last executing test programs: 12.922513989s ago: executing program 1 (id=699): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000100)={0xff9c, 0x8001}) 12.653890095s ago: executing program 1 (id=701): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000280), r0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x14, r1, 0xcdea015dfda617a5, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4040801}, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000240), r0) 12.023141459s ago: executing program 1 (id=708): r0 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5, r0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(r1, 0x1, &(0x7f0000000040), 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) syz_usb_disconnect(0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0) 10.550671946s ago: executing program 1 (id=726): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x11000) writev(r1, &(0x7f0000000e00)=[{&(0x7f0000000a40)='^', 0x1}], 0x1) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 10.257432938s ago: executing program 1 (id=728): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x8, 0x6, @remote}, 0x14) syz_emit_ethernet(0x22, &(0x7f0000000fc0)={@random="5bb65d3f2511", @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x2, 0x3a, 0x14, 0x66, 0x0, 0x5, 0x5c, 0x0, @multicast1, @private=0xa010100}}}}}, 0x0) 10.056036791s ago: executing program 1 (id=731): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x800448f0, &(0x7f0000000280)) 5.863251925s ago: executing program 4 (id=781): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x5, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x5) 5.832931548s ago: executing program 3 (id=782): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x2008803, &(0x7f0000000080), 0x1, 0x648, &(0x7f0000000100)="$eJzs3c9vFNcdAPDvrNe/aW1Q1ZYeiqWqAqnFxgYqVFUq3BGiP27txcUGUQxG2FVjhISRyCVSbjkg5ZRDyH+RIHHlH8ghUpRTFAlFhEOIUNhoZnfs8XrXv3fXrD8fabLvzXjnvXH4+r15+95sAAfWWESMR8TRiLidRIwUjpWz/5ayH0p/7uWLe1fSLYlK5R/fJnHvfrJcPFdSex2uvfnHkequIz3ry11Yuntjem5u9k4tP7F48/bEwtLdk9dvTl+bvTZ7a+pPU+fOnjl7bvLUrq7vcCF98eF//z/y3qV/ffzh62Tyky8uJXE+vbpMel317+3fVcnp72wsKlWvivvT3+u5XZ57v/h+JP93siqp38G+lsZAb0T8Kkaip/B/cyTe/VtHKwa0VCWJvI0CDpxkR/E/sPcVAdos7wfk9/aN7oMbaHBHD7xtnl+oDkhVY783IvL4L2djfhED2djA0MtkzThPEhG7G5mrSst49vTSw3SLJuNwQGssP8hHuevb/ySLzdEYyHJDL0tr4r9U2NL9f99OoX2rybG6Q+If2mf5QUT8utb+98V24r8chfj/zw7Lz+L/0IuVmxHxDwAAAAAAADv35EJE/LHR/L9SjGXLggayj+ur838+7c3fNxwR5/eg/M0//y/lS/SSPSgOKHh+IeIvDef/5mEXoz213M+y+QC9ydXrc7OnIuLnEXEievvT/GTdeUuF9Mn3jzxqVn5x/l+6peU/e1qcXlz6ply3EHdmenHaXwPYvecPIn6Tzf89Vtuzdv5P2v4nDeb/pvF9e4tlHPn948vFfKVSuZ+nG8d/dS4w0FqVjyKON2z/VxvYZOPnc0xk/YGJvFew3m9fFxYa1RH/0Dlp+z/UPP5Xet4rz+tZ2N75+yLi9FK5WfhvIf4b9//7kn/2RGEpwTvTi4t3JiP6kovr909tr87QrfJ4yOMljf8Tv2s6/re2/1+Iw8GIWN5imb98M/xVs2Paf+icNP5nNu7/jya19j+y9n+lI7DlxNTj0c+yMzV4LtzlLbX/Z7I2/URtTzb+B9SU1u3ZaoB2pLoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8JYrRcShSErjK+lSaXw8YjgifhFDpbn5hcU/XJ3/362Z9Fj2/f+l/Jt+R6r5JP/+/9FCfqoufzoiDkfEBz2DWX78yvzcTKcvHgAAAAAAAAAAAAAAAAAAAPaJ4WzNf6W/fv1/6uueTtcOaLly7XWTeB9oR12A9irv+J2V/j2tCNB2O49/4G239fjvbWk9gPZrHv+vXlcyeT5Jike/a3G9gNbT/4eDa/P4H2y008eD0AUaxP9YJ+oBtNuGY3qPVlI+/Yeu5P4fAAAAAAC6yuFjTz5PImL5z4PZluqrHTPZH7pbqe4VODjM4YWDqzzf6RoAneIeH1hd1/9DpdHx5rP/k9ZUCAAAAAAAAAAAAABY5/hR6//hoNp43b+5/dDNNlj/3yj4PS4Aukjzr/7Q9kO3c48PbNbaW/8PAAAAAAAAAAAAAPvAwN0b03Nzs3cWlnaZiIgvK0nEbs/TJPHvBof+2qKyWppYnt4X1djTxJvWnLk3IvbHBbY7kT+Co4PV6PDfJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMVPAQAA//+2/DDv") sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_procfs(0x0, 0x0) getdents64(r3, 0x0, 0x59) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socket$l2tp6(0xa, 0x2, 0x73) mkdirat(0xffffffffffffff9c, 0x0, 0x1c1) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='westwood', 0x8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x2c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x1b}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x48810) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r7, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)}}], 0x1, 0x8020) 3.654795331s ago: executing program 4 (id=788): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000050000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c000280080001407f07"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x140480c7}, 0x4000050) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.47956978s ago: executing program 3 (id=789): r0 = syz_open_dev$rtc(&(0x7f00000000c0), 0x0, 0x82) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000001c0)) 3.470694828s ago: executing program 4 (id=790): r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000300)={0x28, 0x0, 0x2711, @local}, 0x10) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) 3.414308565s ago: executing program 4 (id=793): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x149040) ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"}) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[], 0x0}, 0x94) 3.362337713s ago: executing program 3 (id=794): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000040)={r2, 0x1, 0x0, @link_local}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000100)={r3, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000000c0)={r2, 0x1, 0x6, @local}, 0x10) 3.142579262s ago: executing program 3 (id=796): bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup, 0xffffffffffffffff, 0x1a, 0x2008}, 0x20) 3.098677801s ago: executing program 3 (id=799): r0 = socket(0x2, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f0000000680)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000500)="8fc8bf70342c6d1600bae5de9614410848dd95e7b8523bfbf4a6cbcc911b443e673a8fa77ce58a13432ac99e4be38c9c2661a892682d81d9b9022ea9", 0x3c}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40800) 2.954345007s ago: executing program 3 (id=802): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000050000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c000280080001407f07"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x140480c7}, 0x4000050) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.306628037s ago: executing program 2 (id=809): syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x51}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x810}, 0x20004000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000906010200000000000000000500000205000100070000002c0007800c00148008000140e00000020c0001800800014064010100060004404e20000005000700880000000900020073797a31"], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x4800) 2.220990547s ago: executing program 0 (id=810): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f00000000c0)={[], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3E1vFOcdAPD/rtc2LlC79I23lm1pVatVMTavhx4AtRKXSpVaVfS4tQ2iGKiwK4FlFVNVIPXQik/QNrdI+QQ5JZcoiXJIlGtQrlEkFPkCySGaaHZnNrveXXtt1l4Z/37SLs/MPjPz/Gfmwc/Lzgawa5XTt0LEvoj4KCJGa4vNGcq1f56vLE1/vrI0XYgk+f1nhWq+ZytL03nWfLu92cJ4MaL4z0IcaT3s8Py9xRuVubnZO9mKiYVilrpZuTZ7bfbW1Pnzp0+NnDs7daYncaZlenb477ePHrr8p8e/nb7y+M/vvJaWN8k+b4yjZqz6PtT1EQZa1pSj3HwuG/y0+6LvCPsb0oVS+l7sX2HoWnrXppdrsFr/R2OgulQzGr/5R18LB2ypJEmS4Za19b9ly0mjQqG2QZI8SICXQCH6XQKgP/I/9M9W0p7q0nRrP/jl9vRiVHtAadzPs1ftk1K1B1seq/WNBrfo+N+JiCvLX/w3fUXbcQgAgN5642LEo0u1dkf+qn1SjO815PtmNjc0FhHfiogDEfHtrP3y3Yhq3u9HxMGGbfZ3MQtQXrXc2v75YCRLNDZXeyZt//0qm9tqbv/VSz42kC3tr8Y/WLh6fW72ZHZOxmNwOF2ebN11fVjtzV9/+J9Oxy83tP/SV3r8vC2YlePT0qoBupnKQuVF4849fVA9sfdb4y9EqZCnIg5FxOFN7D89Z9d//urRTp83xZ/G2RL/vzvvvLSJAq2S/D/iZ7XrvxzV+POxz1rwQ1lqYuHmXyfm7y3+8nrj/OTkubNTZyb2xNzsyYn8rmj17vsPf5clW7oRzdc/SRquf141tnQiLb3+32h7/9dnLsfSVH2+dn7jx3j45FHHPs1m7/+hwh+q6Xx+9m5lYeHOZMRQYbl1/dTX296tjDTlT+MfP96+/h+I+PJ/2XZHIiK9iX8QET+MiGNZ2X8UET+OiONrxP/2pZ/8pVMXcv34t1Ya/8yGrv+9xZHIEvU1aeLCexHNa/LEwI23Xm858L/KLfEPRqfrf7qaGs/WzFQW9qwXV5sCtk288AkEAACAHeBYROyLQvFENtC0L4rFEyci9tZHUOYXfnH19t9uzdSeERiLwWI+0jXaMB46mY0Np8vpVlMNy+nnp6rjxkmSJCPpctp/nzvY39Bh19vbof6nPml9pAV42WxoHq3TE23AjrS6/j/pesvefyED2F49+B4NsEOp/7B7dV3/t+opOKBv2tX/+xHP+1AUYJu1q/9/bFlzYVvKAmyvdvXf3D/sDpsf//NlANjpjP/DrtTVQ/KbSBy4vEaeQqm7/ZS6fox/vUQx1v4VgLGo/6ZB3qZZe4cfFyN6c8YGenrmR5quabFtnj3Ri2NFcd08pQ38EMP2JoqVubn8AZe+l2c4Ita5e+s32/08sbjVBauem1f69z8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAb3wVAAD//8B9zog=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x58) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r0, &(0x7f00000004c0)='./file0\x00', 0x2) 1.638535822s ago: executing program 2 (id=811): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) 1.558159143s ago: executing program 2 (id=812): r0 = syz_open_dev$sg(&(0x7f00000008c0), 0x0, 0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000480)={0x53, 0xfffffffffffffffc, 0x4, 0x9, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000780)="4ef9144c", 0x0, 0x2, 0x4, 0x1, 0x0}) 1.486338516s ago: executing program 0 (id=813): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x2, 0x4) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00'], 0x28}}], 0x1, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10000, 0x0, 0x0) 1.402445777s ago: executing program 2 (id=815): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) ptrace$peeksig(0x4209, r1, &(0x7f0000000000)={0x80000, 0x0, 0xa}, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0001300f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e", 0x2a}], 0x2) 1.254085692s ago: executing program 0 (id=816): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r0 = socket(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) 953.531682ms ago: executing program 0 (id=817): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) 506.560618ms ago: executing program 0 (id=818): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0x40000c, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x400000000, 0x2, 0xc, 0x4, 0x400000000000000, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x1000, 0x400000008, 0x2, 0x3, 0x101, 0x20, 0x200}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r2, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c00018005000200000000000800040005000000080001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 305.604791ms ago: executing program 4 (id=819): bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) socket(0x2, 0x80805, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180), 0x13f, 0x1}}, 0x20) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0, 0x0, 0x3}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 243.359407ms ago: executing program 0 (id=820): r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={r0, 0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x2004000, &(0x7f0000000180)=ANY=[@ANYRES64=0x0], 0xfe, 0x122e, &(0x7f0000001280)="$eJzs3E1rXFUYB/DHSdrExLyotVpBerAb3VySLNwoSJAUpANK2witINyaiQ65zoTcITAiRldu3fgB3IpLd4K4001c+BncZePShXqlM+lL7GjQau8Qfr/NPMy5f3jO3OHAGebcg5c+fW9rs8w28140Hno5GtsRk7+lSNGIWz6K51/87vtnrly7fmm12Vy7nNLF1avLL6SU5s9/8+YHXz77bW/2ja/mv56K/cW3Dn5e+Wn/7P65g9+vvtsuU7tMnW4v5elGt9vLbxSttNEut7KUXi9aedlK7U7Z2jkyvll0t7f7Ke9szM1s77TKMuWdftpq9VOvm3o7/ZS/k7c7KcuyNDcT3I/1L36pqiqiqk7F6aiqqno4ZqIRj8RczMdCLMaj8Vg8HmfiiTgbT8ZTcW5wVd19AwAAAAAAAAAAAAAAAAAAwMky6vz/7D3n/z+LGHX+/3zNzQMAAAAAAAAAAAAAAAAAAMAJceXa9Uurzeba5ZSmI4pPdtd314evw/HVzWhHEa1YioX4NQan/4eG9elori2lgcX4uNg7zO/trk8czS8PHidwT/7iq8215WE+Hc1Pxczd+ZVYiDOj8yt/yl8Y5KfjuQt35bNYiB/fjm4UsRE3s3fyHy6n9Mprzdv5H/aHc9+o8b4AAADAfylLt43cv2fZX40P88f9PnBzf710Z38eixGH+cl4erLeuRNR9t/fyouitVN7cauj4Tt7ETEmjf3rohERY9DG3xSnjr1mtobGPp+NuI/4xJEv0lh8zmNeTI8aOm7lmPhf1yUejMObPlV3HwAAAAAAAAAAAPwzD+IPhnXPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mAHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXwUAAP//3m/GvA==") socket(0xa, 0x5, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000180)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d4e9f3570a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54bee11a559e0d2b96e81a1d8b2d30b7c429845041b636ad3014b9807fb785a826c68e685fc4ad56493d0d62f0b61d4c49751ff42ecbe2b020f046d6a5e44c5767de45a18ef483955068ea79d745f33ef94209f4499cf880af67af3010b71ce074b35dfa7550e932548301f7021014963348e75c9924a4ec0986d33f4d385cec8f6a1a85dc4aa3a6db705a3e5508fc6025909026e2a2792e914d30468a5ec8936a9ef730bef74066b3a019d2a4c2547a5e6ca7fefe92adb0df7b7372cf50bf8e75a8d3c7c056054a02904373d66efa59bf0912278713ad6b4e1"], 0x6, 0x2c1, &(0x7f0000001880)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7") r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8040, 0x119) setresuid(0xee00, 0xee00, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r1, 0x40047211, &(0x7f00000000c0)) 82.59226ms ago: executing program 2 (id=821): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="756e6c6f636b2069882b"], 0xe) 52.268372ms ago: executing program 4 (id=822): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) socket$kcm(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) bind$can_j1939(r4, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) close(0x3) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0) 0s ago: executing program 2 (id=823): syz_io_uring_setup(0x8d6, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x379}, &(0x7f0000000040)=0x0, &(0x7f0000000080)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='fdinfo/3\x00') read$eventfd(r1, &(0x7f0000000280), 0x8) kernel console output (not intermixed with test programs): x400/0x400 [ 83.166823][ T4505] ? __lock_acquire+0x7d10/0x7d10 [ 83.171889][ T4505] should_fail+0x38c/0x4c0 [ 83.176435][ T4505] _copy_from_user+0x2e/0x170 [ 83.181243][ T4505] __copy_msghdr_from_user+0xc9/0x630 [ 83.186652][ T4505] ? __ia32_sys_shutdown+0x1d0/0x1d0 [ 83.192059][ T4505] ? lockdep_hardirqs_on+0x94/0x140 [ 83.197633][ T4505] ___sys_sendmsg+0x19a/0x2e0 [ 83.202431][ T4505] ? __sys_sendmsg+0x2a0/0x2a0 [ 83.207350][ T4505] __se_sys_sendmsg+0x1af/0x290 [ 83.212392][ T4505] ? __x64_sys_sendmsg+0x80/0x80 [ 83.217800][ T4505] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 83.224161][ T4505] ? lockdep_hardirqs_on+0x94/0x140 [ 83.229468][ T4505] do_syscall_64+0x4c/0xa0 [ 83.234136][ T4505] ? clear_bhb_loop+0x30/0x80 [ 83.238919][ T4505] ? clear_bhb_loop+0x30/0x80 [ 83.244075][ T4505] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 83.250159][ T4505] RIP: 0033:0x7f103ab11799 [ 83.254589][ T4505] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 83.274384][ T4505] RSP: 002b:00007f1038d29028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.283344][ T4505] RAX: ffffffffffffffda RBX: 00007f103ad8b180 RCX: 00007f103ab11799 [ 83.291721][ T4505] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000000000000005 [ 83.299707][ T4505] RBP: 00007f1038d29090 R08: 0000000000000000 R09: 0000000000000000 [ 83.307950][ T4505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.316196][ T4505] R13: 00007f103ad8b218 R14: 00007f103ad8b180 R15: 00007ffeab9737d8 [ 83.324490][ T4505] [ 83.730387][ T4505] loop3: detected capacity change from 0 to 32768 [ 83.826489][ T1109] usb 2-1: New USB device found, idVendor=1235, idProduct=8201, bcdDevice= 0.40 [ 83.838293][ T1109] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.856540][ T1109] usb 2-1: Product: syz [ 83.861384][ T4499] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 83.938354][ T1109] usb 2-1: Manufacturer: syz [ 83.942711][ T4510] netlink: 8 bytes leftover after parsing attributes in process `syz.0.57'. [ 83.952951][ T1109] usb 2-1: SerialNumber: syz [ 84.158558][ T4499] EXT4-fs (loop4): Remounting filesystem read-only [ 84.185946][ T2360] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 84.189183][ T4505] XFS (loop3): Mounting V5 Filesystem [ 84.369637][ T4492] fuse: Bad value for 'group_id' [ 84.395361][ T4492] udc-core: couldn't find an available UDC or it's busy [ 84.407537][ T4492] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 84.500140][ T4505] XFS (loop3): Ending clean mount [ 84.545927][ T2360] usb 3-1: Using ep0 maxpacket: 16 [ 84.604049][ T4492] 9pnet: Insufficient options for proto=fd [ 84.706436][ T2360] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.783787][ T2360] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.268931][ T4521] loop4: detected capacity change from 0 to 32768 [ 86.349196][ T2360] usb 3-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 86.367420][ T2360] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.375119][ T2360] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 86.391268][ T2360] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.423344][ T2360] usb 3-1: config 0 descriptor?? [ 86.451775][ T4194] XFS (loop3): Unmounting Filesystem [ 86.766264][ T2360] usb 3-1: can't set config #0, error -71 [ 86.791901][ T2360] usb 3-1: USB disconnect, device number 3 [ 86.820898][ T4521] XFS (loop4): Mounting V5 Filesystem [ 86.891266][ T4534] loop1: detected capacity change from 0 to 256 [ 86.971908][ T4534] FAT-fs (loop1): Directory bread(block 64) failed [ 86.978902][ T4534] FAT-fs (loop1): Directory bread(block 65) failed [ 86.985613][ T4534] FAT-fs (loop1): Directory bread(block 66) failed [ 86.992669][ T4534] FAT-fs (loop1): Directory bread(block 67) failed [ 87.000365][ T4534] FAT-fs (loop1): Directory bread(block 68) failed [ 87.007279][ T4534] FAT-fs (loop1): Directory bread(block 69) failed [ 87.013970][ T4534] FAT-fs (loop1): Directory bread(block 70) failed [ 87.020608][ T4534] FAT-fs (loop1): Directory bread(block 71) failed [ 87.027359][ T4534] FAT-fs (loop1): Directory bread(block 72) failed [ 87.033905][ T4534] FAT-fs (loop1): Directory