last executing test programs: 33.932652426s ago: executing program 1 (id=914): syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x200000, &(0x7f00000001c0)={[{}, {@overriderock}, {@session={'session', 0x3d, 0x33}}, {@unhide}, {@dmode={'dmode', 0x3d, 0x8}}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@utf8}, {@utf8}, {@utf8}]}, 0x0, 0x420, &(0x7f0000000c40)="$eJzs3M9O3EYcwPEx2aUbKkWVooY/4TBpWokesrFNWYRycr2zyyRe27K9EZwqVCBCAVKVVCpcWi5pK7UPkWsfoFIvfYw+RaP2Daj8Zwmwu4Bg+SP0/UhoZj0/z/zGsjzaRWMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACE4dZN0zKEp/32guzPrUdBq1fDZ5tZ0envk0PFMeMKYaR/olIRY/mhsbvvmz/OOxnNP42K22lRETsf3vvoyd3SUOf8YxK+FFvbO6/+zHM8VXzpv73MhSd2SZrK13GgW05TSR0Hcq5WMx/PN2LZ0J6KF+NEtaQbKScJIjnlfi6tublpqaqLQdtv1h1PdQ7OPrJNsyafVkPlRHHgP35ajd157Xnab2YxaXMaM5veiM90IhPltKRcXVtfmT4pyTTIOqbdEOLHLMg+qSfbtG3Lsm2rNjM3M2uaJdu05aED5hGi65Tspi2f9obBzTPIxzdwLnvF+g8AAAAAAG4uI/uNPf3+X85+hzdEQ3vKvOq0AAAAAADAAGX/+R9Ni3JaGxMG3/8BAAAAALhpfn6/x64ibvfaYxeHHxh//SuiqGzshgufGhtOGu5siFJ23q2jPSaNCeNO0UlW1ErFJ1dNGuN50Hgn+l1RrB7Mo9deP6MrgWLkownkO+z2fuiRgPhVTORBE8t5udxpyUcZaWhPVd3Ae2IJx7kzlKiF5LvNte9FNv1f/NYdQ6yura9Uv361vpzlspv2srtRbKDo2kfR/2KI1/v7HnvPeLjoIht3JB/XPDj/obx9qHvMcdFnzDfifh5zfyQvRw7Pv5LO36r2m32RhXXOmb8Rk3nM5NTDtHg41SML+6Qs7INZ9L8WZ8yiXHTQO4t/9rOYPmcWAHBVVk9YhYzuhf8MT7nBre7HP9Ef5DEPJrIHa2mix7pinrSumKdc3TqZHc3i9653IPRbY9Nxf/Nb1WEh9lfVt+kJb/uOG3u2kV7CW683vhH3trZ3Hq1tLL1YebGyadvTNfML05yxRTmbRlGw9gAAelDRO2Mk+cmIIh1+ZQ3PWU4yr2QUuM9kpOtNJbWfqMidd/ymkmEUJIEbeGnlua6rWMbtMAyiRDaCSIZBrBeyN7/I4tUvsWo5fqLdOPSUEyvpBn7iuIms69iVYftLT8fzKspOjkPl6oZ2nUQHvoyD9h+uqkoZK3UgUNeVn+iGTqu+DCPdcqJF+Tzw2i0l6yp2I63/Lt6w0xlL+40gamXdVq/6YgMAcE1sbe+8XFpfX/n2AitXPUcAAHAYqzQAAAAAAAAAAAAAAAAAAAAAANffADb5DQkhLnL74JGKIYS4rLGuaaUirkUaVAZcGT7rjb2XVwzxckkMKp+rfjIBuGj/BwAA//8uRKkR") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 33.696074254s ago: executing program 1 (id=917): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 33.188561276s ago: executing program 1 (id=924): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x5, 0x4, 0x4, 0xf, 0x0, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00') bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 33.032696155s ago: executing program 1 (id=926): syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x801, &(0x7f0000000040)=ANY=[], 0x4, 0x181, &(0x7f0000001000)="$eJzskr2uEkEUx3+zuxe4Gm+0vQ0UxI/CsKwfsdMSezsbCaxIXKKwJAqhWGMMhYWx0yfgNUx8AS2MD0BNQazNmtk5O1kMb3DnV+x/zn/OnDln4EU6TevA3/1qwCMKfM74qRQB0FTG23lGP4v+Ev1khB+S91j896Ln6WJZk5wW14zxsp8k8awF/Ck8a6UP33nsilK/96uBXjwD8jzPtTcEnc6ZFNQ5PjCt5JwHcEqAT27r6EF0cAPozCevO+lieXs86Y/iUdwA7od3w/Be1Hk+TuLQfFWlDRkFrbeAegOL3j8BPkh8iQOK0cvWZF+d8tSerZk3rHMEr3K2VMW3g7HM7wVPuI5u602mKm67qBJQjNRD4V+W3fKskqs9GkWWGrxKhmsUqjy2IbA1ultObBBVgzsPMq6YkmsjX9pyRU90I7oVbf73lwky/f0o0U3dP2/78/msW7MrVa4i60VXs+qD6Vu/euVwhu/esed1OBwOh8PhcDgcjgvFvwAAAP//5mByXw==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20400, 0x38) getdents64(r0, 0x0, 0x0) 32.723060234s ago: executing program 1 (id=930): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x1c, r1, 0x519, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x2400c040) 31.736230827s ago: executing program 1 (id=940): r0 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil) r1 = shmat(r0, &(0x7f00000a4000/0x2000)=nil, 0x4000) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000003, 0x204031, 0xffffffffffffffff, 0xffffd000) shmdt(r1) 31.217685809s ago: executing program 32 (id=940): r0 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil) r1 = shmat(r0, &(0x7f00000a4000/0x2000)=nil, 0x4000) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000003, 0x204031, 0xffffffffffffffff, 0xffffd000) shmdt(r1) 5.091136703s ago: executing program 2 (id=1148): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) fcntl$lock(r0, 0x7, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) 4.07602473s ago: executing program 2 (id=1155): syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002) r0 = syz_io_uring_setup(0x239, &(0x7f0000000540)={0x0, 0xfffffffd, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 3.88936385s ago: executing program 2 (id=1156): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000001500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 2.628188505s ago: executing program 4 (id=1169): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200000000000001, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) 2.133367777s ago: executing program 3 (id=1174): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, @none={0x0, 0x1}}, 0x14, &(0x7f0000000100)={0x0}, 0x7, 0x0, 0x0, 0x4002000}, 0x600c010) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000141, 0x0) 2.005643373s ago: executing program 3 (id=1176): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x4008630a, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 1.812051707s ago: executing program 3 (id=1179): syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, 0x0, 0x0) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000100000001800018014000200776c616e30000000000000000000000b08000700e80700000800070001000000080009007f00000008000700090000000800080008000000080006"], 0x5c}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 1.782882433s ago: executing program 4 (id=1181): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f00000002c0)) 1.748708937s ago: executing program 5 (id=1182): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e20, @private=0xa010101}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty=0xe00}}) 1.727503308s ago: executing program 3 (id=1183): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x1e, &(0x7f0000000780)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@nomblk_io_submit}, {@noinit_itable}, {@lazytime}, {@nombcache}, {@nolazytime}, {@noquota}]}, 0x43, 0x456, &(0x7f0000000e80)="$eJzs3M1vG0UbAPBn7Th9+/UmVKXQDyBQEOUradJSeuACAokDSEhwKMeQpFWp26AmSLSqSkCoHFElTnBAHJH4CzjBBQEnJK5wR5Uq1EsLJ6O1dxvbsU3tOnGpfz9pnZndcWYe7449sxMngKE1kT4kEdsi4reIGKtlGwtM1H7cuHZh7q9rF+aSqFTe+DOplrt+7cJcXjR/3tY8MxJR+DiJvS3qXTp3/tRsubxwNstPLZ9+d2rp3PlnTp6ePbFwYuHMzNGjhw9NP3dk5tm+xJnGdX3PxcV9u1956/Jrc8cuv/3TN0kef1McfTLR6eBjlUqfqxus7XXpZGSADaErxVo3jVK1/49FMVZP3li8/NFAGwesq0qlUtmVpb8YW3N4pQLcxZIYdAuAwcg/6NP5b75t5Phj0K6+UJsApXHfyLbakZEoZGVKTfPbfpqIiGMrf3+ZbrE+9yEAABp8l45/nm41/ivErrpy/8/WUMYj4p6I2BERRyJiZ0TcG1Ete19E3N9l/c2LJGvHP4UrPQV2i9Lx3/PZ2lbj+C8f/cV4Mcttr8ZfSo6fLC8czF6TA1HalOanO9Tx/Uu/ftruWP34L93S+vOxYNaOKyObGp8zP7s8ezsx17v6YcSekVbxJzdXApKI2B0Re3qs4+STX+9rd+zf4++gD+tMla8iHq+d/5Voij+XpqZK0W59cup/UV44OJVfFWv9/Mul19vVf1vx90F6/re0vP5vxj+e1K/XLnXz2z9/In289Psnbec0vV7/o8mbDfven11ePjsdMZq8Wmt0/f6ZpnIzq+XT+A/sb93/d8TqK7E3ItKL+IGIeDAiHsra/nBEPBIR+zu8Cj+++Og7vce/vtL457s6/6uJ0Wje0zpRPPXDtw2VjncTf3r+D1dTB7I9t/L+17ldyUpE91czAAAA/FcVImJbJIXJm+lCYXKy9jf8O2NLoby4tPzU8cX3zszXviMwHqVCfqdrrO5+6HQ2rc/zM035Q9l948+Km6v5ybnF8vygg4cht7VN/0/9URx064B15/taMLz0fxhe+j8ML/0fhleL/r95EO0ANl6rz/8PBtAOYOM19X/LfjBEzP9hePXS/71nwN2hY18e3bh2ABtqaXN0/vJ+c+JiN4WbEvm/VOnx6RJ3UiIKd0QzJNYpMeA3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD75JwAA///xXeLR") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = open$dir(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes256, 0x0, @desc3}) 1.640839802s ago: executing program 2 (id=1184): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x20048a, &(0x7f00000001c0)={[{@grpjquota}, {@noinit_itable}, {@abort}, {@bsdgroups}]}, 0x12, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 1.493061767s ago: executing program 5 (id=1186): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@user_xattr}, {@lazytime}, {@quota}]}, 0x3, 0x441, &(0x7f0000000440)="$eJzs3MtvG0UYAPBv10lLXyRUpdAHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QXWQaBRBQKgcUSXuiCMSfwEHBBcEnJC4wh1VqlAuLZyM1vYmjmuncepkC/79pI1ndseZ+bw79sxOnAD61kj2I4nYHRG/R8RQPbu6wEj94ebSwtTfSwtTSVSrb/6V1MrdWFqYyovmz9uVZwYi0k+TONSm3srl+fOT5fLMpUZ+bO7Ce2OVy/PPnrsweXbm7MzFiVOnThwff/7kxHM9iTOL68bBD2cPH3j17auvT52++s7P3yR5/C1x9MjIWgefqFZ7XF2x9jSlk4ECG0JXSvVuGoO1/j8UpVg5eUPxyieFNg7YVNVqtbo/4rsOhxerwP9YEkW3AChG/kGfzX/zbetGH8W7/mJ9ApTFfbOx1Y8MRNooM9gyv+2lkYg4vfjPl9kWm3MfAgBgle+z8c8z7cZ/aexvKndvYw1lOCLui4i9EXEyIvZFxP0RtbIPRMSDXdbfukhy6/gnvdb+mdu7rKm9bPz3QmNta/X4Lx/9xXCpkdtTi38wOXOuPHOs8ZocjcHtWX58jTp+ePm3zzsdax7/ZVtWf/a4sjqUXhtoCXV6cm7yjoJucv3jiIMD7eJPllcCkog4EBEHN1jHuae+PtzpWKf41/WLe7DOVP0q4sn6+V+Mlvhzydrrk2P3RHnm2Fh+Vdzql1+vvNGp/juKvwey87+z7fW/HP9w0rxeW+m+jit/fNZxTnP7+Ntf/9uSt1bt+2Bybu7SeMS25LV6o5v3T7SUm1gpn8V/9Ej7/r83Vl6JQxGRXcQPRcTDEfFIo+2PRsRjEXFkjfh/eunxdzce/+bK4p/u6vyvJLZF6572idL5H79dVelwN/Fn5/9ELXW0sWc973/radfGrmYAAAD470kjYnck6ehyOk1HR+t/w78vdqbl2crc02dm3784Xf+OwHAMpvmdrqGm+6HjjWl9np9oyR9v3Df+orSjlh+dmi1PFx089LldHfp/5s9S0a0DNp3va0H/0v+hf+n/0L/0f+hfbfr/jiLaAWy9dp//HxXQDmDrtfR/y37QR8z/oX/p/9C/9H/oS5UdcfsvyUsUncj/GcPd0p7K5flI74pmSGxSouA3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75NwAA//9wCOUr") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) pwrite64(r0, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61) 1.429035798s ago: executing program 0 (id=1187): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000780)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1bc400000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="050033000d000000080032"], 0x2c}}, 0x0) 1.357237842s ago: executing program 4 (id=1188): r0 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x61, &(0x7f00000004c0)={0x0, 0x3, 0x14, 0x3}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$USBDEVFS_REAPURB(r0, 0x4004550d, 0x0) 1.179725643s ago: executing program 0 (id=1189): syz_mount_image$exfat(&(0x7f0000003500), &(0x7f0000000000)='./bus\x00', 0x40, &(0x7f0000003640)=ANY=[@ANYBLOB='umask=00000000000000000000005,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c696f636861727365743d63703836342c6572726f72733d72656d6f756e742d726f2c696f636861727365743d6370313235312c6572726f72733d636f6e74696e75652c756d61736b3d303030303030302c757466382c00be3344178f389d7f080d9fe2915a6ad1dc3095743c"], 0x1, 0x1527, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXH+YnGDgkGhID4oHBQJdGACG4iLRY8G1wfFgxuCEkHJoFRQOnBBmSAhuDEoG9wUlAtuDsoHtwQVgluDikGloHJQJbgtqBrcHlQL7giqB3cGNYKaQa2gdnBXUCe4O6gb3BPUC+4N6gf3BfcHDwQNggeDhsFDQaPg4aBx8EjQJHg0aBo0C5oHLYKWf+r83p8s8LjrqXvpJN1b99Ev6b66n+6vX9YD9Ct6oH5VD9Kv6WQ9WA/Rr+uh+g09TL+ph+sReqR+S4/Sb+vReoweq8fpFD1eT9Dv6In6XT1Jv6cn6yk6VU/V0/T7erqeoWfqD/Qs/aGerefouXqeTtMf6fl6gU7XH+uF+hOdoRfpxXqJXqqX6eV6hV6pV+nVeo1eq9fp9XqD3qg36c16i96qt+nt+lO9Q3+md+pderf+XO/RX+i9+ku9T3+l9+uvdab+Rh/Q3+qD+jt9SH+vD+sf9BF9VB/Tx/UJ/aM+qU/p0/qMPqt/0uf0z/q89lmL+6yPd6OMMjEmxsSaWJPL5DK5TW6Tx+QxERMxcSbO5DP5TH6T3xQ0BU28iTdFTBGThQyZoqaoiZqoKW6KmxKmhCllShlnnEkwCaasKWvKmXKmvClvKpgKpqKpaCqbyuY2c5u53dxu7jB3mDvNnaamqWlqm9qmjqlj6pq6pp6pZ+qb+uZ+c79pYBqYhqahaWQamcamsWlimpimpqlpbpqblqalaWVamdamtWlr2pp2pp1pb9qbRJNoOpgOpqPpaDqZTqaz6Wy6mC6mq+lqupvupofpYXqanibJJJk+po/pa/qa/qa/GWAGmIFmoBlkBplkk2yGmCFmqBlqhplhZrgZYUZmLVTN22a0GWPGmnEmxaSYCWaCmWgmmklmkplsJptUk2qmmWlmupluZpqZZpaZZWab2WaumWvSTJqZb+abdJNuFpqFJsNkmMVmsVlqlprlZrlZaVaa1Wa1WQtrzXqz3mw0G81ms9lsNVvNdrPd7DA7zE6z0+w2u80es8fsNXvNPrPP7Df7TabJNAfMAXPQHDSHzCFz2Bw2R8wRc8wcMyfMCXPSnDSnzWlz1hS4+HnpTazNaXPZq2xue7XNY/Pav40L2kI23ha2Ray2+W2BX8XGWlvClrSlbGnrbBmbYG/8TVzRVrKVbRV7m61qb7fVfhPXsXfbuvYeW8/ea2vbu34V17f32azVSQNEANvMNrItbGP7iG1iH7VNbTPb3Law7eyTtr19yibap20H+8xv4vl2gV1pV9nVdo3daXfZ0/aMPWi/s2ftT7an7WUH2FfsQPuqHWRfs8l28G/ikfYtO8q+bUfbMXasHfebeLKdYlPtVDvNvm+n2xm/idPsR3aWTbez7Rw71877Jc7KKd1+bBfaT2yGDWCxXWKX2mV2uV1xKVef166z6+0Gu8N+ZjfbLXar3Wa3X1oI2112t/3c7rFf2AP2W7vPfmX320M2037zS5x1fofs9/aw/cEesUftMXvcnrA/qkujs879uP3ZnrfeAiEBSVIUUAzloFjKSbnoKspNV1MeyksRuobi6FrKR9dRfipABakQxVNhKkKaDFkiCqkoFaMoXU+X0itFpclRGUqgG6ks3UTl6GYqT7dQBbqVKlIlqkxV6DaqSrdTNbqDqtOdVINqUi2qTXdRHbqb6tI9VI/upfp0H91PD1ADepAa0kPUiB6mxvQINaFHqSk1o+bUglrSY9SKHqfW1Iba0hPUjp6k9vQUJdLT1IGeoY70F+pEz1Jneo660PPUlbpRd3qBetCL1JN6URL1pj70EvWlftSfXqYB9AoNpFdpEL1GyTSYhtDrNJTeoGH0Jg2nETSS3qJR9DaNpjE0lsZRCo2nCfQOTaR3aRK9R5NpCqXSVJpG79N0mkEz6QOaRR/SbJpDc2kepdFHNJ8WUDp9TAvpE8qgRbSYltBSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRtvpU9pBn9FO2kW76XPaQ18Q0pe0j76i/fQ1ZdI3dIC+pYP0HR2i730v+oGO0FE6RsfpBP1IJ+kUnaYzdJZ+onP0M50nTxBiKEIZqjAIY8IcYWyYM8wVXhXmDq8O84R5w0h4TRgXXhvmC68L84cFwoJhoTA+LBwWCXVoQhtSGIZFw2JhNLw+LB7eEJYIS4alwtKhC8uECeGNYdnwprBceHNYPrwlrBDeGlYMK4WP3FslvC2sGt4eVgvvCKuHd4Y1wpphrbB2eFdYJ7w7rBveE9YL7w3LhfeF94cPhA3CB8OG4UNho/DhsHH4SNgkfDRsGjYLm4ctwpbhY2Gr8PGwddgmbBs+EbYLnwzbh0+FieHTYYfwmV/671vw9/uTwt5hn/Cl8KXQ+3vk3Oi8aFr0o+j86IJoevTj6MLoJ9GM6KLo4uiS6NLosujy6Iroyuiq6Oromuja6Lro+uiGqPe1c4BDJ5x0ygUuxuVwsS6ny+Wucrnd1S6Py+si7hoX5651+dx1Lr8r4Aq6Qi7eFXZFnHbGWUcudEVdMRd117vi7gZXwpV0pVxp51wZl+BauJaupWvlHnetXRvX1j3hnnBPuifdU+4p97Tr4J5xHd1fXCf3rOvsnnPPueddV9fNdXcvuB5ufJ4Lr8kk18f1cX1dX9ff9XcD3AA30A10g9wgl+yS3RA3xA11Q90wN8wNBwXgRrpRbpQb7Ua7sW6sS3EpboKb4Ca6iW6Sm+Qmu8ku1aW6aW6am+6mu6ozLhxltpvt5rq5Ls2lufkua82Y7ha6hS7DZbjFbrFb6pa65W65W+lWutVutVvr1rr1br3b6Da6zW6z2+q2uu1uu9vhdridPu+FSd0et9ftdfvcPrfffe0y3TfugPvWHXTfuUPue3fY/eCOuKPumDvuTrgf3Ul3yp12Z9xZ95M753525513KZHxkQmRdyITI+9GJkXei0yOTImkRqZGpkXej0yPzIjMjHwQmRX5MDI7MicyNzIvkhb5KDI/siCSHvk4sjDySSQjsiiyOLIksjSyLOJ94c2hL+qL+ai/3hf3N/gSvqQv5Ut758v4BH+jL+tv8uX8zb68v8VX8Lf6ir6Sr+wf9U19M9/ct/At/WO+lX/ct/ZtfFv/hG/nn/Tt/VM+0T/tO/hnfEf/F9/JP+s7++d8F/+87+q7+e7+Bd/Dv+h7+l4+yff2ffxLvq/v5/v7l/0A/4of6F/1g/xrPtkP9kP8636of8MP82/64X6EHxnzlh916RIZxvkUP95P8O/4if5dP8m/5yf7KT7VT/XT/Pt+up/hZ/oP/Cz/oZ/t5/i5fp5P8x/5+X6BT/cf+4X+E5/hF126qeyX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/tP/Q7/md/pd/nd/nO/x3/h9/ov/T7/VQ7wX/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Ld3x7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA///Vifca") write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xfc, {"a2e3ad21ed0d1bf91b29550987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f3b096c060890e0878f0e1ac6e7049b096e959b449a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b075d0d36cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130f91850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f4077fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a81aa1020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b21052010689af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153fae46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c343f7f140f319539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474b0679dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691951264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d984836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a70500be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x8f5}}, 0x1006) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 1.048017155s ago: executing program 3 (id=1190): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001e"], 0xc3}, 0x1, 0x100000000000000}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.025543919s ago: executing program 0 (id=1191): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00') r1 = fanotify_init(0x8, 0x0) fanotify_mark(r1, 0x1, 0x19, r0, 0x0) pread64(r0, &(0x7f0000000180)=""/116, 0x74, 0x3) 1.018863254s ago: executing program 4 (id=1192): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 879.142117ms ago: executing program 5 (id=1193): bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1c, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@ldst={0x1, 0x3, 0x3, 0x8, 0x1, 0x10}]}, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x15, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x3b) 857.690953ms ago: executing program 0 (id=1194): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$midi(r0, 0x0, 0x0) 833.725984ms ago: executing program 2 (id=1195): syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x10, &(0x7f0000000340), 0x19, 0x6fe, &(0x7f0000000380)="$eJzs3U9sHFcdB/Dv7K7X3lRy3dI/ASHFakQEDU3sLJAgISUghHKoIBKXXk3iNFacNLJdlESIuEDhCCeUQw9FyD30hDggFXFAlBMHJCTuuVfqgVvEAaPZnbV3bcf2JrEdwucjzc6bnffnN79983a9TuQA/7fOv5GR5RQ5f/z1m+XxvZX2/L2V9rVeOcloklrS6O5SXE+Kj5Nz6W75bPlk1V3Rqb2Fr37y0XvH7n7Y7h41qq3TrtbXfhurvRG2sFxtmUxSr/ZDajyov4tb9HdnqK6LtbjLhB3tJQ4O2uomy8M038V9Czzp7iT1kS2en0gOJRmrPgekWh1q+xzeYzfUKgcAAABPpvpOFZ69n/u5mfH9CQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeDkX3bwYW1VbrlSdTVH///3tVtY5G82DD3cGXdzj/7uV9CgQAAAAAAAAAHr+R9eKR+7mfmxnvHa8Wnd/5v9I5eKHz+EzezmJms5ATuZmZLGUpC5lORsb7+mzenFlaWpje3PLXKVuurq7eqVqeSjKxqeWpDTHW9+C6AQAAAAAAAODp9ZOcz/hBBwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP2KpN7ddbYXeuWJ1BpJxpI0y3rLyZ+SD1476Hgf1Z8POgAAAADYe61qP178p1tYLTo/87/U+bl/LG/nepYyl6XMZzaXOt8FdL8BqP1juT1/b6V9rdw2d/zNT4eKo9NjknreecDIU50aL661OJ/v5Ps5nslcyELm8sPMZCmzmUyrvIjMpMhEq/vtxUQZYz3JYLz1qqtzA6Fc2BjbkQ3HhzuRtHI5c53YTuRis9dbrVOjyOHeSPdW2n9oJhsy9M6nSbM4W9llji71vV6/qr6Xqaw+u8s+9sZE58pH1jIyVea+ysZzfZnYYq4MOU82jjSdWvf7qCQvrI9SHm4cqcx5irNnfzBMzg9V+zLXPx/M+ePWHK76xkycSq2afclLgzm/8YW7zyc5vt74S//8y4UrtetXr1xePL6Hl7SnRnqFjZlo92Xi5e1nX5WJ+TITy7vPxMjGJ8Ye4Toeo2aVje7CtrvV8tud0kxe6ZuCb+VSZnM6U5nOmUzl6zmV9sAMe3Egr432tcGcdO612ub1rbVN8Ee/2FfpFztU3l9lXp7ry2v/SjfROVc9c+6XmerL0vPbz77eijTMu0Djc1WhHOOna+84T4KBTFRrcy+63hvUAzLxm9XycXH++tWFKzM3djnesWpf3rbvDq7Nv33ki3kk5XwpV9xG56iTk1ZvvpTnPrMW7WC+mtVvXLrtapvOvbh2biLjmct3H3inNqvPcJt76p57ectz7c65w33nBj7l5K3Mdz6FbDC5P1kFYNcOvXqo2fqk9ffW+62fta60Xh/71uiZ0c83M/LXxh/rv6t9UPtG8Wrez48zftCRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADA02Dx1u2rM/Pzswt7WGg+5Fip7Vhn5ZnddZiJZPuxiqrQ3OtsPAGFf41tm41W9mj03ycpC6PVhNhQp/nIQxR7N5//dmj9pnksHY70J2G1PkTzxubU9RcaWRx70Cs4uv66Z+LqzPy/VwfqtNJ3ywBPuZNL126cXLx1+7W5azNvzr45e/3UmdNnTre/Nv2Vk5fn5menuo8HHSWwFxZv3a4fdAwAAAAAAAAAAADAcKp//b/00P+ZobFDnebC4tYjH9nvSwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+R51/IyPLKTI9dWKqPL630p4vt155vWYjSS1J8aOk+Dg5l+6Wib7uis0jjFf7j947dvfD9npfjV792tbthrFcbZlMUq/2OxvdopvN/V3s62/5ocIr1q6wTNjRXuLgoP03AAD//4eN7Uo=") r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="4a000e001c"], 