last executing test programs: 11.065041892s ago: executing program 2 (id=999): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10008, &(0x7f0000000080)={[{@nombcache}, {@nogrpid}]}, 0xff, 0x49e, &(0x7f0000000f40)="$eJzs3M9vFFUcAPDvbH/Qyo9WRBQEraCR+KOlBZWDBzSaeNDERA94rG1BZKGG1gRIo8UYPBoS78ajiX+BNy9GPRgTr5p4NCREe6F4qpmdGbpsd0u3tF3pfj7Jdt/bmd33vjPv7b6Z15kA2tZA+ieJ2BYRv0dEX5a9fYWB7Gl+bmbs5tzMWBILC2//nVTWuzE3M1asWrxva545VIoofZbE8WRpuVMXL50ZLZcnzuf5oemzHw5NXbz03Omzo6cmTk2cGzl27OiR4RdfGHl+TeJM47qx9+PJfXtef/fqm2Mnrr7307dptXbvz5ZXx3FHN+sEVMdAutX+WaioXfZkE3W/F2yvSiedLawITemIiHR3dVX6f190xOLO64vXPm1p5YB1lf42bWm8eHYB2MSSaHUNgNYofujT49/isUFDj/+F6y9HdOfp+bmZsflb8XdGKX+9ax3LH4iIE7P/fpU+otnzEAAAq1AZ2zxbb/xXit2V52yuY0c+h9IfEfdHxM6IeCAidkXEgxGVdR+KiIezNy/0rbD8gZr80vFP6VrdOq+RdPz3UtXYb74q/vypvyPPba/E35WcPF2eOJxvk0PRtSXNDy9Txvev/vZFo2XV47/0kZZfjAXzClzrrDlBNz46PbpWG+H65Yi9nfXiT27NBKQtYE9E7G3uo3cUidNPf7Ov0Up3jn8ZazDPtPB1xFPZ/p+NmvgLyfLzk0M9UZ44PFS0iqV+/vXKW43Kv6v418D1A49kicX9X7NGVUMrlyfOTzVfxpU/Pm94TLPa9t+dvFOZs/7l/ey1C6PT0+eHI7qTNyr54piu8vrI4nsvjE73pvli/bT9HzpYv//vzN+T7v90K6WNeH9EPBoRj+V1fzwiDkTEwWXi//GVJz5YJv4kkmjd/r8cMV73++9W++9PqufrV5HoOPPDd41mzFe2/4/GbOW7NlP5/ruDlVbwLjcfAAAA3BNKEbEtktJglh7YFqXS4GD2P/y74r5SeXJq+pmTkx+dG8+uEeiPrlJxpquv6nzocDKbf2KWH8nPFRfLj+Tnjb/s6K3kB8cmy+Mtjh3a3dbb+38U/T/1V0erawesO9drQfuq7f+lFtUD2Hgr+f13LACb0+39vyf909uqugAby/E/tK96/f+TmrzxP2xOS/v/n3VuWQdsRsb/0L70f2hf+j+0pWYu54/jjRb1REQztwUoLhZY/V0FelZ8hX+7JIo7XqxnWb1x6Ux3/kqUWhRpR5ONbVMk0h6zsYUu3kMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgXvZfAAAA//8hId5P") mount$overlay(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000001c0), 0x18805, &(0x7f0000000100)={[{@userxattr, 0x0}], [], 0x2c}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x432300c, 0x0, 0x21, 0x0, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0xa, 0xaa1) mkdir(&(0x7f0000000040)='./file0\x00', 0x28) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000001c0)=0x10) lstat(&(0x7f00000005c0)='./file1\x00', 0x0) 9.468909175s ago: executing program 1 (id=1004): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) getrusage(0xffffffffffffffff, 0x0) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x22, 0xa, 0x0) getsockname$packet(r6, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff00", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c00010062726964"], 0x3c}}, 0x0) 7.733350302s ago: executing program 1 (id=1008): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000000200", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000c80)=ANY=[@ANYBLOB="00000c040000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000c40)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="c00d05"], 0x0, 0x0, 0x0, 0x0}) 6.731488209s ago: executing program 3 (id=1012): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x40080) r3 = epoll_create(0x7) keyctl$clear(0x3, 0xfffffffffffffffd) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000200)) syz_emit_ethernet(0xf5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) dup3(r4, r3, 0x80000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r0, 0x12) 6.70832339s ago: executing program 2 (id=1013): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000000)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000340)={0x24, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}}}, {{0xa, 0x1, 0x0, @remote, 0x47e8a}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x1, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x108) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r4, 0xffffffffffffffff, 0x0) 6.029224368s ago: executing program 2 (id=1017): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10008, &(0x7f0000000080)={[{@nombcache}, {@nogrpid}]}, 0xff, 0x49e, &(0x7f0000000f40)="$eJzs3M9vFFUcAPDvbH/Qyo9WRBQEraCR+KOlBZWDBzSaeNDERA94rG1BZKGG1gRIo8UYPBoS78ajiX+BNy9GPRgTr5p4NCREe6F4qpmdGbpsd0u3tF3pfj7Jdt/bmd33vjPv7b6Z15kA2tZA+ieJ2BYRv0dEX5a9fYWB7Gl+bmbs5tzMWBILC2//nVTWuzE3M1asWrxva545VIoofZbE8WRpuVMXL50ZLZcnzuf5oemzHw5NXbz03Omzo6cmTk2cGzl27OiR4RdfGHl+TeJM47qx9+PJfXtef/fqm2Mnrr7307dptXbvz5ZXx3FHN+sEVMdAutX+WaioXfZkE3W/F2yvSiedLawITemIiHR3dVX6f190xOLO64vXPm1p5YB1lf42bWm8eHYB2MSSaHUNgNYofujT49/isUFDj/+F6y9HdOfp+bmZsflb8XdGKX+9ax3LH4iIE7P/fpU+otnzEAAAq1AZ2zxbb/xXit2V52yuY0c+h9IfEfdHxM6IeCAidkXEgxGVdR+KiIezNy/0rbD8gZr80vFP6VrdOq+RdPz3UtXYb74q/vypvyPPba/E35WcPF2eOJxvk0PRtSXNDy9Txvev/vZFo2XV47/0kZZfjAXzClzrrDlBNz46PbpWG+H65Yi9nfXiT27NBKQtYE9E7G3uo3cUidNPf7Ov0Up3jn8ZazDPtPB1xFPZ/p+NmvgLyfLzk0M9UZ44PFS0iqV+/vXKW43Kv6v418D1A49kicX9X7NGVUMrlyfOTzVfxpU/Pm94TLPa9t+dvFOZs/7l/ey1C6PT0+eHI7qTNyr54piu8vrI4nsvjE73pvli/bT9HzpYv//vzN+T7v90K6WNeH9EPBoRj+V1fzwiDkTEwWXi//GVJz5YJv4kkmjd/r8cMV73++9W++9PqufrV5HoOPPDd41mzFe2/4/GbOW7NlP5/ruDlVbwLjcfAAAA3BNKEbEtktJglh7YFqXS4GD2P/y74r5SeXJq+pmTkx+dG8+uEeiPrlJxpquv6nzocDKbf2KWH8nPFRfLj+Tnjb/s6K3kB8cmy+Mtjh3a3dbb+38U/T/1V0erawesO9drQfuq7f+lFtUD2Hgr+f13LACb0+39vyf909uqugAby/E/tK96/f+TmrzxP2xOS/v/n3VuWQdsRsb/0L70f2hf+j+0pWYu54/jjRb1REQztwUoLhZY/V0FelZ8hX+7JIo7XqxnWb1x6Ux3/kqUWhRpR5ONbVMk0h6zsYUu3kMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgXvZfAAAA//8hId5P") mount$overlay(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000001c0), 0x18805, &(0x7f0000000100)={[{@userxattr, 0x0}], [], 0x2c}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x432300c, 0x0, 0x21, 0x0, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0xa, 0xaa1) mkdir(&(0x7f0000000040)='./file0\x00', 0x28) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0)=0x10) lstat(&(0x7f00000005c0)='./file1\x00', 0x0) 4.881140869s ago: executing program 3 (id=1018): sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='debugfs\x00', 0x2200003, 0x0) 3.946578584s ago: executing program 0 (id=1021): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) getrusage(0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x14, 0x4, 0x4, 0x22}, 0x50) fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fchdir(0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x3, 0x0) socket(0x22, 0xa, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff00", @ANYRES32, @ANYBLOB="01000000010000001c0012000c00010062726964"], 0x3c}}, 0x0) 3.70352574s ago: executing program 4 (id=1023): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000000)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000340)={0x24, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}}}, {{0xa, 0x1, 0x0, @remote, 0x47e8a}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x1, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x108) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r4, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 3.220739023s ago: executing program 3 (id=1024): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10008, &(0x7f0000000080)={[{@nombcache}, {@nogrpid}]}, 0xff, 0x49e, &(0x7f0000000f40)="$eJzs3M9vFFUcAPDvbH/Qyo9WRBQEraCR+KOlBZWDBzSaeNDERA94rG1BZKGG1gRIo8UYPBoS78ajiX+BNy9GPRgTr5p4NCREe6F4qpmdGbpsd0u3tF3pfj7Jdt/bmd33vjPv7b6Z15kA2tZA+ieJ2BYRv0dEX5a9fYWB7Gl+bmbs5tzMWBILC2//nVTWuzE3M1asWrxva545VIoofZbE8WRpuVMXL50ZLZcnzuf5oemzHw5NXbz03Omzo6cmTk2cGzl27OiR4RdfGHl+TeJM47qx9+PJfXtef/fqm2Mnrr7307dptXbvz5ZXx3FHN+sEVMdAutX+WaioXfZkE3W/F2yvSiedLawITemIiHR3dVX6f190xOLO64vXPm1p5YB1lf42bWm8eHYB2MSSaHUNgNYofujT49/isUFDj/+F6y9HdOfp+bmZsflb8XdGKX+9ax3LH4iIE7P/fpU+otnzEAAAq1AZ2zxbb/xXit2V52yuY0c+h9IfEfdHxM6IeCAidkXEgxGVdR+KiIezNy/0rbD8gZr80vFP6VrdOq+RdPz3UtXYb74q/vypvyPPba/E35WcPF2eOJxvk0PRtSXNDy9Txvev/vZFo2XV47/0kZZfjAXzClzrrDlBNz46PbpWG+H65Yi9nfXiT27NBKQtYE9E7G3uo3cUidNPf7Ov0Up3jn8ZazDPtPB1xFPZ/p+NmvgLyfLzk0M9UZ44PFS0iqV+/vXKW43Kv6v418D1A49kicX9X7NGVUMrlyfOTzVfxpU/Pm94TLPa9t+dvFOZs/7l/ey1C6PT0+eHI7qTNyr54piu8vrI4nsvjE73pvli/bT9HzpYv//vzN+T7v90K6WNeH9EPBoRj+V1fzwiDkTEwWXi//GVJz5YJv4kkmjd/r8cMV73++9W++9PqufrV5HoOPPDd41mzFe2/4/GbOW7NlP5/ruDlVbwLjcfAAAA3BNKEbEtktJglh7YFqXS4GD2P/y74r5SeXJq+pmTkx+dG8+uEeiPrlJxpquv6nzocDKbf2KWH8nPFRfLj+Tnjb/s6K3kB8cmy+Mtjh3a3dbb+38U/T/1V0erawesO9drQfuq7f+lFtUD2Hgr+f13LACb0+39vyf909uqugAby/E/tK96/f+TmrzxP2xOS/v/n3VuWQdsRsb/0L70f2hf+j+0pWYu54/jjRb1REQztwUoLhZY/V0FelZ8hX+7JIo7XqxnWb1x6Ux3/kqUWhRpR5ONbVMk0h6zsYUu3kMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgXvZfAAAA//8hId5P") mount$overlay(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000001c0), 0x18805, &(0x7f0000000100)={[{@userxattr, 0x0}], [], 0x2c}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x432300c, 0x0, 0x21, 0x0, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0xa, 0xaa1) mkdir(&(0x7f0000000040)='./file0\x00', 0x28) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000001c0)=0x10) lstat(&(0x7f00000005c0)='./file1\x00', 0x0) 3.205174464s ago: executing program 4 (id=1025): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, 0x0, 0x0) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) write(0xffffffffffffffff, &(0x7f0000000000), 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt(0xffffffffffffffff, 0x10117, 0xfbfffffe, 0x0, 0x0) ftruncate(r1, 0x5) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a03000000000000000000070000000900010073797a30000000002c0000000b0a0101"], 0x74}}, 0x0) 3.187994634s ago: executing program 2 (id=1026): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x9, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5") openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.stat\x00', 0x275a, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_kvm_add_vcpu$x86(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(0x0, 0x1) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=@getqdisc={0x24, 0x26, 0x705, 0x70bf2b, 0x5, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xffe0}, {0xc, 