116] ? __lock_acquire+0x7c80/0x7c80 [ 216.282366][ T7116] should_fail_ex+0x39d/0x4d0 [ 216.287076][ T7116] _copy_from_user+0x2f/0xe0 [ 216.291684][ T7116] ___sys_sendmsg+0x159/0x290 [ 216.296379][ T7116] ? __sys_sendmsg+0x270/0x270 [ 216.301193][ T7116] ? __lock_acquire+0x7c80/0x7c80 [ 216.306244][ T7116] __se_sys_sendmsg+0x1a5/0x270 [ 216.311119][ T7116] ? __x64_sys_sendmsg+0x80/0x80 [ 216.316097][ T7116] ? lockdep_hardirqs_on+0x98/0x150 [ 216.321308][ T7116] do_syscall_64+0x55/0xb0 [ 216.325734][ T7116] ? clear_bhb_loop+0x40/0x90 [ 216.330429][ T7116] ? clear_bhb_loop+0x40/0x90 [ 216.335137][ T7116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 216.341061][ T7116] RIP: 0033:0x7f981178eba9 [ 216.345489][ T7116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.365136][ T7116] RSP: 002b:00007f9812698038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 216.373570][ T7116] RAX: ffffffffffffffda RBX: 00007f98119d5fa0 RCX: 00007f981178eba9 [ 216.381548][ T7116] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005 [ 216.389522][ T7116] RBP: 00007f9812698090 R08: 0000000000000000 R09: 0000000000000000 [ 216.397495][ T7116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 216.405477][ T7116] R13: 00007f98119d6038 R14: 00007f98119d5fa0 R15: 00007ffed5125998 [ 216.413472][ T7116] [ 216.462694][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 216.473718][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.488948][ T6860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.525231][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.618118][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.630060][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.652198][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.666753][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.832378][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.844582][ T6860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.859284][ T6860] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.223961][ T7125] loop3: detected capacity change from 0 to 40427 [ 217.317832][ T7126] loop0: detected capacity change from 0 to 64 [ 217.327546][ T6860] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.343280][ T7125] F2FS-fs (loop3): invalid crc value [ 217.347545][ T7126] MINIX-fs: bad superblock or unable to read bitmaps [ 217.358515][ T6860] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.369842][ T7125] F2FS-fs (loop3): Found nat_bits in checkpoint [ 217.399147][ T6860] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.411131][ T7125] F2FS-fs (loop3): Start checkpoint disabled! [ 217.440555][ T7125] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 218.183783][ T7137] loop0: detected capacity change from 0 to 256 [ 218.407064][ T374] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.457984][ T374] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.572194][ T5776] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 218.602265][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.610150][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.688216][ T1130] kworker/u4:7: attempt to access beyond end of device [ 218.688216][ T1130] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 218.718264][ T1130] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 218.730988][ T1130] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 218.738338][ T1130] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 218.792635][ T5776] usb 1-1: Using ep0 maxpacket: 32 [ 218.827963][ T5776] usb 1-1: unable to get BOS descriptor or descriptor too short [ 218.839087][ T5776] usb 1-1: config 3 has an invalid interface number: 243 but max is 0 [ 218.862503][ T5776] usb 1-1: config 3 has no interface number 0 [ 218.877255][ T5776] usb 1-1: config 3 interface 243 altsetting 9 bulk endpoint 0x6 has invalid maxpacket 32 [ 218.909310][ T5776] usb 1-1: config 3 interface 243 altsetting 9 has an invalid endpoint with address 0x72, skipping [ 218.953250][ T5776] usb 1-1: config 3 interface 243 has no altsetting 0 [ 218.975019][ T5776] usb 1-1: New USB device found, idVendor=305a, idProduct=1405, bcdDevice=a4.69 [ 219.000829][ T5776] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.024038][ T5776] usb 1-1: Product: syz [ 219.028278][ T5776] usb 1-1: Manufacturer: syz [ 219.052047][ T5776] usb 1-1: SerialNumber: syz [ 219.078336][ T5776] usb 1-1: Interface #243 referenced by multiple IADs [ 219.126818][ T7137] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 219.654254][ T7162] FAULT_INJECTION: forcing a failure. [ 219.654254][ T7162] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.720018][ T7162] CPU: 1 PID: 7162 Comm: syz.1.320 Not tainted syzkaller #0 [ 219.727393][ T7162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 219.737497][ T7162] Call Trace: [ 219.740815][ T7162] [ 219.743776][ T7162] dump_stack_lvl+0x16c/0x230 [ 219.744836][ T7164] loop4: detected capacity change from 0 to 2048 [ 219.748484][ T7162] ? show_regs_print_info+0x20/0x20 [ 219.748517][ T7162] ? load_image+0x3b0/0x3b0 [ 219.748540][ T7162] ? __might_fault+0xaa/0x120 [ 219.769298][ T7162] ? __lock_acquire+0x7c80/0x7c80 [ 219.774360][ T7162] should_fail_ex+0x39d/0x4d0 [ 219.779063][ T7162] _copy_from_user+0x2f/0xe0 [ 219.783672][ T7162] ___sys_sendmsg+0x159/0x290 [ 219.788396][ T7162] ? __sys_sendmsg+0x270/0x270 [ 219.793196][ T7162] ? __lock_acquire+0x7c80/0x7c80 [ 219.798248][ T7162] __se_sys_sendmsg+0x1a5/0x270 [ 219.803124][ T7162] ? __x64_sys_sendmsg+0x80/0x80 [ 219.808101][ T7162] ? lockdep_hardirqs_on+0x98/0x150 [ 219.813325][ T7162] do_syscall_64+0x55/0xb0 [ 219.817761][ T7162] ? clear_bhb_loop+0x40/0x90 [ 219.822452][ T7162] ? clear_bhb_loop+0x40/0x90 [ 219.827137][ T7162] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 219.833052][ T7162] RIP: 0033:0x7fead7f8eba9 [ 219.837487][ T7162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.857104][ T7162] RSP: 002b:00007fead8d70038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.865533][ T7162] RAX: ffffffffffffffda RBX: 00007fead81d5fa0 RCX: 00007fead7f8eba9 [ 219.873525][ T7162] RDX: 0000000000000040 RSI: 00002000000003c0 RDI: 0000000000000007 [ 219.881507][ T7162] RBP: 00007fead8d70090 R08: 0000000000000000 R09: 0000000000000000 [ 219.889497][ T7162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.897484][ T7162] R13: 00007fead81d6038 R14: 00007fead81d5fa0 R15: 00007fff05bd7658 [ 219.905488][ T7162] [ 219.962786][ T5776] option 1-1:3.243: GSM modem (1-port) converter detected [ 219.994113][ T7164] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 220.059255][ T5776] usb 1-1: USB disconnect, device number 9 [ 220.122502][ T5776] option 1-1:3.243: device disconnected [ 220.622077][ T7175] loop1: detected capacity change from 0 to 40427 [ 220.659662][ T7175] F2FS-fs (loop1): invalid crc value [ 220.868120][ T7175] F2FS-fs (loop1): Found nat_bits in checkpoint [ 220.933455][ T7175] F2FS-fs (loop1): Start checkpoint disabled! [ 220.994970][ T7179] loop3: detected capacity change from 0 to 64 [ 221.421361][ T7179] MINIX-fs: bad superblock or unable to read bitmaps [ 221.465926][ T7175] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 221.666001][ T5890] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 222.382218][ T23] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 223.307187][ T7187] loop0: detected capacity change from 0 to 131072 [ 223.334226][ T7187] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0) [ 223.342452][ T7187] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 223.350887][ T23] usb 5-1: Invalid ep0 maxpacket: 64 [ 223.518140][ T7187] F2FS-fs (loop0): invalid crc value [ 223.565980][ T7187] F2FS-fs (loop0): Found nat_bits in checkpoint [ 223.614808][ T23] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 223.732291][ T7187] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 223.739528][ T7187] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 223.812024][ T23] usb 5-1: Invalid ep0 maxpacket: 64 [ 223.824382][ T23] usb usb5-port1: attempt power cycle [ 224.387115][ T7197] netlink: 16 bytes leftover after parsing attributes in process `syz.3.326'. [ 224.490882][ T36] kworker/u4:2: attempt to access beyond end of device [ 224.490882][ T36] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 224.624581][ T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 224.631872][ T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 224.642053][ T23] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 224.653378][ T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 224.683088][ T23] usb 5-1: Invalid ep0 maxpacket: 64 [ 224.923354][ T23] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 225.077780][ T7206] loop4: detected capacity change from 0 to 256 [ 225.114032][ T7206] exfat: Deprecated parameter 'utf8' [ 225.119419][ T7206] exfat: Deprecated parameter 'namecase' [ 225.204900][ T23] usb 5-1: device not accepting address 5, error -71 [ 225.212248][ T23] usb usb5-port1: unable to enumerate USB device [ 225.276074][ T7206] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 225.888078][ T7213] loop4: detected capacity change from 0 to 256 [ 225.903068][ T7213] exfat: Deprecated parameter 'namecase' [ 225.908904][ T7213] exfat: Bad value for 'gid' [ 226.159737][ T7220] syz.3.331 uses obsolete (PF_INET,SOCK_PACKET) [ 226.797425][ T7232] loop3: detected capacity change from 0 to 256 [ 227.142124][ T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 227.272487][ T7237] loop4: detected capacity change from 0 to 64 [ 227.295647][ T7238] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6_vti0, syncid = 0, id = 0 [ 227.668158][ T7237] MINIX-fs: bad superblock or unable to read bitmaps [ 227.865654][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 227.928538][ T23] usb 4-1: unable to get BOS descriptor or descriptor too short [ 227.953546][ T23] usb 4-1: config 3 has an invalid interface number: 243 but max is 0 [ 227.972018][ T23] usb 4-1: config 3 has no interface number 0 [ 227.997048][ T5799] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 228.015366][ T23] usb 4-1: config 3 interface 243 altsetting 9 bulk endpoint 0x6 has invalid maxpacket 32 [ 228.047034][ T23] usb 4-1: config 3 interface 243 altsetting 9 has an invalid endpoint with address 0x72, skipping [ 228.075656][ T23] usb 4-1: config 3 interface 243 has no altsetting 0 [ 228.106529][ T23] usb 4-1: New USB device found, idVendor=305a, idProduct=1405, bcdDevice=a4.69 [ 228.121966][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.130009][ T23] usb 4-1: Product: syz [ 228.152083][ T23] usb 4-1: Manufacturer: syz [ 228.156740][ T23] usb 4-1: SerialNumber: syz [ 228.215787][ T23] usb 4-1: Interface #243 referenced by multiple IADs [ 228.287562][ T7232] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 228.791634][ T7244] loop1: detected capacity change from 0 to 40427 [ 228.865172][ T7244] F2FS-fs (loop1): invalid crc value [ 228.878382][ T7244] F2FS-fs (loop1): Found nat_bits in checkpoint [ 228.889391][ T7248] netlink: 