0xa0}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) 770.481127ms ago: executing program 4 (id=1196): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) fallocate(r2, 0x1, 0x100000000, 0x80000000) 591.082119ms ago: executing program 5 (id=1197): unshare(0x400) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, &(0x7f0000000340), &(0x7f0000000380)=r0}, 0x20) 379.649516ms ago: executing program 0 (id=1198): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x300, 0x0, 0x2, 0x9, 0x0, 0x4}, 0x20) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x300, 0x0, 0x2, 0x9, 0x0, 0x4}, 0x20) 377.201208ms ago: executing program 5 (id=1199): syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000140)='./file2\x00', 0x320c8cc, &(0x7f00000003c0)=ANY=[], 0x1, 0x1f3, &(0x7f0000001880)="$eJzslc+q00AUxr+ZxKT3Ij6AGxde8LowbXJB3Fy4d+PKheCfiwvBYtNSTa20XdiCaJ/AvTsXPoaiWxf6BlIF0U3dqOuRyUwmQ0mrMS0Knh90+k3m5MyZM5MzIAjiv+Xjhx8z8X3/cw3AcezA18+/OLkNt+zf174+fH3p4tGTm8/f+LNgq8inEL8/vwvg1aGDd+ZdIWynO/r/KrjR18BxVusjMARa3wLHda1jMNzQ+o6l+9I+CNrdJA5u95OWFA3ZhLKJ2t2EuYvxzacMLSs+Zo0Px5O7zSSJBxsUv8rf/JBj38SHmj1+ASrahpW/EByh1ntguGJs/Sw3KiXW+k+6+fqdlev3UHHZnwDkT9oFNrzqFJnw5FTLbbKFFgwBbF17H52o7ifb87KvO0iFU/p1rtIiT8XmP4AKAu7aHAq/4CT4q85PdfH2pRZ8pfGLA7V/JtRHql9u0oMlQ15JPzrzpj6JZwxnrPqpSsnT9Kqpj3r368Px5Fy31+zEnfheFO2db2wDiOppIVLtsvLnA1tpfdrO/RfeSRKPeXjQHI0GoWpNP1JtUcXlcDGfcuyexjHZl9XUW/D7zdIs/cmvgz1WvV27XConBEEQ/wCnwNKanNblTOjbxAwIEV3+y3ESBEEQBEEQBEEQBPHn/AwAAP//W8NQxQ==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x1c1) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x80086601, 0x0) 277.278408ms ago: executing program 4 (id=1200): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000500)="5c00000013006bcc9e3be35c17aa31076b876c1d0000297ea6080cc65fd8251e4e9294ff0051f60a84c9f4d4938037e786a6d016109d4650049af3ca5c744b6e7461d73b6700000e4509c5bbcd72c6c9535c88c7c8c2cd69708cdb2bb5e49b54c38cbfc9421596a5c836ff418560762da07f88759deccaa8db4c2266350083e070932c8a8e5b3200000000000100002e539f4377b90764021e9836768808757bc7ef238d", 0xa4}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x8881) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"]) 183.962774ms ago: executing program 2 (id=1201): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa10000000000000701"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000580)="63eced8e46aa7ce5a833c9f7b942", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 160.116345ms ago: executing program 0 (id=1202): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x2, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x0, 0x0, 0x0, 0xfffffffe}, [@TCA_NETEM_RATE={0x14, 0xe, {0x2, 0xfffffff7}}]}}}]}, 0x60}}, 0x8c0) 99.83911ms ago: executing program 5 (id=1203): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x3000) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x280}) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f000090c000/0x2000)=nil, 0x2000}) 0s ago: executing program 3 (id=1204): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x2000002, 0x3a, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): ptor?? [ 147.549912][ T119] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 147.741394][ T119] gp8psk: usb in 128 operation failed. [ 147.782131][ T119] gp8psk: usb in 137 operation failed. [ 147.788082][ T119] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 147.849667][ T119] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 147.862850][ T119] usb 3-1: media controller created [ 147.901354][ T119] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 147.931347][ T119] gp8psk_fe: Frontend attached [ 147.940640][ T119] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 147.953405][ T119] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 148.245977][ T119] gp8psk: usb in 137 operation failed. [ 148.256837][ T119] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 148.309910][ T119] gp8psk: found Genpix USB device pID = 203 (hex) [ 148.344367][ T119] usb 3-1: USB disconnect, device number 6 [ 148.365437][ T5832] Bluetooth: hci1: Invalid connection link type handle 0x00c9 [ 148.521900][ T119] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 148.893758][ T119] kernel write not supported for file /snd/seq (pid: 119 comm: kworker/0:2) [ 149.048567][ T7394] loop2: detected capacity change from 0 to 64 [ 149.292983][ T7399] program syz.1.512 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 149.532612][ T7362] loop3: detected capacity change from 0 to 65536 [ 149.603360][ T7362] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 149.696443][ T7388] loop0: detected capacity change from 0 to 32768 [ 149.743260][ T7388] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 149.785046][ T7362] XFS (loop3): Ending clean mount [ 149.814736][ T7362] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x142/0x210, xfs_agf block 0x1 [ 149.828790][ T7362] XFS (loop3): Unmount and run xfs_repair [ 149.844363][ T7362] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 149.920101][ T7362] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 149.932531][ T7362] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 149.947611][ T7362] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 149.955065][ T7388] XFS (loop0): Ending clean mount [ 149.959898][ T7362] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 149.977257][ T7362] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 149.993737][ T7362] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 150.018164][ T7362] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 150.031586][ T7388] XFS (loop0): Quotacheck needed: Please wait. [ 150.043527][ T7362] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 150.088209][ T7388] XFS (loop0): Quotacheck: Done. [ 150.095346][ T7362] XFS (loop3): metadata I/O error in "xfs_read_agf+0x289/0x5f0" at daddr 0x1 len 1 error 74 [ 150.167424][ T7362] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x518/0x950 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 150.190615][ T7362] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 150.220847][ T5822] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 150.296215][ T5827] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 150.619428][ T7406] loop2: detected capacity change from 0 to 40427 [ 150.653594][ T7406] F2FS-fs (loop2): Wrong SSA boundary, start(3584) end(4096) blocks(0) [ 150.705105][ T7406] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 150.737664][ T7435] input: syz1 as /devices/virtual/input/input15 [ 150.769052][ T7406] F2FS-fs (loop2): build fault injection type: 0x6 [ 150.831255][ T7406] F2FS-fs (loop2): invalid crc value [ 151.173915][ T7406] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 151.243590][ T7406] F2FS-fs (loop2): Start checkpoint disabled! [ 151.265023][ T7440] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 151.303140][ T7406] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 151.321019][ T7429] loop4: detected capacity change from 0 to 32768 [ 151.367553][ T7431] loop1: detected capacity change from 0 to 32768 [ 151.375866][ T7406] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 151.388188][ T7429] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 151.481330][ T7406] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 151.494269][ T7431] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.520 (7431) [ 151.538497][ T7431] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 151.579207][ T7431] BTRFS info (device loop1): using sha256 checksum algorithm [ 151.667570][ T35] kworker/u8:2: attempt to access beyond end of device [ 151.667570][ T35] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 151.719269][ T35] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 151.719295][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 151.719307][ T35] Workqueue: writeback wb_workfn (flush-7:2) [ 151.719332][ T35] Call Trace: [ 151.719339][ T35] [ 151.719347][ T35] dump_stack_lvl+0xe8/0x150 [ 151.719372][ T35] f2fs_handle_critical_error+0x37c/0x540 [ 151.719398][ T35] f2fs_write_end_io+0xcdb/0xff0 [ 151.719439][ T35] __submit_merged_bio+0x256/0x700 [ 151.719463][ T35] __submit_merged_write_cond+0x3c3/0x4e0 [ 151.719490][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 151.719530][ T35] f2fs_write_data_pages+0x2970/0x35e0 [ 151.719589][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 151.719624][ T35] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 151.719679][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 151.719740][ T35] ? filemap_get_entry+0xca/0x320 [ 151.719759][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 151.719782][ T35] do_writepages+0x32e/0x550 [ 151.719812][ T35] ? reacquire_held_locks+0x104/0x190 [ 151.719834][ T35] ? writeback_sb_inodes+0x43d/0x19a0 [ 151.719871][ T35] __writeback_single_inode+0x133/0x11a0 [ 151.719893][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 151.719914][ T35] writeback_sb_inodes+0x944/0x19a0 [ 151.719956][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 151.719979][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 151.720035][ T35] ? rcu_is_watching+0x15/0xb0 [ 151.720067][ T35] wb_writeback+0x456/0xb70 [ 151.720092][ T35] ? queue_io+0x1f1/0x4a0 [ 151.720118][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 151.720136][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 151.720169][ T35] wb_workfn+0x414/0xf50 [ 151.720193][ T35] ? look_up_lock_class+0x57/0x110 [ 151.720226][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 151.720247][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 151.720268][ T35] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 151.720310][ T35] ? process_one_work+0x87c/0x1650 [ 151.720333][ T35] process_one_work+0x949/0x1650 [ 151.720374][ T35] ? __pfx_process_one_work+0x10/0x10 [ 151.720393][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 151.720431][ T35] worker_thread+0xb46/0x1140 [ 151.720478][ T35] kthread+0x388/0x470 [ 151.720503][ T35] ? __pfx_worker_thread+0x10/0x10 [ 151.720523][ T35] ? __pfx_kthread+0x10/0x10 [ 151.720541][ T35] ret_from_fork+0x51e/0xb90 [ 151.720565][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 151.720585][ T35] ? __switch_to+0xc7d/0x1450 [ 151.720609][ T35] ? __pfx_kthread+0x10/0x10 [ 151.720627][ T35] ret_from_fork_asm+0x1a/0x30 [ 151.720666][ T35] [ 151.720675][ T35] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 152.057070][ T7429] XFS (loop4): Ending clean mount [ 152.188884][ T7431] BTRFS info (device loop1): enabling ssd optimizations [ 152.224824][ T7431] BTRFS info (device loop1): turning on async discard [ 152.279227][ T7431] BTRFS info (device loop1): enabling free space tree [ 152.287518][ T5828] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 152.385520][ T7478] netlink: 128 bytes leftover after parsing attributes in process `syz.0.532'. [ 152.407245][ T7478] netlink: 40 bytes leftover after parsing attributes in process `syz.0.532'. [ 152.455553][ T5818] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 153.404941][ T7501] loop4: detected capacity change from 0 to 4096 [ 153.483130][ T7501] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 153.515224][ T7505] loop3: detected capacity change from 0 to 128 [ 153.574214][ T7505] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 153.619231][ T7501] ntfs3(loop4): Failed to load $Extend (-22). [ 153.643648][ T7505] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 153.655421][ T7501] ntfs3(loop4): Failed to initialize $Extend. [ 153.791444][ T29] audit: type=1800 audit(1770058425.352:12): pid=7501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.541" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 153.813813][ T7512] netlink: 300 bytes leftover after parsing attributes in process `syz.0.546'. [ 154.382931][ T7530] ªªªªªª: renamed from vlan0 (while UP) [ 154.456294][ T7532] netlink: 48 bytes leftover after parsing attributes in process `syz.0.554'. [ 154.515930][ T7535] netlink: 'syz.4.556': attribute type 1 has an invalid length. [ 154.576011][ T7535] netlink: 'syz.4.556': attribute type 7 has an invalid length. [ 154.623126][ T7535] netlink: 'syz.4.556': attribute type 8 has an invalid length. [ 154.659167][ T7535] netlink: 208 bytes leftover after parsing attributes in process `syz.4.556'. [ 154.690872][ T7535] NCSI netlink: No device for ifindex 65584 [ 154.946272][ T7549] option changes via remount are deprecated (pid=7547 comm=syz.2.564) [ 154.969094][ T7549] cgroup: option or name mismatch, new: 0x0 "pim6reg0", old: 0x0 "" [ 155.559707][ T7573] loop4: detected capacity change from 0 to 512 [ 155.573949][ T7573] EXT4-fs: Ignoring removed oldalloc option [ 155.596280][ T7573] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 155.630986][ T7573] EXT4-fs (loop4): 1 truncate cleaned up [ 155.638607][ T7573] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.692533][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.749042][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 155.919294][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 155.937076][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.965609][ T10] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 155.998805][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.031814][ T10] usb 3-1: config 0 descriptor?? [ 156.234090][ T5884] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 156.381953][ T7600] loop3: detected capacity change from 0 to 512 [ 156.402258][ T7602] netlink: 8 bytes leftover after parsing attributes in process `syz.0.588'. [ 156.429161][ T5884] usb 5-1: Using ep0 maxpacket: 16 [ 156.460642][ T5884] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 156.460887][ T7600] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.587: bg 0: block 288: padding at end of block bitmap is not set [ 156.472192][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.498743][ T5884] usb 5-1: Product: syz [ 156.505831][ T5884] usb 5-1: Manufacturer: syz [ 156.517480][ T10] mcp2221 0003:04D8:00DD.0005: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 156.530685][ T5884] usb 5-1: SerialNumber: syz [ 156.569333][ T5884] r8152-cfgselector 5-1: Unknown version 0x0000 [ 156.577159][ T5884] r8152-cfgselector 5-1: config 0 descriptor?? [ 156.630401][ T7600] loop3: lost filesystem error report for type 5 error -117 [ 156.639826][ C1] EXT4-fs (loop3): initial error at time 1770058428: ext4_validate_block_bitmap:441 [ 156.660934][ C1] EXT4-fs (loop3): last error at time 1770058428: ext4_validate_block_bitmap:441 [ 156.706081][ T7600] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6687: Corrupt filesystem [ 156.721253][ T7600] loop3: lost filesystem error report for type 5 error -117 [ 156.722355][ T7600] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.587: attempt to clear invalid blocks 1024 len 1 [ 156.754239][ T7600] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 156.755132][ T7600] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.587: invalid indirect mapped block 1819239214 (level 0) [ 156.809524][ T7600] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 156.809960][ T5884] r8152-cfgselector 5-1: Needed 1 retries to read version [ 156.810868][ T7600] EXT4-fs (loop3): 1 truncate cleaned up [ 156.842093][ T7600] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.902843][ T7600] netlink: 8 bytes leftover after parsing attributes in process `syz.3.587'. [ 156.931689][ T5871] usb 3-1: USB disconnect, device number 7 [ 157.007179][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.145970][ T5871] r8152-cfgselector 5-1: USB disconnect, device number 7 [ 157.502083][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 157.679893][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 157.698458][ T10] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 157.718655][ T10] usb 4-1: config 0 has no interface number 0 [ 157.755606][ T10] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 157.799341][ T10] usb 4-1: config 0 interface 85 has no altsetting 0 [ 157.835252][ T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 157.859282][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.901171][ T10] usb 4-1: Product: syz [ 157.907014][ T10] usb 4-1: Manufacturer: syz [ 157.930326][ T10] usb 4-1: SerialNumber: syz [ 157.972727][ T7636] loop1: detected capacity change from 0 to 128 [ 157.983264][ T10] usb 4-1: config 0 descriptor?? [ 158.019695][ T7636] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 158.144570][ T7636] ext4 filesystem being mounted at /121/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 158.298829][ T5818] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 158.298893][ T7633] loop4: detected capacity change from 0 to 32768 [ 158.357248][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 158.390157][ T7633] JBD2: Ignoring recovery information on journal [ 158.459427][ T7633] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 158.556351][ T24] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 158.594975][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 158.615273][ T24] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 158.627314][ T24] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 158.634115][ T10] appletouch 4-1:0.85: Geyser mode initialized. [ 158.671211][ T10] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input16 [ 158.701917][ T24] usb 3-1: Product: syz [ 158.733590][ T24] usb 