0x78bbe9f1cfa0a994}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20004000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 3.102544247s ago: executing program 4 (id=1027): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x40080) r3 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000200)) syz_emit_ethernet(0xf5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) dup3(r4, r3, 0x80000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r0, 0x12) 3.102258577s ago: executing program 0 (id=1028): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(r0, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x40080) r3 = epoll_create(0x7) keyctl$clear(0x3, 0xfffffffffffffffd) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000200)) syz_emit_ethernet(0xf5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) dup3(r4, r3, 0x80000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r0, 0x12) 2.850741734s ago: executing program 1 (id=1029): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10008, &(0x7f0000000080)={[{@nombcache}, {@nogrpid}]}, 0xff, 0x49e, &(0x7f0000000f40)="$eJzs3M9vFFUcAPDvbH/Qyo9WRBQEraCR+KOlBZWDBzSaeNDERA94rG1BZKGG1gRIo8UYPBoS78ajiX+BNy9GPRgTr5p4NCREe6F4qpmdGbpsd0u3tF3pfj7Jdt/bmd33vjPv7b6Z15kA2tZA+ieJ2BYRv0dEX5a9fYWB7Gl+bmbs5tzMWBILC2//nVTWuzE3M1asWrxva545VIoofZbE8WRpuVMXL50ZLZcnzuf5oemzHw5NXbz03Omzo6cmTk2cGzl27OiR4RdfGHl+TeJM47qx9+PJfXtef/fqm2Mnrr7307dptXbvz5ZXx3FHN+sEVMdAutX+WaioXfZkE3W/F2yvSiedLawITemIiHR3dVX6f190xOLO64vXPm1p5YB1lf42bWm8eHYB2MSSaHUNgNYofujT49/isUFDj/+F6y9HdOfp+bmZsflb8XdGKX+9ax3LH4iIE7P/fpU+otnzEAAAq1AZ2zxbb/xXit2V52yuY0c+h9IfEfdHxM6IeCAidkXEgxGVdR+KiIezNy/0rbD8gZr80vFP6VrdOq+RdPz3UtXYb74q/vypvyPPba/E35WcPF2eOJxvk0PRtSXNDy9Txvev/vZFo2XV47/0kZZfjAXzClzrrDlBNz46PbpWG+H65Yi9nfXiT27NBKQtYE9E7G3uo3cUidNPf7Ov0Up3jn8ZazDPtPB1xFPZ/p+NmvgLyfLzk0M9UZ44PFS0iqV+/vXKW43Kv6v418D1A49kicX9X7NGVUMrlyfOTzVfxpU/Pm94TLPa9t+dvFOZs/7l/ey1C6PT0+eHI7qTNyr54piu8vrI4nsvjE73pvli/bT9HzpYv//vzN+T7v90K6WNeH9EPBoRj+V1fzwiDkTEwWXi//GVJz5YJv4kkmjd/r8cMV73++9W++9PqufrV5HoOPPDd41mzFe2/4/GbOW7NlP5/ruDlVbwLjcfAAAA3BNKEbEtktJglh7YFqXS4GD2P/y74r5SeXJq+pmTkx+dG8+uEeiPrlJxpquv6nzocDKbf2KWH8nPFRfLj+Tnjb/s6K3kB8cmy+Mtjh3a3dbb+38U/T/1V0erawesO9drQfuq7f+lFtUD2Hgr+f13LACb0+39vyf909uqugAby/E/tK96/f+TmrzxP2xOS/v/n3VuWQdsRsb/0L70f2hf+j+0pWYu54/jjRb1REQztwUoLhZY/V0FelZ8hX+7JIo7XqxnWb1x6Ux3/kqUWhRpR5ONbVMk0h6zsYUu3kMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgXvZfAAAA//8hId5P") mount$overlay(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000001c0), 0x18805, &(0x7f0000000100)={[{@userxattr, 0x0}], [], 0x2c}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x28) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0)=0x10) lstat(&(0x7f00000005c0)='./file1\x00', 0x0) 2.25850237s ago: executing program 0 (id=1030): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x50007a2) mkdir(&(0x7f0000000100)='./bus\x00', 0x148) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r3, 0x5607, 0x2c) ioctl$UFFDIO_MOVE(0xffffffffffffffff, 0xc028aa05, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'batadv_slave_1\x00', 0x4002}) write$tun(r6, &(0x7f00000002c0)=ANY=[@ANYBLOB="000008000100000000003d0000002a6ad5fde1b6554242ac90fef9878574f7e568ff42b7b7151d6986161da58b840d7a6e0eb3043a1558ebd5cef21a7956a4a27397b66d946c4b948e98ec852cd40c1b51c39a1487d8b9912cf4e3091607d53f02f0954c89d08eec9bb780ff23d2f0e347d88d0edf4ca5d5c4f8b2ed6a9e836bccb2c65020578c56730534689dc1cbb21044dc8cd15b504503e509d0fc2c7867d80f8fdd6bdc48cab8187e71a8ff8f05285679ca69809a7b7d04e80a81a9e75924162806c973348c57c81c5ba24fde98d8006dafb1e0a6096257000000000000000101000000000000d6bfd3a3b3de791ae4f6261cd36aa5d8bf1c00abad96ba1ad6f6fec538aa447e4c"], 0xdf) ioctl$VT_ACTIVATE(r4, 0x5606, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]}) 2.25834915s ago: executing program 3 (id=1031): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10008, &(0x7f0000000080)={[{@nombcache}, {@nogrpid}]}, 0xff, 0x49e, &(0x7f0000000f40)="$eJzs3M9vFFUcAPDvbH/Qyo9WRBQEraCR+KOlBZWDBzSaeNDERA94rG1BZKGG1gRIo8UYPBoS78ajiX+BNy9GPRgTr5p4NCREe6F4qpmdGbpsd0u3tF3pfj7Jdt/bmd33vjPv7b6Z15kA2tZA+ieJ2BYRv0dEX5a9fYWB7Gl+bmbs5tzMWBILC2//nVTWuzE3M1asWrxva545VIoofZbE8WRpuVMXL50ZLZcnzuf5oemzHw5NXbz03Omzo6cmTk2cGzl27OiR4RdfGHl+TeJM47qx9+PJfXtef/fqm2Mnrr7307dptXbvz5ZXx3FHN+sEVMdAutX+WaioXfZkE3W/F2yvSiedLawITemIiHR3dVX6f190xOLO64vXPm1p5YB1lf42bWm8eHYB2MSSaHUNgNYofujT49/isUFDj/+F6y9HdOfp+bmZsflb8XdGKX+9ax3LH4iIE7P/fpU+otnzEAAAq1AZ2zxbb/xXit2V52yuY0c+h9IfEfdHxM6IeCAidkXEgxGVdR+KiIezNy/0rbD8gZr80vFP6VrdOq+RdPz3UtXYb74q/vypvyPPba/E35WcPF2eOJxvk0PRtSXNDy9Txvev/vZFo2XV47/0kZZfjAXzClzrrDlBNz46PbpWG+H65Yi9nfXiT27NBKQtYE9E7G3uo3cUidNPf7Ov0Up3jn8ZazDPtPB1xFPZ/p+NmvgLyfLzk0M9UZ44PFS0iqV+/vXKW43Kv6v418D1A49kicX9X7NGVUMrlyfOTzVfxpU/Pm94TLPa9t+dvFOZs/7l/ey1C6PT0+eHI7qTNyr54piu8vrI4nsvjE73pvli/bT9HzpYv//vzN+T7v90K6WNeH9EPBoRj+V1fzwiDkTEwWXi//GVJz5YJv4kkmjd/r8cMV73++9W++9PqufrV5HoOPPDd41mzFe2/4/GbOW7NlP5/ruDlVbwLjcfAAAA3BNKEbEtktJglh7YFqXS4GD2P/y74r5SeXJq+pmTkx+dG8+uEeiPrlJxpquv6nzocDKbf2KWH8nPFRfLj+Tnjb/s6K3kB8cmy+Mtjh3a3dbb+38U/T/1V0erawesO9drQfuq7f+lFtUD2Hgr+f13LACb0+39vyf909uqugAby/E/tK96/f+TmrzxP2xOS/v/n3VuWQdsRsb/0L70f2hf+j+0pWYu54/jjRb1REQztwUoLhZY/V0FelZ8hX+7JIo7XqxnWb1x6Ux3/kqUWhRpR5ONbVMk0h6zsYUu3kMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgXvZfAAAA//8hId5P") mount$overlay(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000001c0), 0x18805, &(0x7f0000000100)={[{@userxattr, 0x0}], [], 0x2c}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x432300c, 0x0, 0x21, 0x0, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0xa, 0xaa1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000001c0)=0x10) lstat(&(0x7f00000005c0)='./file1\x00', 0x0) 2.258065799s ago: executing program 4 (id=1032): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) getrusage(0xffffffffffffffff, 0x0) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x22, 0xa, 0x0) getsockname$packet(r6, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff00", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c00010062726964"], 0x3c}}, 0x0) 1.998849886s ago: executing program 0 (id=1033): sched_rr_get_interval(0x0, &(0x7f0000000340)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000040)={0x1, 0x401, 0xfffffffd, 0x7, 0x7, "04419208367800003800080100000000c2dd00", 0x10, 0x200}) fcntl$setstatus(r4, 0x4, 0x2000) r5 = socket(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x3}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xe, 0x5}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x64715b09331be8e5}, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)=0x1) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8) 1.835376081s ago: executing program 2 (id=1034): sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='debugfs\x00', 0x2200003, 0x0) 1.783960622s ago: executing program 1 (id=1035): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) getrusage(0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x14, 0x4, 0x4, 0x22}, 0x50) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(0xffffffffffffffff, 0x0, 0x0) fchdir(r3) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) utimensat(r4, 0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x3, 0x0) r5 = socket(0x22, 0xa, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff00", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c00010062726964"], 0x3c}}, 0x0) 1.373816103s ago: executing program 3 (id=1036): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000000)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000340)={0x24, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}}}, {{0xa, 0x1, 0x0, @remote, 0x47e8a}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x1, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x108) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.373584813s ago: executing program 4 (id=1037): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c09425, &(0x7f0000000380)={"b8e50a31a002b94fcd8fc4db3056309d", 0x0, 0x0, {0x7, 0x100}, {0xffffffffffffff7f, 0x5}, 0x51, [0x7, 0x3, 0xe, 0x2, 0x9, 0x8, 0xd8e, 0x7fc0000, 0x5, 0x0, 0x6, 0x3, 0x5, 0x49, 0xfffffffffffffffe, 0xc]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0xfffffffffffffeef, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet(0x2, 0x80001, 0x84) llistxattr(0x0, 0x0, 0x0) 876.950237ms ago: executing program 3 (id=1038): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x50007a2) mkdir(&(0x7f0000000100)='./bus\x00', 0x148) chdir(&(0x7f00000001c0)='./bus\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]}) 827.149698ms ago: executing program 1 (id=1039): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) getrusage(0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x14, 0x4, 0x4, 0x22}, 0x50) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x3, 0x0) socket(0x22, 0xa, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff00", @ANYRES32, @ANYBLOB="01000000010000001c0012000c00010062726964"], 0x3c}}, 0x0) 494.698867ms ago: executing program 4 (id=1040): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10008, &(0x7f0000000080)={[{@nombcache}, {@nogrpid}]}, 0xff, 