'syz.4.336': attribute type 21 has an invalid length. [ 228.897646][ T7248] netlink: 132 bytes leftover after parsing attributes in process `syz.4.336'. [ 228.929420][ T7244] F2FS-fs (loop1): Start checkpoint disabled! [ 228.955236][ T7244] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 228.991057][ T7252] netlink: 4 bytes leftover after parsing attributes in process `syz.4.336'. [ 229.166781][ T23] option 4-1:3.243: GSM modem (1-port) converter detected [ 229.189642][ T23] usb 4-1: USB disconnect, device number 9 [ 229.210445][ T23] option 4-1:3.243: device disconnected [ 230.015132][ T7262] loop3: detected capacity change from 0 to 256 [ 230.054628][ T12] kworker/u4:1: attempt to access beyond end of device [ 230.054628][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 230.101382][ T7262] exfat: Deprecated parameter 'utf8' [ 230.107578][ T7262] exfat: Deprecated parameter 'namecase' [ 230.130658][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 230.239458][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 230.264222][ T7262] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 230.642850][ T7267] loop4: detected capacity change from 0 to 40427 [ 230.757480][ T7267] F2FS-fs (loop4): invalid crc value [ 230.814900][ T7267] F2FS-fs (loop4): Found nat_bits in checkpoint [ 230.860933][ T7267] F2FS-fs (loop4): Start checkpoint disabled! [ 230.909776][ T7267] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 230.995231][ T7272] tipc: Enabled bearer , priority 0 [ 231.032609][ T7272] syzkaller0: entered promiscuous mode [ 231.062130][ T7272] syzkaller0: entered allmulticast mode [ 231.489700][ T7277] loop0: detected capacity change from 0 to 40427 [ 231.562889][ T7277] F2FS-fs (loop0): invalid crc value [ 231.587831][ T7278] tipc: Resetting bearer [ 231.642181][ T7277] F2FS-fs (loop0): Found nat_bits in checkpoint [ 231.709889][ T7271] tipc: Resetting bearer [ 231.713749][ T7277] F2FS-fs (loop0): Start checkpoint disabled! [ 231.741885][ T7277] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 231.926415][ T7271] tipc: Disabling bearer [ 232.111454][ T12] kworker/u4:1: attempt to access beyond end of device [ 232.111454][ T12] loop4: rw=1, sector=77824, nr_sectors = 2352 limit=40427 [ 232.204131][ T12] kworker/u4:1: attempt to access beyond end of device [ 232.204131][ T12] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 232.253999][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 232.260951][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 232.850526][ T2991] kworker/u4:9: attempt to access beyond end of device [ 232.850526][ T2991] loop0: rw=1, sector=77824, nr_sectors = 4096 limit=40427 [ 233.420357][ T7292] netlink: 16 bytes leftover after parsing attributes in process `syz.1.339'. [ 233.450396][ T2991] kworker/u4:9: attempt to access beyond end of device [ 233.450396][ T2991] loop0: rw=1, sector=49152, nr_sectors = 4096 limit=40427 [ 233.458827][ T7295] loop3: detected capacity change from 0 to 256 [ 233.505929][ T2991] kworker/u4:9: attempt to access beyond end of device [ 233.505929][ T2991] loop0: rw=1, sector=57344, nr_sectors = 2000 limit=40427 [ 233.537187][ T2991] kworker/u4:9: attempt to access beyond end of device [ 233.537187][ T2991] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 233.552092][ T2991] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 233.559404][ T2991] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 234.493301][ T7308] loop1: detected capacity change from 0 to 1024 [ 234.531297][ T7308] EXT4-fs: Ignoring removed nobh option [ 234.624676][ T7308] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 234.734391][ T7306] loop3: detected capacity change from 0 to 40427 [ 234.795403][ T7308] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.821689][ T7306] F2FS-fs (loop3): invalid crc value [ 234.864821][ T7308] EXT4-fs warning (device loop1): ext4_resize_begin:74: won't resize using backup superblock at 1 [ 234.878715][ T7306] F2FS-fs (loop3): Found nat_bits in checkpoint [ 234.886885][ T28] audit: type=1800 audit(1757843528.016:239): pid=7308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.347" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 234.928696][ T7306] F2FS-fs (loop3): Start checkpoint disabled! [ 234.965146][ T7306] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 235.486914][ T7324] loop4: detected capacity change from 0 to 256 [ 235.645452][ T7324] exfat: Deprecated parameter 'utf8' [ 235.683784][ T7324] exfat: Deprecated parameter 'namecase' [ 235.821820][ T7324] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 235.975334][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.085560][ T7332] loop0: detected capacity change from 0 to 64 [ 236.872993][ T7332] MINIX-fs: bad superblock or unable to read bitmaps [ 237.247522][ T374] kworker/u4:5: attempt to access beyond end of device [ 237.247522][ T374] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 237.257416][ T7336] loop4: detected capacity change from 0 to 2048 [ 237.282029][ T374] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 237.292441][ T7339] FAULT_INJECTION: forcing a failure. [ 237.292441][ T7339] name failslab, interval 1, probability 0, space 0, times 0 [ 237.308434][ T374] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 237.315446][ T7339] CPU: 1 PID: 7339 Comm: syz.1.350 Not tainted syzkaller #0 [ 237.315472][ T7339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 237.315485][ T7339] Call Trace: [ 237.315493][ T7339] [ 237.315502][ T7339] dump_stack_lvl+0x16c/0x230 [ 237.315536][ T7339] ? show_regs_print_info+0x20/0x20 [ 237.315562][ T7339] ? load_image+0x3b0/0x3b0 [ 237.335872][ T7336] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=18576, location=18576 [ 237.336205][ T7339] ? __might_sleep+0xe0/0xe0 [ 237.358774][ T374] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 237.363436][ T7339] ? __lock_acquire+0x7c80/0x7c80 [ 237.363464][ T7339] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 237.363495][ T7339] should_fail_ex+0x39d/0x4d0 [ 237.363527][ T7339] should_failslab+0x9/0x20 [ 237.363553][ T7339] slab_pre_alloc_hook+0x59/0x310 [ 237.363583][ T7339] ? __se_sys_memfd_create+0x25a/0x660 [ 237.378795][ T7336] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 237.380061][ T7339] ? __se_sys_memfd_create+0x25a/0x660 [ 237.419645][ T7339] __kmem_cache_alloc_node+0x53/0x260 [ 237.425058][ T7339] ? __se_sys_memfd_create+0x25a/0x660 [ 237.430559][ T7339] __kmalloc+0xa4/0x240 [ 237.434734][ T7339] __se_sys_memfd_create+0x25a/0x660 [ 237.440040][ T7339] do_syscall_64+0x55/0xb0 [ 237.444475][ T7339] ? clear_bhb_loop+0x40/0x90 [ 237.449162][ T7339] ? clear_bhb_loop+0x40/0x90 [ 237.453855][ T7339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 237.459776][ T7339] RIP: 0033:0x7fead7f8eba9 [ 237.464200][ T7339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.483812][ T7339] RSP: 002b:00007fead8d6fe18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 237.492242][ T7339] RAX: ffffffffffffffda RBX: 000000000000023f RCX: 00007fead7f8eba9 [ 237.500223][ T7339] RDX: 00007fead8d6fef0 RSI: 0000000000000000 RDI: 00007fead80127e8 [ 237.508206][ T7339] RBP: 0000200000000b40 R08: 00007fead8d6fbb7 R09: 00007fead8d6fe40 [ 237.516189][ T7339] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000 [ 237.524182][ T7339] R13: 00007fead8d6fef0 R14: 00007fead8d6feb0 R15: 00002000000003c0 [ 237.532175][ T7339] [ 237.562684][ T7340] tipc: Enabled bearer , priority 0 [ 237.622848][ T7340] syzkaller0: entered promiscuous mode [ 237.628381][ T7340] syzkaller0: entered allmulticast mode [ 237.762979][ T7340] tipc: Resetting bearer [ 237.803033][ T7338] tipc: Resetting bearer [ 238.441766][ T7338] tipc: Disabling bearer [ 238.930175][ T28] audit: type=1326 audit(1757843532.056:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 238.989906][ T28] audit: type=1326 audit(1757843532.056:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.072240][ T28] audit: type=1326 audit(1757843532.096:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.179906][ T28] audit: type=1326 audit(1757843532.096:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.253664][ T7378] loop4: detected capacity change from 0 to 1024 [ 239.260851][ T28] audit: type=1326 audit(1757843532.096:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.304282][ T7376] loop1: detected capacity change from 0 to 1024 [ 239.372624][ T28] audit: type=1326 audit(1757843532.096:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.455487][ T28] audit: type=1326 audit(1757843532.106:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.459849][ T7376] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.506393][ T7376] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 239.527351][ T28] audit: type=1326 audit(1757843532.106:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.580116][ T28] audit: type=1326 audit(1757843532.106:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 239.712785][ T7378] EXT4-fs: Ignoring removed nomblk_io_submit option [ 239.730452][ T7378] EXT4-fs: test_dummy_encryption requires encrypt feature [ 240.185884][ T1130] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm kworker/u4:7: bg 0: block 393: padding at end of block bitmap is not set [ 240.267128][ T1130] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117 [ 240.323013][ T1130] EXT4-fs (loop1): This should not happen!! Data will be lost [ 240.323013][ T1130] [ 240.419399][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 240.419414][ T28] audit: type=1326 audit(1757843533.556:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7410 comm="syz.0.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 240.503011][ T28] audit: type=1326 audit(1757843533.646:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7410 comm="syz.0.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 240.563758][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.791323][ T28] audit: type=1326 audit(1757843533.916:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 240.854526][ T28] audit: type=1326 audit(1757843533.916:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 240.933691][ T28] audit: type=1326 audit(1757843533.966:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 241.036238][ T28] audit: type=1326 audit(1757843533.966:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 241.090593][ T28] audit: type=1326 audit(1757843533.966:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 241.174949][ T28] audit: type=1326 audit(1757843533.966:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 241.247048][ T28] audit: type=1326 audit(1757843533.966:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 241.282608][ T7438] syz.1.375 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 241.299905][ T28] audit: type=1326 audit(1757843533.966:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fead7f8eba9 code=0x7ffc0000 [ 242.076769][ T7449] loop1: detected capacity change from 0 to 2048 [ 242.182018][ T7449] Alternate GPT is invalid, using