3-1: Manufacturer: syz [ 158.738767][ T24] usb 3-1: SerialNumber: syz [ 158.776274][ T24] usb 3-1: config 0 descriptor?? [ 158.824171][ T24] usb 3-1: selecting invalid altsetting 0 [ 158.872693][ T5828] ocfs2: Unmounting device (7,4) on (node local) [ 158.885379][ T10] usb 4-1: USB disconnect, device number 6 [ 159.003979][ T10] appletouch 4-1:0.85: input: appletouch disconnected [ 159.198103][ T24] usb 3-1: USB disconnect, device number 8 [ 159.662172][ T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 159.850960][ T10] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 159.869242][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.882092][ T10] usb 1-1: config 0 descriptor?? [ 159.932209][ T7677] loop4: detected capacity change from 0 to 256 [ 159.998790][ T7677] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 160.078163][ T7679] loop2: detected capacity change from 0 to 256 [ 160.133268][ T10] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 160.174009][ T7679] FAT-fs (loop2): Directory bread(block 64) failed [ 160.199053][ T7679] FAT-fs (loop2): Directory bread(block 65) failed [ 160.221226][ T7679] FAT-fs (loop2): Directory bread(block 66) failed [ 160.254604][ T7679] FAT-fs (loop2): Directory bread(block 67) failed [ 160.288150][ T7679] FAT-fs (loop2): Directory bread(block 68) failed [ 160.320632][ T7679] FAT-fs (loop2): Directory bread(block 69) failed [ 160.342767][ T7679] FAT-fs (loop2): Directory bread(block 70) failed [ 160.349626][ T10] [drm:udl_init] *ERROR* Selecting channel failed [ 160.355893][ T7679] FAT-fs (loop2): Directory bread(block 71) failed [ 160.381085][ T7679] FAT-fs (loop2): Directory bread(block 72) failed [ 160.409011][ T7679] FAT-fs (loop2): Directory bread(block 73) failed [ 160.441699][ T10] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 160.465708][ T10] [drm] Initialized udl on minor 2 [ 160.494792][ T10] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 160.527560][ T10] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 160.551153][ T5884] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 160.590897][ T10] usb 1-1: USB disconnect, device number 5 [ 160.615000][ T5884] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 160.857962][ T7693] loop2: detected capacity change from 0 to 512 [ 160.885937][ T7693] EXT4-fs error (device loop2): ext4_iget_extra_inode:5052: inode #15: comm syz.2.628: corrupted in-inode xattr: invalid ea_ino [ 160.972541][ T7693] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 160.973068][ T7693] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.628: couldn't read orphan inode 15 (err -117) [ 160.984480][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 160.984503][ C0] EXT4-fs (loop2): initial error at time 1770058432: ext4_iget_extra_inode:5052: inode 15 [ 160.984526][ C0] EXT4-fs (loop2): last error at time 1770058432: ext4_iget_extra_inode:5052: inode 15 [ 161.069665][ T7693] loop2: lost filesystem error report for type 5 error -117 [ 161.079642][ T7693] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.211353][ T7703] loop3: detected capacity change from 0 to 128 [ 161.229890][ T7703] EXT4-fs: Ignoring removed nobh option [ 161.258039][ T7703] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 161.288033][ T7703] ext4 filesystem being mounted at /129/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 161.318563][ T5823] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.478847][ T7708] loop2: detected capacity change from 0 to 128 [ 161.495877][ T5827] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 161.803155][ T7715] overlay: Unknown parameter '32 [ 161.803155][ T7715] time [ 161.803155][ T7715] string [ 161.803155][ T7715] statistic [ 161.803155][ T7715] state [ 161.803155][ T7715] realm [ 161.803155][ T7715] rateest [ 161.803155][ T7715] quota [ 161.803155][ T7715] pkttype [ 161.803155][ T7715] physdev [ 161.803155][ T7715] cgroup [ 161.803155][ T7715] cgroup [ 161.803155][ T7715] cgroup [ 161.803155][ T7715] owner [ 161.803155][ T7715] nfacct [ 161.803155][ T7715] nfacct [ 161.803155][ T7715] mac [ 161.803155][ T7715] limit [ 161.803155][ T7715] ipvs [ 161.803155][ T7715] helper [ 161.803155][ T7715] devgroup [ 161.803155][ T7715] cpu [ 161.803155][ T7715] conntrack [ 161.803155][ T7715] conntrack [ 161.803155][ T7715] conntrack [ 161.803155][ T7715] connlabel [ 161.803155][ T7715] connbytes [ 161.803155][ T7715] comment [ 161.803155][ T7715] bpf [ 161.803155][ T7715] bpf [ 161.803155][ T7715] connmark [ 161.803155][ T7715] mark [ 161.803155][ T7715] rpfilter [ 161.803155][ T7715] ah [ 161.803155][ T7715] tcpmss [ 161.803155][ T7715] socket [ 161.803155][ T7715] socket [ 161.803155][ T7715] socket [ 161.803155][ T7715] socket [ 161.803155][ T7715] sctp [ 161.803155][ T7715] recent [ 161.803155][ T7715] recent [ 161.803155][ T7715] policy [ 161.803155][ T7715] osf [ 161.803155][ T7715] multiport [ 161.803155][ T7715] length [ 161.803155][ T7715] l2tp [ 161.803155][ T7715] iprange [ 161.803155][ T7715] ipcomp [ 161.803155][ T7715] ttl [ 161.803155][ T7715] hashlimit [ 161.803155][ T7715] hashlimit [ 161.803155][ T7715] hashlimit [ 161.803155][ T7715] esp [ 161.803155][ T7715] ecn [ 161.803155][ T7715] tos [ 161.803155][ T7715] dscp [ 161.803155][ T7715] dccp [ 161.803155][ T7715] connlimit [ 161.803155][ T7715] cluster [ 161.803155][ T7715] addrtype [ 161.803155][ T7715] addrtype [ 161.803155][ T7715] set [ 161.803155][ T7715] set [ 161.803155][ T7715] set [ 161.803155][ T7715] set [ 161.803155][ T7715] set [ 161.803155][ T7715] icmp [ 162.623180][ T7740] veth1_to_team: entered promiscuous mode [ 162.633846][ T7740] veth1_to_team: left promiscuous mode [ 162.703822][ T7744] loop3: detected capacity change from 0 to 128 [ 162.765554][ T7744] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 162.869564][ T7744] ext4 filesystem being mounted at /134/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 162.934620][ T7736] loop4: detected capacity change from 0 to 32768 [ 162.994519][ T7736] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 163.086130][ T5827] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 163.198194][ T7736] XFS (loop4): Ending clean mount [ 163.256403][ T7736] XFS (loop4): Quotacheck needed: Please wait. [ 163.370671][ T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 163.388402][ T7736] XFS (loop4): Quotacheck: Done. [ 163.510401][ T5828] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 163.550036][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 163.563467][ T24] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 163.573880][ T24] usb 1-1: config 0 has no interface number 0 [ 163.583099][ T24] usb 1-1: config 0 interface 41 has no altsetting 0 [ 163.597155][ T24] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 163.637844][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.671605][ T24] usb 1-1: Product: syz [ 163.682993][ T24] usb 1-1: Manufacturer: syz [ 163.703534][ T24] usb 1-1: SerialNumber: syz [ 163.723840][ T24] usb 1-1: config 0 descriptor?? [ 163.747684][ T24] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -22 [ 163.985788][ T24] usb 1-1: USB disconnect, device number 6 [ 164.102841][ T7789] loop3: detected capacity change from 0 to 128 [ 164.112439][ T7786] loop1: detected capacity change from 0 to 4096 [ 164.190699][ T7786] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 164.202250][ T7789] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 164.224189][ T7786] UDF-fs: Scanning with blocksize 512 failed [ 164.246324][ T7789] ext4 filesystem being mounted at /139/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 164.352292][ T7786] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.391265][ T5827] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 164.480956][ T29] audit: type=1800 audit(1770058436.042:13): pid=7786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.668" name="file1" dev="loop1" ino=1334 res=0 errno=0 [ 164.670682][ T7803] loop3: detected capacity change from 0 to 512 [ 164.749166][ T7803] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.672: inode has both inline data and extents flags [ 164.788281][ T7803] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 164.788977][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 164.806137][ C1] EXT4-fs (loop3): initial error at time 1770058436: ext4_orphan_get:1391: inode 15 [ 164.816849][ C1] EXT4-fs (loop3): last error at time 1770058436: ext4_orphan_get:1391: inode 15 [ 164.857911][ T7803] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.672: couldn't read orphan inode 15 (err -117) [ 164.967188][ T7803] loop3: lost filesystem error report for type 5 error -117 [ 165.002450][ T7803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.161284][ T7796] loop4: detected capacity change from 0 to 32768 [ 165.242932][ T7796] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 165.311730][ T7796] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 165.469251][ T7796] XFS (loop4): Ending clean mount [ 165.534498][ T7796] XFS (loop4): Quotacheck needed: Please wait. [ 165.637323][ T7796] XFS (loop4): Quotacheck: Done. [ 165.726887][ T5828] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 165.914744][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.205835][ T7830] delete_channel: no stack [ 166.267981][ T5142] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 166.281826][ T5142] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 166.299268][ T5142] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 166.324387][ T5142] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 166.334914][ T5142] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 166.409324][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 166.569447][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 166.604471][ T24] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 166.628503][ T24] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 166.687464][ T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 166.729027][ T24] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 166.754651][ T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 166.766568][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.791812][ T24] usbtmc 4-1:16.0: bulk endpoints not found [ 166.931847][ T7831] chnl_net:caif_netlink_parms(): no params data found [ 167.032216][ T24] usb 4-1: USB disconnect, device number 7 [ 167.302067][ T7831] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.311694][ T7831] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.319944][ T7831] bridge_slave_0: entered allmulticast mode [ 167.331665][ T7831] bridge_slave_0: entered promiscuous mode [ 167.342798][ T7831] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.352870][ T7831] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.364040][ T7831] bridge_slave_1: entered allmulticast mode [ 167.373874][ T7831] bridge_slave_1: entered promiscuous mode [ 167.454036][ T7831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.479056][ T5884] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 167.492937][ T7831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.650028][ T5884] usb 4-1: Using ep0 maxpacket: 8 [ 167.651821][ T7831] team0: Port device team_slave_0 added [ 167.660927][ T5884] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFA, changing to 0x8A [ 167.691059][ T7831] team0: Port device team_slave_1 added [ 167.698086][ T5884] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 167.742827][ T5884] usb 4-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 167.759051][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 167.781187][ T5884] usb 4-1: SerialNumber: syz [ 167.806271][ T7831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.807006][ T5884] usb 4-1: config 0 descriptor?? [ 167.847626][ T7831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 167.850227][ T5884] hso 4-1:0.0: Can't find BULK OUT endpoint [ 167.959058][ T7831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.997323][ T7831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.028351][ T7831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.139191][ T7831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.309929][ T5976] usb 4-1: USB disconnect, device number 8 [ 168.398231][ T7831] hsr_slave_0: entered promiscuous mode [ 168.412615][ T7831] hsr_slave_1: entered promiscuous mode [ 168.430102][ T7831] debugfs: 'hsr0' already exists in 'hsr' [ 168.443452][ T7831] Cannot create hsr debugfs directory [ 168.456354][ T5832] Bluetooth: hci2: command tx timeout [ 168.709482][ T7865] loop4: detected capacity change from 0 to 40427 [ 168.726357][ T7865] F2FS-fs: heap/no_heap options were deprecated [ 168.736549][ T7865] F2FS-fs: heap/no_heap options were deprecated [ 168.778223][ T7865] F2FS-fs (loop4): Image doesn't support compression [ 168.795311][ T7867] loop1: detected capacity change from 0 to 40427 [ 168.812484][ T7865] F2FS-fs (loop4): invalid crc value [ 168.821979][ T7867] F2FS-fs (loop1): Image doesn't support compression [ 168.859595][ T7867] F2FS-fs (loop1): build fault injection rate: 690 [ 168.880724][ T7867] F2FS-fs (loop1): invalid crc value [ 169.104441][ T7831] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.223148][ T7865] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 169.272379][ T7867] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 169.304659][ T7865] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 169.337862][ T7867] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 169.392816][ T7865] syz.4.697: attempt to access beyond end of device [ 169.392816][ T7865] loop4: rw=2049, sector=77824, nr_sectors = 8 limit=40427 [ 169.430943][ T7865] syz.4.697: attempt to access beyond end of device [ 169.430943][ T7865] loop4: rw=2049, sector=77856, nr_sectors = 24 limit=40427 [ 169.466872][ T7865] syz.4.697: attempt to access beyond end of device [ 169.466872][ T7865] loop4: rw=2049, sector=77896, nr_sectors = 32 limit=40427 [ 169.505497][ T7865] syz.4.697: attempt to access beyond end of device [ 169.505497][ T7865] loop4: rw=2049, sector=77960, nr_sectors = 8 limit=40427 [ 169.527507][ T7831] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.612393][ T5818] syz-executor: attempt to access beyond end of device [ 169.612393][ T5818] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 169.639550][ T5818] CPU: 1 UID: 0 PID: 5818 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 169.639581][ T5818] Tainted: [L]=SOFTLOCKUP [ 169.639588][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 169.639597][ T5818] Call Trace: [ 169.639605][ T5818] [ 169.639613][ T5818] dump_stack_lvl+0xe8/0x150 [ 169.639645][ T5818] f2fs_handle_critical_error+0x37c/0x540 [ 169.639674][ T5818] f2fs_write_end_io+0xcdb/0xff0 [ 169.639722][ T5818] __submit_merged_bio+0x256/0x700 [ 169.639750][ T5818] __submit_merged_write_cond+0x3c3/0x4e0 [ 169.639781][ T5818] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 169.639823][ T5818] f2fs_write_data_pages+0x2970/0x35e0 [ 169.639886][ T5818] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 169.639925][ T5818] ? css_rstat_updated+0x23a/0x530 [ 169.639972][ T5818] ? rcu_is_watching+0x15/0xb0 [ 169.640056][ T5818] ? mod_memcg_lruvec_state+0x1a7/0x360 [ 169.640083][ T5818] ? __lock_acquire+0x6b5/0x2cf0 [ 169.640121][ T5818] ? __lock_acquire+0x6b5/0x2cf0 [ 169.640143][ T5818] ? do_raw_spin_lock+0x12b/0x2f0 [ 169.640170][ T5818] ? do_raw_spin_unlock+0xf5/0x210 [ 169.640195][ T5818] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 169.640220][ T5818] do_writepages+0x32e/0x550 [ 169.640255][ T5818] ? do_raw_spin_unlock+0xf5/0x210 [ 169.640278][ T5818] filemap_fdatawrite+0x1e9/0x2f0 [ 169.640306][ T5818] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 169.640380][ T5818] ? do_raw_spin_unlock+0xf5/0x210 [ 169.640403][ T5818] f2fs_sync_dirty_inodes+0x30e/0x860 [ 169.640441][ T5818] f2fs_write_checkpoint+0x9cf/0x2680 [ 169.640500][ T5818] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 169.640574][ T5818] kill_f2fs_super+0x314/0x720 [ 169.640605][ T5818] ? __pfx_kill_f2fs_super+0x10/0x10 [ 169.640637][ T5818] ? lockdep_hardirqs_on+0x7a/0x110 [ 169.640670][ T5818] deactivate_locked_super+0xbc/0x130 [ 169.640695][ T5818] cleanup_mnt+0x437/0x4d0 [ 169.640711][ T5818] ? _raw_spin_unlock_irq+0x23/0x50 [ 169.640731][ T5818] task_work_run+0x1d9/0x270 [ 169.640754][ T5818] ? __pfx_task_work_run+0x10/0x10 [ 169.640781][ T5818] exit_to_user_mode_loop+0xed/0x480 [ 169.640800][ T5818] ? rcu_is_watching+0x15/0xb0 [ 169.640827][ T5818] do_syscall_64+0x32d/0xf80 [ 169.640846][ T5818] ? trace_irq_disable+0x3b/0x150 [ 169.640867][ T5818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.640885][ T5818] ? clear_bhb_loop+0x40/0x90 [ 169.640908][ T5818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.640925][ T5818] RIP: 0033:0x7f298379c117 [ 169.640943][ T5818] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 169.640957][ T5818] RSP: 002b:00007ffd6a130c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 169.640976][ T5818] RAX: 0000000000000000 RBX: 00007f298380471f RCX: 00007f298379c117 [ 169.640988][ T5818] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6a130d40 [ 169.640998][ T5818] RBP: 00007ffd6a130d40 R08: 00007ffd6a131d40 R09: 00000000ffffffff [ 169.641010][ T5818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd6a131dd0 [ 169.641020][ T5818] R13: 00007f298380471f R14: 0000000000029617 R15: 00007ffd6a131e10 [ 169.641054][ T5818] [ 169.641062][ T5818] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 170.392520][ T5828] syz-executor: attempt to access beyond end of device [ 170.392520][ T5828] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 170.411813][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 170.411844][ T5828] Tainted: [L]=SOFTLOCKUP [ 170.411850][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 170.411861][ T5828] Call Trace: [ 170.411868][ T5828] [ 170.411876][ T5828] dump_stack_lvl+0xe8/0x150 [ 170.411908][ T5828] f2fs_handle_critical_error+0x37c/0x540 [ 170.411938][ T5828] f2fs_write_end_io+0xcdb/0xff0 [ 170.411982][ T5828] __submit_merged_bio+0x256/0x700 [ 170.412011][ T5828] __submit_merged_write_cond+0x3c3/0x4e0 [ 170.412043][ T5828] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 170.412092][ T5828] f2fs_write_data_pages+0x2970/0x35e0 [ 170.412169][ T5828] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 170.412244][ T5828] ? kernel_text_address+0xa5/0xe0 [ 170.412266][ T5828] ? __kernel_text_address+0xd/0x30 [ 170.412285][ T5828] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 170.412325][ T5828] ? __lock_acquire+0x6b5/0x2cf0 [ 170.412351][ T5828] ? stack_depot_save_flags+0x33/0x810 [ 170.412392][ T5828] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 170.412417][ T5828] do_writepages+0x32e/0x550 [ 170.412453][ T5828] ? do_raw_spin_unlock+0xf5/0x210 [ 170.412476][ T5828] filemap_fdatawrite+0x1e9/0x2f0 [ 170.412504][ T5828] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 170.412578][ T5828] ? do_raw_spin_unlock+0xf5/0x210 [ 170.412601][ T5828] f2fs_sync_dirty_inodes+0x30e/0x860 [ 170.412641][ T5828] f2fs_write_checkpoint+0x9cf/0x2680 [ 170.412700][ T5828] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 170.412773][ T5828] ? kfree+0x1c1/0x630 [ 170.412796][ T5828] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 170.412831][ T5828] kill_f2fs_super+0x314/0x720 [ 170.412862][ T5828] ? __pfx_kill_f2fs_super+0x10/0x10 [ 170.412906][ T5828] ? lockdep_hardirqs_on+0x7a/0x110 [ 170.412941][ T5828] deactivate_locked_super+0xbc/0x130 [ 170.412969][ T5828] cleanup_mnt+0x437/0x4d0 [ 170.412989][ T5828] ? _raw_spin_unlock_irq+0x23/0x50 [ 170.413013][ T5828] task_work_run+0x1d9/0x270 [ 170.413035][ T5828] ? __pfx_task_work_run+0x10/0x10 [ 170.413066][ T5828] exit_to_user_mode_loop+0xed/0x480 [ 170.413085][ T5828] ? rcu_is_watching+0x15/0xb0 [ 170.413121][ T5828] do_syscall_64+0x32d/0xf80 [ 170.413140][ T5828] ? trace_irq_disable+0x3b/0x150 [ 170.413166][ T5828] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.413183][ T5828] ? clear_bhb_loop+0x40/0x90 [ 170.413205][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.413223][ T5828] RIP: 0033:0x7f995c19c117 [ 170.413240][ T5828] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 170.413254][ T5828] RSP: 002b:00007ffec141ec08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 170.413273][ T5828] RAX: 0000000000000000 RBX: 00007f995c20471f RCX: 00007f995c19c117 [ 170.413286][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec141ecc0 [ 170.413296][ T5828] RBP: 00007ffec141ecc0 R08: 00007ffec141fcc0 R09: 00000000ffffffff [ 170.413308][ T5828] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec141fd50 [ 170.413319][ T5828] R13: 00007f995c20471f R14: 0000000000029662 R15: 00007ffec141fd90 [ 170.413352][ T5828] [ 170.413658][ T5828] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 170.475999][ T7896] loop1: detected capacity change from 0 to 16 [ 170.531925][ T5832] Bluetooth: hci2: command 0x041b tx timeout [ 170.851406][ T7896] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 170.946851][ T7831] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.258626][ T7831] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.427177][ T7908] sctp: [Deprecated]: syz.4.709 (pid 7908) Use of int in maxseg socket option. [ 171.427177][ T7908] Use struct sctp_assoc_value instead [ 171.691934][ T7831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 171.713337][ T7831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 171.751437][ T7831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 171.792280][ T7831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 172.093291][ T7831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.182416][ T7831] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.231269][ T3583] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.239164][ T3583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.271517][ T3583] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.279939][ T3583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.304227][ T7934] loop3: detected capacity change from 0 to 512 [ 172.326003][ T7934] EXT4-fs: Ignoring removed mblk_io_submit option [ 172.361857][ T7934] EXT4-fs: Ignoring removed bh option [ 172.378887][ T7934] EXT4-fs (loop3): Test dummy encryption mode enabled [ 172.379078][ T119] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 172.422202][ T7934] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 172.440322][ T7915] loop4: detected capacity change from 0 to 32768 [ 172.463029][ T7915] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.716 (7915) [ 172.495848][ T7934] EXT4-fs (loop3): 1 truncate cleaned up [ 172.508639][ T7934] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.535907][ T119] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 172.554947][ T7915] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 172.580479][ T119] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.595068][ T7915] BTRFS info (device loop4): using crc32c checksum algorithm [ 172.604928][ T119] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 172.627895][ T5142] Bluetooth: hci2: command 0x041b tx timeout [ 172.640647][ T119] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.656639][ T119] usb 2-1: config 0 descriptor?? [ 172.772509][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.823560][ T7915] BTRFS info (device loop4): enabling ssd optimizations [ 172.834478][ T7915] BTRFS info (device loop4): turning on async discard [ 172.844023][ T7915] BTRFS info (device loop4): enabling free space tree [ 172.852026][ T7915] BTRFS info (device loop4): use zlib compression, level 3 [ 172.999723][ T7831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.138128][ T119] isku 0003:1E7D:319C.0006: item fetching failed at offset 5/7 [ 173.154851][ T5828] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 173.174651][ T119] isku 0003:1E7D:319C.0006: parse failed [ 173.237595][ T119] isku 0003:1E7D:319C.0006: probe with driver isku failed with error -22 [ 173.282370][ T7831] veth0_vlan: entered promiscuous mode [ 173.301530][ T7831] veth1_vlan: entered promiscuous mode [ 173.357106][ T119] usb 2-1: USB disconnect, device number 5 [ 173.385776][ T7967] netlink: 8 bytes leftover after parsing attributes in process `syz.0.727'. [ 173.435298][ T7967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.727'. [ 173.624825][ T7831] veth0_macvtap: entered promiscuous mode [ 173.704513][ T7831] veth1_macvtap: entered promiscuous mode [ 173.849750][ T7831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.877585][ T7831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.954408][ T194] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.010863][ T194] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.046054][ T194] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.055841][ T7981] loop3: detected capacity change from 0 to 128 [ 174.090225][ T194] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.135103][ T7981] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 174.191746][ T7981] ext4 filesystem being mounted at /152/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 174.259395][ T7981] fscrypt (loop3, inode 12): Unsupported encryption flags (0x08) [ 174.380345][ T119] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 174.404205][ T7990] netlink: 'syz.0.735': attribute type 4 has an invalid length. [ 174.442351][ T5827] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 174.513268][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.570616][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.592647][ T119] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 174.629157][ T119] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.684253][ T119] usb 5-1: config 0 descriptor?? [ 174.695344][ T5142] Bluetooth: hci2: command 0x041b tx timeout [ 174.725423][ T119] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 174.743742][ T3583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.785633][ T3583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.920313][ T8000] nbd1: detected capacity change from 0 to 127 [ 174.960200][ T5142] block nbd1: Receive control failed (result -32) [ 174.987154][ T7037] block nbd1: Dead connection, failed to find a fallback [ 175.010779][ T8006] loop3: detected capacity change from 0 to 1024 [ 175.050163][ T7037] block nbd1: shutting down sockets [ 175.058463][ T7037] blk_print_req_error: 138 callbacks suppressed [ 175.058485][ T7037] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.085033][ T7037] buffer_io_error: 138 callbacks suppressed [ 175.085053][ T7037] Buffer I/O error on dev nbd1, logical block 0, async page read [ 175.109543][ T7037] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.122064][ T7037] Buffer I/O error on dev nbd1, logical block 1, async page read [ 175.132151][ T7037] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.147476][ T7037] Buffer I/O error on dev nbd1, logical block 2, async page read [ 175.166940][ T7037] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.186387][ T8009] loop2: detected capacity change from 0 to 256 [ 175.230160][ T8006] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 175.249398][ T7037] Buffer I/O error on dev nbd1, logical block 3, async page read [ 175.295454][ T8006] hfsplus: xattr searching failed [ 175.308674][ T7037] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.344276][ T8009] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 175.350406][ T8014] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 175.375331][ T8015] program syz.0.743 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 175.411575][ T7037] Buffer I/O error on dev nbd1, logical block 0, async page read [ 175.427956][ T8014] hfsplus: xattr search failed [ 175.454319][ T7037] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.491714][ T7037] Buffer I/O error on dev nbd1, logical block 1, async page read [ 175.519100][ T7037] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.551070][ T8009] exFAT-fs (loop2): start_clu is invalid cluster(0xffffffff) [ 175.569224][ T7037] Buffer I/O error on dev nbd1, logical block 2, async page read [ 175.620326][ T7037] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.639542][ T119] usb 5-1: USB disconnect, device number 8 [ 175.681985][ T7037] Buffer I/O error on dev nbd1, logical block 3, async page read [ 175.706788][ T8019] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 175.738696][ T7037] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.784823][ T8019] macsec1: entered promiscuous mode [ 175.806600][ T7037] Buffer I/O error on dev nbd1, logical block 0, async page read [ 175.841553][ T8019] macsec1: entered allmulticast mode [ 175.851540][ T7037] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 175.913156][ T7037] Buffer I/O error on dev nbd1, logical block 1, async page read [ 175.927483][ T8019] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 175.964243][ T7037] ldm_validate_partition_table(): Disk read failed. [ 175.997337][ T7037] Dev nbd1: unable to read RDB block 0 [ 176.011018][ T7037] nbd1: unable to read partition table [ 176.027648][ T7037] ldm_validate_partition_table(): Disk read failed. [ 176.038622][ T7037] Dev nbd1: unable to read RDB block 0 [ 176.051126][ T7037] nbd1: unable to read partition table [ 176.463314][ T8039] loop4: detected capacity change from 0 to 1024 [ 176.559800][ T194] hfsplus: b-tree write err: -5, ino 4 [ 176.739149][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 176.776269][ T5142] Bluetooth: hci2: command 0x041b tx timeout [ 176.826991][ T8055] loop4: detected capacity change from 0 to 16 [ 176.889135][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 176.910142][ T10] usb 1-1: config 0 has an invalid interface number: 196 but max is 0 [ 176.927271][ T8055] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 176.944642][ T10] usb 1-1: config 0 has no interface number 0 [ 176.963896][ T10] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 176.987739][ T8059] netlink: 'syz.1.763': attribute type 11 has an invalid length. [ 177.019076][ T8059] netlink: 190972 bytes leftover after parsing attributes in process `syz.1.763'. [ 177.039041][ T10] usb 1-1: config 0 interface 196 has no altsetting 0 [ 177.062390][ T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 177.077542][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.098573][ T10] usb 1-1: Product: syz [ 177.128829][ T10] usb 1-1: Manufacturer: syz [ 177.156928][ T10] usb 1-1: SerialNumber: syz [ 177.197897][ T10] usb 1-1: config 0 descriptor?? [ 177.207013][ T8044] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 177.463807][ T8053] loop2: detected capacity change from 0 to 32768 [ 177.556184][ T8053] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 177.634106][ T10] ipheth 1-1:0.196: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes [ 177.663869][ T10] ipheth 1-1:0.196: probe with driver ipheth failed with error -22 [ 177.802762][ T8053] XFS (loop2): Ending clean mount [ 177.855403][ T10] usb 1-1: USB disconnect, device number 7 [ 177.916812][ T8053] XFS (loop2): Quotacheck needed: Please wait. [ 178.018450][ T8053] XFS (loop2): Quotacheck: Done. [ 178.082465][ T7831] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 178.179029][ T119] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 178.355368][ T119] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 178.377846][ T119] usb 2-1: config 0 has no interface number 0 [ 178.419181][ T119] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 178.482355][ T119] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 178.519011][ T119] usb 2-1: config 0 interface 255 has no altsetting 0 [ 178.527554][ T119] usb 2-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 178.566751][ T119] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.619870][ T119] usb 2-1: config 0 descriptor?? [ 178.650560][ T119] ums-realtek 2-1:0.255: USB Mass Storage device detected [ 178.763816][ T8113] netlink: 16 bytes leftover after parsing attributes in process `syz.4.784'. [ 178.881560][ T5936] usb 2-1: USB disconnect, device number 6 [ 179.094818][ T8126] loop4: detected capacity change from 0 to 1024 [ 179.136040][ T8126] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.178822][ T29] audit: type=1800 audit(1770058450.732:14): pid=8126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.790" name="file3" dev="loop4" ino=840 res=0 errno=0 [ 180.065360][ T8128] loop3: detected capacity change from 0 to 40427 [ 180.092549][ T8128] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 180.136500][ T8128] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 180.152681][ T8128] F2FS-fs (loop3): invalid crc value [ 180.445161][ T8128] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 180.490564][ T8159] netlink: 'syz.4.805': attribute type 2 has an invalid length. [ 180.555646][ T8128] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 180.599459][ T8159] ‚#{6c: entered promiscuous mode [ 180.614229][ T8128] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 180.639492][ T8167] netlink: 'syz.4.805': attribute type 2 has an invalid length. [ 180.657980][ T8167] ‚#{6c: left promiscuous mode [ 181.383308][ T8185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.817'. [ 181.395383][ T8185] netlink: 'syz.4.817': attribute type 30 has an invalid length. [ 181.413382][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.4.817'. [ 181.486798][ T8166] loop2: detected capacity change from 0 to 32768 [ 181.536886][ T8166] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.808 (8166) [ 181.594245][ T8190] netlink: 8 bytes leftover after parsing attributes in process `syz.3.811'. [ 181.660074][ T8166] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 181.710745][ T8166] BTRFS info (device loop2): using sha256 checksum algorithm [ 181.974466][ T8166] BTRFS info (device loop2): enabling ssd optimizations [ 182.013512][ T8212] loop4: detected capacity change from 0 to 1024 [ 182.037871][ T8166] BTRFS info (device loop2): turning on async discard [ 182.062674][ T8166] BTRFS info (device loop2): enabling free space tree [ 182.076246][ T8212] EXT4-fs: Ignoring removed orlov option [ 182.119034][ T8212] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 182.237776][ T8212] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.314643][ T8212] EXT4-fs error (device loop4): ext4_find_dest_de:2050: inode #12: block 7: comm syz.4.823: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 182.466868][ T8226] loop3: detected capacity change from 0 to 256 [ 182.495133][ T7831] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 182.536981][ T8226] exfat: Deprecated parameter 'utf8' [ 182.570066][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.629358][ T8226] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 183.139821][ T8234] Failed to get privilege flags for destination (handle=0x2:0x0) [ 183.456244][ T8223] loop1: detected capacity change from 0 to 32768 [ 183.587453][ T8223] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 183.801851][ T8223] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 183.898342][ T8223] XFS (loop1): Starting recovery (logdev: internal) [ 183.918518][ T8232] loop4: detected capacity change from 0 to 32768 [ 183.949738][ T8232] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.828 (8232) [ 183.964119][ T8223] XFS (loop1): Ending recovery (logdev: internal) [ 184.080729][ T8223] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3d6/0x510, xfs_bnobt block 0x8 [ 184.084341][ T8232] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 184.159252][ T8223] XFS (loop1): Unmount and run xfs_repair [ 184.193349][ T8232] BTRFS info (device loop4): using sha256 checksum algorithm [ 184.294552][ T5818] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 184.340922][ T8232] BTRFS info (device loop4): enabling ssd optimizations [ 184.359064][ T8232] BTRFS info (device loop4): turning on async discard [ 184.377829][ T8232] BTRFS info (device loop4): enabling free space tree [ 184.403541][ T5818] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [ 184.502903][ T8286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.840'. [ 184.699834][ T29] audit: type=1800 audit(1770058456.252:15): pid=8232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.828" name="file2" dev="loop4" ino=261 res=0 errno=0 [ 184.930242][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 185.374988][ T8301] macvtap1: entered promiscuous mode [ 185.409202][ T8301] macvtap1: entered allmulticast mode [ 185.430306][ T8301] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 185.492301][ T8301] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 185.505866][ T8301] team0: Device macvtap1 failed to register rx_handler [ 185.579736][ T8301] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 185.629048][ T5976] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 185.629280][ T8301] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 185.801207][ T5976] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 185.830364][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 185.874443][ T5976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.906203][ T5976] usb 3-1: config 0 descriptor?? [ 185.931991][ T5976] cp210x 3-1:0.0: cp210x converter detected [ 185.973928][ T8292] loop3: detected capacity change from 0 to 32768 [ 186.041546][ T24] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 186.063744][ T8292] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 186.086024][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.128989][ T24] usb 1-1: config 0 descriptor?? [ 186.198726][ T24] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 186.200166][ T8296] loop1: detected capacity change from 0 to 32768 [ 186.231286][ T8292] XFS (loop3): Ending clean mount [ 186.259604][ T8296] [ 186.259604][ T8296] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.259604][ T8296] [ 186.262226][ T8292] XFS (loop3): Quotacheck needed: Please wait. [ 186.357392][ T8296] [ 186.357392][ T8296] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.357392][ T8296] [ 186.391658][ T8318] ERROR: (device loop1): diWrite: ixpxd invalid [ 186.391658][ T8318] [ 186.412738][ T8303] loop2: detected capacity change from 0 to 512 [ 186.433731][ T8303] EXT4-fs: quotafile must be on filesystem root [ 186.469461][ T8296] JFS: metapage_get_blocks failed [ 186.526936][ T8318] ERROR: (device loop1): txCommit: [ 186.526936][ T8318] [ 186.595672][ T8292] XFS (loop3): Quotacheck: Done. [ 186.624513][ T8296] [ 186.624513][ T8296] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.624513][ T8296] [ 186.674072][ T5976] usb 3-1: cp210x converter now attached to ttyUSB0 [ 186.680937][ T8318] ERROR: (device loop1): diFree: invalid inoext [ 186.680937][ T8318] [ 186.753982][ T8296] [ 186.753982][ T8296] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.753982][ T8296] [ 186.799406][ T5976] usb 3-1: USB disconnect, device number 9 [ 186.830823][ T5976] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 186.839661][ T8296] [ 186.839661][ T8296] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.839661][ T8296] [ 186.875098][ T5976] cp210x 3-1:0.0: device disconnected [ 186.898873][ T8296] [ 186.898873][ T8296] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.898873][ T8296] [ 186.909990][ T5827] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 186.968395][ T3583] ERROR: (device loop1): diWrite: ixpxd invalid [ 186.968395][ T3583] [ 186.994387][ T3583] ERROR: (device loop1): txCommit: [ 186.994387][ T3583] [ 187.003510][ T3583] jfs_write_inode: jfs_commit_inode failed! [ 187.023683][ T5818] [ 187.023683][ T5818] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.023683][ T5818] [ 187.063151][ T24] gspca_cpia1: usb_control_msg 02, error -71 [ 187.083027][ T5818] [ 187.083027][ T5818] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.083027][ T5818] [ 187.084286][ T24] gspca_cpia1: usb_control_msg 05, error -71 [ 187.159630][ T24] gspca_cpia1: usb_control_msg 04, error -71 [ 187.178278][ T24] cpia1 1-1:0.0: probe with driver cpia1 failed with error -71 [ 187.236901][ T24] usb 1-1: USB disconnect, device number 8 [ 187.359062][ T5976] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 187.540054][ T5976] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 187.553359][ T8328] netlink: 20 bytes leftover after parsing attributes in process `syz.2.855'. [ 187.567872][ T5976] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 187.597518][ T5976] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 187.608652][ T5976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 187.640842][ T5976] usb 5-1: SerialNumber: syz [ 187.891509][ T5976] usb 5-1: 0:2 : does not exist [ 188.976311][ T5976] usb 5-1: USB disconnect, device number 9 [ 189.134189][ T7037] udevd[7037]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 189.723007][ T8332] loop2: detected capacity change from 0 to 40427 [ 189.800552][ T8332] F2FS-fs (loop2): invalid crc value [ 190.185368][ T8332] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 190.274275][ T8332] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 190.473275][ T7831] syz-executor: attempt to access beyond end of device [ 190.473275][ T7831] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 190.532521][ T7831] CPU: 1 UID: 0 PID: 7831 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 190.532553][ T7831] Tainted: [L]=SOFTLOCKUP [ 190.532567][ T7831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 190.532579][ T7831] Call Trace: [ 190.532586][ T7831] [ 190.532594][ T7831] dump_stack_lvl+0xe8/0x150 [ 190.532622][ T7831] f2fs_handle_critical_error+0x37c/0x540 [ 190.532649][ T7831] f2fs_write_end_io+0xcdb/0xff0 [ 190.532686][ T7831] __submit_merged_bio+0x256/0x700 [ 190.532712][ T7831] __submit_merged_write_cond+0x3c3/0x4e0 [ 190.532747][ T7831] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 190.532798][ T7831] f2fs_write_data_pages+0x2970/0x35e0 [ 190.532849][ T7831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.532884][ T7831] ? css_rstat_updated+0x23a/0x530 [ 190.532923][ T7831] ? rcu_is_watching+0x15/0xb0 [ 190.532944][ T7831] ? mod_memcg_lruvec_state+0x1a7/0x360 [ 190.532967][ T7831] ? __lock_acquire+0x6b5/0x2cf0 [ 190.533007][ T7831] ? __lock_acquire+0x6b5/0x2cf0 [ 190.533041][ T7831] ? do_raw_spin_lock+0x12b/0x2f0 [ 190.533078][ T7831] ? do_raw_spin_unlock+0xf5/0x210 [ 190.533095][ T7831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.533119][ T7831] do_writepages+0x32e/0x550 [ 190.533152][ T7831] ? do_raw_spin_unlock+0xf5/0x210 [ 190.533172][ T7831] filemap_fdatawrite+0x1e9/0x2f0 [ 190.533197][ T7831] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 190.533537][ T7831] ? do_raw_spin_unlock+0xf5/0x210 [ 190.533564][ T7831] f2fs_sync_dirty_inodes+0x30e/0x860 [ 190.533598][ T7831] f2fs_write_checkpoint+0x9cf/0x2680 [ 190.533653][ T7831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 190.533723][ T7831] kill_f2fs_super+0x314/0x720 [ 190.533754][ T7831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 190.533787][ T7831] ? lockdep_hardirqs_on+0x7a/0x110 [ 190.533820][ T7831] deactivate_locked_super+0xbc/0x130 [ 190.533847][ T7831] cleanup_mnt+0x437/0x4d0 [ 190.533863][ T7831] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.533884][ T7831] task_work_run+0x1d9/0x270 [ 190.533906][ T7831] ? __pfx_task_work_run+0x10/0x10 [ 190.533934][ T7831] exit_to_user_mode_loop+0xed/0x480 [ 190.533955][ T7831] ? rcu_is_watching+0x15/0xb0 [ 190.533982][ T7831] do_syscall_64+0x32d/0xf80 [ 190.533999][ T7831] ? trace_irq_disable+0x3b/0x150 [ 190.534021][ T7831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.534044][ T7831] ? clear_bhb_loop+0x40/0x90 [ 190.534066][ T7831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.534082][ T7831] RIP: 0033:0x7fe8b539c117 [ 190.534100][ T7831] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 190.534115][ T7831] RSP: 002b:00007ffdfc1adf48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 190.534134][ T7831] RAX: 0000000000000000 RBX: 00007fe8b540471f RCX: 00007fe8b539c117 [ 190.534146][ T7831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdfc1ae000 [ 190.534157][ T7831] RBP: 00007ffdfc1ae000 R08: 00007ffdfc1af000 R09: 00000000ffffffff [ 190.534169][ T7831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdfc1af090 [ 190.534180][ T7831] R13: 00007fe8b540471f R14: 000000000002e7a9 R15: 00007ffdfc1af0d0 [ 190.534261][ T7831] [ 190.959795][ T7831] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 192.060674][ T5976] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 192.232017][ T5976] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 192.376733][ T5976] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 192.445836][ T5976] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 192.470695][ T5976] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 192.517260][ T5976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.581460][ T8408] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 193.388575][ T8440] loop3: detected capacity change from 0 to 32768 [ 193.481723][ T8440] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 193.571748][ T8440] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 193.643105][ T5976] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 193.678024][ T5976] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input18 [ 193.739134][ T8440] XFS (loop3): Ending clean mount [ 193.771864][ T8440] XFS (loop3): Quotacheck needed: Please wait. [ 193.880959][ T5976] usb 2-1: USB disconnect, device number 7 [ 193.887724][ C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 194.043103][ T8440] XFS (loop3): Quotacheck: Done. [ 194.355370][ T5827] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 194.407325][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.416019][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.768026][ T8500] loop1: detected capacity change from 0 to 136 [ 194.855940][ T8500] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 195.224069][ T8513] loop2: detected capacity change from 0 to 1024 [ 195.636184][ T8527] loop1: detected capacity change from 0 to 8 [ 195.719775][ T8531] random: crng reseeded on system resumption [ 195.761438][ T8527] SQUASHFS error: Unable to read directory block [1d0:22] [ 195.788170][ T8527] SQUASHFS error: Unable to read directory block [1d0:22] [ 195.876455][ T5818] SQUASHFS error: Unable to read directory block [1d0:22] [ 195.895799][ T5818] SQUASHFS error: Unable to read directory block [1d0:22] [ 195.915037][ T5818] SQUASHFS error: Unknown inode type 0 in squashfs_iget! [ 195.935313][ T5818] SQUASHFS error: Unknown inode type 0 in squashfs_iget! [ 196.072349][ T8543] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 196.456448][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 196.463847][ T5835] Bluetooth: hci3: command 0x0405 tx timeout [ 196.463914][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 196.480292][ T5829] Bluetooth: hci4: command 0x0406 tx timeout [ 196.770424][ T8556] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 197.037897][ T8545] loop2: detected capacity change from 0 to 40427 [ 197.083958][ T8545] F2FS-fs (loop2): invalid crc value [ 197.245237][ T8545] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 197.258379][ T8545] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 197.306371][ T7831] syz-executor: attempt to access beyond end of device [ 197.306371][ T7831] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 197.325841][ T7831] CPU: 1 UID: 0 PID: 7831 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 197.325872][ T7831] Tainted: [L]=SOFTLOCKUP [ 197.325879][ T7831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 197.325889][ T7831] Call Trace: [ 197.325896][ T7831] [ 197.325904][ T7831] dump_stack_lvl+0xe8/0x150 [ 197.325934][ T7831] f2fs_handle_critical_error+0x37c/0x540 [ 197.325964][ T7831] f2fs_write_end_io+0xcdb/0xff0 [ 197.326012][ T7831] __submit_merged_bio+0x256/0x700 [ 197.326042][ T7831] __submit_merged_write_cond+0x3c3/0x4e0 [ 197.326077][ T7831] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 197.326125][ T7831] f2fs_write_data_pages+0x2970/0x35e0 [ 197.326146][ T7831] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 197.326209][ T7831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 197.326247][ T7831] ? css_rstat_updated+0x23a/0x530 [ 197.326295][ T7831] ? rcu_is_watching+0x15/0xb0 [ 197.326320][ T7831] ? mod_memcg_lruvec_state+0x1a7/0x360 [ 197.326348][ T7831] ? __lock_acquire+0x6b5/0x2cf0 [ 197.326386][ T7831] ? __lock_acquire+0x6b5/0x2cf0 [ 197.326413][ T7831] ? do_raw_spin_lock+0x12b/0x2f0 [ 197.326443][ T7831] ? do_raw_spin_unlock+0xf5/0x210 [ 197.327113][ T7831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 197.327146][ T7831] do_writepages+0x32e/0x550 [ 197.327184][ T7831] ? do_raw_spin_unlock+0xf5/0x210 [ 197.327247][ T7831] filemap_fdatawrite+0x1e9/0x2f0 [ 197.327276][ T7831] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 197.327349][ T7831] ? do_raw_spin_unlock+0xf5/0x210 [ 197.327372][ T7831] f2fs_sync_dirty_inodes+0x30e/0x860 [ 197.327413][ T7831] f2fs_write_checkpoint+0x9cf/0x2680 [ 197.327469][ T7831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 197.327888][ T7831] kill_f2fs_super+0x314/0x720 [ 197.327930][ T7831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 197.327969][ T7831] ? lockdep_hardirqs_on+0x7a/0x110 [ 197.328006][ T7831] deactivate_locked_super+0xbc/0x130 [ 197.328039][ T7831] cleanup_mnt+0x437/0x4d0 [ 197.328057][ T7831] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.328080][ T7831] task_work_run+0x1d9/0x270 [ 197.328104][ T7831] ? __pfx_task_work_run+0x10/0x10 [ 197.328135][ T7831] exit_to_user_mode_loop+0xed/0x480 [ 197.328154][ T7831] ? rcu_is_watching+0x15/0xb0 [ 197.328181][ T7831] do_syscall_64+0x32d/0xf80 [ 197.328196][ T7831] ? trace_irq_disable+0x3b/0x150 [ 197.328214][ T7831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.328231][ T7831] ? clear_bhb_loop+0x40/0x90 [ 197.328253][ T7831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.328271][ T7831] RIP: 0033:0x7fe8b539c117 [ 197.328289][ T7831] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 197.328304][ T7831] RSP: 002b:00007ffdfc1adf48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 197.328324][ T7831] RAX: 0000000000000000 RBX: 00007fe8b540471f RCX: 00007fe8b539c117 [ 197.328336][ T7831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdfc1ae000 [ 197.328347][ T7831] RBP: 00007ffdfc1ae000 R08: 00007ffdfc1af000 R09: 00000000ffffffff [ 197.328359][ T7831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdfc1af090 [ 197.328370][ T7831] R13: 00007fe8b540471f R14: 0000000000030282 R15: 00007ffdfc1af0d0 [ 197.328403][ T7831] [ 197.328412][ T7831] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 197.710491][ T8560] loop3: detected capacity change from 0 to 32768 [ 197.752853][ T5142] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 197.781234][ T5142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 197.795895][ T5142] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 197.805746][ T8560] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.939 (8560) [ 197.832639][ T5142] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 197.845213][ T5142] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 197.845745][ T8560] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 197.889955][ T8560] BTRFS info (device loop3): using sha256 checksum algorithm [ 198.182143][ T8560] BTRFS info (device loop3): enabling ssd optimizations [ 198.253605][ T8560] BTRFS info (device loop3): turning on async discard [ 198.281563][ T8560] BTRFS info (device loop3): enabling free space tree [ 198.512940][ T5827] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 198.580666][ T8570] chnl_net:caif_netlink_parms(): no params data found [ 198.798975][ T8609] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 198.807182][ T8609] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 199.014766][ T8570] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.024501][ T8570] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.037931][ T8570] bridge_slave_0: entered allmulticast mode [ 199.047921][ T8570] bridge_slave_0: entered promiscuous mode [ 199.059578][ T8570] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.069350][ T8570] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.087709][ T8570] bridge_slave_1: entered allmulticast mode [ 199.128495][ T8570] bridge_slave_1: entered promiscuous mode [ 199.390969][ T8624] loop2: detected capacity change from 0 to 512 [ 199.406027][ T8570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.470282][ T8570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.538221][ T8624] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.956: bg 0: block 5: invalid block bitmap [ 199.586064][ T8570] team0: Port device team_slave_0 added [ 199.597828][ T8624] loop2: lost filesystem error report for type 5 error -117 [ 199.599713][ C1] EXT4-fs (loop2): initial error at time 1770058471: ext4_validate_block_bitmap:432 [ 199.621489][ C1] EXT4-fs (loop2): last error at time 1770058471: ext4_validate_block_bitmap:432 [ 199.674866][ T8570] team0: Port device team_slave_1 added [ 199.700858][ T8624] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6687: Corrupt filesystem [ 199.733478][ T8624] loop2: lost filesystem error report for type 5 error -117 [ 199.735801][ T8624] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.956: invalid indirect mapped block 3 (level 2) [ 199.769144][ T8624] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 199.789517][ T8624] EXT4-fs (loop2): 1 orphan inode deleted [ 199.818059][ T8570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.826664][ T8570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.849075][ T8624] EXT4-fs (loop2): 1 truncate cleaned up [ 199.860711][ T8570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.890339][ T8570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.898245][ T8570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.900658][ T8624] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.944601][ T8570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.971198][ T5820] Bluetooth: hci0: command tx timeout [ 200.148679][ T8624] EXT4-fs error (device loop2): ext4_inlinedir_to_tree:1324: inode #12: block 7: comm syz.2.956: path /35/file0/file0: bad entry in directory: directory entry overrun - offset=196864, inode=4278190093, rec_len=196860, size=60 fake=0 [ 200.257974][ T8570] hsr_slave_0: entered promiscuous mode [ 200.301824][ T8570] hsr_slave_1: entered promiscuous mode [ 200.312031][ T7831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.328666][ T8570] debugfs: 'hsr0' already exists in 'hsr' [ 200.359096][ T8570] Cannot create hsr debugfs directory [ 200.579212][ T8655] netlink: 'syz.0.970': attribute type 6 has an invalid length. [ 200.656608][ T8655] netlink: 'syz.0.970': attribute type 6 has an invalid length. [ 200.688432][ T8644] loop3: detected capacity change from 0 to 32768 [ 200.805403][ T8644] JBD2: Ignoring recovery information on journal [ 200.969665][ T8644] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 201.011445][ T8570] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 201.060894][ T8570] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 201.086180][ T8570] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 201.146690][ T8570] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 201.452932][ T5827] ocfs2: Unmounting device (7,3) on (node local) [ 201.735777][ T8570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.807601][ T8570] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.842550][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.851585][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.909880][ T8687] loop2: detected capacity change from 0 to 256 [ 201.914484][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.926027][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.946585][ T29] audit: type=1800 audit(1770058473.502:16): pid=8687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.976" name="file0" dev="loop2" ino=1048636 res=0 errno=0 [ 202.053451][ T5820] Bluetooth: hci0: command tx timeout [ 202.079191][ T29] audit: type=1800 audit(1770058473.552:17): pid=8687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.976" name="file0" dev="loop2" ino=1048636 res=0 errno=0 [ 202.575515][ T8707] loop3: detected capacity change from 0 to 512 [ 202.612028][ T8707] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 202.678538][ T8704] loop2: detected capacity change from 0 to 4096 [ 202.713165][ T8707] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.781757][ T8570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.782630][ T8707] EXT4-fs error (device loop3): ext4_readdir:265: inode #2: block 3: comm syz.3.984: path (unknown): bad entry in directory: directory entry overrun - offset=12, inode=514, rec_len=2048, size=2048 fake=0 [ 202.825228][ T8704] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 202.865513][ T8709] loop4: detected capacity change from 0 to 4096 [ 202.888327][ T8707] EXT4-fs error (device loop3): ext4_readdir:265: inode #2: block 12: comm syz.3.984: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0 [ 202.970529][ T8704] ntfs3(loop2): ino=1a, mi_enum_attr [ 202.976964][ T8704] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 202.994800][ T8704] ntfs3(loop2): ino=1a, mi_enum_attr [ 203.005552][ T8709] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 203.005947][ T8704] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 203.018951][ T8707] EXT4-fs error (device loop3): ext4_readdir:265: inode #2: block 13: comm syz.3.984: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=3653246737, rec_len=65536, size=2048 fake=0 [ 203.104413][ T8709] ntfs3(loop4): Failed to load $Extend (-22). [ 203.122720][ T8709] ntfs3(loop4): Failed to initialize $Extend. [ 203.149493][ T8718] misc userio: Can't change port type on an already running userio instance [ 203.273461][ T5827] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 203.304887][ T8704] ntfs3(loop2): ino=5, "/" ntfs_readdir [ 203.306392][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.687017][ T8570] veth0_vlan: entered promiscuous mode [ 203.711053][ T8570] veth1_vlan: entered promiscuous mode [ 203.721563][ T8731] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 203.721563][ T8731] The task syz.2.989 (8731) triggered the difference, watch for misbehavior. [ 203.802728][ T8570] veth0_macvtap: entered promiscuous mode [ 203.835985][ T8570] veth1_macvtap: entered promiscuous mode [ 203.879050][ T8570] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.910743][ T8570] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.919042][ T29] audit: type=1326 audit(1770058475.472:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.0.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f4f9aeb9 code=0x7ffc0000 [ 203.966343][ T29] audit: type=1326 audit(1770058475.482:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.0.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f4f9aeb9 code=0x7ffc0000 [ 203.966753][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.993315][ T29] audit: type=1326 audit(1770058475.512:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.0.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f86f4f9aeb9 code=0x7ffc0000 [ 204.030818][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.041791][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.060733][ T1109] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.061571][ T29] audit: type=1326 audit(1770058475.512:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.0.991" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f86f4f9aeb9 code=0x0 [ 204.136554][ T5820] Bluetooth: hci0: command tx timeout [ 204.182956][ T8725] loop3: detected capacity change from 0 to 40427 [ 204.194580][ T8725] F2FS-fs (loop3): Invalid log sectors per block(0) log sectorsize(9) [ 204.208395][ T8725] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 204.247364][ T8725] F2FS-fs (loop3): invalid crc value [ 204.258708][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.294431][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.409412][ T3583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.449992][ T3583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.476758][ T8725] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 204.539199][ T8725] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 204.547447][ T8725] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 204.821261][ T5827] syz-executor: attempt to access beyond end of device [ 204.821261][ T5827] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 204.879075][ T5827] CPU: 0 UID: 0 PID: 5827 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 204.879106][ T5827] Tainted: [L]=SOFTLOCKUP [ 204.879112][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 204.879127][ T5827] Call Trace: [ 204.879135][ T5827] [ 204.879143][ T5827] dump_stack_lvl+0xe8/0x150 [ 204.879169][ T5827] f2fs_handle_critical_error+0x37c/0x540 [ 204.879197][ T5827] f2fs_write_end_io+0xcdb/0xff0 [ 204.879232][ T5827] __submit_merged_bio+0x256/0x700 [ 204.879253][ T5827] __submit_merged_write_cond+0x3c3/0x4e0 [ 204.879275][ T5827] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 204.879309][ T5827] f2fs_write_data_pages+0x2970/0x35e0 [ 204.879356][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 204.879383][ T5827] ? css_rstat_updated+0x23a/0x530 [ 204.879418][ T5827] ? rcu_is_watching+0x15/0xb0 [ 204.879436][ T5827] ? mod_memcg_lruvec_state+0x1a7/0x360 [ 204.879457][ T5827] ? lru_gen_update_size+0x7c9/0xd10 [ 204.879485][ T5827] ? __lock_acquire+0x6b5/0x2cf0 [ 204.879520][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 204.879537][ T5827] do_writepages+0x32e/0x550 [ 204.879562][ T5827] ? do_raw_spin_unlock+0xf5/0x210 [ 204.879580][ T5827] filemap_fdatawrite+0x1e9/0x2f0 [ 204.879599][ T5827] ? look_up_lock_class+0x57/0x110 [ 204.879616][ T5827] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 204.879668][ T5827] ? do_raw_spin_unlock+0xf5/0x210 [ 204.879684][ T5827] f2fs_sync_dirty_inodes+0x30e/0x860 [ 204.879714][ T5827] f2fs_write_checkpoint+0x9cf/0x2680 [ 204.879756][ T5827] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 204.879816][ T5827] kill_f2fs_super+0x314/0x720 [ 204.879850][ T5827] ? __pfx_kill_f2fs_super+0x10/0x10 [ 204.879879][ T5827] ? lockdep_hardirqs_on+0x7a/0x110 [ 204.879907][ T5827] deactivate_locked_super+0xbc/0x130 [ 204.879933][ T5827] cleanup_mnt+0x437/0x4d0 [ 204.879951][ T5827] ? _raw_spin_unlock_irq+0x23/0x50 [ 204.879972][ T5827] task_work_run+0x1d9/0x270 [ 204.879995][ T5827] ? __pfx_task_work_run+0x10/0x10 [ 204.880022][ T5827] exit_to_user_mode_loop+0xed/0x480 [ 204.880042][ T5827] ? rcu_is_watching+0x15/0xb0 [ 204.880069][ T5827] do_syscall_64+0x32d/0xf80 [ 204.880085][ T5827] ? trace_irq_disable+0x3b/0x150 [ 204.880108][ T5827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.880126][ T5827] ? clear_bhb_loop+0x40/0x90 [ 204.880149][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.880166][ T5827] RIP: 0033:0x7f535579c117 [ 204.880186][ T5827] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 204.880201][ T5827] RSP: 002b:00007ffe8c79a918 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 204.880219][ T5827] RAX: 0000000000000000 RBX: 00007f535580471f RCX: 00007f535579c117 [ 204.880231][ T5827] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8c79a9d0 [ 204.880241][ T5827] RBP: 00007ffe8c79a9d0 R08: 00007ffe8c79b9d0 R09: 00000000ffffffff [ 204.880253][ T5827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8c79ba60 [ 204.880265][ T5827] R13: 00007f535580471f R14: 0000000000031fa2 R15: 00007ffe8c79baa0 [ 204.880295][ T5827] [ 204.880304][ T5827] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 205.189086][ T5891] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 205.439042][ T5891] usb 6-1: Using ep0 maxpacket: 8 [ 205.469544][ T5891] usb 6-1: config 0 has no interfaces? [ 205.509146][ T5891] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 205.518736][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.581245][ T8754] input: syz0 as /devices/virtual/input/input20 [ 205.590801][ T5891] usb 6-1: config 0 descriptor?? [ 205.676018][ T8738] loop4: detected capacity change from 0 to 40427 [ 205.706096][ T8738] F2FS-fs: heap/no_heap options were deprecated [ 205.751491][ T8738] F2FS-fs (loop4): Image doesn't support compression [ 205.808421][ T8738] F2FS-fs (loop4): invalid crc value [ 206.001109][ T5936] usb 6-1: USB disconnect, device number 2 [ 206.089461][ T8738] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 206.127424][ T8738] F2FS-fs (loop4): Start checkpoint disabled! [ 206.139441][ T8738] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 206.158696][ T8738] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 206.209551][ T5820] Bluetooth: hci0: command tx timeout [ 206.277299][ T12] kworker/u8:0: attempt to access beyond end of device [ 206.277299][ T12] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 206.317048][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 206.317078][ T12] Tainted: [L]=SOFTLOCKUP [ 206.317085][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 206.317095][ T12] Workqueue: writeback wb_workfn (flush-7:4) [ 206.317123][ T12] Call Trace: [ 206.317131][ T12] [ 206.317139][ T12] dump_stack_lvl+0xe8/0x150 [ 206.317161][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 206.317184][ T12] f2fs_write_end_io+0xcdb/0xff0 [ 206.317217][ T12] __submit_merged_bio+0x256/0x700 [ 206.317238][ T12] f2fs_submit_page_write+0xec2/0x23e0 [ 206.317268][ T12] ? f2fs_allocate_data_block+0x2c90/0x4130 [ 206.317297][ T12] ? __pfx_f2fs_submit_page_write+0x10/0x10 [ 206.317330][ T12] do_write_page+0x40f/0xac0 [ 206.317344][ T12] ? f2fs_down_read_trace+0x22/0x1c0 [ 206.317364][ T12] f2fs_do_write_node_page+0x3b/0x60 [ 206.317381][ T12] __write_node_folio+0x11b7/0x1a50 [ 206.317412][ T12] ? __pfx___write_node_folio+0x10/0x10 [ 206.317435][ T12] ? f2fs_inode_chksum_set+0x13e/0x640 [ 206.317461][ T12] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 206.317483][ T12] ? folio_clear_dirty_for_io+0x573/0x710 [ 206.317503][ T12] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 206.317526][ T12] f2fs_sync_node_pages+0xeb4/0x1680 [ 206.317561][ T12] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 206.317578][ T12] ? __percpu_counter_sum+0x1c2/0x1e0 [ 206.317630][ T12] ? blk_start_plug+0x51/0x1b0 [ 206.317651][ T12] f2fs_write_node_pages+0x312/0x700 [ 206.317677][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 206.317717][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 206.317738][ T12] do_writepages+0x32e/0x550 [ 206.317766][ T12] ? reacquire_held_locks+0x104/0x190 [ 206.317789][ T12] ? writeback_sb_inodes+0x43d/0x19a0 [ 206.317814][ T12] __writeback_single_inode+0x133/0x11a0 [ 206.317835][ T12] ? do_raw_spin_unlock+0xf5/0x210 [ 206.317858][ T12] writeback_sb_inodes+0x944/0x19a0 [ 206.317883][ T12] ? ret_from_fork_asm+0x1a/0x30 [ 206.317913][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 206.317938][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 206.317955][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.318007][ T12] ? rcu_is_watching+0x15/0xb0 [ 206.318038][ T12] wb_writeback+0x456/0xb70 [ 206.318061][ T12] ? queue_io+0x1f1/0x4a0 [ 206.318089][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 206.318105][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.318135][ T12] wb_workfn+0x414/0xf50 [ 206.318155][ T12] ? look_up_lock_class+0x57/0x110 [ 206.318189][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 206.318209][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.318229][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 206.318270][ T12] ? process_one_work+0x87c/0x1650 [ 206.318289][ T12] process_one_work+0x949/0x1650 [ 206.318329][ T12] ? __pfx_process_one_work+0x10/0x10 [ 206.318348][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.318378][ T12] worker_thread+0xb46/0x1140 [ 206.318418][ T12] kthread+0x388/0x470 [ 206.318434][ T12] ? __pfx_worker_thread+0x10/0x10 [ 206.318451][ T12] ? __pfx_kthread+0x10/0x10 [ 206.318467][ T12] ret_from_fork+0x51e/0xb90 [ 206.318490][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 206.318509][ T12] ? __switch_to+0xc7d/0x1450 [ 206.318531][ T12] ? __pfx_kthread+0x10/0x10 [ 206.318547][ T12] ret_from_fork_asm+0x1a/0x30 [ 206.318586][ T12] [ 206.318875][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 206.723928][ T12] kworker/u8:0: attempt to access beyond end of device [ 206.723928][ T12] loop4: rw=2049, sector=41000, nr_sectors = 8 limit=40427 [ 206.740638][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 206.740662][ T12] Tainted: [L]=SOFTLOCKUP [ 206.740667][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 206.740727][ T12] Workqueue: writeback wb_workfn (flush-7:4) [ 206.740753][ T12] Call Trace: [ 206.740759][ T12] [ 206.740766][ T12] dump_stack_lvl+0xe8/0x150 [ 206.740789][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 206.740822][ T12] f2fs_write_end_io+0xcdb/0xff0 [ 206.740861][ T12] __submit_merged_bio+0x256/0x700 [ 206.740883][ T12] f2fs_submit_merged_write+0x282/0x390 [ 206.740904][ T12] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 206.740978][ T12] ? trace_lock_elapsed_time_end+0xf3/0xbf0 [ 206.740994][ T12] ? f2fs_up_read_trace+0x1b/0x30 [ 206.741013][ T12] ? folio_unlock+0x101/0x160 [ 206.741038][ T12] __write_node_folio+0x14ca/0x1a50 [ 206.741070][ T12] ? __pfx___write_node_folio+0x10/0x10 [ 206.741110][ T12] ? f2fs_inode_chksum_set+0x13e/0x640 [ 206.741133][ T12] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 206.741150][ T12] ? folio_clear_dirty_for_io+0x573/0x710 [ 206.741168][ T12] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 206.741190][ T12] f2fs_sync_node_pages+0xeb4/0x1680 [ 206.741224][ T12] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 206.741240][ T12] ? __percpu_counter_sum+0x1c2/0x1e0 [ 206.741292][ T12] ? blk_start_plug+0x51/0x1b0 [ 206.741310][ T12] f2fs_write_node_pages+0x312/0x700 [ 206.741334][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 206.741363][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 206.741382][ T12] do_writepages+0x32e/0x550 [ 206.741408][ T12] ? reacquire_held_locks+0x104/0x190 [ 206.741429][ T12] ? writeback_sb_inodes+0x43d/0x19a0 [ 206.741454][ T12] __writeback_single_inode+0x133/0x11a0 [ 206.741474][ T12] ? do_raw_spin_unlock+0xf5/0x210 [ 206.741499][ T12] writeback_sb_inodes+0x944/0x19a0 [ 206.741527][ T12] ? ret_from_fork_asm+0x1a/0x30 [ 206.741563][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 206.741589][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 206.741604][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.741653][ T12] ? rcu_is_watching+0x15/0xb0 [ 206.741683][ T12] wb_writeback+0x456/0xb70 [ 206.741709][ T12] ? queue_io+0x1f1/0x4a0 [ 206.741737][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 206.741755][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.741790][ T12] wb_workfn+0x414/0xf50 [ 206.741812][ T12] ? look_up_lock_class+0x57/0x110 [ 206.741846][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 206.741868][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.741889][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 206.741992][ T12] ? process_one_work+0x87c/0x1650 [ 206.742014][ T12] process_one_work+0x949/0x1650 [ 206.742064][ T12] ? __pfx_process_one_work+0x10/0x10 [ 206.742084][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 206.742121][ T12] worker_thread+0xb46/0x1140 [ 206.742164][ T12] kthread+0x388/0x470 [ 206.742180][ T12] ? __pfx_worker_thread+0x10/0x10 [ 206.742203][ T12] ? __pfx_kthread+0x10/0x10 [ 206.742217][ T12] ret_from_fork+0x51e/0xb90 [ 206.742243][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 206.742263][ T12] ? __switch_to+0xc7d/0x1450 [ 206.742289][ T12] ? __pfx_kthread+0x10/0x10 [ 206.742318][ T12] ret_from_fork_asm+0x1a/0x30 [ 206.742361][ T12] [ 206.742593][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 207.304258][ T8771] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1005'. [ 207.336332][ T8766] loop3: detected capacity change from 0 to 32768 [ 207.447513][ T8766] read_mapping_page failed! [ 207.500452][ T8766] ERROR: (device loop3): txCommit: [ 207.500452][ T8766] [ 209.055592][ T8807] loop2: detected capacity change from 0 to 4096 [ 209.073038][ T8813] macvlan0: entered promiscuous mode [ 209.128228][ T8813] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1021'. [ 209.409898][ T8821] tap0: tun_chr_ioctl cmd 35111 [ 209.423399][ T8824] loop5: detected capacity change from 0 to 256 [ 209.558613][ T8824] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x11098fcd, utbl_chksum : 0xe619d30d) [ 209.962303][ T8843] loop2: detected capacity change from 0 to 128 [ 210.237578][ T8851] loop5: detected capacity change from 0 to 1024 [ 210.561031][ T8861] loop8: detected capacity change from 0 to 1 [ 210.603764][ T3583] hfsplus: b-tree write err: -5, ino 4 [ 210.619244][ T8861] Dev loop8: unable to read RDB block 1 [ 210.628805][ T8861] loop8: unable to read partition table [ 210.699185][ T8861] loop8: partition table beyond EOD, truncated [ 210.749076][ T8861] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 210.826033][ T29] audit: type=1326 audit(1770058482.362:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0558f9aeb9 code=0x7ffc0000 [ 210.976271][ T29] audit: type=1326 audit(1770058482.382:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0558f9aeb9 code=0x7ffc0000 [ 211.088665][ T29] audit: type=1326 audit(1770058482.392:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f0558f9aeb9 code=0x7ffc0000 [ 211.195326][ T29] audit: type=1326 audit(1770058482.392:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0558f9aeb9 code=0x7ffc0000 [ 211.244060][ T8879] loop3: detected capacity change from 0 to 2048 [ 211.279186][ T29] audit: type=1326 audit(1770058482.392:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0558f9aeb9 code=0x7ffc0000 [ 211.369109][ T29] audit: type=1326 audit(1770058482.402:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f0558f9aeb9 code=0x7ffc0000 [ 211.435626][ T8879] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.504156][ T29] audit: type=1326 audit(1770058482.462:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0558f3c2d9 code=0x7ffc0000 [ 211.654971][ T29] audit: type=1326 audit(1770058482.462:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0558f3c2d9 code=0x7ffc0000 [ 211.726764][ T29] audit: type=1326 audit(1770058482.462:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0558f3c2d9 code=0x7ffc0000 [ 211.766876][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.862008][ T29] audit: type=1326 audit(1770058482.462:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8867 comm="syz.5.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0558f3c2d9 code=0x7ffc0000 [ 213.049563][ T8930] netlink: 'syz.4.1062': attribute type 2 has an invalid length. [ 213.737516][ T8948] loop4: detected capacity change from 0 to 1024 [ 213.760080][ T8948] EXT4-fs: Ignoring removed oldalloc option [ 213.886840][ T8948] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 213.909738][ T8948] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 213.945886][ T8933] loop2: detected capacity change from 0 to 32768 [ 213.968056][ T8933] btrfs: Deprecated parameter 'usebackuproot' [ 213.976698][ T8933] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 214.028740][ T8933] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1063 (8933) [ 214.061112][ T8933] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 214.102758][ T8933] BTRFS info (device loop2): using crc32c checksum algorithm [ 214.338557][ T8933] BTRFS info (device loop2): rebuilding free space tree [ 214.351306][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 214.464289][ T8933] BTRFS info (device loop2): allowing degraded mounts [ 214.529320][ T8933] BTRFS info (device loop2): enabling ssd optimizations [ 214.567399][ T8933] BTRFS info (device loop2): turning on flush-on-commit [ 214.609808][ T8933] BTRFS info (device loop2): enabling free space tree [ 214.616986][ T8933] BTRFS info (device loop2): force clearing of disk cache [ 214.669209][ T8933] BTRFS info (device loop2): trying to use backup root at mount time [ 214.678338][ T8933] BTRFS info (device loop2): use zstd compression, level 3 [ 215.093612][ T9002] loop5: detected capacity change from 0 to 64 [ 215.114719][ T7831] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 215.608894][ T9014] loop5: detected capacity change from 0 to 128 [ 215.694337][ T5820] Bluetooth: hci0: Malformed Event: 0x13 [ 215.855648][ T8982] loop3: detected capacity change from 0 to 40427 [ 215.933259][ T8982] F2FS-fs (loop3): invalid crc value [ 216.032231][ T5891] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 216.237971][ T5891] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 216.278298][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 216.295892][ T8982] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 216.321748][ T8997] loop4: detected capacity change from 0 to 40427 [ 216.329223][ T5891] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 216.364019][ T8982] F2FS-fs (loop3): Start checkpoint disabled! [ 216.381940][ T8982] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 216.390231][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 216.411344][ T8997] F2FS-fs (loop4): invalid crc value [ 216.435616][ T8982] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 216.444002][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 216.454327][ T5891] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 216.498763][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 216.538868][ T5891] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 216.565142][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 216.588240][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 216.640836][ T5891] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 216.674752][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 216.749359][ T5891] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 216.767860][ T8997] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 216.791997][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 216.826775][ T8997] F2FS-fs (loop4): Start checkpoint disabled! [ 216.834554][ T5891] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 216.872884][ T8997] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 216.891483][ T5891] usb 3-1: string descriptor 0 read error: -22 [ 216.909244][ T8997] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 216.918200][ T5891] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 216.939259][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.961030][ T9023] loop5: detected capacity change from 0 to 32768 [ 216.977746][ T5891] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 217.029679][ T9023] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1088 (9023) [ 217.115271][ T9023] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 217.130594][ T9023] BTRFS info (device loop5): using sha256 checksum algorithm [ 217.142974][ T12] kworker/u8:0: attempt to access beyond end of device [ 217.142974][ T12] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 217.175601][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 217.175637][ T12] Tainted: [L]=SOFTLOCKUP [ 217.175644][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 217.175776][ T12] Workqueue: writeback wb_workfn (flush-7:4) [ 217.175819][ T12] Call Trace: [ 217.175828][ T12] [ 217.175836][ T12] dump_stack_lvl+0xe8/0x150 [ 217.175864][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 217.175894][ T12] f2fs_write_end_io+0xcdb/0xff0 [ 217.175967][ T12] __submit_merged_bio+0x256/0x700 [ 217.175996][ T12] __submit_merged_write_cond+0x3c3/0x4e0 [ 217.176027][ T12] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 217.176074][ T12] f2fs_write_data_pages+0x2970/0x35e0 [ 217.176140][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.176176][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 217.176237][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 217.176306][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.176330][ T12] do_writepages+0x32e/0x550 [ 217.176362][ T12] ? reacquire_held_locks+0x104/0x190 [ 217.176385][ T12] ? writeback_sb_inodes+0x43d/0x19a0 [ 217.176416][ T12] __writeback_single_inode+0x133/0x11a0 [ 217.176439][ T12] ? do_raw_spin_unlock+0xf5/0x210 [ 217.176466][ T12] writeback_sb_inodes+0x944/0x19a0 [ 217.176516][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 217.176534][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 217.176597][ T12] ? rcu_is_watching+0x15/0xb0 [ 217.176629][ T12] wb_writeback+0x456/0xb70 [ 217.176653][ T12] ? queue_io+0x1f1/0x4a0 [ 217.176681][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 217.176695][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 217.176727][ T12] wb_workfn+0x414/0xf50 [ 217.176747][ T12] ? look_up_lock_class+0x57/0x110 [ 217.176782][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 217.176804][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 217.176825][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 217.176867][ T12] ? process_one_work+0x87c/0x1650 [ 217.176888][ T12] process_one_work+0x949/0x1650 [ 217.176944][ T12] ? __pfx_process_one_work+0x10/0x10 [ 217.176962][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 217.176999][ T12] worker_thread+0xb46/0x1140 [ 217.177051][ T12] kthread+0x388/0x470 [ 217.177070][ T12] ? __pfx_worker_thread+0x10/0x10 [ 217.177090][ T12] ? __pfx_kthread+0x10/0x10 [ 217.177109][ T12] ret_from_fork+0x51e/0xb90 [ 217.177136][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 217.177156][ T12] ? __switch_to+0xc7d/0x1450 [ 217.177182][ T12] ? __pfx_kthread+0x10/0x10 [ 217.177200][ T12] ret_from_fork_asm+0x1a/0x30 [ 217.177242][ T12] [ 217.473293][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 217.639617][ T9023] BTRFS info (device loop5): enabling ssd optimizations [ 217.647428][ T9023] BTRFS info (device loop5): turning on async discard [ 217.659075][ T9023] BTRFS info (device loop5): enabling free space tree [ 217.802665][ T5960] usb 3-1: USB disconnect, device number 10 [ 217.942302][ T8570] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 218.290254][ T9068] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1099'. [ 218.516335][ T9073] bad cache= option: none8 [ 218.516335][ T9073] digestsize : 8 [ 218.516335][ T9073] [ 218.516335][ T9073] name : pkcs1(rsa [ 218.516335][ T9073] [ 218.564386][ T9073] CIFS: VFS: bad cache= option: none8 [ 218.564386][ T9073] digestsize : 8 [ 218.564386][ T9073] [ 218.564386][ T9073] name : pkcs1(rsa [ 218.610545][ T9073] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 218.643732][ T9073] CIFS mount error: No usable UNC path provided in device string! [ 218.643732][ T9073] [ 218.663001][ T9073] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 219.007435][ T9094] loop4: detected capacity change from 0 to 16 [ 219.044893][ T9094] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 219.117383][ T9096] loop3: detected capacity change from 0 to 2048 [ 219.210722][ T9103] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 219.577068][ T9114] NILFS error (device loop3): nilfs_dotdot: directory #12 missing '.' [ 219.702935][ T9114] Remounting filesystem read-only [ 219.849335][ T5827] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 220.207433][ T9131] netlink: 27 bytes leftover after parsing attributes in process `syz.3.1123'. [ 220.495653][ T9125] loop2: detected capacity change from 0 to 32768 [ 220.569944][ T5891] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 220.639133][ T5907] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 220.724704][ T9136] loop2: detected capacity change from 0 to 256 [ 220.751390][ T9136] exfat: Deprecated parameter 'utf8' [ 220.759017][ T5891] usb 5-1: Using ep0 maxpacket: 16 [ 220.766120][ T5891] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 220.783093][ T5891] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 220.812727][ T9136] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011d93, chksum : 0x8501cc5b, utbl_chksum : 0xe619d30d) [ 220.827500][ T5891] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 220.858036][ T5907] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 220.882891][ T5891] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 220.885069][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 220.903805][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 220.914599][ T5891] usb 5-1: SerialNumber: syz [ 220.927639][ T9129] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 220.954825][ T5907] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 221.017309][ T5907] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 221.034541][ T5907] usb 4-1: Manufacturer: syz [ 221.059426][ T5907] usb 4-1: config 0 descriptor?? [ 221.103301][ T9145] loop5: detected capacity change from 0 to 8 [ 221.160251][ T5891] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 221.184051][ T9145] SQUASHFS error: Failed to read block 0x636: -5 [ 221.213897][ T9145] SQUASHFS error: Unable to read metadata cache entry [634] [ 221.235583][ T5891] usb 5-1: USB disconnect, device number 10 [ 221.249449][ T5907] rc_core: IR keymap rc-hauppauge not found [ 221.268783][ T5907] Registered IR keymap rc-empty [ 221.307374][ T5907] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 221.344972][ T5907] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input21 [ 221.539013][ T5936] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 221.633125][ C0] igorplugusb 4-1:0.0: receive overflow invalid: 139 [ 221.720846][ T5936] usb 3-1: Using ep0 maxpacket: 32 [ 221.728633][ T5936] usb 3-1: config 1 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 221.744742][ T5936] usb 3-1: config 1 interface 0 has no altsetting 0 [ 221.790157][ T5936] usb 3-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40 [ 221.810459][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.828584][ T9153] loop5: detected capacity change from 0 to 40427 [ 221.831673][ T5936] usb 3-1: Product: syz [ 221.840681][ T9153] F2FS-fs (loop5): Small segment_count (9 < 1 * 24) [ 221.840708][ T9153] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 221.845365][ T5907] usb 4-1: USB disconnect, device number 9 [ 221.864838][ T5936] usb 3-1: Manufacturer: syz [ 221.888831][ T5936] usb 3-1: SerialNumber: syz [ 222.035769][ T9153] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 222.097404][ T9153] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 222.138536][ T9153] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 222.300790][ T5936] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input22 [ 222.343494][ T8570] syz-executor: attempt to access beyond end of device [ 222.343494][ T8570] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 222.369841][ T8570] CPU: 1 UID: 0 PID: 8570 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 222.369868][ T8570] Tainted: [L]=SOFTLOCKUP [ 222.369873][ T8570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 