0x49e, &(0x7f0000000f40)="$eJzs3M9vFFUcAPDvbH/Qyo9WRBQEraCR+KOlBZWDBzSaeNDERA94rG1BZKGG1gRIo8UYPBoS78ajiX+BNy9GPRgTr5p4NCREe6F4qpmdGbpsd0u3tF3pfj7Jdt/bmd33vjPv7b6Z15kA2tZA+ieJ2BYRv0dEX5a9fYWB7Gl+bmbs5tzMWBILC2//nVTWuzE3M1asWrxva545VIoofZbE8WRpuVMXL50ZLZcnzuf5oemzHw5NXbz03Omzo6cmTk2cGzl27OiR4RdfGHl+TeJM47qx9+PJfXtef/fqm2Mnrr7307dptXbvz5ZXx3FHN+sEVMdAutX+WaioXfZkE3W/F2yvSiedLawITemIiHR3dVX6f190xOLO64vXPm1p5YB1lf42bWm8eHYB2MSSaHUNgNYofujT49/isUFDj/+F6y9HdOfp+bmZsflb8XdGKX+9ax3LH4iIE7P/fpU+otnzEAAAq1AZ2zxbb/xXit2V52yuY0c+h9IfEfdHxM6IeCAidkXEgxGVdR+KiIezNy/0rbD8gZr80vFP6VrdOq+RdPz3UtXYb74q/vypvyPPba/E35WcPF2eOJxvk0PRtSXNDy9Txvev/vZFo2XV47/0kZZfjAXzClzrrDlBNz46PbpWG+H65Yi9nfXiT27NBKQtYE9E7G3uo3cUidNPf7Ov0Up3jn8ZazDPtPB1xFPZ/p+NmvgLyfLzk0M9UZ44PFS0iqV+/vXKW43Kv6v418D1A49kicX9X7NGVUMrlyfOTzVfxpU/Pm94TLPa9t+dvFOZs/7l/ey1C6PT0+eHI7qTNyr54piu8vrI4nsvjE73pvli/bT9HzpYv//vzN+T7v90K6WNeH9EPBoRj+V1fzwiDkTEwWXi//GVJz5YJv4kkmjd/r8cMV73++9W++9PqufrV5HoOPPDd41mzFe2/4/GbOW7NlP5/ruDlVbwLjcfAAAA3BNKEbEtktJglh7YFqXS4GD2P/y74r5SeXJq+pmTkx+dG8+uEeiPrlJxpquv6nzocDKbf2KWH8nPFRfLj+Tnjb/s6K3kB8cmy+Mtjh3a3dbb+38U/T/1V0erawesO9drQfuq7f+lFtUD2Hgr+f13LACb0+39vyf909uqugAby/E/tK96/f+TmrzxP2xOS/v/n3VuWQdsRsb/0L70f2hf+j+0pWYu54/jjRb1REQztwUoLhZY/V0FelZ8hX+7JIo7XqxnWb1x6Ux3/kqUWhRpR5ONbVMk0h6zsYUu3kMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgXvZfAAAA//8hId5P") mount$overlay(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000001c0), 0x18805, &(0x7f0000000100)={[{@userxattr, 0x0}], [], 0x2c}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x432300c, 0x0, 0x21, 0x0, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0xa, 0xaa1) mkdir(&(0x7f0000000040)='./file0\x00', 0x28) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000001c0)=0x10) lstat(&(0x7f00000005c0)='./file1\x00', 0x0) 439.492439ms ago: executing program 2 (id=1041): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(r0, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x40080) r3 = epoll_create(0x7) keyctl$clear(0x3, 0xfffffffffffffffd) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000200)) syz_emit_ethernet(0xf5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) dup3(r4, r3, 0x80000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300)=r0, 0x12) 118.575077ms ago: executing program 0 (id=1042): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x50007a2) chdir(&(0x7f00000001c0)='./bus\x00') ioctl$UFFDIO_MOVE(0xffffffffffffffff, 0xc028aa05, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$VT_ACTIVATE(r3, 0x5606, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x275a, 0x0) fallocate(r5, 0x80000000000000, 0x0, 0x8000) pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00') 118.233087ms ago: executing program 0 (id=1043): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c09425, &(0x7f0000000380)={"b8e50a31a002b94fcd8fc4db3056309d", 0x0, 0x0, {0x7, 0x100}, {0xffffffffffffff7f, 0x5}, 0x51, [0x7, 0x3, 0xe, 0x2, 0x9, 0x8, 0xd8e, 0x7fc0000, 0x5, 0x0, 0x6, 0x3, 0x5, 0x49, 0xfffffffffffffffe, 0xc]}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xfffffffffffffeef, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000200000001103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1044): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x9, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5") openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.stat\x00', 0x275a, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_kvm_add_vcpu$x86(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(0x0, 0x1) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=@getqdisc={0x24, 0x26, 0x705, 0x70bf2b, 0x5, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xffe0}, {0xc, 0x78bbe9f1cfa0a994}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20004000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): e1 [ 70.884872][ T1429] RSP: 0018:ffffc90000cc76c0 EFLAGS: 00010293 [ 70.884885][ T1429] RAX: ffffffff820173d9 RBX: 1ffff11022372f9e RCX: ffff88810b2a8000 [ 70.884898][ T1429] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 70.884907][ T1429] RBP: ffffc90000cc76f0 R08: ffff8881292c00c7 R09: 1ffff11025258018 [ 70.884920][ T1429] R10: dffffc0000000000 R11: ffffed1025258019 R12: ffff888111b97cc0 [ 70.884933][ T1429] R13: 0000000000000000 R14: ffff8881292c0020 R15: ffff888111b97cf0 [ 70.884945][ T1429] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 70.884959][ T1429] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.884971][ T1429] CR2: 0000001b2e9f3ff8 CR3: 0000000135ff5000 CR4: 00000000003506b0 [ 70.884985][ T1429] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.884995][ T1429] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.885005][ T1429] Call Trace: [ 70.885010][ T1429] [ 70.885017][ T1429] ovl_do_remove+0x5f6/0x9a0 [ 70.885032][ T1429] ? ovl_getattr+0xf80/0xf80 [ 70.885049][ T1429] ? ovl_set_redirect+0x670/0x670 [ 70.885065][ T1429] ? selinux_inode_rmdir+0x22/0x30 [ 70.885083][ T1429] ovl_rmdir+0x1a/0x20 [ 70.885096][ T1429] vfs_rmdir+0x313/0x460 [ 70.885113][ T1429] incfs_kill_sb+0x198/0x220 [ 70.885131][ T1429] deactivate_locked_super+0xa0/0x100 [ 70.885148][ T1429] deactivate_super+0xaf/0xe0 [ 70.885164][ T1429] cleanup_mnt+0x45b/0x510 [ 70.885182][ T1429] __cleanup_mnt+0x19/0x20 [ 70.885197][ T1429] task_work_run+0x127/0x190 [ 70.885213][ T1429] do_exit+0xa9e/0x27e0 [ 70.885230][ T1429] ? kasan_set_track+0x5b/0x70 [ 70.885265][ T1429] ? put_task_struct+0x90/0x90 [ 70.885286][ T1429] ? __kasan_slab_free+0x11/0x20 [ 70.885301][ T1429] ? slab_free_freelist_hook+0xc2/0x190 [ 70.885319][ T1429] ? kfree+0xc4/0x270 [ 70.885334][ T1429] ? __se_sys_mount+0x353/0x390 [ 70.885349][ T1429] ? __x64_sys_mount+0xbf/0xd0 [ 70.885365][ T1429] ? futex_exit_release+0x1d0/0x1d0 [ 70.885383][ T1429] ? __kasan_check_write+0x14/0x20 [ 70.885400][ T1429] ? _raw_spin_lock_irq+0x95/0xf0 [ 70.885418][ T1429] do_group_exit+0x141/0x310 [ 70.885433][ T1429] ? __kasan_check_write+0x14/0x20 [ 70.885450][ T1429] get_signal+0x66a/0x1480 [ 70.885470][ T1429] arch_do_signal_or_restart+0xdf/0x11c0 [ 70.885491][ T1429] ? kfree+0xc4/0x270 [ 70.885507][ T1429] ? ____kasan_slab_free+0x130/0x160 [ 70.885537][ T1429] ? __kasan_slab_free+0x11/0x20 [ 70.885561][ T1429] ? slab_free_freelist_hook+0xc2/0x190 [ 70.885580][ T1429] ? __se_sys_mount+0x353/0x390 [ 70.885596][ T1429] ? get_sigframe_size+0x10/0x10 [ 70.885610][ T1429] ? __se_sys_futex+0x135/0x330 [ 70.885630][ T1429] exit_to_user_mode_loop+0xa7/0xe0 [ 70.885647][ T1429] exit_to_user_mode_prepare+0x87/0xd0 [ 70.885663][ T1429] syscall_exit_to_user_mode+0x1a/0x30 [ 70.885683][ T1429] do_syscall_64+0x58/0xa0 [ 70.885701][ T1429] ? clear_bhb_loop+0x50/0xa0 [ 70.885715][ T1429] ? clear_bhb_loop+0x50/0xa0 [ 70.885729][ T1429] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 70.885747][ T1429] RIP: 0033:0x7fb270fd8dd9 [ 70.885759][ T1429] Code: Unable to access opcode bytes at RIP 0x7fb270fd8daf. [ 70.885767][ T1429] RSP: 002b:00007fb26fa330e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 70.885784][ T1429] RAX: fffffffffffffe00 RBX: 00007fb271251fa8 RCX: 00007fb270fd8dd9 [ 70.885797][ T1429] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb271251fa8 [ 70.885807][ T1429] RBP: 00007fb271251fa0 R08: 0000000000000000 R09: 0000000000000000 [ 70.885818][ T1429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.885828][ T1429] R13: 00007fb271252038 R14: 00007ffd6491c9c0 R15: 00007ffd6491caa8 [ 70.885842][ T1429] [ 70.885847][ T1429] ---[ end trace 46756aad84db7e5f ]--- [ 72.127820][ T1450] fuse: Unknown parameter 'user_i00000000000000000000' [ 73.016732][ T302] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 73.525077][ T1478] loop1: detected capacity change from 0 to 2048 [ 73.599679][ T1478] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 73.621778][ T302] usb 5-1: Using ep0 maxpacket: 32 [ 73.690125][ T1490] netlink: 12 bytes leftover after parsing attributes in process `syz.0.412'. [ 73.740989][ T1489] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 73.810199][ T1489] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 73.874142][ T1489] EXT4-fs (loop1): This should not happen!! Data will be lost [ 73.874142][ T1489] [ 73.920999][ T1489] EXT4-fs (loop1): Total free blocks count 0 [ 73.953627][ T1489] EXT4-fs (loop1): Free/Dirty block details [ 73.985346][ T1489] EXT4-fs (loop1): free_blocks=2415919504 [ 74.016190][ T1489] EXT4-fs (loop1): dirty_blocks=16 [ 74.044472][ T1489] EXT4-fs (loop1): Block reservation details [ 74.123793][ T1489] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 74.194175][ T1493] fuse: Unknown parameter '00000000000000000003' [ 74.521902][ T8] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 74.564293][ T8] EXT4-fs (loop1): This should not happen!! Data will be lost [ 74.564293][ T8] [ 74.611699][ T302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.626852][ T302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.639113][ T1505] loop2: detected capacity change from 0 to 4096 [ 74.645571][ T302] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 74.657158][ T302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.670647][ T1505] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 74.698076][ T302] usb 5-1: config 0 descriptor?? [ 74.753501][ T1511] loop1: detected capacity change from 0 to 4096 [ 74.772304][ T302] hub 5-1:0.0: USB hub found [ 74.783031][ T1511] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 74.795218][ T1511] EXT4-fs (loop1): Test dummy encryption mode enabled [ 74.803560][ T1511] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 74.812043][ T1511] System zones: 0-5 [ 74.816784][ T1511] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 75.074761][ T302] hub 5-1:0.0: 1 port detected [ 75.151244][ T1511] ------------[ cut here ]------------ [ 75.157122][ T1511] WARNING: CPU: 0 PID: 1511 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 75.171140][ T1511] Modules linked in: [ 75.178263][ T1511] CPU: 0 PID: 1511 Comm: syz.1.424 Tainted: G W syzkaller #0 [ 75.197225][ T1511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 