last executing test programs: 10m21.081341255s ago: executing program 0 (id=6728): r0 = syz_open_procfs(0x0, &(0x7f00000008c0)='personality\x00') pread64(r0, &(0x7f0000000180)=""/252, 0xfc, 0x0) 10m20.815039289s ago: executing program 0 (id=6731): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000022c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4056, &(0x7f0000001100)={[{@noload}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@lazytime}, {@jqfmt_vfsv0}, {@noquota}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x4200, 0x0) 10m20.09114378s ago: executing program 0 (id=6743): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x88400) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000600)={{0x3, 0x1, 0x7, 0x3}, 0x1, 0x405}) 10m19.810747814s ago: executing program 0 (id=6737): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f626172726965722c63726561746f723d5c5d07842c63726561746f723dbd3cfff52c6e6c733d63703433372c756d61736b3d3030303030303030303030303030000000000000dc599bad22eebebb0002372c6e6f6465000000000000000000"], 0x1, 0x6a4, &(0x7f0000001380)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 10m19.447059319s ago: executing program 0 (id=6745): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x338, 0x0, 0x2b8, 0xb0000010, 0x0, 0x5c8f0200, 0x268, 0x3a8, 0x3a8, 0x268, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [0xff], [], '\x00', 'veth0_to_team\x00'}, 0x0, 0x118, 0x178, 0x700, {}, [@common=@inet=@socket3={{0x28}, 0x7}, @common=@unspec=@limit={{0x48}, {0x0, 0x3, 0x0, 0x0, 0x20000}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [0xff0000ff, 0x0, 0xffffff00, 0xffffff00], 0x4e23, 0x4e23, 0x4e23, 0x4e20, 0xfffffff4, 0x0, 0x0, 0x8, 0x9}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, [0xff, 0xff000000, 0xffffff00, 0xffffff00], [0xffffffff, 0xffffff00, 0xff000000, 0xd73e1135d3f8cc97], 'team_slave_0\x00', 'pim6reg1\x00', {0xff}, {0xff}, 0x2e, 0xb, 0x0, 0x12}, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x398) 10m18.839090608s ago: executing program 0 (id=6752): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100fffe08000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000007e80000000c0a01020000000000000000010000000900020073797a3200000000bc000380b8000080040001800800034000000001a70006405874fd04555f34bfb6883c455badd8ee73b69053195c1a548b87db501b5dd31ceb6f46b53fa1c4199db2eb9f427535051a649c6ad6323b68e75ab46b96e9aea0c70d9d58ef1ced986502244edc6476ab1f81c8d68417832d433c549b84668d6c105c70e37190158f6a09b40ce003af42329a48a49ac02cf57b4af74f6ef010bf0ab07f01707332b06c1294c3439007aa095134395e74f311ad26a44edc70ea82a8a14d000900010073797a30"], 0x194}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 10m18.318208516s ago: executing program 32 (id=6752): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100fffe08000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000007e80000000c0a01020000000000000000010000000900020073797a3200000000bc000380b8000080040001800800034000000001a70006405874fd04555f34bfb6883c455badd8ee73b69053195c1a548b87db501b5dd31ceb6f46b53fa1c4199db2eb9f427535051a649c6ad6323b68e75ab46b96e9aea0c70d9d58ef1ced986502244edc6476ab1f81c8d68417832d433c549b84668d6c105c70e37190158f6a09b40ce003af42329a48a49ac02cf57b4af74f6ef010bf0ab07f01707332b06c1294c3439007aa095134395e74f311ad26a44edc70ea82a8a14d000900010073797a30"], 0x194}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 4m16.511725813s ago: executing program 3 (id=11305): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, 0x0) 4m16.359787305s ago: executing program 3 (id=11309): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x48) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r0, 0x2000000, 0xa, 0x0, &(0x7f0000000040)="13435c46632b5f1ef020", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m16.109850609s ago: executing program 3 (id=11313): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x2, 0x0, 0x0) 4m15.918707352s ago: executing program 3 (id=11315): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000140)={[{@nodecompose}, {@nobarrier}, {@nodecompose}, {@force}, {@nobarrier}, {@type={'type', 0x3d, "aff0aae8"}}, {@nls={'nls', 0x3d, 'iso8859-9'}}]}, 0x44, 0x6ff, &(0x7f0000000500)="$eJzs3U1sHGf5APBn1uu1N5XcbZu0/f+FFKsRETSQ2F5KgoREqBDyoUKRuPS6JE5jee1GtoucCBEXKBzhhHLooQiZQ0+oB6QiDohyRkLiinKPxD3iwKKZnVnvh73ebfyRhN9Pmp13Zt6PZ57OvN6dbbQB/M9afDsmtyOJxQtvbaXbD3bqzQc79dWiHBFTEVGKKLdXkaxFJJ9FXI32Ev+X7sy7S/Yb542Hn354/v7H9fZWOV+y+qVh7Xa1hoywnS8xGxET+XpM5f36ux5vDvR3b6yuk07cacLOFYmDk9YasD1O8xHuW+BJdy9iYnKP/bWIUxExnb8PiHx2KB1zeIdurFkOAAAAnkwTB1V4/lE8iq2YOZ5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NmQtH8zMMmXUlGejaT4/f9Kvi9VqZxwvMN95YDjH9w8pkAAAAAAAAAA4Eh8kn9xf/ZRPIqtmCn2t5LsO//Xso3T2etz8V5sxFKsx8XYikZsxmasx3zE5ExXh5Wtxubm+vxgy19H2rLVat3LWy5ERG2g5cI+gZYO+cQBAAAAAAAA4Nn0k1iMmZMOAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuiURE+1VtpwuyrUolSNiOiIqab3tiD8V5afZn086AAAAADh61Xw9k/ynXWgl2Wf+l7PP/dPxXqzFZizHZjRjKW5kzwLan/pLf9+uNx/s1FfTZbDjb/9rrDiyHiNiIt7fZ+S5rMaZTovF+G58Py7EbFyL9ViOH0YjNmMpZqOankQ0Iolatf30olbEuXe8V3u2rvXHdrZv+9UskmrcjOUstotxvRLtxybZOaRjvto12h8qEX0jvp9mJ/lWbsQc3ej67/Wr/LlMrvX8iH0cjVp25pOdjMyluc+z8cLw3I95nfSPNB+lzjOo07ujpJv9IxU5/8E4OT/VXk2nLz/vzflhG/NRWn8mFqKUX30RL/fm/PYX77/Y2/jL//jLtVultZVbNzcuHOEpPY7ZgypMFoX+TNS7MvHK8Ksvz0QzzcT26JmY7N8xPWrLo1XJs5FNRSPOlt/JSo14resSfDduxFJcjrmYjysxF9+Ihah3rrB0OdOT13J9tTcn2b1WGpzfqkOCP/elrkq/OKDy8Urz8kJXXrtnulp2LN9z9Zcx13X1vTj86hv7r0A6/v/n5XSMn3b+4jwJejKRz81FdC8Nz8RvWunrRnNtZf1W4/aI453P1+lt+0Hv3Pzb0aPu/+t+GNLrJZ1xy9lWlpNqcb2kx17qRNubr0r+jUu7XWng2JnOsVrMxHJ8b987tZK/hxvsqX3sle5j/9ydOSv5+5viWM+7nHg3mtm7kD4HTtUAHLNTr5+qVB9W/1b9qPqz6q3qW9NvTl2Z+kIlJv9a/uPE70u/K30zeT0+ih/HzElHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4KNO3dXGs3m0nqnENP9ex63UNl3rOGFKB1YZ+e50TqMWsTwsZK8UDncc38aC9Xo21P8wtLj9vxJRAypU3ns4JOxr7GxC2keDqXDVqud1GxPa2KM5uWi1d51yrExHSuNpLzHHTe1exdEbaXR/Herp3k1um4Z4Bl3aXP19qWNO3e/urzaeGfpnaW1hSuXr1yuf33+a5duLjeX5tqvJx0lcBQ27tyd2GP3wC/dAgAAAAAAAAAAAE+O/P/+3/zc/5ihfECdyvrG3iOfPe5TBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5Si2/H5HYkMT93cS7dfrBTb6ZLUd6tWY6IUkQkP4pIPou4Gu0lal3dJfuN88bDTz88f//j+m5f5aJ+aVi70WznS8xGxES+PtjUHt0M9ne9q7/tzxVe0jnDNGHnisTBSftvAAAA//9u//cB") mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='tracefs\x00', 0x800, 0x0) 4m15.612677977s ago: executing program 3 (id=11320): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280340001800a0001006c696d6974000000240002800c000140fffffffff6fffffd0c000240000000000000100008000340000007ff08000340000001"], 0xc4}}, 0x20050800) 4m15.027106645s ago: executing program 3 (id=11325): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000280)={0x0, @bt={0xb40, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x0, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xd1, 0x2800, 0x30, {0xb, 0xffffffff}, 0xd0, 0x5}}) 4m14.591486182s ago: executing program 33 (id=11325): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000280)={0x0, @bt={0xb40, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x0, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xd1, 0x2800, 0x30, {0xb, 0xffffffff}, 0xd0, 0x5}}) 3m35.115684122s ago: executing program 1 (id=11702): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) clock_getres(0x5, 0x0) 3m34.906098826s ago: executing program 1 (id=11704): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x6, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x2b}]}, &(0x7f0000000000)='GPL\x00'}, 0x94) 3m34.635030419s ago: executing program 1 (id=11707): r0 = socket(0x1e, 0x4, 0x0) sendmmsg(r0, &(0x7f0000001880)=[{{&(0x7f0000001180)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x0, 0x2, 0x2, {0xa, 0x4e20, 0xf, @ipv4={'\x00', '\xff\xff', @empty}, 0x7}}}, 0x80, 0x0}}], 0x1, 0x0) 3m34.437288432s ago: executing program 1 (id=11711): syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@errors_remount}, {@gid}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@fmask={'fmask', 0x3d, 0x8c1}}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@errors_continue}, {@keep_last_dots}, {@errors_remount}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@namecase}]}, 0x1, 0x1531, &(0x7f0000001f80)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k1imSTJJUkuSZIkSW4JSZMcSUgMuSUNSch1SC5DSC4Tk8b9fr8kJEmTJCG5Jev/Ef7qVL9zzu/0O86neb6fz/5Yz+z9rP287/Ne1t6YbzoOqtageuV6RAT/FrzwRxIAxAJAPwC4BgACACgdVzru/P7sEpP+vZOwP9fDqVe6AnYlcf+zNu5/1sb9z9q4/1kb9z9r4/5nbdz/rI37z1hWtnFq/mt5y7ob3///66vzh3v4+/8vJLPE6C9Wl7i+E0DMP5vC/c/auP9/WcE/cxD3P2vj/mdVsVe6APZfgN//f0lNfh1m+8MDuf9ZG/efsazsSt9/vtIbRLL2c3ClX3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxrKGU/6i0+AVAFwKr3RdjDHGGGOMMcYY+/P4bFe6AsYYY4wxxhhjjP3fQxAgQUEAMZANYiE75AABAFdDLrgGInAtxMF1kBuuhzyQF/JBfoiHAlAQNBiwQBBCISgMUbgBisCNUBRugmJQHByUgAS4GUrCLVAKboXScBuUgduhLJSD8lAB7oCKcCdUgrugMtwNVaAqVIPqcA/UgHuhJtwHteB+qA0PQB14EOrCQ1APHob68Ag0gEehITwGjaAxNIGm0Ox/lf8idIWXoBt0hyToAT3hZegFvaEP9IV+8Ar0h1dhALwGyTAQBsHrMBjegCHwJgyFYTAc3oIRMBJGwWgYA2MhBcbBeHgbJsA7MBEmwWSYAqkwFabBuzAdZsBMeA9mwfswG+bAXJgHafABzIcFkA4fwkL4CDJgESyGJbAUlsFyWAErYRWshjWwFtbBetgAG2ETbIYtsBW2wXb4GHbAJ7ATdsFu+BT2wGf/Yv7Jv8vvhICAAgUqVBiDMRiLsZgDc2BOzIm5MBdGMIJxGIe5MTfmwTyYD/NhPMZjQSyIBg0SEhbCQhjFKBbBIlgUi2IxLIYOHSZgApbEW7AUlsLSWBrLYBksi+WwHFbAClgRK2IlrISVsTJWwSpYDavhPXgP9sCaWBNrYS2sjbUv3Z7CelgP62N9bIANsCE2xEbYCJtgE2yGzbA5NscW2AJbYStsja2xDbbBREzEttgW22E7bI/tsQN2wI7YETthZ+yc+WI2wJfwJeyOVUQP7Ik9sRcmZ+uDfbEvvoL98VV8FV/DZByIg/B1fB3fwCF4AofiMByOw7GiGImjcDSSGIspmILjcTxOwAk4ESfhJJyCqTgVp+E0nI4zcAa+h7PwfXwf5+AcnIdpmIbzcQGmYzouxJOYgYtwMS7BpbgMl+IKXIkrcDWuwdW4DtfhBtyAm3ATbsEtuA234ceoAPAT3IW7MBn34B7ci3txH+7D/bgfMzETD+ABPIgH8RAewsN4GI/gUTyGR/E4HscTeBJP4Sk8g2fwLD4f/1X9j29alQziPCWUiBExIlbEihwih8gpcopcIpeIiIiIE3Eit8gt8og8Ip/IJ+JFvCgoCgojjCARxgCAiIqoKCKKiKKiqCgmigknnEgQCaKkKClKiVKitLhNlBG3i7KinGjpKogKoqJo5SqJu0RlUVlUEVVFNVFdVBc1RA1RU9QUtUQtUVvUFnXEg6Ku6IF98GFxvjMNxEBsKAZhI9FYyIufYM3FEGwhWopW4kkxDIdiG9HcJYpnRFsxCtuJv4nR+JzoIMZiR/GC6CQ6iy7iRdFVtHDdRHcxEXuInmIK9hK9RR/RV0zHquI9nJW9mnhNJIuBYpB4XczDN8QQ8aYYKoaJ4eItMUKMFKPEaDFGjBUpYpwYL94WE8Q7YqKYJCaLKSJVTBXTxLtiupghZor3xCzxvpgt5oi5Yp5IEx+I+WKBSBcfioXiI5EhFonFYolYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iY7FDfCJ2il1it/hU7BGfib3ic7FPfCH2iy9FpvhKHBBfi4PiG3FIfCsOi+/EEXFUHBPfi+PiB3FCnBSnxGlxRvwozoqfxDnhBUiUQkqpZCBjZDYZK7PLHPIqmVMGF5/da2WcvE7mltfLPDKvzCfzy3hZQBaUWhppJclQFpKFZVTeIIvIG2VReZMsJotLJ0vIBHmzLClvkaXkrbK0vE2WkbfLsrKcLC8ryDtkRXmnhMiFc1SRVWU1WV3eI5PgXllT3idryftlbfmArCMflHXlQ7KefFjWl4/IBvJR2VA+JhvJxrKJbCqbycdlc/mEbCFbylbySdlaPiXbyKdlonxGtpX+4kvkOdlBPi87yhdkJ9lZdpE/yXPSy26yu4QeIHvKl2Uv2Vv2kX1lP/mK7C9flQPkazJZDpSD5OtysHxDDpFvyqFymBwu35Ij5Eg5So6WY+RYmSLHyfHybTlBviMnyklyspwiU+VU2efiTDOl/If5b/9O/oCfz75BbpSb5Ga5RW6V2+R2+bHcIXfInXKn3C13yz1yj9wr98p9cp/cL/fLTJkpD8gD8qA8KA/JQ/KwPCyPyKPytPxeHpc/yBPypDwpT8sz8ow8e/E5AIVKKKmUClSMyqZiVXaVQ12lcqqrVS51jYqoa1Wcuk7lVterPCqvyqfyq3hVQBVUWhllFalQFVKFVVTdgBdfMKqYKq6cKqES1M3/Sr4qom5URdVNv8q/VF/SH9TXTDVTzVVz1UK1UK1UK9VatVZtVBuVqBJVW9VWtVPtVHvVXnVQHVRH1VF1Up1UF9VFdVVdVTfVTSWpJNVTvax6qd6qj+qr+qlXVH/VXw1QA1SySlaD1CA1WA1WQ9QQNVQNVcPVcDVCjVCj1Cg1Ro1RKSpFjVfj1QQ1QU1UE9VkNVmlqlQ1TU1T09V0NVPNVLPULDVbzVZz1VyVptLUfDVfpat0tVAtVBlqkVqklqglaplaplaoFWqVWqXWqDVqnVqnMtRGtVFtVpvVVrVVbVfb1Q61Q+1UO9VutVvtUXvUXrVX7VP71H61X2WqTHVAHVAH1UF1SB1Sh9VhdUQdUcfUMXVcHVcn1Al1Sp1SZ9QZdVadVefUufPLvkAEIlCBCmKCmCA2iA1yBDmCnEHOIFeQK4gEkSAuiAtyB9cHeYK8Qb4gfxAfFAgKBjowgQ3ExaZHgxuCIsGNQdHgpqBYUDxwQYkgIbg5KBncEpQKbg1KB7cFZYLbg7JBuaB8UCG4I6gY3BlUCu4KKgd3B1WCqkG1oHpwT1AjuDeoGdwX1AruD2oHDwR1ggeDusFDQb3g4aB+8EjQIHg0aBg8FjQKGgdNgqZBsz91fu9P5H3CddPddZLuoXvql3Uv3Vv30X11P/2K7q9f1QP0azpZD9SD9Ot6sH5DD9Fv6qF6mB6u39Ij9Eg9So/WY/RYnaLH6fH6bT1Bv6Mn6kl6sp6iU/VUPU2/q6frGXqmfk/P0u/r2XqOnqvn6TT9gZ6vF+h0/aFeqD/SGXqRXqyX6KV6mV6uV+iVepVerdfotXqdXq836I16k96st+itepverj/WO/QneqfepXfrT/Ue/Zneqz/X+/QXer/+Umfqr/QB/bU+qL/Rh/S3+rD+Th/RR/Ux/b0+rn/QJ/RJfUqf1mf0j/qs/kmf0/784v7817tRRpkYE2NiTazJYXKYnCanyWVymYiJmDgTZ3Kb3CaPyWPymXwm3sSbgqagOY8MmUKmkImaqCliipiipqgpZooZZ5xJMAmmpClpSplSprQpbcqYMqasKWvKm/LmDnOHudPcae4yd5m7zd2mqqlqqpvqpoapYWqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkmpgmpplpZpqb5qaFaWFamVamtWlt2pg2JtEkmramrWln2pn2pr3pYDqYjqaj6WQ6mS6mi+lquppupptJMkmmp+lpeplepo/pY/qZfqa/6W8GmAEm2SSbQWaQGWwGmyFmiBlqhpnh5xeqZqQZZUZ/O8aMNSkmxYw3480EM8FMNBPNZDPZpJpUM81MM9PNdDPTzDSzzCwz28w2c81ck2bSzHwz36SbdLPQLDQZJsMsNovNUrPULDfLzUqz0qw2q81aWGvWm/Vmo9loNpvNZqvZarab7WaH2WF2mp1mt9lt9pg9Zq/Za/aZfWa/2W8yTaY5YA6Yg+agOWQOmcPmsDlijphj5pg5bo6bE+aEOWVOmTMm78XvS29ibXabw15lc9qrbS57jf37OJ/Nb+NtAVvQapvH5v1VbKy1Re1Ntpgtbp0tYRPszb+Jy9pytrytYO+wFe2dttJv4hr2XlvT3mdr2fttdXvPr+La9gFbxz5q6yIC2Ma2vm1qG9hHbUP7mG1kG9smtqltbZ+ybezTNtE+Y9vaZ38Tz7cL7Eq7yq62a+xOu8uesqftQfuNPWN/tN1sd9vPvmL721ftAPuaTbYDfxMPt2/ZEXakHWVH2zF27G/iyXaKTbVT7TT7rp1uZ/wmTrMf2Fk23c62c+xcO+/n+HxN6fZDu9B+ZDNsAIvtErvULrPL7Yr/X+sSu86utxvsDvuJ3Wy32K12m91+aSFsd9nd9lO7x35mD9iv7T77hd1vD9lM+9XP8fnHd8h+aw/b7+wRe9Qes9/b4/YH9XPuyF4A9kf7vf3JnrPeAiEBSVIUUAxlo1jKTjnoKspJV1MuuoYidC3F0XWUm66nPJSX8lF+iqcCVJA0GbJEFFIhKkxRuoEulVeMipOjEpRAN1NJuoVK0a1Umm6jMnQ7laVyVJ4q0B1Uke6kSnQXVaa7qQpVpWpUne6hGnQv1aT7qBbdT7XpAapDD1Jdeojq0cNUnx6hBvQoNaTHqBE1pibUlJrR49ScnqAW1JJa0ZPUmp6iNvQ0JdIz1JaepXb0N2pPz1EHep460gvUiTpTF3qRutJL1I26UxL1oJ70MvWi3tSH+lI/eoX606s0gF6jZBpIg+h1Gkxv0BB6k4bSMBpOb9EIGkmjaDSNobGUQuNoPL1NE+gdmkiTaDJNoVSaStPoXZpOM2gmvUez6H2aTXNoLs2jNPqA5tMCSqcPaSF9RBm0iBbTElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDt9TDvoE9pJu2g3fUp76DPaS5/TPvqC9tOXlElf0QH6mg7SN3SIvvXd6Ts6QkfpGH1Px+kHOkEn6RSdpjP0I52ln+gceYIQQxHKUIVBGBNmC2PD7GGO8KowZ3h1mCu8JoyE14Zx4XVh7vD6ME+YN8wX5g/jwwJhwVCHJrQhhWFYKCwcRsMbwiLhjWHREMNiYfHQhSXChPDmsGR4S1gqvDUsHd4WlglvD8uG5cJH768Q3hFWDO8MK4V3hZXDu8MqYdWwWlg9vCesEd4b1gzvC2uF94elwgfCOuGDYd3wobBe+HBYP3wkbBA+GjYMHwsbhY3DJmHTsFn4eNg8fCJsEbYMW4VPhq3Dp8I24dNhYvhM2DZ89uf9Dyz44/1JYY+wZ/hy+HLo/X1ybnReNC36QXR+dEE0PfphdGH0o2hGdFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRD1Pvq2cChE0465QIX47K5WJfd5XBXuZzuapfLXeMi7loX565zud31Lo/L6/K5/C7eFXAFnXbGWUcudIVcYRd1N7gi7kZX1N3kirnizrkSLsE1dc1cM9fcPeFauJaulXvSPemeck+5p93T7hnX1j3r2rm/ufbuOdfBPe+edy+4Tq6z6+JedF3duFwX3pNJrqfr6Xq5Xq6P6+P6uX6uv+vvBrgBLtklu0FukBvsBrshbogb6oa64W64G+FGuFFulBvjxrgUl+LGu/FugpvgJrqJbrKb7FJdqpvmprnpbrqrOOPCWWa72W6um+vSXJqb786vGdPdQrfQZbgMt9gtdkvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt9Nfc2FSt8ftdXvdPrfP7Xdfukz3lTvgvnYH3TfukPvWHXbfuSPuqDvmvnfH3Q/uhDvpTrnT7oz70Z11P7lzzruUyLjI+MjbkQmRdyITI5MikyNTIqmRqZFpkXcj0yMzIjMj70VmRd6PzI7MicyNzIukRT6IzI8siKRHPowsjHwUyYgsiiyOLIksjSyLeF9gc+gL+cI+6m/wRfyNvqi/yRfzxb3zJXyCv9mX9Lf4Uv5WX9rf5sv4231ZX86X94/5Rr6xb+Kb+mb+cd/cP+Fb+Ja+lX/St/ZP+Tb+aZ/on/Ft/bO+nf+bb++f8x38876jf8F38p19F/+i7+pf8t18d5/ke/ie/mXfy/f2fXxf38+/4vv7V/0A/5pP9gP9IP+6H+zf8EP8m36oH+aHx7zlR1y6RIaxPsWP8+P9236Cf8dP9JP8ZD/Fp/qpfpp/10/3M/xM/56f5d/3s/0cP9fP82n+Az/fL/Dp/kO/0H/kM/yiSzeV/XK/wq/0q/xqv8av9ev8er/Bb/Sb/Ga/xW/12/x2/7Hf4T/xO/0uv9t/6vf4z/xe/7nf57/w+/2XPtN/5Q/4r/1B/40/5L/1h/13/og/6o/57/1x/4M/4U/6U/60P+N/9Gf9T/4c/581xhhjjLF/yrjLQ/HrPRdu5/f4nRzxi4N7AsDVW/Jn/nL/+RXl2jwXxr1FfOsIADzTvePDl7YqVZKSki4emyEhKDwH4NLfBJ0XA5fjRdAKnoJEaAklf7f+3qLzGfoH80dvA8jxi5xYuBxfnv9zAEz6nfkff3L4/DLhqbj/Yf45AEULX87JDpfjRdDq5/srLaHUH9Sft/kv64/97fzZv0gBaPGLnJxwOb5cfwI8Ac9C4q+OZIwxxhhjjDHGLugtyre/dP156V98/t71eby6nJMNLsf/6PqcMcYYY4wxxhhjV95znbs8/XhiYsv2//qg0v8q658eNIT/q5l58LsD7wEu/UQBwL85IcD5gfxPPopN/5FzJV986/z9rqWnfQD/Ha38MwZX+IOJMcYYY4wx9qe7vOj/9c/VlSqIMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLgv4Tv07sSj9GxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Er7fwEAAP//nXwDKg==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) 3m33.891598901s ago: executing program 1 (id=11718): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x2012, r0, 0x0) 3m33.21979728s ago: executing program 1 (id=11726): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r0, 0x10c, 0x3, &(0x7f0000000040)=0x2, 0x4) 3m32.725730798s ago: executing program 34 (id=11726): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r0, 0x10c, 0x3, &(0x7f0000000040)=0x2, 0x4) 5.719155205s ago: executing program 6 (id=14188): r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x10, 0x2) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000180)={{{0x9, 0x1}}, 0x87, 0xbf, &(0x7f0000000680)="a0e0dd4d5d9d1a951ed0d1c1fa9abbfb10e5945a80a15c880eb5db2b79a94f4ad076c69884c14f422632d201b86df4c505bc445482ed0e09a217303d1e0f1ca000f5271c179bc7e648d43e0fc6d13f095a6552da124dc7dda664876b2deb1fee803840957e4d12bed99913456a216e4895610d894c929d73fef6066f88ca6fecacc9991ecc54ef"}) 5.530592868s ago: executing program 6 (id=14192): syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x4c200, 0x0, 0x0, 0x0, 0x0, 0x0) 3.444421279s ago: executing program 5 (id=14210): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000200)={0x2, 0x3, 0x0, 0x1000, 0x0, 0xfffffffe, 0x0}) 3.219437243s ago: executing program 5 (id=14211): r0 = io_uring_setup(0x4126, &(0x7f0000000440)={0x0, 0xd80e, 0x2, 0x0, 0x1000000}) io_uring_register$IORING_REGISTER_RING_FDS(r0, 0x13, &(0x7f0000001bc0), 0x2) 3.106958644s ago: executing program 5 (id=14212): syz_mount_image$msdos(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000007478cf766fad360bd9a233d006108a629dbd48ed58dc9ae5f07bb432719300b5fe721399ec84099df66fbb09c281c6a1c74c68737024347442372bd50cdfe3dd93d07fd6d5e96a8baf0704a0ec18b22c79dc906ff47802fb57f91525c3b68ed23c700e434e796d38ea8417bd97ce67812054208d4dfa866c71fd2b3cb6723689f9dd242e22"], 0x3, 0x2cb, &(0x7f00000006c0)="$eJzs3T1rm0cAB/Cr7NpFxS9ToV16tEu7PLjuF6goNpgKWlwrJBkCj/HjREiRjB5BJJPBe5bs+QYmY7ZAyBcw5ENk8xI8eYqCLcdvccgQ5Aej3w/E/eGP4I7jxC3i9m8/fdjYzJPNtBtKf8UwGUIoHYYwH0phIgx9czKWjvNUOG8n/F5+8+zJ/3fu/lOpVpdWY1yurP25GGOc/fnVo8fPf3nd/f7Wi9mX02Fv/t7+u8W3ez/s/bj/fu1BPY/1PLba3ZjG9Xa7m643s7hRzxtJjP81szTPYr2VZ50L/WazvbXVj2lrY6a81cnyPKatfmxk/dhtx26nH9P7ab0VkySJM+XAl9R2V1fTStGzYLQ6nUp6dIanP2lqu4VMCAAolPv/OHP/HwdH9/+pk/N7kfs/AAAAAAAAAAAAAADcBIeDwdxgMJj7OF7+FD0/Rsv+jzf7P97s/3g798fd70I42OnVerXhOOyXV6pLC/HY/Nm3Dnq92sRp/8ewjxf7b0P5pF+8sp8Kv/067I+6v/+tXuqnw8bolw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx5J46sr3/ZPkc/0wLa9UlxaufN9/Mvw0eW3LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICvkve3G2mzmXUEQRBOQ9G/TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD9zh79LnomAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCnvbzfSZjPrjDAUvUYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJvoQwAAAP//jsgAew==") rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00') 2.671035751s ago: executing program 5 (id=14214): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x200}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000008000000000000000000000b7080000000000007baaf0ff00000000b5080400040000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000418230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000300)='GPL\x00', 0x9, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x1}, 0x94) 2.435161304s ago: executing program 5 (id=14216): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000200), 0x1, 0x14f, &(0x7f0000000240)="$eJzs289KAlEUx/HfqKnZP8tqES2CINrkqIHVzh5FdBJpLMk2ShA9Su9Xi3atMhz0hqMQGHrJ+X42np+Hi2cWV89GAYisio7kyFFyEA7T2eecY3skAAvSH75+9QFET/zT9gQA7Hi/ltqS3j6eaoonJ/aDQb8y6sdSk/0X6SAx7DtprYb3i1fpZHTeyUw9nzH9tan90+PR569rQ5vaUlbb2lFu2K+b8/t/2IQAAIgOR/lwHnsjppum7xVMXgly0eRkkEuhfG5yKsj52r1fn9cjAJhR7Jf7Hw/d/0To/gP4vzrd3m3V970HCgoKClPY/mYCMG/uY6vtdrq9s2ar2vAa3l25VC5fFS4vim6w+Lvj6z+AJfLzo297EgAAAAAAAAAAAAAAMKtd7dkeAQAAAMCCLOLvRLafEQAAAAAAAAAAAAAAAACAZfMdAAD///JsITY=") 2.069731799s ago: executing program 6 (id=14219): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x10, 0x140c, 0x1, 0x70bd28, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x4048005}, 0x4000) 2.06447153s ago: executing program 5 (id=14221): syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)={[{}]}, 0x1, 0x232, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiAwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1t9BgaGDSDnulXOjbnrFi/ItUz9fN2bFwwHoz5PZGBkZGBgYmCYGbZzD7K/yhugkcHAzMDAoMIAUsTCkJaZk2rgwcDIwMzAws6ADGCqmRg4wKr0kvNzUtoZGMFJAKxtOQML3AzDxwys/CDlII7RYwZWuIyxRQPMyHYorQKlPaD0cij9GErLoyUbFrAJ/VCeRgMDAxtDReJ//iJDNgYGhorEkpIiQ4hYSUmREVzMSABuMxPU1rlMqJ47zsQwCkbBKBgFo2AUjIJRMApGwSgYBSMZAAIAAP//kpC1eQ==") syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da000905"], 0x0) 1.882694832s ago: executing program 6 (id=14224): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}]}}}]}, 0x44}}, 0x20000804) 1.798936924s ago: executing program 4 (id=14225): r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x59455247, 0x280, 0x168, 0x0, @discrete={0x5, 0x6}}) 1.667192326s ago: executing program 6 (id=14227): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000001200)={0x2, 0x18, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@mcast1, @in6=@local}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}, @in={0x2, 0x4e20, @local}}]}, 0xb8}}, 0x0) 1.468754058s ago: executing program 4 (id=14229): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x2000006, &(0x7f0000000280)={[{@uni_xlateno}, {@utf8no}, {@uni_xlateno}, {@uni_xlate}, {@fat=@showexec}, {@fat=@nfs}, {@iocharset={'iocharset', 0x3d, 'cp869'}}, {@shortname_mixed}, {@utf8}, {@utf8}, {@rodir}, {@uni_xlate}, {@numtail}, {@utf8}, {@numtail}, {@uni_xlate}, {@uni_xlateno}, {@uni_xlate}]}, 0x35, 0x34f, &(0x7f00000004c0)="$eJzs3T9sG2UUAPDnXhKnESUekCqYDBsSqpogBpgSVUWqyABFFv8WLJryJzaVYmEpDHG8gComEAsSTGwdYOyMGBBiY2ClSKiAWOhWqRGHbJ/tc+xQZ3Boxe83RE/v+9597y6n3CVKvrzeiq1L83H51q2bsbhYiLm1c2txuxClOBFJ9OzFRB8tTM4DAPe422kaf6U9d5/9yVI/8uwHgPtX9/n/5qlhoniE4qsPzKIlAGDGpvz+//mJ2SszawsAmKGx5/9jI8MHfsw/N/idAADg/vXiK68+t74RcbFcXoyof9isNCvxzHB8/XK8HbXYjLOxHPsRvReF3ttC5+OzFzbOny13/FaKSqeiWYmot5qV3pvCetKtL8ZKLEcpq08H9UmnfqVbX46IvVZ3/agXmpX5WMrW/3kpNmM1luOhsfqICxvnV8vZASr1fn0roh2L/ZPo9H8mluPHN+JK1OJSdGqH/e+ulMvn0o2R+ua1YnceAAAAAAAAAAAAAAAAAAAAAADMwpnyQGmw/01abzU/uHhwQmlkf5xKbzjbH6jd2x8oLfZ357maHNwfaHR/nmZlLk78p2cOAAAAAAAAAAAAAAAAAAAA947GzkJUa7XN7cbO+1v5oJXLvPv9V9+ejP7QXFb6TjKsiiw5cpz+xNyRkxgskQ7K02RkThYkEf3Je9Vr1wcd5+cUB2cxVt4JimNDhaynaq126tFfP59U9Xcn2Otmkhi7LKNBIVs/N1R/sJNYjIj9w6oOD1bvMudGmqaHle9+Nl4VhYi5OHIbUwTf3Xzr4Scbp5/qZr7JNn14/Inll258+uUfW9VatHtXplZb2G7sp1McudPr+FCSu38K2XUuTLgTJgftYaa93dipJj/9+fIjH/9wYHIy+f5J85n3Dl/r64OZhV5QiCj1L8K/tTo/4eafHLx2Z3D3Hv0Td/qLter13V9+n7Yq90XCRh0AAAAAAAAAAAAAAAAAAHAscn8rfgRPvzC7jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+A3//38uaI9lpgnutGJ8qLi53Th08ZPHeqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyP/RMAAP//rShzCQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) 1.468600798s ago: executing program 6 (id=14230): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x40000000040a01, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) 1.056089455s ago: executing program 2 (id=14233): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, 0x0, 0x16) 1.003620785s ago: executing program 4 (id=14234): r0 = socket$inet(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x3}, 0x10, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000440)='j', 0x1}], 0x2}, 0x800) 963.301666ms ago: executing program 2 (id=14235): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 872.046987ms ago: executing program 4 (id=14236): r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0xa0100, 0x0) lseek(r0, 0x0, 0x0) 821.738308ms ago: executing program 2 (id=14237): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000500)={[&(0x7f0000000000)='.