bread(block 73) failed [ 87.272899][ T4521] XFS (loop4): Ending clean mount [ 87.756861][ T1109] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 87.796259][ T1109] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 88.014310][ T1109] usb 2-1: USB disconnect, device number 3 [ 88.220397][ T4554] loop0: detected capacity change from 0 to 128 [ 88.309544][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 88.346383][ T4554] loop0: detected capacity change from 0 to 512 [ 88.433242][ T4187] XFS (loop4): Unmounting Filesystem [ 88.462717][ T4554] EXT4-fs (loop0): Ignoring removed nobh option [ 88.495854][ T7] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 88.516095][ T4554] EXT4-fs (loop0): old and new quota format mixing [ 88.662072][ T4551] loop2: detected capacity change from 0 to 40427 [ 88.695951][ T7] usb 4-1: device descriptor read/64, error -71 [ 88.774043][ T4551] F2FS-fs (loop2): Found nat_bits in checkpoint [ 88.937631][ T4551] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 88.947334][ T4230] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 88.976407][ T7] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 89.008399][ T4566] netlink: 8 bytes leftover after parsing attributes in process `syz.4.73'. [ 89.081118][ T26] audit: type=1804 audit(1772358907.416:3): pid=4551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.71" name="/newroot/12/file0/bus" dev="loop2" ino=10 res=1 errno=0 [ 89.176018][ T7] usb 4-1: device descriptor read/64, error -71 [ 89.297569][ T7] usb usb4-port1: attempt power cycle [ 89.366970][ T4230] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 89.385945][ T4230] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.402539][ T4230] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 89.416537][ T4230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.545191][ T4230] usb 1-1: config 0 descriptor?? [ 89.639931][ T4186] attempt to access beyond end of device [ 89.639931][ T4186] loop2: rw=2049, want=45104, limit=40427 [ 90.021223][ T4575] loop1: detected capacity change from 0 to 128 [ 90.036078][ T7] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 90.050102][ T4575] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 90.083441][ T4575] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 90.156614][ T7] usb 4-1: device descriptor read/8, error -71 [ 90.396849][ T4230] usbhid 1-1:0.0: can't add hid device: -71 [ 90.403819][ T4230] usbhid: probe of 1-1:0.0 failed with error -71 [ 90.436154][ T7] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 90.577330][ T7] usb 4-1: device descriptor read/8, error -71 [ 90.716463][ T7] usb usb4-port1: unable to enumerate USB device [ 90.808521][ T4230] usb 1-1: USB disconnect, device number 3 [ 90.874856][ T4595] loop2: detected capacity change from 0 to 164 [ 90.941804][ T4595] capability: warning: `syz.2.81' uses 32-bit capabilities (legacy support in use) [ 91.009165][ T4601] FAULT_INJECTION: forcing a failure. [ 91.009165][ T4601] name fail_futex, interval 1, probability 0, space 0, times 1 [ 91.139073][ T4601] CPU: 0 PID: 4601 Comm: syz.0.82 Not tainted syzkaller #0 [ 91.146986][ T4601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 91.157160][ T4601] Call Trace: [ 91.160470][ T4601] [ 91.163519][ T4601] dump_stack_lvl+0x188/0x250 [ 91.168229][ T4601] ? show_regs_print_info+0x20/0x20 [ 91.173551][ T4601] ? load_image+0x400/0x400 [ 91.178108][ T4601] should_fail+0x38c/0x4c0 [ 91.182720][ T4601] get_futex_key+0x1a5/0x1310 [ 91.187624][ T4601] ? futex_wait_restart+0x220/0x220 [ 91.193122][ T4601] futex_wake+0x101/0x540 [ 91.197592][ T4601] ? verify_lock_unused+0x140/0x140 [ 91.203048][ T4601] ? verify_lock_unused+0x140/0x140 [ 91.208369][ T4601] ? futex_wait+0x680/0x680 [ 91.212922][ T4601] do_futex+0xd73/0x12b0 [ 91.217219][ T4601] ? __might_sleep+0xf0/0xf0 [ 91.222021][ T4601] ? __might_fault+0xb7/0x110 [ 91.226914][ T4601] ? futex_exit_release+0x1c0/0x1c0 [ 91.232408][ T4601] ? __lock_acquire+0x7d10/0x7d10 [ 91.237559][ T4601] mm_release+0x278/0x3c0 [ 91.242006][ T4601] ? exit_mm_release+0x30/0x30 [ 91.246949][ T4601] ? lockdep_hardirqs_on+0x94/0x140 [ 91.252362][ T4601] exit_mm+0xaf/0x6e0 [ 91.256454][ T4601] ? xacct_add_tsk+0x4a0/0x4a0 [ 91.261253][ T4601] ? do_exit+0x20c0/0x20c0 [ 91.265696][ T4601] ? taskstats_exit+0x439/0xab0 [ 91.270573][ T4601] ? mm_trace_rss_stat+0x81/0x1c0 [ 91.275631][ T4601] ? sync_mm_rss+0x211/0x350 [ 91.280255][ T4601] do_exit+0x5a9/0x20c0 [ 91.284450][ T4601] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 91.290746][ T4601] ? put_task_struct+0x80/0x80 [ 91.295825][ T4601] ? lock_chain_count+0x20/0x20 [ 91.300811][ T4601] ? preempt_schedule_thunk+0x16/0x18 [ 91.306411][ T4601] do_group_exit+0x12e/0x300 [ 91.311047][ T4601] __x64_sys_exit_group+0x3b/0x40 [ 91.316112][ T4601] do_syscall_64+0x4c/0xa0 [ 91.320650][ T4601] ? clear_bhb_loop+0x30/0x80 [ 91.325525][ T4601] ? clear_bhb_loop+0x30/0x80 [ 91.330403][ T4601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 91.336580][ T4601] RIP: 0033:0x7f9ca88b5799 [ 91.341259][ T4601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.361508][ T4601] RSP: 002b:00007f9ca6aedf38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 91.370164][ T4601] RAX: ffffffffffffffda RBX: 00007f9ca89223e8 RCX: 00007f9ca88b5799 [ 91.378453][ T4601] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 91.386708][ T4601] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007f9ca8b2f128 [ 91.395314][ T4601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.403402][ T4601] R13: 00007f9ca8b2f128 R14: 00007f9ca8b2f090 R15: 00007ffe70a47718 [ 91.411505][ T4601] [ 91.726513][ T4624] comedi comedi1: aio_aio12_8: I/O port conflict (0x10003c4,32) [ 91.760121][ T4624] loop2: detected capacity change from 0 to 256 [ 92.038512][ T4640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.90'. [ 92.104580][ T4643] Zero length message leads to an empty skb [ 92.671372][ T4620] loop3: detected capacity change from 0 to 32768 [ 92.699858][ T4620] xfs: Unknown parameter 'barrier' [ 92.825567][ T4636] loop4: detected capacity change from 0 to 32768 [ 92.952258][ T4636] JBD2: Ignoring recovery information on journal [ 93.190325][ T4233] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 93.400309][ T4636] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 93.677822][ T4674] loop3: detected capacity change from 0 to 2048 [ 93.843103][ T4187] ocfs2: Unmounting device (7,4) on (node local) [ 94.036707][ T4682] FAULT_INJECTION: forcing a failure. [ 94.036707][ T4682] name failslab, interval 1, probability 0, space 0, times 1 [ 94.049517][ T4682] CPU: 1 PID: 4682 Comm: syz.2.102 Not tainted syzkaller #0 [ 94.057111][ T4682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 94.067333][ T4682] Call Trace: [ 94.070829][ T4682] [ 94.073881][ T4682] dump_stack_lvl+0x188/0x250 [ 94.078777][ T4682] ? release_firmware_map_entry+0x190/0x190 [ 94.084882][ T4682] ? show_regs_print_info+0x20/0x20 [ 94.090300][ T4682] ? load_image+0x400/0x400 [ 94.094840][ T4682] ? preempt_schedule_irq+0xe6/0x160 [ 94.100650][ T4682] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 94.106669][ T4682] ? lock_chain_count+0x20/0x20 [ 94.111568][ T4682] should_fail+0x38c/0x4c0 [ 94.116125][ T4682] should_failslab+0x5/0x20 [ 94.120843][ T4682] slab_pre_alloc_hook+0x51/0xc0 [ 94.125897][ T4682] ? skb_clone+0x1bd/0x350 [ 94.130582][ T4682] kmem_cache_alloc+0x3d/0x290 [ 94.135504][ T4682] skb_clone+0x1bd/0x350 [ 94.140152][ T4682] __netlink_deliver_tap+0x3cd/0x7c0 [ 94.145487][ T4682] netlink_deliver_tap+0x16c/0x180 [ 94.150718][ T4682] netlink_sendskb+0x64/0x130 [ 94.155427][ T4682] netlink_ack+0x87d/0xb50 [ 94.160094][ T4682] ? netlink_dump+0xcf0/0xcf0 [ 94.164898][ T4682] ? rcu_read_unlock_special+0xf0/0x4a0 [ 94.170752][ T4682] ? lockdep_hardirqs_off+0x70/0x100 [ 94.176075][ T4682] netlink_rcv_skb+0x27a/0x440 [ 94.180882][ T4682] ? rtnetlink_bind+0x80/0x80 [ 94.185599][ T4682] ? netlink_ack+0xb50/0xb50 [ 94.190230][ T4682] netlink_unicast+0x774/0x920 [ 94.195167][ T4682] netlink_sendmsg+0x8ba/0xbe0 [ 94.199975][ T4682] ? netlink_getsockopt+0x570/0x570 [ 94.205222][ T4682] ? aa_sock_msg_perm+0x94/0x150 [ 94.210213][ T4682] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 94.215525][ T4682] ? security_socket_sendmsg+0x7c/0xa0 [ 94.221016][ T4682] ? netlink_getsockopt+0x570/0x570 [ 94.226336][ T4682] ____sys_sendmsg+0x5b7/0x8f0 [ 94.231234][ T4682] ? __sys_sendmsg_sock+0x30/0x30 [ 94.236511][ T4682] ? import_iovec+0x6f/0xa0 [ 94.241058][ T4682] ___sys_sendmsg+0x236/0x2e0 [ 94.246008][ T4682] ? __sys_sendmsg+0x2a0/0x2a0 [ 94.250852][ T4682] __se_sys_sendmsg+0x1af/0x290 [ 94.255864][ T4682] ? __x64_sys_sendmsg+0x80/0x80 [ 94.260853][ T4682] ? syscall_enter_from_user_mode+0x2a/0x70 [ 94.266784][ T4682] do_syscall_64+0x4c/0xa0 [ 94.271235][ T4682] ? clear_bhb_loop+0x30/0x80 [ 94.275945][ T4682] ? clear_bhb_loop+0x30/0x80 [ 94.280951][ T4682] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 94.286878][ T4682] RIP: 0033:0x7fed29c61799 [ 94.291502][ T4682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.311791][ T4682] RSP: 002b:00007fed27e79028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.320377][ T4682] RAX: ffffffffffffffda RBX: 00007fed29edb180 RCX: 00007fed29c61799 [ 94.328550][ T4682] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000006 [ 94.336826][ T4682] RBP: 00007fed27e79090 R08: 0000000000000000 R09: 0000000000000000 [ 94.345189][ T4682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 94.353553][ T4682] R13: 00007fed29edb218 R14: 00007fed29edb180 R15: 00007fff101df5b8 [ 94.361659][ T4682] [ 94.456317][ T4231] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 94.868298][ T4231] usb 4-1: Using ep0 maxpacket: 16 [ 94.923054][ T4684] dlm: non-version read from control device 8192 [ 94.986099][ T4231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.025992][ T4231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.085212][ T4231] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 95.176026][ T4231] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 95.266832][ T4231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.308617][ T4233] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 95.317897][ T4233] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 95.317943][ T4231] usb 4-1: config 0 descriptor?? [ 95.326400][ T4233] usb 2-1: SerialNumber: syz [ 95.348359][ T4687] loop2: detected capacity change from 0 to 512 [ 95.431385][ T4687] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 95.496883][ T4687] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.564778][ T4688] loop4: detected capacity change from 0 to 4096 [ 95.647459][ T4233] cdc_ether: probe of 2-1:1.0 failed with error -71 [ 95.668940][ T4233] usb 2-1: USB disconnect, device number 4 [ 95.825135][ T4699] netlink: 8 bytes leftover after parsing attributes in process `syz.0.106'. [ 95.901152][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 95.930490][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 95.953675][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 95.964906][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 95.972812][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 95.993136][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 96.014444][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 96.081555][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 96.093948][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 96.101662][ T4231] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 96.122590][ T4231] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0001/input/input8 [ 96.155384][ T4231] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 96.183192][ T4231] usb 4-1: USB disconnect, device number 6 [ 96.370967][ T4707] fido_id[4707]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 96.496138][ T2360] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 96.735434][ T4725] loop0: detected capacity change from 0 to 256 [ 96.755691][ T4725] FAT-fs (loop0): Unrecognized mount option "slower" or missing value [ 96.765326][ T2360] usb 5-1: Using ep0 maxpacket: 16 [ 97.066234][ T2360] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 97.085560][ T2360] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.116236][ T2360] usb 5-1: Product: syz [ 97.120893][ T2360] usb 5-1: Manufacturer: syz [ 97.126520][ T2360] usb 5-1: SerialNumber: syz [ 97.150930][ T2360] r8152-cfgselector 5-1: config 0 descriptor?? [ 97.161587][ T4727] loop3: detected capacity change from 0 to 32768 [ 97.222276][ T4727] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.113 (4727) [ 97.297614][ T4727] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 97.364166][ T4727] BTRFS info (device loop3): force clearing of disk cache [ 97.392304][ T4727] BTRFS error (device loop3): unrecognized metadata_ratio value 0x0000008000000000 [ 97.420835][ T2360] r8152-cfgselector 5-1: Unknown version 0x0000 [ 97.443028][ T4727] BTRFS error (device loop3): open_ctree failed: -34 [ 97.450307][ T4231] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 97.507122][ T2360] r8152-cfgselector 5-1: Unknown version 0x0000 [ 97.513867][ T2360] r8152-cfgselector 5-1: bad CDC descriptors [ 97.597171][ T2360] usbip-host 5-1: 5-1 is not in match_busid table... skip! [ 97.745904][ T4231] usb 2-1: Using ep0 maxpacket: 32 [ 97.850233][ T2360] usb 5-1: USB disconnect, device number 3 [ 97.904140][ T4231] usb 2-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 97.929525][ T4733] loop2: detected capacity change from 0 to 32768 [ 98.126834][ T4231] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 98.231164][ T4231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.502120][ T4231] usb 2-1: Product: syz [ 98.587612][ T4231] usb 2-1: Manufacturer: syz [ 98.612916][ T4231] usb 2-1: SerialNumber: syz [ 98.720770][ T4231] usb 2-1: config 0 descriptor?? [ 98.947351][ T4231] usb 2-1: bad CDC descriptors [ 98.952585][ T4231] usb 2-1: unsupported MDLM descriptors [ 98.952780][ T4751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.120'. [ 99.056060][ T4755] FAULT_INJECTION: forcing a failure. [ 99.056060][ T4755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.069552][ T4755] CPU: 0 PID: 4755 Comm: syz.4.119 Not tainted syzkaller #0 [ 99.076863][ T4755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 99.087445][ T4755] Call Trace: [ 99.090755][ T4755] [ 99.093697][ T4755] dump_stack_lvl+0x188/0x250 [ 99.098433][ T4755] ? show_regs_print_info+0x20/0x20 [ 99.103745][ T4755] ? load_image+0x400/0x400 [ 99.108268][ T4755] ? __lock_acquire+0x7d10/0x7d10 [ 99.113311][ T4755] ? unix_ioctl+0x25d/0x660 [ 99.117832][ T4755] should_fail+0x38c/0x4c0 [ 99.122273][ T4755] _copy_from_user+0x2e/0x170 [ 99.126977][ T4755] sock_do_ioctl+0x18c/0x320 [ 99.131586][ T4755] ? sock_show_fdinfo+0xb0/0xb0 [ 99.136552][ T4755] sock_ioctl+0x4d2/0x710 [ 99.140905][ T4755] ? sock_poll+0x410/0x410 [ 99.145463][ T4755] ? bpf_lsm_file_ioctl+0x5/0x10 [ 99.150553][ T4755] ? security_file_ioctl+0x7c/0xa0 [ 99.155699][ T4755] ? sock_poll+0x410/0x410 [ 99.160146][ T4755] __se_sys_ioctl+0xfa/0x170 [ 99.164773][ T4755] do_syscall_64+0x4c/0xa0 [ 99.169308][ T4755] ? clear_bhb_loop+0x30/0x80 [ 99.174188][ T4755] ? clear_bhb_loop+0x30/0x80 [ 99.178890][ T4755] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 99.184804][ T4755] RIP: 0033:0x7f5b5767e799 [ 99.189246][ T4755] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.210084][ T4755] RSP: 002b:00007f5b55896028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.219143][ T4755] RAX: ffffffffffffffda RBX: 00007f5b578f8180 RCX: 00007f5b5767e799 [ 99.227405][ T4755] RDX: 0000200000000280 RSI: 0000000000008924 RDI: 0000000000000007 [ 99.235513][ T4755] RBP: 00007f5b55896090 R08: 0000000000000000 R09: 0000000000000000 [ 99.243510][ T4755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.251588][ T4755] R13: 00007f5b578f8218 R14: 00007f5b578f8180 R15: 00007ffc99979f78 [ 99.259945][ T4755] [ 99.514556][ T4730] loop1: detected capacity change from 0 to 512 [ 99.749834][ T4730] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #3: comm syz.1.114: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 2049, max 4(4), depth 0(0) [ 99.778329][ T4730] EXT4-fs (loop1): Remounting filesystem read-only [ 99.783621][ T4760] netlink: 4 bytes leftover after parsing attributes in process `syz.4.122'. [ 99.785146][ T4730] EXT4-fs error (device loop1): ext4_quota_enable:6445: comm syz.1.114: Bad quota inode: 3, type: 0 [ 99.812235][ T4730] EXT4-fs (loop1): Remounting filesystem read-only [ 99.819155][ T4730] EXT4-fs warning (device loop1): ext4_enable_quotas:6486: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 99.837932][ T4730] EXT4-fs (loop1): mount failed [ 99.899338][ T4233] usb 2-1: USB disconnect, device number 5 [ 101.478901][ T4784] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 101.541307][ T4790] mkiss: ax0: crc mode is auto. [ 101.561939][ T4784] loop0: detected capacity change from 0 to 8 [ 101.574914][ T4795] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.132'. [ 101.655356][ T4799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.133'. [ 101.673854][ T4784] SQUASHFS error: lzo decompression failed, data probably corrupt [ 101.705969][ T4230] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 101.729488][ T4784] SQUASHFS