75.217797][ T1511] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 75.231152][ T1511] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 75.269493][ T1511] RSP: 0018:ffffc90000c576c0 EFLAGS: 00010293 [ 75.281876][ T1511] RAX: ffffffff820173d9 RBX: 1ffff11021a2b338 RCX: ffff8881071acf00 [ 75.294374][ T1511] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.302906][ T1511] RBP: ffffc90000c576f0 R08: ffff8881293fab0f R09: 1ffff1102527f561 [ 75.311050][ T1511] R10: dffffc0000000000 R11: ffffed102527f562 R12: ffff88810d159990 [ 75.319451][ T1511] R13: 0000000000000000 R14: ffff8881293faa68 R15: ffff88810d1599c0 [ 75.327607][ T1511] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 75.336794][ T1511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.343552][ T1511] CR2: 0000001b2e920ff8 CR3: 00000001250aa000 CR4: 00000000003506b0 [ 75.351795][ T1511] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.366999][ T1511] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.383256][ T1511] Call Trace: [ 75.389681][ T1511] [ 75.396808][ T1511] ovl_do_remove+0x5f6/0x9a0 [ 75.405532][ T1511] ? ovl_getattr+0xf80/0xf80 [ 75.416825][ T1511] ? ovl_set_redirect+0x670/0x670 [ 75.427502][ T1511] ? selinux_inode_rmdir+0x22/0x30 [ 75.445409][ T1511] ovl_rmdir+0x1a/0x20 [ 75.449518][ T1511] vfs_rmdir+0x313/0x460 [ 75.461647][ T1511] incfs_kill_sb+0x105/0x220 [ 75.471836][ T1511] deactivate_locked_super+0xa0/0x100 [ 75.486551][ T1511] deactivate_super+0xaf/0xe0 [ 75.497885][ T1511] cleanup_mnt+0x45b/0x510 [ 75.509030][ T1511] __cleanup_mnt+0x19/0x20 [ 75.531148][ T1511] task_work_run+0x127/0x190 [ 75.540193][ T1511] do_exit+0xa9e/0x27e0 [ 75.545003][ T1511] ? slab_free_freelist_hook+0xc2/0x190 [ 75.550926][ T1511] ? kmem_cache_free+0x100/0x320 [ 75.556906][ T1511] ? put_task_struct+0x90/0x90 [ 75.562155][ T1511] ? futex_exit_release+0x1d0/0x1d0 [ 75.567470][ T1511] ? __kasan_check_write+0x14/0x20 [ 75.572955][ T1511] ? _raw_spin_lock_irq+0x95/0xf0 [ 75.578079][ T1511] do_group_exit+0x141/0x310 [ 75.583032][ T1511] ? __kasan_check_write+0x14/0x20 [ 75.588239][ T1511] get_signal+0x66a/0x1480 [ 75.592953][ T1511] arch_do_signal_or_restart+0xdf/0x11c0 [ 75.598713][ T1511] ? putname+0x111/0x160 [ 75.603480][ T1511] ? kmem_cache_free+0x100/0x320 [ 75.641922][ T1511] ? putname+0x111/0x160 [ 75.646290][ T1511] ? get_sigframe_size+0x10/0x10 [ 75.651314][ T1511] ? __se_sys_futex+0x135/0x330 [ 75.661943][ T1511] ? __x64_sys_recvmmsg+0x195/0x250 [ 75.667202][ T1511] exit_to_user_mode_loop+0xa7/0xe0 [ 75.681709][ T1511] exit_to_user_mode_prepare+0x87/0xd0 [ 75.687238][ T1511] syscall_exit_to_user_mode+0x1a/0x30 [ 75.780430][ T1511] do_syscall_64+0x58/0xa0 [ 76.194267][ T1511] ? clear_bhb_loop+0x50/0xa0 [ 76.199002][ T1511] ? clear_bhb_loop+0x50/0xa0 [ 76.213250][ T1526] fuse: Unknown parameter 'fd00000000000000000003' [ 76.225917][ T1511] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.232360][ T1511] RIP: 0033:0x7f33c48cedd9 [ 76.236835][ T1511] Code: Unable to access opcode bytes at RIP 0x7f33c48cedaf. [ 76.244326][ T1511] RSP: 002b:00007f33c33290e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 76.252840][ T1511] RAX: fffffffffffffe00 RBX: 00007f33c4b47fa8 RCX: 00007f33c48cedd9 [ 76.260933][ T1511] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f33c4b47fa8 [ 76.270670][ T1511] RBP: 00007f33c4b47fa0 R08: 0000000000000000 R09: 0000000000000000 [ 76.278850][ T6] hub 5-1:0.0: activate --> -90 [ 76.289661][ T1528] loop2: detected capacity change from 0 to 256 [ 76.301268][ T1511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.314006][ T1511] R13: 00007f33c4b48038 R14: 00007fff0bbb1df0 R15: 00007fff0bbb1ed8 [ 76.322661][ T1511] [ 76.326671][ T1511] ---[ end trace 46756aad84db7e60 ]--- [ 76.332684][ T1511] ------------[ cut here ]------------ [ 76.338207][ T1511] WARNING: CPU: 0 PID: 1511 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 76.348001][ T1511] Modules linked in: [ 76.352089][ T1511] CPU: 0 PID: 1511 Comm: syz.1.424 Tainted: G W syzkaller #0 [ 76.360765][ T1511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 76.370926][ T1511] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 76.376393][ T1528] FAT-fs (loop2): Unrecognized mount option "iocharset#cÞºyókƒ:Âzp860" or missing value [ 76.414316][ T1511] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 76.435721][ T1511] RSP: 0018:ffffc90000c576c0 EFLAGS: 00010293 [ 76.442029][ T1511] RAX: ffffffff820173d9 RBX: 1ffff11021a2b338 RCX: ffff8881071acf00 [ 76.451897][ T1511] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.459918][ T1511] RBP: ffffc90000c576f0 R08: ffff8881293fab0f R09: 1ffff1102527f561 [ 76.469316][ T1511] R10: dffffc0000000000 R11: ffffed102527f562 R12: ffff88810d159990 [ 76.477561][ T1511] R13: 0000000000000000 R14: ffff8881293faa68 R15: ffff88810d1599c0 [ 76.486141][ T1511] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 76.495154][ T1511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.525119][ T1535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.429'. [ 76.542653][ T1535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.429'. [ 76.624008][ T1511] CR2: 000000110c266156 CR3: 000000011b3b4000 CR4: 00000000003506a0 [ 76.682846][ T26] usb 5-1: USB disconnect, device number 7 [ 76.770248][ T1511] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.849723][ T1511] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.926008][ T1511] Call Trace: [ 76.958303][ T1511] [ 76.988277][ T1511] ovl_do_remove+0x5f6/0x9a0 [ 77.033140][ T1511] ? ovl_getattr+0xf80/0xf80 [ 77.073391][ T1511] ? ovl_set_redirect+0x670/0x670 [ 77.118096][ T1511] ? selinux_inode_rmdir+0x22/0x30 [ 77.357547][ T1511] ovl_rmdir+0x1a/0x20 [ 77.365949][ T1511] vfs_rmdir+0x313/0x460 [ 77.371794][ T1511] incfs_kill_sb+0x198/0x220 [ 77.376526][ T1511] deactivate_locked_super+0xa0/0x100 [ 77.382112][ T1511] deactivate_super+0xaf/0xe0 [ 77.387032][ T1511] cleanup_mnt+0x45b/0x510 [ 77.391586][ T1511] __cleanup_mnt+0x19/0x20 [ 77.426544][ T1511] task_work_run+0x127/0x190 [ 77.431268][ T1511] do_exit+0xa9e/0x27e0 [ 77.433621][ T1540] loop4: detected capacity change from 0 to 512 [ 77.437391][ T1511] ? slab_free_freelist_hook+0xc2/0x190 [ 77.447457][ T1511] ? kmem_cache_free+0x100/0x320 [ 77.453044][ T1511] ? put_task_struct+0x90/0x90 [ 77.457826][ T1511] ? futex_exit_release+0x1d0/0x1d0 [ 77.464338][ T1511] ? __kasan_check_write+0x14/0x20 [ 77.469511][ T1511] ? _raw_spin_lock_irq+0x95/0xf0 [ 77.475009][ T1511] do_group_exit+0x141/0x310 [ 77.479873][ T1511] ? __kasan_check_write+0x14/0x20 [ 77.481059][ T1543] loop2: detected capacity change from 0 to 256 [ 77.485751][ T1511] get_signal+0x66a/0x1480 [ 77.495994][ T1511] arch_do_signal_or_restart+0xdf/0x11c0 [ 77.503019][ T1511] ? putname+0x111/0x160 [ 77.508411][ T1511] ? kmem_cache_free+0x100/0x320 [ 77.509051][ T1540] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.431: missing EA_INODE flag [ 77.513601][ T1511] ? putname+0x111/0x160 [ 77.529535][ T1511] ? get_sigframe_size+0x10/0x10 [ 77.535063][ T1543] FAT-fs (loop2): Directory bread(block 64) failed [ 77.538077][ T1511] ? __se_sys_futex+0x135/0x330 [ 77.546509][ T1511] ? __x64_sys_recvmmsg+0x195/0x250 [ 77.549860][ T1543] FAT-fs (loop2): Directory bread(block 65) failed [ 77.551776][ T1511] exit_to_user_mode_loop+0xa7/0xe0 [ 77.551800][ T1511] exit_to_user_mode_prepare+0x87/0xd0 [ 77.551815][ T1511] syscall_exit_to_user_mode+0x1a/0x30 [ 77.551832][ T1511] do_syscall_64+0x58/0xa0 [ 77.551848][ T1511] ? clear_bhb_loop+0x50/0xa0 [ 77.566956][ T1543] FAT-fs (loop2): Directory bread(block 66) failed [ 77.569008][ T1511] ? clear_bhb_loop+0x50/0xa0 [ 77.579963][ T1540] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.431: error while reading EA inode 12 err=-117 [ 77.583999][ T1511] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 77.593396][ T1543] FAT-fs (loop2): Directory bread(block 67) failed [ 77.595154][ T1511] RIP: 0033:0x7f33c48cedd9 [ 77.616337][ T1540] EXT4-fs (loop4): 1 orphan inode deleted [ 77.620238][ T1511] Code: Unable to access opcode bytes at RIP 0x7f33c48cedaf. [ 77.620252][ T1511] RSP: 002b:00007f33c33290e8 EFLAGS: 00000246 [ 77.631716][ T1543] FAT-fs (loop2): Directory bread(block 68) failed [ 77.638136][ T1511] ORIG_RAX: 00000000000000ca [ 77.650830][ T1540] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 77.655379][ T1511] RAX: fffffffffffffe00 RBX: 00007f33c4b47fa8 RCX: 00007f33c48cedd9 [ 77.676420][ T1511] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f33c4b47fa8 [ 77.678685][ T1543] FAT-fs (loop2): Directory bread(block 69) failed [ 77.684579][ T1511] RBP: 00007f33c4b47fa0 R08: 0000000000000000 R09: 0000000000000000 [ 77.699153][ T1511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.711018][ T1511] R13: 00007f33c4b48038 R14: 00007fff0bbb1df0 R15: 00007fff0bbb1ed8 [ 77.711099][ T1543] FAT-fs (loop2): Directory bread(block 70) failed [ 77.719300][ T1511] [ 77.729174][ T1511] ---[ end trace 46756aad84db7e61 ]--- [ 77.735536][ T1543] FAT-fs (loop2): Directory bread(block 71) failed [ 77.742543][ T1543] FAT-fs (loop2): Directory bread(block 72) failed [ 77.749064][ T1543] FAT-fs (loop2): Directory bread(block 73) failed [ 78.137635][ T1552] loop2: detected capacity change from 0 to 2048 [ 78.151887][ T1558] incfs: ino conflict with backing FS 1 [ 78.189933][ T1552] EXT4-fs (loop2): Journaled quota options ignored when QUOTA feature is enabled [ 78.203727][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 78.212261][ T1561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.434'. [ 