last executing test programs: 4.862883765s ago: executing program 1 (id=411): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000680)={[{@dioread_lock}, {@data_journal}, {@abort}, {@user_xattr}, {@user_xattr}, {@grpjquota, 0x2e}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c1, &(0x7f0000001940)="$eJzs3M9vFFUcAPDvTGkpP1uQqPxQVtHYiLa0oHLwoEYTLhoTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqBc1XvVuTIjhAnowa2Z3pt2l2+3ulnbF/XyS3b4382be+76Ztzs7r7sB9KxS9pREbI2IXyNiqJqtL1Cq/rlx7dLUX9cuTSVRLr/0Z1Ipd/3apamiaLHdljwzkkak7yWxt0G9sxcunp6cmZk+n+fH5s68MTZ74eKjp85Mnpw+OX124ujRI4fHn3h84rGW4ri8wvosrut73j63b/exVz58fqocr37/Wdberfn62jiqhluqt5lSlKKcW1w6UHl+cNV7/2/ZVpNONnSxIbSlLyKyw9VfGf9D0ReLB28onnt3IfNNlxoIrJnsvWnHkqV9+d904f0L+D9KjHHoUcU7fvb5t3is5/VHt119OnuersR/I3/8+EK1b9Lss+xw9RN7eZnt72ywbHAxWR5aof6tEXF8/u+Pskc0vA/RRNJySQCABV9l1z+PNLr+S+uubbbncyjDEXEwInZGxB0RsSvShTJ3RcTdbdZfuim/9Prn501t7rIt2fXfk/ncVvGoriniShZy2yrx9yevnZqZPpT3yUj0b8zy403q+PrZXz5Ybl2p5vove2T1F9eCeTv+2LCxfpsTk3OTqwi5ztV3IvZsaBR/sjATkPXA7ojY08H+sz479fCn+7L09i1L168cfxO3YJ6p/EnEQ9XjPx83xV9IqjUtNz85Nhgz04fGirNiqR9+uvJibb6/Jl0X/2BrMQ12GmwD2fHf3PD8z+MvhkExXzvbfh1Xfnt/2c80S49/Esfna0vk5/+mxW7Lzv+B5OVKeiBf9tbk3Nz58YiBfEHd8onFvRX5onwW/8iBxuN/Z8Q/H+fb7Y2I7CS+JyLujYj9edvvi4j7I+JAk/i/e+aB15v3UIfn/y2QxX+i2fGPGE5q5+s7SPSd/vbL5epv7fXvSCU1ki9p5fWv1Qaupu8AAADgdpFW5qCTdLRI19yc2hWb05lzs3MHS/Hm2RPVuerh6E+LO11DNfdDx/N7w0V+4qb84YjYUflPo02V/OjUuZlt3QwcqHxXp278R5qOjlbX/d7X7dYBa66tebTafzr7/Itb3xhgXfm+JvQu4x96l/EPvcv4h97VaPxfjrjRhaYA68z7P/Qu4x96l/EPvcv4h5609Cvxxc+tdPJN/8XEzmOr2nzNE+WhNdnzfPtb9a1RpFH7ox3LJpKI6KyKSJuXGWih9q4l0hXLPLVSt/Sv6jcxssT+PLExIlrd6vK69WrxCpH4lUkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC29m8AAAD//2cg5YI=") futex(0x0, 0xd, 0x1, 0x0, 0x0, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x8000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bf, &(0x7f00000017c0)="$eJzs3cFqE10UwPHzNW2TprTJByIoqAfd6GZo4wNokBbEgFKboi6EqZ1oyJiUmRCJiM1G3PocxaU7QX2BbsSNe3dFENx0IUYyk2kzbVrTNKEx/f+g3HN77um9pGk5KfRm896bp4Wca+TMsozEVEZEarIlkmxETf81xxEvHpdWNbky+fPrubv3H9xKZzJzC6rz6cWrKVWdvvDh2Yu3Fz+VJ5feTb+Pykby4eaP1LeN0xtnNn8vPsm7mne1WCqrqculUtlcti1dybsFQ/WObZmupfmiazmhfM4ura5W1SyuTMVXHct11SxWtWBVtVzSslNV87GZL6phGDoVl5NttIM12fWFBTO9b7oe6emJ0HvR8HSi3RrHSdfaJ7Pr/ToXAAAYXHv7/+lmptHt+73+/v1/Zskfe9z/i9D/90ktNPtL/4+h4DhpM978+Q2j/wcAAAAAAAAAAAAAAAAAAAAA4F+wVa8n6vV6IhiDj6iIxEQkmB/3OdEfXX7/rx3TcdFjLf+4FxOxX1eylaw/+vl0TvJiiyUzkpBf3vOhyY/nb2bmZtQz1vySjfq1Sjbi3U3g1QeS7erP/z/r16t8bNRVmvVjEm/dPyUJOdV+/9ROfXAdwlolOy6XL7XUG5KQz4+kJLaseM/rnfqXs6o3bmd27T/hrQMAAAAAYBgYui0Zfv3r3/1oeAtisjfv1x/i7wO7Xl+PytlOrqgEAAAAAABH5lafF0zbtpwugqiIHKF8WIOIDMQxdgXXRWQAjnG4ICLS5YMZExH/M9pN+fft8o6q6h2sGRWRwXhUOwtCvyZ4IxgAAABgCOw0/QetGgtPv7zq86kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhZOr0PLFi/JxUkDihv2Y57xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCi/QkAAP//m+0Xlg==") mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) 4.122880229s ago: executing program 1 (id=414): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r1, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0xfd}], 0xf, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001400)="9af390e2aadb61017e08249a2485ad46a590a90910858e1ceefc66db2ed8f32bf6be0e2f94e7e4db6454393a128402ed26580c7c5ebc85db639da17c927c23dbde640ab030889e8b61f26d270bc73b21c9ac8ba542e6b4ad2cd147059128ba038e4b9ebb20537f437b23b46ec790720e1fb74cef3c677e9978662a84cf2fcf73c73a5e763358496737af6284226bad34fb9083f87d853ab78c816cf32c90bd5c40ff6446214552d29745d34e0c4bfa623d00e5cbb393972371503122a0f44135db5654ace67cdd", 0xc7}], 0x1}}], 0x1, 0x11) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.862224694s ago: executing program 1 (id=416): r0 = open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x1a1342, 0x162) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000140)) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000004, 0x10, r0, 0x8000000) write$cgroup_subtree(r0, &(0x7f0000000680)=ANY=[@ANYBLOB="312d36a3"], 0x31) syz_io_uring_setup(0x4269, &(0x7f0000000080)={0x0, 0x7867, 0x400, 0x0, 0x3c8, 0x0, r0}, &(0x7f0000000000), &(0x7f0000000100)) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x2a, &(0x7f0000000200)={@link_local, @random="0000fc00", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x8, 0x1c, 0x64, 0x0, 0x1, 0x2, 0x0, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x33}}, {0x17, 0x3, 0x0, @remote}}}}}, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) shutdown(r2, 0x0) sendfile(r2, r3, 0x0, 0xdc) 3.712297003s ago: executing program 1 (id=417): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f0000000140)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000340)={[{@upperdir={'upperdir', 0x3d, './file0/file1'}}, {@volatile}, {@default_permissions}, {@redirect_dir_nofollow}, {@default_permissions}, {@uuid_on}, {@verity_require}, {@metacopy_on}, {@redirect_dir_off}]}) setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) mount$overlay(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]}) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001b00)=@gettaction={0x14, 0x32, 0x1, 0x2, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x800) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x600, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000004001a80180002"], 0x44}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f00000028c0)={0x2020}, 0x2020) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup(r4) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a0000100180c200000000000000000086dd6900040060500000fc0100000000000000000000000000015b1808fcb4110d97000000000000000106"], 0x8a) openat(r2, &(0x7f00000001c0)='./file0\x00', 0x800, 0xc2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x0, 0x0, 0xc, 0x0, 0x0, 0x0) 3.653080586s ago: executing program 3 (id=419): syz_emit_ethernet(0x53, &(0x7f0000000240)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x1d, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x0, "36dad8"}]}}}}}}, 0x0) 3.609962549s ago: executing program 3 (id=420): syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000060000402505a1a440000102030109025c0002010000000901000100020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010120ee0e", @ANYRES16], 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) socket$inet6(0xa, 0x1, 0xfffffffe) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=") r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='cgroup\x00') setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) read$msr(r3, &(0x7f0000000d40)=""/43, 0x2b) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@getchain={0x44, 0x66, 0x104, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {0xfff2}, {0x4, 0xa}}, [{0x8, 0xb, 0x8007f}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x2fffe}, {0x8, 0xb, 0x100}]}, 0x44}, 0x1, 0x0, 0x0, 0x20002044}, 0x44085) 3.397266722s ago: executing program 1 (id=423): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r1}, 0xc) 3.062584471s ago: executing program 1 (id=424): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="18090000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70300000000000085000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) socket(0x10, 0x3, 0x0) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000540)={0x1, {{0xa, 0x0, 0x0, @mcast1, 0x6}}, {{0xa, 0xfffe, 0x3fe00, @initdev={0xfe, 0x88, '\x00', 0xfe, 0x0}, 0x3}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2f, &(0x7f0000000200)={0x80000, {{0xa, 0xffff, 0x3, @mcast1={0xff, 0x7}, 0x1}}, {{0xa, 0x0, 0x2, @loopback, 0xfffffffd}}}, 0x108) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00'}) close(r5) process_vm_readv(r1, &(0x7f0000000d00)=[{&(0x7f00000000c0)=""/58, 0x3a}, {&(0x7f0000000140)=""/111, 0x6f}, {&(0x7f0000000240)=""/123, 0x7b}, {&(0x7f00000009c0)=""/141, 0x8d}, {&(0x7f0000000440)=""/121, 0x79}, {&(0x7f0000000a80)=""/159, 0x9f}, {&(0x7f0000000b40)=""/148, 0x94}, {0x0}, {&(0x7f00000006c0)=""/85, 0x55}], 0x9, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000dc0)=""/197, 0xc5}, {&(0x7f0000000ec0)=""/237, 0xed}, {&(0x7f00000001c0)=""/57, 0x39}, {&(0x7f00000003c0)=""/13, 0xd}], 0x5, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}}) 2.91563629s ago: executing program 32 (id=424): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="18090000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70300000000000085000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) socket(0x10, 0x3, 0x0) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000540)={0x1, {{0xa, 0x0, 0x0, @mcast1, 0x6}}, {{0xa, 0xfffe, 0x3fe00, @initdev={0xfe, 0x88, '\x00', 0xfe, 0x0}, 0x3}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2f, &(0x7f0000000200)={0x80000, {{0xa, 0xffff, 0x3, @mcast1={0xff, 0x7}, 0x1}}, {{0xa, 0x0, 0x2, @loopback, 0xfffffffd}}}, 0x108) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00'}) close(r5) process_vm_readv(r1, &(0x7f0000000d00)=[{&(0x7f00000000c0)=""/58, 0x3a}, {&(0x7f0000000140)=""/111, 0x6f}, {&(0x7f0000000240)=""/123, 0x7b}, {&(0x7f00000009c0)=""/141, 0x8d}, {&(0x7f0000000440)=""/121, 0x79}, {&(0x7f0000000a80)=""/159, 0x9f}, {&(0x7f0000000b40)=""/148, 0x94}, {0x0}, {&(0x7f00000006c0)=""/85, 0x55}], 0x9, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000dc0)=""/197, 0xc5}, {&(0x7f0000000ec0)=""/237, 0xed}, {&(0x7f00000001c0)=""/57, 0x39}, {&(0x7f00000003c0)=""/13, 0xd}], 0x5, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}}) 2.283038556s ago: executing program 2 (id=427): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r1, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0xfd}], 0xf, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001400)="9af390e2aadb61017e08249a2485ad46a590a90910858e1ceefc66db2ed8f32bf6be0e2f94e7e4db6454393a128402ed26580c7c5ebc85db639da17c927c23dbde640ab030889e8b61f26d270bc73b21c9ac8ba542e6b4ad2cd147059128ba038e4b9ebb20537f437b23b46ec790720e1fb74cef3c677e9978662a84cf2fcf73c73a5e763358496737af6284226bad34fb9083f87d853ab78c816cf32c90bd5c40ff6446214552d29745d34e0c4bfa623d00e5cbb393972371503122a0f44135db5654ace67cdd", 0xc7}], 0x1}}], 0x1, 0x11) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.063923699s ago: executing program 3 (id=429): syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f00000005c0), 0x1, 0x50c, &(0x7f0000000600)="$eJzs3M9rHNcdAPDvzEquLLu1XdzS9mJRF+y2dPWLQt2TXdpT69JSQyk9GNVeyUIrrSytwBI9yP9BD/Wp9NBzL+6hgUBCDCGBHJNDcMh/EGKMsXMwOFaY2V1FXu1GUixpwPP5wOy8N2/sN7Nfvd15X40mgNIayV6SiOMR8XZEnGhVX9xhpLW6M3n3RrYksbHxp4dJvt/65N0bnV07/+5Y9pJGDEXEB5eS+Fuyvd/l1bW5qXq9ttSujzbnF0eXV9d+Njs/NVObqS2M/3xycmzswsTYL/btXP/77Lcf/+/+r2Zu/+P9N//c/PSvSVzMzzu6zmO/jMRI+z0ZjB92tf1mvzsrSCUiBiLiO1u2JQMFHhB70onfYD7+T0QlBA/KYiPXr/XMBvAqS6LoIwCK0fmmz+a/neXQLj4o3INLrQngeju3c2cz/gOR5uuhfG44/Dh5YWaYdM35v66RiLh1/53/Z0scUB6G/tZvR8T3eo3/JM+NncyzeFn8K9vif7a9zpbzrZRfvs+P9tD/SPfxiP+hepn4/3hL/Ktb4v+TPfQv/gAAAIfj3qWIGOs1/0uzaWHE5vzvxfxPNjf87j70b/5XrE7+7862/F+6mf+r9Mn/9f21cZe/XHnWd9et+b9syfrv5AI5eA9uR/ygZ/w78R7KY90d/+xnY3SXfdxs/vrdfm3iX6yN/0Sci97x70i++v7M0enZem2s9dqzj9P/uvvHfv2Lf7Gy8T/cJ/47ff5/vss+fn/xvYf92rbG/41nr7+2Pf7pJ0eSK/kP45H2lltTzebSeMSR5Hfbt0/s5ezLp/Medd7DLP7nz/b+/v92vu58/m/P/z9vr7PtT9v3kGblR+2rxqztSUSsvnWz7+3OO8efg5TF//oO47/X93+27bNd9vHh9L//3q9N/AEAAAAAAADg5aX5vbxJWt0sp2m12nqG3+kYTuuN5eZPpxsrC9ej/fegg2nnTq8TrXqS1cfz8pf1ia76ZEScioh/Vo7m9eq1Rv160ScPJXesa/w/qbTGP1ASHvkJ5WX8Q3kZ/1Bexj+Ul/EP5WX8Q3kZ/1Bexj+Ul/EP5WX8Q3kZ/1BKf7h8OVs2Os/9XGjMzM7dWLwwMVadX7lWvdZYWqzONBoz+V/szO/8/9UbjcXxiVi5NdqsLTdHl1fXrs43VhaaV/PnRl+tDR7COQG7c+rMvY+SiFj/5dF8iS3P0zZW4dVWKfoAgMKY+kN5ucYHkh3ah/o11Pf/WIDDkRZ9AEBhzn1f/h/KSv4fykv+H8rLNT4g/w/lI/8P5bW8ujY3Va/XlhQUFBQ2C0V/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCfllfX5qbq9drSARaKPkegt+HHA3FlSz2JiOft9UBEPI2IwYiorEc8ioihrG094klXGQAAAAAAACie39IDQPkcz5ckrUZEmpfTtFqN+GZEnIzBZHq2XhuLiG9FxP3K4Dey+njRBw3siy8CAAD///YwGhQ=") socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfffa}, {0xffff, 0xffff}, {0x10, 0x9}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x5}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4200, 0x100, 0x5, 0x5}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c0000800800", @ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x20040041}, 0x0) 1.233359608s ago: executing program 2 (id=431): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r4 = memfd_create(&(0x7f0000000380)='D\xa3\xd5Wj\x00\x00x0\xc1\xac*\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9\xd0\xc0\xa9\b\x98\xfc:\x1b\xc4\x80!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x00\x02\xdf\b~\xd5)\xa4\x80\xad\x97\'\x1b\xfd}\x96&\xd2\x0eGp\x8e\x1a\x19o\xf1\x14\xe2]J\xf2\xb5h\x9bt*\xd2\xfbT\x01ci\x87\x18\xc9\x13=\x1b\xadl;}\x9d\xbe\x9a\xee\x1a\xfc\x96 \x93\x12@\x19|f\x98\xdc,\x82SlA\x19\xcb\xfe\xccSKO}\xb2U\xd6\xc5\xa7=\xf8s\x1dp\xe0\x14\xe5\x92\xfd)\bB\xcd\xc2\xb6\x85$%nV\xd3*\x00`OE\x8e\xf0\xf9\xd2!KZ%\xad\xa1\x92b\x1e%\x9f!\xd8mV$\x1d?\xc2\f\xcc\xc5x\x9fJ#\xce\x90\xc5\x82\xfb\x97\xd2\xb7\xb5\xed\xb5\'J\xfc\xf4Z.\rS\x88\f\xd0zK\xc7\x81\xbe\xd5\xc2\xce\x89\xbc\x1e\xb78\xf6Z\xd5\x1b\xf1\x9bMD\f\xf6\xc5V\xe1\x12j\xdfW\x87\xf09\n\x1e\x1b\f\xe5p\xab\x9e\xe5}\x96\x9b\xea\x86\x0f\xca\xcf\x16\x96\x0e6\x8d\x11\xd2&\"eKKV\x8b?]<\xa7]\x93\xad\x1d\xfe\x13\xee\xca\xdc\x97\xa9\a\b\xac\xdd\xa0\xfe\x97\xa1?\xa2F\xae\xb7f\x85\xda', 0x0) write(r4, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) r5 = dup3(r3, r2, 0x0) fchdir(r5) creat(&(0x7f0000000040)='./bus\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) write(r1, &(0x7f00000000c0)="240000001e005f0414fffffffffffff8070000000000000000000000080007001d000000", 0x24) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000", @ANYRES32], 0x4c}}, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) write$tun(r7, &(0x7f0000000480)=ANY=[@ANYBLOB="000000f7030403000400c40010"], 0xe6) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0xfffd, 0x2, 0x20, 0x30, 0x4}, {0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in=@rand_addr=0x64010100, 0x0, 0x32}, 0x0, @in=@empty, 0x0, 0x1, 0x3}}, 0xe8) sendmmsg$inet6(r6, &(0x7f00000090c0)=[{{&(0x7f00000002c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000200)={"845aba7916ad65555a748045398ef6d8", 0x0, 0x0, {0x800, 0x9}, {0x1, 0x4}, 0x7fff, [0x6, 0x7fffffff, 0x800000007dc5, 0x4, 0x8000000000000001, 0x4, 0x5, 0x5, 0x5, 0x5, 0x7fff, 0xe, 0x2, 0x8000000000000000, 0x4, 0x2264]}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000001040)={{r1}, r8, 0x4, @inherit={0x60, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000001000000000000002400000000000000ff07001e00000000fdfffffffffffffffbffffffffffffff03000000000000004d83cab600000000090000000000000000000000000000000a8f7913c580612195303cdb8e5b015c2b422f74589bcb46a8d204eee8fe3306b0b91c0cfc5e3e08139c86b2804e8169bcd52bb7b960f6c8e1af0838a549d96bb03da2681755003ec900e1a248709b8ef6185ea9e085de657c131a3385c7a01cf14e"]}, @subvolid=0x1}) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r9, r0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f0000000540), &(0x7f0000000000)='./bus\x00', 0x322020, &(0x7f0000000580)=ANY=[], 0x3, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.kill\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) 1.232896988s ago: executing program 3 (id=432): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000001353"], 0x28}}, 0x0) 1.232234628s ago: executing program 2 (id=433): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r1 = userfaultfd(0x80000) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x4040810, 0xffffffffffffffff, 0xe06cd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, 0x0, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) write$tcp_congestion(r0, &(0x7f0000000100)='reno\x00', 0x5) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/11], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB, @ANYRES64=0x0], 0x20) write$tcp_congestion(r0, &(0x7f0000000300)='reno\x00', 0x5) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB="12000000000881faa4030000", @ANYRES32=0x0, @ANYBLOB, @ANYRES64=0x0], 0x20) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$X86_IOC_RDMSR_REGS(r7, 0xc02063a0, &(0x7f0000000000)=[0x80, 0xc000000, 0x8, 0x3, 0x1, 0x4, 0xa, 0x6]) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r10, 0x4138ae84, &(0x7f00000001c0)={{0x8080000, 0xeeee0000, 0x8, 0xff, 0xf9, 0xe4, 0x40, 0x7, 0x0, 0x2d, 0x9, 0xfe}, {0x5000, 0x40000, 0xf, 0x0, 0x8, 0x5, 0x7d, 0x9e, 0x1, 0x3, 0x1, 0x4}, {0xeeef0000, 0xdddd0000, 0x10, 0x3, 0x83, 0x4, 0x4, 0x9, 0x0, 0xa7, 0x5, 0x81}, {0x6000, 0xffef3000, 0xa, 0x6, 0x4, 0x2, 0xe0, 0x4, 0x8, 0x6, 0xe}, {0x2, 0xd000, 0x0, 0x3, 0x15, 0x80, 0xab, 0x7f, 0xf, 0x83, 0xb7, 0x83}, {0x30000, 0x8080000, 0xc, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0xf, 0x1}, {0x3000, 0x41000, 0x10, 0x85, 0x7, 0x5, 0x7, 0x1, 0x1, 0x81, 0xff, 0x70}, {0x100000, 0xe6e66000, 0xf, 0x5, 0x0, 0x7, 0x1, 0x34, 0x2, 0x3, 0xb0, 0x9}, {0x8000000, 0x1}, {0x4, 0x8007}, 0xa, 0x0, 0xdddd1000, 0x2010, 0x100003, 0x400, 0x3000, [0x6800000000000000, 0x4, 0x5e, 0xff]}) write$tcp_congestion(r0, &(0x7f0000000380)='reno\x00', 0x5) 1.231401228s ago: executing program 0 (id=435): socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0xffff, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50) 1.230756438s ago: executing program 3 (id=436): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) syz_emit_ethernet(0xa6, &(0x7f0000000000)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x70, 0x3a, 0xff, @dev, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [{0x4, 0x8, "9595f429ae08a565c9a41d413a70a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d"}, {0x4, 0x1, "570c3005efc0"}]}}}}}}, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000180)=""/33, 0x21) 1.230259738s ago: executing program 3 (id=437): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000680)={0x3c, r1, 0x1, 0x170bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x6}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}]}, 0x3c}}, 0x40040) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=@setneightbl={0x5c, 0x43, 0x1, 0x70bd2d, 0x25dfdbfb, {0x2}, [@NDTA_GC_INTERVAL={0xc, 0x8, 0xfffffffffffffffd}, @NDTA_THRESH2={0x8, 0x3, 0x6}, @NDTA_THRESH2={0x8, 0x3, 0x98}, @NDTA_NAME={0x14, 0x1, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NDTA_NAME={0x5, 0x1, '\x00'}, @NDTA_THRESH1={0x8, 0x2, 0x400}, @NDTA_THRESH3={0x1, 0x4, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0) syz_read_part_table(0x1056, &(0x7f0000001080)="$eJzszzuxAkEQBdA7+3ZfzbpAABaowgOFEjRARIQMUgygAEtDUSwfBUBwTjLT3beDDt/VlSwe//39+Z/KPsnlnGSZpLXWdptk1tekJn8l7Raq2zLmtVCToRtTps5qfA7nSZdTDsNben38wIUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8POuAQAA//8Lwwxl") syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r3 = getgid() r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r4, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) setpgid(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f00000004c0)='./file0\x00', 0x200d498, &(0x7f0000000480)={[{@nodots}, {@fat=@gid={'gid', 0x3d, r3}}]}, 0x1, 0x21f, &(0x7f0000000100)="$eJzs3DtrW2cYB/BXvqmWsdFUaJe+uEu7iNZzh5biQqmgpa5KL1A4xnIrpEpGR4NUOmjOlM+QMYRkyRYw+QL+FMlmAsZLPOUEW4ovceLcFCnEv9+i5+iv5/A+6HAQr+DsfnX13/pmWtpMOmEqnwtTX4f+wyzLimEqPNEPn9/6bf/K2lw4I8a49Mn2n//fWL7bWfj19tKdfNgp/rW7t3J/58Odj3Yf/fJPLY21NDZbnZjE9Vark6w3qnGjltZLMf7UqCZpNdaaabV9Jt9stLa2ejFpbiwWttrVNI1Jsxfr1V7stGKn3YvJ30mtGUulUlwsBN5E5fpBlutnh/L9kGXZpBfEmB1kWdjz/V9aa7//8cM35fLqzzF+EMKDfrfSrQxeB/l335dXv4hHiidd+91uZfo4/3KQx1On7XYrs6EwzFfO5Yf9c+GzTwf5Yfbtj+Wn8vmw8danBwAAAACA91MpHju/v58bHp7N7xWO9vcHB6f+Hxjs31/bHvbPhI9nxjwMAAAA8Exp77960mhU2xcU0yGEF31m5MVMeM322eFk41vq84tcGGyijPDMWT6Eyc01F4bF/CtcP+9+sXD8Tii+XNf0qJdxc5QXySiKC24ay2O4MQEAACN38qN/0isBAAAAAAAAAAAAAAAAAACAy2scjxOb9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd5HAAA//9eWF7C") sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYRES8=r2, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c61"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x84) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) 