+-:\x00', &(0x7f0000000540)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x13\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\\h\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc\xdc\n\x88\xfc\xcci\xc1\xe8\xf8\x1e6&\bE\x8f\x9b\xc6\x8d0\xa7 -\xecC8O*7\xfa&\xf9\aC\xab\x03g\x06\xda\x8c)\xae\xe3\x16\x9dz\x87\xd6OZX\xa4\xee\xa7\xebe\x14Qp\x96\x00\xd0VK\xe2$i\xd4\xcb-\xd4\x82w\x13\x98\xfcW\x9d\xff\xed\xd4\x14;]\xf8\xccS\xddl\x96v\x97\x988\xa7sQ\x1aN\xbdU.\x89\\\xfa\xc2\xcd\xde', &(0x7f0000000300)='urity.\x15\x00\x00_\x1b\xcf\xff\xf9G\x84\x87D\x91\xff\xe0\xf3b\xe2\x8di\xc8qk\x80F\x86F\x9a\xc7\xe9\xec?\b\xe5\x93\x0e!P$D?(C\xc4\x87_\x9d\xe2S1\x0fV\xab*\xe9\xdfu\x8e\x1d\xe3\x82R\x82\x0f\xd6\xadb\xd7\xad\n\t\xb2\x06\xa5UK\xaa\xdc<\xc8\xfa\x17t\x15 Ui\xd9\xfd\xd0\xe9\xe8\xcc7\x10Bf\xc2\x8f\x85\x04\x0f\xf9\xac\x0e\xce\x93mJU\x03\xef[d\xdf\xbd)\xc6T\xc1y\x03\xd8(H\xa2~aP\x98\x01\vpi\x03\xac\xdcj5a\xc9\ru\x19La\xe8Y\xc3\x85\x01\xc1G*8\x04\xc9\x11\xab\xbd\v\x9d\xbfy\xfd\xc55\t\x11']}) 623.056521ms ago: executing program 4 (id=14238): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newnexthop={0x2c, 0x68, 0x1, 0x100003, 0x80000000, {}, [@NHA_GROUP={0x14, 0x2, [{0x1, 0x15}, {0x2, 0x7}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000) 597.717061ms ago: executing program 2 (id=14239): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b708000000000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x1f, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffff0000000000000011424203"], 0x0) 413.408195ms ago: executing program 2 (id=14240): r0 = socket(0x15, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000b40)={0xa, 0x4e24, 0x7fffffff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9647}, 0x1c) 251.071207ms ago: executing program 4 (id=14241): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x24, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}}, 0xc000) 0s ago: executing program 2 (id=14242): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="240000001a005f0400f9f4070009040180000000000003400000000004001e8040000000", 0x24) kernel console output (not intermixed with test programs): ? __mutex_lock+0x304/0xcc0 [ 1479.477120][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1479.482160][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1479.487588][ T5661] process_measurement+0x1074/0x1ad0 [ 1479.492964][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1479.497751][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1479.503833][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1479.509942][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1479.515523][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1479.521705][ T5661] ima_file_check+0xc6/0x100 [ 1479.526322][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1479.531212][ T5661] path_openat+0x2811/0x3190 [ 1479.535853][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1479.540571][ T5661] do_filp_open+0x1c5/0x3d0 [ 1479.545097][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1479.549738][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1479.554619][ T5661] ? alloc_fd+0x58f/0x630 [ 1479.558983][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1479.563692][ T5661] ? do_sys_open+0xe0/0xe0 [ 1479.568138][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1479.574144][ T5661] ? lock_chain_count+0x20/0x20 [ 1479.579019][ T5661] __x64_sys_openat+0x139/0x160 [ 1479.583899][ T5661] do_syscall_64+0x55/0xb0 [ 1479.588342][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1479.593038][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1479.597732][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1479.603659][ T5661] RIP: 0033:0x7fbdb118e929 [ 1479.608093][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1479.627721][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1479.636250][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1479.644240][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1479.652232][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1479.660215][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1479.668203][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1479.676209][ T5661] [ 1479.716444][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1479.755960][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1479.802099][ T5661] CPU: 0 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1479.810288][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1479.820575][ T5661] Call Trace: [ 1479.823895][ T5661] [ 1479.826857][ T5661] dump_stack_lvl+0x16c/0x230 [ 1479.831585][ T5661] ? show_regs_print_info+0x20/0x20 [ 1479.836852][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1479.842208][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1479.847810][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1479.853411][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1479.859021][ T5661] ? __might_sleep+0xe0/0xe0 [ 1479.863658][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1479.869089][ T5661] ? __might_sleep+0xe0/0xe0 [ 1479.873735][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1479.878801][ T5661] ? __up_read+0x280/0x670 [ 1479.883239][ T5661] ? down_read+0x1ac/0x2e0 [ 1479.887692][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1479.893186][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1479.897992][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1479.903390][ T5661] ? do_raw_spin_unlock+0x121/0x230 [ 1479.908626][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1479.913848][ T5661] block_read_full_folio+0x42e/0xf40 [ 1479.919159][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1479.924648][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1479.930044][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1479.936038][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1479.941179][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1479.946346][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1479.951307][ T5661] ? xa_load+0x64/0x2e0 [ 1479.955500][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1479.960295][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1479.965529][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1479.970934][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1479.975724][ T5661] read_pages+0x177/0x840 [ 1479.980076][ T5661] ? folio_put+0xd0/0xd0 [ 1479.984351][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1479.990027][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1479.995162][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1480.000662][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1480.005717][ T5661] ? mark_lock+0x94/0x320 [ 1480.010085][ T5661] ? filemap_read+0xec0/0xec0 [ 1480.014792][ T5661] ? __might_sleep+0xe0/0xe0 [ 1480.019436][ T5661] filemap_read+0x3d0/0xec0 [ 1480.023965][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1480.030068][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1480.034952][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1480.040530][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1480.046027][ T5661] ? __asan_memset+0x22/0x40 [ 1480.050647][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1480.055344][ T5661] __kernel_read+0x2e3/0x6f0 [ 1480.059964][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1480.064834][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1480.069885][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1480.074788][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1480.079928][ T5661] ? integrity_inode_free+0x170/0x170 [ 1480.085336][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1480.090485][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1480.095706][ T5661] ? look_up_lock_class+0x75/0x140 [ 1480.100838][ T5661] ? register_lock_class+0xb5/0x890 [ 1480.106059][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1480.110883][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1480.115937][ T5661] ? verify_lock_unused+0x140/0x140 [ 1480.121161][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1480.126220][ T5661] ? __asan_memcpy+0x40/0x70 [ 1480.130842][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1480.135900][ T5661] ima_collect_measurement+0x462/0x980 [ 1480.141396][ T5661] ? ima_get_action+0xb0/0xb0 [ 1480.146094][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1480.151670][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1480.156458][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1480.161173][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1480.166210][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1480.171605][ T5661] process_measurement+0x1074/0x1ad0 [ 1480.176926][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1480.181706][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1480.187789][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1480.193898][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1480.199469][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1480.205646][ T5661] ima_file_check+0xc6/0x100 [ 1480.210255][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1480.215133][ T5661] path_openat+0x2811/0x3190 [ 1480.219775][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1480.224500][ T5661] do_filp_open+0x1c5/0x3d0 [ 1480.229052][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1480.233725][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1480.238616][ T5661] ? alloc_fd+0x58f/0x630 [ 1480.242994][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1480.247712][ T5661] ? do_sys_open+0xe0/0xe0 [ 1480.252164][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1480.258169][ T5661] ? lock_chain_count+0x20/0x20 [ 1480.263050][ T5661] __x64_sys_openat+0x139/0x160 [ 1480.267937][ T5661] do_syscall_64+0x55/0xb0 [ 1480.272379][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1480.277067][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1480.281762][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1480.287681][ T5661] RIP: 0033:0x7fbdb118e929 [ 1480.292115][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1480.311737][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1480.320171][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1480.328354][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1480.336447][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1480.344444][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1480.352441][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1480.360453][ T5661] [ 1480.424851][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1480.431874][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1480.475443][ T5661] CPU: 0 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1480.483596][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1480.493702][ T5661] Call Trace: [ 1480.497015][ T5661] [ 1480.499983][ T5661] dump_stack_lvl+0x16c/0x230 [ 1480.504714][ T5661] ? show_regs_print_info+0x20/0x20 [ 1480.509987][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1480.515360][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1480.520969][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1480.526594][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1480.532224][ T5661] ? __might_sleep+0xe0/0xe0 [ 1480.536864][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1480.542284][ T5661] ? __might_sleep+0xe0/0xe0 [ 1480.546928][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1480.551995][ T5661] ? __up_read+0x280/0x670 [ 1480.556474][ T5661] ? down_read+0x1ac/0x2e0 [ 1480.560943][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1480.566476][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1480.571306][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1480.576736][ T5661] ? do_raw_spin_unlock+0x121/0x230 [ 1480.582000][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1480.587284][ T5661] block_read_full_folio+0x42e/0xf40 [ 1480.592632][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1480.598144][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1480.603574][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1480.609598][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1480.614694][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1480.619901][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1480.624892][ T5661] ? xa_load+0x64/0x2e0 [ 1480.629111][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1480.633932][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1480.639201][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1480.644641][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1480.649463][ T5661] read_pages+0x177/0x840 [ 1480.653849][ T5661] ? folio_put+0xd0/0xd0 [ 1480.658175][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1480.663880][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1480.669043][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1480.674571][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1480.679658][ T5661] ? mark_lock+0x94/0x320 [ 1480.684051][ T5661] ? filemap_read+0xec0/0xec0 [ 1480.688781][ T5661] ? __might_sleep+0xe0/0xe0 [ 1480.693444][ T5661] filemap_read+0x3d0/0xec0 [ 1480.698003][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1480.704135][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1480.709041][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1480.714649][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1480.720172][ T5661] ? __asan_memset+0x22/0x40 [ 1480.724828][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1480.725568][ T5686] loop6: detected capacity change from 0 to 32768 [ 1480.729559][ T5661] __kernel_read+0x2e3/0x6f0 [ 1480.729595][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1480.745546][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1480.750641][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1480.755589][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1480.760760][ T5661] ? integrity_inode_free+0x170/0x170 [ 1480.766204][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1480.771400][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1480.776654][ T5661] ? look_up_lock_class+0x75/0x140 [ 1480.781823][ T5661] ? register_lock_class+0xb5/0x890 [ 1480.787074][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1480.791952][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1480.797037][ T5661] ? verify_lock_unused+0x140/0x140 [ 1480.802291][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1480.807384][ T5661] ? __asan_memcpy+0x40/0x70 [ 1480.812038][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1480.817155][ T5661] ima_collect_measurement+0x462/0x980 [ 1480.822701][ T5661] ? ima_get_action+0xb0/0xb0 [ 1480.827442][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1480.833059][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1480.837887][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1480.842641][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1480.847714][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1480.853150][ T5661] process_measurement+0x1074/0x1ad0 [ 1480.858511][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1480.863333][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1480.869484][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1480.875654][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1480.881448][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1480.887705][ T5661] ima_file_check+0xc6/0x100 [ 1480.892370][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1480.897302][ T5661] path_openat+0x2811/0x3190 [ 1480.901990][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1480.906783][ T5661] do_filp_open+0x1c5/0x3d0 [ 1480.911356][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1480.916033][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1480.920954][ T5661] ? alloc_fd+0x58f/0x630 [ 1480.925361][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1480.930098][ T5661] ? do_sys_open+0xe0/0xe0 [ 1480.934575][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1480.940616][ T5661] ? lock_chain_count+0x20/0x20 [ 1480.945540][ T5661] __x64_sys_openat+0x139/0x160 [ 1480.950469][ T5661] do_syscall_64+0x55/0xb0 [ 1480.954953][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1480.959688][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1480.964425][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1480.970386][ T5661] RIP: 0033:0x7fbdb118e929 [ 1480.974857][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1480.994522][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1481.003003][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1481.011035][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1481.019057][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1481.027077][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1481.035099][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1481.037140][ T5699] loop4: detected capacity change from 0 to 256 [ 1481.043117][ T5661] [ 1481.092333][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1481.113138][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1481.130984][ T5661] CPU: 1 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1481.139165][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1481.149271][ T5661] Call Trace: [ 1481.152600][ T5661] [ 1481.155574][ T5661] dump_stack_lvl+0x16c/0x230 [ 1481.160325][ T5661] ? show_regs_print_info+0x20/0x20 [ 1481.165601][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1481.170959][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1481.176581][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1481.182198][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1481.187828][ T5661] ? __might_sleep+0xe0/0xe0 [ 1481.192481][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1481.197908][ T5661] ? mark_lock+0x94/0x320 [ 1481.202293][ T5661] ? __might_sleep+0xe0/0xe0 [ 1481.206945][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1481.212034][ T5661] ? down_read+0x1ac/0x2e0 [ 1481.215564][ T5699] FAT-fs (loop4): Directory bread(block 64) failed [ 1481.216487][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1481.223036][ T5699] FAT-fs (loop4): Directory bread(block 65) failed [ 1481.228464][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1481.228512][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1481.228542][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1481.228583][ T5661] do_mpage_readpage+0x8fd/0x1e50 [ 1481.228644][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1481.228676][ T5661] ? xa_load+0x64/0x2e0 [ 1481.228718][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1481.228754][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1481.228797][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1481.228838][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1481.242715][ T5699] FAT-fs (loop4): Directory bread(block 66) failed [ 1481.245487][ T5661] read_pages+0x177/0x840 [ 1481.245518][ T5661] ? folio_put+0xd0/0xd0 [ 1481.245550][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1481.250586][ T5699] FAT-fs (loop4): Directory bread(block 67) failed [ 1481.255602][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1481.255638][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1481.255679][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1481.255716][ T5661] ? mark_lock+0x94/0x320 [ 1481.255756][ T5661] ? filemap_read+0xec0/0xec0 [ 1481.255790][ T5661] ? __might_sleep+0xe0/0xe0 [ 1481.255838][ T5661] filemap_read+0x3d0/0xec0 [ 1481.255862][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1481.255908][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1481.255945][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1481.255986][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1481.272600][ T5699] FAT-fs (loop4): Directory bread(block 68) failed [ 1481.275078][ T5661] ? __asan_memset+0x22/0x40 [ 1481.287932][ T5699] FAT-fs (loop4): Directory bread(block 69) failed [ 1481.291765][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1481.296252][ T5699] FAT-fs (loop4): Directory bread(block 70) failed [ 1481.300347][ T5661] __kernel_read+0x2e3/0x6f0 [ 1481.300382][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1481.300411][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1481.300446][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1481.300512][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1481.300541][ T5661] ? integrity_inode_free+0x170/0x170 [ 1481.300581][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1481.300624][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1481.313672][ T5699] FAT-fs (loop4): Directory bread(block 71) failed [ 1481.317886][ T5661] ? look_up_lock_class+0x75/0x140 [ 1481.324271][ T5699] FAT-fs (loop4): Directory bread(block 72) failed [ 1481.328408][ T5661] ? register_lock_class+0xb5/0x890 [ 1481.340688][ T5699] FAT-fs (loop4): Directory bread(block 73) failed [ 1481.342026][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1481.342106][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1481.477610][ T5661] ? verify_lock_unused+0x140/0x140 [ 1481.482877][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1481.487960][ T5661] ? __asan_memcpy+0x40/0x70 [ 1481.492615][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1481.497721][ T5661] ima_collect_measurement+0x462/0x980 [ 1481.503258][ T5661] ? ima_get_action+0xb0/0xb0 [ 1481.507992][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1481.513594][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1481.518416][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1481.523167][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1481.528246][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1481.533673][ T5661] process_measurement+0x1074/0x1ad0 [ 1481.539030][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1481.543846][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1481.549965][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1481.556125][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1481.561742][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1481.567967][ T5661] ima_file_check+0xc6/0x100 [ 1481.572610][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1481.577526][ T5661] path_openat+0x2811/0x3190 [ 1481.582204][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1481.586962][ T5661] do_filp_open+0x1c5/0x3d0 [ 1481.591511][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1481.596176][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1481.601089][ T5661] ? alloc_fd+0x58f/0x630 [ 1481.605497][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1481.610252][ T5661] ? do_sys_open+0xe0/0xe0 [ 1481.614725][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1481.620770][ T5661] ? lock_chain_count+0x20/0x20 [ 1481.625674][ T5661] __x64_sys_openat+0x139/0x160 [ 1481.630590][ T5661] do_syscall_64+0x55/0xb0 [ 1481.635073][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1481.639810][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1481.644885][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1481.650835][ T5661] RIP: 0033:0x7fbdb118e929 [ 1481.655294][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1481.674954][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1481.683427][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1481.691445][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1481.699466][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1481.707484][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1481.715497][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1481.723537][ T5661] [ 1481.733756][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1481.741339][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1481.754887][ T5661] CPU: 1 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1481.763041][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1481.773147][ T5661] Call Trace: [ 1481.776475][ T5661] [ 1481.779448][ T5661] dump_stack_lvl+0x16c/0x230 [ 1481.784174][ T5661] ? show_regs_print_info+0x20/0x20 [ 1481.789419][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1481.794745][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1481.800315][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1481.805890][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1481.811478][ T5661] ? __might_sleep+0xe0/0xe0 [ 1481.816097][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1481.821489][ T5661] ? __asan_memset+0x22/0x40 [ 1481.826133][ T5661] ? __might_sleep+0xe0/0xe0 [ 1481.830747][ T5661] ? lockdep_init_map_type+0xa1/0x880 [ 1481.836143][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1481.841286][ T5661] ? down_read+0x1ac/0x2e0 [ 1481.845734][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1481.851225][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1481.856027][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1481.861426][ T5661] ? do_raw_spin_unlock+0x121/0x230 [ 1481.866652][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1481.871552][ T5661] ? folio_create_empty_buffers+0x540/0x730 [ 1481.877496][ T5661] block_read_full_folio+0x42e/0xf40 [ 1481.882833][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1481.888241][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1481.894251][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1481.899404][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1481.904564][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1481.909525][ T5661] ? xa_load+0x64/0x2e0 [ 1481.913714][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1481.918514][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1481.923746][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1481.929155][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1481.933943][ T5661] read_pages+0x177/0x840 [ 1481.938313][ T5661] ? folio_put+0xd0/0xd0 [ 1481.942589][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1481.948250][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1481.953436][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1481.958930][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1481.963991][ T5661] ? mark_lock+0x94/0x320 [ 1481.968363][ T5661] ? filemap_read+0xec0/0xec0 [ 1481.973073][ T5661] ? __might_sleep+0xe0/0xe0 [ 1481.977699][ T5661] filemap_read+0x3d0/0xec0 [ 1481.982225][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1481.988347][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1481.993239][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1481.998823][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1482.004305][ T5661] ? __asan_memset+0x22/0x40 [ 1482.008921][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1482.013728][ T5661] __kernel_read+0x2e3/0x6f0 [ 1482.018365][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1482.023275][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1482.028359][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1482.033270][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1482.038416][ T5661] ? integrity_inode_free+0x170/0x170 [ 1482.043827][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1482.048982][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1482.054203][ T5661] ? look_up_lock_class+0x75/0x140 [ 1482.059336][ T5661] ? register_lock_class+0xb5/0x890 [ 1482.064551][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1482.069379][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1482.074430][ T5661] ? verify_lock_unused+0x140/0x140 [ 1482.079653][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1482.084714][ T5661] ? __asan_memcpy+0x40/0x70 [ 1482.089348][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1482.094410][ T5661] ima_collect_measurement+0x462/0x980 [ 1482.099902][ T5661] ? ima_get_action+0xb0/0xb0 [ 1482.104600][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1482.110181][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1482.114976][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1482.119694][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1482.124737][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1482.130131][ T5661] process_measurement+0x1074/0x1ad0 [ 1482.135458][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1482.140242][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1482.146337][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1482.152450][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1482.158030][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1482.164212][ T5661] ima_file_check+0xc6/0x100 [ 1482.168830][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1482.173709][ T5661] path_openat+0x2811/0x3190 [ 1482.178373][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1482.183089][ T5661] do_filp_open+0x1c5/0x3d0 [ 1482.187616][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1482.192245][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1482.197127][ T5661] ? alloc_fd+0x58f/0x630 [ 1482.201496][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1482.206202][ T5661] ? do_sys_open+0xe0/0xe0 [ 1482.210644][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1482.216675][ T5661] ? lock_chain_count+0x20/0x20 [ 1482.221566][ T5661] __x64_sys_openat+0x139/0x160 [ 1482.226450][ T5661] do_syscall_64+0x55/0xb0 [ 1482.230892][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1482.235597][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1482.240292][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1482.246211][ T5661] RIP: 0033:0x7fbdb118e929 [ 1482.250648][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1482.270273][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1482.278708][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1482.286696][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1482.294683][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1482.302669][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1482.310659][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1482.318662][ T5661] [ 1482.356418][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1482.363588][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1482.373425][ T5661] CPU: 1 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1482.381545][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1482.391646][ T5661] Call Trace: [ 1482.394969][ T5661] [ 1482.397942][ T5661] dump_stack_lvl+0x16c/0x230 [ 1482.402681][ T5661] ? show_regs_print_info+0x20/0x20 [ 1482.407959][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1482.413313][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1482.418909][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1482.424521][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1482.430140][ T5661] ? __might_sleep+0xe0/0xe0 [ 1482.434787][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1482.440210][ T5661] ? __might_sleep+0xe0/0xe0 [ 1482.444857][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1482.449933][ T5661] ? __up_read+0x280/0x670 [ 1482.454386][ T5661] ? down_read+0x1ac/0x2e0 [ 1482.458846][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1482.464354][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1482.469191][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1482.474618][ T5661] ? do_raw_spin_unlock+0x121/0x230 [ 1482.479879][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1482.485145][ T5661] block_read_full_folio+0x42e/0xf40 [ 1482.490498][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1482.496004][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1482.501427][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1482.507446][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1482.512535][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1482.517737][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1482.522734][ T5661] ? xa_load+0x64/0x2e0 [ 1482.526955][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1482.531781][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1482.537052][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1482.542496][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1482.547328][ T5661] read_pages+0x177/0x840 [ 1482.551724][ T5661] ? folio_put+0xd0/0xd0 [ 1482.556032][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1482.561719][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1482.566890][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1482.572428][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1482.577515][ T5661] ? mark_lock+0x94/0x320 [ 1482.581943][ T5661] ? filemap_read+0xec0/0xec0 [ 1482.586689][ T5661] ? __might_sleep+0xe0/0xe0 [ 1482.591354][ T5661] filemap_read+0x3d0/0xec0 [ 1482.595897][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1482.602041][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1482.606930][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1482.612509][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1482.617987][ T5661] ? __asan_memset+0x22/0x40 [ 1482.622603][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1482.627299][ T5661] __kernel_read+0x2e3/0x6f0 [ 1482.631941][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1482.636825][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1482.641905][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1482.646806][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1482.651959][ T5661] ? integrity_inode_free+0x170/0x170 [ 1482.657364][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1482.662508][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1482.667727][ T5661] ? look_up_lock_class+0x75/0x140 [ 1482.672857][ T5661] ? register_lock_class+0xb5/0x890 [ 1482.678079][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1482.682955][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1482.688038][ T5661] ? verify_lock_unused+0x140/0x140 [ 1482.693255][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1482.698301][ T5661] ? __asan_memcpy+0x40/0x70 [ 1482.702915][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1482.707973][ T5661] ima_collect_measurement+0x462/0x980 [ 1482.713468][ T5661] ? ima_get_action+0xb0/0xb0 [ 1482.718167][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1482.723741][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1482.728531][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1482.733245][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1482.738285][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1482.743685][ T5661] process_measurement+0x1074/0x1ad0 [ 1482.749015][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1482.753801][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1482.759885][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1482.765994][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1482.771569][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1482.777749][ T5661] ima_file_check+0xc6/0x100 [ 1482.782364][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1482.787262][ T5661] path_openat+0x2811/0x3190 [ 1482.791919][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1482.796641][ T5661] do_filp_open+0x1c5/0x3d0 [ 1482.801180][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1482.805827][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1482.810714][ T5661] ? alloc_fd+0x58f/0x630 [ 1482.815078][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1482.819784][ T5661] ? do_sys_open+0xe0/0xe0 [ 1482.824222][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1482.830227][ T5661] ? lock_chain_count+0x20/0x20 [ 1482.835098][ T5661] __x64_sys_openat+0x139/0x160 [ 1482.839981][ T5661] do_syscall_64+0x55/0xb0 [ 1482.844428][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1482.849120][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1482.853849][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1482.859775][ T5661] RIP: 0033:0x7fbdb118e929 [ 1482.864205][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1482.883828][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1482.892265][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1482.900250][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1482.908234][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1482.916222][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1482.924206][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1482.932206][ T5661] [ 1482.966771][ T5706] netlink: 'syz.4.13831': attribute type 10 has an invalid length. [ 1483.000162][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1483.007170][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1483.062808][ T5661] CPU: 1 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1483.070976][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1483.081076][ T5661] Call Trace: [ 1483.084391][ T5661] [ 1483.087356][ T5661] dump_stack_lvl+0x16c/0x230 [ 1483.092089][ T5661] ? show_regs_print_info+0x20/0x20 [ 1483.097360][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1483.102715][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1483.108318][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1483.113942][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1483.119563][ T5661] ? __might_sleep+0xe0/0xe0 [ 1483.124227][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1483.129649][ T5661] ? __might_sleep+0xe0/0xe0 [ 1483.134294][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1483.139367][ T5661] ? __up_read+0x280/0x670 [ 1483.143833][ T5661] ? down_read+0x1ac/0x2e0 [ 1483.148405][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1483.153932][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1483.158764][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1483.164196][ T5661] ? do_raw_spin_unlock+0x121/0x230 [ 1483.169459][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1483.174723][ T5661] block_read_full_folio+0x42e/0xf40 [ 1483.180081][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1483.185584][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1483.190996][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1483.197006][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1483.202076][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1483.207242][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1483.212207][ T5661] ? xa_load+0x64/0x2e0 [ 1483.216397][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1483.221185][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1483.226435][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1483.231853][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1483.236659][ T5661] read_pages+0x177/0x840 [ 1483.241019][ T5661] ? folio_put+0xd0/0xd0 [ 1483.245298][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1483.250966][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1483.256110][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1483.261607][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1483.266667][ T5661] ? mark_lock+0x94/0x320 [ 1483.271029][ T5661] ? filemap_read+0xec0/0xec0 [ 1483.275727][ T5661] ? __might_sleep+0xe0/0xe0 [ 1483.280351][ T5661] filemap_read+0x3d0/0xec0 [ 1483.284877][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1483.290991][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1483.295870][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1483.301472][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1483.306963][ T5661] ? __asan_memset+0x22/0x40 [ 1483.311595][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1483.316301][ T5661] __kernel_read+0x2e3/0x6f0 [ 1483.320930][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1483.325816][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1483.330888][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1483.335789][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1483.340930][ T5661] ? integrity_inode_free+0x170/0x170 [ 1483.346332][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1483.351477][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1483.356698][ T5661] ? look_up_lock_class+0x75/0x140 [ 1483.361835][ T5661] ? register_lock_class+0xb5/0x890 [ 1483.367082][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1483.371913][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1483.376968][ T5661] ? verify_lock_unused+0x140/0x140 [ 1483.382193][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1483.387246][ T5661] ? __asan_memcpy+0x40/0x70 [ 1483.391879][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1483.396943][ T5661] ima_collect_measurement+0x462/0x980 [ 1483.402453][ T5661] ? ima_get_action+0xb0/0xb0 [ 1483.407167][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1483.412756][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1483.417565][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1483.422287][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1483.427333][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1483.432732][ T5661] process_measurement+0x1074/0x1ad0 [ 1483.438055][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1483.442840][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1483.448922][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1483.455036][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1483.460610][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1483.466795][ T5661] ima_file_check+0xc6/0x100 [ 1483.471409][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1483.476291][ T5661] path_openat+0x2811/0x3190 [ 1483.480958][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1483.485669][ T5661] do_filp_open+0x1c5/0x3d0 [ 1483.490199][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1483.494830][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1483.499715][ T5661] ? alloc_fd+0x58f/0x630 [ 1483.504097][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1483.508813][ T5661] ? do_sys_open+0xe0/0xe0 [ 1483.513260][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1483.519268][ T5661] ? lock_chain_count+0x20/0x20 [ 1483.524146][ T5661] __x64_sys_openat+0x139/0x160 [ 1483.529033][ T5661] do_syscall_64+0x55/0xb0 [ 1483.533474][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1483.538166][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1483.542858][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1483.548787][ T5661] RIP: 0033:0x7fbdb118e929 [ 1483.553219][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1483.572843][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1483.581282][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1483.589273][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1483.597260][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1483.605245][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1483.613235][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1483.621245][ T5661] [ 1483.632676][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1483.650084][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1483.663368][ T5661] CPU: 0 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1483.671506][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1483.681604][ T5661] Call Trace: [ 1483.684924][ T5661] [ 1483.687902][ T5661] dump_stack_lvl+0x16c/0x230 [ 1483.692641][ T5661] ? show_regs_print_info+0x20/0x20 [ 1483.697918][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1483.703274][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1483.708877][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1483.714489][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1483.720105][ T5661] ? __might_sleep+0xe0/0xe0 [ 1483.724745][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1483.730167][ T5661] ? __might_sleep+0xe0/0xe0 [ 1483.734813][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1483.739885][ T5661] ? __up_read+0x280/0x670 [ 1483.744344][ T5661] ? down_read+0x1ac/0x2e0 [ 1483.748815][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1483.754341][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1483.759174][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1483.764600][ T5661] ? do_raw_spin_unlock+0x121/0x230 [ 1483.769849][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1483.775086][ T5661] block_read_full_folio+0x42e/0xf40 [ 1483.780406][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1483.785885][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1483.791287][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1483.797295][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1483.802356][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1483.807509][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1483.812469][ T5661] ? xa_load+0x64/0x2e0 [ 1483.816654][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1483.821444][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1483.826675][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1483.832100][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1483.836898][ T5661] read_pages+0x177/0x840 [ 1483.841248][ T5661] ? folio_put+0xd0/0xd0 [ 1483.845518][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1483.851180][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1483.856316][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1483.861809][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1483.866862][ T5661] ? mark_lock+0x94/0x320 [ 1483.871234][ T5661] ? filemap_read+0xec0/0xec0 [ 1483.875942][ T5661] ? __might_sleep+0xe0/0xe0 [ 1483.880566][ T5661] filemap_read+0x3d0/0xec0 [ 1483.885090][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1483.891190][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1483.896072][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1483.901650][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1483.907131][ T5661] ? __asan_memset+0x22/0x40 [ 1483.911746][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1483.916438][ T5661] __kernel_read+0x2e3/0x6f0 [ 1483.921055][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1483.925927][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1483.930982][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1483.935884][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1483.941037][ T5661] ? integrity_inode_free+0x170/0x170 [ 1483.946447][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1483.951598][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1483.956821][ T5661] ? look_up_lock_class+0x75/0x140 [ 1483.961974][ T5661] ? register_lock_class+0xb5/0x890 [ 1483.967208][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1483.972043][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1483.977099][ T5661] ? verify_lock_unused+0x140/0x140 [ 1483.982325][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1483.987380][ T5661] ? __asan_memcpy+0x40/0x70 [ 1483.992004][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1483.997063][ T5661] ima_collect_measurement+0x462/0x980 [ 1484.002558][ T5661] ? ima_get_action+0xb0/0xb0 [ 1484.007253][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1484.012854][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1484.017654][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1484.022369][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1484.027406][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1484.032805][ T5661] process_measurement+0x1074/0x1ad0 [ 1484.038130][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1484.042914][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1484.049005][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1484.055121][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1484.060710][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1484.066902][ T5661] ima_file_check+0xc6/0x100 [ 1484.071518][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1484.076401][ T5661] path_openat+0x2811/0x3190 [ 1484.081053][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1484.085772][ T5661] do_filp_open+0x1c5/0x3d0 [ 1484.090317][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1484.094949][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1484.099826][ T5661] ? alloc_fd+0x58f/0x630 [ 1484.104191][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1484.108898][ T5661] ? do_sys_open+0xe0/0xe0 [ 1484.113338][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1484.119340][ T5661] ? lock_chain_count+0x20/0x20 [ 1484.124216][ T5661] __x64_sys_openat+0x139/0x160 [ 1484.129094][ T5661] do_syscall_64+0x55/0xb0 [ 1484.133539][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1484.138230][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1484.142928][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1484.148845][ T5661] RIP: 0033:0x7fbdb118e929 [ 1484.153282][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1484.172927][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1484.181363][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1484.189347][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1484.197331][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1484.205328][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1484.213317][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1484.221314][ T5661] [ 1484.265741][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1484.285127][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1484.295062][ T5661] CPU: 0 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1484.303180][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1484.313362][ T5661] Call Trace: [ 1484.314333][ T5706] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 1484.316659][ T5661] [ 1484.326697][ T5661] dump_stack_lvl+0x16c/0x230 [ 1484.331436][ T5661] ? show_regs_print_info+0x20/0x20 [ 1484.336710][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1484.342082][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1484.347686][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1484.353297][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1484.358909][ T5661] ? __might_sleep+0xe0/0xe0 [ 1484.363554][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1484.368977][ T5661] ? mark_lock+0x94/0x320 [ 1484.373358][ T5661] ? __might_sleep+0xe0/0xe0 [ 1484.378008][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1484.383183][ T5661] ? down_read+0x1ac/0x2e0 [ 1484.384577][ T5706] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1484.387640][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1484.401595][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1484.406450][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1484.411882][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1484.416992][ T5661] do_mpage_readpage+0x8fd/0x1e50 [ 1484.422109][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1484.427106][ T5661] ? xa_load+0x64/0x2e0 [ 1484.431331][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1484.436166][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1484.441529][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1484.446975][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1484.451799][ T5661] read_pages+0x177/0x840 [ 1484.456183][ T5661] ? folio_put+0xd0/0xd0 [ 1484.460481][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1484.466171][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1484.471338][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1484.476864][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1484.481968][ T5661] ? mark_lock+0x94/0x320 [ 1484.486361][ T5661] ? filemap_read+0xec0/0xec0 [ 1484.491096][ T5661] ? __might_sleep+0xe0/0xe0 [ 1484.495742][ T5661] filemap_read+0x3d0/0xec0 [ 1484.500283][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1484.506412][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1484.511325][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1484.516940][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1484.522453][ T5661] ? __asan_memset+0x22/0x40 [ 1484.527139][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1484.531864][ T5661] __kernel_read+0x2e3/0x6f0 [ 1484.536513][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1484.541410][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1484.546494][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1484.551437][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1484.556605][ T5661] ? integrity_inode_free+0x170/0x170 [ 1484.562043][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1484.567224][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1484.572471][ T5661] ? look_up_lock_class+0x75/0x140 [ 1484.577638][ T5661] ? register_lock_class+0xb5/0x890 [ 1484.582882][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1484.587780][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1484.592866][ T5661] ? verify_lock_unused+0x140/0x140 [ 1484.598110][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1484.603183][ T5661] ? __asan_memcpy+0x40/0x70 [ 1484.607832][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1484.612931][ T5661] ima_collect_measurement+0x462/0x980 [ 1484.618465][ T5661] ? ima_get_action+0xb0/0xb0 [ 1484.623194][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1484.628797][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1484.633619][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1484.638374][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1484.643437][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1484.648870][ T5661] process_measurement+0x1074/0x1ad0 [ 1484.654247][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1484.659062][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1484.665178][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1484.671330][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1484.676941][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1484.683154][ T5661] ima_file_check+0xc6/0x100 [ 1484.687804][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1484.692768][ T5661] path_openat+0x2811/0x3190 [ 1484.697450][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1484.702194][ T5661] do_filp_open+0x1c5/0x3d0 [ 1484.706755][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1484.711423][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1484.716331][ T5661] ? alloc_fd+0x58f/0x630 [ 1484.720737][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1484.725478][ T5661] ? do_sys_open+0xe0/0xe0 [ 1484.729951][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1484.735984][ T5661] ? lock_chain_count+0x20/0x20 [ 1484.740883][ T5661] __x64_sys_openat+0x139/0x160 [ 1484.745792][ T5661] do_syscall_64+0x55/0xb0 [ 1484.750259][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1484.753885][ T5715] loop6: detected capacity change from 0 to 512 [ 1484.754955][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1484.765964][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1484.771924][ T5661] RIP: 0033:0x7fbdb118e929 [ 1484.776388][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1484.796035][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1484.804480][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1484.812477][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1484.820471][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1484.828467][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1484.836455][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1484.844465][ T5661] [ 1484.873950][ T5715] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1484.897065][ T5715] EXT4-fs (loop6): orphan cleanup on readonly fs [ 1484.904173][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1484.931949][ T5715] EXT4-fs error (device loop6): ext4_validate_block_bitmap:439: comm syz.6.13834: bg 0: block 248: padding at end of block bitmap is not set [ 1484.932923][ T5715] Quota error (device loop6): write_blk: dquota write failed [ 1484.933033][ T5715] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota [ 1484.933087][ T5715] EXT4-fs error (device loop6): ext4_acquire_dquot:6938: comm syz.6.13834: Failed to acquire dquot type 1 [ 1484.939733][ T5715] EXT4-fs (loop6): 1 truncate cleaned up [ 1484.941584][ T5715] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1484.942522][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1484.942719][ T5661] CPU: 0 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1484.942743][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1484.942757][ T5661] Call Trace: [ 1484.942766][ T5661] [ 1484.942776][ T5661] dump_stack_lvl+0x16c/0x230 [ 1484.942817][ T5661] ? show_regs_print_info+0x20/0x20 [ 1484.942869][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1484.942918][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1484.942952][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1484.942992][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1484.943041][ T5661] ? __might_sleep+0xe0/0xe0 [ 1484.943071][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1484.943096][ T5661] ? __asan_memset+0x22/0x40 [ 1484.943129][ T5661] ? __might_sleep+0xe0/0xe0 [ 1484.943154][ T5661] ? lockdep_init_map_type+0xa1/0x880 [ 1484.943183][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1484.943218][ T5661] ? down_read+0x1ac/0x2e0 [ 1484.943253][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1484.943301][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1484.943347][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1484.943377][ T5661] ? do_raw_spin_unlock+0x121/0x230 [ 1484.943410][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1484.943449][ T5661] ? folio_create_empty_buffers+0x540/0x730 [ 1484.943487][ T5661] block_read_full_folio+0x42e/0xf40 [ 1484.943529][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1484.943562][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1484.943586][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1484.943631][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1484.943699][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1484.943732][ T5661] ? xa_load+0x64/0x2e0 [ 1484.943773][ T5661] mpage_readahead+0x3b0/0x7f0 [ 1484.943811][ T5661] ? end_bio_bh_io_sync+0x110/0x110 [ 1484.943861][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1484.943903][ T5661] ? blk_start_plug+0x6e/0x1a0 [ 1484.943932][ T5661] read_pages+0x177/0x840 [ 1484.943962][ T5661] ? folio_put+0xd0/0xd0 [ 1484.943995][ T5661] ? page_cache_ra_unbounded+0x770/0x770 [ 1484.944031][ T5661] ? filemap_add_folio+0x192/0x3c0 [ 1484.944065][ T5661] page_cache_ra_unbounded+0x692/0x770 [ 1484.944108][ T5661] filemap_get_pages+0x3ac/0x1e10 [ 1484.944148][ T5661] ? mark_lock+0x94/0x320 [ 1484.944193][ T5661] ? filemap_read+0xec0/0xec0 [ 1484.944227][ T5661] ? __might_sleep+0xe0/0xe0 [ 1484.944275][ T5661] filemap_read+0x3d0/0xec0 [ 1484.944299][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1484.944345][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1484.944386][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1484.944429][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1484.944456][ T5661] ? __asan_memset+0x22/0x40 [ 1484.944490][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1484.944516][ T5661] __kernel_read+0x2e3/0x6f0 [ 1484.944548][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1484.944578][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1484.944615][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1484.944694][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1484.944724][ T5661] ? integrity_inode_free+0x170/0x170 [ 1484.944765][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1484.944811][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1484.944838][ T5661] ? look_up_lock_class+0x75/0x140 [ 1484.944866][ T5661] ? register_lock_class+0xb5/0x890 [ 1484.944891][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1484.944968][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1484.945001][ T5661] ? verify_lock_unused+0x140/0x140 [ 1484.945029][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1484.945061][ T5661] ? __asan_memcpy+0x40/0x70 [ 1484.945096][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1484.945144][ T5661] ima_collect_measurement+0x462/0x980 [ 1484.945188][ T5661] ? ima_get_action+0xb0/0xb0 [ 1484.945216][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1484.945251][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1484.945285][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1484.945334][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1484.945357][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1484.945392][ T5661] process_measurement+0x1074/0x1ad0 [ 1484.945442][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1484.945469][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1484.945492][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1484.945551][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1484.945589][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1484.945626][ T5661] ima_file_check+0xc6/0x100 [ 1484.945664][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1484.945703][ T5661] path_openat+0x2811/0x3190 [ 1484.945766][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1484.945816][ T5661] do_filp_open+0x1c5/0x3d0 [ 1484.945846][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1484.945897][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1484.945931][ T5661] ? alloc_fd+0x58f/0x630 [ 1484.945988][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1484.946025][ T5661] ? do_sys_open+0xe0/0xe0 [ 1484.946057][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1484.946087][ T5661] ? lock_chain_count+0x20/0x20 [ 1484.946119][ T5661] __x64_sys_openat+0x139/0x160 [ 1484.946158][ T5661] do_syscall_64+0x55/0xb0 [ 1484.946189][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1484.946210][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1484.946234][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1484.946269][ T5661] RIP: 0033:0x7fbdb118e929 [ 1484.946290][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1484.946309][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1484.946335][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1484.946353][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1484.946369][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1484.946384][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1484.946398][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1484.946433][ T5661] [ 1485.021004][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1485.326464][ T5726] loop5: detected capacity change from 0 to 512 [ 1485.326813][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1485.393946][ T5726] EXT4-fs: Ignoring removed orlov option [ 1485.411945][ T5661] CPU: 0 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1485.416549][ T5715] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended [ 1485.421074][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1485.667623][ T5661] Call Trace: [ 1485.670928][ T5661] [ 1485.673881][ T5661] dump_stack_lvl+0x16c/0x230 [ 1485.678590][ T5661] ? show_regs_print_info+0x20/0x20 [ 1485.683834][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1485.689156][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1485.694729][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1485.700309][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1485.705896][ T5661] ? __might_sleep+0xe0/0xe0 [ 1485.710508][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1485.715902][ T5661] ? __might_sleep+0xe0/0xe0 [ 1485.720516][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1485.725567][ T5661] ? down_read+0x1ac/0x2e0 [ 1485.730011][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1485.735496][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1485.740292][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1485.745692][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1485.751094][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1485.757088][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1485.762138][ T5661] ? folio_create_buffers+0xc4/0x230 [ 1485.767445][ T5661] block_read_full_folio+0x42e/0xf40 [ 1485.772759][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1485.778157][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1485.784182][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1485.789230][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1485.794387][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1485.799354][ T5661] ? __blk_flush_plug+0x3ef/0x440 [ 1485.804403][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1485.809807][ T5661] mpage_read_folio+0xb2/0x150 [ 1485.814622][ T5661] ? do_mpage_readpage+0x1e50/0x1e50 [ 1485.819956][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1485.825366][ T5661] ? xa_load+0x64/0x2e0 [ 1485.829548][ T5661] filemap_read_folio+0x167/0x760 [ 1485.834612][ T5661] ? nilfs_writepage+0x220/0x220 [ 1485.839622][ T5661] ? maybe_unlock_mmap_for_io+0xf0/0xf0 [ 1485.845188][ T5661] ? block_is_partially_uptodate+0x2e0/0x5d0 [ 1485.851195][ T5661] filemap_get_pages+0x132b/0x1e10 [ 1485.856336][ T5661] ? mark_lock+0x94/0x320 [ 1485.860701][ T5661] ? filemap_read+0xec0/0xec0 [ 1485.865404][ T5661] ? __might_sleep+0xe0/0xe0 [ 1485.870029][ T5661] filemap_read+0x3d0/0xec0 [ 1485.874547][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1485.880651][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1485.885530][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1485.891108][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1485.896593][ T5661] ? __asan_memset+0x22/0x40 [ 1485.901205][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1485.905896][ T5661] __kernel_read+0x2e3/0x6f0 [ 1485.910512][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1485.915397][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1485.920450][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1485.925354][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1485.930490][ T5661] ? integrity_inode_free+0x170/0x170 [ 1485.935904][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1485.941084][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1485.946303][ T5661] ? look_up_lock_class+0x75/0x140 [ 1485.951434][ T5661] ? register_lock_class+0xb5/0x890 [ 1485.956652][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1485.961473][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1485.966527][ T5661] ? verify_lock_unused+0x140/0x140 [ 1485.971746][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1485.976793][ T5661] ? __asan_memcpy+0x40/0x70 [ 1485.981410][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1485.986469][ T5661] ima_collect_measurement+0x462/0x980 [ 1485.991972][ T5661] ? ima_get_action+0xb0/0xb0 [ 1485.996676][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1486.002246][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1486.007046][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1486.011760][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1486.016801][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1486.022202][ T5661] process_measurement+0x1074/0x1ad0 [ 1486.027525][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1486.032312][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1486.038397][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1486.044517][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1486.050131][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1486.056312][ T5661] ima_file_check+0xc6/0x100 [ 1486.060925][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1486.065810][ T5661] path_openat+0x2811/0x3190 [ 1486.070446][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1486.075161][ T5661] do_filp_open+0x1c5/0x3d0 [ 1486.079685][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1486.084312][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1486.089190][ T5661] ? alloc_fd+0x58f/0x630 [ 1486.093554][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1486.098259][ T5661] ? do_sys_open+0xe0/0xe0 [ 1486.102720][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1486.108725][ T5661] ? lock_chain_count+0x20/0x20 [ 1486.113607][ T5661] __x64_sys_openat+0x139/0x160 [ 1486.118488][ T5661] do_syscall_64+0x55/0xb0 [ 1486.122933][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1486.127628][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1486.132323][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1486.138245][ T5661] RIP: 0033:0x7fbdb118e929 [ 1486.142677][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1486.162299][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1486.170732][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1486.178721][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1486.186704][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1486.194688][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1486.202677][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1486.210682][ T5661] [ 1486.224372][ T5715] EXT4-fs error (device loop6): __ext4_remount:6741: comm syz.6.13834: Abort forced by user [ 1486.262729][ T5715] EXT4-fs (loop6): Remounting filesystem read-only [ 1486.269346][ T5715] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 1486.294597][ T5715] ext4 filesystem being remounted at /461/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1486.359975][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1486.381420][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1486.407931][ T564] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1486.419290][ T5661] CPU: 1 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1486.427428][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1486.438835][ T5661] Call Trace: [ 1486.442153][ T5661] [ 1486.445120][ T5661] dump_stack_lvl+0x16c/0x230 [ 1486.449850][ T5661] ? show_regs_print_info+0x20/0x20 [ 1486.455121][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1486.460473][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1486.466076][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1486.471685][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1486.477300][ T5661] ? __might_sleep+0xe0/0xe0 [ 1486.482028][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1486.487442][ T5661] ? __might_sleep+0xe0/0xe0 [ 1486.492091][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1486.497161][ T5661] ? __up_read+0x280/0x670 [ 1486.501623][ T5661] ? down_read+0x1ac/0x2e0 [ 1486.506093][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1486.511608][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1486.516453][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1486.521876][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1486.527303][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1486.533336][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1486.538414][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1486.543664][ T5661] block_read_full_folio+0x42e/0xf40 [ 1486.549020][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1486.554522][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1486.559947][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1486.565983][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1486.566752][ T5726] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1486.571044][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1486.571107][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1486.571141][ T5661] ? __blk_flush_plug+0x3ef/0x440 [ 1486.571171][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1486.598045][ T5661] mpage_read_folio+0xb2/0x150 [ 1486.602864][ T5661] ? do_mpage_readpage+0x1e50/0x1e50 [ 1486.603981][ T5726] EXT4-fs error (device loop5): ext4_find_extent:900: inode #4: comm syz.5.13840: inode has invalid extent depth: 7 [ 1486.608205][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1486.608254][ T5661] ? xa_load+0x64/0x2e0 [ 1486.630565][ T5661] filemap_read_folio+0x167/0x760 [ 1486.635652][ T5661] ? nilfs_writepage+0x220/0x220 [ 1486.640642][ T5661] ? maybe_unlock_mmap_for_io+0xf0/0xf0 [ 1486.646243][ T5661] ? block_is_partially_uptodate+0x2e0/0x5d0 [ 1486.652276][ T5661] filemap_get_pages+0x132b/0x1e10 [ 1486.657451][ T5661] ? mark_lock+0x94/0x320 [ 1486.661847][ T5661] ? filemap_read+0xec0/0xec0 [ 1486.666583][ T5661] ? __might_sleep+0xe0/0xe0 [ 1486.669280][ T5726] Quota error (device loop5): v2_read_header: Failed header read: expected=8 got=-117 [ 1486.671221][ T5661] filemap_read+0x3d0/0xec0 [ 1486.685302][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1486.691440][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1486.696352][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1486.701964][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1486.702592][ T5726] EXT4-fs warning (device loop5): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1486.707453][ T5661] ? __asan_memset+0x22/0x40 [ 1486.726590][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1486.731312][ T5661] __kernel_read+0x2e3/0x6f0 [ 1486.735950][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1486.740844][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1486.745928][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1486.750057][ T5729] loop4: detected capacity change from 0 to 32768 [ 1486.750834][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1486.750867][ T5661] ? integrity_inode_free+0x170/0x170 [ 1486.750908][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1486.750954][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1486.750982][ T5661] ? look_up_lock_class+0x75/0x140 [ 1486.751011][ T5661] ? register_lock_class+0xb5/0x890 [ 1486.751037][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1486.751111][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1486.751142][ T5661] ? verify_lock_unused+0x140/0x140 [ 1486.762370][ T5726] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 1486.762669][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1486.769547][ T5726] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1486.773141][ T5661] ? __asan_memcpy+0x40/0x70 [ 1486.773182][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1486.773227][ T5661] ima_collect_measurement+0x462/0x980 [ 1486.773271][ T5661] ? ima_get_action+0xb0/0xb0 [ 1486.773299][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1486.773333][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1486.858102][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1486.862869][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1486.867939][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1486.873373][ T5661] process_measurement+0x1074/0x1ad0 [ 1486.878744][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1486.883565][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1486.889686][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1486.895844][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1486.901475][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1486.907693][ T5661] ima_file_check+0xc6/0x100 [ 1486.912344][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1486.917264][ T5661] path_openat+0x2811/0x3190 [ 1486.921944][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1486.926710][ T5661] do_filp_open+0x1c5/0x3d0 [ 1486.931270][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1486.935939][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1486.940847][ T5661] ? alloc_fd+0x58f/0x630 [ 1486.945246][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1486.949985][ T5661] ? do_sys_open+0xe0/0xe0 [ 1486.954469][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1486.960554][ T5661] ? lock_chain_count+0x20/0x20 [ 1486.965459][ T5661] __x64_sys_openat+0x139/0x160 [ 1486.970371][ T5661] do_syscall_64+0x55/0xb0 [ 1486.974840][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1486.979557][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1486.984279][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1486.990231][ T5661] RIP: 0033:0x7fbdb118e929 [ 1486.994691][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1487.014353][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1487.022821][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1487.030842][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1487.038864][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1487.046887][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1487.054904][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1487.062961][ T5661] [ 1487.089026][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1487.093973][ T5726] EXT4-fs error (device loop5): ext4_lookup:1855: inode #2: comm syz.5.13840: 'file0' linked to parent dir [ 1487.119882][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1487.131436][ T5661] CPU: 1 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1487.139578][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1487.142107][ T5729] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1487.149652][ T5661] Call Trace: [ 1487.149667][ T5661] [ 1487.149677][ T5661] dump_stack_lvl+0x16c/0x230 [ 1487.149725][ T5661] ? show_regs_print_info+0x20/0x20 [ 1487.149776][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1487.149825][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1487.185479][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1487.191103][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1487.196732][ T5661] ? __might_sleep+0xe0/0xe0 [ 1487.201382][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1487.206847][ T5661] ? __might_sleep+0xe0/0xe0 [ 1487.211534][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1487.216625][ T5661] ? __up_read+0x280/0x670 [ 1487.221200][ T5661] ? down_read+0x1ac/0x2e0 [ 1487.225679][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1487.231202][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1487.236042][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.241510][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.247026][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1487.253059][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1487.258146][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1487.263392][ T5661] block_read_full_folio+0x42e/0xf40 [ 1487.268748][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1487.274254][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.279693][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1487.285736][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1487.290824][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1487.296021][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1487.301017][ T5661] ? __blk_flush_plug+0x3ef/0x440 [ 1487.306097][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.311537][ T5661] mpage_read_folio+0xb2/0x150 [ 1487.316362][ T5661] ? do_mpage_readpage+0x1e50/0x1e50 [ 1487.321755][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.327213][ T5661] ? xa_load+0x64/0x2e0 [ 1487.331438][ T5661] filemap_read_folio+0x167/0x760 [ 1487.336517][ T5661] ? nilfs_writepage+0x220/0x220 [ 1487.341513][ T5661] ? maybe_unlock_mmap_for_io+0xf0/0xf0 [ 1487.347111][ T5661] ? block_is_partially_uptodate+0x2e0/0x5d0 [ 1487.353144][ T5661] filemap_get_pages+0x132b/0x1e10 [ 1487.358330][ T5661] ? mark_lock+0x94/0x320 [ 1487.362742][ T5661] ? filemap_read+0xec0/0xec0 [ 1487.367485][ T5661] ? __might_sleep+0xe0/0xe0 [ 1487.372155][ T5661] filemap_read+0x3d0/0xec0 [ 1487.376718][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1487.382863][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1487.387781][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1487.393407][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1487.398924][ T5661] ? __asan_memset+0x22/0x40 [ 1487.403579][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1487.408309][ T5661] __kernel_read+0x2e3/0x6f0 [ 1487.412976][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1487.417876][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1487.422961][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1487.427906][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1487.433077][ T5661] ? integrity_inode_free+0x170/0x170 [ 1487.438520][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1487.443715][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1487.448971][ T5661] ? look_up_lock_class+0x75/0x140 [ 1487.454140][ T5661] ? register_lock_class+0xb5/0x890 [ 1487.459391][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1487.464273][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1487.469352][ T5661] ? verify_lock_unused+0x140/0x140 [ 1487.474596][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1487.479680][ T5661] ? __asan_memcpy+0x40/0x70 [ 1487.484324][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1487.489416][ T5661] ima_collect_measurement+0x462/0x980 [ 1487.494945][ T5661] ? ima_get_action+0xb0/0xb0 [ 1487.499678][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1487.505278][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1487.510093][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1487.514842][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1487.519929][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1487.525364][ T5661] process_measurement+0x1074/0x1ad0 [ 1487.530736][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1487.535553][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1487.541663][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1487.547825][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1487.553456][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1487.559670][ T5661] ima_file_check+0xc6/0x100 [ 1487.564318][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1487.569226][ T5661] path_openat+0x2811/0x3190 [ 1487.573892][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1487.578632][ T5661] do_filp_open+0x1c5/0x3d0 [ 1487.583181][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1487.587843][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1487.592747][ T5661] ? alloc_fd+0x58f/0x630 [ 1487.597141][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1487.601870][ T5661] ? do_sys_open+0xe0/0xe0 [ 1487.606335][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1487.612376][ T5661] ? lock_chain_count+0x20/0x20 [ 1487.617288][ T5661] __x64_sys_openat+0x139/0x160 [ 1487.622195][ T5661] do_syscall_64+0x55/0xb0 [ 1487.626659][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1487.631378][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1487.636104][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1487.642050][ T5661] RIP: 0033:0x7fbdb118e929 [ 1487.646500][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1487.666241][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1487.674714][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1487.682736][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1487.690750][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1487.698769][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1487.706784][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1487.714819][ T5661] [ 1487.720605][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1487.750949][T31887] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1487.756014][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1487.802426][ T5661] CPU: 1 PID: 5661 Comm: syz.2.13811 Not tainted 6.6.95-syzkaller #0 [ 1487.810685][ T5661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1487.820782][ T5661] Call Trace: [ 1487.824096][ T5661] [ 1487.827056][ T5661] dump_stack_lvl+0x16c/0x230 [ 1487.831796][ T5661] ? show_regs_print_info+0x20/0x20 [ 1487.837070][ T5661] nilfs_btree_do_lookup+0x973/0xaf0 [ 1487.842447][ T5661] ? nilfs_btree_alloc_path+0x600/0x600 [ 1487.848064][ T5661] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1487.853682][ T5661] nilfs_btree_lookup_contig+0xfe/0xc10 [ 1487.859309][ T5661] ? __might_sleep+0xe0/0xe0 [ 1487.863961][ T5661] ? read_lock_is_recursive+0x20/0x20 [ 1487.869391][ T5661] ? __might_sleep+0xe0/0xe0 [ 1487.874026][ T5661] ? nilfs_btree_lookup+0x70/0x70 [ 1487.879081][ T5661] ? __up_read+0x280/0x670 [ 1487.883516][ T5661] ? down_read+0x1ac/0x2e0 [ 1487.887962][ T5661] nilfs_bmap_lookup_contig+0x8b/0x160 [ 1487.893452][ T5661] nilfs_get_block+0x1fc/0x8f0 [ 1487.898285][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.903702][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.909102][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1487.915098][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1487.920161][ T5661] ? zero_user_segments+0x2d2/0x330 [ 1487.925391][ T5661] block_read_full_folio+0x42e/0xf40 [ 1487.930708][ T5661] ? block_read_full_folio+0x3e1/0xf40 [ 1487.936187][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.941589][ T5661] ? block_is_partially_uptodate+0x5d0/0x5d0 [ 1487.947595][ T5661] ? __lock_acquire+0x1260/0x7c80 [ 1487.952649][ T5661] do_mpage_readpage+0x1a8d/0x1e50 [ 1487.957805][ T5661] ? mpage_readahead+0x7f0/0x7f0 [ 1487.962768][ T5661] ? __blk_flush_plug+0x3ef/0x440 [ 1487.967817][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.973216][ T5661] mpage_read_folio+0xb2/0x150 [ 1487.978005][ T5661] ? do_mpage_readpage+0x1e50/0x1e50 [ 1487.983425][ T5661] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1487.988829][ T5661] ? xa_load+0x64/0x2e0 [ 1487.993012][ T5661] filemap_read_folio+0x167/0x760 [ 1487.998069][ T5661] ? nilfs_writepage+0x220/0x220 [ 1488.003044][ T5661] ? maybe_unlock_mmap_for_io+0xf0/0xf0 [ 1488.008615][ T5661] ? block_is_partially_uptodate+0x2e0/0x5d0 [ 1488.014622][ T5661] filemap_get_pages+0x132b/0x1e10 [ 1488.019766][ T5661] ? mark_lock+0x94/0x320 [ 1488.024130][ T5661] ? filemap_read+0xec0/0xec0 [ 1488.028838][ T5661] ? __might_sleep+0xe0/0xe0 [ 1488.033485][ T5661] filemap_read+0x3d0/0xec0 [ 1488.038017][ T5661] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1488.044129][ T5661] ? stack_trace_save+0xe0/0xe0 [ 1488.049039][ T5661] ? filemap_get_folios_tag+0x810/0x810 [ 1488.054705][ T5661] ? generic_file_read_iter+0x90/0x4f0 [ 1488.060193][ T5661] ? __asan_memset+0x22/0x40 [ 1488.064811][ T5661] ? iov_iter_kvec+0xd4/0x1b0 [ 1488.069525][ T5661] __kernel_read+0x2e3/0x6f0 [ 1488.074173][ T5661] ? do_sys_openat2+0x12c/0x1c0 [ 1488.079065][ T5661] ? __x64_sys_openat+0x139/0x160 [ 1488.084136][ T5661] ? rw_verify_area+0x1b0/0x1b0 [ 1488.089044][ T5661] integrity_kernel_read+0x8a/0xd0 [ 1488.094212][ T5661] ? integrity_inode_free+0x170/0x170 [ 1488.099628][ T5661] ima_calc_file_hash+0x978/0x17d0 [ 1488.104783][ T5661] ? is_bpf_text_address+0x26/0x2a0 [ 1488.110011][ T5661] ? look_up_lock_class+0x75/0x140 [ 1488.115151][ T5661] ? register_lock_class+0xb5/0x890 [ 1488.120373][ T5661] ? ima_alloc_tfm+0x2f0/0x2f0 [ 1488.125198][ T5661] ? __lock_acquire+0x1334/0x7c80 [ 1488.130249][ T5661] ? verify_lock_unused+0x140/0x140 [ 1488.135468][ T5661] ? generic_fillattr+0x312/0x7b0 [ 1488.140519][ T5661] ? __asan_memcpy+0x40/0x70 [ 1488.145141][ T5661] ? generic_fillattr+0x4fc/0x7b0 [ 1488.150200][ T5661] ima_collect_measurement+0x462/0x980 [ 1488.155697][ T5661] ? ima_get_action+0xb0/0xb0 [ 1488.160395][ T5661] ? __mutex_trylock_common+0x153/0x250 [ 1488.165991][ T5661] ? rcu_is_watching+0x15/0xb0 [ 1488.170788][ T5661] ? __mutex_lock+0x304/0xcc0 [ 1488.175506][ T5661] ? ima_get_hash_algo+0x91/0x490 [ 1488.180553][ T5661] ? ima_get_cache_status+0x1e0/0x1e0 [ 1488.185958][ T5661] process_measurement+0x1074/0x1ad0 [ 1488.191279][ T5661] ? ima_file_mmap+0x1c0/0x1c0 [ 1488.196072][ T5661] ? tomoyo_check_open_permission+0x16e/0x3c0 [ 1488.202162][ T5661] ? tomoyo_check_path_number_acl+0x280/0x280 [ 1488.208300][ T5661] ? apparmor_inode_getattr+0x2d0/0x2d0 [ 1488.213879][ T5661] ? apparmor_current_getsecid_subj+0xb5/0x120 [ 1488.220064][ T5661] ima_file_check+0xc6/0x100 [ 1488.224767][ T5661] ? ima_bprm_check+0x1f0/0x1f0 [ 1488.229677][ T5661] path_openat+0x2811/0x3190 [ 1488.234329][ T5661] ? do_filp_open+0x3d0/0x3d0 [ 1488.239048][ T5661] do_filp_open+0x1c5/0x3d0 [ 1488.243614][ T5661] ? vfs_tmpfile+0x490/0x490 [ 1488.248263][ T5661] ? _raw_spin_unlock+0x28/0x40 [ 1488.253169][ T5661] ? alloc_fd+0x58f/0x630 [ 1488.257554][ T5661] do_sys_openat2+0x12c/0x1c0 [ 1488.262269][ T5661] ? do_sys_open+0xe0/0xe0 [ 1488.266722][ T5661] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1488.272726][ T5661] ? lock_chain_count+0x20/0x20 [ 1488.277629][ T5661] __x64_sys_openat+0x139/0x160 [ 1488.282616][ T5661] do_syscall_64+0x55/0xb0 [ 1488.287068][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1488.291766][ T5661] ? clear_bhb_loop+0x40/0x90 [ 1488.296463][ T5661] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1488.302390][ T5661] RIP: 0033:0x7fbdb118e929 [ 1488.306829][ T5661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1488.326457][ T5661] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1488.334896][ T5661] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1488.342886][ T5661] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1488.350874][ T5661] RBP: 00007fbdb1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1488.358866][ T5661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1488.366855][ T5661] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1488.374860][ T5661] [ 1488.490144][ T5661] NILFS (loop2): btree level mismatch (ino=16): 1 != 7 [ 1488.503950][ T5661] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1488.535515][ T27] audit: type=1800 audit(2000000313.003:297): pid=5661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.13811" name="file3" dev="loop2" ino=16 res=0 errno=0 [ 1488.544704][ T5729] XFS (loop4): Ending clean mount [ 1488.583988][ T5729] XFS (loop4): Quotacheck needed: Please wait. [ 1488.600499][ T5746] loop5: detected capacity change from 0 to 256 [ 1488.692862][ T5743] loop6: detected capacity change from 0 to 32768 [ 1488.760290][ T5743] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.13844 (5743) [ 1488.781915][ T5729] XFS (loop4): Quotacheck: Done. [ 1488.815689][ T5746] FAT-fs (loop5): Directory bread(block 64) failed [ 1488.822300][ T5746] FAT-fs (loop5): Directory bread(block 65) failed [ 1488.861964][ T5743] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1488.895249][ T5746] FAT-fs (loop5): Directory bread(block 66) failed [ 1488.905321][ T5743] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 1488.934731][ T5746] FAT-fs (loop5): Directory bread(block 67) failed [ 1488.941445][ T5746] FAT-fs (loop5): Directory bread(block 68) failed [ 1488.950682][ T5743] BTRFS info (device loop6): turning off barriers [ 1488.964301][ T5743] BTRFS info (device loop6): setting nodatasum [ 1488.970546][ T5743] BTRFS info (device loop6): use zlib compression, level 3 [ 1488.981813][ T5746] FAT-fs (loop5): Directory bread(block 69) failed [ 1488.991096][ T5746] FAT-fs (loop5): Directory bread(block 70) failed [ 1488.999422][ T5746] FAT-fs (loop5): Directory bread(block 71) failed [ 1489.015360][ T5743] BTRFS info (device loop6): using free space tree [ 1489.024864][ T5746] FAT-fs (loop5): Directory bread(block 72) failed [ 1489.035581][ T5746] FAT-fs (loop5): Directory bread(block 73) failed [ 1489.095490][T21322] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1489.585365][ T564] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1490.060078][ T5979] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop6 scanned by udevd (5979) [ 1490.191375][ T5790] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13856'. [ 1490.461050][ T5799] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1490.931480][T32164] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1491.157593][T32164] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 1491.177043][T32164] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1491.208862][T32164] usb 3-1: config 220 has no interface number 2 [ 1491.234832][T32164] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1491.301013][T32164] usb 3-1: config 220 interface 0 has no altsetting 0 [ 1491.310174][T32164] usb 3-1: config 220 interface 76 has no altsetting 0 [ 1491.337144][T32164] usb 3-1: config 220 interface 1 has no altsetting 0 [ 1491.351113][T32164] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1491.378304][T32164] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1491.401226][T32164] usb 3-1: Product: syz [ 1491.405481][T32164] usb 3-1: Manufacturer: syz [ 1491.410115][T32164] usb 3-1: SerialNumber: syz [ 1491.547671][ T5822] loop5: detected capacity change from 0 to 1024 [ 1491.641037][ T5822] overlay: filesystem on ./file0 not supported [ 1491.702656][ T5828] loop6: detected capacity change from 0 to 16 [ 1491.724838][T32164] usb 3-1: selecting invalid altsetting 0 [ 1491.731339][T32164] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 1491.761056][ T5828] erofs: (device loop6): mounted with root inode @ nid 36. [ 1491.768617][T32164] usb 3-1: No valid video chain found. [ 1491.793954][ T11] hfsplus: b-tree write err: -5, ino 4 [ 1491.833068][T32164] usb 3-1: selecting invalid altsetting 0 [ 1491.838870][T32164] usbtest: probe of 3-1:220.1 failed with error -22 [ 1491.893228][T32164] usb 3-1: USB disconnect, device number 93 [ 1492.025082][ T564] erofs: (device loop6): erofs_fill_dentries: bogus dirent @ nid 46 [ 1492.085426][ T564] erofs: (device loop6): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 1492.139395][ T564] erofs: (device loop6): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 1492.284219][ T5838] loop6: detected capacity change from 0 to 256 [ 1492.784926][ T5857] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13886'. [ 1492.824340][ T5857] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1493.015428][T32164] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1493.045432][ T5866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13890'. [ 1493.062999][ T5866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13890'. [ 1493.068168][ T5867] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.13891'. [ 1493.073187][ T5866] netlink: 'syz.2.13890': attribute type 1 has an invalid length. [ 1493.229499][T32164] usb 6-1: Using ep0 maxpacket: 16 [ 1493.269126][T32164] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1493.290396][T32164] usb 6-1: config 8 has an invalid interface number: 101 but max is 0 [ 1493.311149][T32164] usb 6-1: config 8 has no interface number 0 [ 1493.325686][ T6404] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 1493.326720][T32164] usb 6-1: too many endpoints for config 8 interface 101 altsetting 114: 112, using maximum allowed: 30 [ 1493.358348][T32164] usb 6-1: config 8 interface 101 altsetting 114 has 0 endpoint descriptors, different from the interface descriptor's value: 112 [ 1493.385151][T32164] usb 6-1: config 8 interface 101 has no altsetting 0 [ 1493.395461][T32164] usb 6-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=ab.34 [ 1493.405907][T32164] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1493.426522][T32164] usb 6-1: Product: syz [ 1493.441680][T32164] usb 6-1: Manufacturer: syz [ 1493.446692][T32164] usb 6-1: SerialNumber: syz [ 1493.562583][ T6404] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 1493.574816][ T6404] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1493.603458][ T6404] usb 7-1: config 220 has no interface number 2 [ 1493.617792][ T6404] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1493.648730][ T6404] usb 7-1: config 220 interface 0 has no altsetting 0 [ 1493.673706][ T6404] usb 7-1: config 220 interface 76 has no altsetting 0 [ 1493.694673][ T6404] usb 7-1: config 220 interface 1 has no altsetting 0 [ 1493.721594][ T6404] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1493.734800][T32164] usb 6-1: USB disconnect, device number 10 [ 1493.740160][ T6404] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1493.755307][ T6404] usb 7-1: Product: syz [ 1493.759547][ T6404] usb 7-1: Manufacturer: syz [ 1493.774153][ T6404] usb 7-1: SerialNumber: syz [ 1494.023496][ T6404] usb 7-1: selecting invalid altsetting 0 [ 1494.037026][ T6404] usb 7-1: Found UVC 7.01 device syz (8086:0b07) [ 1494.052398][ T6404] usb 7-1: No valid video chain found. [ 1494.076300][ T6404] usb 7-1: selecting invalid altsetting 0 [ 1494.090123][ T6404] usbtest: probe of 7-1:220.1 failed with error -22 [ 1494.131613][ T6404] usb 7-1: USB disconnect, device number 12 [ 1494.138593][ T5894] netlink: 32 bytes leftover after parsing attributes in process `syz.4.13901'. [ 1494.662031][ T5911] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13909'. [ 1494.687151][ T5913] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13910'. [ 1494.732644][ T5909] loop4: detected capacity change from 0 to 4096 [ 1494.760140][ T5909] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 1494.921223][ T5917] loop5: detected capacity change from 0 to 512 [ 1494.971862][ T5917] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1495.013034][ T5917] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 1495.075666][ T5917] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1495.130303][ T5917] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.13912: bad orphan inode 267 [ 1495.194823][ T5917] EXT4-fs (loop5): Remounting filesystem read-only [ 1495.223778][ T5917] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1495.304645][ T5917] EXT4-fs warning (device loop5): dx_probe:893: inode #2: comm syz.5.13912: dx entry: limit 0 != root limit 125 [ 1495.336279][ T5917] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.13912: Corrupt directory, running e2fsck is recommended [ 1495.476205][T31887] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1495.542652][ T5934] SET target dimension over the limit! [ 1495.671175][ T5938] loop4: detected capacity change from 0 to 1024 [ 1496.072565][ T5948] loop6: detected capacity change from 0 to 4096 [ 1496.768156][ T5971] netlink: 'syz.6.13936': attribute type 20 has an invalid length. [ 1496.885979][ T5974] proc: Unknown parameter 'tmpfs' [ 1497.429570][ T5999] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1497.635579][ T6007] netlink: zone id is out of range [ 1497.799301][ T6015] loop5: detected capacity change from 0 to 8 [ 1498.053418][ T1003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1498.089119][ T1003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1498.123342][ T6027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1498.203749][ T6023] loop6: detected capacity change from 0 to 8192 [ 1498.283785][ T6023] FAT-fs (loop6): error, corrupted directory (invalid entries) [ 1498.296590][ T6023] FAT-fs (loop6): Filesystem has been set read-only [ 1499.342893][ T6066] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1499.721667][ T6077] netlink: 'syz.6.13981': attribute type 12 has an invalid length. [ 1499.731231][ T6073] loop2: detected capacity change from 0 to 4096 [ 1499.782709][ T6073] NILFS (loop2): invalid segment: Checksum error in segment payload [ 1499.790783][ T6073] NILFS (loop2): trying rollback from an earlier position [ 1499.849421][ T6073] NILFS (loop2): recovery complete [ 1499.869692][ T6081] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1500.890801][ T6111] loop6: detected capacity change from 0 to 1764 [ 1501.067117][ T6117] loop2: detected capacity change from 0 to 8 [ 1501.081323][ T6115] loop4: detected capacity change from 0 to 4096 [ 1501.151935][ T6117] SQUASHFS error: Failed to read block 0xdfa: -5 [ 1501.158358][ T6117] SQUASHFS error: Unable to read metadata cache entry [dfa] [ 1501.231627][ T6117] SQUASHFS error: Failed to read block 0x4e8: -5 [ 1501.244351][ T6117] SQUASHFS error: Failed to read block 0xed04f1: -5 [ 1501.261292][ T6117] SQUASHFS error: Failed to read block 0x4de: -5 [ 1501.269426][ T6117] SQUASHFS error: Failed to read block 0x4de: -5 [ 1501.276597][ T6117] SQUASHFS error: Failed to read block 0x4de: -5 [ 1501.290869][ T6117] SQUASHFS error: Failed to read block 0x4de: -5 [ 1501.304909][ T6117] SQUASHFS error: Failed to read block 0x4de: -5 [ 1501.314830][ T6115] ntfs3: loop4: ino=1e, "file1" attr_set_size [ 1501.321476][ T6117] SQUASHFS error: Failed to read block 0x4de: -5 [ 1501.322139][ T6117] SQUASHFS error: Failed to read block 0x4e8: -5 [ 1501.344243][ T6115] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 1501.365918][ T27] audit: type=1800 audit(2000000325.023:298): pid=6117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.13996" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 1501.798060][ T6131] loop6: detected capacity change from 0 to 1024 [ 1501.871622][ T6131] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1501.871999][ T6134] loop5: detected capacity change from 0 to 512 [ 1501.963939][ T6088] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 1501.995349][ T6134] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1502.081177][ T6134] ext4 filesystem being mounted at /671/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1502.159105][ T6088] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1502.166029][ T6088] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 1502.186509][ T6088] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1502.189621][ T564] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1502.208898][ T6088] usb 3-1: config 0 descriptor?? [ 1502.389040][ T6134] Quota error (device loop5): do_check_range: Getting dqdh_next_free 2741 out of range 0-6 [ 1502.431364][ T6134] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 1502.512821][ T6088] snd-usb-audio: probe of 3-1:0.0 failed with error -22 [ 1502.531913][ T6134] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.14003: Failed to acquire dquot type 0 [ 1502.569734][ T6088] usb 3-1: USB disconnect, device number 94 [ 1502.635412][ T6150] netlink: 192 bytes leftover after parsing attributes in process `syz.6.14009'. [ 1502.831109][T31887] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1503.193508][ T6164] netlink: 'syz.4.14017': attribute type 4 has an invalid length. [ 1503.214350][ T6164] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.14017'. [ 1503.264452][ T6165] loop2: detected capacity change from 0 to 2048 [ 1503.353055][ T6165] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1503.526101][ T6174] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1503.636323][ T6176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14022'. [ 1503.679176][ T6176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14022'. [ 1504.943812][ T6219] loop6: detected capacity change from 0 to 2048 [ 1504.979330][ T6219] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1505.016386][ T6223] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1505.031158][ T6219] syz.6.14043: attempt to access beyond end of device [ 1505.031158][ T6219] loop6: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1505.122096][ T6219] NILFS error (device loop6): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=104, inode=6, rec_len=24, name_len=5 [ 1505.188469][ T6219] Remounting filesystem read-only [ 1505.390353][ T6234] loop2: detected capacity change from 0 to 512 [ 1505.478300][ T6234] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 1505.500569][ T6234] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 1505.546174][ T27] audit: type=1326 audit(2000000328.933:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.6.14054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f763a18e929 code=0x7ffc0000 [ 1505.566411][ T6234] System zones: 0-1, 15-15, 18-18, 34-34 [ 1505.583469][ T6244] netlink: 'syz.5.14053': attribute type 16 has an invalid length. [ 1505.592431][ T6244] netlink: 64138 bytes leftover after parsing attributes in process `syz.5.14053'. [ 1505.616074][ T6234] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1505.651965][ T6234] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 1505.661539][ T27] audit: type=1326 audit(2000000328.961:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.6.14054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f763a18e929 code=0x7ffc0000 [ 1505.705190][ T6234] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1505.729925][ T27] audit: type=1326 audit(2000000328.961:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.6.14054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f763a18e929 code=0x7ffc0000 [ 1505.787181][ T6234] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 1505.809701][ T6234] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.14050: bad orphan inode 16 [ 1505.820445][ T27] audit: type=1326 audit(2000000328.961:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.6.14054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f763a18e929 code=0x7ffc0000 [ 1505.859231][ T6234] ext4_test_bit(bit=15, block=18) = 1 [ 1505.864694][ T6234] is_bad_inode(inode)=0 [ 1505.869715][ T6234] NEXT_ORPHAN(inode)=0 [ 1505.869730][ T6234] max_ino=32 [ 1505.869740][ T6234] i_nlink=2 [ 1505.871159][ T6234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1505.908917][ T6234] fscrypt (loop2, inode 16): Error -61 getting encryption context [ 1506.036088][ T6026] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1506.074459][ T6252] loop5: detected capacity change from 0 to 128 [ 1506.179202][ T6258] netlink: 680 bytes leftover after parsing attributes in process `syz.4.14062'. [ 1506.286706][ T6260] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14060'. [ 1506.594321][ T6264] loop6: detected capacity change from 0 to 4096 [ 1508.083028][ T6325] syz.2.14094: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 1508.083913][ T6325] CPU: 0 PID: 6325 Comm: syz.2.14094 Not tainted 6.6.95-syzkaller #0 [ 1508.083936][ T6325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1508.083950][ T6325] Call Trace: [ 1508.083959][ T6325] [ 1508.083970][ T6325] dump_stack_lvl+0x16c/0x230 [ 1508.084010][ T6325] ? show_regs_print_info+0x20/0x20 [ 1508.084042][ T6325] ? load_image+0x3b0/0x3b0 [ 1508.084072][ T6325] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1508.084100][ T6325] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 1508.084128][ T6325] warn_alloc+0x210/0x300 [ 1508.084152][ T6325] ? stack_trace_save+0x9c/0xe0 [ 1508.084181][ T6325] ? zone_watermark_ok_safe+0x230/0x230 [ 1508.084214][ T6325] ? kasan_set_track+0x5f/0x70 [ 1508.084240][ T6325] ? kasan_set_track+0x4e/0x70 [ 1508.084264][ T6325] ? __kasan_kmalloc+0x8f/0xa0 [ 1508.084291][ T6325] ? xsk_init_queue+0xb0/0x110 [ 1508.084315][ T6325] ? xsk_setsockopt+0x43c/0x6f0 [ 1508.084339][ T6325] ? do_sock_setsockopt+0x254/0x3e0 [ 1508.084359][ T6325] ? __x64_sys_setsockopt+0x1be/0x250 [ 1508.084384][ T6325] __vmalloc_node_range+0x126/0x1320 [ 1508.084455][ T6325] ? free_vm_area+0x50/0x50 [ 1508.084498][ T6325] vmalloc_user+0x74/0x80 [ 1508.084529][ T6325] ? xskq_create+0xbf/0x170 [ 1508.084555][ T6325] xskq_create+0xbf/0x170 [ 1508.084585][ T6325] xsk_init_queue+0xb0/0x110 [ 1508.084615][ T6325] xsk_setsockopt+0x43c/0x6f0 [ 1508.084644][ T6325] ? xsk_poll+0x670/0x670 [ 1508.084675][ T6325] ? aa_sock_opt_perm+0x74/0x100 [ 1508.084706][ T6325] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1508.084736][ T6325] ? security_socket_setsockopt+0x7e/0xa0 [ 1508.084762][ T6325] ? xsk_poll+0x670/0x670 [ 1508.084789][ T6325] do_sock_setsockopt+0x254/0x3e0 [ 1508.084814][ T6325] ? __ia32_sys_recv+0xb0/0xb0 [ 1508.084848][ T6325] ? __fdget+0x180/0x210 [ 1508.084883][ T6325] __x64_sys_setsockopt+0x1be/0x250 [ 1508.084912][ T6325] do_syscall_64+0x55/0xb0 [ 1508.084941][ T6325] ? clear_bhb_loop+0x40/0x90 [ 1508.084962][ T6325] ? clear_bhb_loop+0x40/0x90 [ 1508.084985][ T6325] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1508.085017][ T6325] RIP: 0033:0x7fbdb118e929 [ 1508.085037][ T6325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1508.085055][ T6325] RSP: 002b:00007fbdb205c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1508.085079][ T6325] RAX: ffffffffffffffda RBX: 00007fbdb13b5fa0 RCX: 00007fbdb118e929 [ 1508.085095][ T6325] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 1508.085109][ T6325] RBP: 00007fbdb1210b39 R08: 0000000000000004 R09: 0000000000000000 [ 1508.085124][ T6325] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1508.085138][ T6325] R13: 0000000000000000 R14: 00007fbdb13b5fa0 R15: 00007ffc1f0cfc88 [ 1508.085171][ T6325] [ 1508.085188][ T6325] Mem-Info: [ 1508.085198][ T6325] active_anon:11316 inactive_anon:1 isolated_anon:0 [ 1508.085198][ T6325] active_file:6390 inactive_file:53809 isolated_file:0 [ 1508.085198][ T6325] unevictable:768 dirty:441 writeback:0 [ 1508.085198][ T6325] slab_reclaimable:12319 slab_unreclaimable:102112 [ 1508.085198][ T6325] mapped:25629 shmem:1408 pagetables:883 [ 1508.085198][ T6325] sec_pagetables:0 bounce:0 [ 1508.085198][ T6325] kernel_misc_reclaimable:0 [ 1508.085198][ T6325] free:1315519 free_pcp:6745 free_cma:0 [ 1508.085255][ T6325] Node 0 active_anon:45264kB inactive_anon:4kB active_file:25560kB inactive_file:215028kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102516kB dirty:1764kB writeback:0kB shmem:4096kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12472kB pagetables:3532kB sec_pagetables:0kB all_unreclaimable? no [ 1508.085313][ T6325] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1508.085369][ T6325] Node 0 DMA free:15356kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1508.085433][ T6325] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 1508.085484][ T6325] Node 0 DMA32 free:1341036kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:45220kB inactive_anon:4kB active_file:25560kB inactive_file:213692kB unevictable:1536kB writepending:1764kB present:3129332kB managed:2589664kB mlocked:0kB bounce:0kB free_pcp:11520kB local_pcp:1244kB free_cma:0kB [ 1508.085546][ T6325] lowmem_reserve[]: 0 0 1 1 1 [ 1508.085593][ T6325] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1508.085651][ T6325] lowmem_reserve[]: 0 0 0 0 0 [ 1508.085698][ T6325] Node 1 Normal free:3905680kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:15460kB local_pcp:10436kB free_cma:0kB [ 1508.085759][ T6325] lowmem_reserve[]: 0 0 0 0 0 [ 1508.085806][ T6325] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB [ 1508.086082][ T6325] Node 0 DMA32: 2447*4kB (UME) 1708*8kB (UME) 931*16kB (UME) 465*32kB (UME) 90*64kB (UME) 60*128kB (UME) 120*256kB (UM) 81*512kB (UME) 58*1024kB (UM) 10*2048kB (ME) 274*4096kB (UM) = 1341036kB [ 1508.086290][ T6325] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 1508.086433][ T6325] Node 1 Normal: 184*4kB (UME) 46*8kB (UME) 36*16kB (UME) 144*32kB (UME) 44*64kB (UME) 6*128kB (UE) 2*256kB (UE) 2*512kB (UM) 1*1024kB (E) 1*2048kB (E) 950*4096kB (M) = 3905680kB [ 1508.086641][ T6325] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1508.086660][ T6325] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1508.086678][ T6325] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1508.086695][ T6325] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1508.086713][ T6325] 59058 total pagecache pages [ 1508.086726][ T6325] 1 pages in swap cache [ 1508.086735][ T6325] Free swap = 124728kB [ 1508.086744][ T6325] Total swap = 124996kB [ 1508.086754][ T6325] 2097051 pages RAM [ 1508.086763][ T6325] 0 pages HighMem/MovableOnly [ 1508.086771][ T6325] 416121 pages reserved [ 1508.086780][ T6325] 0 pages cma reserved [ 1508.567186][ T6340] binder: 6339:6340 ioctl c0306201 200000000a00 returned -14 [ 1509.516714][ T6352] loop4: detected capacity change from 0 to 32768 [ 1509.654338][ T6352] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 1509.714151][ T23] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1509.842597][ T5979] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 1509.944630][ T23] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1509.960063][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1509.988160][ T6365] loop4: detected capacity change from 0 to 64 [ 1509.994757][ T23] usb 3-1: Product: syz [ 1509.998970][ T23] usb 3-1: Manufacturer: syz [ 1510.024007][ T23] usb 3-1: SerialNumber: syz [ 1510.045192][ T23] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1510.079853][ T6404] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1510.496498][ T6378] loop6: detected capacity change from 0 to 16 [ 1510.540424][ T6071] usb 3-1: USB disconnect, device number 95 [ 1510.580353][ T6378] erofs: (device loop6): mounted with root inode @ nid 36. [ 1510.907028][ T6386] program syz.6.14123 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1510.947437][ T6388] loop4: detected capacity change from 0 to 64 [ 1511.282059][ T6376] loop5: detected capacity change from 0 to 32768 [ 1511.296397][ T6404] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1511.303518][ T6404] ath9k_htc: Failed to initialize the device [ 1511.351533][ T6071] usb 3-1: ath9k_htc: USB layer deinitialized [ 1511.413622][ T6376] [ 1511.413622][ T6376] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.413622][ T6376] [ 1511.469548][ T6376] [ 1511.469548][ T6376] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.469548][ T6376] [ 1511.513518][ T6376] [ 1511.513518][ T6376] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.513518][ T6376] [ 1511.561730][ T6376] [ 1511.561730][ T6376] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.561730][ T6376] [ 1511.617545][ T6376] [ 1511.617545][ T6376] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.617545][ T6376] [ 1511.754976][ T111] [ 1511.754976][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.754976][ T111] [ 1511.824498][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.6.14132'. [ 1511.835608][T31887] [ 1511.835608][T31887] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.835608][T31887] [ 1511.853696][T31887] [ 1511.853696][T31887] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1511.853696][T31887] [ 1512.513695][ T6431] delete_channel: no stack [ 1513.859423][ T6485] loop4: detected capacity change from 0 to 64 [ 1515.142547][ T27] audit: type=1326 audit(2000000337.894:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.4.14193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13e598e929 code=0x7ffc0000 [ 1515.206372][ T6532] loop2: detected capacity change from 0 to 2048 [ 1515.209104][ T27] audit: type=1326 audit(2000000337.894:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.4.14193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13e598e929 code=0x7ffc0000 [ 1515.240122][ T6527] lo speed is unknown, defaulting to 1000 [ 1515.248394][ T6532] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1515.275484][ T6527] lo speed is unknown, defaulting to 1000 [ 1515.290139][ T27] audit: type=1326 audit(2000000337.931:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.4.14193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f13e598e929 code=0x7ffc0000 [ 1515.330930][ T27] audit: type=1326 audit(2000000337.931:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.4.14193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13e598e929 code=0x7ffc0000 [ 1515.354299][ T6011] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1515.463679][ T27] audit: type=1326 audit(2000000337.931:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.4.14193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13e598e929 code=0x7ffc0000 [ 1515.590419][ T6539] netlink: 9 bytes leftover after parsing attributes in process `syz.2.14196'. [ 1515.607425][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 1515.612531][ T6539] 0·: renamed from hsr_slave_1 (while UP) [ 1515.625641][ T6011] usb 6-1: config 1 has an invalid interface number: 183 but max is 0 [ 1515.636469][ T6011] usb 6-1: config 1 has no interface number 0 [ 1515.645034][ T6539] 0·: entered allmulticast mode [ 1515.653506][ T6011] usb 6-1: config 1 interface 183 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1515.659802][ T6539] A link change request failed with some changes committed already. Interface c0· may have been left with an inconsistent configuration, please check. [ 1515.685971][ T6011] usb 6-1: config 1 interface 183 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1515.709628][ T6011] usb 6-1: config 1 interface 183 has no altsetting 0 [ 1515.721084][ T6011] usb 6-1: New USB device found, idVendor=045e, idProduct=040a, bcdDevice=60.d3 [ 1515.741829][ T6011] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1515.751309][ T6011] usb 6-1: Product: syz [ 1515.761322][ T6011] usb 6-1: Manufacturer: syz [ 1515.767748][ T6011] usb 6-1: SerialNumber: syz [ 1515.784966][ T6523] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1515.807003][ T6523] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1515.848923][ T6011] ipaq 6-1:1.183: PocketPC PDA converter detected [ 1516.111600][ T6011] usb 6-1: PocketPC PDA converter now attached to ttyUSB0 [ 1516.349820][ T6011] usb 6-1: USB disconnect, device number 11 [ 1516.357946][ T6554] loop2: detected capacity change from 0 to 8 [ 1516.373972][ T6011] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0 [ 1516.406155][ T6011] ipaq 6-1:1.183: device disconnected [ 1516.418015][ T6554] SQUASHFS error: Failed to read block 0x738: -5 [ 1516.424505][ T6554] SQUASHFS error: Unable to read metadata cache entry [736] [ 1517.102561][ T6559] loop4: detected capacity change from 0 to 32768 [ 1517.124854][ T6559] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.14206 (6559) [ 1517.157941][ T6559] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1517.199977][ T6559] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 1517.217196][ T6559] BTRFS info (device loop4): force clearing of disk cache [ 1517.229701][ T6559] BTRFS info (device loop4): metadata ratio 0 [ 1517.252165][ T6559] BTRFS info (device loop4): enabling ssd optimizations [ 1517.270092][ T6559] BTRFS info (device loop4): using spread ssd allocation scheme [ 1517.281033][ T6564] loop2: detected capacity change from 0 to 4096 [ 1517.284689][ T6559] BTRFS info (device loop4): using free space tree [ 1517.481720][ T6564] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1517.521936][ T6564] ntfs3: loop2: Failed to initialize $Extend/$ObjId. [ 1517.538326][ T6559] BTRFS info (device loop4): auto enabling async discard [ 1517.562366][ T6559] BTRFS info (device loop4): rebuilding free space tree [ 1517.576209][ T6585] loop5: detected capacity change from 0 to 512 [ 1517.717093][ T6564] ntfs3: loop2: ino=1e, "file1" attr_set_size [ 1517.730807][T21322] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1518.227325][ T6595] loop5: detected capacity change from 0 to 64 [ 1518.589145][ T6605] loop5: detected capacity change from 0 to 8 [ 1518.716691][ T6605] SQUASHFS error: xz decompression failed, data probably corrupt [ 1518.724524][ T6605] SQUASHFS error: Failed to read block 0x108: -5 [ 1518.811798][ T6605] SQUASHFS error: Unable to read metadata cache entry [106] [ 1518.819169][ T6605] SQUASHFS error: Unable to read inode 0x11f [ 1519.146013][ T6623] loop4: detected capacity change from 0 to 256 [ 1519.226143][ T6623] FAT-fs (loop4): Directory bread(block 64) failed [ 1519.255189][ T6623] FAT-fs (loop4): Directory bread(block 65) failed [ 1519.271250][ T6623] FAT-fs (loop4): Directory bread(block 66) failed [ 1519.288076][ T6623] FAT-fs (loop4): Directory bread(block 67) failed [ 1519.295594][ T6623] FAT-fs (loop4): Directory bread(block 68) failed [ 1519.302515][ T6623] FAT-fs (loop4): Directory bread(block 69) failed [ 1519.311553][ T6623] FAT-fs (loop4): Directory bread(block 70) failed [ 1519.318312][ T6623] FAT-fs (loop4): Directory bread(block 71) failed [ 1519.325684][ T6623] FAT-fs (loop4): Directory bread(block 72) failed [ 1519.332371][ T6623] FAT-fs (loop4): Directory bread(block 73) failed [ 1519.400074][ T6088] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1519.601119][ T27] audit: type=1326 