78.837289][ T30] audit: type=1400 audit(1777512116.961:266): avc: denied { watch } for pid=1557 comm="syz.0.438" path="/" dev="rootfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 78.999136][ T1558] overlayfs: upper fs does not support tmpfile. [ 79.006707][ T1552] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 79.022302][ T30] audit: type=1400 audit(1777512116.961:267): avc: denied { mounton } for pid=1557 comm="syz.0.438" path="/bus" dev="rootfs" ino=19589 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 79.033806][ T1552] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.044747][ T30] audit: type=1400 audit(1777512117.691:268): avc: denied { write } for pid=1557 comm="syz.0.438" name="/" dev="incremental-fs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 79.074488][ T1552] fs-verity (loop2, inode 13): Unknown hash algorithm number: 3 [ 79.089980][ T30] audit: type=1400 audit(1777512117.691:269): avc: denied { add_name } for pid=1557 comm="syz.0.438" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 79.175213][ T30] audit: type=1400 audit(1777512117.691:270): avc: denied { associate } for pid=1557 comm="syz.0.438" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 79.301872][ T30] audit: type=1400 audit(1777512117.701:271): avc: denied { mounton } for pid=1557 comm="syz.0.438" path="/bus/bus" dev="incremental-fs" ino=19589 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 79.326143][ T30] audit: type=1400 audit(1777512117.811:272): avc: denied { getattr } for pid=1557 comm="syz.0.438" name="/" dev="incremental-fs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 79.349216][ T30] audit: type=1400 audit(1777512117.811:273): avc: denied { setattr } for pid=1557 comm="syz.0.438" name="work" dev="incremental-fs" ino=20720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 79.351634][ T305] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 79.372328][ T30] audit: type=1400 audit(1777512117.871:274): avc: denied { ioctl } for pid=1551 comm="syz.2.435" path="/52/file0/file0/file0" dev="loop2" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 79.460859][ T1580] loop2: detected capacity change from 0 to 512 [ 79.483270][ T1580] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.444: missing EA_INODE flag [ 79.495409][ T1580] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.444: error while reading EA inode 12 err=-117 [ 79.508020][ T1580] EXT4-fs (loop2): 1 orphan inode deleted [ 79.513875][ T1580] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 81.034703][ T305] usb 2-1: Using ep0 maxpacket: 32 [ 81.694846][ T1595] loop2: detected capacity change from 0 to 256 [ 81.704711][ T1598] device veth0 entered promiscuous mode [ 81.710895][ T1598] netlink: 4 bytes leftover after parsing attributes in process `syz.4.448'. [ 81.721912][ T1595] exfat: Deprecated parameter 'utf8' [ 81.727258][ T1595] exfat: Deprecated parameter 'namecase' [ 81.733449][ T1595] exfat: Deprecated parameter 'namecase' [ 81.739201][ T1595] exfat: Deprecated parameter 'utf8' [ 81.791876][ T305] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 82.088033][ T305] usb 2-1: config 0 has no interface number 0 [ 82.094387][ T305] usb 2-1: config 0 interface 184 has no altsetting 0 [ 82.104589][ T1595] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 82.246645][ T1612] netlink: 4 bytes leftover after parsing attributes in process `syz.3.450'. [ 82.816568][ T305] usb 2-1: string descriptor 0 read error: -71 [ 82.823438][ T305] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 82.833085][ T305] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.333106][ T305] usb 2-1: config 0 descriptor?? [ 83.351712][ T305] usb 2-1: can't set config #0, error -71 [ 83.379991][ T1615] loop2: detected capacity change from 0 to 512 [ 83.400612][ T305] usb 2-1: USB disconnect, device number 7 [ 83.464516][ T1615] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.454: missing EA_INODE flag [ 83.486807][ T1615] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.454: error while reading EA inode 12 err=-117 [ 83.519750][ T1615] EXT4-fs (loop2): 1 orphan inode deleted [ 83.530395][ T1615] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 84.616123][ T1629] loop2: detected capacity change from 0 to 512 [ 84.625333][ T1631] incfs: ino conflict with backing FS 1 [ 84.665750][ T1631] overlayfs: upper fs does not support tmpfile. [ 84.701667][ T30] audit: type=1400 audit(1777512123.481:275): avc: denied { remove_name } for pid=1630 comm="syz.0.458" name="work" dev="incremental-fs" ino=20720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 84.735359][ T1629] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.457: missing EA_INODE flag [ 84.763728][ T1629] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.457: error while reading EA inode 12 err=-117 [ 84.796863][ T30] audit: type=1400 audit(1777512123.481:276): avc: denied { rmdir } for pid=1630 comm="syz.0.458" name="work" dev="incremental-fs" ino=20720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 84.832159][ T1629] EXT4-fs (loop2): 1 orphan inode deleted [ 84.837922][ T1629] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 84.951900][ T6] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 85.541415][ T1649] loop1: detected capacity change from 0 to 256 [ 85.582234][ T1649] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 85.600734][ T1649] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 85.731453][ T1655] netlink: 4 bytes leftover after parsing attributes in process `syz.0.465'. [ 85.744160][ T1655] netlink: 12 bytes leftover after parsing attributes in process `syz.0.465'. [ 85.875756][ T26] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 86.201830][ T26] usb 3-1: Using ep0 maxpacket: 32 [ 86.268524][ T1659] loop4: detected capacity change from 0 to 512 [ 86.331784][ T26] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 86.385257][ T26] usb 3-1: config 0 has no interface number 0 [ 86.399526][ T1659] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.467: missing EA_INODE flag [ 86.481680][ T26] usb 3-1: config 0 interface 184 has no altsetting 0 [ 86.502874][ T1659] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.467: error while reading EA inode 12 err=-117 [ 86.523159][ T1659] EXT4-fs (loop4): 1 orphan inode deleted [ 86.529098][ T1659] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 86.539973][ T1662] incfs: ino conflict with backing FS 1 [ 86.549676][ T1662] overlayfs: upper fs does not support tmpfile. [ 86.579625][ T1664] loop1: detected capacity change from 0 to 2048 [ 87.271691][ T26] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 87.305651][ T1664] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 87.320804][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.346365][ T26] usb 3-1: Product: syz [ 87.350830][ T26] usb 3-1: Manufacturer: syz [ 87.355698][ T26] usb 3-1: SerialNumber: syz [ 87.367109][ T26] usb 3-1: config 0 descriptor?? [ 87.582289][ T26] smsc75xx v1.0.0 [ 88.168659][ T1683] device syzkaller0 entered promiscuous mode [ 88.177148][ T1683] tipc: Started in network mode [ 88.182396][ T1683] tipc: Node identity 7ec694d827b5, cluster identity 4711 [ 88.189675][ T1683] tipc: Enabled bearer , priority 0 [ 88.197122][ T1682] tipc: Resetting bearer [ 88.206273][ T1682] tipc: Disabling bearer [ 88.266379][ T1687] loop4: detected capacity change from 0 to 2048 [ 88.483777][ T26] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 88.540252][ T26] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 88.626903][ T1687] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 88.711723][ T26] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32 [ 88.723097][ T26] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32 [ 88.733077][ T26] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 88.739322][ T1687] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 88.748706][ T26] smsc75xx: probe of 3-1:0.184 failed with error -32 [ 88.758081][ T1687] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 88.776720][ T1687] EXT4-fs (loop4): This should not happen!! Data will be lost [ 88.776720][ T1687] [ 88.786679][ T1687] EXT4-fs (loop4): Total free blocks count 0 [ 88.792826][ T1687] EXT4-fs (loop4): Free/Dirty block details [ 88.798866][ T1687] EXT4-fs (loop4): free_blocks=2415919504 [ 88.805075][ T1687] EXT4-fs (loop4): dirty_blocks=16 [ 88.810327][ T1687] EXT4-fs (loop4): Block reservation details [ 88.816379][ T1687] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 88.830917][ T8] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 88.843517][ T8] EXT4-fs (loop4): This should not happen!! Data will be lost [ 88.843517][ T8] [ 89.279112][ T1712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.480'. [ 89.295530][ T1712] netlink: 12 bytes leftover after parsing attributes in process `syz.1.480'. [ 90.735683][ T6] usb 3-1: USB disconnect, device number 7 [ 91.519826][ T1724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.483'. [ 91.795092][ T1728] tipc: Enabling of bearer rejected, failed to enable media [ 91.799762][ T1730] loop4: detected capacity change from 0 to 512 [ 91.866432][ T1732] loop1: detected capacity change from 0 to 4096 [ 91.917611][ T1730] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.484: missing EA_INODE flag [ 91.954438][ T1732] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 91.966844][ T1730] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.484: error while reading EA inode 12 err=-117 [ 92.010571][ T1730] EXT4-fs (loop4): 1 orphan