error: Failed to read block 0x1c6: -5 [ 101.782516][ T4784] SQUASHFS error: Unable to read metadata cache entry [1c4] [ 101.808192][ T4784] SQUASHFS error: Unable to read inode 0x11f [ 101.965909][ T4230] usb 2-1: Using ep0 maxpacket: 16 [ 102.096342][ T4230] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 102.187874][ T4230] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 102.466916][ T4230] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 102.542925][ T4230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.733122][ T4230] usb 2-1: Product: syz [ 102.840932][ T4230] usb 2-1: Manufacturer: syz [ 103.000194][ T4230] usb 2-1: SerialNumber: syz [ 103.045083][ T4819] loop4: detected capacity change from 0 to 8 [ 103.172317][ T4819] squashfs image failed sanity check [ 103.366143][ T4230] usb 2-1: 0:2 : does not exist [ 103.541985][ T4230] usb 2-1: USB disconnect, device number 6 [ 103.619985][ T4823] loop4: detected capacity change from 0 to 4096 [ 104.425074][ T4823] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 104.425103][ T4823] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 104.425391][ T4823] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 104.425414][ T4823] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 104.425456][ T4823] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 104.427254][ T4823] ntfs: volume version 3.1. [ 104.427288][ T4823] ntfs: (device loop4): ntfs_read_locked_inode(): Inode is not in use! [ 104.427302][ T4823] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 104.427330][ T4823] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 104.506864][ T4555] udevd[4555]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.821158][ T4842] loop4: detected capacity change from 0 to 1024 [ 104.833025][ T4845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.145'. [ 104.833177][ T4845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.145'. [ 105.585424][ T4852] sctp: [Deprecated]: syz.4.149 (pid 4852) Use of struct sctp_assoc_value in delayed_ack socket option. [ 105.585424][ T4852] Use struct sctp_sack_info instead [ 106.590198][ T4873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.153'. [ 106.714532][ T4874] loop1: detected capacity change from 0 to 4096 [ 107.164623][ T1109] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 107.680890][ T4890] loop3: detected capacity change from 0 to 512 [ 107.847570][ T1109] usb 1-1: Using ep0 maxpacket: 8 [ 108.007005][ T1109] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 108.087360][ T1109] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.186011][ T4890] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 108.198211][ T4890] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.259458][ T1109] usb 1-1: config 0 has no interface number 0 [ 108.302970][ T4895] af_packet: tpacket_rcv: packet too big, clamped from 74 to 4294967286. macoff=82 [ 108.546054][ T1109] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 108.575263][ T1109] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.614988][ T1109] usb 1-1: Product: syz [ 108.651011][ T1109] usb 1-1: Manufacturer: syz [ 108.671878][ T1109] usb 1-1: SerialNumber: syz [ 108.712538][ T1109] usb 1-1: config 0 descriptor?? [ 108.736965][ T4903] netlink: 40 bytes leftover after parsing attributes in process `syz.3.162'. [ 108.778314][ T1109] usb 1-1: Found UVC 0.04 device syz (046d:08c3) [ 108.790714][ T1109] usb 1-1: No valid video chain found. [ 108.795170][ T4903] netlink: 32 bytes leftover after parsing attributes in process `syz.3.162'. [ 108.936328][ T4907] FAULT_INJECTION: forcing a failure. [ 108.936328][ T4907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.958166][ T4907] CPU: 0 PID: 4907 Comm: syz.1.164 Not tainted syzkaller #0 [ 108.963314][ T4909] IPVS: ovf: FWM 3 0x00000003 - no destination available [ 108.965496][ T4907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.965510][ T4907] Call Trace: [ 108.965517][ T4907] [ 108.965525][ T4907] dump_stack_lvl+0x188/0x250 [ 108.994313][ T4907] ? show_regs_print_info+0x20/0x20 [ 108.999552][ T4907] ? load_image+0x400/0x400 [ 109.004507][ T4907] ? __lock_acquire+0x7d10/0x7d10 [ 109.009578][ T4907] should_fail+0x38c/0x4c0 [ 109.014042][ T4907] strncpy_from_user+0x32/0x360 [ 109.015060][ T1109] usb 1-1: USB disconnect, device number 4 [ 109.018929][ T4907] getname_flags+0xef/0x500 [ 109.018962][ T4907] __x64_sys_rename+0x5b/0x90 [ 109.018983][ T4907] do_syscall_64+0x4c/0xa0 [ 109.019000][ T4907] ? clear_bhb_loop+0x30/0x80 [ 109.019017][ T4907] ? clear_bhb_loop+0x30/0x80 [ 109.019035][ T4907] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 109.019053][ T4907] RIP: 0033:0x7f2c755b6799 [ 109.019074][ T4907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.079040][ T4907] RSP: 002b:00007f2c73810028 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 109.087492][ T4907] RAX: ffffffffffffffda RBX: 00007f2c7582ffa0 RCX: 00007f2c755b6799 [ 109.095584][ T4907] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000200000000000 [ 109.103597][ T4907] RBP: 00007f2c73810090 R08: 0000000000000000 R09: 0000000000000000 [ 109.111775][ T4907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.119775][ T4907] R13: 00007f2c75830038 R14: 00007f2c7582ffa0 R15: 00007ffe3e1aca78 [ 109.127892][ T4907] [ 109.599219][ T4925] FAULT_INJECTION: forcing a failure. [ 109.599219][ T4925] name failslab, interval 1, probability 0, space 0, times 0 [ 109.621667][ T4925] CPU: 0 PID: 4925 Comm: syz.0.170 Not tainted syzkaller #0 [ 109.629094][ T4925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 109.639538][ T4925] Call Trace: [ 109.643030][ T4925] [ 109.645983][ T4925] dump_stack_lvl+0x188/0x250 [ 109.650792][ T4925] ? show_regs_print_info+0x20/0x20 [ 109.656018][ T4925] ? load_image+0x400/0x400 [ 109.660748][ T4925] ? __might_sleep+0xf0/0xf0 [ 109.665456][ T4925] ? __lock_acquire+0x7d10/0x7d10 [ 109.670523][ T4925] should_fail+0x38c/0x4c0 [ 109.674977][ T4925] should_failslab+0x5/0x20 [ 109.679504][ T4925] slab_pre_alloc_hook+0x51/0xc0 [ 109.682938][ T4919] loop2: detected capacity change from 0 to 32768 [ 109.684459][ T4925] ? ptlock_alloc+0x1c/0x60 [ 109.695435][ T4925] kmem_cache_alloc+0x3d/0x290 [ 109.700243][ T4925] ptlock_alloc+0x1c/0x60 [ 109.704607][ T4925] pte_alloc_one+0xc0/0x310 [ 109.709268][ T4925] ? rcu_lock_release+0x20/0x20 [ 109.714240][ T4925] ? count_memcg_event_mm+0x324/0x370 [ 109.719767][ T4925] ? remove_device_exclusive_entry+0xa90/0xa90 [ 109.725953][ T4925] ? __lock_acquire+0x7d10/0x7d10 [ 109.731023][ T4925] __pte_alloc+0x21/0x150 [ 109.735395][ T4925] handle_mm_fault+0x39b6/0x4410 [ 109.740387][ T4925] ? get_page+0xe0/0xe0 [ 109.744776][ T4925] ? vmacache_find+0x4f0/0x590 [ 109.749583][ T4925] ? vmacache_update+0xa0/0x100 [ 109.754966][ T4925] ? find_vma+0x1df/0x230 [ 109.759412][ T4925] do_user_addr_fault+0x489/0xc80 [ 109.764485][ T4925] exc_page_fault+0x60/0x100 [ 109.769110][ T4925] ? clear_bhb_loop+0x30/0x80 [ 109.774195][ T4925] asm_exc_page_fault+0x22/0x30 [ 109.779341][ T4925] RIP: 0033:0x7f9ca876cb0e [ 109.784181][ T4925] Code: c1 49 39 4f 08 72 54 8d 4d ff 85 ed 74 3b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01 [ 109.804351][ T4925] RSP: 002b:00007f9ca6b0e470 EFLAGS: 00010246 [ 109.810453][ T4925] RAX: 0000000000000001 RBX: 00007f9ca6b0e530 RCX: 0000000000000101 [ 109.818459][ T4925] RDX: 0000000000000070 RSI: 0000000000000001 RDI: 00007f9ca6b0e5d0 [ 109.826459][ T4925] RBP: 0000000000000102 R08: 00007f9c9e6ef000 R09: 0000000000000000 [ 109.834849][ T4925] R10: 0000000000000000 R11: 00007f9ca6b0e540 R12: 0000000000000001 [ 109.842850][ T4925] R13: 00007f9ca896b320 R14: 0000000000000000 R15: 00007f9ca6b0e5d0 [ 109.850866][ T4925] [ 109.869905][ T4925] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 109.877532][ T4919] xfs: Unknown parameter 'no' [ 110.323961][ T4925] loop0: detected capacity change from 0 to 4096 [ 110.475602][ T4925] EXT4-fs (loop0): inline encryption not supported [ 110.793026][ T4925] EXT4-fs (loop0): Test dummy encryption mode enabled [ 110.893543][ T4925] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 110.945959][ T4925] System zones: 0-5 [ 110.980316][ T4933] loop3: detected capacity change from 0 to 4096 [ 110.987438][ T4925] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback. [ 111.115970][ T4933] EXT4-fs (loop3): inline encryption not supported [ 111.122790][ T4933] EXT4-fs (loop3): Test dummy encryption mode enabled [ 111.156066][ T4933] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 111.214104][ T4933] System zones: 0-5 [ 111.225951][ T4933] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback. [ 111.485289][ T4961] loop4: detected capacity change from 0 to 4096 [ 111.542014][ T4961] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 111.591994][ T4961] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 111.644441][ T4967] loop0: detected capacity change from 0 to 4096 [ 111.671412][ T4961] ntfs: (device loop4): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x0, type 0xb0, name_len 0). Marking corrupt inode and base inode 0x0 as bad. Run chkdsk. [ 111.775476][ T4961] ntfs: (device loop4): load_system_files(): Failed to load $MFT/$BITMAP attribute. [ 111.797872][ T4961] ntfs: (device loop4): ntfs_fill_super(): Failed to load system files. [ 111.843765][ T4977] FAULT_INJECTION: forcing a failure. [ 111.843765][ T4977] name failslab, interval 1, probability 0, space 0, times 0 [ 111.934070][ T4982] loop1: detected capacity change from 0 to 1024 [ 112.012799][ T4977] CPU: 0 PID: 4977 Comm: syz.0.184 Not tainted syzkaller #0 [ 112.020447][ T4977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.030529][ T4977] Call Trace: [ 112.033826][ T4977] [ 112.036762][ T4977] dump_stack_lvl+0x188/0x250 [ 112.041623][ T4977] ? show_regs_print_info+0x20/0x20 [ 112.046820][ T4977] ? load_image+0x400/0x400 [ 112.052283][ T4977] ? __might_sleep+0xf0/0xf0 [ 112.056963][ T4977] ? __lock_acquire+0x7d10/0x7d10 [ 112.062079][ T4977] should_fail+0x38c/0x4c0 [ 112.066509][ T4977] should_failslab+0x5/0x20 [ 112.071047][ T4977] slab_pre_alloc_hook+0x51/0xc0 [ 112.076256][ T4977] kmem_cache_alloc_trace+0x47/0x2a0 [ 112.081629][ T4977] ? __request_region+0x5b/0xd0 [ 112.086657][ T4977] __request_region+0x5b/0xd0 [ 112.091423][ T4977] comedi_request_region+0x69/0x170 [ 112.096632][ T4977] adq12b_attach+0x48/0x5d0 [ 112.101314][ T4977] comedi_device_attach+0x514/0x700 [ 112.106517][ T4977] comedi_unlocked_ioctl+0x67c/0x1210 [ 112.112012][ T4977] ? kfree+0xef/0x2a0 [ 112.115992][ T4977] ? comedi_poll+0x8d0/0x8d0 [ 112.120629][ T4977] ? bpf_lsm_file_ioctl+0x5/0x10 [ 112.125576][ T4977] ? security_file_ioctl+0x7c/0xa0 [ 112.130687][ T4977] ? comedi_poll+0x8d0/0x8d0 [ 112.135276][ T4977] __se_sys_ioctl+0xfa/0x170 [ 112.139869][ T4977] do_syscall_64+0x4c/0xa0 [ 112.144281][ T4977] ? clear_bhb_loop+0x30/0x80 [ 112.148957][ T4977] ? clear_bhb_loop+0x30/0x80 [ 112.153809][ T4977] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 112.159925][ T4977] RIP: 0033:0x7f9ca88b5799 [ 112.164430][ T4977] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.184749][ T4977] RSP: 002b:00007f9ca6b0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.193338][ T4977] RAX: ffffffffffffffda RBX: 00007f9ca8b2efa0 RCX: 00007f9ca88b5799 [ 112.201490][ T4977] RDX: 0000200000000300 RSI: 0000000040946400 RDI: 0000000000000003 [ 112.209544][ T4977] RBP: 00007f9ca6b0f090 R08: 0000000000000000 R09: 0000000000000000 [ 112.217601][ T4977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.225741][ T4977] R13: 00007f9ca8b2f038 R14: 00007f9ca8b2efa0 R15: 00007ffe70a47718 [ 112.233845][ T4977] [ 112.264375][ T4961] netlink: 32 bytes leftover after parsing attributes in process `syz.4.178'. [ 112.396745][ T4989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.186'. [ 112.503964][ T5005] FAULT_INJECTION: forcing a failure. [ 112.503964][ T5005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.605294][ T4977] comedi comedi1: adq12b: I/O port conflict (0x4f23,16) [ 112.677422][ T5005] CPU: 1 PID: 5005 Comm: syz.4.187 Not tainted syzkaller #0 [ 112.684763][ T5005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.694851][ T5005] Call Trace: [ 112.698160][ T5005] [ 112.701180][ T5005] dump_stack_lvl+0x188/0x250 [ 112.705889][ T5005] ? show_regs_print_info+0x20/0x20 [ 112.711126][ T5005] ? load_image+0x400/0x400 [ 112.715888][ T5005] ? __lock_acquire+0x7d10/0x7d10 [ 112.721185][ T5005] should_fail+0x38c/0x4c0 [ 112.725736][ T5005] _copy_from_user+0x2e/0x170 [ 112.730578][ T5005] iovec_from_user+0x142/0x370 [ 112.735386][ T5005] __import_iovec+0x70/0x490 [ 112.740364][ T5005] import_iovec+0x6f/0xa0 [ 112.744932][ T5005] ___sys_sendmsg+0x1fd/0x2e0 [ 112.749912][ T5005] ? __sys_sendmsg+0x2a0/0x2a0 [ 112.754964][ T5005] ? vfs_write+0x8b2/0xd60 [ 112.759616][ T5005] __se_sys_sendmsg+0x1af/0x290 [ 112.764593][ T5005] ? __x64_sys_sendmsg+0x80/0x80 [ 112.769984][ T5005] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 112.776635][ T5005] ? lockdep_hardirqs_on+0x94/0x140 [ 112.782328][ T5005] do_syscall_64+0x4c/0xa0 [ 112.786870][ T5005] ? clear_bhb_loop+0x30/0x80 [ 112.791755][ T5005] ? clear_bhb_loop+0x30/0x80 [ 112.796724][ T5005] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 112.802796][ T5005] RIP: 0033:0x7f5b5767e799 [ 112.807346][ T5005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.827505][ T5005] RSP: 002b:00007f5b558d8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.835951][ T5005] RAX: ffffffffffffffda RBX: 00007f5b578f7fa0 RCX: 00007f5b5767e799 [ 112.843951][ T5005] RDX: 0000000000000004 RSI: 0000200000000380 RDI: 0000000000000003 [ 112.847899][ T4982] fuse: Bad value for 'fd' [ 112.852034][ T5005] RBP: 00007f5b558d8090 R08: 0000000000000000 R09: 0000000000000000 [ 112.864889][ T5005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.872922][ T5005] R13: 00007f5b578f8038 R14: 00007f5b578f7fa0 R15: 00007ffc99979f78 [ 112.881048][ T5005] [ 113.139595][ T5029] loop2: detected capacity change from 0 to 4096 [ 113.227142][ T5034] loop1: detected capacity change from 0 to 128 [ 113.257296][ T5035] loop0: detected capacity change from 0 to 256 [ 113.263980][ T5029] EXT4-fs (loop2): unsupported descriptor size 0 [ 113.308955][ T5034] EXT4-fs (loop1): Test dummy encryption mode enabled [ 113.328830][ T5035] exfat: Deprecated parameter 'namecase' [ 113.355069][ T5035] exfat: Deprecated parameter 'namecase' [ 113.733502][ T5034] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption=v1,max_dir_size_kb=0x0000000000000002,errors=continue,nogrpid,init_itable=0x0000000000000005,,errors=continue. Quota mode: none. [ 113.763157][ T5035] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 114.198347][ T5034] ext4 filesystem being mounted at /37/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 114.345487][ T5035] attempt to access beyond end of device [ 114.345487][ T5035] loop0: rw=0, want=34225520825, limit=256 [ 114.394095][ T5044] Invalid ELF header type: 0 != 1 [ 114.660949][ T5034] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 114.898433][ T5062] netlink: 8 bytes leftover after parsing attributes in process `syz.2.194'. [ 115.205941][ T4229] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 115.377207][ T5067] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 115.437903][ T5070] IPv6: NLM_F_CREATE should be specified when creating new route [ 115.464753][ T5067] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 115.488567][ T4229] usb 1-1: Using ep0 maxpacket: 32 [ 116.689425][ T5069] netlink: 23 bytes leftover after parsing attributes in process `syz.3.200'. [ 116.706035][ T4229] usb 1-1: config 0 has an invalid interface number: 188 but max is 0 [ 116.846075][ T1109] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 117.067231][ T1109] usb 5-1: device descriptor read/64, error -71 [ 117.346182][ T1109] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 117.419218][ T5091] loop1: detected capacity change from 0 to 128 [ 117.483357][ T4229] usb 1-1: config 0 has no interface number 0 [ 117.489752][ T4229] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 117.536023][ T1109] usb 5-1: device descriptor read/64, error -71 [ 117.631602][ T5095] loop2: detected capacity change from 0 to 256 [ 117.656185][ T1109] usb usb5-port1: attempt power cycle [ 117.656583][ T5095] exfat: Deprecated parameter 'namecase' [ 117.670425][ T4229] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 117.683035][ T4229] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.692244][ T5095] exfat: Deprecated parameter 'namecase' [ 117.709556][ T4229] usb 1-1: Product: syz [ 117.713802][ T4229] usb 1-1: Manufacturer: syz [ 117.737217][ T5101] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 117.743756][ T4229] usb 1-1: SerialNumber: syz [ 117.790471][ T4229] usb 1-1: config 0 descriptor?? [ 117.811417][ T5095] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 117.852558][ T4229] usb 1-1: can't set config #0, error -71 [ 117.882032][ T4229] usb 1-1: USB disconnect, device number 5 [ 117.920147][ T5095] attempt to access beyond end of device [ 117.920147][ T5095] loop2: rw=0, want=34225520825, limit=256 [ 117.937147][ T5105] netlink: 8 bytes leftover after parsing attributes in process `syz.0.210'. [ 118.066064][ T1109] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 118.166403][ T1109] usb 5-1: device