1.228011358s ago: executing program 0 (id=438): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000018000000007110430000f800009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r1 = getpid() r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x103203, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000411000/0x18000)=nil, &(0x7f0000000340)=[@textreal={0x8, &(0x7f00000002c0)="baf80c66b8aaa1b98f66efbafc0cb009ee650f79db0f01cabaf80c66b80f235d8966efbafc0cecbaf80c66b8008a708266efbafc0c66b8c27e000066efbaf80c66b88815328566efbafc0cb80504eff00fbb703ef333beb800260ff3fe0ffcb681d2", 0x62}], 0x1, 0x0, &(0x7f0000000380)=[@cr0={0x0, 0x3001e}, @cr0], 0x2) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fdb000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="66b9200001c00f320f3066b9800000c00f326635008000000f300f01d72e363e0f01ca0fbb9d0e0066b9820000c00f32440f20c066350d000000440f22c03e3e0f01c4c1ef00", 0x46}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) syz_usb_connect$hid(0x1, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x11, &(0x7f0000000180)={0x5, 0xf, 0x11, 0x1, [@ssp_cap={0xc, 0x10, 0xa, 0x5f, 0x0, 0x81, 0xf, 0x5}]}, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0xc07}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x413}}]}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0) r5 = socket(0x2, 0x3, 0xff) socket$inet_udp(0x2, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000240)={[{@discard}, {@noload}]}, 0x64, 0x53f, &(0x7f0000000440)="$eJzs3c9vI1cdAPDveO3t/sjWKXCAHkqhRbsrWHvT0Dbi0BaB4FQJKPclJE4UxYmjxGk3UUUT8QdwQYDECS5ckPgPUCUuHCukIjiDKAIh2MKBA3TQ2ONsNuuJvcGJ0+TzkWbnvfn1fc/e+fFmXsYBnFtPR8QrEfFBmqY3I6KaTy/lQ+x0h2y59++9OZcNSaTpa39PIsmn9baV5OOr+WqXIuIbX434dvJw3I2t7eXZZrOxnufr7ZW1+sbW9q2lldnFxmJjdXp66oWZF2een7k9knpei4iXvvznH3zvZ1956Zefe+OPd/564ztZsb6Uz99fj0dUPmxmt+qVzmexf4X1iJePGO/UKXdqmLs83Dq7x1geAACKZdf4H4mIT0fEzajGhcMvZwEAAIAPofTlifhPEpH2d7HfxEtRuDwAAABwCpUiYiKSUi3vCzARpVKt1u3D+7G4kr4V0f7sQmtzdT6bFzEZldLCUrNxO+8rPBmVJMtPddL3889187vvRXTy0xHxRER8v3q5k6/NtZrz4775AQAAAOfE1QPt/39Vu+1/AAAA4IyZHHcBAAAAgGOn/Q8AAABnn/Y/AAAAnGlfe/XVbEh7v389//rW5nLr9VvzjY3l2srmXG2utb5WW2y1Fjvv7FsZtL1mq7X2+VjdvFtvNzba9Y2t7Tsrrc3V9p2lB34CGwAAADhBT3zy7d8nEbHzhcudIXOxYNkLJ1oy4LiV91JJPu6z9//h8e74vRMqFHAiBp3Tf1s9oYIAJ6487gIAY1N5lIX9nQCcScmA+YWdd97Jx58abXkAAIDRu/6J4uf/pUPX3Dl8NnDq2Ynh/Oo9/3/8QB44+zrP/4s6/B7kYgHOlIozPpx7A5//F3UAeGfYCGn6aCUCAABGbaIzJKVafntvIkqlWi3iWqe7fyVZWGo2bufPB35XrTyW5ac6ayYD2wwAAAAAAAAAAAAAAAAAAAAAAAAAQFeaJpEO47GhlgIAAABOoYjSX5Jfdd/lf7367MTB+wMXk39XI/+J0Dd+/NoP78622+tT2fR/7E1v/yif/tw47mAAAAAAB/Xa6b12PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0vv33pzrDb1pafX44/7tixEx2S9+OS51xpeiEhFX/plEed96SURcGEH8nd2I+Hi/+ElWrL2Q/eJfPv74MZl/Cv3iXx1BfDjP3s6OP69k+9/FiNi//5Xi6c64//5Xjnggf1Sd4192gOtz/O0d/y4U7P/XDmxrsiDGk+/+ol4YfzfiyXL/408vflIQ/5kh6/itb25vF81LfxJxve/5J3kgVr29slbf2Nq+tbQyu9hYbKxOT0+9MPPizPMzt+sLS81G/u9D268UBS7dr/+VgviTA+r/7JD1/++7d+99tKA4Wfwbz/SJ/+uf5ks8HL+Un/s+k6ez+dd76Z1uer+nfv6bp4rKlsWfL6j/oO//xpD1v/n17/4pIj7Y95UCAGO0sbW9PNtsNtYPTWSXLYOWOa2JrJV+CoohcbTEsP9Fj5R4a6QbTNM0jf9vT0li7B94LzHuIxMAADBq9y/6x10SAAAAAAAAAAAAAAAAAAAAOL9O4nViB2Pu7KWSUbxCGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgJP4XAAD//6H70dw=") r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r6, 0x400c6615, 0x0) connect$inet(r5, &(0x7f00000000c0)={0x2, 0xfffd, @local}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) write$binfmt_elf32(r5, &(0x7f0000000180)=ANY=[], 0x3c) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r7, &(0x7f00000002c0)=ANY=[], 0x200002e6) fcntl$setpipe(r7, 0x407, 0x7000000) write$cgroup_devices(r7, &(0x7f00000000c0)={'b', ' *:* ', 'rw\x00'}, 0x9) r8 = fcntl$getown(r0, 0x9) rt_tgsigqueueinfo(r1, r8, 0x12, &(0x7f0000000080)={0x27, 0x8001, 0x5}) 1.227879248s ago: executing program 5 (id=425): getrlimit(0x14, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0xffff, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) 1.227621478s ago: executing program 5 (id=439): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast2, @private=0xa010100}, 0xc) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000000080"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'}) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="e00000027f0007"], 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180900000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="30000000180001002abd7000fcdbdf250a000000ff02fe000010000014001e0000000000000000000000ffffac1414bb0d27f788ccb4e29450939dbb0d6b7f0ec9558587db92d60d6c0021af4562414e99967124c23b6de89a70c59510564e1e9373e4365f125627458d8675597a38a6d40fe15eae065dda41cf68f7a39cc6fc2523bbae34904430073fdda914505ea69f7364f4b10968b010b9f9badba1868837a3b8a8534227a8c7cdab14f7c84b3155a88bd4a94743642b607edbbf7247f8704d5cc68edb68ec7f4d80557630312e624f247ff6489f3846d6573d7c9d0530f5ce5792724783f5ad17f53cae59f6508000000000"], 0x30}, 0x1, 0x0, 0x0, 0xcdb281c6bf6da510}, 0x4000) fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000200)) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x800005, 0x2, 0x4}, 0x50) ioctl$PPPIOCDISCONN(r0, 0x7439) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x22082, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x17, 0x0, 0x0) syz_kvm_setup_cpu$x86(r7, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@text16={0x10, &(0x7f0000000500)="ea0080b0000f2f0600000f01ca66b9720a000066b80f00000066ba000000000d1ff5f50f82ddf866b9400600000fc77a9ad8910080262e0f01c4b85800f00fba79d1002ef4", 0x45}], 0x1, 0x6, &(0x7f0000000340)=[@dstype3={0x7, 0x9}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a80)=ANY=[@ANYBLOB="680200001900010000000000fbdbdf251d010900500012804c00f8801400330000000000000000000000ffff000101013400fb8030003280290033800400168096dbc7fe81960e9c3a467e80a501638be4c1577d2952cc91e8bfd4a452b0539cad"], 0x268}, 0x1, 0x0, 0x0, 0x5}, 0x0) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f00000001c0)=0x327, 0x4) connect$inet(r4, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000080)=0xf, 0x4) 1.159804072s ago: executing program 4 (id=441): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r1, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0xfd}], 0xf, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001400)="9af390e2aadb61017e08249a2485ad46a590a90910858e1ceefc66db2ed8f32bf6be0e2f94e7e4db6454393a128402ed26580c7c5ebc85db639da17c927c23dbde640ab030889e8b61f26d270bc73b21c9ac8ba542e6b4ad2cd147059128ba038e4b9ebb20537f437b23b46ec790720e1fb74cef3c677e9978662a84cf2fcf73c73a5e763358496737af6284226bad34fb9083f87d853ab78c816cf32c90bd5c40ff6446214552d29745d34e0c4bfa623d00e5cbb393972371503122a0f44135db5654ace67cdd", 0xc7}], 0x1}}], 0x1, 0x11) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.073797147s ago: executing program 4 (id=442): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4200, 0x100, 0x5, 0x5}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c0000800800", @ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x20040041}, 0x0) 1.02129622s ago: executing program 4 (id=443): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0xfffe}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x43}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 959.047664ms ago: executing program 4 (id=444): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000700)={0x6, 0x81}) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000000)={0x1, 0x1, 0xfd, 0xbe3b, 0x1, "c74192f3b7e8720700000000000010ee0800", 0x0, 0x8}) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000006c0)={0x1ff, 0xe, 0xffc0}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f00000003c0)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x1c}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x8) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='virtiofs\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x0, 0x2, 0x0, 0x41000, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x3, 0x9}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={&(0x7f0000000340)="36d714feb757f80ce47f6e522df2f03bbe1bee6129df3ed35c02edcf4da420d65293cc3416230fd89b1776eb426224c5ee5a9201ddef74b530dc3f2938697c4bb8dc13b8b22a7931db69154211e5a4c7aa6b9f5ca75ffed62ad2f293a00a9ab1259a5d478e7082b15c1b0604d68709803c45496417799bf576bc7723d52866fe467ee78c0b698e94c9b61afa874a990372db714fd47b4eac", &(0x7f0000000400)=""/224, &(0x7f0000000500)="cac47e4dabdf4a57ff2b8fb139fa1b6f1baceefdb5e64e51321bc1516659bfd64d784bf21b03510bb6ce68fb75648817437f77485f38761d6d8286ce7052cd8ab8bf3f03e674e95898edbb700af2afb8eec6e234a90ac072a3a6433890c46335286ee85a86f99a6b621cc1a3ae6540be3db354d0e9a3c7375eaf76adf9e9fa4ad0200d2b1e5a33cd8be23afe49ab0bfd69afa08e03c7adbfb8ee200d85bb56c68d9df5c0babee92fb87dd80978d25aa86ed25e8e58f352e93ff4b85898c6ae552a", &(0x7f00000000c0)="252eb9675c0ac5c4172909dd52c08ff3a188a10f33eedbfc2f805b19d6738ad490afacc21b633d0dec1a9fdd3429cef4a0682f75ae1855", 0x3, r1}, 0x38) recvmsg$inet_nvme(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f00000001c0)=[{&(0x7f00000000c0)}, {&(0x7f0000000140)=""/76, 0x4c}], 0x2, &(0x7f0000000200)=""/247, 0xf7}, 0x40000102) 958.764554ms ago: executing program 4 (id=445): capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 922.463836ms ago: executing program 4 (id=446): r0 = syz_usb_connect$uac1(0x0, 0xa5, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x93, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xfc}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0xff, 0x0, 0x0, {0x7, 0x25, 0x1, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x7, 0x4, 0x0, 0x8, "dbed33e685"}, @as_header={0x7, 0x24, 0x1, 0x6, 0x0, 0x1}, @as_header={0x7, 0x24, 0x1, 0x1, 0xff, 0x2}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xfd, 0x3, 0x2, 0x1, "feb4bce3"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x2, 0x1, 0x9, "c3f05b61"}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x81}}}}}}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000001040)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, &(0x7f00000021c0)={0x2c, 0x0, &(0x7f0000002080)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) timer_create(0x3, &(0x7f00000004c0)={0x0, 0x13, 0x2, @tid=r1}, &(0x7f0000000500)) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, &(0x7f00000000c0)={0x0, 0x21, 0x6, {0x6, 0x31, "72dede8c"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140a}}, &(0x7f0000000140)={0x0, 0x22, 0xa, {[@local=@item_4={0x3, 0x2, 0x7, "296ccb97"}, @global=@item_4={0x3, 0x1, 0x3, "6a030252"}]}}, &(0x7f0000000180)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x7, 0x1, {0x22, 0xcd5}}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000200)={0x20, 0x15, 0xab, "fdea514583ee1602f90c45c4ce5cf04ceaa86714e8e94640f0899784551bd8a3c311818117ff7b94685bfdc4bbdc94e2edb9ff0f80652788396a1b76f0bbe3f50bc52a8f300ec9207e130443c6d58ae5aa453db47427b742224a2d92b0c89190b7ba3ca705b904e66e424a429bb0e51c930c892dbcc92cbb9cadb60dab84dcf216ca5bece19eaa20837bb99c6e384837706919a6d568bb7bb95677d30fb2e5bd406a2c0f0ac825ab69e1f1"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000340)={0x20, 0x1, 0xeb, "386c648e4f6b8955028b3f8da5703fb74f2e9f08c0bca1034b2e0b09268785166646ce27c2ef392556f2bbe259cd443a01dc3520774405798a71cdb13419c358555c0c9305f16722500d4162b1ef7c0f8738ddc92a79c9736fa9091a1d1671afa3776abd6801c58002224379b62747cf05a2fd282d6fa1e1c7980dea21fa3bf76198cf1317bcc8a9e7f17211043199969e83b1d1bd6247888680439d7c438d8b8f1ad2a6f53cc34ff3a2693c0cb0156b84c615b63fcb49c1fdb05fff9e4c6473d36836257553016cfc9a0cac89f020b2bd4d161839f838f7d335ab6d844162bd8d5bf0af7dcc9f2cf9cede"}, &(0x7f0000000440)={0x20, 0x3, 0x1, 0xd5}}) 892.762227ms ago: executing program 2 (id=447): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x0, @fixed}, &(0x7f0000000240)=0xe, 0x80000) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x4, 0xa}, {0x10}, {0xfff2, 0xd}}, [@TCA_RATE={0x6, 0x5, {0xa4, 0xf7}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) 520.330949ms ago: executing program 2 (id=448): socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0xffff, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50) 496.959001ms ago: executing program 2 (id=449): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") mount$tmpfs(0x0, &(0x7f0000000f00)='.\x00', &(0x7f0000000f40), 0x89, &(0x7f0000001040)=ANY=[@ANYBLOB=',']) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, 0x0) r1 = socket$inet6(0xa, 0x3, 0x100) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="42a3d209abea7e8c4a846650697c", 0xe}, {&(0x7f0000000200)="2f7ccf729e656b73098076ca3d6dd452c344566e8d23011b3f", 0x19}], 0x2, 0x0, 0x0, 0x2c}, 0x44004) 290.333612ms ago: executing program 0 (id=450): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000100000000010"], 0x48) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/crypto\x00', 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendfile(r0, r1, 0x0, 0x4000000000010046) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYRESHEX=r2, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x4e20, @local}, {0x2, 0x4e21, @empty}, 0x89a695925852c237, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x1000}) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCSIFBR(r5, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2}) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r3}, 0xc) 166.45688ms ago: executing program 0 (id=451): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r0}, 0xc) 166.21622ms ago: executing program 0 (id=452): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r1, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0xfd}], 0xf, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001400)="9af390e2aadb61017e08249a2485ad46a590a90910858e1ceefc66db2ed8f32bf6be0e2f94e7e4db6454393a128402ed26580c7c5ebc85db639da17c927c23dbde640ab030889e8b61f26d270bc73b21c9ac8ba542e6b4ad2cd147059128ba038e4b9ebb20537f437b23b46ec790720e1fb74cef3c677e9978662a84cf2fcf73c73a5e763358496737af6284226bad34fb9083f87d853ab78c816cf32c90bd5c40ff6446214552d29745d34e0c4bfa623d00e5cbb393972371503122a0f44135db5654ace67cdd", 0xc7}], 0x1}}], 0x1, 0x11) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x20}]}, &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 165.2349ms ago: executing program 5 (id=453): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r0 = fcntl$getown(0xffffffffffffffff, 0x9) sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x8) (async, rerun: 64) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) (async, rerun: 64) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) (async) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r4, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc, 0x8000000}, 0xc) (async) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000da1ca5bf00000000000000008500000020000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000080850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) sendmsg$nl_route(r4, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x40000) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x15}, {}, {0x3}, {}, {}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) (async, rerun: 64) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (rerun: 64) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_SNDMTU(r7, 0x112, 0xc, 0x0, 0x0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080), 0xc) (async) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r9 = syz_open_pts(r8, 0x0) r10 = dup3(r9, r8, 0x0) (async) io_setup(0x4, &(0x7f0000004200)=0x0) io_submit(r11, 0x1, &(0x7f0000000200)=[&(0x7f0000000100)={0x4000, 0x0, 0x0, 0x0, 0xbff7, r8, 0x0, 0x0, 0x6, 0x0, 0x0, r10}]) (async) socket$packet(0x11, 0x2, 0x300) 63.621256ms ago: executing program 0 (id=454): syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f00000005c0), 0x1, 0x50c, &(0x7f0000000600)="$eJzs3M9rHNcdAPDvzEquLLu1XdzS9mJRF+y2dPWLQt2TXdpT69JSQyk9GNVeyUIrrSytwBI9yP9BD/Wp9NBzL+6hgUBCDCGBHJNDcMh/EGKMsXMwOFaY2V1FXu1GUixpwPP5wOy8N2/sN7Nfvd15X40mgNIayV6SiOMR8XZEnGhVX9xhpLW6M3n3RrYksbHxp4dJvt/65N0bnV07/+5Y9pJGDEXEB5eS+Fuyvd/l1bW5qXq9ttSujzbnF0eXV9d+Njs/NVObqS2M/3xycmzswsTYL/btXP/77Lcf/+/+r2Zu/+P9N//c/PSvSVzMzzu6zmO/jMRI+z0ZjB92tf1mvzsrSCUiBiLiO1u2JQMFHhB70onfYD7+T0QlBA/KYiPXr/XMBvAqS6LoIwCK0fmmz+a/neXQLj4o3INLrQngeju3c2cz/gOR5uuhfG44/Dh5YWaYdM35v66RiLh1/53/Z0scUB6G/tZvR8T3eo3/JM+NncyzeFn8K9vif7a9zpbzrZRfvs+P9tD/SPfxiP+hepn4/3hL/Ktb4v+TPfQv/gAAAIfj3qWIGOs1/0uzaWHE5vzvxfxPNjf87j70b/5XrE7+7862/F+6mf+r9Mn/9f21cZe/XHnWd9et+b9syfrv5AI5eA9uR/ygZ/w78R7KY90d/+xnY3SXfdxs/vrdfm3iX6yN/0Sci97x70i++v7M0enZem2s9dqzj9P/uvvHfv2Lf7Gy8T/cJ/47ff5/vss+fn/xvYf92rbG/41nr7+2Pf7pJ0eSK/kP45H2lltTzebSeMSR5Hfbt0/s5ezLp/Medd7DLP7nz/b+/v92vu58/m/P/z9vr7PtT9v3kGblR+2rxqztSUSsvnWz7+3OO8efg5TF//oO47/X93+27bNd9vHh9L//3q9N/AEAAAAAAADg5aX5vbxJWt0sp2m12nqG3+kYTuuN5eZPpxsrC9ej/fegg2nnTq8TrXqS1cfz8pf1ia76ZEScioh/Vo7m9eq1Rv160ScPJXesa/w/qbTGP1ASHvkJ5WX8Q3kZ/1Bexj+Ul/EP5WX8Q3kZ/1Bexj+Ul/EP5WX8Q3kZ/1BKf7h8OVs2Os/9XGjMzM7dWLwwMVadX7lWvdZYWqzONBoz+V/szO/8/9UbjcXxiVi5NdqsLTdHl1fXrs43VhaaV/PnRl+tDR7COQG7c+rMvY+SiFj/5dF8iS3P0zZW4dVWKfoAgMKY+kN5ucYHkh3ah/o11Pf/WIDDkRZ9AEBhzn1f/h/KSv4fykv+H8rLNT4g/w/lI/8P5bW8ujY3Va/XlhQUFBQ2C0V/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCfllfX5qbq9drSARaKPkegt+HHA3FlSz2JiOft9UBEPI2IwYiorEc8ioihrG094klXGQAAAAAAACie39IDQPkcz5ckrUZEmpfTtFqN+GZEnIzBZHq2XhuLiG9FxP3K4Dey+njRBw3siy8CAAD///YwGhQ=") socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfffa}, {0xffff, 0xffff}, {0x10, 0x9}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x5}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c0000800800", @ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x20040041}, 0x0) 0s ago: executing program 5 (id=455): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) mount$fuseblk(&(0x7f0000000000), 0x0, 0x0, 0x2010002, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x11b) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = epoll_create(0xbfde) r2 = socket$igmp(0x2, 0x3, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0x2}) kernel console output (not intermixed with test programs): gs 0x80700 phys_seg 1 prio class 2 [ 36.559654][ T472] truncated [ 36.581778][ T472] loop1: p217 size 33554476 extends beyond EOD, truncated [ 36.589923][ T592] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5930: Corrupt filesystem [ 36.596872][ T472] loop1: p218 size 33554476 extends beyond EOD, truncated [ 36.610868][ T472] loop1: p219 size 33554476 extends beyond EOD, truncated [ 36.618806][ T472] loop1: p220 size 33554476 extends beyond EOD, truncated [ 36.632552][ T472] loop1: p221 size 33554476 extends beyond EOD, truncated [ 36.640874][ T592] EXT4-fs error (device loop0): ext4_evict_inode:279: inode #11: comm syz.0.77: mark_inode_dirty error [ 36.648731][ T472] loop1: p222 size 33554476 extends beyond EOD, truncated [ 36.659379][ T592] EXT4-fs warning (device loop0): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 36.731309][ T605] FAULT_INJECTION: forcing a failure. [ 36.731309][ T605] name failslab, interval 1, probability 0, space 0, times 1 [ 36.777153][ T605] CPU: 1 PID: 605 Comm: syz.2.81 Not tainted syzkaller #0 [ 36.784338][ T605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 36.794450][ T605] Call Trace: [ 36.797764][ T605] [ 36.800729][ T605] __dump_stack+0x21/0x24 [ 