inode deleted [ 92.016579][ T1730] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 94.026479][ T1755] loop1: detected capacity change from 0 to 512 [ 94.367586][ T1755] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.493: missing EA_INODE flag [ 94.379809][ T1755] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.493: error while reading EA inode 12 err=-117 [ 94.400213][ T1767] loop2: detected capacity change from 0 to 256 [ 94.401795][ T1755] EXT4-fs (loop1): 1 orphan inode deleted [ 94.408842][ T1767] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 94.424874][ T1755] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 94.425181][ T1767] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 94.665331][ T1773] device syzkaller0 entered promiscuous mode [ 94.694354][ T1773] tipc: Enabled bearer , priority 0 [ 94.704261][ T1772] tipc: Resetting bearer [ 94.720672][ T1772] tipc: Disabling bearer [ 96.016652][ T1792] loop2: detected capacity change from 0 to 512 [ 96.055801][ T1792] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.504: missing EA_INODE flag [ 96.067898][ T1792] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.504: error while reading EA inode 12 err=-117 [ 96.080834][ T1792] EXT4-fs (loop2): 1 orphan inode deleted [ 96.086679][ T1792] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 96.731386][ T1808] tipc: Enabling of bearer rejected, failed to enable media [ 96.747905][ T1810] loop4: detected capacity change from 0 to 512 [ 96.842573][ T1810] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.510: missing EA_INODE flag [ 96.865935][ T1810] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.510: error while reading EA inode 12 err=-117 [ 96.878672][ T1810] EXT4-fs (loop4): 1 orphan inode deleted [ 96.945117][ T1810] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 97.723270][ T1825] loop2: detected capacity change from 0 to 512 [ 98.749370][ T1846] loop1: detected capacity change from 0 to 512 [ 98.764443][ T1825] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.513: missing EA_INODE flag [ 98.764652][ T1850] tipc: Enabling of bearer rejected, failed to enable media [ 98.776855][ T1825] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.513: error while reading EA inode 12 err=-117 [ 98.802421][ T1825] EXT4-fs (loop2): 1 orphan inode deleted [ 98.808931][ T1825] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 98.829128][ T1846] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.520: missing EA_INODE flag [ 98.841757][ T1846] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.520: error while reading EA inode 12 err=-117 [ 98.854778][ T1846] EXT4-fs (loop1): 1 orphan inode deleted [ 98.860730][ T1846] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 99.489547][ T1866] loop2: detected capacity change from 0 to 512 [ 99.525707][ T1866] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.526: missing EA_INODE flag [ 99.537584][ T1866] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.526: error while reading EA inode 12 err=-117 [ 99.552702][ T1866] EXT4-fs (loop2): 1 orphan inode deleted [ 99.558552][ T1866] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 99.646552][ T1869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.527'. [ 99.656041][ T1869] netlink: 12 bytes leftover after parsing attributes in process `syz.0.527'. [ 101.772186][ T1892] device syzkaller0 entered promiscuous mode [ 101.785189][ T1892] tipc: Started in network mode [ 101.790161][ T1892] tipc: Node identity fe1963b63ec, cluster identity 4711 [ 101.797343][ T1892] tipc: Enabled bearer , priority 0 [ 101.804746][ T1890] tipc: Resetting bearer [ 101.813058][ T1890] tipc: Disabling bearer [ 101.887832][ T1899] loop1: detected capacity change from 0 to 512 [ 101.922668][ T1899] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.536: missing EA_INODE flag [ 101.942484][ T1899] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.536: error while reading EA inode 12 err=-117 [ 101.968905][ T1899] EXT4-fs (loop1): 1 orphan inode deleted [ 101.976862][ T1899] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 103.678518][ T1930] device syzkaller0 entered promiscuous mode [ 103.697690][ T1930] tipc: Started in network mode [ 104.253028][ T1930] tipc: Node identity 4e0c242d17a, cluster identity 4711 [ 104.261363][ T1930] tipc: Enabled bearer , priority 0 [ 104.269223][ T1936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.548'. [ 104.285186][ T1929] tipc: Resetting bearer [ 104.350239][ T1931] loop1: detected capacity change from 0 to 4096 [ 104.371354][ T1929] tipc: Disabling bearer [ 104.479941][ T1931] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 104.483036][ T1938] loop4: detected capacity change from 0 to 2048 [ 104.512987][ T1938] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled [ 104.562574][ T1946] incfs: ino conflict with backing FS 1 [ 104.570634][ T1946] overlayfs: upper fs does not support tmpfile. [ 104.589910][ T1938] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 104.595047][ T1950] loop2: detected capacity change from 0 to 512 [ 104.604581][ T1938] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.996377][ T1950] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.552: missing EA_INODE flag [ 105.094546][ T1938] fs-verity (loop4, inode 13): Unknown hash algorithm number: 3 [ 105.105000][ T1950] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.552: error while reading EA inode 12 err=-117 [ 105.127877][ T1950] EXT4-fs (loop2): 1 orphan inode deleted [ 105.133838][ T1950] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 105.787960][ T1964] loop4: detected capacity change from 0 to 2048 [ 105.813433][ T1967] loop1: detected capacity change from 0 to 512 [ 105.815840][ T1964] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 105.911334][ T1967] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.554: missing EA_INODE flag [ 105.930112][ T1967] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.554: error while reading EA inode 12 err=-117 [ 105.982616][ T1967] EXT4-fs (loop1): 1 orphan inode deleted [ 106.019243][ T1978] netlink: 8 bytes leftover after parsing attributes in process `syz.3.559'. [ 106.049046][ T1967] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 106.453848][ T1982] netlink: 8 bytes leftover after parsing attributes in process `syz.4.561'. [ 107.637417][ T1994] loop4: detected capacity change from 0 to 512 [ 107.711108][ T1994] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.563: missing EA_INODE flag [ 107.722912][ T1994] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.563: error while reading EA inode 12 err=-117 [ 107.741871][ T1994] EXT4-fs (loop4): 1 orphan inode deleted [ 107.747635][ T1994] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 107.761283][ T2001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.564'. [ 107.941078][ T2006] loop1: detected capacity change from 0 to 512 [ 108.198832][ T2006] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.567: missing EA_INODE flag [ 108.210586][ T2006] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.567: error while reading EA inode 12 err=-117 [ 108.223269][ T2006] EXT4-fs (loop1): 1 orphan inode deleted [ 108.229005][ T2006] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 108.231636][ T290] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 108.622339][ T290] usb 3-1: Using ep0 maxpacket: 32 [ 108.648318][ T2018] tipc: Enabling of bearer rejected, failed to enable media [ 108.681304][ T2020] loop4: detected capacity change from 0 to 2048 [ 108.703852][ T2020] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 108.878662][ T2027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.573'. [ 108.891413][ T290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.975350][ T290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.046360][ T290] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 109.074719][ T290] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.077283][ T2029] loop4: detected capacity change from 0 to 4096 [ 109.090430][ T290] usb 3-1: config 0 descriptor?? [ 109.130406][ T2029] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 109.165610][ T290] hub 3-1:0.0: USB hub found [ 109.870956][ T290] hub 3-1:0.0: 1 port detected [ 110.049904][ T2044] device veth0 entered promiscuous mode [ 110.056089][ T2044] netlink: 4 bytes leftover after parsing attributes in process `syz.0.577'. [ 110.621671][ T290] hub 3-1:0.0: activate --> -90 [ 110.895540][ T2062] tipc: Enabling of bearer rejected, failed to enable media [ 111.099249][ T39] usb 3-1: USB disconnect, device number 8 [ 111.111706][ T2069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.586'. [ 111.128585][ T2069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.586'. [ 112.142661][ T2073] netlink: 4 bytes leftover after parsing attributes in process `syz.1.587'. [ 112.152752][ T2073] netlink: 12 bytes leftover after parsing attributes in process `syz.1.587'. [ 112.456991][ T2078] loop4: detected capacity change from 0 to 4096 [ 112.673583][ T2085] netlink: 4 bytes leftover after parsing attributes in process `syz.2.590'. [ 112.690098][ T2085] netlink: 12 bytes leftover after parsing attributes in process `syz.2.590'. [ 112.989992][ T2078] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 114.363241][ T2106] tipc: Enabling of bearer rejected, failed to enable media [ 114.365450][ T2108] loop2: detected capacity change from 0 to 512 [ 114.470137][ T2108] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.597: missing