descriptor read/8, error -71 [ 118.435928][ T1109] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 118.536235][ T1109] usb 5-1: device descriptor read/8, error -71 [ 118.603224][ T5100] loop1: detected capacity change from 0 to 32768 [ 118.656216][ T1109] usb usb5-port1: unable to enumerate USB device [ 118.662710][ T5120] Cannot find add_set index 0 as target [ 118.710535][ T5116] loop2: detected capacity change from 0 to 2048 [ 118.722467][ T5100] XFS (loop1): Mounting V5 Filesystem [ 118.940494][ T5100] XFS (loop1): Ending clean mount [ 119.033325][ T5100] XFS (loop1): Quotacheck needed: Please wait. [ 119.067265][ T5132] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 119.114710][ T5116] NILFS error (device loop2): nilfs_lookup: deleted inode referenced: 12 [ 119.153332][ T5116] Remounting filesystem read-only [ 119.251261][ T5100] XFS (loop1): Quotacheck: Done. [ 119.284387][ T5100] XFS (loop1): User initiated shutdown received. [ 119.313226][ T5100] XFS (loop1): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495). Shutting down filesystem. [ 119.415356][ T5100] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 120.318532][ T5144] afs: Unknown parameter 'obj_user' [ 120.426073][ T5142] loop4: detected capacity change from 0 to 4096 [ 120.457660][ T5146] comedi comedi4: bad chanlist[0]=0x00000008 chan=8 range length=2 [ 120.515858][ T1109] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 120.538203][ T5142] NILFS (loop4): unrecognized mount option "2" [ 120.776726][ T1109] usb 2-1: Using ep0 maxpacket: 16 [ 120.827526][ T5159] loop4: detected capacity change from 0 to 512 [ 120.836007][ T4192] XFS (loop1): Unmounting Filesystem [ 120.846024][ T1109] usb 2-1: device descriptor read/all, error -71 [ 120.963508][ T5159] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 121.001021][ T5159] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.568072][ T5150] loop2: detected capacity change from 0 to 32768 [ 121.744959][ T5150] XFS (loop2): Mounting V5 Filesystem [ 122.040510][ T5150] XFS (loop2): Ending clean mount [ 122.138179][ T5150] XFS (loop2): Quotacheck needed: Please wait. [ 122.334906][ T5196] loop4: detected capacity change from 0 to 128 [ 122.483242][ T5198] netlink: 8 bytes leftover after parsing attributes in process `syz.0.232'. [ 122.548017][ T5150] XFS (loop2): Quotacheck: Done. [ 122.649860][ T5196] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 123.097656][ T5150] XFS (loop2): User initiated shutdown received. [ 123.142988][ T5150] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495). Shutting down filesystem. [ 123.313064][ T5202] loop1: detected capacity change from 0 to 128 [ 123.385943][ T5202] FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value [ 123.405867][ T5150] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 124.124999][ T4186] XFS (loop2): Unmounting Filesystem [ 124.586840][ T5207] loop4: detected capacity change from 0 to 8192 [ 124.698146][ T5207] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 124.726157][ T5207] REISERFS (device loop4): using ordered data mode [ 124.733170][ T5207] reiserfs: using flush barriers [ 124.824104][ T5207] REISERFS warning (device loop4): sh-463 check_advise_trans_params: bad transaction max batch (1505). FSCK? [ 125.297834][ T5223] netlink: 'syz.4.240': attribute type 21 has an invalid length. [ 125.310228][ T5223] netlink: 128 bytes leftover after parsing attributes in process `syz.4.240'. [ 125.342246][ T5223] netlink: 'syz.4.240': attribute type 4 has an invalid length. [ 125.362557][ T5223] netlink: 'syz.4.240': attribute type 3 has an invalid length. [ 125.374050][ T5223] netlink: 3 bytes leftover after parsing attributes in process `syz.4.240'. [ 125.491500][ T5230] loop4: detected capacity change from 0 to 8 [ 125.541085][ T5218] netlink: 'syz.3.238': attribute type 8 has an invalid length. [ 125.552663][ T5230] SQUASHFS error: zlib decompression failed, data probably corrupt [ 125.576073][ T5230] SQUASHFS error: Failed to read block 0x9b: -5 [ 125.582715][ T5230] SQUASHFS error: Unable to read metadata cache entry [99] [ 125.625571][ T5230] SQUASHFS error: Unable to read inode 0x127 [ 126.135262][ T5247] loop4: detected capacity change from 0 to 128 [ 126.308536][ T5247] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 126.343990][ T5242] loop0: detected capacity change from 0 to 4096 [ 126.419414][ T5242] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 126.696404][ T5242] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 127.772500][ T5263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.252'. [ 128.645821][ T5281] loop2: detected capacity change from 0 to 512 [ 129.023126][ T5281] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 129.487684][ T5281] block device autoloading is deprecated and will be removed. [ 129.501482][ T5281] EXT4-fs (loop2): external journal has bad superblock [ 131.374985][ T5308] hpfs: Bad magic ... probably not HPFS [ 131.445991][ T5304] loop2: detected capacity change from 0 to 512 [ 131.575257][ T5304] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 131.628126][ T5304] EXT4-fs (loop2): orphan cleanup on readonly fs [ 131.719608][ T5304] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3887: comm syz.2.266: Allocating blocks 41-42 which overlap fs metadata [ 131.795249][ T5304] EXT4-fs (loop2): Remounting filesystem read-only [ 131.808060][ T5315] loop1: detected capacity change from 0 to 64 [ 131.851220][ T5304] Quota error (device loop2): write_blk: dquota write failed [ 131.874782][ T5304] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 131.896862][ T5304] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.266: Failed to acquire dquot type 0 [ 131.907042][ T5315] hfs: creator requires a 4 character value [ 131.936598][ T5315] hfs: unable to parse mount options [ 131.986476][ T5304] EXT4-fs (loop2): Remounting filesystem read-only [ 132.017306][ T5304] EXT4-fs error (device loop2): mb_free_blocks:1876: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 132.091306][ T5304] EXT4-fs (loop2): Remounting filesystem read-only [ 132.119197][ T7] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 132.139493][ T5304] EXT4-fs (loop2): 1 truncate cleaned up [ 132.166814][ T5304] EXT4-fs (loop2): pa ffff888074780620: logic 1, phys. 41, len 23 [ 132.175670][ T5304] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4904: group 0, free 22, pa_free 23 [ 132.220528][ T5304] EXT4-fs (loop2): Remounting filesystem read-only [ 132.245126][ T5304] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000005,noblock_validity,usrquota,grpjquota=,nogrpid,errors=remount-ro,grpjquota=,i_version,resuid=0x00000000000000002. Quota mode: writeback. [ 132.541846][ T5332] tipc: Enabling of bearer rejected, failed to enable media [ 132.551352][ T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.574356][ T7] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 132.646295][ T7] usb 1-1: language id specifier not provided by device, defaulting to English [ 132.657426][ T4229] kernel write not supported for file /snd/midiC2D0 (pid: 4229 comm: kworker/0:4) [ 132.684748][ T4229] kernel write not supported for file /snd/midiC2D0 (pid: 4229 comm: kworker/0:4) [ 132.782126][ T5337] loop2: detected capacity change from 0 to 512 [ 132.817858][ T7] usb 1-1: New USB device found, idVendor=0b05, idProduct=17eb, bcdDevice=da.a4 [ 132.840989][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.878193][ T7] usb 1-1: Product: syz [ 132.891263][ T7] usb 1-1: Manufacturer: 쇔軣翳┩íœë‰¡é–¢á‡ºî¬ºä½ƒãº»à¬”倠ãªå‡¯ã—¦â½¤È«â­¦ï¹”瞷𺘩 [ 132.931040][ T7] usb 1-1: SerialNumber: syz [ 132.967682][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.974585][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.132517][ T5337] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 133.319963][ T5337] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.966300][ T7] usb 1-1: USB disconnect, device number 6 [ 134.212983][ T5357] netlink: 8 bytes leftover after parsing attributes in process `syz.0.283'. [ 135.331315][ T5375] netlink: 8 bytes leftover after parsing attributes in process `syz.3.290'. [ 135.384510][ T5374] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 135.417675][ T5374] SQUASHFS error: Failed to read block 0x0: -5 [ 135.447727][ T5374] netlink: 'syz.2.291': attribute type 32 has an invalid length. [ 135.475724][ T5371] loop0: detected capacity change from 0 to 8192 [ 135.483239][ T5365] loop1: detected capacity change from 0 to 32768 [ 135.518058][ T5365] xfs: Unknown parameter 'barrier' [ 135.556093][ T5371] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 135.593862][ T5365] netlink: 16 bytes leftover after parsing attributes in process `syz.1.287'. [ 135.615958][ T5371] REISERFS (device loop0): using ordered data mode [ 135.622663][ T5371] reiserfs: using flush barriers [ 135.652704][ T5362] loop4: detected capacity change from 0 to 40427 [ 135.707743][ T5371] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 135.712025][ T5384] loop2: detected capacity change from 0 to 128 [ 135.774605][ T5362] F2FS-fs (loop4): Fix alignment : done, start(4096) end(16896) block(12288) [ 135.803676][ T5362] F2FS-fs (loop4): Fix alignment : done, start(4096) end(16896) block(12288) [ 135.813825][ T5371] REISERFS (device loop0): checking transaction log (loop0) [ 135.818856][ T5384] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 135.825083][ T5362] F2FS-fs (loop4): invalid crc value [ 135.842969][ T5362] F2FS-fs (loop4): invalid crc value [ 135.848544][ T5362] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 135.894138][ T5384] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 135.959000][ T5365] loop1: detected capacity change from 0 to 4096 [ 136.158297][ T5371] REISERFS (device loop0): Using tea hash to sort names [ 136.286384][ T5371] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 136.317636][ T5371] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 137.865587][ T5409] netlink: 8 bytes leftover after parsing attributes in process `syz.1.299'. [ 138.305065][ T5402] loop2: detected capacity change from 0 to 4096 [ 139.891642][ T5433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'. [ 139.961394][ T5436] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.306'. [ 141.166904][ T5449] loop4: detected capacity change from 0 to 512 [ 141.289816][ T5449] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 141.290081][ T5449] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.238755][ T5476] loop4: detected capacity change from 0 to 8192 [ 142.260854][ T5490] FAULT_INJECTION: forcing a failure. [ 142.260854][ T5490] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.303028][ T5476] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 142.326153][ T5476] REISERFS (device loop4): using ordered data mode [ 142.347845][ T5476] reiserfs: using flush barriers [ 142.383025][ T5476] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 142.470313][ T5495] loop2: detected capacity change from 0 to 128 [ 142.500695][ T5490] CPU: 0 PID: 5490 Comm: syz.0.318 Not tainted syzkaller #0 [ 142.508227][ T5490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 142.518713][ T5490] Call Trace: [ 142.522088][ T5490] [ 142.525133][ T5490] dump_stack_lvl+0x188/0x250 [ 142.529851][ T5490] ? show_regs_print_info+0x20/0x20 [ 142.535262][ T5490] ? load_image+0x400/0x400 [ 142.540058][ T5490] ? __lock_acquire+0x7d10/0x7d10 [ 142.545135][ T5490] ? drm_dev_dbg+0x1e0/0x1e0 [ 142.549887][ T5490] should_fail+0x38c/0x4c0 [ 142.554357][ T5490] _copy_from_user+0x2e/0x170 [ 142.559071][ T5490] drm_ioctl+0x5a5/0xa10 [ 142.563342][ T5490] ? drm_gem_close_ioctl+0x110/0x110 [ 142.567473][ T5476] REISERFS (device loop4): checking transaction log (loop4) [ 142.568656][ T5490] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 142.580989][ T5490] ? bpf_lsm_file_ioctl+0x5/0x10 [ 142.586089][ T5490] ? security_file_ioctl+0x7c/0xa0 [ 142.591243][ T5490] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 142.596324][ T5490] __se_sys_ioctl+0xfa/0x170 [ 142.600963][ T5490] do_syscall_64+0x4c/0xa0 [ 142.605416][ T5490] ? clear_bhb_loop+0x30/0x80 [ 142.610125][ T5490] ? clear_bhb_loop+0x30/0x80 [ 142.614837][ T5490] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 142.620857][ T5490] RIP: 0033:0x7f9ca88b5799 [ 142.625397][ T5490] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.645225][ T5490] RSP: 002b:00007f9ca6b0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.653777][ T5490] RAX: ffffffffffffffda RBX: 00007f9ca8b2efa0 RCX: 00007f9ca88b5799 [ 142.662171][ T5490] RDX: 00002000000000c0 RSI: 00000000c008640a RDI: 0000000000000003 [ 142.670262][ T5490] RBP: 00007f9ca6b0f090 R08: 0000000000000000 R09: 0000000000000000 [ 142.678295][ T5490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.686391][ T5490] R13: 00007f9ca8b2f038 R14: 00007f9ca8b2efa0 R15: 00007ffe70a47718 [ 142.694499][ T5490] [ 142.697657][ C0] vkms_vblank_simulate: vblank timer overrun [ 142.765421][ T5476] REISERFS (device loop4): Using tea hash to sort names [ 142.793678][ T5476] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 142.911024][ T5476] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 143.303907][ T5507] loop1: detected capacity change from 0 to 1024 [ 143.353510][ T5507] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (38034!=20869) [ 143.459262][ T5507] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000e11d, mo2=0002] [ 143.494592][ T5507] System zones: 0-1, 2-3, 5-36, 22-22, 98-101, 102-102 [ 143.552119][ T5507] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,debug,norecovery,grpid,nodelalloc,,errors=continue. Quota mode: writeback. [ 143.708800][ T5507] comedi comedi3: pcmmio: I/O port conflict (0x4f28,32) [ 143.961013][ T5520] loop2: detected capacity change from 0 to 512 [ 144.037147][ T5520] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 144.044696][ T5520] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 144.131698][ T5497] netlink: 36 bytes leftover after parsing attributes in process `syz.0.322'. [ 144.275725][ T5520] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 144.286087][ T5520] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 144.336095][ T5520] EXT4-fs (loop2): 1 truncate cleaned up [ 144.352571][ T5520] EXT4-fs (loop2): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,mblk_io_submit,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback. [ 144.541619][ T5532] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 144.568445][ T5532] IPVS: set_ctl: invalid protocol: 25647 47.107.118.109:0 [ 144.576256][ T5520] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #2: block 4: comm syz.2.331: lblock 0 mapped to illegal pblock 4 (length 1) [ 144.629436][ T5520] EXT4-fs (loop2): Remounting filesystem read-only [ 145.810391][ T5545] loop0: detected capacity change from 0 to 256 [ 146.318365][ T5522] loop1: detected capacity change from 0 to 32768 [ 146.408688][ T5522] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 146.437162][ T5522] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 146.560508][ T5522] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 146.614266][ T4228] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 146.642154][ T4228] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 146.836345][ T4228] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 194ms [ 146.876674][ T4228] gfs2: fsid=syz:syz.0: jid=0: Done [ 146.883825][ T5522] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 147.087111][ T5561] loop0: detected capacity change from 0 to 32768 [ 147.172530][ T5574] loop2: detected capacity change from 0 to 256 [ 147.183394][ T5561] XFS (loop0): Invalid device [./file1], error=-15 [ 147.271756][ T5574] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 147.311813][ T5561] tipc: Failed to remove unknown binding: 66,1,1/0:2154577413/2154577415 [ 147.321054][ T5561] tipc: Failed to remove unknown binding: 66,1,1/0:2154577413/2154577415 [ 147.369747][ T5566] loop4: detected capacity change from 0 to 32768 [ 147.384231][ T5561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.343'. [ 147.587231][ T5566] (syz.4.345,5566,0):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 147.666345][ T5566] (syz.4.345,5566,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 148.679606][ T5584] netlink: 8 bytes leftover after parsing attributes in process `syz.0.350'. [ 148.900341][ T4262] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 149.014539][ T5589] netlink: 256 bytes leftover after parsing attributes in process `syz.4.352'. [ 149.168593][ T4262] usb 3-1: Using ep0 maxpacket: 32 [ 149.306400][ T4262] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 31905, setting to 1024 [ 149.355031][ T4262] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 149.511924][ T5593] binder: 5590:5593 ioctl c0306201 2000000003c0 returned -14 [ 150.385986][ T4262] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 150.400140][ T4262] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 150.417659][ T4262] usb 3-1: Product: syz [ 150.427834][ T4262] usb 3-1: Manufacturer: syz [ 150.437148][ T4262] usb 3-1: SerialNumber: syz [ 150.452611][ T5604] loop1: detected capacity change from 0 to 8192 [ 150.536529][ T4262] usb 3-1: config 0 descriptor?? [ 154.006111][ T4262] usb 3-1: can't set config #0, error -71 [ 