primary GPT. [ 242.188912][ T7449] loop1: p1 p2 p3 [ 242.348618][ T5157] Alternate GPT is invalid, using primary GPT. [ 242.364420][ T5157] loop1: p1 p2 p3 [ 242.476281][ T7460] loop4: detected capacity change from 0 to 512 [ 242.510688][ T7460] EXT4-fs: Ignoring removed nobh option [ 242.717459][ T7460] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #3: comm syz.4.380: corrupted inode contents [ 242.810459][ T7460] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #3: comm syz.4.380: mark_inode_dirty error [ 242.917892][ T7460] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #3: comm syz.4.380: corrupted inode contents [ 243.006236][ T7460] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.380: mark_inode_dirty error [ 243.056511][ T5790] udevd[5790]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 243.057161][ T5942] udevd[5942]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 243.111562][ T6104] udevd[6104]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 243.154868][ T7460] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.380: Failed to acquire dquot type 0 [ 243.273364][ T7460] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.380: corrupted inode contents [ 243.359424][ T7460] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #16: comm syz.4.380: mark_inode_dirty error [ 243.370617][ T7479] loop1: detected capacity change from 0 to 256 [ 243.388723][ T7460] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.380: corrupted inode contents [ 243.418047][ T7479] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 243.431378][ T7460] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.380: mark_inode_dirty error [ 243.467200][ T7460] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.380: corrupted inode contents [ 243.493171][ T7479] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 243.550070][ T7460] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 243.582401][ T7460] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.380: corrupted inode contents [ 243.624780][ T7460] EXT4-fs error (device loop4): ext4_truncate:4288: inode #16: comm syz.4.380: mark_inode_dirty error [ 243.674776][ T7460] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 243.720980][ T7460] EXT4-fs (loop4): 1 truncate cleaned up [ 243.763359][ T7460] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.795133][ T7460] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.069579][ T6860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.457110][ T7501] loop4: detected capacity change from 0 to 1764 [ 244.550977][ T7506] netlink: 'syz.1.399': attribute type 10 has an invalid length. [ 244.841443][ T7515] sctp: [Deprecated]: syz.4.393 (pid 7515) Use of struct sctp_assoc_value in delayed_ack socket option. [ 244.841443][ T7515] Use struct sctp_sack_info instead [ 245.363073][ T7531] loop3: detected capacity change from 0 to 1024 [ 245.378154][ T7531] EXT4-fs: Ignoring removed nobh option [ 245.407839][ T7531] EXT4-fs: Ignoring removed nobh option [ 245.449379][ T7531] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 245.487336][ T7531] EXT4-fs error (device loop3): ext4_get_journal_inode:5807: comm syz.3.397: inode #4294967295: comm syz.3.397: iget: illegal inode # [ 245.546440][ T7531] EXT4-fs (loop3): no journal found [ 245.583609][ T7531] EXT4-fs (loop3): can't get journal size [ 245.622995][ T7531] EXT4-fs (loop3): failed to initialize system zone (-22) [ 245.630361][ T7531] EXT4-fs (loop3): mount failed [ 245.768729][ T7545] syz_tun: entered allmulticast mode [ 245.829241][ T7545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.400'. [ 246.086680][ T7545] syz_tun (unregistering): left allmulticast mode [ 246.373061][ T7564] loop4: detected capacity change from 0 to 128 [ 246.427216][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 246.427230][ T28] audit: type=1800 audit(1757843539.566:302): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.407" name="file1" dev="loop4" ino=1048648 res=0 errno=0 [ 246.560224][ T7572] capability: warning: `syz.1.409' uses 32-bit capabilities (legacy support in use) [ 246.736888][ T7577] loop0: detected capacity change from 0 to 512 [ 246.813410][ T7577] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 246.878924][ T7577] EXT4-fs (loop0): orphan cleanup on readonly fs [ 246.916176][ T7587] netdevsim netdevsim1: Direct firmware load for ./file0/file1 failed with error -2 [ 246.926794][ T7587] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0/file1 [ 246.999420][ T7577] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.410: corrupted inode contents [ 247.060991][ T7577] EXT4-fs (loop0): Remounting filesystem read-only [ 247.069691][ T7577] EXT4-fs (loop0): 1 truncate cleaned up [ 247.082676][ T1130] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 247.131700][ T1130] Quota error (device loop0): write_blk: dquota write failed [ 247.142738][ T1130] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 247.162297][ T1130] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 247.176860][ T28] audit: type=1326 audit(1757843540.316:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981178eba9 code=0x7ffc0000 [ 247.207497][ T1130] Quota error (device loop0): write_blk: dquota write failed [ 247.232935][ T1130] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 247.239828][ T28] audit: type=1326 audit(1757843540.316:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981178eba9 code=0x7ffc0000 [ 247.263983][ T1130] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 