audit(2000000342.075:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6632 comm="syz.2.14235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdb118e929 code=0x7ffc0000 [ 1519.629954][ T27] audit: type=1326 audit(2000000342.075:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6632 comm="syz.2.14235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdb118e929 code=0x7ffc0000 [ 1519.646412][ T6088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1519.684259][ T6088] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1519.711707][ T27] audit: type=1326 audit(2000000342.085:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6632 comm="syz.2.14235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbdb118e929 code=0x7ffc0000 [ 1519.726553][ T6088] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33119, setting to 1024 [ 1519.773958][ T6088] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1519.782570][ T27] audit: type=1326 audit(2000000342.085:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6632 comm="syz.2.14235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdb118e929 code=0x7ffc0000 [ 1519.797192][ T6088] usb 6-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1519.822023][ T6088] usb 6-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1519.854271][ T6088] usb 6-1: Manufacturer: syz [ 1519.885184][ T6088] usb 6-1: config 0 descriptor?? [ 1519.891173][ T6605] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1519.925012][ T6088] smsusb:smsusb_probe: board id=9, interface number 0 [ 1519.953313][ T6088] smsusb:siano_media_device_register: media controller created [ 1519.972019][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1519.979441][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1519.986811][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1519.994181][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.001742][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.012929][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.022623][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.029986][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.037325][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.045366][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.052943][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.060278][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.067594][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.074892][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.082164][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.095578][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.102946][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.110266][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.117588][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.124916][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.132850][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.140293][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.147617][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.154937][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.162256][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.170228][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.177534][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.184825][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.192160][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.199467][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.207465][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.214794][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.222120][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.229461][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.236828][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.238294][ T6646] RDS: rds_bind could not find a transport for fe88::103, load rds_tcp or rds_rdma? [ 1520.256246][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.263606][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.271033][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.278308][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.285570][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.293422][ T6088] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22 [ 1520.302942][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.303052][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.303153][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.303249][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.303344][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.341226][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.348553][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.355877][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.363210][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.370542][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.377858][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.385173][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.401282][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.408636][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.415960][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.423287][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.430701][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.444829][ T6648] netlink: 'syz.4.14241': attribute type 1 has an invalid length. [ 1520.448044][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.460119][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.467450][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.474776][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.482240][ T6088] smsmdtv:smscore_set_device_mode: mode detect failed -22 [ 1520.489418][ T6088] smsmdtv:smscore_start_device: set device mode failed , rc -22 [ 1520.498110][ T6088] smsusb:smsusb_init_device: smscore_start_device(...) failed [ 1520.506871][ C0] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes [ 1520.516073][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.523428][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1520.535620][ T6088] ------------[ cut here ]------------ [ 1520.541157][ T6088] ODEBUG: free active (active state 0) object: ffff88802c8268c8 object type: work_struct hint: do_submit_urb+0x0/0x360 [ 1520.553907][ T6071] ================================================================== [ 1520.561991][ T6071] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80 [ 1520.569734][ T6071] Read of size 8 at addr ffff8880784bc098 by task kworker/0:4/6071 [ 1520.577634][ T6071] [ 1520.579963][ T6071] CPU: 0 PID: 6071 Comm: kworker/0:4 Not tainted 6.6.95-syzkaller #0 [ 1520.588039][ T6071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1520.598120][ T6071] Workqueue: events do_submit_urb [ 1520.603173][ T6071] Call Trace: [ 1520.606465][ T6071] [ 1520.609409][ T6071] dump_stack_lvl+0x16c/0x230 [ 1520.614109][ T6071] ? __lock_acquire+0x7c80/0x7c80 [ 1520.619153][ T6071] ? show_regs_print_info+0x20/0x20 [ 1520.624376][ T6071] ? load_image+0x3b0/0x3b0 [ 1520.628896][ T6071] ? __virt_addr_valid+0x469/0x540 [ 1520.634023][ T6071] print_report+0xac/0x230 [ 1520.638457][ T6071] ? __lock_acquire+0xff/0x7c80 [ 1520.643318][ T6071] kasan_report+0x117/0x150 [ 1520.647844][ T6071] ? __lock_acquire+0xff/0x7c80 [ 1520.652709][ T6071] __lock_acquire+0xff/0x7c80 [ 1520.657400][ T6071] ? mark_lock+0x94/0x320 [ 1520.661745][ T6071] ? __lock_acquire+0x1334/0x7c80 [ 1520.666786][ T6071] ? mark_lock+0x94/0x320 [ 1520.671129][ T6071] ? look_up_lock_class+0x75/0x140 [ 1520.676251][ T6071] ? verify_lock_unused+0x140/0x140 [ 1520.681458][ T6071] ? register_lock_class+0xb5/0x890 [ 1520.686671][ T6071] ? is_dynamic_key+0x260/0x260 [ 1520.691536][ T6071] ? mark_lock+0x94/0x320 [ 1520.695880][ T6071] ? __lock_acquire+0x1334/0x7c80 [ 1520.700917][ T6071] lock_acquire+0x197/0x410 [ 1520.705433][ T6071] ? smscore_getbuffer+0xa9/0x440 [ 1520.710566][ T6071] ? read_lock_is_recursive+0x20/0x20 [ 1520.715960][ T6071] _raw_spin_lock_irqsave+0xa8/0xf0 [ 1520.721196][ T6071] ? smscore_getbuffer+0xa9/0x440 [ 1520.726251][ T6071] ? _raw_spin_lock+0x40/0x40 [ 1520.731047][ T6071] smscore_getbuffer+0xa9/0x440 [ 1520.735921][ T6071] ? smscore_onresponse+0xf10/0xf10 [ 1520.741142][ T6071] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1520.747134][ T6071] ? read_lock_is_recursive+0x20/0x20 [ 1520.752521][ T6071] do_submit_urb+0x98/0x360 [ 1520.757046][ T6071] ? process_scheduled_works+0x957/0x15b0 [ 1520.762783][ T6071] ? process_scheduled_works+0x957/0x15b0 [ 1520.768519][ T6071] process_scheduled_works+0xa45/0x15b0 [ 1520.774091][ T6071] ? assign_work+0x400/0x400 [ 1520.778696][ T6071] ? assign_work+0x39e/0x400 [ 1520.783308][ T6071] worker_thread+0xa55/0xfc0 [ 1520.787923][ T6071] kthread+0x2fa/0x390 [ 1520.792004][ T6071] ? pr_cont_work+0x560/0x560 [ 1520.796698][ T6071] ? kthread_blkcg+0xd0/0xd0 [ 1520.801297][ T6071] ret_from_fork+0x48/0x80 [ 1520.805733][ T6071] ? kthread_blkcg+0xd0/0xd0 [ 1520.810350][ T6071] ret_from_fork_asm+0x11/0x20 [ 1520.815137][ T6071] [ 1520.818164][ T6071] [ 1520.820493][ T6071] Allocated by task 6088: [ 1520.824837][ T6071] kasan_set_track+0x4e/0x70 [ 1520.829440][ T6071] __kasan_kmalloc+0x8f/0xa0 [ 1520.834047][ T6071] smscore_register_device+0x63/0x10f0 [ 1520.839518][ T6071] smsusb_probe+0x1362/0x1da0 [ 1520.844203][ T6071] usb_probe_interface+0x5a4/0xb00 [ 1520.849328][ T6071] really_probe+0x25b/0xb40 [ 1520.853847][ T6071] __driver_probe_device+0x18c/0x330 [ 1520.859149][ T6071] driver_probe_device+0x4f/0x420 [ 1520.864201][ T6071] __device_attach_driver+0x2ca/0x520 [ 1520.869596][ T6071] bus_for_each_drv+0x24b/0x2d0 [ 1520.874466][ T6071] __device_attach+0x2b5/0x400 [ 1520.879256][ T6071] bus_probe_device+0x180/0x260 [ 1520.884127][ T6071] device_add+0x85b/0xc20 [ 1520.888483][ T6071] usb_set_configuration+0x1a79/0x20c0 [ 1520.893974][ T6071] usb_generic_driver_probe+0x8d/0x150 [ 1520.899460][ T6071] usb_probe_device+0x13d/0x280 [ 1520.904325][ T6071] really_probe+0x25b/0xb40 [ 1520.908845][ T6071] __driver_probe_device+0x18c/0x330 [ 1520.914141][ T6071] driver_probe_device+0x4f/0x420 [ 1520.919178][ T6071] __device_attach_driver+0x2ca/0x520 [ 1520.924565][ T6071] bus_for_each_drv+0x24b/0x2d0 [ 1520.929428][ T6071] __device_attach+0x2b5/0x400 [ 1520.934204][ T6071] bus_probe_device+0x180/0x260 [ 1520.939095][ T6071] device_add+0x85b/0xc20 [ 1520.943437][ T6071] usb_new_device+0xa31/0x1630 [ 1520.948215][ T6071] hub_event+0x2957/0x49c0 [ 1520.952643][ T6071] process_scheduled_works+0xa45/0x15b0 [ 1520.958204][ T6071] worker_thread+0xa55/0xfc0 [ 1520.962819][ T6071] kthread+0x2fa/0x390 [ 1520.966898][ T6071] ret_from_fork+0x48/0x80 [ 1520.971331][ T6071] ret_from_fork_asm+0x11/0x20 [ 1520.976109][ T6071] [ 1520.978437][ T6071] Freed by task 6088: [ 1520.982421][ T6071] kasan_set_track+0x4e/0x70 [ 1520.987024][ T6071] kasan_save_free_info+0x2e/0x50 [ 1520.992067][ T6071] ____kasan_slab_free+0x126/0x1e0 [ 1520.997190][ T6071] slab_free_freelist_hook+0x130/0x1b0 [ 1521.002661][ T6071] __kmem_cache_free+0xba/0x1f0 [ 1521.007520][ T6071] smscore_unregister_device+0x603/0x6e0 [ 1521.013170][ T6071] smsusb_term_device+0x18f/0x220 [ 1521.018223][ T6071] smsusb_probe+0x1708/0x1da0 [ 1521.022941][ T6071] usb_probe_interface+0x5a4/0xb00 [ 1521.028071][ T6071] really_probe+0x25b/0xb40 [ 1521.032595][ T6071] __driver_probe_device+0x18c/0x330 [ 1521.037908][ T6071] driver_probe_device+0x4f/0x420 [ 1521.042956][ T6071] __device_attach_driver+0x2ca/0x520 [ 1521.048355][ T6071] bus_for_each_drv+0x24b/0x2d0 [ 1521.053225][ T6071] __device_attach+0x2b5/0x400 [ 1521.058050][ T6071] bus_probe_device+0x180/0x260 [ 1521.062913][ T6071] device_add+0x85b/0xc20 [ 1521.067277][ T6071] usb_set_configuration+0x1a79/0x20c0 [ 1521.072763][ T6071] usb_generic_driver_probe+0x8d/0x150 [ 1521.078250][ T6071] usb_probe_device+0x13d/0x280 [ 1521.083108][ T6071] really_probe+0x25b/0xb40 [ 1521.087624][ T6071] __driver_probe_device+0x18c/0x330 [ 1521.092923][ T6071] driver_probe_device+0x4f/0x420 [ 1521.097973][ T6071] __device_attach_driver+0x2ca/0x520 [ 1521.103370][ T6071] bus_for_each_drv+0x24b/0x2d0 [ 1521.108229][ T6071] __device_attach+0x2b5/0x400 [ 1521.113013][ T6071] bus_probe_device+0x180/0x260 [ 1521.117873][ T6071] device_add+0x85b/0xc20 [ 1521.122205][ T6071] usb_new_device+0xa31/0x1630 [ 1521.126979][ T6071] hub_event+0x2957/0x49c0 [ 1521.131411][ T6071] process_scheduled_works+0xa45/0x15b0 [ 1521.136972][ T6071] worker_thread+0xa55/0xfc0 [ 1521.141584][ T6071] kthread+0x2fa/0x390 [ 1521.145675][ T6071] ret_from_fork+0x48/0x80 [ 1521.150125][ T6071] ret_from_fork_asm+0x11/0x20 [ 1521.154916][ T6071] [ 1521.157266][ T6071] Last potentially related work creation: [ 1521.162996][ T6071] kasan_save_stack+0x3e/0x60 [ 1521.167700][ T6071] __kasan_record_aux_stack+0xaf/0xc0 [ 1521.173109][ T6071] call_rcu+0x14f/0x920 [ 1521.177297][ T6071] netlink_release+0x16d8/0x1ad0 [ 1521.182272][ T6071] sock_close+0xbd/0x230 [ 1521.186548][ T6071] __fput+0x234/0x970 [ 1521.190553][ T6071] task_work_run+0x1ce/0x250 [ 1521.195168][ T6071] exit_to_user_mode_loop+0xe6/0x110 [ 1521.200479][ T6071] exit_to_user_mode_prepare+0xb1/0x140 [ 1521.206041][ T6071] syscall_exit_to_user_mode+0x1a/0x50 [ 1521.211516][ T6071] do_syscall_64+0x61/0xb0 [ 1521.215946][ T6071] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1521.221862][ T6071] [ 1521.224193][ T6071] Second to last potentially related work creation: [ 1521.230776][ T6071] kasan_save_stack+0x3e/0x60 [ 1521.235471][ T6071] __kasan_record_aux_stack+0xaf/0xc0 [ 1521.240860][ T6071] call_rcu+0x14f/0x920 [ 1521.245029][ T6071] netlink_release+0x16d8/0x1ad0 [ 1521.249983][ T6071] sock_close+0xbd/0x230 [ 1521.254237][ T6071] __fput+0x234/0x970 [ 1521.258226][ T6071] task_work_run+0x1ce/0x250 [ 1521.262828][ T6071] exit_to_user_mode_loop+0xe6/0x110 [ 1521.268212][ T6071] exit_to_user_mode_prepare+0xb1/0x140 [ 1521.273772][ T6071] syscall_exit_to_user_mode+0x1a/0x50 [ 1521.279243][ T6071] do_syscall_64+0x61/0xb0 [ 1521.283677][ T6071] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1521.289589][ T6071] [ 1521.291918][ T6071] The buggy address belongs to the object at ffff8880784bc000 [ 1521.291918][ T6071] which belongs to the cache kmalloc-2k of size 2048 [ 1521.305982][ T6071] The buggy address is located 152 bytes inside of [ 1521.305982][ T6071] freed 2048-byte region [ffff8880784bc000, ffff8880784bc800) [ 1521.319891][ T6071] [ 1521.322225][ T6071] The buggy address belongs to the physical page: [ 1521.328665][ T6071] page:ffffea0001e12e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x784b8 [ 1521.338842][ T6071] head:ffffea0001e12e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1521.347792][ T6071] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1521.356215][ T6071] page_type: 0xffffffff() [ 1521.360559][ T6071] raw: 00fff00000000840 ffff888017842000 0000000000000000 dead000000000001 [ 1521.369156][ T6071] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 1521.377749][ T6071] page dumped because: kasan: bad access detected [ 1521.384185][ T6071] page_owner tracks the page as allocated [ 1521.389907][ T6071] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5129, tgid 5129 (klogd), ts 97944407175, free_ts 92812704913 [ 1521.412071][ T6071] post_alloc_hook+0x1cd/0x210 [ 1521.416847][ T6071] get_page_from_freelist+0x195c/0x19f0 [ 1521.422404][ T6071] __alloc_pages+0x1e3/0x460 [ 1521.427000][ T6071] alloc_slab_page+0x5d/0x170 [ 1521.431683][ T6071] new_slab+0x87/0x2e0 [ 1521.435760][ T6071] ___slab_alloc+0xc6d/0x12f0 [ 1521.440453][ T6071] __kmem_cache_alloc_node+0x1a2/0x260 [ 1521.445917][ T6071] kmalloc_trace+0x2a/0xe0 [ 1521.450339][ T6071] syslog_print+0xd3/0x590 [ 1521.454766][ T6071] do_syslog+0x576/0x7f0 [ 1521.459015][ T6071] __x64_sys_syslog+0x7c/0x90 [ 1521.463704][ T6071] do_syscall_64+0x55/0xb0 [ 1521.468134][ T6071] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1521.474046][ T6071] page last free stack trace: [ 1521.478717][ T6071] free_unref_page_prepare+0x7ce/0x8e0 [ 1521.484188][ T6071] free_unref_page+0x32/0x2e0 [ 1521.488877][ T6071] __slab_free+0x35e/0x410 [ 1521.493302][ T6071] qlist_free_all+0x75/0xe0 [ 1521.497811][ T6071] kasan_quarantine_reduce+0x143/0x160 [ 1521.503280][ T6071] __kasan_slab_alloc+0x22/0x80 [ 1521.508159][ T6071] slab_post_alloc_hook+0x6e/0x4d0 [ 1521.513279][ T6071] kmem_cache_alloc_node+0x150/0x330 [ 1521.518572][ T6071] __alloc_skb+0x108/0x2c0 [ 1521.522995][ T6071] rtmsg_ifinfo_build_skb+0x8c/0x260 [ 1521.528288][ T6071] rtmsg_ifinfo+0x8c/0x1a0 [ 1521.532710][ T6071] netdev_state_change+0xf0/0x150 [ 1521.537744][ T6071] linkwatch_do_dev+0x10d/0x160 [ 1521.542606][ T6071] __linkwatch_run_queue+0x40f/0x660 [ 1521.547898][ T6071] linkwatch_event+0x4c/0x60 [ 1521.552500][ T6071] process_scheduled_works+0xa45/0x15b0 [ 1521.558056][ T6071] [ 1521.560384][ T6071] Memory state around the buggy address: [ 1521.566031][ T6071] ffff8880784bbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1521.574110][ T6071] ffff8880784bc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1521.582174][ T6071] >ffff8880784bc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1521.590246][ T6071] ^ [ 1521.595102][ T6071] ffff8880784bc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1521.603168][ T6071] ffff8880784bc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1521.611236][ T6071] ================================================================== [ 1521.619313][ T6071] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1521.626514][ T6071] CPU: 0 PID: 6071 Comm: kworker/0:4 Not tainted 6.6.95-syzkaller #0 [ 1521.634591][ T6071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1521.644651][ T6071] Workqueue: events do_submit_urb [ 1521.649722][ T6071] Call Trace: [ 1521.653013][ T6071] [ 1521.655953][ T6071] dump_stack_lvl+0x16c/0x230 [ 1521.660655][ T6071] ? show_regs_print_info+0x20/0x20 [ 1521.665870][ T6071] ? load_image+0x3b0/0x3b0 [ 1521.670390][ T6071] panic+0x2c0/0x710 [ 1521.674302][ T6071] ? bpf_jit_dump+0xd0/0xd0 [ 1521.678814][ T6071] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1521.684727][ T6071] ? _raw_spin_unlock+0x40/0x40 [ 1521.689590][ T6071] ? print_memory_metadata+0x314/0x400 [ 1521.695069][ T6071] ? __lock_acquire+0xff/0x7c80 [ 1521.699929][ T6071] check_panic_on_warn+0x84/0xa0 [ 1521.704876][ T6071] ? __lock_acquire+0xff/0x7c80 [ 1521.709736][ T6071] end_report+0x6f/0x140 [ 1521.713998][ T6071] kasan_report+0x128/0x150 [ 1521.718519][ T6071] ? __lock_acquire+0xff/0x7c80 [ 1521.723398][ T6071] __lock_acquire+0xff/0x7c80 [ 1521.728111][ T6071] ? mark_lock+0x94/0x320 [ 1521.732466][ T6071] ? __lock_acquire+0x1334/0x7c80 [ 1521.737509][ T6071] ? mark_lock+0x94/0x320 [ 1521.741862][ T6071] ? look_up_lock_class+0x75/0x140 [ 1521.747011][ T6071] ? verify_lock_unused+0x140/0x140 [ 1521.752238][ T6071] ? register_lock_class+0xb5/0x890 [ 1521.757558][ T6071] ? is_dynamic_key+0x260/0x260 [ 1521.762440][ T6071] ? mark_lock+0x94/0x320 [ 1521.766796][ T6071] ? __lock_acquire+0x1334/0x7c80 [ 1521.771837][ T6071] lock_acquire+0x197/0x410 [ 1521.776374][ T6071] ? smscore_getbuffer+0xa9/0x440 [ 1521.781432][ T6071] ? read_lock_is_recursive+0x20/0x20 [ 1521.786836][ T6071] _raw_spin_lock_irqsave+0xa8/0xf0 [ 1521.792076][ T6071] ? smscore_getbuffer+0xa9/0x440 [ 1521.797139][ T6071] ? _raw_spin_lock+0x40/0x40 [ 1521.801878][ T6071] smscore_getbuffer+0xa9/0x440 [ 1521.806799][ T6071] ? smscore_onresponse+0xf10/0xf10 [ 1521.812064][ T6071] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1521.818078][ T6071] ? read_lock_is_recursive+0x20/0x20 [ 1521.823481][ T6071] do_submit_urb+0x98/0x360 [ 1521.828080][ T6071] ? process_scheduled_works+0x957/0x15b0 [ 1521.833827][ T6071] ? process_scheduled_works+0x957/0x15b0 [ 1521.839570][ T6071] process_scheduled_works+0xa45/0x15b0 [ 1521.845155][ T6071] ? assign_work+0x400/0x400 [ 1521.849780][ T6071] ? assign_work+0x39e/0x400 [ 1521.854394][ T6071] worker_thread+0xa55/0xfc0 [ 1521.859037][ T6071] kthread+0x2fa/0x390 [ 1521.863135][ T6071] ? pr_cont_work+0x560/0x560 [ 1521.867840][ T6071] ? kthread_blkcg+0xd0/0xd0 [ 1521.872449][ T6071] ret_from_fork+0x48/0x80 [ 1521.876892][ T6071] ? kthread_blkcg+0xd0/0xd0 [ 1521.881500][ T6071] ret_from_fork_asm+0x11/0x20 [ 1521.886310][ T6071] [ 1521.889665][ T6071] Kernel Offset: disabled [ 1521.893997][ T6071] Rebooting in 86400 seconds..