154.029740][ T4262] usb 3-1: USB disconnect, device number 4 [ 155.150174][ T26] audit: type=1800 audit(1772358973.486:4): pid=5622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.362" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 155.150484][ T5622] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 155.180579][ T5622] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 155.190814][ T5622] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 155.516659][ T5629] netlink: 36 bytes leftover after parsing attributes in process `syz.4.364'. [ 156.600314][ T5644] loop2: detected capacity change from 0 to 128 [ 156.609213][ T5644] FAT-fs (loop2): Unrecognized mount option "nnonumtail=1" or missing value [ 156.718310][ T5642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.367'. [ 159.759879][ T5670] FAULT_INJECTION: forcing a failure. [ 159.759879][ T5670] name failslab, interval 1, probability 0, space 0, times 0 [ 159.774345][ T5670] CPU: 0 PID: 5670 Comm: syz.0.376 Not tainted syzkaller #0 [ 159.781941][ T5670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 159.792120][ T5670] Call Trace: [ 159.795569][ T5670] [ 159.798656][ T5670] dump_stack_lvl+0x188/0x250 [ 159.803555][ T5670] ? show_regs_print_info+0x20/0x20 [ 159.808808][ T5670] ? load_image+0x400/0x400 [ 159.813355][ T5670] should_fail+0x38c/0x4c0 [ 159.817875][ T5670] should_failslab+0x5/0x20 [ 159.822764][ T5670] slab_pre_alloc_hook+0x51/0xc0 [ 159.827759][ T5670] ? anon_vma_clone+0xbd/0x4f0 [ 159.832528][ T5670] kmem_cache_alloc+0x3d/0x290 [ 159.837295][ T5670] anon_vma_clone+0xbd/0x4f0 [ 159.841909][ T5670] __split_vma+0x1ab/0x410 [ 159.846328][ T5670] ? find_vma+0x1df/0x230 [ 159.850683][ T5670] __do_munmap+0x3fe/0xdf0 [ 159.855195][ T5670] mmap_region+0x8b4/0x1650 [ 159.859797][ T5670] ? bpf_lsm_mmap_addr+0x5/0x10 [ 159.864659][ T5670] do_mmap+0x819/0xe90 [ 159.868759][ T5670] vm_mmap_pgoff+0x1c1/0x2d0 [ 159.873366][ T5670] ? account_locked_vm+0xe0/0xe0 [ 159.878317][ T5670] ? __fget_files+0x40f/0x480 [ 159.883108][ T5670] ksys_mmap_pgoff+0x54b/0x790 [ 159.887901][ T5670] ? mmap_region+0x1650/0x1650 [ 159.892823][ T5670] ? lockdep_hardirqs_on+0x94/0x140 [ 159.898158][ T5670] do_syscall_64+0x4c/0xa0 [ 159.902878][ T5670] ? clear_bhb_loop+0x30/0x80 [ 159.907745][ T5670] ? clear_bhb_loop+0x30/0x80 [ 159.912632][ T5670] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 159.919358][ T5670] RIP: 0033:0x7f9ca88b5799 [ 159.923819][ T5670] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.943582][ T5670] RSP: 002b:00007f9ca6aee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 159.952041][ T5670] RAX: ffffffffffffffda RBX: 00007f9ca8b2f090 RCX: 00007f9ca88b5799 [ 159.960145][ T5670] RDX: a8ca3411d3c26009 RSI: 0000000000002000 RDI: 0000200000018000 [ 159.968155][ T5670] RBP: 00007f9ca6aee090 R08: 0000000000000003 R09: 0000000022e7c000 [ 159.976245][ T5670] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000001 [ 159.984769][ T5670] R13: 00007f9ca8b2f128 R14: 00007f9ca8b2f090 R15: 00007ffe70a47718 [ 159.993058][ T5670] [ 160.071744][ T5675] loop4: detected capacity change from 0 to 128 [ 160.178734][ T5675] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 162.230822][ T5704] loop1: detected capacity change from 0 to 512 [ 162.422330][ T5704] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 162.435363][ T5704] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.418138][ T5697] loop4: detected capacity change from 0 to 32768 [ 163.515601][ T5697] [ 163.515601][ T5697] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.515601][ T5697] [ 163.603893][ T5697] jfs_rename: dtInsert returned -EIO [ 163.719395][ T5697] jfs_create: dtInsert returned -EIO [ 163.725237][ T5697] ERROR: (device loop4): jfs_create: [ 163.725237][ T5697] [ 163.765166][ T5697] ERROR: (device loop4): remounting filesystem as read-only [ 163.774405][ T5699] loop2: detected capacity change from 0 to 32768 [ 163.805940][ T1109] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 163.862195][ T5699] XFS (loop2): Mounting V5 Filesystem [ 164.046168][ T5699] XFS (loop2): Ending clean mount [ 164.055623][ T5699] XFS (loop2): Quotacheck needed: Please wait. [ 164.124386][ T5699] XFS (loop2): Quotacheck: Done. [ 164.585873][ T1109] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.635893][ T1109] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 164.856094][ T1109] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 164.890775][ T1109] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.951506][ T1109] usb 2-1: Product: syz [ 164.975819][ T1109] usb 2-1: Manufacturer: syz [ 165.002296][ T1109] usb 2-1: SerialNumber: syz [ 165.050816][ T5732] loop4: detected capacity change from 0 to 16 [ 165.088893][ T1109] cdc_mbim 2-1:1.0: skipping garbage [ 165.129232][ T5732] erofs: (device loop4): mounted with root inode @ nid 36. [ 165.292927][ T5716] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 165.392059][ T4186] XFS (loop2): Unmounting Filesystem [ 165.559295][ T5732] attempt to access beyond end of device [ 165.559295][ T5732] loop4: rw=0, want=34359738368, limit=16 [ 165.978086][ T5716] udc-core: couldn't find an available UDC or it's busy [ 165.990433][ T5716] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 166.122738][ T5737] udc-core: couldn't find an available UDC or it's busy [ 166.205971][ T5737] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 166.276067][ T5716] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 166.403672][ T1109] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 166.492937][ T5747] loop0: detected capacity change from 0 to 2048 [ 166.514952][ T1109] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 16:2e:55:4c:81:43 [ 166.518360][ T5750] loop4: detected capacity change from 0 to 128 [ 166.567630][ T5750] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 166.603906][ T1109] usb 2-1: USB disconnect, device number 9 [ 166.616829][ T5747] UDF-fs: error (device loop0): udf_load_logicalvol: error loading logical volume descriptor: Partition table too long (2048 > 72) [ 166.670906][ T1109] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 166.676963][ T5747] UDF-fs: Scanning with blocksize 512 failed [ 166.744712][ T5747] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 166.756409][ T5747] UDF-fs: Scanning with blocksize 1024 failed [ 166.829497][ T5751] loop2: detected capacity change from 0 to 8192 [ 166.868423][ T5747] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 166.974052][ T5747] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 166.976864][ T5751] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 166.984832][ T5747] UDF-fs: Scanning with blocksize 2048 failed [ 166.994773][ T5751] REISERFS (device loop2): using ordered data mode [ 167.006441][ T5751] reiserfs: using flush barriers [ 167.018677][ T5747] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 167.135106][ T5747] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 167.219354][ T5747] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 167.258560][ T5747] UDF-fs: Scanning with blocksize 4096 failed [ 167.291653][ T5747] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 167.522468][ T5751] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 167.603285][ T5751] REISERFS (device loop2): checking transaction log (loop2) [ 167.765020][ T5766] tmpfs: Bad value for 'nr_inodes' [ 168.030610][ T5751] REISERFS (device loop2): Using tea hash to sort names [ 168.047649][ T5751] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 168.142912][ T5751] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 168.331240][ T5777] loop0: detected capacity change from 0 to 32768 [ 168.419711][ T5777] XFS (loop0): Mounting V5 Filesystem [ 168.440805][ T5792] loop4: detected capacity change from 0 to 128 [ 168.509070][ T5777] XFS (loop0): Ending clean mount [ 168.563031][ T5777] XFS (loop0): Quotacheck needed: Please wait. [ 168.586760][ T5792] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 168.592031][ T5794] loop1: detected capacity change from 0 to 4096 [ 168.608342][ T5792] ext4 filesystem being mounted at /82/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 168.745394][ T5794] ntfs3: Unknown parameter 'io€harset' [ 168.830823][ T5777] XFS (loop0): Quotacheck: Done. [ 168.841491][ T26] audit: type=1800 audit(1772358987.176:5): pid=5777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.403" name="file2" dev="loop0" ino=9287 res=0 errno=0 [ 168.867467][ T5777] netlink: 9188 bytes leftover after parsing attributes in process `syz.0.403'. [ 169.664658][ T4185] XFS (loop0): Unmounting Filesystem [ 169.886774][ T5813] netlink: 20 bytes leftover after parsing attributes in process `syz.3.412'. [ 169.928914][ T5815] binder: 5814:5815 ioctl c0306201 0 returned -14 [ 169.937536][ T5813] libceph: resolve 'c' (ret=-3): failed [ 170.159288][ T5823] netlink: 44 bytes leftover after parsing attributes in process `syz.2.415'. [ 170.250680][ T5832] loop0: detected capacity change from 0 to 64 [ 170.343931][ T5832] hfs: unable to parse mount options [ 170.936014][ T4262] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 171.254107][ T5840] loop1: detected capacity change from 0 to 24 [ 171.322289][ T5840] romfs: Unknown parameter '' [ 171.387520][ T5842] loop2: detected capacity change from 0 to 8192 [ 171.431121][ T4262] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.444538][ T4262] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.457268][ T4262] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 171.480383][ T4262] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 171.494780][ T5842] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 171.504367][ T5842] REISERFS (device loop2): using ordered data mode [ 171.511663][ T4262] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.520464][ T5842] reiserfs: using flush barriers [ 171.526856][ T5842] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 171.550745][ T4262] usb 1-1: config 0 descriptor?? [ 171.565012][ T5842] REISERFS (device loop2): checking transaction log (loop2) [ 171.717065][ T5842] REISERFS (device loop2): Using tea hash to sort names [ 171.724545][ T5842] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 171.738868][ T5842] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 171.864267][ T5857] loop1: detected capacity change from 0 to 4096 [ 172.018307][ T5832] binder: BINDER_SET_CONTEXT_MGR already set [ 172.036213][ T5832] binder: 5831:5832 ioctl 4018620d 200000004a80 returned -16 [ 172.190260][ T4262] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 172.245434][ T4262] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 172.494891][ T5870] netlink: 8 bytes leftover after parsing attributes in process `syz.3.431'. [ 172.634589][ T5873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.429'. [ 173.140615][ T5885] loop2: detected capacity change from 0 to 128 [ 173.187002][ T5885] FAT-fs (loop2): Unrecognized mount option "nnonumtail=1" or missing value [ 174.328144][ T5895] loop2: detected capacity change from 0 to 4096 [ 174.380961][ T5883] loop4: detected capacity change from 0 to 32768 [ 174.397629][ T5899] loop1: detected capacity change from 0 to 512 [ 174.426647][ T5895] ntfs: (device loop2): ntfs_is_extended_system_file(): File name with invalid flags. You should run chkdsk. [ 174.468495][ T5883] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 174.513452][ T5883] JBD2: Ignoring recovery information on journal [ 174.519350][ T5895] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 174.531076][ T5899] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 174.544013][ T5895] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x0 as bad. Run chkdsk. [ 174.558408][ T5895] ntfs: (device loop2): ntfs_read_inode_mount(): ntfs_read_inode() of $MFT failed. BUG or corrupt $MFT. Run chkdsk and if no errors are found, please report you saw this message to linux-ntfs-dev@lists.sourceforge.net [ 174.622878][ T5899] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.817849][ T5883] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 174.998908][ T5918] loop2: detected capacity change from 0 to 128 [ 175.026844][ T4187] ocfs2: Unmounting device (7,4) on (node local) [ 175.099478][ T5918] FAT-fs (loop2): Unrecognized mount option "nnonumtail=1" or missing value [ 175.359456][ T5923] loop1: detected capacity change from 0 to 128 [ 175.417524][ T4262] usb 1-1: reset high-speed USB device number 7 using dummy_hcd [ 175.706140][ T4262] usb 1-1: device descriptor read/64, error -71 [ 175.783600][ T5923] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 175.910790][ T5923] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.085986][ T4262] usb 1-1: reset high-speed USB device number 7 using dummy_hcd [ 176.243417][ T5934] netlink: 8 bytes leftover after parsing attributes in process `syz.4.446'. [ 176.275955][ T4262] usb 1-1: device descriptor read/64, error -71 [ 176.556242][ T4262] usb 1-1: reset high-speed USB device number 7 using dummy_hcd [ 176.698868][ T4262] usb 1-1: device descriptor read/8, error -71 [ 176.751884][ T5938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.449'. [ 176.975963][ T4262] usb 1-1: reset high-speed USB device number 7 using dummy_hcd [ 177.068155][ T4262] usb 1-1: device descriptor read/8, error -71 [ 177.194215][ T2360] usb 1-1: USB disconnect, device number 7 [ 177.268204][ T5948] loop2: detected capacity change from 0 to 4096 [ 177.347319][ T5948] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 177.397591][ T2360] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 177.586063][ T5951] loop4: detected capacity change from 0 to 512 [ 177.601844][ T2360] usb 1-1: device descriptor read/64, error -71 [ 177.603953][ T5951] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 177.692361][ T5951] netlink: 44 bytes leftover after parsing attributes in process `syz.4.453'. [ 177.865666][ T5961] netlink: 20 bytes leftover after parsing attributes in process `syz.3.457'. [ 177.892631][ T5961] netlink: 64 bytes leftover after parsing attributes in process `syz.3.457'. [ 177.906120][ T2360] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 177.971308][ T5964] loop1: detected capacity change from 0 to 512 [ 177.974973][ T5965] loop0: detected capacity change from 0 to 128 [ 178.014130][ T5964] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 178.029871][ T5964] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.057273][ T5965] FAT-fs (loop0): Unrecognized mount option "nnonumtail=1" or missing value [ 179.087152][ T5975] loop0: detected capacity change from 0 to 1024 [ 179.417886][ T5980] hfsplus: failed to extend attributes file [ 179.434027][ T5972] XFS (loop2): Mounting V5 Filesystem [ 179.533390][ T5994] netlink: 8 bytes leftover after parsing attributes in process `syz.3.466'. [ 179.550117][ T5972] XFS (loop2): Ending clean mount [ 179.670997][ T5997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.465'. [ 179.971546][ T4186] XFS (loop2): Unmounting Filesystem [ 180.684450][ T6012] set_capacity_and_notify: 2 callbacks suppressed [ 180.684468][ T6012] loop4: detected capacity change from 0 to 128 [ 180.725886][ T2360] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 180.752346][ T6012] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 181.125940][ T4230] Bluetooth: hci1: command 0x0406 tx timeout [ 181.266225][ T2360] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 181.343597][ T2360] usb 1-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 181.559304][ T2360] usb 1-1: Product: syz [ 181.563521][ T2360] usb 1-1: Manufacturer: syz [ 181.578833][ T2360] usb 1-1: SerialNumber: syz [ 181.625904][ T2360] usb 1-1: config 0 descriptor?? [ 181.707552][ T2360] ch341 1-1:0.0: ch341-uart converter detected [ 181.739872][ T4262] Bluetooth: hci0: command 0x0406 tx timeout [ 181.746507][ T4262] Bluetooth: hci3: command 0x0406 tx timeout [ 181.761311][ T4262] Bluetooth: hci2: command 0x0406 tx timeout [ 182.213835][ T6010] loop2: detected capacity change from 0 to 32768 [ 182.416671][ T2360] usb 1-1: failed to send control message: -71 [ 182.423153][ T2360] ch341-uart: probe of ttyUSB0 failed with error -71 [ 182.473137][ T2360] usb 1-1: USB disconnect, device number 10 [ 182.480171][ T6038] netlink: 8 bytes leftover after parsing attributes in process `syz.3.479'. [ 182.492591][ T2360] ch341 1-1:0.0: device disconnected [ 182.546777][ T6010] XFS (loop2): Mounting V5 Filesystem [ 182.605526][ T6014] loop1: detected capacity change from 0 to 32768 [ 182.626471][ T6010] XFS (loop2): Ending clean mount [ 182.643068][ T6014] XFS: attr2 mount option is deprecated. [ 182.665688][ T6014] xfs: Unknown parameter 'audit' [ 182.675878][ T4228] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 182.911468][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060679400: rx timeout, send abort [ 183.047010][ T4228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 64 [ 183.083347][ T4228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 183.203766][ T6051] loop8: detected capacity change from 0 to 8 [ 183.264743][ T6051] Dev loop8: unable to read RDB block 8 [ 183.273941][ T6055] loop1: detected capacity change from 0 to 128 [ 183.280742][ T4228] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 183.290393][ T4228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.299268][ T6051] loop8: unable to read partition table [ 183.305079][ T6051] loop8: partition table beyond EOD, truncated [ 183.312188][ T4228] usb 5-1: Product: syz [ 183.316983][ T4228] usb 5-1: Manufacturer: syz [ 183.321601][ T4228] usb 5-1: SerialNumber: syz [ 183.327011][ T6051] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 183.338675][ T4228] usb 5-1: config 0 descriptor?? [ 183.353868][ T6055] FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value [ 183.356209][ T6035] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 183.395830][ C1] port100 5-1:0.0: NFC: The urb has been stopped (status -2) [ 183.411534][ C0] vcan0: j1939_tp_rxtimer: 0xffff888078d78000: rx timeout, send abort [ 183.418003][ T4228] port100 5-1:0.0: NFC: Could not get supported command types [ 183.421701][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060679400: abort rx timeout. Force session deactivation [ 183.473083][ T6057] loop0: detected capacity change from 0 to 512 [ 183.642465][ T6035] loop4: detected capacity change from 0 to 256 [ 183.691205][ T6057] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 183.727837][ T6057] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.914447][ C0] vcan0: j1939_tp_rxtimer: 0xffff888078d79c00: rx timeout, send abort [ 184.343212][ C0] vcan0: j1939_tp_rxtimer: 0xffff888078d78000: abort rx timeout. Force session deactivation [ 184.533652][ T6067] loop1: detected capacity change from 0 to 512 [ 184.610732][ T4186] XFS (loop2): Unmounting Filesystem [ 184.693637][ T6067] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 184.724130][ T6067] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.108462][ T6075] FAULT_INJECTION: forcing a failure. [ 185.108462][ T6075] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 185.153671][ T6075] CPU: 0 PID: 6075 Comm: syz.0.491 Not tainted syzkaller #0 [ 185.161300][ T6075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 185.171484][ T6075] Call Trace: [ 185.174901][ T6075] [ 185.178095][ T6075] dump_stack_lvl+0x188/0x250 [ 185.182903][ T6075] ? show_regs_print_info+0x20/0x20 [ 185.188134][ T6075] ? load_image+0x400/0x400 [ 185.192676][ T6075] ? __lock_acquire+0x7d10/0x7d10 [ 185.197820][ T6075] should_fail+0x38c/0x4c0 [ 185.202276][ T6075] _copy_to_iter+0x22e/0x1180 [ 185.206988][ T6075] ? __lock_acquire+0x7d10/0x7d10 [ 185.212141][ T6075] ? iov_iter_init+0x170/0x170 [ 185.217034][ T6075] ? __virt_addr_valid+0x3c6/0x470 [ 185.222262][ T6075] ? __phys_addr_symbol+0x2b/0x70 [ 185.227494][ T6075] ? __check_object_size+0x30c/0x410 [ 185.232909][ T6075] __skb_datagram_iter+0xde/0x740 [ 185.237956][ T6075] ? skb_copy_datagram_iter+0x1f0/0x1f0 [ 185.243809][ T6075] skb_copy_datagram_iter+0xad/0x1f0 [ 185.249129][ T6075] netlink_recvmsg+0x2d6/0xe20 [ 185.253925][ T6075] ? import_iovec+0x6f/0xa0 [ 185.258457][ T6075] ? ___sys_recvmsg+0x4e9/0x5c0 [ 185.263517][ T6075] ? netlink_sendmsg+0xbe0/0xbe0 [ 185.268513][ T6075] ? aa_sk_perm+0x7dc/0x910 [ 185.273397][ T6075] ? aa_af_perm+0x340/0x340 [ 185.277937][ T6075] ? bpf_lsm_socket_recvmsg+0x5/0x10 [ 185.283376][ T6075] ? security_socket_recvmsg+0x85/0xb0 [ 185.288865][ T6075] ? netlink_sendmsg+0xbe0/0xbe0 [ 185.293898][ T6075] ____sys_recvmsg+0x2cd/0x5e0 [ 185.298712][ T6075] ? __might_fault+0xb3/0x110 [ 185.303464][ T6075] ? __sys_recvmsg_sock+0x40/0x40 [ 185.308536][ T6075] ? import_iovec+0x6f/0xa0 [ 185.313087][ T6075] ___sys_recvmsg+0x21a/0x5c0 [ 185.317796][ T6075] ? __sys_recvmsg+0x280/0x280 [ 185.322613][ T6075] ? __fdget+0x18b/0x210 [ 185.326993][ T6075] ? do_recvmmsg+0x1a1/0x850 [ 185.331614][ T6075] do_recvmmsg+0x382/0x850 [ 185.336058][ T6075] ? __sys_recvmmsg+0x290/0x290 [ 185.340940][ T6075] ? get_timespec64+0x116/0x1b0 [ 185.345821][ T6075] ? timespec64_add_safe+0x1f0/0x1f0 [ 185.351145][ T6075] __x64_sys_recvmmsg+0x1b4/0x250 [ 185.356330][ T6075] ? do_recvmmsg+0x850/0x850 [ 185.360960][ T6075] ? lockdep_hardirqs_on+0x94/0x140 [ 185.366201][ T6075] do_syscall_64+0x4c/0xa0 [ 185.370835][ T6075] ? clear_bhb_loop+0x30/0x80 [ 185.375548][ T6075] ? clear_bhb_loop+0x30/0x80 [ 185.380262][ T6075] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 185.386277][ T6075] RIP: 0033:0x7f9ca88b5799 [ 185.390735][ T6075] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.410463][ T6075] RSP: 002b:00007f9ca6b0f028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 185.419000][ T6075] RAX: ffffffffffffffda RBX: 00007f9ca8b2efa0 RCX: 00007f9ca88b5799 [ 185.427108][ T6075] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 185.435111][ T6075] RBP: 00007f9ca6b0f090 R08: 0000200000003700 R09: 0000000000000000 [ 185.443120][ T6075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.451226][ T6075] R13: 00007f9ca8b2f038 R14: 00007f9ca8b2efa0 R15: 00007ffe70a47718 [ 185.459248][ T6075] [ 185.500621][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.3.493'. [ 185.569908][ T6077] loop2: detected capacity change from 0 to 32768 [ 185.717627][ T4231] usb 5-1: USB disconnect, device number 8 [ 185.854136][ T6077] XFS (loop2): Mounting V5 Filesystem [ 185.859088][ T6086] tmpfs: Bad value for 'nr_blocks' [ 185.924076][ T6081] loop0: detected capacity change from 0 to 32768 [ 185.938713][ T6077] XFS (loop2): Ending clean mount [ 185.958435][ T4231] XFS (loop2): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:112). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 185.984337][ T4231] XFS (loop2): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x20 [ 186.002424][ T4231] XFS (loop2): Unmount and run xfs_repair [ 186.010525][ T4231] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 186.039272][ T4231] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 186.058523][ T6081] JBD2: Ignoring recovery information on journal [ 186.102790][ T4231] 00000010: 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 10 ....... ........ [ 186.167020][ T4231] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 186.211001][ T6081] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 186.230212][ T4231] 00000030: 00 00 00 00 ca b4 20 ce 00 00 11 40 00 00 40 37 ...... ....@..@7 [ 186.270512][ T4231] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 186.281868][ T4231] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 186.297294][ T4231] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 186.310524][ T4231] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 186.324195][ T6077] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x20 len 8 error 74 [ 186.354216][ T6077] XFS (loop2): Failed to initialize disk quotas. [ 186.500742][ T6104] loop4: detected capacity change from 0 to 8192 [ 186.514237][ T6106] loop1: detected capacity change from 0 to 128 [ 186.560488][ T6106] FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value [ 186.595988][ T4228] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 186.625120][ T6104] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 186.636509][ T6104] REISERFS (device loop4): using ordered data mode [ 186.643169][ T6104] reiserfs: using flush barriers [ 186.653923][ T6104] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 186.671471][ T6104] REISERFS (device loop4): checking transaction log (loop4) [ 186.839748][ T13] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 186.907186][ T6104] REISERFS (device loop4): Using tea hash to sort names [ 186.929813][ T6104] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 187.007152][ T4228] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 187.096404][ T6104] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 187.117741][ T4228] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.264419][ T4228] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 187.391036][ T4228] usb 1-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 187.420723][ T4228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.459442][ T4228] usb 1-1: config 0 descriptor?? [ 187.640432][ T6115] netlink: 36 bytes leftover after parsing attributes in process `syz.1.501'. [ 187.677816][ T6118] loop1: detected capacity change from 0 to 128 [ 187.695863][ T13] usb 3-1: Using ep0 maxpacket: 8 [ 187.821994][ T13] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 187.838893][ T13] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 187.874146][ T13] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 187.893536][ T13] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 187.905213][ T13] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.925164][ T13] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 187.935261][ T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.948706][ T4228] cypress 0003:04B4:0001.0003: unbalanced delimiter at end of report description [ 187.978992][ T4228] cypress 0003:04B4:0001.0003: parse failed [ 187.995399][ T4228] cypress: probe of 0003:04B4:0001.0003 failed with error -22 [ 188.084475][ T6123] loop1: detected capacity change from 0 to 1024 [ 188.128867][ T6123] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 188.174374][ T2360] usb 1-1: USB disconnect, device number 11 [ 188.305262][ T13] usb 3-1: usb_control_msg returned -32 [ 188.311652][ T13] usbtmc 3-1:16.0: can't read capabilities [ 188.357873][ T6123] cgroup: fork rejected by pids controller in /syz1 [ 188.572971][ T6252] loop4: detected capacity change from 0 to 512 [ 188.632504][ T6252] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 188.710659][ T6252] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.777972][ T4185] ocfs2: Unmounting device (7,0) on (node local) [ 188.866427][ T6259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.507'. [ 189.379197][ T2360] usb 3-1: USB disconnect, device number 5 [ 189.440136][ T4186] XFS (loop2): Unmounting Filesystem [ 189.532790][ T6264] loop0: detected capacity change from 0 to 128 [ 189.606829][ T6264] FAT-fs (loop0): Unrecognized mount option "nnonumtail=1" or missing value [ 189.832746][ T6266] loop4: detected capacity change from 0 to 128 [ 189.927308][ T6266] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 190.759385][ T6275] loop1: detected capacity change from 0 to 512 [ 191.107782][ T6275] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 191.139531][ T6275] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.580336][ T6288] loop2: detected capacity change from 0 to 8192 [ 192.645332][ T6288] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 192.682569][ T6288] REISERFS (device loop2): using ordered data mode [ 192.689206][ T6288] reiserfs: using flush barriers [ 192.704464][ T6288] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 192.735537][ T6277] loop0: detected capacity change from 0 to 32768 [ 192.748102][ T6288] REISERFS (device loop2): checking transaction log (loop2) [ 193.196116][ T6277] XFS (loop0): Mounting V5 Filesystem [ 193.250961][ T6288] REISERFS (device loop2): Using tea hash to sort names [ 193.284994][ T6288] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 193.365949][ T6288] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 193.390191][ T6277] XFS (loop0): Ending clean mount [ 193.412157][ T6277] XFS (loop0): Quotacheck needed: Please wait. [ 193.513404][ T6277] XFS (loop0): Quotacheck: Done. [ 193.623276][ T4185] XFS (loop0): Unmounting Filesystem [ 193.761913][ T6285] loop4: detected capacity change from 0 to 32768 [ 193.975366][ T6285] XFS (loop4): Mounting V5 Filesystem [ 194.106062][ T6285] XFS (loop4): Ending clean mount [ 194.136086][ T6285] XFS (loop4): Quotacheck needed: Please wait. [ 194.285217][ T6285] XFS (loop4): Quotacheck: Done. [ 194.290632][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.523'. [ 194.423224][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.429987][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.483824][ T4187] XFS (loop4): Unmounting Filesystem [ 194.944016][ T6328] loop0: detected capacity change from 0 to 512 [ 195.267681][ T6328] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 195.292496][ T6328] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.448237][ T6337] loop1: detected capacity change from 0 to 128 [ 195.488511][ T6337] FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value [ 196.560696][ T6348] loop0: detected capacity change from 0 to 128 [ 196.675379][ T6350] loop1: detected capacity change from 0 to 512 [ 196.697721][ T6348] FAT-fs (loop0): Unrecognized mount option "nnonumtail=1" or missing value [ 196.848690][ T6332] loop2: detected capacity change from 0 to 32768 [ 196.913255][ T6350] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 196.965378][ T6350] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.017579][ T6356] loop4: detected capacity change from 0 to 4096 [ 197.258752][ T6332] (syz.2.522,6332,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 197.559164][ T6332] (syz.2.522,6332,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 197.645883][ T6364] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 197.702357][ T6332] JBD2: Ignoring recovery information on journal [ 197.752404][ T6368] loop0: detected capacity change from 0 to 1024 [ 197.770322][ T6332] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 197.774866][ T6368] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 198.562687][ T6368] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,nobarrier,norecovery,errors=remount-ro,grpid,. Quota mode: writeback. [ 198.753336][ T4186] ocfs2: Unmounting device (7,2) on (node local) [ 198.825172][ T6381] loop1: detected capacity change from 0 to 8192 [ 198.883535][ T6381] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 198.933488][ T6381] REISERFS (device loop1): using ordered data mode [ 198.945909][ T4267] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 198.976973][ T6381] reiserfs: using flush barriers [ 199.018115][ T6381] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 199.053430][ T6381] REISERFS (device loop1): checking transaction log (loop1) [ 199.245546][ T6381] REISERFS (device loop1): Using tea hash to sort names [ 199.270633][ T6381] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 199.302479][ T6381] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 199.425964][ T4267] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 199.521388][ T6384] loop2: detected capacity change from 0 to 32768 [ 199.625947][ T6384] XFS (loop2): Mounting V5 Filesystem [ 199.646041][ T4267] usb 1-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 199.655148][ T4267] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.663861][ T4267] usb 1-1: Product: syz [ 199.668269][ T4267] usb 1-1: Manufacturer: syz [ 199.672916][ T4267] usb 1-1: SerialNumber: syz [ 199.679913][ T4267] usb 1-1: config 0 descriptor?? [ 199.727587][ T4267] powermate: probe of 1-1:0.0 failed with error -5 [ 199.756255][ T6384] XFS (loop2): Ending clean mount [ 199.951972][ T6384] XFS (loop2): Quotacheck needed: Please wait. [ 200.402943][ T6384] XFS (loop2): Quotacheck: Done. [ 200.684623][ T1326] usb 1-1: USB disconnect, device number 12 [ 200.828434][ T6413] loop4: detected capacity change from 0 to 128 [ 200.940938][ T6413] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 200.990211][ T4186] XFS (loop2): Unmounting Filesystem [ 201.263147][ T6418] loop0: detected capacity change from 0 to 512 [ 201.968295][ T6418] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 202.029704][ T6418] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.220378][ T6442] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 202.266026][ T4228] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 202.385569][ T6447] loop1: detected capacity change from 0 to 128 [ 202.458484][ T6447] FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value [ 202.480178][ T6449] device syzkaller0 entered promiscuous mode [ 202.517700][ T6449] TC_ACT_REPEAT abuse ? [ 202.640363][ T6455] overlayfs: failed to clone upperpath [ 202.866875][ T4228] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 203.034475][ T4228] usb 5-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 203.252513][ T4228] usb 5-1: Product: syz [ 203.279268][ T4228] usb 5-1: Manufacturer: syz [ 203.321503][ T4228] usb 5-1: SerialNumber: syz [ 203.366960][ T4228] usb 5-1: config 0 descriptor?? [ 203.607208][ T4228] ch341 5-1:0.0: ch341-uart converter detected [ 203.696407][ T6471] loop0: detected capacity change from 0 to 512 [ 203.833255][ T6471] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nodiscard,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none. [ 204.095951][ T4228] usb 5-1: failed to send control message: -71 [ 204.147032][ T4228] ch341-uart: probe of ttyUSB0 failed with error -71 [ 204.200708][ T4228] usb 5-1: USB disconnect, device number 9 [ 204.256243][ T4228] ch341 5-1:0.0: device disconnected [ 204.330223][ T6474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.560'. [ 204.898524][ T6483] loop1: detected capacity change from 0 to 512 [ 205.381765][ T6483] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 205.421801][ T6483] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 205.477884][ T6489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.564'. [ 205.572067][ T6493] netlink: 'syz.2.565': attribute type 3 has an invalid length. [ 205.643492][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.565'. [ 205.916730][ T6501] loop4: detected capacity change from 0 to 128 [ 206.091561][ T6501] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 