247.280276][ T28] audit: type=1326 audit(1757843540.346:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f981178eba9 code=0x7ffc0000 [ 247.313201][ T1130] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 247.342278][ T1130] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 247.363798][ T7577] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 247.512121][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.652662][ T7603] netlink: 132 bytes leftover after parsing attributes in process `syz.4.419'. [ 248.193146][ T7623] openvswitch: netlink: Message has 8999 unknown bytes. [ 248.219967][ T7626] loop0: detected capacity change from 0 to 256 [ 248.330649][ T7626] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 248.617979][ T7636] loop1: detected capacity change from 0 to 2048 [ 248.703770][ T7636] EXT4-fs (loop1): failed to initialize system zone (-117) [ 248.711138][ T7636] EXT4-fs (loop1): mount failed [ 249.092454][ T7657] loop0: detected capacity change from 0 to 1024 [ 249.675636][ T7667] syz.0.439[7667] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 249.776395][ T7673] loop4: detected capacity change from 0 to 1024 [ 249.869538][ T7673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 249.882192][ T7673] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 249.919216][ T7673] EXT4-fs warning (device loop4): ext4_empty_dir:3156: inode #12: comm syz.4.441: directory missing '..' [ 250.168356][ T6860] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 250.977545][ T7713] lo speed is unknown, defaulting to 1000 [ 251.650491][ T7730] netlink: 8 bytes leftover after parsing attributes in process `syz.3.457'. [ 252.450257][ T28] kauditd_printk_skb: 31 callbacks suppressed [ 252.450273][ T28] audit: type=1326 audit(1757843545.586:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 252.572797][ T28] audit: type=1326 audit(1757843545.586:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 252.662026][ T28] audit: type=1326 audit(1757843545.586:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 252.756815][ T28] audit: type=1326 audit(1757843545.596:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 252.869796][ T28] audit: type=1326 audit(1757843545.596:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 252.935660][ T28] audit: type=1326 audit(1757843545.646:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 253.013508][ T7767] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.467' sets config #-1 [ 253.026399][ T28] audit: type=1326 audit(1757843545.646:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 253.073814][ T28] audit: type=1326 audit(1757843545.676:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 253.098349][ T28] audit: type=1326 audit(1757843545.676:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 253.144590][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.468'. [ 253.145384][ T28] audit: type=1326 audit(1757843545.676:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcaf8eba9 code=0x7ffc0000 [ 253.201237][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.468'. [ 253.774284][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.3.474'. [ 253.786807][ T7784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.475'. [ 254.249310][ T7793] netlink: 4 bytes leftover after parsing attributes in process `syz.1.475'. [ 254.465046][ T7800] lo speed is unknown, defaulting to 1000 [ 255.358540][ T7841] mmap: syz.1.485 (7841) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 255.551755][ T7845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.486'. [ 255.574789][ T7845] netlink: 28 bytes leftover after parsing attributes in process `syz.4.486'. [ 255.594834][ T7845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.486'. [ 255.631514][ T7845] netlink: 28 bytes leftover after parsing attributes in process `syz.4.486'. [ 255.682031][ T7845] netlink: 'syz.4.486': attribute type 6 has an invalid length. [ 255.918029][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.924764][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.998054][ T7855] IPv6: Can't replace route, no match found [ 256.872875][ T7892] syz.1.501[7892] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.873016][ T7892] syz.1.501[7892] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.956164][ T7897] loop3: detected capacity change from 0 to 512 [ 257.074213][ T7897] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.502: iget: bad i_size value: 38620345925642 [ 257.182064][ T7897] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.502: couldn't read orphan inode 15 (err -117) [ 257.274059][ T7897] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.453908][ T28] kauditd_printk_skb: 494 callbacks suppressed [ 257.453924][ T28] audit: type=1326 audit(1757843550.596:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9f84d85b67 code=0x7ffc0000 [ 257.490697][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.540310][ T28] audit: type=1326 audit(1757843550.626:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9f84d2ada9 code=0x7ffc0000 [ 257.606496][ T28] audit: type=1326 audit(1757843550.626:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9f84d85b67 code=0x7ffc0000 [ 257.705382][ T28] audit: type=1326 audit(1757843550.626:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9f84d2ada9 code=0x7ffc0000 [ 257.772611][ T28] audit: type=1326 audit(1757843550.626:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f9f84d8eba9 code=0x7ffc0000 [ 257.860798][ T28] audit: type=1326 audit(1757843550.646:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9f84d85b67 code=0x7ffc0000 [ 257.942167][ T28] audit: type=1326 audit(1757843550.656:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9f84d2ada9 code=0x7ffc0000 [ 258.006421][ T28] audit: type=1326 audit(1757843550.656:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9f84d85b67 code=0x7ffc0000 [ 258.107326][ T28] audit: type=1326 audit(1757843550.656:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9f84d2ada9 code=0x7ffc0000 [ 258.176569][ T7934] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 258.193849][ T28] audit: type=1326 audit(1757843550.656:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.4.