36.805119][ T605] dump_stack_lvl+0x110/0x170 [ 36.809832][ T605] ? __cfi_dump_stack_lvl+0x8/0x8 [ 36.814950][ T605] dump_stack+0x15/0x24 [ 36.819142][ T605] should_fail_ex+0x3d4/0x520 [ 36.823854][ T605] __should_failslab+0xac/0xf0 [ 36.828656][ T605] should_failslab+0x9/0x20 [ 36.833185][ T605] kmem_cache_alloc_bulk+0x2d/0x3c0 [ 36.838418][ T605] ? mas_alloc_nodes+0x279/0x850 [ 36.843389][ T605] ? mas_alloc_nodes+0x2d8/0x850 [ 36.848354][ T605] mas_alloc_nodes+0x423/0x850 [ 36.853160][ T605] mas_preallocate+0xe13/0x1440 [ 36.858034][ T605] ? raw_irqentry_exit_cond_resched+0x29/0x30 [ 36.864133][ T605] ? __cfi_mas_preallocate+0x10/0x10 [ 36.869449][ T605] ? memset+0x35/0x40 [ 36.873465][ T605] mmap_region+0x1129/0x21e0 [ 36.878519][ T605] ? __cfi_mmap_region+0x10/0x10 [ 36.883501][ T605] ? cap_mmap_addr+0x165/0x2e0 [ 36.888296][ T605] ? get_unmapped_area+0x313/0x380 [ 36.893434][ T605] do_mmap+0x856/0xdd0 [ 36.897619][ T605] ? raw_irqentry_exit_cond_resched+0x29/0x30 [ 36.903719][ T605] ? __cfi_do_mmap+0x10/0x10 [ 36.908337][ T605] ? security_mmap_file+0xf4/0x180 [ 36.913480][ T605] vm_mmap_pgoff+0x224/0x410 [ 36.918093][ T605] ? ____kasan_slab_free+0x13d/0x180 [ 36.923409][ T605] ? __cfi_vm_mmap_pgoff+0x10/0x10 [ 36.928549][ T605] ? sysvec_reschedule_ipi+0x78/0x80 [ 36.933889][ T605] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 36.939545][ T605] ksys_mmap_pgoff+0xf6/0x1d0 [ 36.944254][ T605] __x64_sys_mmap+0xfa/0x110 [ 36.948868][ T605] x64_sys_call+0x8fd/0x9a0 [ 36.953394][ T605] do_syscall_64+0x4c/0xa0 [ 36.957837][ T605] ? clear_bhb_loop+0x30/0x80 [ 36.962531][ T605] ? clear_bhb_loop+0x30/0x80 [ 36.967230][ T605] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.973169][ T605] RIP: 0033:0x7f1793b9ac22 [ 36.977620][ T605] Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64 [ 36.997249][ T605] RSP: 002b:00007f1794a58d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 37.005697][ T605] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1793b9ac22 [ 37.013688][ T605] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 37.021683][ T605] RBP: 0000000000000022 R08: 00000000ffffffff R09: 0000000000000000 [ 37.029707][ T605] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000004 [ 37.037698][ T605] R13: 00007f1794a58ddc R14: 00007f1794a58de0 R15: 00007fffe8e22de8 [ 37.045702][ T605] [ 37.049488][ T592] EXT4-fs (loop0): 1 orphan inode deleted [ 37.057813][ T592] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 37.066917][ T472] loop1: p223 size 33554476 extends beyond EOD, truncated [ 37.074273][ T8] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 37.087971][ T472] loop1: p224 size 33554476 extends beyond EOD, truncated [ 37.096209][ T592] EXT4-fs (loop0): shut down requested (2) [ 37.120401][ T472] loop1: p225 size 33554476 extends beyond EOD, truncated [ 37.136888][ T472] loop1: p226 size 33554476 extends beyond EOD, truncated [ 37.144334][ T284] EXT4-fs (loop0): unmounting filesystem. [ 37.160132][ T472] loop1: p227 size 33554476 extends beyond EOD, truncated [ 37.180064][ T472] loop1: p228 size 33554476 extends beyond EOD, truncated [ 37.190478][ T472] loop1: p229 size 33554476 extends beyond EOD, truncated [ 37.207416][ T472] loop1: p230 size 33554476 extends beyond EOD, truncated [ 37.215128][ T619] loop0: detected capacity change from 0 to 128 [ 37.222293][ T619] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 37.226450][ T472] loop1: p231 size 33554476 extends beyond EOD, truncated [ 37.243972][ T619] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 37.256998][ T472] loop1: p232 size 33554476 extends beyond EOD, truncated [ 37.275329][ T472] loop1: p233 size 33554476 extends beyond EOD, truncated [ 37.300320][ T472] loop1: p234 size 33554476 extends beyond EOD, truncated [ 37.323127][ T472] loop1: p235 size 33554476 extends beyond EOD, truncated [ 37.344095][ T472] loop1: p236 size 33554476 extends beyond EOD, truncated [ 37.360066][ T472] loop1: p237 size 33554476 extends beyond EOD, truncated [ 37.368230][ T472] loop1: p238 size 33554476 extends beyond EOD, truncated [ 37.375956][ T472] loop1: p239 size 33554476 extends beyond EOD, truncated [ 37.384095][ T472] loop1: p240 size 33554476 extends beyond EOD, truncated [ 37.392029][ T472] loop1: p241 size 33554476 extends beyond EOD, truncated [ 37.400096][ T472] loop1: p242 size 33554476 extends beyond EOD, truncated [ 37.408080][ T472] loop1: p243 size 33554476 extends beyond EOD, truncated [ 37.417575][ T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 37.426541][ T472] loop1: p244 size 33554476 extends beyond EOD, truncated [ 37.437772][ T472] loop1: p245 size 33554476 extends beyond EOD, truncated [ 37.639986][ T472] loop1: p246 size 33554476 extends beyond EOD, truncated [ 37.677591][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 37.704461][ T24] usb 5-1: config index 0 descriptor too short (expected 32831, got 122) [ 37.767853][ T472] loop1: p247 size 33554476 extends beyond EOD, truncated [ 37.788027][ T24] usb 5-1: config 0 has an invalid interface number: 3 but max is 0 [ 37.835977][ T472] loop1: p248 size 33554476 extends beyond EOD, truncated [ 37.847635][ T472] loop1: p249 size 33554476 extends beyond EOD, truncated [ 37.854983][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.865534][ T472] loop1: p250 size 33554476 extends beyond EOD, truncated [ 37.875475][ T24] usb 5-1: config 0 has no interface number 0 [ 37.876498][ T472] loop1: p251 size 33554476 extends beyond EOD, [ 37.883608][ T635] loop3: detected capacity change from 0 to 256 [ 37.885983][ T472] truncated [ 37.890842][ T24] usb 5-1: config 0 interface 3 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 37.917861][ T472] loop1: p252 size 33554476 extends beyond EOD, truncated [ 37.931132][ T472] loop1: p253 size 33554476 extends beyond EOD, truncated [ 37.944684][ T472] loop1: p254 size 33554476 extends beyond EOD, truncated [ 37.953977][ T615] loop2: detected capacity change from 0 to 40427 [ 37.962127][ T24] usb 5-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 37.973036][ T472] loop1: p255 size 33554476 extends beyond EOD, truncated [ 37.980835][ T24] usb 5-1: config 0 interface 3 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 37.996595][ T635] syz.3.92: attempt to access beyond end of device [ 37.996595][ T635] loop3: rw=2049, sector=256, nr_sectors = 288 limit=256 [ 38.040067][ T24] usb 5-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 38.067751][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.086215][ T24] usb 5-1: config 0 descriptor?? [ 38.106876][ T24] hub 5-1:0.3: bad descriptor, ignoring hub [ 38.119625][ T24] hub: probe of 5-1:0.3 failed with error -5 [ 38.131937][ T635] syz.3.92: attempt to access beyond end of device [ 38.131937][ T635] loop3: rw=2049, sector=608, nr_sectors = 416 limit=256 [ 38.195994][ T635] syz.3.92: attempt to access beyond end of device [ 38.195994][ T635] loop3: rw=2049, sector=1056, nr_sectors = 416 limit=256 [ 38.483582][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 38.483598][ T28] audit: type=1400 audit(1770157790.336:217): avc: denied { create } for pid=612 comm="syz.4.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 38.510609][ T653] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000003) [ 38.929652][ T503] udevd[503]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 38.939905][ T347] udevd[347]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 38.940883][ T335] udevd[335]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 38.950625][ T346] udevd[346]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 39.010441][ T662] udevd[662]: inotify_add_watch(7, /dev/loop1p6, 10) failed: No such file or directory [ 39.046158][ T663] udevd[663]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 39.058912][ T664] udevd[664]: inotify_add_watch(7, /dev/loop1p8, 10) failed: No such file or directory [ 39.075761][ T665] udevd[665]: inotify_add_watch(7, /dev/loop1p9, 10) failed: No such file or directory [ 39.085161][ T668] udevd[668]: inotify_add_watch(7, /dev/loop1p11, 10) failed: No such file or directory [ 39.097089][ T666] udevd[666]: inotify_add_watch(7, /dev/loop1p10, 10) failed: No such file or directory [ 39.237023][ T686] netlink: 52 bytes leftover after parsing attributes in process `syz.1.108'. [ 39.322017][ T692] set_capacity_and_notify: 1 callbacks suppressed [ 39.322036][ T692] loop0: detected capacity change from 0 to 256 [ 39.463530][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 39.503067][ T692] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001207b, chksum : 0x1e8dde4d, utbl_chksum : 0xe619d30d) [ 39.580109][ T692] fuse: Unknown parameter 'ds0x0000000000000004' [ 39.611006][ T700] loop1: detected capacity change from 0 to 128 [ 39.657443][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 39.664653][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 39.678277][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 39.699313][ T703] loop1: detected capacity change from 0 to 128 [ 39.719111][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 39.737128][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 39.755536][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.764278][ T24] usb 4-1: Product: syz [ 39.768694][ T24] usb 4-1: Manufacturer: syz [ 39.773579][ T24] usb 4-1: SerialNumber: syz [ 39.798155][ T28] audit: type=1400 audit(1770157791.656:218): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 39.873871][ T711] fuse: Bad value for 'fd' [ 39.986630][ T679] kvm [678]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0x0 [ 40.015891][ T24] usb 4-1: 0:2 : does not exist [ 40.022119][ T711] loop1: detected capacity change from 0 to 40427 [ 40.032093][ T24] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1) [ 40.046217][ T711] F2FS-fs (loop1): heap/no_heap options were deprecated [ 40.054369][ T711] F2FS-fs (loop1): invalid crc value [ 40.060004][ T711] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root and reserve_node [ 40.074730][ T24] usb 4-1: USB disconnect, device number 3 [ 40.099216][ T28] audit: type=1326 audit(1770157791.956:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=715 comm="syz.0.119" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f628039aeb9 code=0x0 [ 40.123860][ T711] F2FS-fs (loop1): Found nat_bits in checkpoint [ 40.197492][ T711] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 40.239574][ T28] audit: type=1400 audit(1770157792.096:220): avc: denied { create } for pid=727 comm="syz.2.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.266496][ T722] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 40.272402][ T28] audit: type=1400 audit(1770157792.116:221): avc: denied { ioctl } for pid=727 comm="syz.2.123" path="socket:[17212]" dev="sockfs" ino=17212 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.299861][ T28] audit: type=1400 audit(1770157792.116:222): avc: denied { setopt } for pid=727 comm="syz.2.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.322399][ T486] usb 5-1: USB disconnect, device number 6 [ 40.333275][ T28] audit: type=1400 audit(1770157792.116:223): avc: denied { bind } for pid=727 comm="syz.2.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.476916][ T728] loop2: detected capacity change from 0 to 40427 [ 40.985019][ T28] audit: type=1400 audit(1770157792.836:224): avc: denied { nlmsg_write } for pid=751 comm="syz.2.134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 41.011829][ T752] Illegal XDP return value 4294967274 on prog (id 28) dev syz_tun, expect packet loss! [ 41.183648][ T769] FAULT_INJECTION: forcing a failure. [ 41.183648][ T769] name failslab, interval 1, probability 0, space 0, times 0 [ 41.202480][ T769] CPU: 0 PID: 769 Comm: syz.2.139 Not tainted syzkaller #0 [ 41.209749][ T769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 41.219839][ T769] Call Trace: [ 41.223390][ T769] [ 41.226355][ T769] __dump_stack+0x21/0x24 [ 41.230811][ T769] dump_stack_lvl+0x110/0x170 [ 41.235523][ T769] ? __cfi_dump_stack_lvl+0x8/0x8 [ 41.240863][ T769] ? __cfi_gfp_zone+0x10/0x10 [ 41.245573][ T769] dump_stack+0x15/0x24 [ 41.249762][ T769] should_fail_ex+0x3d4/0x520 [ 41.254477][ T769] ? __anon_vma_prepare+0x51/0x420 [ 41.259644][ T769] __should_failslab+0xac/0xf0 [ 41.264442][ T769] should_failslab+0x9/0x20 [ 41.268966][ T769] kmem_cache_alloc+0x3b/0x330 [ 41.273754][ T769] ? __kasan_check_read+0x11/0x20 [ 41.278799][ T769] __anon_vma_prepare+0x51/0x420 [ 41.283774][ T769] wp_page_copy+0x10bf/0x15a0 [ 41.288503][ T769] ? __this_cpu_preempt_check+0x13/0x20 [ 41.294114][ T769] ? __mod_node_page_state+0x9e/0xd0 [ 41.299449][ T769] ? fault_dirty_shared_page+0x310/0x310 [ 41.305111][ T769] ? _raw_spin_lock+0x94/0xf0 [ 41.309823][ T769] ? cap_mmap_addr+0x165/0x2e0 [ 41.314659][ T769] ? __kasan_slab_free+0x11/0x20 [ 41.319809][ T769] ? slab_free_freelist_hook+0xc2/0x190 [ 41.325496][ T769] ? vm_normal_page+0x1eb/0x200 [ 41.330429][ T769] do_wp_page+0x9f2/0xfc0 [ 41.334891][ T769] handle_mm_fault+0x1124/0x26c0 [ 41.339870][ T769] ? __cfi_handle_mm_fault+0x10/0x10 [ 41.345285][ T769] ? down_read_trylock+0x27f/0x660 [ 41.350464][ T769] ? lock_mm_and_find_vma+0x9e/0x320 [ 41.355785][ T769] ? do_user_addr_fault+0x346/0x1050 [ 41.361105][ T769] do_user_addr_fault+0x63b/0x1050 [ 41.366256][ T769] exc_page_fault+0x51/0xb0 [ 41.370796][ T769] asm_exc_page_fault+0x27/0x30 [ 41.375701][ T769] RIP: 0033:0x7f1793a527e3 [ 41.377149][ T772] žÿ: renamed from team_slave_1 [ 41.380269][ T769] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 41.380288][ T769] RSP: 002b:00007f1794a58470 EFLAGS: 00010202 [ 41.380307][ T769] RAX: 0000000000000400 RBX: 00007f1794a58530 RCX: 00007f178a1f8000 [ 41.380326][ T769] RDX: 00007f1794a586d0 RSI: 0000000000000019 RDI: 00007f1794a585d0 [ 41.380338][ T769] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000a2 [ 41.380348][ T769] R10: 00000000000000c0 R11: 00007f1794a58530 R12: 0000000000000001 [ 41.380359][ T769] R13: 00007f1793c47920 R14: 0000000000000020 R15: 00007f1794a585d0 [ 41.380375][ T769] [ 41.403044][ T769] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 41.466887][ T486] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 41.483973][ T769] loop2: detected capacity change from 0 to 512 [ 41.529111][ T776] fuse: Bad value for 'fd' [ 41.573630][ T769] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 41.590597][ T784] loop4: detected capacity change from 0 to 512 [ 41.638202][ T286] EXT4-fs (loop2): unmounting filesystem. [ 41.654797][ T784] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 41.673659][ T486] usb 1-1: Using ep0 maxpacket: 16 [ 41.687647][ T486] usb 1-1: unable to get BOS descriptor or descriptor too short [ 41.701876][ T787] netlink: 'syz.3.148': attribute type 1 has an invalid length. [ 41.704298][ T784] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 41.734727][ T486] usb 1-1: config 13 has an invalid interface number: 50 but max is 0 [ 41.746379][ T794] loop2: detected capacity change from 0 to 512 [ 41.752784][ T486] usb 1-1: config 13 has no interface number 0 [ 41.759149][ T486] usb 1-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16 [ 41.777398][ T486] usb 1-1: config 13 interface 50 has no altsetting 0 [ 41.784713][ T784] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.795566][ T794] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 41.797024][ T486] usb 1-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 41.814641][ T486] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.816674][ T784] EXT4-fs (loop4): unmounting filesystem. [ 41.822795][ T486] usb 1-1: Product: syz [ 41.822812][ T486] usb 1-1: Manufacturer: syz [ 41.822826][ T486] usb 1-1: SerialNumber: syz [ 41.844435][ T794] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 41.852976][ T755] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 41.953722][ T759] loop1: detected capacity change from 0 to 131072 [ 41.964298][ T759] F2FS-fs (loop1): Test dummy encryption mode enabled [ 41.974851][ T799] loop3: detected capacity change from 0 to 128 [ 41.983243][ T759] F2FS-fs (loop1): invalid crc value [ 42.037905][ T759] F2FS-fs (loop1): Found nat_bits in checkpoint [ 42.054201][ T28] audit: type=1400 audit(1770157793.906:225): avc: denied { listen } for pid=806 comm="syz.3.153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 42.075681][ T28] audit: type=1400 audit(1770157793.926:226): avc: denied { accept } for pid=806 comm="syz.3.153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 42.120388][ T759] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 42.139785][ T810] input: syz1 as /devices/virtual/input/input4 [ 42.173462][ T486] usb 1-1: MIDIStreaming interface descriptor not found [ 42.187575][ T288] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 42.207430][ T486] usb 1-1: USB disconnect, device number 3 [ 42.367442][ T288] usb 5-1: Using ep0 maxpacket: 16 [ 42.373933][ T288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.384262][ T288] usb 5-1: New USB device found, idVendor=0eef, idProduct=72fa, bcdDevice= 0.00 [ 42.393662][ T288] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.405952][ T288] usb 5-1: config 0 descriptor?? [ 42.517422][ T387] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 42.576340][ T821] binder: 820:821 ioctl c0306201 2000000001c0 returned -14 [ 42.583999][ T821] binder: 820:821 ioctl c018620c 200000000040 returned -1 [ 42.672509][ T828] user requested TSC rate below hardware speed [ 42.697390][ T387] usb 3-1: Using ep0 maxpacket: 16 [ 42.703750][ T387] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 42.714260][ T387] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 42.725993][ T831] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 42.736706][ T831] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 42.745865][ T387] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 42.756296][ T387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.768193][ T387] usb 3-1: Product: syz [ 42.772459][ T387] usb 3-1: Manufacturer: syz [ 42.777286][ T387] usb 3-1: SerialNumber: syz [ 42.812607][ T784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.821351][ T784] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 42.833576][ T288] usbhid 5-1:0.0: can't add hid device: -71 [ 42.840716][ T288] usbhid: probe of 5-1:0.0 failed with error -71 [ 42.858006][ T288] usb 5-1: USB disconnect, device number 7 [ 42.921905][ T845] netlink: 'syz.3.166': attribute type 15 has an invalid length. [ 42.938243][ T845] netlink: 24 bytes leftover after parsing attributes in process `syz.3.166'. [ 43.057973][ T819] netlink: 32 bytes leftover after parsing attributes in process `syz.2.157'. [ 43.173848][ T861] netlink: 45349 bytes leftover after parsing attributes in process `syz.3.166'. [ 43.232916][ T860] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000101) [ 43.464163][ T866] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 43.494723][ T866] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 43.539583][ T387] usb 3-1: 0:2 : does not exist [ 43.553296][ T387] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 43.577777][ T387] usb 3-1: USB disconnect, device number 2 [ 43.609261][ T880] xt_hashlimit: max too large, truncated to 1048576 [ 43.623567][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 43.623583][ T28] audit: type=1400 audit(1770157795.476:242): avc: denied { unlink } for pid=881 comm="syz.4.178" name="#1" dev="tmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 