EA_INODE flag [ 114.589628][ T2108] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.597: error while reading EA inode 12 err=-117 [ 114.602520][ T2108] EXT4-fs (loop2): 1 orphan inode deleted [ 114.608334][ T2108] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 114.677229][ T2123] netlink: 4 bytes leftover after parsing attributes in process `syz.1.599'. [ 114.690055][ T2123] netlink: 12 bytes leftover after parsing attributes in process `syz.1.599'. [ 114.932107][ T2126] incfs: ino conflict with backing FS 1 [ 115.007708][ T2126] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 115.017911][ T2126] overlayfs: conflicting lowerdir path [ 115.441253][ T2132] tipc: Enabling of bearer rejected, failed to enable media [ 115.453544][ T2131] loop4: detected capacity change from 0 to 512 [ 115.782003][ T2136] loop1: detected capacity change from 0 to 2048 [ 115.794241][ T2131] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.607: missing EA_INODE flag [ 115.797775][ T2141] tipc: Enabling of bearer rejected, failed to enable media [ 115.813784][ T2139] loop2: detected capacity change from 0 to 2048 [ 115.821299][ T2131] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.607: error while reading EA inode 12 err=-117 [ 115.834064][ T2131] EXT4-fs (loop4): 1 orphan inode deleted [ 115.840062][ T2131] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 115.887187][ T2136] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 115.910912][ T2139] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 115.978635][ T2139] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 116.152485][ T2139] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 116.183733][ T2139] EXT4-fs (loop2): This should not happen!! Data will be lost [ 116.183733][ T2139] [ 116.223512][ T2139] EXT4-fs (loop2): Total free blocks count 0 [ 116.256200][ T2139] EXT4-fs (loop2): Free/Dirty block details [ 116.321774][ T2139] EXT4-fs (loop2): free_blocks=2415919504 [ 116.327856][ T2139] EXT4-fs (loop2): dirty_blocks=16 [ 116.333489][ T2139] EXT4-fs (loop2): Block reservation details [ 116.339765][ T2139] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 116.350686][ T303] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 116.363143][ T303] EXT4-fs (loop2): This should not happen!! Data will be lost [ 116.363143][ T303] [ 116.394075][ T2161] loop4: detected capacity change from 0 to 2048 [ 116.694472][ T2161] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 116.716650][ T2161] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 116.731668][ T2161] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 116.744970][ T2168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.619'. [ 116.749947][ T2161] EXT4-fs (loop4): This should not happen!! Data will be lost [ 116.749947][ T2161] [ 116.757810][ T2172] loop2: detected capacity change from 0 to 512 [ 116.764134][ T2161] EXT4-fs (loop4): Total free blocks count 0 [ 116.776197][ T2168] netlink: 12 bytes leftover after parsing attributes in process `syz.1.619'. [ 116.776521][ T2161] EXT4-fs (loop4): Free/Dirty block details [ 116.791138][ T2161] EXT4-fs (loop4): free_blocks=2415919504 [ 116.797043][ T2161] EXT4-fs (loop4): dirty_blocks=16 [ 116.802259][ T2161] EXT4-fs (loop4): Block reservation details [ 116.808317][ T2161] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 116.822723][ T2172] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.618: missing EA_INODE flag [ 116.834634][ T2172] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.618: error while reading EA inode 12 err=-117 [ 116.847223][ T2172] EXT4-fs (loop2): 1 orphan inode deleted [ 116.853464][ T319] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 116.853724][ T2172] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 116.866068][ T319] EXT4-fs (loop4): This should not happen!! Data will be lost [ 116.866068][ T319] [ 116.945769][ T2175] loop4: detected capacity change from 0 to 4096 [ 116.996216][ T2178] tipc: Enabling of bearer rejected, failed to enable media [ 117.022039][ T2175] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 117.046251][ T2175] EXT4-fs (loop4): Test dummy encryption mode enabled [ 117.071839][ T2175] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 117.080377][ T2175] System zones: 0-5 [ 117.086644][ T2175] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 117.249475][ T2187] loop4: detected capacity change from 0 to 2048 [ 117.305851][ T2187] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 117.581421][ T2187] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 117.633693][ T2187] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 117.646323][ T2187] EXT4-fs (loop4): This should not happen!! Data will be lost [ 117.646323][ T2187] [ 117.658973][ T2187] EXT4-fs (loop4): Total free blocks count 0 [ 117.666352][ T2187] EXT4-fs (loop4): Free/Dirty block details [ 117.673162][ T2187] EXT4-fs (loop4): free_blocks=2415919504 [ 117.679519][ T2187] EXT4-fs (loop4): dirty_blocks=16 [ 117.977277][ T2187] EXT4-fs (loop4): Block reservation details [ 117.988756][ T2187] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 118.027557][ T2201] loop1: detected capacity change from 0 to 2048 [ 118.040428][ T319] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 118.053313][ T319] EXT4-fs (loop4): This should not happen!! Data will be lost [ 118.053313][ T319] [ 118.072941][ T2201] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 118.092530][ T2201] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 118.125197][ T2201] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 118.157741][ T2209] device syzkaller0 entered promiscuous mode [ 118.160330][ T2201] EXT4-fs (loop1): This should not happen!! Data will be lost [ 118.160330][ T2201] [ 118.173484][ T2214] tipc: Enabling of bearer rejected, failed to enable media [ 118.173733][ T2201] EXT4-fs (loop1): Total free blocks count 0 [ 118.185613][ T2209] tipc: Enabled bearer , priority 0 [ 118.188602][ T2201] EXT4-fs (loop1): Free/Dirty block details [ 118.203098][ T2201] EXT4-fs (loop1): free_blocks=2415919504 [ 118.212314][ T2201] EXT4-fs (loop1): dirty_blocks=16 [ 118.217480][ T2201] EXT4-fs (loop1): Block reservation details [ 118.217557][ T2208] tipc: Resetting bearer [ 118.223509][ T2201] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 118.243587][ T2208] tipc: Disabling bearer [ 118.268419][ T1885] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 118.281961][ T1885] EXT4-fs (loop1): This should not happen!! Data will be lost [ 118.281961][ T1885] [ 118.429828][ T2225] netlink: 8 bytes leftover after parsing attributes in process `syz.4.638'. [ 119.580857][ T2227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.637'. [ 119.682683][ T2248] device syzkaller0 entered promiscuous mode [ 119.697225][ T2250] loop4: detected capacity change from 0 to 512 [ 119.744278][ T2248] tipc: Enabled bearer , priority 0 [ 119.762866][ T2247] tipc: Resetting bearer [ 119.769874][ T2247] tipc: Disabling bearer [ 120.687898][ T2250] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.645: missing EA_INODE flag [ 120.689878][ T2257] loop1: detected capacity change from 0 to 4096 [ 120.719021][ T2250] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.645: error while reading EA inode 12 err=-117 [ 120.741747][ T2264] incfs: ino conflict with backing FS 1 [ 120.750403][ T2262] loop2: detected capacity change from 0 to 2048 [ 121.644130][ T2257] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 121.654016][ T2250] EXT4-fs (loop4): 1 orphan inode deleted [ 121.670641][ T2257] EXT4-fs (loop1): Test dummy encryption mode enabled [ 121.673747][ T2250] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 121.758337][ T2262] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 121.777295][ T2262] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 121.787565][ T2257] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 121.792236][ T2262] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 121.801003][ T2257] System zones: [ 121.815167][ T2262] EXT4-fs (loop2): This should not happen!! Data will be lost [ 121.815167][ T2262] [ 121.816061][ T2257] 0-5 [ 121.832297][ T2257] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 122.382353][ T2262] EXT4-fs (loop2): Total free blocks count 0 [ 122.440161][ T2262] EXT4-fs (loop2): Free/Dirty block details [ 122.483934][ T2262] EXT4-fs (loop2): free_blocks=2415919504 [ 122.489780][ T2262] EXT4-fs (loop2): dirty_blocks=16 [ 122.528362][ T2262] EXT4-fs (loop2): Block reservation details [ 122.535992][ T2262] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 122.555497][ T2295] device syzkaller0 entered promiscuous mode [ 122.564208][ T2295] tipc: Enabled bearer , priority 0 [ 122.571063][ T1885] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 122.582055][ T2297] incfs: ino conflict with backing FS 1 [ 122.583622][ T1885] EXT4-fs (loop2): This should not happen!! Data will be lost [ 122.583622][ T1885] [ 122.588943][ T2294] tipc: Resetting bearer [ 122.605913][ T2294] tipc: Disabling bearer [ 122.731666][ T30] audit: type=1400 audit(1777512161.531:277): avc: denied { getopt } for pid=2307 comm="syz.4.665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 123.231885][ T2323] loop2: detected capacity change from 0 to 512 [ 123.266955][ T2323] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.668: missing EA_INODE flag [ 123.279675][ T2323] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.668: error while reading EA inode 12 err=-117 [ 123.294497][ T2323] EXT4-fs (loop2): 