206.928866][ T6507] loop1: detected capacity change from 0 to 512 [ 206.944141][ T6509] loop2: detected capacity change from 0 to 512 [ 207.115904][ T6509] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 207.126765][ T6507] netlink: 'syz.1.570': attribute type 1 has an invalid length. [ 207.183916][ T6509] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 207.328392][ T6512] FAULT_INJECTION: forcing a failure. [ 207.328392][ T6512] name failslab, interval 1, probability 0, space 0, times 0 [ 207.412961][ T6512] CPU: 0 PID: 6512 Comm: syz.4.572 Not tainted syzkaller #0 [ 207.420968][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 207.431229][ T6512] Call Trace: [ 207.434533][ T6512] [ 207.437592][ T6512] dump_stack_lvl+0x188/0x250 [ 207.442408][ T6512] ? show_regs_print_info+0x20/0x20 [ 207.447640][ T6512] ? load_image+0x400/0x400 [ 207.452220][ T6512] ? __might_sleep+0xf0/0xf0 [ 207.457009][ T6512] ? __lock_acquire+0x7d10/0x7d10 [ 207.462071][ T6512] should_fail+0x38c/0x4c0 [ 207.466550][ T6512] should_failslab+0x5/0x20 [ 207.471083][ T6512] slab_pre_alloc_hook+0x51/0xc0 [ 207.476061][ T6512] ? getname_flags+0xb5/0x500 [ 207.480951][ T6512] kmem_cache_alloc+0x3d/0x290 [ 207.486195][ T6512] getname_flags+0xb5/0x500 [ 207.490990][ T6512] user_path_at_empty+0x2a/0x190 [ 207.495960][ T6512] do_fchownat+0xf5/0x240 [ 207.500416][ T6512] ? chown_common+0x660/0x660 [ 207.505154][ T6512] __x64_sys_lchown+0x81/0x90 [ 207.509965][ T6512] do_syscall_64+0x4c/0xa0 [ 207.514417][ T6512] ? clear_bhb_loop+0x30/0x80 [ 207.519115][ T6512] ? clear_bhb_loop+0x30/0x80 [ 207.523825][ T6512] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 207.529831][ T6512] RIP: 0033:0x7f5b5767e799 [ 207.534364][ T6512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.554122][ T6512] RSP: 002b:00007f5b558d8028 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 207.562693][ T6512] RAX: ffffffffffffffda RBX: 00007f5b578f7fa0 RCX: 00007f5b5767e799 [ 207.571547][ T6512] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 207.579810][ T6512] RBP: 00007f5b558d8090 R08: 0000000000000000 R09: 0000000000000000 [ 207.587911][ T6512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.596023][ T6512] R13: 00007f5b578f8038 R14: 00007f5b578f7fa0 R15: 00007ffc99979f78 [ 207.604060][ T6512] [ 207.919576][ T6519] loop4: detected capacity change from 0 to 256 [ 208.056087][ T6519] exFAT-fs (loop4): error, invalid access to FAT bad cluster (entry 0x00000005) [ 208.146230][ T6519] exFAT-fs (loop4): failed to load upcase table [ 208.152537][ T6519] exFAT-fs (loop4): failed to recognize exfat type [ 208.170546][ T13] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 208.716156][ T13] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 208.735932][ T13] usb 3-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 208.775848][ T13] usb 3-1: Product: syz [ 208.780153][ T13] usb 3-1: Manufacturer: syz [ 208.784813][ T13] usb 3-1: SerialNumber: syz [ 208.799676][ T6519] loop4: detected capacity change from 0 to 256 [ 208.836540][ T13] usb 3-1: config 0 descriptor?? [ 208.877149][ T13] ch341 3-1:0.0: ch341-uart converter detected [ 208.907661][ T6519] exfat: Unknown parameter './file0' [ 209.143423][ T6537] overlayfs: filesystem on './file0' not supported as upperdir [ 209.282658][ T6524] loop1: detected capacity change from 0 to 32768 [ 209.315947][ T13] usb 3-1: failed to send control message: -71 [ 209.325814][ T13] ch341-uart: probe of ttyUSB0 failed with error -71 [ 209.346421][ T13] usb 3-1: USB disconnect, device number 6 [ 209.374852][ T13] ch341 3-1:0.0: device disconnected [ 209.663291][ T6544] loop4: detected capacity change from 0 to 128 [ 209.711949][ T6544] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 209.790566][ T6541] loop1: detected capacity change from 0 to 8192 [ 209.893867][ T6541] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 209.945245][ T6541] REISERFS (device loop1): using ordered data mode [ 210.019069][ T6541] reiserfs: using flush barriers [ 210.112818][ T6541] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 210.669430][ T6541] REISERFS (device loop1): checking transaction log (loop1) [ 211.047333][ T6541] REISERFS (device loop1): Using tea hash to sort names [ 211.064981][ T6541] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 211.099735][ T6541] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 211.167051][ T4262] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 211.235400][ T6566] FAULT_INJECTION: forcing a failure. [ 211.235400][ T6566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.264295][ T6566] CPU: 1 PID: 6566 Comm: syz.4.588 Not tainted syzkaller #0 [ 211.272088][ T6566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 211.282260][ T6566] Call Trace: [ 211.285661][ T6566] [ 211.288809][ T6566] dump_stack_lvl+0x188/0x250 [ 211.293615][ T6566] ? show_regs_print_info+0x20/0x20 [ 211.298940][ T6566] ? load_image+0x400/0x400 [ 211.303476][ T6566] ? __lock_acquire+0x7d10/0x7d10 [ 211.308557][ T6566] should_fail+0x38c/0x4c0 [ 211.313009][ T6566] _copy_from_user+0x2e/0x170 [ 211.317712][ T6566] __copy_msghdr_from_user+0xc9/0x630 [ 211.323194][ T6566] ? verify_lock_unused+0x140/0x140 [ 211.328416][ T6566] ? __ia32_sys_shutdown+0x1d0/0x1d0 [ 211.333836][ T6566] ___sys_sendmsg+0x19a/0x2e0 [ 211.338561][ T6566] ? __sys_sendmsg+0x2a0/0x2a0 [ 211.343455][ T6566] ? vfs_write+0x8b2/0xd60 [ 211.347928][ T6566] __se_sys_sendmsg+0x1af/0x290 [ 211.353002][ T6566] ? __x64_sys_sendmsg+0x80/0x80 [ 211.357962][ T6566] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 211.364068][ T6566] ? lockdep_hardirqs_on+0x94/0x140 [ 211.369380][ T6566] do_syscall_64+0x4c/0xa0 [ 211.373904][ T6566] ? clear_bhb_loop+0x30/0x80 [ 211.378605][ T6566] ? clear_bhb_loop+0x30/0x80 [ 211.383322][ T6566] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 211.389238][ T6566] RIP: 0033:0x7f5b5767e799 [ 211.393951][ T6566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 211.414229][ T6566] RSP: 002b:00007f5b558b7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.422773][ T6566] RAX: ffffffffffffffda RBX: 00007f5b578f8090 RCX: 00007f5b5767e799 [ 211.431130][ T6566] RDX: 0000000000040004 RSI: 0000200000000280 RDI: 0000000000000007 [ 211.439304][ T6566] RBP: 00007f5b558b7090 R08: 0000000000000000 R09: 0000000000000000 [ 211.447494][ T6566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.455580][ T6566] R13: 00007f5b578f8128 R14: 00007f5b578f8090 R15: 00007ffc99979f78 [ 211.463607][ T6566] [ 211.562418][ T6574] loop0: detected capacity change from 0 to 512 [ 211.612106][ T4262] usb 3-1: unable to get BOS descriptor or descriptor too short [ 211.630252][ T4262] usb 3-1: no configurations [ 211.652140][ T6574] EXT4-fs (loop0): Test dummy encryption mode enabled [ 211.672053][ T4262] usb 3-1: can't read configurations, error -22 [ 211.689317][ T6574] EXT4-fs (loop0): Test dummy encryption mode enabled [ 211.766969][ T6574] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable=0x0000000000000000,minixdf,jqfmt=vfsv1,nombcache,inode_readahead_blks=0x0000000000000100,barrier=0x000000000000000b,errors=remount-ro,auto_da_alloc,test_dummy_encryption,min_batch_time=0x000. Quota mode: none. [ 213.988511][ T6612] loop2: detected capacity change from 0 to 512 [ 214.222567][ T6606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.602'. [ 214.266966][ T6612] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,nodiscard,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none. [ 214.885096][ T6606] loop4: detected capacity change from 0 to 512 [ 217.372759][ T6621] loop1: detected capacity change from 0 to 512 [ 217.410802][ T6622] loop2: detected capacity change from 0 to 4096 [ 217.444340][ T6622] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 217.540486][ T6622] ntfs3: loop2: Failed to load $Extend. [ 217.735521][ T6621] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 217.816521][ T6621] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.084068][ T6624] loop0: detected capacity change from 0 to 8192 [ 218.268560][ T6624] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 218.330963][ T6624] REISERFS (device loop0): using ordered data mode [ 218.380546][ T6624] reiserfs: using flush barriers [ 218.450570][ T6624] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 218.497868][ T6624] REISERFS (device loop0): checking transaction log (loop0) [ 218.733014][ T6656] loop2: detected capacity change from 0 to 512 [ 218.845440][ T6656] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 218.850706][ T6624] REISERFS (device loop0): Using tea hash to sort names [ 218.915067][ T6624] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 218.949186][ T6656] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.614: bg 0: block 4: invalid block bitmap [ 219.040938][ T6624] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 219.130836][ T6656] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6194: Corrupt filesystem [ 219.187444][ T6656] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.614: invalid indirect mapped block 1 (level 1) [ 219.280330][ T6656] EXT4-fs (loop2): 1 truncate cleaned up [ 219.306684][ T6656] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 220.450470][ T6699] loop4: detected capacity change from 0 to 1024 [ 220.551575][ T6699] EXT4-fs (loop4): Ignoring removed bh option [ 220.581982][ T6699] EXT4-fs (loop4): Unrecognized mount option "ro" or missing value [ 220.588325][ T6705] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 220.797801][ T6716] loop2: detected capacity change from 0 to 1024 [ 220.927719][ T6716] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 220.939068][ T6724] loop1: detected capacity change from 0 to 512 [ 221.012267][ T6724] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 221.069141][ T26] audit: type=1800 audit(1772359039.407:6): pid=6716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.646" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 221.532271][ T6746] loop4: detected capacity change from 0 to 512 [ 221.592028][ T6746] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 221.592054][ T6746] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 221.745267][ T6746] System zones: 0-1, 15-15, 18-18, 34-34 [ 221.755610][ T6746] EXT4-fs (loop4): orphan cleanup on readonly fs [ 221.784016][ T6746] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 221.812365][ T6746] EXT4-fs warning (device loop4): ext4_enable_quotas:6486: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 221.875272][ T6746] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 221.914684][ T6746] EXT4-fs (loop4): 1 truncate cleaned up [ 221.947082][ T6746] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 221.952809][ T6761] tmpfs: Bad value for 'mpol' [ 222.047358][ T6746] fscrypt (loop4, inode 16): Error -61 getting encryption context [ 222.228938][ T6773] netlink: 104 bytes leftover after parsing attributes in process `syz.0.661'. [ 222.277002][ T6773] netlink: 104 bytes leftover after parsing attributes in process `syz.0.661'. [ 222.324566][ T6773] netlink: 104 bytes leftover after parsing attributes in process `syz.0.661'. [ 222.542231][ T6792] sctp: [Deprecated]: syz.3.667 (pid 6792) Use of struct sctp_assoc_value in delayed_ack socket option. [ 222.542231][ T6792] Use struct sctp_sack_info instead [ 222.683114][ T6798] loop5: detected capacity change from 0 to 7 [ 222.712810][ T6798] Dev loop5: unable to read RDB block 7 [ 222.724469][ T6798] loop5: unable to read partition table [ 222.737701][ T6798] loop5: partition table beyond EOD, truncated [ 222.759615][ T6798] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 222.932516][ T6803] netlink: 'syz.4.673': attribute type 10 has an invalid length. [ 222.976687][ T6803] device hsr0 entered promiscuous mode [ 223.012859][ T6803] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 223.160549][ T6813] loop1: detected capacity change from 0 to 512 [ 223.229263][ T6819] loop2: detected capacity change from 0 to 128 [ 223.264863][ T6813] EXT4-fs (loop1): mounted filesystem without journal. Opts: stripe=0x0000000000000006,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 223.267261][ T6821] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 223.318455][ T6813] ext4 filesystem being mounted at /132/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.323588][ T6819] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 223.339100][ T6821] device batadv_slave_0 entered promiscuous mode [ 223.341766][ T6819] ext4 filesystem being mounted at /131/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 223.762626][ T6839] program syz.2.685 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 223.989130][ T6853] loop2: detected capacity change from 0 to 1024 [ 224.049785][ T6853] EXT4-fs (loop2): Ignoring removed orlov option [ 224.063963][ T6853] EXT4-fs (loop2): Ignoring removed nobh option [ 224.122661][ T6853] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=ignore,errors=remount-ro,sysvgroups,norecovery,nodioread_nolock,orlov,nogrpid,noauto_da_alloc,nobh,. Quota mode: none. [ 224.671342][ T6871] sctp: [Deprecated]: syz.3.695 (pid 6871) Use of struct sctp_assoc_value in delayed_ack socket option. [ 224.671342][ T6871] Use struct sctp_sack_info instead [ 225.033719][ T6876] loop1: detected capacity change from 0 to 512 [ 225.103557][ T6876] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 225.122809][ T6876] ext4 filesystem being mounted at /138/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 225.369490][ T6879] loop1: detected capacity change from 0 to 4096 [ 225.451367][ T6879] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 225.583735][ T6886] device syzkaller1 entered promiscuous mode [ 226.045089][ T6807] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 226.228582][ T6901] loop4: detected capacity change from 0 to 1024 [ 226.322705][ T6901] EXT4-fs (loop4): Ignoring removed orlov option [ 226.395919][ T6901] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none. [ 226.681800][ T6925] netlink: 'syz.3.716': attribute type 3 has an invalid length. [ 227.136536][ T6936] netlink: 'syz.3.720': attribute type 83 has an invalid length. [ 227.464573][ T6942] loop4: detected capacity change from 0 to 1024 [ 227.509090][ T6944] loop0: detected capacity change from 0 to 128 [ 227.640253][ T6942] EXT4-fs (loop4): Ignoring removed orlov option [ 227.655361][ T6942] EXT4-fs (loop4): Ignoring removed nobh option [ 227.795558][ T6952] netlink: 690 bytes leftover after parsing attributes in process `syz.3.727'. [ 227.847759][ T6942] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=ignore,errors=remount-ro,sysvgroups,norecovery,nodioread_nolock,orlov,nogrpid,noauto_da_alloc,nobh,. Quota mode: none. [ 228.318265][ T6971] loop0: detected capacity change from 0 to 256 [ 228.364375][ T5017] Bluetooth: hci5: Frame reassembly failed (-84) [ 228.738029][ T6981] netlink: 8 bytes leftover after parsing attributes in process `syz.4.737'. [ 228.758310][ T6981] bridge: RTM_NEWNEIGH with invalid ether address [ 228.777723][ T6981] netlink: 8 bytes leftover after parsing attributes in process `syz.4.737'. [ 228.797518][ T6981] bridge: RTM_NEWNEIGH with invalid ether address [ 228.888525][ T6971] attempt to access beyond end of device [ 228.888525][ T6971] loop0: rw=2049, want=544, limit=256 [ 228.967713][ T6971] attempt to access beyond end of device [ 228.967713][ T6971] loop0: rw=2049, want=872, limit=256 [ 229.333377][ T26] audit: type=1326 audit(1772359047.657:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6999 comm="syz.0.744" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ca88b5799 code=0x0 [ 229.580025][ T7004] loop0: detected capacity change from 0 to 8192 [ 229.640478][ T4262] kernel write not supported for file bpf-prog (pid: 4262 comm: kworker/0:7) [ 230.290127][ T7016] device syzkaller0 entered promiscuous mode [ 230.324797][ T1326] Bluetooth: hci0: command 0x0401 tx timeout [ 230.404687][ T4230] Bluetooth: hci5: command 0x1003 tx timeout [ 230.411078][ T146] Bluetooth: hci5: sending frame failed (-49) [ 230.619628][ T7029] loop0: detected capacity change from 0 to 128 [ 230.767227][ T7029] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,sysvgroups,,errors=continue. Quota mode: none. [ 230.815321][ T7029] ext4 filesystem being mounted at /122/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 230.916154][ T26] audit: type=1800 audit(1772359049.257:8): pid=7029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.754" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=12 res=0 errno=0 [ 230.919197][ T7029] EXT4-fs error (device loop0): dx_make_map:1328: inode #2: block 18: comm syz.0.754: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 231.016673][ T6894] Set syz1 is full, maxelem 65536 reached [ 231.037266][ T7029] EXT4-fs error (device loop0) in do_split:2095: Corrupt filesystem [ 231.100271][ T7047] loop4: detected capacity change from 0 to 128 [ 231.358640][ T7054] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 231.368009][ T7052] loop0: detected capacity change from 0 to 512 [ 231.509672][ T7052] EXT4-fs (loop0): Ignoring removed orlov option [ 231.564973][ T7052] EXT4-fs (loop0): 1 truncate cleaned up [ 231.599993][ T7052] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,,errors=continue. Quota mode: none. [ 231.658285][ T7071] netlink: 