43.652495][ T882] overlayfs: failed to resolve './file0': -2 [ 43.720203][ T884] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 43.768447][ T284] EXT4-fs (loop0): unmounting filesystem. [ 43.810610][ T894] EXT4-fs error (device loop0): ext4_map_blocks:745: inode #3: block 1: comm syz.0.185: lblock 1 mapped to illegal pblock 1 (length 1) [ 43.992040][ T894] Quota error (device loop0): write_blk: dquota write failed [ 44.146435][ T894] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 44.213855][ T894] EXT4-fs error (device loop0): ext4_acquire_dquot:6798: comm syz.0.185: Failed to acquire dquot type 0 [ 44.247636][ T894] EXT4-fs error (device loop0): ext4_free_blocks:6221: comm syz.0.185: Freeing blocks not in datazone - block = 0, count = 4096 [ 44.263501][ T894] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.185: Invalid inode bitmap blk 0 in block_group 0 [ 44.280525][ T10] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 44.296047][ T10] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 44.298325][ T894] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 44.315589][ T10] EXT4-fs error (device loop0): ext4_release_dquot:6834: comm kworker/u4:1: Failed to release dquot type 0 [ 44.334376][ T894] EXT4-fs (loop0): 1 orphan inode deleted [ 44.348532][ T894] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 44.383438][ T911] set_capacity_and_notify: 7 callbacks suppressed [ 44.383459][ T911] loop1: detected capacity change from 0 to 512 [ 44.399856][ T894] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.185: iget: bad extra_isize 65535 (inode size 256) [ 44.414800][ T911] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 44.431213][ T28] audit: type=1400 audit(1770157796.286:243): avc: denied { watch watch_reads } for pid=893 comm="syz.0.185" path="/48/file0" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.457906][ T894] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.185: iget: bad extra_isize 65535 (inode size 256) [ 44.472926][ T911] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal [ 44.489808][ T894] EXT4-fs (loop0): shut down requested (2) [ 44.528581][ T911] loop1: detected capacity change from 0 to 128 [ 44.542700][ T284] EXT4-fs (loop0): unmounting filesystem. [ 44.544191][ T911] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 44.573886][ T911] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 44.714412][ T925] loop1: detected capacity change from 0 to 1024 [ 44.739170][ T925] EXT4-fs: Ignoring removed oldalloc option [ 44.780323][ T925] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #3: block 2: comm syz.1.196: lblock 2 mapped to illegal pblock 2 (length 1) [ 44.824890][ T925] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 44.855076][ T925] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #3: block 48: comm syz.1.196: lblock 0 mapped to illegal pblock 48 (length 1) [ 44.907605][ T925] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 44.946801][ T925] EXT4-fs error (device loop1): ext4_acquire_dquot:6798: comm syz.1.196: Failed to acquire dquot type 0 [ 44.958664][ T878] loop3: detected capacity change from 0 to 131072 [ 44.989778][ T925] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5930: Corrupt filesystem [ 45.009195][ T878] F2FS-fs (loop3): Found nat_bits in checkpoint [ 45.029830][ T925] EXT4-fs error (device loop1): ext4_evict_inode:279: inode #11: comm syz.1.196: mark_inode_dirty error [ 45.057515][ T925] EXT4-fs warning (device loop1): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 45.093648][ T925] EXT4-fs (loop1): 1 orphan inode deleted [ 45.107447][ T10] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 45.116245][ T925] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 45.137229][ T878] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 45.142518][ T10] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 45.165879][ T925] EXT4-fs (loop1): shut down requested (2) [ 45.208179][ T923] loop4: detected capacity change from 0 to 32768 [ 45.217998][ T285] EXT4-fs (loop1): unmounting filesystem. [ 45.241267][ T28] audit: type=1400 audit(1770157797.096:244): avc: denied { write } for pid=877 comm="syz.3.179" name="encrypted_dir" dev="loop3" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 45.244878][ T878] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 45.295929][ T937] netlink: 36 bytes leftover after parsing attributes in process `syz.3.179'. [ 45.308313][ T923] loop4: p1 p3 < p5 > [ 45.312577][ T28] audit: type=1400 audit(1770157797.096:245): avc: denied { add_name } for pid=877 comm="syz.3.179" name="file" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 45.392928][ T926] loop2: detected capacity change from 0 to 40427 [ 45.408812][ T665] I/O error, dev loop4, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 45.471532][ T666] udevd[666]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 45.482499][ T670] udevd[670]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 45.498508][ T665] udevd[665]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 45.597660][ T941] netlink: 16 bytes leftover after parsing attributes in process `syz.2.202'. [ 45.680447][ T941] loop2: detected capacity change from 0 to 2048 [ 45.743422][ T947] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 45.785252][ T941] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 45.831379][ T941] xt_hashlimit: size too large, truncated to 1048576 [ 45.838310][ T941] xt_hashlimit: invalid rate [ 45.864636][ T928] loop0: detected capacity change from 0 to 131072 [ 45.885830][ T928] F2FS-fs (loop0): invalid crc value [ 45.973290][ T928] F2FS-fs (loop0): Found nat_bits in checkpoint [ 46.000367][ T958] loop4: detected capacity change from 0 to 128 [ 46.030802][ T958] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 46.114858][ T928] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 46.326906][ T985] loop1: detected capacity change from 0 to 256 [ 46.349644][ T986] netlink: 104 bytes leftover after parsing attributes in process `syz.4.212'. [ 46.374922][ T985] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 46.415478][ T286] EXT4-fs (loop2): unmounting filesystem. [ 46.684204][ T1003] bridge0: port 3(syz_tun) entered blocking state [ 46.690852][ T1003] bridge0: port 3(syz_tun) entered disabled state [ 46.700330][ T1003] device syz_tun entered promiscuous mode [ 46.706807][ T1003] bridge0: port 3(syz_tun) entered blocking state [ 46.713286][ T1003] bridge0: port 3(syz_tun) entered forwarding state [ 46.726876][ T1003] device bridge0 entered promiscuous mode [ 47.031568][ T1014] device bridge_slave_0 left promiscuous mode [ 47.047736][ T1014] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.068006][ T1014] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 47.257203][ T1006] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 47.272376][ T1006] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 47.288545][ T1006] F2FS-fs (loop1): invalid crc value [ 47.310875][ T1028] FAULT_INJECTION: forcing a failure. [ 47.310875][ T1028] name failslab, interval 1, probability 0, space 0, times 0 [ 47.327103][ T1006] F2FS-fs (loop1): Found nat_bits in checkpoint [ 47.367511][ T1028] CPU: 0 PID: 1028 Comm: syz.0.228 Not tainted syzkaller #0 [ 47.375045][ T1028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.385593][ T1028] Call Trace: [ 47.388898][ T1028] [ 47.391859][ T1028] __dump_stack+0x21/0x24 [ 47.396251][ T1028] dump_stack_lvl+0x110/0x170 [ 47.400962][ T1028] ? __cfi_dump_stack_lvl+0x8/0x8 [ 47.406040][ T1028] ? mas_prev+0x21c/0x3f0 [ 47.410402][ T1028] dump_stack+0x15/0x24 [ 47.414593][ T1028] should_fail_ex+0x3d4/0x520 [ 47.419309][ T1028] ? __anon_vma_prepare+0x9a/0x420 [ 47.424449][ T1028] __should_failslab+0xac/0xf0 [ 47.429332][ T1028] should_failslab+0x9/0x20 [ 47.433880][ T1028] kmem_cache_alloc+0x3b/0x330 [ 47.438718][ T1028] ? __anon_vma_prepare+0x51/0x420 [ 47.443883][ T1028] __anon_vma_prepare+0x9a/0x420 [ 47.448876][ T1028] wp_page_copy+0x10bf/0x15a0 [ 47.453607][ T1028] ? __this_cpu_preempt_check+0x13/0x20 [ 47.459187][ T1028] ? __mod_node_page_state+0x9e/0xd0 [ 47.464517][ T1028] ? fault_dirty_shared_page+0x310/0x310 [ 47.470213][ T1028] ? _raw_spin_lock+0x94/0xf0 [ 47.474937][ T1028] ? cap_mmap_addr+0x165/0x2e0 [ 47.479742][ T1028] ? __kasan_slab_free+0x11/0x20 [ 47.484716][ T1028] ? slab_free_freelist_hook+0xc2/0x190 [ 47.490394][ T1028] ? vm_normal_page+0x1eb/0x200 [ 47.495385][ T1028] do_wp_page+0x9f2/0xfc0 [ 47.499762][ T1028] handle_mm_fault+0x1124/0x26c0 [ 47.504867][ T1028] ? __cfi_handle_mm_fault+0x10/0x10 [ 47.510198][ T1028] ? down_read_trylock+0x27f/0x660 [ 47.515389][ T1028] ? lock_mm_and_find_vma+0x9e/0x320 [ 47.520704][ T1028] ? do_user_addr_fault+0x346/0x1050 [ 47.526016][ T1028] do_user_addr_fault+0x63b/0x1050 [ 47.531150][ T1028] exc_page_fault+0x51/0xb0 [ 47.535670][ T1028] asm_exc_page_fault+0x27/0x30 [ 47.540543][ T1028] RIP: 0033:0x7f62802527e3 [ 47.544991][ T1028] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 47.564962][ T1028] RSP: 002b:00007f62812d8470 EFLAGS: 00010202 [ 47.571057][ T1028] RAX: 0000000000000400 RBX: 00007f62812d8530 RCX: 00007f62769f8000 [ 47.579047][ T1028] RDX: 00007f62812d86d0 RSI: 0000000000000019 RDI: 00007f62812d85d0 [ 47.587031][ T1028] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000a2 [ 47.595023][ T1028] R10: 00000000000000c0 R11: 00007f62812d8530 R12: 0000000000000001 [ 47.603019][ T1028] R13: 00007f6280447920 R14: 0000000000000020 R15: 00007f62812d85d0 [ 47.611103][ T1028] [ 47.634848][ T1030] EXT4-fs (loop2): orphan cleanup on readonly fs [ 47.642381][ T1030] EXT4-fs warning (device loop2): ext4_enable_quotas:7050: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 47.642472][ T1034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.230'. [ 47.658520][ T1028] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 47.676291][ T1034] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 47.709691][ T1030] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 47.716450][ T1030] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz.2.229: Freeing blocks not in datazone - block = 0, count = 4096 [ 47.731741][ T1030] EXT4-fs (loop2): 1 orphan inode deleted [ 47.737817][ T1006] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 47.740804][ T1030] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 47.758942][ T1006] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 47.767571][ T1028] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 47.785186][ T286] EXT4-fs (loop2): unmounting filesystem. [ 47.814480][ T284] EXT4-fs (loop0): unmounting filesystem. [ 47.830104][ T1044] netlink: 24 bytes leftover after parsing attributes in process `syz.4.233'. [ 47.835197][ T1006] overlayfs: invalid origin (0000) [ 47.860523][ T1045] netlink: 32 bytes leftover after parsing attributes in process `syz.2.234'. [ 47.870477][ T1045] netem: unknown loss type 13 [ 47.875291][ T1045] netem: change failed [ 47.931710][ T1053] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1053 comm=syz.0.238 [ 47.945484][ T1053] netlink: 45349 bytes leftover after parsing attributes in process `syz.0.238'. [ 47.979446][ T387] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 48.091100][ T1063] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 48.147495][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 48.163712][ T1068] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 48.178507][ T387] usb 4-1: unable to get BOS descriptor or descriptor too short [ 48.196358][ T387] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 8 [ 48.210177][ T387] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x3 has invalid maxpacket 1023 [ 48.224037][ T387] usb 4-1: config 1 interface 0 has no altsetting 0 [ 48.234751][ T387] usb 4-1: string descriptor 0 read error: -22 [ 48.241369][ T387] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 48.250794][ T387] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.260730][ T1034] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 48.270167][ T1034] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 48.328479][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 48.340776][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 48.352256][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 48.362662][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.371263][ T24] usb 5-1: Product: syz [ 48.376095][ T1074] bridge0: port 1(vlan1) entered blocking state [ 48.382661][ T24] usb 5-1: Manufacturer: syz [ 48.387700][ T1074] bridge0: port 1(vlan1) entered disabled state [ 48.394726][ T1074] device vlan1 entered promiscuous mode [ 48.400685][ T24] usb 5-1: SerialNumber: syz [ 48.407761][ T1074] bridge0: port 1(vlan1) entered blocking state [ 48.414076][ T1074] bridge0: port 1(vlan1) entered forwarding state [ 48.485867][ T387] cdc_ether: probe of 4-1:1.0 failed with error -71 [ 48.506269][ T387] usb 4-1: USB disconnect, device number 4 [ 48.561290][ T1081] fuse: Unknown parameter '@³3¤ M00000000000000000000' [ 48.618681][ T24] usb 5-1: 0:2 : does not exist [ 48.641309][ T24] usb 5-1: USB disconnect, device number 8 [ 48.721306][ T1085] Disabled LAPIC found during irq injection [ 48.865867][ T1081] F2FS-fs (loop1): Found nat_bits in checkpoint [ 48.944640][ T1097] ext3: Unknown parameter 'smackfsdef' [ 48.951907][ T1081] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 48.970030][ T1081] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 49.377054][ T285] syz-executor: attempt to access beyond end of device [ 49.377054][ T285] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 49.396281][ T28] kauditd_printk_skb: 95 callbacks suppressed [ 49.396296][ T28] audit: type=1400 audit(1770157801.246:341): avc: denied { listen } for pid=1106 comm="syz.4.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 49.437073][ T1111] set_capacity_and_notify: 9 callbacks suppressed [ 49.437091][ T1111] loop3: detected capacity change from 0 to 512 [ 49.469089][ T1105] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 49.488756][ T665] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 49.570085][ T1119] loop1: detected capacity change from 0 to 512 [ 49.595952][ T1119] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 49.656050][ T285] EXT4-fs (loop1): unmounting filesystem. [ 49.781041][ T1147] loop2: detected capacity change from 0 to 128 [ 49.790292][ T1148] loop1: detected capacity change from 0 to 512 [ 49.797021][ T1147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.272'. [ 49.820718][ T1148] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 49.838445][ T285] EXT4-fs (loop1): unmounting filesystem. [ 49.871967][ T1153] loop2: detected capacity change from 0 to 1024 [ 49.879344][ T1153] EXT4-fs: Ignoring removed oldalloc option [ 49.909340][ T1153] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #3: block 2: comm syz.2.275: lblock 2 mapped to illegal pblock 2 (length 1) [ 49.927389][ T39] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 49.936002][ T1151] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 49.947945][ T1153] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 49.956220][ T1153] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #3: block 48: comm syz.2.275: lblock 0 mapped to illegal pblock 48 (length 1) [ 49.971070][ T1153] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 49.980336][ T1153] EXT4-fs error (device loop2): ext4_acquire_dquot:6798: comm syz.2.275: Failed to acquire dquot type 0 [ 49.991912][ T1153] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5930: Corrupt filesystem [ 50.009732][ T1160] FAULT_INJECTION: forcing a failure. [ 50.009732][ T1160] name failslab, interval 1, probability 0, space 0, times 0 [ 50.011894][ T1153] EXT4-fs error (device loop2): ext4_evict_inode:279: inode #11: comm syz.2.275: mark_inode_dirty error [ 50.023094][ T1160] CPU: 0 PID: 1160 Comm: syz.0.278 Not tainted syzkaller #0 [ 50.040991][ T1160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 50.051298][ T1160] Call Trace: [ 50.054618][ T1160] [ 50.057589][ T1160] __dump_stack+0x21/0x24 [ 50.061966][ T1160] dump_stack_lvl+0x110/0x170 [ 50.066780][ T1160] ? __cfi_dump_stack_lvl+0x8/0x8 [ 50.067442][ T1153] EXT4-fs warning (device loop2): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 50.071848][ T1160] ? __cfi_gfp_zone+0x10/0x10 [ 50.082555][ T1153] EXT4-fs (loop2): 1 orphan inode deleted [ 50.086790][ T1160] dump_stack+0x15/0x24 [ 50.093736][ T1153] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 50.096682][ T1160] should_fail_ex+0x3d4/0x520 [ 50.110235][ T1160] ? __anon_vma_prepare+0x51/0x420 [ 50.115396][ T1160] __should_failslab+0xac/0xf0 [ 50.120203][ T1160] should_failslab+0x9/0x20 [ 50.124755][ T1160] kmem_cache_alloc+0x3b/0x330 [ 50.129403][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.129572][ T1160] ? __kasan_check_read+0x11/0x20 [ 50.145648][ T1160] __anon_vma_prepare+0x51/0x420 [ 50.150638][ T1160] wp_page_copy+0x10bf/0x15a0 [ 50.151137][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.155457][ T1160] ? __this_cpu_preempt_check+0x13/0x20 [ 50.170926][ T1160] ? __mod_node_page_state+0x9e/0xd0 [ 50.174598][ T1153] EXT4-fs (loop2): shut down requested (2) [ 50.176275][ T1160] ? fault_dirty_shared_page+0x310/0x310 [ 50.187903][ T1160] ? _raw_spin_lock+0x94/0xf0 [ 50.189554][ T39] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 50.192720][ T1160] ? cap_mmap_addr+0x165/0x2e0 [ 50.206738][ T1160] ? __kasan_slab_free+0x11/0x20 [ 50.211815][ T1160] ? slab_free_freelist_hook+0xc2/0x190 [ 50.215036][ T39] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 50.217404][ T1160] ? vm_normal_page+0x1eb/0x200 [ 50.217437][ T1160] do_wp_page+0x9f2/0xfc0 [ 50.217468][ T1160] handle_mm_fault+0x1124/0x26c0 [ 50.217502][ T1160] ? __cfi_handle_mm_fault+0x10/0x10 [ 50.217530][ T1160] ? down_read_trylock+0x27f/0x660 [ 50.217563][ T1160] ? lock_mm_and_find_vma+0x9e/0x320 [ 50.217592][ T1160] ? do_user_addr_fault+0x346/0x1050 [ 50.217619][ T1160] do_user_addr_fault+0x63b/0x1050 [ 50.217649][ T1160] exc_page_fault+0x51/0xb0 [ 50.217669][ T1160] asm_exc_page_fault+0x27/0x30 [ 50.217699][ T1160] RIP: 0033:0x7f62802527e3 [ 50.217722][ T1160] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 50.217740][ T1160] RSP: 002b:00007f62812d83c0 EFLAGS: 00010206 [ 50.217758][ T1160] RAX: 00000000000001b8 RBX: 00007f62812d8480 RCX: 00007f62769f8000 [ 50.230017][ T39] usb 5-1: Manufacturer: syz [ 50.230783][ T1160] RDX: 00007f62812d8620 RSI: 0000000000000013 RDI: 00007f62812d8520 [ 50.244907][ T39] usb 5-1: config 0 descriptor?? [ 50.245418][ T1160] RBP: 00000000000000b5 R08: 0000000000000007 R09: 0000000000000066 [ 50.339599][ T1160] R10: 000000000000006e R11: 00007f62812d8480 R12: 0000000000000001 [ 50.347684][ T1160] R13: 00007f6280447920 R14: 00000000000000b8 R15: 00007f62812d8520 [ 50.355685][ T1160] [ 50.359420][ T1160] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 50.367573][ T10] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 50.379218][ T286] EXT4-fs (loop2): unmounting filesystem. [ 50.446485][ T1172] No source specified [ 50.737496][ T28] audit: type=1400 audit(1770157802.576:342): avc: denied { listen } for pid=1171 comm="syz.2.284" lport=256 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 50.861321][ T28] audit: type=1400 audit(1770157802.716:343): avc: denied { read } for pid=1176 comm="syz.1.285" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.993455][ T1186] netlink: 'syz.0.288': attribute type 1 has