222.369882][ T8570] Call Trace: [ 222.369889][ T8570] [ 222.369896][ T8570] dump_stack_lvl+0xe8/0x150 [ 222.369925][ T8570] f2fs_handle_critical_error+0x37c/0x540 [ 222.369952][ T8570] f2fs_write_end_io+0xcdb/0xff0 [ 222.369992][ T8570] __submit_merged_bio+0x256/0x700 [ 222.370019][ T8570] __submit_merged_write_cond+0x3c3/0x4e0 [ 222.370047][ T8570] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 222.370174][ T8570] f2fs_write_data_pages+0x2970/0x35e0 [ 222.370238][ T8570] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 222.370278][ T8570] ? css_rstat_updated+0x23a/0x530 [ 222.370326][ T8570] ? rcu_is_watching+0x15/0xb0 [ 222.370347][ T8570] ? mod_memcg_lruvec_state+0x1a7/0x360 [ 222.370370][ T8570] ? lru_gen_update_size+0x7c9/0xd10 [ 222.370407][ T8570] ? __lock_acquire+0x6b5/0x2cf0 [ 222.370455][ T8570] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 222.370479][ T8570] do_writepages+0x32e/0x550 [ 222.370515][ T8570] ? do_raw_spin_unlock+0xf5/0x210 [ 222.370539][ T8570] filemap_fdatawrite+0x1e9/0x2f0 [ 222.370566][ T8570] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 222.370640][ T8570] ? do_raw_spin_unlock+0xf5/0x210 [ 222.370663][ T8570] f2fs_sync_dirty_inodes+0x30e/0x860 [ 222.370704][ T8570] f2fs_write_checkpoint+0x9cf/0x2680 [ 222.370765][ T8570] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 222.370846][ T8570] kill_f2fs_super+0x314/0x720 [ 222.370876][ T8570] ? __pfx_kill_f2fs_super+0x10/0x10 [ 222.370906][ T8570] ? lockdep_hardirqs_on+0x7a/0x110 [ 222.370937][ T8570] deactivate_locked_super+0xbc/0x130 [ 222.370962][ T8570] cleanup_mnt+0x437/0x4d0 [ 222.370977][ T8570] ? _raw_spin_unlock_irq+0x23/0x50 [ 222.370996][ T8570] task_work_run+0x1d9/0x270 [ 222.371019][ T8570] ? __pfx_task_work_run+0x10/0x10 [ 222.371047][ T8570] exit_to_user_mode_loop+0xed/0x480 [ 222.371065][ T8570] ? rcu_is_watching+0x15/0xb0 [ 222.371119][ T8570] do_syscall_64+0x32d/0xf80 [ 222.371138][ T8570] ? trace_irq_disable+0x3b/0x150 [ 222.371160][ T8570] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.371176][ T8570] ? clear_bhb_loop+0x40/0x90 [ 222.371195][ T8570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.371213][ T8570] RIP: 0033:0x7f0558f9c117 [ 222.371230][ T8570] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 222.371244][ T8570] RSP: 002b:00007ffd493b98c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 222.371267][ T8570] RAX: 0000000000000000 RBX: 00007f055900471f RCX: 00007f0558f9c117 [ 222.371279][ T8570] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd493b9980 [ 222.371289][ T8570] RBP: 00007ffd493b9980 R08: 00007ffd493ba980 R09: 00000000ffffffff [ 222.371300][ T8570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd493baa10 [ 222.371311][ T8570] R13: 00007f055900471f R14: 0000000000036405 R15: 00007ffd493baa50 [ 222.371338][ T8570] [ 222.371347][ T8570] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 222.733210][ T5936] usb 3-1: USB disconnect, device number 11 [ 222.733242][ C0] appletouch 3-1:1.0: atp_complete: usb_submit_urb failed with result -19 [ 222.824035][ T5936] appletouch 3-1:1.0: input: appletouch disconnected [ 222.926907][ T9173] loop4: detected capacity change from 0 to 64 [ 223.049088][ T5976] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 223.098236][ T9177] futex_wake_op: syz.0.1143 tries to shift op by -1; fix this program [ 223.242603][ T5976] usb 4-1: config 0 has no interfaces? [ 223.249656][ T5976] usb 4-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00 [ 223.277204][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.324467][ T5976] usb 4-1: config 0 descriptor?? [ 223.571235][ T9170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.622049][ T9170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 223.636193][ T9193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1149'. [ 223.638689][ T5976] usb 4-1: USB disconnect, device number 10 [ 223.691826][ T9193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1149'. [ 223.717903][ T9189] loop5: detected capacity change from 0 to 4096 [ 223.793574][ T9198] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 224.097805][ T9203] loop5: detected capacity change from 0 to 128 [ 224.137596][ T9203] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 224.159254][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 224.199371][ T9203] ext4 filesystem being mounted at /22/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 224.319012][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 224.349346][ T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 224.357978][ T10] usb 4-1: config 0 has no interface number 0 [ 224.367836][ T10] usb 4-1: config 0 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 224.382306][ T10] usb 4-1: config 0 interface 1 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 224.395996][ T10] usb 4-1: config 0 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 224.412444][ T10] usb 4-1: config 0 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 224.422930][ T10] usb 4-1: config 0 interface 1 has no altsetting 0 [ 224.436011][ T10] usb 4-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 224.438513][ T8570] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 224.458322][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.491922][ T10] usb 4-1: config 0 descriptor?? [ 224.504566][ T9201] loop4: detected capacity change from 0 to 32768 [ 224.529853][ T9201] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1152 (9201) [ 224.676203][ T9201] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 224.719026][ T9201] BTRFS info (device loop4): using sha256 checksum algorithm [ 224.840595][ T5976] usb 4-1: USB disconnect, device number 11 [ 224.890803][ T9201] BTRFS info (device loop4): enabling ssd optimizations [ 224.920866][ T9201] BTRFS info (device loop4): turning on async discard [ 224.959426][ T9201] BTRFS info (device loop4): enabling free space tree [ 225.120094][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 225.139085][ T119] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 225.322923][ T119] usb 3-1: Using ep0 maxpacket: 16 [ 225.358525][ T119] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 225.429345][ T119] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.480061][ T119] usb 3-1: config 0 descriptor?? [ 225.530718][ T119] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 225.559559][ T9241] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1160'. [ 225.823666][ T9251] netlink: 512 bytes leftover after parsing attributes in process `syz.4.1165'. [ 225.944789][ T9254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1168'. [ 226.340865][ T119] gspca_sonixj: reg_r err -71 [ 226.358227][ T119] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 226.388584][ T119] usb 3-1: USB disconnect, device number 12 [ 226.672328][ T9275] binder: BC_ATTEMPT_ACQUIRE not supported [ 226.692199][ T9275] binder: 9274:9275 ioctl c0306201 2000000001c0 returned -22 [ 226.866412][ T9283] dummy0: entered allmulticast mode [ 226.879439][ T9283] dummy0: left allmulticast mode [ 227.007494][ T9289] loop3: detected capacity change from 0 to 512 [ 227.048482][ T9289] EXT4-fs: Ignoring removed nomblk_io_submit option [ 227.058327][ T9291] loop2: detected capacity change from 0 to 512 [ 227.074425][ T9289] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 227.103894][ T9291] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 227.148540][ T9289] EXT4-fs (loop3): 1 truncate cleaned up [ 227.196151][ T9289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.216074][ T9291] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 227.234227][ T9291] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.253008][ T9301] loop5: detected capacity change from 0 to 512 [ 227.269283][ T9301] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 227.301498][ T9289] syz.3.1183 (pid 9289) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 227.307881][ T9304] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 227.324273][ T9304] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 227.330035][ T9291] EXT4-fs error (device loop2): __ext4_remount:6809: comm syz.2.1184: Abort forced by user [ 227.341313][ T9301] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters [ 227.368667][ T9289] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 211 vs 220 free clusters [ 227.392291][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 227.400562][ C0] EXT4-fs (loop5): initial error at time 1770058498: ext4_mb_generate_buddy:1315 [ 227.404242][ T9301] EXT4-fs (loop5): 1 truncate cleaned up [ 227.410149][ C0] EXT4-fs (loop5): last error at time 1770058498: ext4_mb_generate_buddy:1315 [ 227.444591][ T9291] EXT4-fs (loop2): Remounting filesystem read-only [ 227.472711][ T9301] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.476396][ T9291] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000d40000. [ 227.527604][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.527933][ T9305] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000d40000. [ 227.698555][ T9313] netlink: 'syz.3.1190': attribute type 30 has an invalid length. [ 227.738679][ T9313] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1190'. [ 227.770138][ T8570] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.772931][ T7831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 228.059657][ T9313] bond1: option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4) [ 228.111007][ T9326] loop2: detected capacity change from 0 to 1024 [ 228.134765][ T9326] hfsplus: invalid btree flag [ 228.147215][ T9313] bond1 (unregistering): Released all slaves [ 228.175744][ T9326] hfsplus: failed to load catalog file [ 228.281016][ T9330] loop5: detected capacity change from 0 to 16 [ 228.367359][ T9330] erofs (device loop5): mounted with root inode @ nid 36. [ 228.503598][ T9338] netlink: 'syz.0.1202': attribute type 14 has an invalid length. [ 228.599295][ T8570] VFS_WARN_ON_INODE(strlen(link) != linklen): inode:ffff8880499b1fc8 fs:erofs mode:120777 opflags:0x8 flags:0x0 state:0x1 count:1 [ 228.632845][ T8570] ------------[ cut here ]------------ [ 228.638788][ T8570] 1 [ 228.638821][ T8570] WARNING: ./include/linux/fs.h:953 at erofs_iget+0x1fce/0x2c00, CPU#0: syz-executor/8570 [ 228.655904][ T8570] Modules linked in: [ 228.662464][ T8570] CPU: 0 UID: 0 PID: 8570 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 228.674622][ T8570] Tainted: [L]=SOFTLOCKUP [ 228.679627][ T8570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 228.690886][ T8570] RIP: 0010:erofs_iget+0x1fce/0x2c00 [ 228.696223][ T8570] Code: 0f 8c e4 e1 ff ff 48 89 df e8 be 60 dd fd e9 d7 e1 ff ff e8 94 91 73 fd 48 8b 7c 24 10 48 c7 c6 00 99 1e 8c e8 73 0f f8 fd 90 <0f> 0b 90 e9 3c fe ff ff e8 75 91 73 fd 48 8b 7c 24 10 48 c7 c6 80 [ 228.717724][ T8570] RSP: 0018:ffffc9000b71f780 EFLAGS: 00010246 [ 228.726065][ T8570] RAX: 9e2183b6b19c0800 RBX: 0000000000000017 RCX: 9e2183b6b19c0800 [ 228.737315][ T8570] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 228.747346][ T8570] RBP: ffffc9000b71f9a0 R08: ffffc9000b71f367 R09: 1ffff920016e3e6c [ 228.756101][ T8570] R10: dffffc0000000000 R11: fffff520016e3e6d R12: 0000000000000027 [ 228.765021][ T8570] R13: 1ffff11009336403 R14: 0000000000000027 R15: ffff8880299b8300 [ 228.775342][ T8570] FS: 000055556d44f500(0000) GS:ffff888125472000(0000) knlGS:0000000000000000 [ 228.785602][ T8570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 228.793124][ T8570] CR2: 00007ffd493b6ff8 CR3: 000000007855e000 CR4: 00000000003526f0 [ 228.801287][ T8570] Call Trace: [ 228.804647][ T8570] [ 228.807636][ T8570] ? erofs_put_metabuf+0x17a/0x290 [ 228.813027][ T8570] ? __pfx_erofs_iget+0x10/0x10 [ 228.817930][ T8570] ? __pfx_erofs_namei+0x10/0x10 [ 228.823073][ T8570] ? __pfx_d_alloc_parallel+0x10/0x10 [ 228.828594][ T8570] erofs_lookup+0x186/0x360 [ 228.834937][ T8570] __lookup_slow+0x2b7/0x410 [ 228.840972][ T8570] ? __pfx___lookup_slow+0x10/0x10 [ 228.846425][ T8570] ? down_read+0x272/0x2e0 [ 228.851406][ T8570] lookup_slow+0x53/0x70 [ 228.855745][ T8570] path_lookupat+0x3f5/0x8c0 [ 228.860636][ T8570] filename_lookup+0x256/0x5d0 [ 228.865445][ T8570] ? __pfx_filename_lookup+0x10/0x10 [ 228.871217][ T8570] ? strncpy_from_user+0x150/0x2b0 [ 228.877033][ T8570] ? do_getname+0x151/0x250 [ 228.882075][ T8570] user_path_at+0x40/0x160 [ 228.886886][ T8570] __x64_sys_umount+0xf6/0x170 [ 228.891955][ T8570] ? __pfx___x64_sys_umount+0x10/0x10 [ 228.897714][ T8570] do_syscall_64+0x14d/0xf80 [ 228.902704][ T8570] ? trace_irq_disable+0x3b/0x150 [ 228.907813][ T8570] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.914135][ T8570] ? clear_bhb_loop+0x40/0x90 [ 228.919015][ T8570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.925040][ T8570] RIP: 0033:0x7f0558f9c117 [ 228.930562][ T8570] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 228.950557][ T8570] RSP: 002b:00007ffd493b76e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 228.960972][ T8570] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0558f9c117 [ 228.971584][ T8570] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd493b77a0 [ 228.979989][ T8570] RBP: 00007ffd493b77a0 R08: 00007ffd493b87a0 R09: 00000000ffffffff [ 228.988149][ T8570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd493b8890 [ 228.996384][ T8570] R13: 00007f055900471f R14: 000055556d44f4e8 R15: 00007ffd493baa50 [ 229.004576][ T8570] [ 229.007603][ T8570] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 229.015192][ T8570] CPU: 0 UID: 0 PID: 8570 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 229.027393][ T8570] Tainted: [L]=SOFTLOCKUP [ 229.031717][ T8570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 229.041968][ T8570] Call Trace: [ 229.045263][ T8570] [ 229.048423][ T8570] vpanic+0x56c/0xa60 [ 229.052690][ T8570] ? __pfx__printk+0x10/0x10 [ 229.057401][ T8570] ? __pfx_vpanic+0x10/0x10 [ 229.062075][ T8570] ? is_bpf_text_address+0x292/0x2b0 [ 229.067569][ T8570] ? is_bpf_text_address+0x26/0x2b0 [ 229.073085][ T8570] panic+0xc5/0xd0 [ 229.076899][ T8570] ? __pfx_panic+0x10/0x10 [ 229.081353][ T8570] __warn+0x315/0x4f0 [ 229.085436][ T8570] ? erofs_iget+0x1fce/0x2c00 [ 229.090213][ T8570] ? erofs_iget+0x1fce/0x2c00 [ 229.095074][ T8570] __report_bug+0x29a/0x540 [ 229.099610][ T8570] ? erofs_iget+0x1fce/0x2c00 [ 229.104631][ T8570] ? __pfx___report_bug+0x10/0x10 [ 229.109807][ T8570] ? strncpy_from_kernel_nofault+0x103/0x1c0 [ 229.116013][ T8570] ? dump_inode+0x379/0x450 [ 229.120748][ T8570] ? erofs_iget+0x1fce/0x2c00 [ 229.125565][ T8570] report_bug+0x16a/0x220 [ 229.130374][ T8570] ? erofs_iget+0x1fce/0x2c00 [ 229.135174][ T8570] ? erofs_iget+0x1fd0/0x2c00 [ 229.140309][ T8570] handle_bug+0x98/0x200 [ 229.145171][ T8570] exc_invalid_op+0x1a/0x50 [ 229.150738][ T8570] asm_exc_invalid_op+0x1a/0x20 [ 229.155831][ T8570] RIP: 0010:erofs_iget+0x1fce/0x2c00 [ 229.161287][ T8570] Code: 0f 8c e4 e1 ff ff 48 89 df e8 be 60 dd fd e9 d7 e1 ff ff e8 94 91 73 fd 48 8b 7c 24 10 48 c7 c6 00 99 1e 8c e8 73 0f f8 fd 90 <0f> 0b 90 e9 3c fe ff ff e8 75 91 73 fd 48 8b 7c 24 10 48 c7 c6 80 [ 229.181288][ T8570] RSP: 0018:ffffc9000b71f780 EFLAGS: 00010246 [ 229.187373][ T8570] RAX: 9e2183b6b19c0800 RBX: 0000000000000017 RCX: 9e2183b6b19c0800 [ 229.195362][ T8570] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 229.203344][ T8570] RBP: ffffc9000b71f9a0 R08: ffffc9000b71f367 R09: 1ffff920016e3e6c [ 229.211322][ T8570] R10: dffffc0000000000 R11: fffff520016e3e6d R12: 0000000000000027 [ 229.219281][ T8570] R13: 1ffff11009336403 R14: 0000000000000027 R15: ffff8880299b8300 [ 229.227616][ T8570] ? erofs_put_metabuf+0x17a/0x290 [ 229.233647][ T8570] ? __pfx_erofs_iget+0x10/0x10 [ 229.239106][ T8570] ? __pfx_erofs_namei+0x10/0x10 [ 229.244878][ T8570] ? __pfx_d_alloc_parallel+0x10/0x10 [ 229.252012][ T8570] erofs_lookup+0x186/0x360 [ 229.256955][ T8570] __lookup_slow+0x2b7/0x410 [ 229.262330][ T8570] ? __pfx___lookup_slow+0x10/0x10 [ 229.267574][ T8570] ? down_read+0x272/0x2e0 [ 229.272214][ T8570] lookup_slow+0x53/0x70 [ 229.277129][ T8570] path_lookupat+0x3f5/0x8c0 [ 229.282372][ T8570] filename_lookup+0x256/0x5d0 [ 229.287627][ T8570] ? __pfx_filename_lookup+0x10/0x10 [ 229.293204][ T8570] ? strncpy_from_user+0x150/0x2b0 [ 229.298357][ T8570] ? do_getname+0x151/0x250 [ 229.303416][ T8570] user_path_at+0x40/0x160 [ 229.308129][ T8570] __x64_sys_umount+0xf6/0x170 [ 229.313541][ T8570] ? __pfx___x64_sys_umount+0x10/0x10 [ 229.319384][ T8570] do_syscall_64+0x14d/0xf80 [ 229.324347][ T8570] ? trace_irq_disable+0x3b/0x150 [ 229.330912][ T8570] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.337894][ T8570] ? clear_bhb_loop+0x40/0x90 [ 229.342710][ T8570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.349537][ T8570] RIP: 0033:0x7f0558f9c117 [ 229.353983][ T8570] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 229.374385][ T8570] RSP: 002b:00007ffd493b76e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 229.385941][ T8570] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0558f9c117 [ 229.394328][ T8570] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd493b77a0 [ 229.402590][ T8570] RBP: 00007ffd493b77a0 R08: 00007ffd493b87a0 R09: 00000000ffffffff [ 229.410941][ T8570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd493b8890 [ 229.419449][ T8570] R13: 00007f055900471f R14: 000055556d44f4e8 R15: 00007ffd493baa50 [ 229.428229][ T8570] [ 229.431903][ T8570] Kernel Offset: disabled [ 229.436331][ T8570] Rebooting in 86400 seconds..