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f9f84d8eba9 code=0x7ffc0000 [ 258.415815][ T7943] loop1: detected capacity change from 0 to 164 [ 258.453780][ T7943] Unable to read rock-ridge attributes [ 258.607191][ T7950] loop3: detected capacity change from 0 to 512 [ 258.702727][ T7951] netlink: 12 bytes leftover after parsing attributes in process `syz.1.515'. [ 258.710636][ T7950] EXT4-fs warning (device loop3): ext4_xattr_inode_get:545: inode #11: comm syz.3.516: ea_inode file size=0 entry size=6 [ 258.738586][ T7950] ------------[ cut here ]------------ [ 258.744743][ T7950] EA inode 11 i_nlink=2 [ 258.746359][ T7950] WARNING: CPU: 1 PID: 7950 at fs/ext4/xattr.c:1070 ext4_xattr_inode_update_ref+0x521/0x580 [ 258.760783][ T7950] Modules linked in: [ 258.764885][ T7950] CPU: 1 PID: 7950 Comm: syz.3.516 Not tainted syzkaller #0 [ 258.772267][ T7950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 258.782394][ T7950] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 258.789084][ T7950] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 d1 be 8a 44 89 f2 e8 cf 73 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 258.809598][ T7950] RSP: 0018:ffffc90003c57340 EFLAGS: 00010246 [ 258.815966][ T7950] RAX: a2f5f65ed1bf8200 RBX: 0000000000000001 RCX: 0000000000080000 [ 258.824341][ T7950] RDX: ffffc9000e1ef000 RSI: 000000000002e2f3 RDI: 000000000002e2f4 [ 258.832566][ T7950] RBP: ffffc90003c57430 R08: ffffc90003c56f47 R09: 1ffff9200078ade8 [ 258.840603][ T7950] R10: dffffc0000000000 R11: fffff5200078ade9 R12: ffff88805f3f70b0 [ 258.848750][ T7950] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff88805f3f7100 [ 258.856818][ T7950] FS: 00007f98126776c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 258.865861][ T7950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 258.872874][ T7950] CR2: 000000110c314e45 CR3: 0000000076d56000 CR4: 00000000003506e0 [ 258.880909][ T7950] Call Trace: [ 258.884298][ T7950] [ 258.887282][ T7950] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 258.893094][ T7950] ? __ext4_journal_ensure_credits+0x30/0x450 [ 258.899230][ T7950] ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 [ 258.905702][ T7950] ? ext4_xattr_delete_inode+0xc00/0xc00 [ 258.911409][ T7950] ? __ext4_journal_ensure_credits+0x450/0x450 [ 258.917837][ T7950] ext4_xattr_delete_inode+0xa45/0xc00 [ 258.923459][ T7950] ? ext4_truncate+0xc12/0x1060 [ 258.928379][ T7950] ? ext4_expand_extra_isize_ea+0x19e0/0x19e0 [ 258.935061][ T7950] ext4_evict_inode+0xaa3/0xea0 [ 258.939990][ T7950] ? _raw_spin_unlock+0x28/0x40 [ 258.945410][ T7950] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 258.951374][ T7950] ? do_raw_spin_unlock+0x121/0x230 [ 258.957040][ T7950] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 258.963182][ T7950] evict+0x486/0x870 [ 258.967127][ T7950] ? __lock_acquire+0x7c80/0x7c80 [ 258.972264][ T7950] ? proc_nr_inodes+0x230/0x230 [ 258.977168][ T7950] ? do_raw_spin_unlock+0x121/0x230 [ 258.982522][ T7950] ? _raw_spin_unlock+0x28/0x40 [ 258.987415][ T7950] ? iput+0x70a/0x920 [ 258.991478][ T7950] ext4_orphan_cleanup+0xbd4/0x1400 [ 258.996876][ T7950] ? ext4_orphan_del+0xba0/0xba0 [ 259.001936][ T7950] ? ext4_register_li_request+0x183/0x940 [ 259.008174][ T7950] ? errseq_check_and_advance+0x66/0x120 [ 259.013989][ T7950] ext4_fill_super+0x5de7/0x66c0 [ 259.019030][ T7950] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 259.025411][ T7950] ? vscnprintf+0x80/0x80 [ 259.029801][ T7950] ? down_read_killable+0x340/0x340 [ 259.035153][ T7950] ? setup_bdev_super+0x56b/0x660 [ 259.040231][ T7950] get_tree_bdev+0x3e4/0x510 [ 259.044962][ T7950] ? vfs_parse_fs_string+0x160/0x160 [ 259.050307][ T7950] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 259.056632][ T7950] ? setup_bdev_super+0x660/0x660 [ 259.061702][ T7950] ? apparmor_capable+0x137/0x1a0 [ 259.066837][ T7950] ? bpf_lsm_capable+0x9/0x10 [ 259.071567][ T7950] ? security_capable+0x89/0xb0 [ 259.076628][ T7950] vfs_get_tree+0x8c/0x280 [ 259.081110][ T7950] do_new_mount+0x24b/0xa40 [ 259.085730][ T7950] __se_sys_mount+0x2da/0x3c0 [ 259.090476][ T7950] ? __x64_sys_mount+0xc0/0xc0 [ 259.095349][ T7950] ? lockdep_hardirqs_on+0x98/0x150 [ 259.100608][ T7950] ? __x64_sys_mount+0x20/0xc0 [ 259.105523][ T7950] do_syscall_64+0x55/0xb0 [ 259.110398][ T7950] ? clear_bhb_loop+0x40/0x90 [ 259.115361][ T7950] ? clear_bhb_loop+0x40/0x90 [ 259.120106][ T7950] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 259.126116][ T7950] RIP: 0033:0x7f981179034a [ 259.130577][ T7950] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.150333][ T7950] RSP: 002b:00007f9812676e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 259.158868][ T7950] RAX: ffffffffffffffda RBX: 00007f9812676ef0 RCX: 00007f981179034a [ 259.166991][ T7950] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9812676eb0 [ 259.175058][ T7950] RBP: 0000200000000180 R08: 00007f9812676ef0 R09: 0000000000800700 [ 259.183168][ T7950] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 259.191183][ T7950] R13: 00007f9812676eb0 R14: 000000000000046c R15: 0000200000000680 [ 259.199500][ T7950] [ 259.203577][ T7950] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 259.210467][ T7951] Unable to read rock-ridge attributes [ 259.216354][ T7950] CPU: 1 PID: 7950 Comm: syz.3.516 Not tainted syzkaller #0 [ 259.219439][ T7951] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 259.231177][ T7950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 259.241278][ T7950] Call Trace: [ 259.244610][ T7950] [ 259.247586][ T7950] dump_stack_lvl+0x16c/0x230 [ 259.252327][ T7950] ? show_regs_print_info+0x20/0x20 [ 259.257570][ T7950] ? load_image+0x3b0/0x3b0 [ 259.262126][ T7950] panic+0x2c0/0x710 [ 259.266083][ T7950] ? bpf_jit_dump+0xd0/0xd0 [ 259.270660][ T7950] __warn+0x2e0/0x470 [ 259.274697][ T7950] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 259.280730][ T7950] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 259.286760][ T7950] report_bug+0x2be/0x4f0 [ 259.291143][ T7950] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 259.297177][ T7950] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 259.303209][ T7950] ? ext4_xattr_inode_update_ref+0x523/0x580 [ 259.309238][ T7950] handle_bug+0xcf/0x120 [ 259.313528][ T7950] exc_invalid_op+0x1a/0x50 [ 259.318077][ T7950] asm_exc_invalid_op+0x1a/0x20 [ 259.322971][ T7950] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 259.329612][ T7950] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 d1 be 8a 44 89 f2 e8 cf 73 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 259.349267][ T7950] RSP: 0018:ffffc90003c57340 EFLAGS: 00010246 [ 259.355383][ T7950] RAX: a2f5f65ed1bf8200 RBX: 0000000000000001 RCX: 0000000000080000 [ 259.363402][ T7950] RDX: ffffc9000e1ef000 RSI: 000000000002e2f3 RDI: 000000000002e2f4 [ 259.371429][ T7950] RBP: ffffc90003c57430 R08: ffffc90003c56f47 R09: 1ffff9200078ade8 [ 259.379478][ T7950] R10: dffffc0000000000 R11: fffff5200078ade9 R12: ffff88805f3f70b0 [ 259.387494][ T7950] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff88805f3f7100 [ 259.395544][ T7950] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 259.401245][ T7950] ? __ext4_journal_ensure_credits+0x30/0x450 [ 259.407374][ T7950] ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 [ 259.413555][ T7950] ? ext4_xattr_delete_inode+0xc00/0xc00 [ 259.419246][ T7950] ? __ext4_journal_ensure_credits+0x450/0x450 [ 259.425464][ T7950] ext4_xattr_delete_inode+0xa45/0xc00 [ 259.430982][ T7950] ? ext4_truncate+0xc12/0x1060 [ 259.435909][ T7950] ? ext4_expand_extra_isize_ea+0x19e0/0x19e0 [ 259.442032][ T7950] ext4_evict_inode+0xaa3/0xea0 [ 259.446927][ T7950] ? _raw_spin_unlock+0x28/0x40 [ 259.451830][ T7950] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 259.457775][ T7950] ? do_raw_spin_unlock+0x121/0x230 [ 259.463023][ T7950] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 259.468961][ T7950] evict+0x486/0x870 [ 259.472903][ T7950] ? __lock_acquire+0x7c80/0x7c80 [ 259.477981][ T7950] ? proc_nr_inodes+0x230/0x230 [ 259.482873][ T7950] ? do_raw_spin_unlock+0x121/0x230 [ 259.488127][ T7950] ? _raw_spin_unlock+0x28/0x40 [ 259.493018][ T7950] ? iput+0x70a/0x920 [ 259.497046][ T7950] ext4_orphan_cleanup+0xbd4/0x1400 [ 259.502309][ T7950] ? ext4_orphan_del+0xba0/0xba0 [ 259.507296][ T7950] ? ext4_register_li_request+0x183/0x940 [ 259.513055][ T7950] ? errseq_check_and_advance+0x66/0x120 [ 259.518713][ T7950] ext4_fill_super+0x5de7/0x66c0 [ 259.523693][ T7950] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 259.529962][ T7950] ? vscnprintf+0x80/0x80 [ 259.534312][ T7950] ? down_read_killable+0x340/0x340 [ 259.539541][ T7950] ? setup_bdev_super+0x56b/0x660 [ 259.544583][ T7950] get_tree_bdev+0x3e4/0x510 [ 259.549187][ T7950] ? vfs_parse_fs_string+0x160/0x160 [ 259.554493][ T7950] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 259.560757][ T7950] ? setup_bdev_super+0x660/0x660 [ 259.565793][ T7950] ? apparmor_capable+0x137/0x1a0 [ 259.570832][ T7950] ? bpf_lsm_capable+0x9/0x10 [ 259.575533][ T7950] ? security_capable+0x89/0xb0 [ 259.580403][ T7950] vfs_get_tree+0x8c/0x280 [ 259.584829][ T7950] do_new_mount+0x24b/0xa40 [ 259.589350][ T7950] __se_sys_mount+0x2da/0x3c0 [ 259.594046][ T7950] ? __x64_sys_mount+0xc0/0xc0 [ 259.598828][ T7950] ? lockdep_hardirqs_on+0x98/0x150 [ 259.604040][ T7950] ? __x64_sys_mount+0x20/0xc0 [ 259.608812][ T7950] do_syscall_64+0x55/0xb0 [ 259.613237][ T7950] ? clear_bhb_loop+0x40/0x90 [ 259.617920][ T7950] ? clear_bhb_loop+0x40/0x90 [ 259.622607][ T7950] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 259.628534][ T7950] RIP: 0033:0x7f981179034a [ 259.632953][ T7950] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.652567][ T7950] RSP: 002b:00007f9812676e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 259.660986][ T7950] RAX: ffffffffffffffda RBX: 00007f9812676ef0 RCX: 00007f981179034a [ 259.668962][ T7950] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9812676eb0 [ 259.676948][ T7950] RBP: 0000200000000180 R08: 00007f9812676ef0 R09: 0000000000800700 [ 259.684931][ T7950] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 259.693006][ T7950] R13: 00007f9812676eb0 R14: 000000000000046c R15: 0000200000000680 [ 259.701007][ T7950] [ 259.704345][ T7950] Kernel Offset: disabled [ 259.708765][ T7950] Rebooting in 86400 seconds..