an invalid length. [ 51.111904][ T39] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #200: -71 [ 51.120895][ T39] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 51.129307][ T39] uclogic 0003:256C:006D.0001: failed probing pen v2 parameters: -71 [ 51.138831][ T39] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 51.146462][ T39] uclogic: probe of 0003:256C:006D.0001 failed with error -71 [ 51.157218][ T1190] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 51.172872][ T39] usb 5-1: USB disconnect, device number 9 [ 51.180038][ T28] audit: type=1400 audit(1770157803.036:344): avc: denied { ioctl } for pid=1188 comm="syz.2.290" path="socket:[19198]" dev="sockfs" ino=19198 ioctlcmd=0x52c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 51.344026][ T1190] loop2: detected capacity change from 0 to 40427 [ 51.376921][ T1196] loop0: detected capacity change from 0 to 512 [ 51.442742][ T1196] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 51.453200][ T1197] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 51.465098][ T1196] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 51.486817][ T347] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 51.518752][ T1196] loop0: detected capacity change from 0 to 128 [ 51.534134][ T1196] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 51.559413][ T1196] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 51.694144][ T1210] netlink: 8 bytes leftover after parsing attributes in process `syz.4.298'. [ 51.938697][ T28] audit: type=1400 audit(1770157803.796:345): avc: denied { create } for pid=1235 comm="syz.2.308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 51.976733][ T1234] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 51.981731][ T28] audit: type=1400 audit(1770157803.796:346): avc: denied { sys_admin } for pid=1235 comm="syz.2.308" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 52.191882][ T1250] loop2: detected capacity change from 0 to 512 [ 52.201250][ T1204] loop3: detected capacity change from 0 to 40427 [ 52.223943][ T1250] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 52.233921][ T1204] F2FS-fs (loop3): Fix alignment : done, start(4096) end(16896) block(12288) [ 52.247835][ T1204] F2FS-fs (loop3): invalid crc value [ 52.282646][ T1204] F2FS-fs (loop3): invalid crc value [ 52.288979][ T1250] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 52.298979][ T1204] F2FS-fs (loop3): Failed to get valid F2FS checkpoint [ 52.308454][ T1257] loop4: p1 p3 < > p4 < p5 > [ 52.313448][ T1257] loop4: partition table partially beyond EOD, truncated [ 52.327914][ T1257] loop4: p1 size 33024 extends beyond EOD, truncated [ 52.336345][ T1204] netlink: 112 bytes leftover after parsing attributes in process `syz.3.295'. [ 52.368135][ T1257] loop4: p3 start 4284289 is beyond EOD, truncated [ 52.375259][ T1257] loop4: p5 size 33024 extends beyond EOD, truncated [ 52.384457][ T1259] netlink: 'syz.1.318': attribute type 1 has an invalid length. [ 52.465001][ T1250] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 52.512397][ T28] audit: type=1400 audit(1770157804.366:347): avc: denied { associate } for pid=1265 comm="syz.4.320" name="file0" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 52.557806][ T1250] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 52.656863][ T1272] FAULT_INJECTION: forcing a failure. [ 52.656863][ T1272] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 52.676730][ T1243] F2FS-fs (loop0): Wrong NAT boundary, start(2560) end(5) blocks(1024) [ 52.685771][ T1243] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 52.687520][ T1272] CPU: 0 PID: 1272 Comm: syz.1.323 Not tainted syzkaller #0 [ 52.695928][ T1243] F2FS-fs (loop0): Unrecognized mount option "" or missing value [ 52.701376][ T1272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 52.701391][ T1272] Call Trace: [ 52.701396][ T1272] [ 52.701404][ T1272] __dump_stack+0x21/0x24 [ 52.729906][ T1272] dump_stack_lvl+0x110/0x170 [ 52.734622][ T1272] ? __cfi_dump_stack_lvl+0x8/0x8 [ 52.739689][ T1272] dump_stack+0x15/0x24 [ 52.743888][ T1272] should_fail_ex+0x3d4/0x520 [ 52.748614][ T1272] should_fail_alloc_page+0x61/0x90 [ 52.753860][ T1272] prepare_alloc_pages+0x148/0x600 [ 52.759193][ T1272] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 52.764443][ T1272] __alloc_pages+0x13a/0x480 [ 52.769085][ T1272] ? __cfi___alloc_pages+0x10/0x10 [ 52.774339][ T1272] ? up_write+0x7b/0x290 [ 52.778632][ T1272] ? __anon_vma_prepare+0x3a1/0x420 [ 52.783896][ T1272] __folio_alloc+0x12/0x40 [ 52.788365][ T1272] wp_page_copy+0x27d/0x15a0 [ 52.792995][ T1272] ? __this_cpu_preempt_check+0x13/0x20 [ 52.798583][ T1272] ? fault_dirty_shared_page+0x310/0x310 [ 52.804258][ T1272] ? _raw_spin_lock+0x94/0xf0 [ 52.808984][ T1272] ? cap_mmap_addr+0x165/0x2e0 [ 52.813798][ T1272] ? __kasan_slab_free+0x11/0x20 [ 52.818776][ T1272] ? slab_free_freelist_hook+0xc2/0x190 [ 52.824369][ T1272] ? vm_normal_page+0x1eb/0x200 [ 52.829314][ T1272] do_wp_page+0x9f2/0xfc0 [ 52.833694][ T1272] handle_mm_fault+0x1124/0x26c0 [ 52.838686][ T1272] ? __cfi_handle_mm_fault+0x10/0x10 [ 52.844022][ T1272] ? down_read_trylock+0x27f/0x660 [ 52.849199][ T1272] ? lock_mm_and_find_vma+0x9e/0x320 [ 52.854540][ T1272] ? do_user_addr_fault+0x346/0x1050 [ 52.859867][ T1272] do_user_addr_fault+0x63b/0x1050 [ 52.865095][ T1272] exc_page_fault+0x51/0xb0 [ 52.869627][ T1272] asm_exc_page_fault+0x27/0x30 [ 52.874500][ T1272] RIP: 0033:0x7f7f72a527e3 [ 52.878942][ T1272] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 52.898654][ T1272] RSP: 002b:00007f7f73ab6470 EFLAGS: 00010202 [ 52.904750][ T1272] RAX: 0000000000000400 RBX: 00007f7f73ab6530 RCX: 00007f7f691f8000 [ 52.912741][ T1272] RDX: 00007f7f73ab66d0 RSI: 0000000000000019 RDI: 00007f7f73ab65d0 [ 52.920745][ T1272] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000a2 [ 52.928818][ T1272] R10: 00000000000000c0 R11: 00007f7f73ab6530 R12: 0000000000000001 [ 52.936807][ T1272] R13: 00007f7f72c47920 R14: 0000000000000020 R15: 00007f7f73ab65d0 [ 52.944809][ T1272] [ 52.971025][ T1272] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 53.021199][ T1272] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 53.047653][ T285] EXT4-fs (loop1): unmounting filesystem. [ 53.097390][ T387] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 53.629609][ T387] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.647475][ T387] usb 5-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 53.681216][ T1304] FAULT_INJECTION: forcing a failure. [ 53.681216][ T1304] name failslab, interval 1, probability 0, space 0, times 0 [ 53.705004][ T387] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.717877][ T1304] CPU: 1 PID: 1304 Comm: syz.3.334 Not tainted syzkaller #0 [ 53.725237][ T1304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 53.735374][ T1304] Call Trace: [ 53.738699][ T1304] [ 53.741658][ T1304] __dump_stack+0x21/0x24 [ 53.746033][ T1304] dump_stack_lvl+0x110/0x170 [ 53.750757][ T1304] ? __cfi_dump_stack_lvl+0x8/0x8 [ 53.755866][ T1304] ? security_file_permission+0x8a/0xb0 [ 53.761463][ T1304] dump_stack+0x15/0x24 [ 53.765673][ T1304] should_fail_ex+0x3d4/0x520 [ 53.770404][ T1304] ? getname_flags+0xb9/0x500 [ 53.775120][ T1304] __should_failslab+0xac/0xf0 [ 53.775154][ T1304] should_failslab+0x9/0x20 [ 53.775174][ T1304] kmem_cache_alloc+0x3b/0x330 [ 53.775202][ T1304] getname_flags+0xb9/0x500 [ 53.775223][ T1304] user_path_at_empty+0x30/0x1c0 [ 53.775252][ T1304] path_listxattr+0xac/0x1b0 [ 53.775284][ T1304] ? path_getxattr+0x4d0/0x4d0 [ 53.775313][ T1304] ? debug_smp_processor_id+0x17/0x20 [ 53.775338][ T1304] __x64_sys_llistxattr+0x7d/0x90 [ 53.775365][ T1304] x64_sys_call+0x473/0x9a0 [ 53.775390][ T1304] do_syscall_64+0x4c/0xa0 [ 53.775416][ T1304] ? clear_bhb_loop+0x30/0x80 [ 53.775435][ T1304] ? clear_bhb_loop+0x30/0x80 [ 53.775454][ T1304] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 53.775487][ T1304] RIP: 0033:0x7f91c499aeb9 [ 53.775504][ T1304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 53.775522][ T1304] RSP: 002b:00007f91c582b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 53.775545][ T1304] RAX: ffffffffffffffda RBX: 00007f91c4c15fa0 RCX: 00007f91c499aeb9 [ 53.775560][ T1304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0 [ 53.775573][ T1304] RBP: 00007f91c582b090 R08: 0000000000000000 R09: 0000000000000000 [ 53.775585][ T1304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.775598][ T1304] R13: 00007f91c4c16038 R14: 00007f91c4c15fa0 R15: 00007ffefc029bf8 [ 53.775616][ T1304] [ 53.778610][ T387] usb 5-1: config 0 descriptor?? [ 53.971583][ T347] I/O error, dev loop0, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 54.421339][ T1323] netlink: 24 bytes leftover after parsing attributes in process `syz.2.342'. [ 54.479851][ T387] sony 0003:1345:3008.0002: unbalanced collection at end of report description [ 54.499944][ T387] sony 0003:1345:3008.0002: parse failed [ 54.505881][ T387] sony: probe of 0003:1345:3008.0002 failed with error -22 [ 54.667568][ T288] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 54.688169][ T60] usb 5-1: USB disconnect, device number 10 [ 54.767490][ T39] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 54.857547][ T288] usb 2-1: Using ep0 maxpacket: 8 [ 54.873794][ T288] usb 2-1: config index 0 descriptor too short (expected 32831, got 122) [ 54.912463][ T1348] netlink: 36 bytes leftover after parsing attributes in process `syz.4.350'. [ 54.922103][ T288] usb 2-1: config 0 has an invalid interface number: 3 but max is 0 [ 54.932556][ T288] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 54.977484][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 54.984844][ T39] usb 1-1: config index 0 descriptor too short (expected 32831, got 122) [ 55.000431][ T288] usb 2-1: config 0 has no interface number 0 [ 55.035791][ T39] usb 1-1: config 0 has an invalid interface number: 3 but max is 0 [ 55.045234][ T288] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 55.090419][ T39] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.101294][ T288] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 55.118755][ T39] usb 1-1: config 0 has no interface number 0 [ 55.125380][ T288] usb 2-1: config 0 interface 3 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 55.138961][ T39] usb 1-1: config 0 interface 3 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 55.151068][ T288] usb 2-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 55.160357][ T39] usb 1-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 55.170332][ T288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.178816][ T39] usb 1-1: config 0 interface 3 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 55.192260][ T39] usb 1-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 55.201712][ T288] usb 2-1: config 0 descriptor?? [ 55.207622][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.216485][ T288] hub 2-1:0.3: bad descriptor, ignoring hub [ 55.223328][ T288] hub: probe of 2-1:0.3 failed with error -5 [ 55.233666][ T39] usb 1-1: config 0 descriptor?? [ 55.240341][ T39] hub 1-1:0.3: bad descriptor, ignoring hub [ 55.255039][ T39] hub: probe of 1-1:0.3 failed with error -5 [ 55.305511][ T28] audit: type=1400 audit(1770157807.156:348): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 55.428133][ T1319] set_capacity_and_notify: 8 callbacks suppressed [ 55.428152][ T1319] loop1: detected capacity change from 0 to 256 [ 55.453295][ T1328] loop0: detected capacity change from 0 to 256 [ 55.595941][ T28] audit: type=1400 audit(1770157807.446:349): avc: denied { create } for pid=1360 comm="syz.2.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 55.673010][ T288] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 55.725586][ T1359] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000003) [ 55.744794][ T1355] loop4: detected capacity change from 0 to 131072 [ 55.752666][ T28] audit: type=1400 audit(1770157807.606:350): avc: denied { connect } for pid=1360 comm="syz.2.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 55.775573][ T1355] F2FS-fs (loop4): Found nat_bits in checkpoint [ 55.811589][ T1355] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 55.837529][ T288] usb 4-1: device descriptor read/64, error -71 [ 56.107426][ T288] usb 4-1: device descriptor read/64, error -71 [ 56.377390][ T288] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 56.465318][ T28] audit: type=1326 audit(1770157808.316:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1371 comm="syz.2.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1793b9aeb9 code=0x7ffc0000 [ 56.527484][ T288] usb 4-1: device descriptor read/64, error -71 [ 56.738126][ T28] audit: type=1400 audit(1770157808.596:352): avc: denied { map } for pid=1378 comm="syz.2.359" path="socket:[20757]" dev="sockfs" ino=20757 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 56.761809][ T28] audit: type=1400 audit(1770157808.596:353): avc: denied { read accept } for pid=1378 comm="syz.2.359" path="socket:[20757]" dev="sockfs" ino=20757 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 56.797417][ T288] usb 4-1: device descriptor read/64, error -71 [ 56.917495][ T288] usb usb4-port1: attempt power cycle [ 57.111237][ T1394] loop4: detected capacity change from 0 to 512 [ 57.129083][ T1394] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 57.162724][ T287] EXT4-fs (loop4): unmounting filesystem. [ 57.303220][ T1400] loop4: detected capacity change from 0 to 512 [ 57.327489][ T288] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 57.339615][ T1400] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 57.361084][ T288] usb 4-1: device descriptor read/8, error -71 [ 57.375913][ T287] EXT4-fs (loop4): unmounting filesystem. [ 57.401062][ T1406] loop4: detected capacity change from 0 to 256 [ 57.407781][ T1406] exfat: Deprecated parameter 'utf8' [ 57.413255][ T1406] exfat: Deprecated parameter 'namecase' [ 57.419104][ T1406] exfat: Deprecated parameter 'namecase' [ 57.424884][ T1406] exfat: Deprecated parameter 'utf8' [ 57.462358][ T1406] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 57.502639][ T28] audit: type=1400 audit(1770157809.356:354): avc: denied { mounton } for pid=1405 comm="syz.4.367" path=2F37322FE91F7189591E9233614B2F66696C6530 dev="loop4" ino=1048617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 57.534131][ T288] usb 4-1: device descriptor read/8, error -71 [ 57.567486][ T24] usb 2-1: USB disconnect, device number 2 [ 57.581089][ T28] audit: type=1400 audit(1770157809.436:355): avc: denied { setopt } for pid=1418 comm="syz.1.373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.617570][ T60] usb 1-1: USB disconnect, device number 4 [ 57.633185][ T28] audit: type=1400 audit(1770157809.486:356): avc: denied { mounton } for pid=1423 comm="syz.4.376" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 57.675108][ T28] audit: type=1400 audit(1770157809.526:357): avc: denied { map } for pid=1426 comm="syz.0.377" path="socket:[20847]" dev="sockfs" ino=20847 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 57.702414][ T1430] loop4: detected capacity change from 0 to 1024 [ 57.720689][ T1430] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 57.729632][ T1430] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.743565][ T1430] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.378: bg 0: block 112: padding at end of block bitmap is not set [ 57.760035][ T1430] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 1 with error 117 [ 57.772548][ T1430] EXT4-fs (loop4): This should not happen!! Data will be lost [ 57.772548][ T1430] [ 57.784236][ T1430] EXT4-fs error (device loop4): ext4_free_blocks:6221: comm syz.4.378: Freeing blocks not in datazone - block = 0, count = 16 [ 57.827523][ T288] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 57.847432][ T387] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 57.859466][ T288] usb 4-1: device descriptor read/8, error -71 [ 57.892548][ T287] EXT4-fs (loop4): unmounting filesystem. [ 57.920632][ T60] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 58.019104][ T288] usb 4-1: device descriptor read/8, error -71 [ 58.137646][ T288] usb usb4-port1: unable to enumerate USB device [ 58.220761][ T1450] loop4: detected capacity change from 0 to 128 [ 58.227406][ T387] usb 3-1: Using ep0 maxpacket: 32 [ 58.228153][ T1450] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 58.245152][ T387] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 58.253439][ T387] usb 3-1: config 0 has no interface number 0 [ 58.254204][ T1450] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 58.260430][ T387] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 58.279909][ T387] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 33573, setting to 1024 [ 58.291316][ T387] usb 3-1: config 0 interface 2 has no altsetting 0 [ 58.299589][ T387] usb 3-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 58.310133][ T387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.318252][ T387] usb 3-1: Product: syz [ 58.322593][ T387] usb 3-1: Manufacturer: syz [ 58.327270][ T387] usb 3-1: SerialNumber: syz [ 58.340817][ T1452] netlink: 8 bytes leftover after parsing attributes in process `syz.4.386'. [ 58.350006][ T60] usb 2-1: device descriptor read/64, error -71 [ 58.351161][ T387] usb 3-1: config 0 descriptor?? [ 58.389872][ T1456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'. [ 58.400450][ T1456] netlink: 12 bytes leftover after parsing attributes in process `syz.3.388'. [ 58.415899][ T1452] loop4: detected capacity change from 0 to 8192 [ 58.459862][ T1452] loop4: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 58.460971][ T1452] loop4: p3 size 33554476 extends beyond EOD, truncated [ 58.556872][ T1452] loop4: p5 size 33554476 extends beyond EOD, truncated [ 58.564586][ T1452] loop4: p6 size 33554476 extends beyond EOD, truncated [ 58.575240][ T1452] loop4: p7 size 33554476 extends beyond EOD, truncated [ 58.583061][ T1452] loop4: p8 size 33554476 extends beyond EOD, truncated [ 58.590913][ T1452] loop4: p9 size 33554476 extends beyond EOD, truncated [ 58.599201][ T1452] loop4: p10 size 33554476 extends beyond EOD, truncated [ 58.606935][ T1452] loop4: p11 size 33554476 extends beyond EOD, truncated [ 58.615459][ T1452] loop4: p12 size 33554476 extends beyond EOD, truncated [ 58.637390][ T60] usb 2-1: device descriptor read/64, error -71 [ 58.639285][ T1452] loop4: p13 size 33554476 extends beyond EOD, truncated [ 58.657575][ T1452] loop4: p14 size 33554476 extends beyond EOD, truncated [ 58.673258][ T1452] loop4: p15 size 33554476 extends beyond EOD, truncated [ 58.681794][ T1452] loop4: p16 size 33554476 extends beyond EOD, truncated [ 58.689861][ T1452] loop4: p17 size 33554476 extends beyond EOD, truncated [ 58.698084][ T1452] loop4: p18 size 33554476 extends beyond EOD, truncated [ 58.714676][ T1452] loop4: p19 size 33554476 extends beyond EOD, truncated [ 58.730068][ T1452] loop4: p20 size 33554476 extends beyond EOD, truncated [ 58.784230][ T1452] loop4: p21 size 33554476 extends beyond EOD, truncated [ 58.795401][ T1452] loop4: p22 size 33554476 extends beyond EOD, truncated [ 58.803588][ T1452] loop4: p23 size 33554476 extends beyond EOD, truncated [ 58.811318][ T1452] loop4: p24 size 33554476 extends beyond EOD, truncated [ 58.819136][ T1452] loop4: p25 size 33554476 extends beyond EOD, truncated [ 58.836739][ T1452] loop4: p26 size 33554476 extends beyond EOD, truncated [ 58.845040][ T1452] loop4: p27 size 33554476 extends beyond EOD, truncated [ 58.857004][ T1452] loop4: p28 size 33554476 extends beyond EOD, truncated [ 58.907393][ T60] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 58.934895][ T1452] loop4: p29 size 33554476 extends beyond EOD, truncated [ 58.942587][ T1452] loop4: p30 size 33554476 extends beyond EOD, truncated [ 58.950440][ T1452] loop4: p31 size 33554476 extends beyond EOD, truncated [ 58.958045][ T1452] loop4: p32 size 33554476 extends beyond EOD, truncated [ 58.965683][ T1452] loop4: p33 size 33554476 extends beyond EOD, truncated [ 58.973317][ T1452] loop4: p34 size 33554476 extends beyond EOD, truncated [ 58.980954][ T1452] loop4: p35 size 33554476 extends beyond EOD, truncated [ 58.989090][ T1452] loop4: p36 size 33554476 extends beyond EOD, truncated [ 58.996731][ T1452] loop4: p37 size 33554476 extends beyond EOD, truncated [ 59.013339][ T1452] loop4: p38 size 33554476 extends beyond EOD, truncated [ 59.021652][ T1452] loop4: p39 size 33554476 extends beyond EOD, truncated [ 59.029719][ T1452] loop4: p40 size 33554476 extends beyond EOD, truncated [ 59.037686][ T1452] loop4: p41 size 33554476 extends beyond EOD, truncated [ 59.045475][ T1452] loop4: p42 size 33554476 extends beyond EOD, truncated [ 59.050594][ T1463] loop3: detected capacity change from 0 to 40427 [ 59.055417][ T1452] loop4: p43 size 33554476 extends beyond EOD, truncated [ 59.066782][ T1452] loop4: p44 size 33554476 extends beyond EOD, truncated [ 59.077287][ T1452] loop4: p45 size 33554476 extends beyond EOD, truncated [ 59.087128][ T1452] loop4: p46 size 33554476 extends beyond EOD, truncated [ 59.147701][ T1475] erofs: Unknown parameter '' [ 59.153398][ T1452] loop4: p47 size 33554476 extends beyond EOD, truncated [ 59.313001][ T1452] loop4: p48 size 33554476 extends beyond EOD, truncated [ 59.454028][ T60] usb 2-1: device descriptor read/64, error -71 [ 59.460990][ T666] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 59.474889][ T1452] loop4: p49 size 33554476 extends beyond EOD, truncated [ 59.502864][ T1452] loop4: p50 size 33554476 extends beyond EOD, truncated [ 59.515097][ T1452] loop4: p51 size 33554476 extends beyond EOD, truncated [ 59.516279][ T1474] option changes via remount are deprecated (pid=1472 comm=syz.0.394) [ 59.531310][ T1474] cgroup: option or name mismatch, new: 0x10 "", old: 0x0 "" [ 59.541945][ T1452] loop4: p52 size 33554476 extends beyond EOD, truncated [ 59.553392][ T1479] EXT4-fs: Ignoring removed oldalloc option [ 59.559820][ T1452] loop4: p53 size 33554476 extends beyond EOD, truncated [ 59.572198][ T1452] loop4: p54 size 33554476 extends beyond EOD, truncated [ 59.580368][ T1452] loop4: p55 size 33554476 extends beyond EOD, truncated [ 59.588507][ T1479] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 2: comm syz.3.396: lblock 2 mapped to illegal pblock 2 (length 1) [ 59.602984][ T1452] loop4: p56 size 33554476 extends beyond EOD, truncated [ 59.609130][ T1479] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 48: comm syz.3.396: lblock 0 mapped to illegal pblock 48 (length 1) [ 59.612282][ T1452] loop4: p57 size 33554476 extends beyond EOD, truncated [ 59.632425][ T1452] loop4: p58 size 33554476 extends beyond EOD, truncated [ 59.640497][ T1452] loop4: p59 size 33554476 extends beyond EOD, truncated [ 59.646818][ T1479] EXT4-fs error (device loop3): ext4_acquire_dquot:6798: comm syz.3.396: Failed to acquire dquot type 0 [ 59.649602][ T1452] loop4: p60 size 33554476 extends beyond EOD, truncated [ 59.666498][ T1452] loop4: p61 size 33554476 extends beyond EOD, truncated [ 59.674651][ T1452] loop4: p62 size 33554476 extends beyond EOD, truncated [ 59.679735][ T1479] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5930: Corrupt filesystem [ 59.683791][ T1452] loop4: p63 size 33554476 extends beyond EOD, truncated [ 59.727470][ T60] usb 2-1: device descriptor read/64, error -71 [ 59.734171][ T1452] loop4: p64 size 33554476 extends beyond EOD, truncated [ 59.745923][ T1452] loop4: p65 size 33554476 extends beyond EOD, truncated [ 59.757500][ T1479] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.396: mark_inode_dirty error [ 59.772750][ T1452] loop4: p66 size 33554476 extends beyond EOD, truncated [ 59.780377][ T1479] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 59.791415][ T1479] EXT4-fs (loop3): 1 orphan inode deleted [ 59.793570][ T1452] loop4: p67 size 33554476 extends beyond EOD, [ 59.797723][ T1479] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 59.813521][ T10] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 59.814030][ T10] EXT4-fs error (device loop3): ext4_release_dquot:6834: comm kworker/u4:1: Failed to release dquot type 0 [ 59.829274][ T1452] truncated [ 59.848508][ T1452] loop4: p68 size 33554476 extends beyond EOD, truncated [ 59.857762][ T1479] EXT4-fs (loop3): shut down requested (2) [ 59.868988][ T60] usb usb2-port1: attempt power cycle [ 59.876110][ T1452] loop4: p69 size 33554476 extends beyond EOD, truncated [ 59.878860][ T283] EXT4-fs (loop3): unmounting filesystem. [ 59.891401][ T1483] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 59.901570][ T1452] loop4: p70 size 33554476 extends beyond EOD, truncated [ 59.909356][ T1483] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 59.926150][ T1452] loop4: p71 size 33554476 extends beyond EOD, truncated [ 59.935699][ T1485] FAULT_INJECTION: forcing a failure. [ 59.935699][ T1485] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 59.936822][ T1452] loop4: p72 size 33554476 extends beyond EOD, truncated [ 59.957915][ T1452] loop4: p73 size 33554476 extends beyond EOD, truncated [ 59.971121][ T1485] CPU: 1 PID: 1485 Comm: syz.3.398 Not tainted syzkaller #0 [ 59.978467][ T1485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 59.978961][ T1452] loop4: p74 size 33554476 extends beyond EOD, [ 59.988734][ T1485] Call Trace: [ 59.988742][ T1485] [ 59.988750][ T1485] __dump_stack+0x21/0x24 [ 59.988782][ T1485] dump_stack_lvl+0x110/0x170 [ 59.997592][ T1452] truncated [ 59.998374][ T1485] ? __cfi_dump_stack_lvl+0x8/0x8 [ 60.003175][ T1452] loop4: p75 size 33554476 extends beyond EOD, [ 60.005702][ T1485] dump_stack+0x15/0x24 [ 60.005733][ T1485] should_fail_ex+0x3d4/0x520 [ 60.011419][ T1452] truncated [ 60.013589][ T1485] should_fail+0xb/0x10 [ 60.020950][ T1452] loop4: p76 size 33554476 extends beyond EOD, [ 60.024884][ T1485] should_fail_usercopy+0x1a/0x20 [ 60.024921][ T1485] _copy_to_user+0x1e/0x90 [ 60.031167][ T1452] truncated [ 60.033769][ T1485] simple_read_from_buffer+0xe9/0x160 [ 60.039029][ T1452] loop4: p77 size 33554476 extends beyond EOD, [ 60.041085][ T1485] proc_fail_nth_read+0x1a6/0x220 [ 60.041112][ T1485] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 60.047708][ T1452] truncated [ 60.052593][ T1485] ? security_file_permission+0x94/0xb0 [ 60.061210][ T1452] loop4: p78 size 33554476 extends beyond EOD, [ 60.065966][ T1485] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 60.065996][ T1485] vfs_read+0x27a/0x910 [ 60.072573][ T1452] truncated [ 60.077280][ T1485] ? __cfi_vfs_read+0x10/0x10 [ 60.085079][ T1452] loop4: p79 size 33554476 extends beyond EOD, [ 60.085974][ T1485] ? __kasan_check_write+0x14/0x20 [ 60.086002][ T1485] ? mutex_lock+0x93/0x1b0 [ 60.091773][ T1452] truncated [ 60.097800][ T1485] ? __cfi_mutex_lock+0x10/0x10 [ 60.097835][ T1485] ? __fdget_pos+0x2cd/0x380 [ 60.097855][ T1485] ? ksys_read+0x71/0x250 [ 60.105613][ T1452] loop4: p80 size 33554476 extends beyond EOD, [ 60.107661][ T1485] ksys_read+0x149/0x250 [ 60.107685][ T1485] ? __cfi_ksys_read+0x10/0x10 [ 60.107702][ T1485] ? fput+0x154/0x1a0 [ 60.107725][ T1485] ? debug_smp_processor_id+0x17/0x20 [ 60.111308][ T1452] truncated [ 60.115536][ T1485] __x64_sys_read+0x7b/0x90 [ 60.115558][ T1485] x64_sys_call+0x2f/0x9a0 [ 60.123878][ T1452] loop4: p81 size 33554476 extends beyond EOD, [ 60.126924][ T1485] do_syscall_64+0x4c/0xa0 [ 60.131514][ T1452] truncated [ 60.134494][ T1485] ? clear_bhb_loop+0x30/0x80 [ 60.134518][ T1485] ? clear_bhb_loop+0x30/0x80 [ 60.141396][ T1452] loop4: p82 size 33554476 extends beyond EOD, [ 60.143967][ T1485] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 60.155216][ T1452] truncated [ 60.158819][ T1485] RIP: 0033:0x7f91c495b78e [ 60.158840][ T1485] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 60.158869][ T1485] RSP: 002b:00007f91c582afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 60.166545][ T1452] loop4: p83 size 33554476 extends beyond EOD, [ 60.167647][ T1485] RAX: ffffffffffffffda RBX: 00007f91c582b6c0 RCX: 00007f91c495b78e [ 60.167665][ T1485] RDX: 000000000000000f RSI: 00007f91c582b0a0 RDI: 0000000000000004 [ 60.167680][ T1485] RBP: 00007f91c582b090 R08: 0000000000000000 R09: 0000000000000000 [ 60.167694][ T1485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.174235][ T1452] truncated [ 60.176205][ T1485] R13: 00007f91c4c16038 R14: 00007f91c4c15fa0 R15: 00007ffefc029bf8 [ 60.176229][ T1485] [ 60.183577][ T1452] loop4: p84 size 33554476 extends beyond EOD, [ 60.193490][ T1487] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 60.199539][ T1452] truncated [ 60.214739][ T1487] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 60.250287][ T1452] loop4: p85 size 33554476 extends beyond EOD, [ 60.340954][ T1489] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1489 comm=syz.3.399 [ 60.348167][ T60] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 60.367840][ T1452] truncated [ 60.371168][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 60.371181][ T28] audit: type=1326 audit(1770157812.216:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1488 comm="syz.3.399" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f91c499aeb9 code=0x0 [ 60.372387][ T1452] loop4: p86 size 33554476 extends beyond EOD, truncated [ 60.408418][ T1452] loop4: p87 size 33554476 extends beyond EOD, truncated [ 60.415815][ T60] usb 2-1: device descriptor read/8, error -71 [ 60.417205][ T1452] loop4: p88 size 33554476 extends beyond EOD, truncated [ 60.430383][ T1452] loop4: p89 size 33554476 extends beyond EOD, truncated [ 60.438146][ T1452] loop4: p90 size 33554476 extends beyond EOD, truncated [ 60.445872][ T1452] loop4: p91 size 33554476 extends beyond EOD, truncated [ 60.453496][ T1452] loop4: p92 size 33554476 extends beyond EOD, truncated [ 60.461280][ T1452] loop4: p93 size 33554476 extends beyond EOD, truncated [ 60.469081][ T1452] loop4: p94 size 33554476 extends beyond EOD, truncated [ 60.476750][ T1452] loop4: p95 size 33554476 extends beyond EOD, truncated [ 60.484544][ T1452] loop4: p96 size 33554476 extends beyond EOD, truncated [ 60.494921][ T1452] loop4: p97 size 33554476 extends beyond EOD, truncated [ 60.509798][ T387] usb 3-1: USB disconnect, device number 3 [ 60.517516][ T28] audit: type=1400 audit(1770157812.376:363): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 60.538504][ T1452] loop4: p98 size 33554476 extends beyond EOD, truncated [ 60.556142][ T1492] set_capacity_and_notify: 4 callbacks suppressed [ 60.556160][ T1492] loop0: detected capacity change from 0 to 512 [ 60.569156][ T1452] loop4: p99 size 33554476 extends beyond EOD, truncated [ 60.583086][ T60] usb 2-1: device descriptor read/8, error -71 [ 60.592414][ T1452] loop4: p100 size 33554476 extends beyond EOD, truncated [ 60.602267][ T1492] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 60.614852][ T1452] loop4: p101 size 33554476 extends beyond EOD, truncated [ 60.626562][ T1452] loop4: p102 size 33554476 extends beyond EOD, truncated [ 60.637801][ T1452] loop4: p103 size 33554476 extends beyond EOD, truncated [ 60.645985][ T1452] loop4: p104 size 33554476 extends beyond EOD, truncated [ 60.655716][ T284] EXT4-fs (loop0): unmounting filesystem. [ 60.662861][ T1452] loop4: p105 size 33554476 extends beyond EOD, truncated [ 60.671170][ T1452] loop4: p106 size 33554476 extends beyond EOD, truncated [ 60.690097][ T1504] loop0: detected capacity change from 0 to 512 [ 60.699255][ T1452] loop4: p107 size 33554476 extends beyond EOD, truncated [ 60.708238][ T1504] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 60.710907][ T1452] loop4: p108 size 33554476 extends beyond EOD, truncated [ 60.725887][ T28] audit: type=1400 audit(1770157812.576:364): avc: denied { audit_write } for pid=1498 comm="syz.1.402" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 60.745907][ T1452] loop4: p109 size 33554476 extends beyond EOD, [ 60.747736][ T1504] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 60.748521][ T1452] truncated [ 60.767561][ T1452] loop4: p110 size 33554476 extends beyond EOD, truncated [ 60.775283][ T1452] loop4: p111 size 33554476 extends beyond EOD, truncated [ 60.794243][ T1452] loop4: p112 size 33554476 extends beyond EOD, truncated [ 60.802040][ T1452] loop4: p113 size 33554476 extends beyond EOD, truncated [ 60.806674][ T1509] loop0: detected capacity change from 0 to 256 [ 60.813182][ T1452] loop4: p114 size 33554476 extends beyond EOD, truncated [ 60.824233][ T1509] FAULT_INJECTION: forcing a failure. [ 60.824233][ T1509] name failslab, interval 1, probability 0, space 0, times 0 [ 60.838443][ T1509] CPU: 0 PID: 1509 Comm: syz.0.405 Not tainted syzkaller #0 [ 60.839663][ T1452] loop4: p115 size 33554476 extends beyond EOD, [ 60.845778][ T1509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 60.845793][ T1509] Call Trace: [ 60.845799][ T1509] [ 60.845806][ T1509] __dump_stack+0x21/0x24 [ 60.852580][ T1452] truncated [ 60.862222][ T1509] dump_stack_lvl+0x110/0x170 [ 60.862253][ T1509] ? __cfi_dump_stack_lvl+0x8/0x8 [ 60.867239][ T1452] loop4: p116 size 33554476 extends beyond EOD, [ 60.868508][ T1509] dump_stack+0x15/0x24 [ 60.868538][ T1509] should_fail_ex+0x3d4/0x520 [ 60.872959][ T1452] truncated [ 60.875992][ T1509] ? getname_flags+0xb9/0x500 [ 60.876016][ T1509] __should_failslab+0xac/0xf0 [ 60.882431][ T1452] loop4: p117 size 33554476 extends beyond EOD, [ 60.885758][ T1509] should_failslab+0x9/0x20 [ 60.911567][ T1452] truncated [ 60.913983][ T1509] kmem_cache_alloc+0x3b/0x330 [ 60.914021][ T1509] getname_flags+0xb9/0x500 [ 60.922925][ T1452] loop4: p118 size 33554476 extends beyond EOD, [ 60.924865][ T1509] ? __cfi_vfs_write+0x10/0x10 [ 60.924892][ T1509] getname+0x19/0x20 [ 60.928671][ T1452] truncated [ 60.932768][ T1509] do_sys_openat2+0xeb/0x810 [ 60.932800][ T1509] ? __kasan_check_write+0x14/0x20 [ 60.940354][ T1452] loop4: p119 size 33554476 extends beyond EOD, [ 60.943634][ T1509] ? do_sys_open+0xe0/0xe0 [ 60.949340][ T1452] truncated [ 60.952458][ T1509] ? ksys_write+0x1f4/0x250 [ 60.957153][ T1452] loop4: p120 size 33554476 extends beyond EOD, [ 60.960195][ T1509] ? __cfi_ksys_write+0x10/0x10 [ 60.960219][ T1509] __x64_sys_creat+0x8e/0xb0 [ 60.960248][ T1509] x64_sys_call+0x116/0x9a0 [ 60.966840][ T1452] truncated [ 60.971790][ T1509] do_syscall_64+0x4c/0xa0 [ 60.971821][ T1509] ? clear_bhb_loop+0x30/0x80 [ 60.978504][ T1452] loop4: p121 size 33554476 extends beyond EOD, [ 60.979360][ T1509] ? clear_bhb_loop+0x30/0x80 [ 60.979387][ T1509] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 60.984026][ T1452] truncated [ 60.990215][ T1509] RIP: 0033:0x7f628039aeb9 [ 60.990235][ T1509] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 60.990251][ T1509] RSP: 002b:00007f62812d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 60.990271][ T1509] RAX: ffffffffffffffda RBX: 00007f6280615fa0 RCX: 00007f628039aeb9 [ 60.990285][ T1509] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000200000000840 [ 60.990298][ T1509] RBP: 00007f62812d9090 R08: 0000000000000000 R09: 0000000000000000 [ 60.998297][ T1452] loop4: p122 size 33554476 extends beyond EOD, [ 60.999760][ T1509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.999776][ T1509] R13: 00007f6280616038 R14: 00007f6280615fa0 R15: 00007ffff45cc898 [ 61.004408][ T1452] truncated [ 61.007419][ T1509] [ 61.125285][ T1452] loop4: p123 size 33554476 extends beyond EOD, truncated [ 61.133145][ T1452] loop4: p124 size 33554476 extends beyond EOD, truncated [ 61.141181][ T1452] loop4: p125 size 33554476 extends beyond EOD, truncated [ 61.148911][ T1452] loop4: p126 size 33554476 extends beyond EOD, truncated [ 61.159274][ T1452] loop4: p127 size 33554476 extends beyond EOD, truncated [ 61.167015][ T1452] loop4: p128 size 33554476 extends beyond EOD, truncated [ 61.174922][ T1452] loop4: p129 size 33554476 extends beyond EOD, truncated [ 61.182772][ T1452] loop4: p130 size 33554476 extends beyond EOD, truncated [ 61.190664][ T1452] loop4: p131 size 33554476 extends beyond EOD, truncated [ 61.198564][ T1452] loop4: p132 size 33554476 extends beyond EOD, truncated [ 61.210404][ T1452] loop4: p133 size 33554476 extends beyond EOD, truncated [ 61.222540][ T1452] loop4: p134 size 33554476 extends beyond EOD, truncated [ 61.235627][ T1516] loop3: detected capacity change from 0 to 1024 [ 61.242159][ T1452] loop4: p135 size 33554476 extends beyond EOD, truncated [ 61.250025][ T1516] EXT4-fs: Ignoring removed oldalloc option [ 61.260948][ T1452] loop4: p136 size 33554476 extends beyond EOD, truncated [ 61.267618][ T387] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 61.275606][ T1518] xt_TPROXY: Can be used only with -p tcp or -p udp [ 61.278727][ T1452] loop4: p137 size 33554476 extends beyond EOD, truncated [ 61.293948][ T1516] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 2: comm syz.3.407: lblock 2 mapped to illegal pblock 2 (length 1) [ 61.308330][ T1516] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 61.310731][ T1452] loop4: p138 size 33554476 extends beyond EOD, [ 61.316456][ T1516] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 48: comm syz.3.407: lblock 0 mapped to illegal pblock 48 (length 1) [ 61.331075][ T1452] truncated [ 61.338080][ T1516] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 61.349525][ T1516] EXT4-fs error (device loop3): ext4_acquire_dquot:6798: comm syz.3.407: Failed to acquire dquot type 0 [ 61.360945][ T1452] loop4: p139 size 33554476 extends beyond EOD, truncated [ 61.361273][ T1516] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5930: Corrupt filesystem [ 61.378007][ T1516] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.407: mark_inode_dirty error [ 61.378693][ T1452] loop4: p140 size 33554476 extends beyond EOD, [ 61.389369][ T1516] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 61.406177][ T1516] EXT4-fs (loop3): 1 orphan inode deleted [ 61.411987][ T1516] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 61.414008][ T1452] truncated [ 61.427635][ T1452] loop4: p141 size 33554476 extends beyond EOD, truncated [ 61.435649][ T8] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 61.450516][ T1516] EXT4-fs (loop3): shut down requested (2) [ 61.457752][ T1452] loop4: p142 size 33554476 extends beyond EOD, truncated [ 61.461736][ T8] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 61.473894][ T387] usb 3-1: Using ep0 maxpacket: 32 [ 61.482287][ T1452] loop4: p143 size 33554476 extends beyond EOD, truncated [ 61.495061][ T283] EXT4-fs (loop3): unmounting filesystem. [ 61.502852][ T1525] loop1: detected capacity change from 0 to 512 [ 61.508052][ T387] usb 3-1: config 0 has an invalid interface number: 202 but max is 0 [ 61.518150][ T387] usb 3-1: config 0 has no interface number 0 [ 61.519872][ T1525] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 61.529875][ T387] usb 3-1: New USB device found, idVendor=0dd8, idProduct=d202, bcdDevice=38.2e [ 61.543700][ T1452] loop4: p144 size 33554476 extends beyond EOD, truncated [ 61.546119][ T1525] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal [ 61.553607][ T387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.566938][ T1452] loop4: p145 size 33554476 extends beyond EOD, truncated [ 61.574957][ T387] usb 3-1: Product: syz [ 61.579343][ T1452] loop4: p146 size 33554476 extends beyond EOD, truncated [ 61.586670][ T387] usb 3-1: Manufacturer: syz [ 61.589781][ T1452] loop4: p147 size 33554476 extends beyond EOD, truncated [ 61.592280][ T387] usb 3-1: SerialNumber: syz [ 61.600944][ T1452] loop4: p148 size 33554476 extends beyond EOD, truncated [ 61.606490][ T387] usb 3-1: config 0 descriptor?? [ 61.616576][ T1452] loop4: p149 size 33554476 extends beyond EOD, truncated [ 61.624535][ T387] usb-storage 3-1:0.202: USB Mass Storage device detected [ 61.632318][ T1452] loop4: p150 size 33554476 extends beyond EOD, truncated [ 61.642276][ T1452] loop4: p151 size 33554476 extends beyond EOD, truncated [ 61.644650][ T1529] FAULT_INJECTION: forcing a failure. [ 61.644650][ T1529] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.652522][ T1452] loop4: p152 size 33554476 extends beyond EOD, truncated [ 61.663126][ T1529] CPU: 1 PID: 1529 Comm: syz.3.412 Not tainted syzkaller #0 [ 61.671090][ T387] usb-storage 3-1:0.202: Quirks match for vid 0dd8 pid d202: 20 [ 61.677126][ T1529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 61.677140][ T1529] Call Trace: [ 61.677147][ T1529] [ 61.677154][ T1529] __dump_stack+0x21/0x24 [ 61.687760][ T1452] loop4: p153 size 33554476 extends beyond EOD, [ 61.694875][ T1529] dump_stack_lvl+0x110/0x170 [ 61.716476][ T1529] ? __cfi_dump_stack_lvl+0x8/0x8 [ 61.721535][ T1529] dump_stack+0x15/0x24 [ 61.725716][ T1529] should_fail_ex+0x3d4/0x520 [ 61.730422][ T1529] should_fail+0xb/0x10 [ 61.734599][ T1529] should_fail_usercopy+0x1a/0x20 [ 61.739649][ T1529] _copy_from_iter+0x196/0x1010 [ 61.744630][ T1529] ? __cfi__copy_from_iter+0x10/0x10 [ 61.749939][ T1529] ? stack_trace_save+0xa6/0xf0 [ 61.754854][ T1529] copy_page_from_iter+0x1d2/0x2b0 [ 61.759992][ T1529] ? skb_page_frag_refill+0x221/0x3a0 [ 61.765404][ T1529] tun_get_user+0x6f5/0x3470 [ 61.770059][ T1529] ? _parse_integer+0x2a/0x40 [ 61.774761][ T1529] ? tun_do_read+0x1cf0/0x1cf0 [ 61.779546][ T1529] ? __kasan_check_write+0x14/0x20 [ 61.784671][ T1529] ? ref_tracker_alloc+0x31d/0x4a0 [ 61.789800][ T1529] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 61.795368][ T1529] ? avc_policy_seqno+0x1b/0x70 [ 61.800253][ T1529] ? selinux_file_permission+0x2a5/0x510 [ 61.805913][ T1529] tun_chr_write_iter+0x1fb/0x300 [ 61.810962][ T1529] vfs_write+0x603/0xce0 [ 61.815222][ T1529] ? __cfi_vfs_write+0x10/0x10 [ 61.820006][ T1529] ? __fget_files+0x2d5/0x330 [ 61.824705][ T1529] ? __fdget_pos+0x1f2/0x380 [ 61.829318][ T1529] ? ksys_write+0x71/0x250 [ 61.833748][ T1529] ksys_write+0x149/0x250 [ 61.838188][ T1529] ? __cfi_ksys_write+0x10/0x10 [ 61.843059][ T1529] ? do_user_addr_fault+0x9ac/0x1050 [ 61.848376][ T1529] ? debug_smp_processor_id+0x17/0x20 [ 61.853776][ T1529] __x64_sys_write+0x7b/0x90 [ 61.858396][ T1529] x64_sys_call+0x27b/0x9a0 [ 61.862942][ T1529] do_syscall_64+0x4c/0xa0 [ 61.867384][ T1529] ? clear_bhb_loop+0x30/0x80 [ 61.872079][ T1529] ? clear_bhb_loop+0x30/0x80 [ 61.876940][ T1529] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 61.882862][ T1529] RIP: 0033:0x7f91c495b78e [ 61.887300][ T1529] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 61.906921][ T1529] RSP: 002b:00007f91c582afb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 61.915357][ T1529] RAX: ffffffffffffffda RBX: 00007f91c582b6c0 RCX: 00007f91c495b78e [ 61.923353][ T1529] RDX: 0000000000000056 RSI: 0000200000000240 RDI: 00000000000000c8 [ 61.931341][ T1529] RBP: 00007f91c582b090 R08: 0000000000000000 R09: 0000000000000000 [ 61.939374][ T1529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.947383][ T1529] R13: 00007f91c4c16038 R14: 00007f91c4c15fa0 R15: 00007ffefc029bf8 [ 61.955420][ T1529] [ 61.967416][ T1452] truncated [ 61.972744][ T28] audit: type=1400 audit(1770157813.826:365): avc: denied { sqpoll } for pid=1505 comm="syz.2.404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 61.992888][ T1452] loop4: p154 size 33554476 extends beyond EOD, truncated [ 62.003426][ T670] udevd[670]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 62.023347][ T1452] loop4: p155 size 33554476 extends beyond EOD, truncated [ 62.027777][ T485] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 62.047759][ T1452] loop4: p156 size 33554476 extends beyond EOD, truncated [ 62.059909][ T1452] loop4: p157 size 33554476 extends beyond EOD, truncated [ 62.062407][ T1506] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.404'. [ 62.070551][ T1452] loop4: p158 size 33554476 extends beyond EOD, truncated [ 62.084846][ T1452] loop4: p159 size 33554476 extends beyond EOD, truncated [ 62.085845][ T1525] loop1: detected capacity change from 0 to 128 [ 62.094148][ T1452] loop4: p160 size 33554476 extends beyond EOD, truncated [ 62.105902][ T1525] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 62.119536][ T1452] loop4: p161 size 33554476 extends beyond EOD, [ 62.122359][ T1532] loop3: detected capacity change from 0 to 2048 [ 62.126395][ T1452] truncated [ 62.136195][ T1525] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 62.146076][ T1452] loop4: p162 size 33554476 extends beyond EOD, truncated [ 62.157460][ T1452] loop4: p163 size 33554476 extends beyond EOD, truncated [ 62.167747][ T1452] loop4: p164 size 33554476 extends beyond EOD, truncated [ 62.175516][ T1452] loop4: p165 size 33554476 extends beyond EOD, truncated [ 62.183355][ T1452] loop4: p166 size 33554476 extends beyond EOD, truncated [ 62.191930][ T1532] loop3: p1 < > p4 [ 62.196934][ T1532] loop3: p4 size 8388608 extends beyond EOD, truncated [ 62.204473][ T1452] loop4: p167 size 33554476 extends beyond EOD, truncated [ 62.212708][ T28] audit: type=1400 audit(1770157814.066:366): avc: denied { map } for pid=1530 comm="syz.3.413" path="socket:[21973]" dev="sockfs" ino=21973 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 62.236197][ T1452] loop4: p168 size 33554476 extends beyond EOD, truncated [ 62.243508][ T485] usb 1-1: Using ep0 maxpacket: 8 [ 62.255973][ T485] usb 1-1: config index 0 descriptor too short (expected 32831, got 122) [ 62.266014][ T1532] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 62.273219][ T485] usb 1-1: config 0 has an invalid interface number: 3 but max is 0 [ 62.290310][ T1452] loop4: p169 size 33554476 extends beyond EOD, truncated [ 62.303196][ T28] audit: type=1400 audit(1770157814.156:367): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 62.323416][ T1452] loop4: p170 size 33554476 extends beyond EOD, truncated [ 62.330929][ T485] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 62.341865][ T485] usb 1-1: config 0 has no interface number 0 [ 62.348232][ T1452] loop4: p171 size 33554476 extends beyond EOD, truncated [ 62.355594][ T485] usb 1-1: config 0 interface 3 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 62.366910][ T485] usb 1-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 62.376792][ T1452] loop4: p172 size 33554476 extends beyond EOD, truncated [ 62.386562][ T485] usb 1-1: config 0 interface 3 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 62.391876][ T1538] loop3: detected capacity change from 0 to 512 [ 62.399953][ T1452] loop4: p173 size 33554476 extends beyond EOD, truncated [ 62.414354][ T485] usb 1-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 62.423696][ T1452] loop4: p174 size 33554476 extends beyond EOD, truncated [ 62.426638][ T1538] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 62.433614][ T485] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.449000][ T1452] loop4: p175 size 33554476 extends beyond EOD, truncated [ 62.456878][ T1538] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 62.467694][ T1452] loop4: p176 size 33554476 extends beyond EOD, truncated [ 62.474190][ T28] audit: type=1400 audit(1770157814.326:368): avc: denied { execute } for pid=1539 comm="syz.1.416" path="/syzcgroup/cpu/syz1/cpuset.cpus" dev="cgroup" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 62.500183][ T1452] loop4: p177 size 33554476 extends beyond EOD, truncated [ 62.512157][ T485] usb 1-1: config 0 descriptor?? [ 62.518123][ T485] hub 1-1:0.3: bad descriptor, ignoring hub [ 62.528705][ T1540] bridge0: port 3(syz_tun) entered blocking state [ 62.535191][ T1540] bridge0: port 3(syz_tun) entered disabled state [ 62.541913][ T1452] loop4: p178 size 33554476 extends beyond EOD, truncated [ 62.544086][ T1540] device syz_tun entered promiscuous mode [ 62.549283][ T485] hub: probe of 1-1:0.3 failed with error -5 [ 62.556015][ T1540] bridge0: port 3(syz_tun) entered blocking state [ 62.567489][ T1540] bridge0: port 3(syz_tun) entered forwarding state [ 62.577168][ T1452] loop4: p179 size 33554476 extends beyond EOD, truncated [ 62.585924][ T670] udevd[670]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 62.597859][ T347] udevd[347]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 62.608413][ T1452] loop4: p180 size 33554476 extends beyond EOD, truncated [ 62.625505][ T1543] overlayfs: unrecognized mount option "verity=require" or missing value [ 62.637773][ T1452] loop4: p181 size 33554476 extends beyond EOD, truncated [ 62.650058][ T39] usb 3-1: USB disconnect, device number 4 [ 62.660598][ T1452] loop4: p182 size 33554476 extends beyond EOD, truncated [ 62.680041][ T1452] loop4: p183 size 33554476 extends beyond EOD, truncated [ 62.692059][ T1543] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 62.699720][ T1452] loop4: p184 size 33554476 extends beyond EOD, truncated [ 62.711090][ T1452] loop4: p185 size 33554476 extends beyond EOD, truncated [ 62.723917][ T1452] loop4: p186 size 33554476 extends beyond EOD, truncated [ 62.731818][ T1452] loop4: p187 size 33554476 extends beyond EOD, truncated [ 62.745898][ T1452] loop4: p188 size 33554476 extends beyond EOD, truncated [ 62.765587][ T1523] loop0: detected capacity change from 0 to 256 [ 62.768924][ T1452] loop4: p189 size 33554476 extends beyond EOD, truncated [ 62.785250][ T1452] loop4: p190 size 33554476 extends beyond EOD, truncated [ 62.898807][ T1452] loop4: p191 size 33554476 extends beyond EOD, truncated [ 62.907817][ T1452] loop4: p192 size 33554476 extends beyond EOD, truncated [ 62.922446][ T1452] loop4: p193 size 33554476 extends beyond EOD, truncated [ 62.937672][ T1452] loop4: p194 size 33554476 extends beyond EOD, truncated [ 62.951579][ T1555] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000003) [ 62.956254][ T1452] loop4: p195 size 33554476 extends beyond EOD, truncated [ 62.974466][ T1452] loop4: p196 size 33554476 extends beyond EOD, truncated [ 62.983176][ T1554] bridge0: port 3(syz_tun) entered disabled state [ 62.990478][ T1452] loop4: p197 size 33554476 extends beyond EOD, truncated [ 62.998168][ T1452] loop4: p198 size 33554476 extends beyond EOD, truncated [ 63.000846][ T1554] device syz_tun left promiscuous mode [ 63.006413][ T1452] loop4: p199 size 33554476 extends beyond EOD, truncated [ 63.018770][ T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 63.024003][ T1554] bridge0: port 3(syz_tun) entered disabled state [ 63.033394][ T1452] loop4: p200 size 33554476 extends beyond EOD, truncated [ 63.041254][ T1452] loop4: p201 size 33554476 extends beyond EOD, truncated [ 63.049260][ T1452] loop4: p202 size 33554476 extends beyond EOD, truncated [ 63.057113][ T1452] loop4: p203 size 33554476 extends beyond EOD, truncated [ 63.064917][ T1452] loop4: p204 size 33554476 extends beyond EOD, truncated [ 63.072642][ T1452] loop4: p205 size 33554476 extends beyond EOD, truncated [ 63.080319][ T1452] loop4: p206 size 33554476 extends beyond EOD, truncated [ 63.088137][ T1452] loop4: p207 size 33554476 extends beyond EOD, truncated [ 63.095763][ T1452] loop4: p208 size 33554476 extends beyond EOD, truncated [ 63.103540][ T1452] loop4: p209 size 33554476 extends beyond EOD, truncated [ 63.111750][ T1452] loop4: p210 size 33554476 extends beyond EOD, truncated [ 63.119530][ T1452] loop4: p211 size 33554476 extends beyond EOD, truncated [ 63.127228][ T1452] loop4: p212 size 33554476 extends beyond EOD, truncated [ 63.135115][ T1452] loop4: p213 size 33554476 extends beyond EOD, truncated [ 63.139729][ T1552] loop2: detected capacity change from 0 to 40427 [ 63.144080][ T1452] loop4: p214 size 33554476 extends beyond EOD, truncated [ 63.156538][ T1452] loop4: p215 size 33554476 extends beyond EOD, truncated [ 63.164601][ T1552] F2FS-fs (loop2): invalid crc value [ 63.170373][ T1452] loop4: p216 size 33554476 extends beyond EOD, truncated [ 63.178137][ T1452] loop4: p217 size 33554476 extends beyond EOD, truncated [ 63.185774][ T1452] loop4: p218 size 33554476 extends beyond EOD, truncated [ 63.193901][ T1552] F2FS-fs (loop2): Found nat_bits in checkpoint [ 63.200761][ T1452] loop4: p219 size 33554476 extends beyond EOD, truncated [ 63.214740][ T1452] loop4: p220 size 33554476 extends beyond EOD, truncated [ 63.223122][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 63.235113][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 63.245601][ T1452] loop4: p221 size 33554476 extends beyond EOD, truncated [ 63.256392][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 63.265796][ T1452] loop4: p222 size 33554476 extends beyond EOD, truncated [ 63.279587][ T24] usb 4-1: config 1 has no interface number 0 [ 63.281095][ T1452] loop4: p223 size 33554476 extends beyond EOD, [ 63.285715][ T24] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 63.285766][ T24] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 63.303773][ T1452] truncated [ 63.321825][ T1552] F2FS-fs (loop2): Start checkpoint disabled! [ 63.328508][ T1552] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 63.336430][ T1552] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 63.338979][ T1452] loop4: p224 size 33554476 extends beyond EOD, [ 63.345156][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 63.365206][ T1452] truncated [ 63.377170][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.378744][ T1452] loop4: p225 size 33554476 extends beyond EOD, truncated [ 63.397452][ T24] usb 4-1: Product: syz [ 63.407067][ T24] usb 4-1: Manufacturer: syz [ 63.411869][ T24] usb 4-1: SerialNumber: syz [ 63.417105][ T1452] loop4: p226 size 33554476 extends beyond EOD, truncated [ 63.426148][ T24] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 63.434262][ T1452] loop4: p227 size 33554476 extends beyond EOD, truncated [ 63.443179][ T24] cdc_ncm 4-1:1.1: bind() failure [ 63.457072][ T1452] loop4: p228 size 33554476 extends beyond EOD, truncated [ 63.473988][ T1452] loop4: p229 size 33554476 extends beyond EOD, truncated [ 63.481760][ T1552] syz.2.422: attempt to access beyond end of device [ 63.481760][ T1552] loop2: rw=2049, sector=77824, nr_sectors = 8 limit=40427 [ 63.495846][ T1452] loop4: p230 size 33554476 extends beyond EOD, truncated [ 63.506463][ T1452] loop4: p231 size 33554476 extends beyond EOD, truncated [ 63.518450][ T1552] syz.2.422: attempt to access beyond end of device [ 63.518450][ T1552] loop2: rw=2049, sector=77832, nr_sectors = 2136 limit=40427 [ 63.532738][ T1452] loop4: p232 size 33554476 extends beyond EOD, truncated [ 63.543461][ T1452] loop4: p233 size 33554476 extends beyond EOD, truncated [ 63.544170][ T1552] syz.2.422: attempt to access beyond end of device [ 63.544170][ T1552] loop2: rw=2049, sector=79968, nr_sectors = 1952 limit=40427 [ 63.565432][ T1452] loop4: p234 size 33554476 extends beyond EOD, truncated [ 63.568275][ T1552] syz.2.422: attempt to access beyond end of device [ 63.568275][ T1552] loop2: rw=2049, sector=49152, nr_sectors = 8 limit=40427 [ 63.586754][ T1452] loop4: p235 size 33554476 extends beyond EOD, truncated [ 63.596851][ T1552] syz.2.422: attempt to access beyond end of device [ 63.596851][ T1552] loop2: rw=2049, sector=49160, nr_sectors = 2048 limit=40427 [ 63.598102][ T1452] loop4: p236 size 33554476 extends beyond EOD, [ 63.616903][ T1552] syz.2.422: attempt to access beyond end of device [ 63.616903][ T1552] loop2: rw=2049, sector=51208, nr_sectors = 2040 limit=40427 [ 63.624616][ T1452] truncated [ 63.640764][ T1552] syz.2.422: attempt to access beyond end of device [ 63.640764][ T1552] loop2: rw=2049, sector=57344, nr_sectors = 8 limit=40427 [ 63.659963][ T1552] syz.2.422: attempt to access beyond end of device [ 63.659963][ T1552] loop2: rw=2049, sector=57352, nr_sectors = 2048 limit=40427 [ 63.674686][ T1452] loop4: p237 size 33554476 extends beyond EOD, truncated [ 63.684872][ T1552] syz.2.422: attempt to access beyond end of device [ 63.684872][ T1552] loop2: rw=2049, sector=59400, nr_sectors = 2016 limit=40427 [ 63.699637][ T1452] loop4: p238 size 33554476 extends beyond EOD, truncated [ 63.720901][ T39] usb 4-1: USB disconnect, device number 9 [ 63.728670][ T1452] loop4: p239 size 33554476 extends beyond EOD, truncated [ 63.750102][ T10] kworker/u4:1: attempt to access beyond end of device [ 63.750102][ T10] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 63.766011][ T1452] loop4: p240 size 33554476 extends beyond EOD, truncated [ 63.773846][ T1452] loop4: p241 size 33554476 extends beyond EOD, truncated [ 63.787683][ T1452] loop4: p242 size 33554476 extends beyond EOD, truncated [ 63.798374][ T1452] loop4: p243 size 33554476 extends beyond EOD, truncated [ 63.816144][ T1452] loop4: p244 size 33554476 extends beyond EOD, truncated [ 63.830412][ T1452] loop4: p245 size 33554476 extends beyond EOD, truncated [ 63.842087][ T1452] loop4: p246 size 33554476 extends beyond EOD, truncated [ 63.857525][ T1561] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.858704][ T1452] loop4: p247 size 33554476 extends beyond EOD, [ 63.864844][ T1561] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.871280][ T1452] truncated [ 63.872588][ T1452] loop4: p248 size 33554476 extends beyond EOD, [ 63.880671][ T1561] device bridge_slave_0 entered promiscuous mode [ 63.882207][ T1452] truncated [ 63.890466][ T1561] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.896455][ T1452] loop4: p249 size 33554476 extends beyond EOD, [ 63.898188][ T1561] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.905339][ T1452] truncated [ 63.912620][ T1561] device bridge_slave_1 entered promiscuous mode [ 63.941061][ T1452] loop4: p250 size 33554476 extends beyond EOD, truncated [ 63.955667][ T1452] loop4: p251 size 33554476 extends beyond EOD, truncated [ 63.968250][ T1452] loop4: p252 size 33554476 extends beyond EOD, truncated [ 63.985944][ T1452] loop4: p253 size 33554476 extends beyond EOD, truncated [ 63.996031][ T1452] loop4: p254 size 33554476 extends beyond EOD, truncated [ 64.018346][ T1566] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 64.032061][ T1452] loop4: p255 size 33554476 extends beyond EOD, truncated [ 64.050750][ T286] EXT4-fs (loop2): unmounting filesystem. [ 64.179496][ T1572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.428'. [ 64.200533][ T1561] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.207661][ T1561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.215011][ T1561] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.222557][ T1561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.238993][ T401] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.251801][ T401] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.295278][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.304593][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.314792][ T1582] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 64.322109][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.332748][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.341739][ T401] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.348845][ T401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.357021][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.365927][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.374568][ T401] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.381667][ T401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.397779][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.406269][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.414654][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.423911][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.449851][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.450643][ T1586] binder: 1585:1586 ioctl c0c89425 200000000200 returned -22 [ 64.459915][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.477832][ T1586] binder: 1585:1586 ioctl 50009418 200000001040 returned -22 [ 64.485608][ T283] EXT4-fs (loop3): unmounting filesystem. [ 64.524273][ T1561] device veth0_vlan entered promiscuous mode [ 64.542943][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.574150][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.590010][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.598187][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.605967][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.616919][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.635009][ T1561] device veth1_macvtap entered promiscuous mode [ 64.642138][ T1594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.435'. [ 64.658137][ T24] usb 1-1: USB disconnect, device number 5 [ 64.676658][ T1600] netlink: 8 bytes leftover after parsing attributes in process `syz.3.437'. [ 64.692545][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.706516][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.728036][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.756925][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.771328][ T1600] loop3: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 64.772743][ T1600] loop3: p3 size 33554476 extends beyond EOD, [ 64.788290][ T720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.874189][ T1600] truncated [ 64.876531][ T1600] loop3: p5 size 33554476 extends beyond EOD, truncated [ 64.896522][ T665] udevd[665]: inotify_add_watch(7, /dev/loop4p14, 10) failed: No such file or directory [ 64.896535][ T347] udevd[347]: inotify_add_watch(7, /dev/loop4p15, 10) failed: No such file or directory [ 64.914109][ T666] udevd[666]: inotify_add_watch(7, /dev/loop4p16, 10) failed: No such file or directory [ 64.930442][ T670] udevd[670]: inotify_add_watch(7, /dev/loop4p17, 10) failed: No such file or directory [ 64.935693][ T1600] loop3: p6 size 33554476 extends beyond EOD, [ 64.944515][ T671] udevd[671]: inotify_add_watch(7, /dev/loop4p18, 10) failed: No such file or directory [ 64.944803][ T1600] truncated [ 64.955586][ T663] udevd[663]: inotify_add_watch(7, /dev/loop4p19, 10) failed: No such file or directory [ 64.975440][ T346] udevd[346]: inotify_add_watch(7, /dev/loop4p20, 10) failed: No such file or directory [ 64.995896][ T1600] loop3: p7 size 33554476 extends beyond EOD, truncated [ 65.006399][ T1602] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 65.015383][ T1600] loop3: p8 size 33554476 extends beyond EOD, truncated [ 65.028647][ T1602] System zones: 0-2, 18-18, 34-34 [ 65.035086][ T1600] loop3: p9 size 33554476 extends beyond EOD, truncated [ 65.042804][ T1602] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.438: bg 0: block 248: padding at end of block bitmap is not set [ 65.060466][ T1602] EXT4-fs error (device loop0): ext4_acquire_dquot:6798: comm syz.0.438: Failed to acquire dquot type 1 [ 65.063153][ T1600] loop3: p10 size 33554476 extends beyond EOD, [ 65.075142][ T1600] truncated [ 65.080922][ T1602] EXT4-fs (loop0): 1 truncate cleaned up [ 65.083597][ T1600] loop3: p11 size 33554476 extends beyond EOD, truncated [ 65.088431][ T1602] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 65.114078][ T1615] netlink: 'syz.5.439': attribute type 30 has an invalid length. [ 65.125360][ T1602] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.128419][ T1600] loop3: p12 size 33554476 extends beyond EOD, truncated [ 65.160192][ T1600] loop3: p13 size 33554476 extends beyond EOD, truncated [ 65.168589][ T1600] loop3: p14 size 33554476 extends beyond EOD, truncated [ 65.176896][ T1600] loop3: p15 size 33554476 extends beyond EOD, truncated [ 65.184930][ T1600] loop3: p16 size 33554476 extends beyond EOD, truncated [ 65.192656][ T1600] loop3: p17 size 33554476 extends beyond EOD, truncated [ 65.200352][ T1600] loop3: p18 size 33554476 extends beyond EOD, truncated [ 65.208334][ T1621] netlink: 516 bytes leftover after parsing attributes in process `syz.5.439'. [ 65.218553][ T1600] loop3: p19 size 33554476 extends beyond EOD, truncated [ 65.226877][ T1600] loop3: p20 size 33554476 extends beyond EOD, truncated [ 65.234907][ T1600] loop3: p21 size 33554476 extends beyond EOD, truncated [ 65.242584][ T1600] loop3: p22 size 33554476 extends beyond EOD, truncated [ 65.252736][ T1600] loop3: p23 size 33554476 extends beyond EOD, truncated [ 65.260423][ T1600] loop3: p24 size 33554476 extends beyond EOD, truncated [ 65.268078][ T1600] loop3: p25 size 33554476 extends beyond EOD, truncated [ 65.275733][ T1600] loop3: p26 size 33554476 extends beyond EOD, truncated [ 65.286467][ T1600] loop3: p27 size 33554476 extends beyond EOD, truncated [ 65.297910][ T1600] loop3: p28 size 33554476 extends beyond EOD, truncated [ 65.310955][ T1600] loop3: p29 size 33554476 extends beyond EOD, truncated [ 65.326182][ T1600] loop3: p30 size 33554476 extends beyond EOD, truncated [ 65.337874][ T1600] loop3: p31 size 33554476 extends beyond EOD, truncated [ 65.345978][ T1629] No source specified [ 65.353528][ T1600] loop3: p32 size 33554476 extends beyond EOD, truncated [ 65.361855][ T1600] loop3: p33 size 33554476 extends beyond EOD, truncated [ 65.373370][ T1600] loop3: p34 size 33554476 extends beyond EOD, truncated [ 65.397703][ T1600] loop3: p35 size 33554476 extends beyond EOD, truncated [ 65.419972][ T1600] loop3: p36 size 33554476 extends beyond EOD, truncated [ 65.427661][ T1600] loop3: p37 size 33554476 extends beyond EOD, truncated [ 65.435642][ T1600] loop3: p38 size 33554476 extends beyond EOD, truncated [ 65.443524][ T1600] loop3: p39 size 33554476 extends beyond EOD, truncated [ 65.451577][ T1600] loop3: p40 size 33554476 extends beyond EOD, truncated [ 65.459448][ T1600] loop3: p41 size 33554476 extends beyond EOD, truncated [ 65.467067][ T1600] loop3: p42 size 33554476 extends beyond EOD, truncated [ 65.474758][ T1600] loop3: p43 size 33554476 extends beyond EOD, truncated [ 65.482474][ T1600] loop3: p44 size 33554476 extends beyond EOD, truncated [ 65.490233][ T1600] loop3: p45 size 33554476 extends beyond EOD, truncated [ 65.497899][ T1600] loop3: p46 size 33554476 extends beyond EOD, truncated [ 65.505426][ T1600] loop3: p47 size 33554476 extends beyond EOD, truncated [ 65.513051][ T1600] loop3: p48 size 33554476 extends beyond EOD, truncated [ 65.520679][ T1600] loop3: p49 size 33554476 extends beyond EOD, truncated [ 65.528368][ T1600] loop3: p50 size 33554476 extends beyond EOD, truncated [ 65.535907][ T1600] loop3: p51 size 33554476 extends beyond EOD, truncated [ 65.543638][ T1600] loop3: p52 size 33554476 extends beyond EOD, truncated [ 65.551709][ T1600] loop3: p53 size 33554476 extends beyond EOD, truncated [ 65.559438][ T1600] loop3: p54 size 33554476 extends beyond EOD, truncated [ 65.567054][ T1600] loop3: p55 size 33554476 extends beyond EOD, truncated [ 65.574799][ T1600] loop3: p56 size 33554476 extends beyond EOD, truncated [ 65.582458][ T1600] loop3: p57 size 33554476 extends beyond EOD, truncated [ 65.590107][ T1600] loop3: p58 size 33554476 extends beyond EOD, truncated [ 65.597736][ T1600] loop3: p59 size 33554476 extends beyond EOD, truncated [ 65.605305][ T1600] loop3: p60 size 33554476 extends beyond EOD, truncated [ 65.612931][ T1600] loop3: p61 size 33554476 extends beyond EOD, truncated [ 65.620704][ T1600] loop3: p62 size 33554476 extends beyond EOD, truncated [ 65.628332][ T1600] loop3: p63 size 33554476 extends beyond EOD, truncated [ 65.635852][ T1600] loop3: p64 size 33554476 extends beyond EOD, truncated [ 65.643509][ T1600] loop3: p65 size 33554476 extends beyond EOD, truncated [ 65.651144][ T1600] loop3: p66 size 33554476 extends beyond EOD, truncated [ 65.658838][ T1600] loop3: p67 size 33554476 extends beyond EOD, truncated [ 65.666388][ T1600] loop3: p68 size 33554476 extends beyond EOD, truncated [ 65.674190][ T1600] loop3: p69 size 33554476 extends beyond EOD, truncated [ 65.682131][ T1600] loop3: p70 size 33554476 extends beyond EOD, truncated [ 65.689398][ T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 65.697714][ T1600] loop3: p71 size 33554476 extends beyond EOD, truncated [ 65.705586][ T1600] loop3: p72 size 33554476 extends beyond EOD, truncated [ 65.714257][ T1600] loop3: p73 size 33554476 extends beyond EOD, truncated [ 65.721859][ T1600] loop3: p74 size 33554476 extends beyond EOD, truncated [ 65.729666][ T1600] loop3: p75 size 33554476 extends beyond EOD, truncated [ 65.737246][ T1600] loop3: p76 size 33554476 extends beyond EOD, truncated [ 65.744945][ T1600] loop3: p77 size 33554476 extends beyond EOD, truncated [ 65.752590][ T1600] loop3: p78 size 33554476 extends beyond EOD, truncated [ 65.760359][ T1600] loop3: p79 size 33554476 extends beyond EOD, truncated [ 65.767928][ T1600] loop3: p80 size 33554476 extends beyond EOD, truncated [ 65.775612][ T1600] loop3: p81 size 33554476 extends beyond EOD, truncated [ 65.781682][ T1638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.448'. [ 65.784672][ T1600] loop3: p82 size 33554476 extends beyond EOD, truncated [ 65.800548][ T1600] loop3: p83 size 33554476 extends beyond EOD, truncated [ 65.808574][ T1600] loop3: p84 size 33554476 extends beyond EOD, truncated [ 65.816264][ T1600] loop3: p85 size 33554476 extends beyond EOD, truncated [ 65.823920][ T1600] loop3: p86 size 33554476 extends beyond EOD, truncated [ 65.831850][ T1600] loop3: p87 size 33554476 extends beyond EOD, truncated [ 65.839708][ T1600] loop3: p88 size 33554476 extends beyond EOD, truncated [ 65.847315][ T1600] loop3: p89 size 33554476 extends beyond EOD, truncated [ 65.854945][ T1640] set_capacity_and_notify: 5 callbacks suppressed [ 65.854970][ T1640] loop2: detected capacity change from 0 to 1024 [ 65.856412][ T1600] loop3: p90 size 33554476 extends beyond EOD, [ 65.863809][ T1640] EXT4-fs: Ignoring removed nomblk_io_submit option [ 65.868184][ T1600] truncated [ 65.875978][ T1640] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.882347][ T1600] loop3: p91 size 33554476 extends beyond EOD, [ 65.888474][ T1640] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 65.895555][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 65.902027][ T1640] System zones: [ 65.909882][ T1600] truncated [ 65.916134][ T1640] 0-1 [ 65.920335][ T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 65.922336][ T1640] , 3-36 [ 65.924312][ T24] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 65.924332][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 65.933160][ T1640] [ 65.935664][ T1640] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 65.938710][ T1600] loop3: p92 size 33554476 extends beyond EOD, [ 65.971020][ T1640] xt_hashlimit: size too large, truncated to 1048576 [ 65.971147][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 65.971312][ T28] audit: type=1400 audit(1770157817.826:374): avc: denied { mounton } for pid=1639 comm="syz.2.449" path="/107/bus" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 66.022932][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 66.038958][ T284] EXT4-fs (loop0): unmounting filesystem. [ 66.044933][ T1600] truncated [ 66.048431][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.058458][ T1600] loop3: p93 size 33554476 extends beyond EOD, truncated [ 66.065687][ T24] usb 5-1: Product: syz [ 66.070661][ T1600] loop3: p94 size 33554476 extends beyond EOD, truncated [ 66.077993][ T24] usb 5-1: Manufacturer: syz [ 66.083259][ T1600] loop3: p95 size 33554476 extends beyond EOD, truncated [ 66.090807][ T24] usb 5-1: SerialNumber: syz [ 66.101359][ T1600] loop3: p96 size 33554476 extends beyond EOD, truncated [ 66.110641][ T1600] loop3: p97 size 33554476 extends beyond EOD, truncated [ 66.118942][ T1600] loop3: p98 size 33554476 extends beyond EOD, truncated [ 66.129026][ T1600] loop3: p99 size 33554476 extends beyond EOD, truncated [ 66.136675][ T1600] loop3: p100 size 33554476 extends beyond EOD, truncated [ 66.154280][ T1600] loop3: p101 size 33554476 extends beyond EOD, truncated [ 66.170673][ T1600] loop3: p102 size 33554476 extends beyond EOD, truncated [ 66.181063][ T1600] loop3: p103 size 33554476 extends beyond EOD, truncated [ 66.190602][ T1600] loop3: p104 size 33554476 extends beyond EOD, truncated [ 66.198835][ T1600] loop3: p105 size 33554476 extends beyond EOD, truncated [ 66.206707][ T1600] loop3: p106 size 33554476 extends beyond EOD, truncated [ 66.215031][ T1600] loop3: p107 size 33554476 extends beyond EOD, truncated [ 66.223092][ T1600] loop3: p108 size 33554476 extends beyond EOD, truncated [ 66.238267][ T1600] loop3: p109 size 33554476 extends beyond EOD, truncated [ 66.255421][ T1600] loop3: p110 size 33554476 extends beyond EOD, truncated [ 66.273126][ T1600] loop3: p111 size 33554476 extends beyond EOD, truncated [ 66.284036][ T1656] loop0: detected capacity change from 0 to 512 [ 66.301891][ T1600] loop3: p112 size 33554476 extends beyond EOD, truncated [ 66.318410][ T1600] loop3: p113 size 33554476 extends beyond EOD, truncated [ 66.333488][ T1600] loop3: p114 size 33554476 extends beyond EOD, truncated [ 66.344749][ T1660] ------------[ cut here ]------------ [ 66.350357][ T1660] kernel BUG at fs/buffer.c:2714! [ 66.355647][ T1600] loop3: p115 size 33554476 extends beyond EOD, truncated [ 66.370218][ T1600] loop3: p116 size 33554476 extends beyond EOD, truncated [ 66.385892][ T1660] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 66.386628][ T1600] loop3: p117 size 33554476 extends beyond EOD, [ 66.392113][ T1660] CPU: 1 PID: 1660 Comm: kmmpd-loop0 Not tainted syzkaller #0 [ 66.392134][ T1660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 66.392145][ T1660] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0 [ 66.392176][ T1660] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 d8 e1 e7 ff e9 b0 fe ff ff e8 1e b4 a2 ff 0f 0b e8 17 b4 a2 ff <0f> 0b e8 10 b4 a2 ff 0f 0b e8 09 b4 a2 ff 0f 0b e8 02 b4 a2 ff 0f [ 66.414427][ T1600] truncated [ 66.416066][ T1660] RSP: 0018:ffffc9000f8cfca0 EFLAGS: 00010293 [ 66.416089][ T1660] RAX: ffffffff81ceb7f9 RBX: 0000000000000000 RCX: ffff88811cc03cc0 [ 66.458257][ T1660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 66.466265][ T1660] RBP: ffffc9000f8cfcf0 R08: ffff888132ddfc7f R09: 1ffff110265bbf8f [ 66.474296][ T1660] R10: dffffc0000000000 R11: ffffed10265bbf90 R12: 0000000000000000 [ 66.482302][ T1660] R13: 1ffff110265bbf8f R14: ffff888132ddfc78 R15: 0000000000003801 [ 66.490473][ T1660] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 66.499434][ T1660] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.506306][ T1660] CR2: 00007f22dd7e1198 CR3: 000000011d813000 CR4: 00000000003506a0 [ 66.514316][ T1660] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.522320][ T1660] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.530325][ T1660] Call Trace: [ 66.533637][ T1660] [ 66.536591][ T1660] submit_bh+0x1f/0x30 [ 66.540693][ T1660] write_mmp_block_thawed+0x397/0x510 [ 66.546114][ T1660] ? read_mmp_block+0x720/0x720 [ 66.550996][ T1660] ? finish_task_switch+0x16b/0x7b0 [ 66.556234][ T1660] ? __switch_to_asm+0x3a/0x60 [ 66.561040][ T1660] write_mmp_block+0x138/0x2b0 [ 66.565861][ T1660] kmmpd+0x3ce/0x950 [ 66.568742][ T1600] loop3: p118 size 33554476 extends beyond EOD, truncated [ 66.569805][ T1660] kthread+0x281/0x320 [ 66.581018][ T1660] ? __cfi_kmmpd+0x10/0x10 [ 66.585586][ T1660] ? __cfi_kthread+0x10/0x10 [ 66.589386][ T1600] loop3: p119 size 33554476 extends beyond EOD, [ 66.590205][ T1660] ret_from_fork+0x1f/0x30 [ 66.591376][ T1600] truncated [ 66.596575][ T1660] [ 66.596593][ T1660] Modules linked in: [ 66.613705][ T24] usb 5-1: 0:2 : does not exist [ 66.619040][ T1600] loop3: p120 size 33554476 extends beyond EOD, truncated [ 66.636929][ T1600] loop3: p121 size 33554476 extends beyond EOD, truncated [ 66.654570][ T1600] loop3: p122 size 33554476 extends beyond EOD, truncated [ 66.662582][ T1660] ---[ end trace 0000000000000000 ]--- [ 66.668255][ T1600] loop3: p123 size 33554476 extends beyond EOD, truncated [ 66.676788][ T1660] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0 [ 66.682399][ T1600] loop3: p124 size 33554476 extends beyond EOD, truncated [ 66.690056][ T1660] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 d8 e1 e7 ff e9 b0 fe ff ff e8 1e b4 a2 ff 0f 0b e8 17 b4 a2 ff <0f> 0b e8 10 b4 a2 ff 0f 0b e8 09 b4 a2 ff 0f 0b e8 02 b4 a2 ff 0f [ 66.710097][ T1600] loop3: p125 size 33554476 extends beyond EOD, truncated [ 66.717681][ T1660] RSP: 0018:ffffc9000f8cfca0 EFLAGS: 00010293 [ 66.723996][ T1600] loop3: p126 size 33554476 extends beyond EOD, truncated [ 66.731674][ T1660] RAX: ffffffff81ceb7f9 RBX: 0000000000000000 RCX: ffff88811cc03cc0 [ 66.739899][ T1600] loop3: p127 size 33554476 extends beyond EOD, truncated [ 66.747902][ T1660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 66.756080][ T1600] loop3: p128 size 33554476 extends beyond EOD, truncated [ 66.763816][ T1660] RBP: ffffc9000f8cfcf0 R08: ffff888132ddfc7f R09: 1ffff110265bbf8f [ 66.772068][ T1600] loop3: p129 size 33554476 extends beyond EOD, truncated [ 66.779764][ T1660] R10: dffffc0000000000 R11: ffffed10265bbf90 R12: 0000000000000000 [ 66.787995][ T1600] loop3: p130 size 33554476 extends beyond EOD, truncated [ 66.795621][ T1660] R13: 1ffff110265bbf8f R14: ffff888132ddfc78 R15: 0000000000003801 [ 66.803830][ T1600] loop3: p131 size 33554476 extends beyond EOD, truncated [ 66.811376][ T1660] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 66.820526][ T1600] loop3: p132 size 33554476 extends beyond EOD, truncated [ 66.828892][ T28] audit: type=1400 audit(1770157818.686:375): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 66.849079][ T1660] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.849231][ T286] EXT4-fs (loop2): unmounting filesystem. [ 66.849246][ T1660] CR2: 00002000000021c0 CR3: 0000000109553000 CR4: 00000000003506a0 [ 66.869814][ T1600] loop3: p133 size 33554476 extends beyond EOD, truncated [ 66.877495][ T1600] loop3: p134 size 33554476 extends beyond EOD, truncated [ 66.885090][ T1660] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.893374][ T1600] loop3: p135 size 33554476 extends beyond EOD, truncated [ 66.900943][ T1660] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.909142][ T1600] loop3: p136 size 33554476 extends beyond EOD, truncated [ 66.916952][ T1660] Kernel panic - not syncing: Fatal exception [ 66.923595][ T1660] Kernel Offset: disabled [ 66.927925][ T1660] Rebooting in 86400 seconds..