60 bytes leftover after parsing attributes in process `syz.2.770'. [ 231.669383][ T7071] netlink: 60 bytes leftover after parsing attributes in process `syz.2.770'. [ 231.680229][ T7071] netlink: 60 bytes leftover after parsing attributes in process `syz.2.770'. [ 232.522554][ T7104] loop0: detected capacity change from 0 to 2048 [ 232.549332][ T7101] device syzkaller0 entered promiscuous mode [ 232.555879][ T7073] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 232.590262][ T4230] Bluetooth: hci5: command 0x1001 tx timeout [ 232.598524][ T146] Bluetooth: hci5: sending frame failed (-49) [ 232.644264][ T7104] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 232.723325][ T7110] netlink: 24 bytes leftover after parsing attributes in process `syz.3.782'. [ 233.932461][ T1250] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 233.970199][ T1250] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 233.987294][ T1250] EXT4-fs (loop0): This should not happen!! Data will be lost [ 233.987294][ T1250] [ 234.001467][ T1250] EXT4-fs (loop0): Total free blocks count 0 [ 234.012261][ T1250] EXT4-fs (loop0): Free/Dirty block details [ 234.021236][ T1250] EXT4-fs (loop0): free_blocks=4096 [ 234.031440][ T1250] EXT4-fs (loop0): dirty_blocks=512 [ 234.041666][ T1250] EXT4-fs (loop0): Block reservation details [ 234.052204][ T1250] EXT4-fs (loop0): i_reserved_data_blocks=32 [ 234.064369][ T1250] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 480 with error 28 [ 234.085749][ T1250] EXT4-fs (loop0): This should not happen!! Data will be lost [ 234.085749][ T1250] [ 234.670564][ T21] Bluetooth: hci5: command 0x1009 tx timeout [ 234.853171][ T7133] device batadv_slave_1 entered promiscuous mode [ 234.877112][ T7133] device batadv_slave_0 entered promiscuous mode [ 234.900538][ T7132] device batadv_slave_0 left promiscuous mode [ 234.932407][ T7132] device batadv_slave_1 left promiscuous mode [ 235.712419][ T7163] device syz_tun entered promiscuous mode [ 235.771306][ T7163] device vlan2 entered promiscuous mode [ 236.032354][ T7170] loop0: detected capacity change from 0 to 512 [ 236.089890][ T7170] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 236.114375][ T7170] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 236.122531][ T7170] System zones: 1-12 [ 236.165235][ T7170] EXT4-fs (loop0): orphan cleanup on readonly fs [ 236.222391][ T7170] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #11: comm syz.0.810: attempt to clear invalid blocks 1024 len 1 [ 236.253769][ T7170] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.810: bg 0: block 361: padding at end of block bitmap is not set [ 236.269478][ T7170] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6194: Corrupt filesystem [ 236.294482][ T7170] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.810: invalid indirect mapped block 1811939328 (level 0) [ 236.367292][ T7170] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.810: invalid indirect mapped block 2 (level 2) [ 236.445068][ T7170] EXT4-fs (loop0): 1 truncate cleaned up [ 236.450765][ T7170] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 236.970380][ T7182] loop0: detected capacity change from 0 to 128 [ 237.359170][ T7184] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 238.246033][ T7197] ================================================================== [ 238.254711][ T7197] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 238.264038][ T7197] Read of size 1 at addr ffff888060789608 by task syz.4.822/7197 [ 238.271898][ T7197] [ 238.274241][ T7197] CPU: 1 PID: 7197 Comm: syz.4.822 Not tainted syzkaller #0 [ 238.281718][ T7197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 238.292080][ T7197] Call Trace: [ 238.295396][ T7197] [ 238.298437][ T7197] dump_stack_lvl+0x188/0x250 [ 238.303164][ T7197] ? show_regs_print_info+0x20/0x20 [ 238.308506][ T7197] ? load_image+0x400/0x400 [ 238.313511][ T7197] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 238.319037][ T7197] print_address_description+0x60/0x2d0 [ 238.324743][ T7197] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 238.331278][ T7197] kasan_report+0xdf/0x130 [ 238.335907][ T7197] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 238.342462][ T7197] xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 238.348932][ T7197] ? xfrm_policy_addr_delta+0x212/0x340 [ 238.354521][ T7197] xfrm_policy_inexact_insert_node+0x950/0xb60 [ 238.360812][ T7197] ? __kasan_kmalloc+0xb5/0xf0 [ 238.365626][ T7197] xfrm_policy_inexact_alloc_chain+0x7ce/0xea0 [ 238.371987][ T7197] ? xfrm_policy_inexact_insert+0xe0/0x1460 [ 238.378447][ T7197] xfrm_policy_inexact_insert+0xe0/0x1460 [ 238.384507][ T7197] ? do_raw_spin_lock+0x128/0x2f0 [ 238.389564][ T7197] ? __rwlock_init+0x140/0x140 [ 238.394441][ T7197] ? policy_hash_bysel+0x135/0x7b0 [ 238.399679][ T7197] xfrm_policy_insert+0x112/0x930 [ 238.404999][ T7197] xfrm_add_policy+0x4f2/0x880 [ 238.409893][ T7197] ? xfrm_dump_sa_done+0xc0/0xc0 [ 238.414864][ T7197] ? apparmor_capable+0x12c/0x190 [ 238.420013][ T7197] ? __nla_parse+0x3c/0x50 [ 238.424543][ T7197] xfrm_user_rcv_msg+0x5e5/0x910 [ 238.429524][ T7197] ? xfrm_netlink_rcv+0x90/0x90 [ 238.434534][ T7197] ? xfrm_netlink_rcv+0x66/0x90 [ 238.440195][ T7197] ? __mutex_lock_common+0x465/0x2400 [ 238.445610][ T7197] ? __skb_clone+0x480/0x790 [ 238.450230][ T7197] netlink_rcv_skb+0x1f5/0x440 [ 238.455019][ T7197] ? xfrm_netlink_rcv+0x90/0x90 [ 238.459899][ T7197] ? netlink_ack+0xb50/0xb50 [ 238.464868][ T7197] ? __lock_acquire+0x7d10/0x7d10 [ 238.469936][ T7197] xfrm_netlink_rcv+0x75/0x90 [ 238.474674][ T7197] netlink_unicast+0x774/0x920 [ 238.479715][ T7197] netlink_sendmsg+0x8ba/0xbe0 [ 238.484541][ T7197] ? netlink_getsockopt+0x570/0x570 [ 238.489793][ T7197] ? aa_sock_msg_perm+0x94/0x150 [ 238.494776][ T7197] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 238.500279][ T7197] ? security_socket_sendmsg+0x7c/0xa0 [ 238.505882][ T7197] ? netlink_getsockopt+0x570/0x570 [ 238.511243][ T7197] ____sys_sendmsg+0x5b7/0x8f0 [ 238.516050][ T7197] ? __sys_sendmsg_sock+0x30/0x30 [ 238.521284][ T7197] ? import_iovec+0x6f/0xa0 [ 238.525922][ T7197] ___sys_sendmsg+0x236/0x2e0 [ 238.530631][ T7197] ? __sys_sendmsg+0x2a0/0x2a0 [ 238.535554][ T7197] __se_sys_sendmsg+0x1af/0x290 [ 238.540429][ T7197] ? __x64_sys_sendmsg+0x80/0x80 [ 238.545391][ T7197] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 238.551427][ T7197] ? lockdep_hardirqs_on+0x94/0x140 [ 238.556662][ T7197] do_syscall_64+0x4c/0xa0 [ 238.561102][ T7197] ? clear_bhb_loop+0x30/0x80 [ 238.565801][ T7197] ? clear_bhb_loop+0x30/0x80 [ 238.570513][ T7197] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 238.576444][ T7197] RIP: 0033:0x7f5b5767e799 [ 238.580996][ T7197] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.601292][ T7197] RSP: 002b:00007f5b558d8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 238.609927][ T7197] RAX: ffffffffffffffda RBX: 00007f5b578f7fa0 RCX: 00007f5b5767e799 [ 238.617935][ T7197] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 238.626129][ T7197] RBP: 00007f5b57714bd9 R08: 0000000000000000 R09: 0000000000000000 [ 238.634121][ T7197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.642116][ T7197] R13: 00007f5b578f8038 R14: 00007f5b578f7fa0 R15: 00007ffc99979f78 [ 238.650128][ T7197] [ 238.653172][ T7197] [ 238.655518][ T7197] Allocated by task 7197: [ 238.660041][ T7197] __kasan_kmalloc+0xb5/0xf0 [ 238.664700][ T7197] sk_prot_alloc+0xe7/0x210 [ 238.669229][ T7197] sk_alloc+0x2f/0x310 [ 238.673317][ T7197] pfkey_create+0xd8/0x560 [ 238.677758][ T7197] __sock_create+0x47b/0x900 [ 238.682402][ T7197] __sys_socket+0xe2/0x170 [ 238.686854][ T7197] __x64_sys_socket+0x76/0x80 [ 238.691638][ T7197] do_syscall_64+0x4c/0xa0 [ 238.696079][ T7197] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 238.701993][ T7197] [ 238.704336][ T7197] Last potentially related work creation: [ 238.710062][ T7197] kasan_save_stack+0x35/0x60 [ 238.714758][ T7197] kasan_record_aux_stack+0xb8/0x100 [ 238.720064][ T7197] insert_work+0x54/0x3d0 [ 238.724506][ T7197] __queue_work+0x9c5/0xd50 [ 238.729033][ T7197] rcu_work_rcufn+0xdb/0x120 [ 238.733639][ T7197] rcu_core+0x9d2/0x1670 [ 238.737899][ T7197] handle_softirqs+0x339/0x830 [ 238.742686][ T7197] __irq_exit_rcu+0x13b/0x230 [ 238.747478][ T7197] irq_exit_rcu+0x5/0x20 [ 238.751768][ T7197] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 238.757432][ T7197] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 238.763711][ T7197] [ 238.766058][ T7197] Second to last potentially related work creation: [ 238.772743][ T7197] kasan_save_stack+0x35/0x60 [ 238.777624][ T7197] kasan_record_aux_stack+0xb8/0x100 [ 238.783024][ T7197] call_rcu+0x189/0x950 [ 238.787287][ T7197] queue_rcu_work+0x81/0x90 [ 238.791992][ T7197] __fl_put+0x230/0x370 [ 238.796251][ T7197] __fl_delete+0x5fd/0x7a0 [ 238.800783][ T7197] fl_destroy+0x121/0x1c0 [ 238.805322][ T7197] tcf_proto_destroy+0x7e/0x270 [ 238.810392][ T7197] tcf_chain_flush+0x359/0x4b0 [ 238.815180][ T7197] __tcf_block_put+0x35e/0x480 [ 238.820047][ T7197] tcf_block_put+0x69/0x90 [ 238.824492][ T7197] multiq_destroy+0x4c/0x1a0 [ 238.829187][ T7197] qdisc_destroy+0x115/0x390 [ 238.833796][ T7197] dev_shutdown+0x5e6/0x710 [ 238.838526][ T7197] unregister_netdevice_many+0xa2c/0x19f0 [ 238.844482][ T7197] unregister_netdevice_queue+0x324/0x370 [ 238.850352][ T7197] __tun_detach+0xd4a/0x1500 [ 238.854986][ T7197] tun_chr_close+0x109/0x1b0 [ 238.859695][ T7197] __fput+0x234/0x930 [ 238.863714][ T7197] task_work_run+0x125/0x1a0 [ 238.868546][ T7197] exit_to_user_mode_loop+0x10f/0x130 [ 238.873950][ T7197] exit_to_user_mode_prepare+0xee/0x180 [ 238.879522][ T7197] syscall_exit_to_user_mode+0x16/0x40 [ 238.885010][ T7197] do_syscall_64+0x58/0xa0 [ 238.889480][ T7197] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 238.895520][ T7197] [ 238.897862][ T7197] The buggy address belongs to the object at ffff888060789000 [ 238.897862][ T7197] which belongs to the cache kmalloc-2k of size 2048 [ 238.912273][ T7197] The buggy address is located 1544 bytes inside of [ 238.912273][ T7197] 2048-byte region [ffff888060789000, ffff888060789800) [ 238.925913][ T7197] The buggy address belongs to the page: [ 238.931542][ T7197] page:ffffea000181e200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888060788000 pfn:0x60788 [ 238.943000][ T7197] head:ffffea000181e200 order:3 compound_mapcount:0 compound_pincount:0 [ 238.951329][ T7197] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 238.959329][ T7197] raw: 00fff00000010200 ffff888016c40948 ffffea00008e1c08 ffff888016c42000 [ 238.968063][ T7197] raw: ffff888060788000 0000000000080007 00000001ffffffff 0000000000000000 [ 238.977010][ T7197] page dumped because: kasan: bad access detected [ 238.983432][ T7197] page_owner tracks the page as allocated [ 238.989154][ T7197] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 154, ts 60381817991, free_ts 16653850223 [ 239.009274][ T7197] get_page_from_freelist+0x1bbd/0x1ca0 [ 239.014934][ T7197] __alloc_pages+0x1ee/0x480 [ 239.019985][ T7197] new_slab+0xc0/0x4b0 [ 239.024075][ T7197] ___slab_alloc+0x80a/0xdd0 [ 239.028681][ T7197] __kmalloc_node_track_caller+0x1fc/0x3a0 [ 239.034494][ T7197] pskb_expand_head+0x127/0x10f0 [ 239.039527][ T7197] netlink_trim+0x180/0x220 [ 239.044131][ T7197] netlink_broadcast_filtered+0x7c/0x1170 [ 239.049853][ T7197] nlmsg_notify+0xec/0x1a0 [ 239.054270][ T7197] netdev_state_change+0xf4/0x160 [ 239.059383][ T7197] linkwatch_do_dev+0x10d/0x160 [ 239.064229][ T7197] __linkwatch_run_queue+0x4b1/0x7c0 [ 239.069605][ T7197] linkwatch_event+0x48/0x50 [ 239.074194][ T7197] process_one_work+0x85f/0x1010 [ 239.079134][ T7197] worker_thread+0xaa6/0x1290 [ 239.083812][ T7197] kthread+0x436/0x520 [ 239.087880][ T7197] page last free stack trace: [ 239.092632][ T7197] free_unref_page_prepare+0x637/0x6c0 [ 239.098147][ T7197] free_unref_page+0x8f/0x2a0 [ 239.102838][ T7197] free_contig_range+0x96/0xf0 [ 239.107611][ T7197] destroy_args+0xf0/0xa00 [ 239.112070][ T7197] debug_vm_pgtable+0x321/0x380 [ 239.116934][ T7197] do_one_initcall+0x272/0x730 [ 239.121827][ T7197] do_initcall_level+0x137/0x1f0 [ 239.126929][ T7197] do_initcalls+0x4b/0x90 [ 239.131293][ T7197] kernel_init_freeable+0x3e9/0x570 [ 239.136669][ T7197] kernel_init+0x19/0x1b0 [ 239.141091][ T7197] ret_from_fork+0x1f/0x30 [ 239.145507][ T7197] [ 239.147849][ T7197] Memory state around the buggy address: [ 239.153559][ T7197] ffff888060789500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 239.161624][ T7197] ffff888060789580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 239.169843][ T7197] >ffff888060789600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 239.178005][ T7197] ^ [ 239.182339][ T7197] ffff888060789680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 239.190583][ T7197] ffff888060789700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 239.198723][ T7197] ================================================================== [ 239.206947][ T7197] Disabling lock debugging due to kernel taint [ 239.213778][ T7197] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 239.221069][ T7197] CPU: 1 PID: 7197 Comm: syz.4.822 Tainted: G B syzkaller #0 [ 239.229770][ T7197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 239.240207][ T7197] Call Trace: [ 239.243513][ T7197] [ 239.245521][ T7193] loop0: detected capacity change from 0 to 8192 [ 239.246466][ T7197] dump_stack_lvl+0x188/0x250 [ 239.257650][ T7197] ? show_regs_print_info+0x20/0x20 [ 239.262882][ T7197] ? load_image+0x400/0x400 [ 239.267689][ T7197] panic+0x2e5/0x810 [ 239.271779][ T7197] ? bpf_jit_dump+0xd0/0xd0 [ 239.276417][ T7197] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 239.282437][ T7197] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 239.288457][ T7197] ? _raw_spin_unlock+0x40/0x40 [ 239.293397][ T7197] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 239.299910][ T7197] check_panic_on_warn+0x80/0xa0 [ 239.305033][ T7197] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 239.311919][ T7197] end_report+0x6d/0xf0 [ 239.316087][ T7197] kasan_report+0x102/0x130 [ 239.320594][ T7197] ? xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 239.327183][ T7197] xfrm_policy_inexact_list_reinsert+0x5d2/0x690 [ 239.333691][ T7197] ? xfrm_policy_addr_delta+0x212/0x340 [ 239.339447][ T7197] xfrm_policy_inexact_insert_node+0x950/0xb60 [ 239.345708][ T7197] ? __kasan_kmalloc+0xb5/0xf0 [ 239.350489][ T7197] xfrm_policy_inexact_alloc_chain+0x7ce/0xea0 [ 239.356759][ T7197] ? xfrm_policy_inexact_insert+0xe0/0x1460 [ 239.362652][ T7197] xfrm_policy_inexact_insert+0xe0/0x1460 [ 239.368470][ T7197] ? do_raw_spin_lock+0x128/0x2f0 [ 239.373507][ T7197] ? __rwlock_init+0x140/0x140 [ 239.378272][ T7197] ? policy_hash_bysel+0x135/0x7b0 [ 239.383479][ T7197] xfrm_policy_insert+0x112/0x930 [ 239.388635][ T7197] xfrm_add_policy+0x4f2/0x880 [ 239.393408][ T7197] ? xfrm_dump_sa_done+0xc0/0xc0 [ 239.398341][ T7197] ? apparmor_capable+0x12c/0x190 [ 239.403369][ T7197] ? __nla_parse+0x3c/0x50 [ 239.407785][ T7197] xfrm_user_rcv_msg+0x5e5/0x910 [ 239.412727][ T7197] ? xfrm_netlink_rcv+0x90/0x90 [ 239.417787][ T7197] ? xfrm_netlink_rcv+0x66/0x90 [ 239.422636][ T7197] ? __mutex_lock_common+0x465/0x2400 [ 239.428294][ T7197] ? __skb_clone+0x480/0x790 [ 239.432991][ T7197] netlink_rcv_skb+0x1f5/0x440 [ 239.437753][ T7197] ? xfrm_netlink_rcv+0x90/0x90 [ 239.442610][ T7197] ? netlink_ack+0xb50/0xb50 [ 239.447300][ T7197] ? __lock_acquire+0x7d10/0x7d10 [ 239.452357][ T7197] xfrm_netlink_rcv+0x75/0x90 [ 239.457055][ T7197] netlink_unicast+0x774/0x920 [ 239.462008][ T7197] netlink_sendmsg+0x8ba/0xbe0 [ 239.466773][ T7197] ? netlink_getsockopt+0x570/0x570 [ 239.471971][ T7197] ? aa_sock_msg_perm+0x94/0x150 [ 239.477428][ T7197] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 239.482977][ T7197] ? security_socket_sendmsg+0x7c/0xa0 [ 239.488519][ T7197] ? netlink_getsockopt+0x570/0x570 [ 239.493957][ T7197] ____sys_sendmsg+0x5b7/0x8f0 [ 239.499335][ T7197] ? __sys_sendmsg_sock+0x30/0x30 [ 239.504396][ T7197] ? import_iovec+0x6f/0xa0 [ 239.508987][ T7197] ___sys_sendmsg+0x236/0x2e0 [ 239.513842][ T7197] ? __sys_sendmsg+0x2a0/0x2a0 [ 239.518621][ T7197] __se_sys_sendmsg+0x1af/0x290 [ 239.523472][ T7197] ? __x64_sys_sendmsg+0x80/0x80 [ 239.528406][ T7197] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 239.534386][ T7197] ? lockdep_hardirqs_on+0x94/0x140 [ 239.539583][ T7197] do_syscall_64+0x4c/0xa0 [ 239.543995][ T7197] ? clear_bhb_loop+0x30/0x80 [ 239.548666][ T7197] ? clear_bhb_loop+0x30/0x80 [ 239.553359][ T7197] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 239.559655][ T7197] RIP: 0033:0x7f5b5767e799 [ 239.564077][ T7197] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 239.584483][ T7197] RSP: 002b:00007f5b558d8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 239.592901][ T7197] RAX: ffffffffffffffda RBX: 00007f5b578f7fa0 RCX: 00007f5b5767e799 [ 239.601216][ T7197] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 239.609316][ T7197] RBP: 00007f5b57714bd9 R08: 0000000000000000 R09: 0000000000000000 [ 239.617475][ T7197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.625631][ T7197] R13: 00007f5b578f8038 R14: 00007f5b578f7fa0 R15: 00007ffc99979f78 [ 239.633971][ T7197] [ 239.637506][ T7197] Kernel Offset: disabled [ 239.641834][ T7197] Rebooting in 86400 seconds..