1 orphan inode deleted [ 123.300338][ T2323] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 123.870157][ T2339] incfs: ino conflict with backing FS 1 [ 123.898622][ T2345] loop4: detected capacity change from 0 to 4096 [ 123.937749][ T2343] tipc: Enabling of bearer rejected, failed to enable media [ 123.959692][ T2345] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 124.215848][ T2355] netlink: 8 bytes leftover after parsing attributes in process `syz.3.678'. [ 126.231450][ T2382] incfs: ino conflict with backing FS 1 [ 126.246876][ T2384] tipc: Enabling of bearer rejected, failed to enable media [ 126.789050][ T2393] loop4: detected capacity change from 0 to 2048 [ 127.036603][ T2393] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 127.039652][ T2405] incfs: ino conflict with backing FS 1 [ 127.062849][ T2393] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 127.086792][ T2393] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 127.101825][ T2393] EXT4-fs (loop4): This should not happen!! Data will be lost [ 127.101825][ T2393] [ 127.111542][ T2393] EXT4-fs (loop4): Total free blocks count 0 [ 127.117698][ T2393] EXT4-fs (loop4): Free/Dirty block details [ 127.123660][ T2393] EXT4-fs (loop4): free_blocks=2415919504 [ 127.129478][ T2393] EXT4-fs (loop4): dirty_blocks=16 [ 127.134752][ T2393] EXT4-fs (loop4): Block reservation details [ 127.141664][ T2393] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 127.206820][ T2405] overlayfs: upper fs does not support tmpfile. [ 127.219833][ T1885] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 127.232523][ T1885] EXT4-fs (loop4): This should not happen!! Data will be lost [ 127.232523][ T1885] [ 127.523349][ T2413] loop4: detected capacity change from 0 to 4096 [ 127.584979][ T2413] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 127.587899][ T2418] loop2: detected capacity change from 0 to 4096 [ 127.603731][ T2420] incfs: ino conflict with backing FS 1 [ 127.630925][ T2422] tipc: Enabling of bearer rejected, failed to enable media [ 127.683402][ T2418] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 127.708096][ T2418] EXT4-fs (loop2): Test dummy encryption mode enabled [ 128.542462][ T2418] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 128.569994][ T2428] loop1: detected capacity change from 0 to 4096 [ 128.577521][ T2418] System zones: 0-5 [ 128.714526][ T2418] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 128.842753][ T2428] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 130.143487][ T2460] incfs: ino conflict with backing FS 1 [ 130.355232][ T2470] tipc: Enabling of bearer rejected, failed to enable media [ 130.556678][ T2472] loop4: detected capacity change from 0 to 4096 [ 130.606973][ T2472] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 130.672958][ T2483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.715'. [ 130.691226][ T2483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.715'. [ 130.743519][ T2472] EXT4-fs (loop4): Test dummy encryption mode enabled [ 131.125602][ T2472] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 131.203183][ T2472] System zones: 0-5 [ 131.532286][ T2472] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 131.700149][ T2472] ------------[ cut here ]------------ [ 131.705721][ T2472] WARNING: CPU: 0 PID: 2472 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 131.715446][ T2472] Modules linked in: [ 131.719387][ T2472] CPU: 0 PID: 2472 Comm: syz.4.709 Tainted: G W syzkaller #0 [ 131.728194][ T2472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 131.738383][ T2472] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 132.091787][ T2472] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 132.156075][ T2472] RSP: 0018:ffffc90000d376c0 EFLAGS: 00010293 [ 132.162480][ T2472] RAX: ffffffff820173d9 RBX: 1ffff11021a7db9e RCX: ffff888116eb3b40 [ 132.192476][ T2472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.200635][ T2472] RBP: ffffc90000d376f0 R08: ffff88812f9afa6f R09: 1ffff11025f35f4d [ 132.208980][ T2472] R10: dffffc0000000000 R11: ffffed1025f35f4e R12: ffff88810d3edcc0 [ 132.217227][ T2472] R13: 0000000000000000 R14: ffff88812f9af9c8 R15: ffff88810d3edcf0 [ 132.232740][ T2472] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 132.251031][ T2472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.269403][ T2472] CR2: 00007f94e8c04000 CR3: 0000000127322000 CR4: 00000000003506b0 [ 132.277713][ T2472] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.279436][ T2502] incfs: ino conflict with backing FS 1 [ 132.286321][ T2472] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.367952][ T2472] Call Trace: [ 132.371560][ T2472] [ 132.374615][ T2472] ovl_do_remove+0x5f6/0x9a0 [ 132.380083][ T2472] ? ovl_getattr+0xf80/0xf80 [ 132.385336][ T2472] ? ovl_set_redirect+0x670/0x670 [ 132.390498][ T2472] ? selinux_inode_rmdir+0x22/0x30 [ 132.395711][ T2472] ovl_rmdir+0x1a/0x20 [ 132.399805][ T2472] vfs_rmdir+0x313/0x460 [ 132.404140][ T2472] incfs_kill_sb+0x105/0x220 [ 132.408781][ T2472] deactivate_locked_super+0xa0/0x100 [ 132.414310][ T2472] deactivate_super+0xaf/0xe0 [ 132.825725][ T2472] cleanup_mnt+0x45b/0x510 [ 132.873283][ T2472] __cleanup_mnt+0x19/0x20 [ 132.880291][ T2472] task_work_run+0x127/0x190 [ 132.901654][ T2472] do_exit+0xa9e/0x27e0 [ 132.905934][ T2472] ? slab_free_freelist_hook+0xc2/0x190 [ 132.916939][ T2472] ? kmem_cache_free+0x100/0x320 [ 132.927156][ T2472] ? put_task_struct+0x90/0x90 [ 132.951649][ T2472] ? futex_exit_release+0x1d0/0x1d0 [ 132.961820][ T2472] ? __kasan_check_write+0x14/0x20 [ 132.966964][ T2472] ? _raw_spin_lock_irq+0x95/0xf0 [ 132.981621][ T2472] do_group_exit+0x141/0x310 [ 132.987313][ T2472] ? __kasan_check_write+0x14/0x20 [ 133.010456][ T2472] get_signal+0x66a/0x1480 [ 133.034344][ T2472] arch_do_signal_or_restart+0xdf/0x11c0 [ 133.095742][ T2472] ? putname+0x111/0x160 [ 133.118368][ T2472] ? kmem_cache_free+0x100/0x320 [ 133.311637][ T2472] ? putname+0x111/0x160 [ 133.319133][ T2518] loop2: detected capacity change from 0 to 512 [ 133.331738][ T2472] ? get_sigframe_size+0x10/0x10 [ 133.336711][ T2472] ? __se_sys_futex+0x135/0x330 [ 133.371748][ T2472] ? __x64_sys_recvmmsg+0x195/0x250 [ 133.377105][ T2472] exit_to_user_mode_loop+0xa7/0xe0 [ 133.411533][ T2472] exit_to_user_mode_prepare+0x87/0xd0 [ 133.417216][ T2472] syscall_exit_to_user_mode+0x1a/0x30 [ 133.422833][ T2472] do_syscall_64+0x58/0xa0 [ 133.427774][ T2472] ? clear_bhb_loop+0x50/0xa0 [ 133.432725][ T2472] ? clear_bhb_loop+0x50/0xa0 [ 133.437590][ T2472] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 133.443624][ T2472] RIP: 0033:0x7fb270fd8dd9 [ 133.444845][ T2518] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.729: missing EA_INODE flag [ 133.448083][ T2472] Code: Unable to access opcode bytes at RIP 0x7fb270fd8daf. [ 133.471667][ T2518] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.729: error while reading EA inode 12 err=-117 [ 133.577266][ T2472] RSP: 002b:00007fb26fa330e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 133.613000][ T2518] EXT4-fs (loop2): 1 orphan inode deleted [ 133.642117][ T2518] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 133.701734][ T2472] RAX: fffffffffffffe00 RBX: 00007fb271251fa8 RCX: 00007fb270fd8dd9 [ 133.730147][ T2472] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb271251fa8 [ 133.742981][ T2472] RBP: 00007fb271251fa0 R08: 0000000000000000 R09: 0000000000000000 [ 133.771865][ T2472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.789178][ T2472] R13: 00007fb271252038 R14: 00007ffd6491c9c0 R15: 00007ffd6491caa8 [ 133.805664][ T2472] [ 133.808812][ T2472] ---[ end trace 46756aad84db7e62 ]--- [ 133.815754][ T2472] ------------[ cut here ]------------ [ 133.821323][ T2472] WARNING: CPU: 1 PID: 2472 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 133.830811][ T2472] Modules linked in: [ 133.834767][ T2472] CPU: 1 PID: 2472 Comm: syz.4.709 Tainted: G W syzkaller #0 [ 133.843535][ T2472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 133.853692][ T2472] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 133.859450][ T2472] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 133.887652][ T2472] RSP: 0018:ffffc90000d376c0 EFLAGS: 00010293 [ 133.899960][ T2472] RAX: ffffffff820173d9 RBX: 1ffff11021a7db9e RCX: ffff888116eb3b40 [ 133.922417][ T2472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.933381][ T2525] incfs: ino conflict with backing FS 1 [ 133.943177][ T2525] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 133.952580][ T2472] RBP: ffffc90000d376f0 R08: ffff88812f9afa6f R09: 1ffff11025f35f4d [ 133.960645][ T2472] R10: dffffc0000000000 R11: ffffed1025f35f4e R12: ffff88810d3edcc0 [ 133.974068][ T2525] overlayfs: conflicting lowerdir path [ 133.984797][ T2472] R13: 0000000000000000 R14: ffff88812f9af9c8 R15: ffff88810d3edcf0 [ 134.002882][ T2472] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 134.019252][ T2472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 134.036306][ T2472] CR2: 0000000000000000 CR3: 0000000126a06000 CR4: 00000000003526a0 [ 134.053890][ T2472] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 134.057944][ T2531] loop2: detected capacity change from 0 to 4096 [ 134.071304][ T2472] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 134.097939][ T2531] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 134.105060][ T2472] Call Trace: [ 134.116945][ T2472] [ 134.119082][ T2531] EXT4-fs (loop2): Test dummy encryption mode enabled [ 134.127140][ T2472] ovl_do_remove+0x5f6/0x9a0 [ 134.136739][ T2472] ? ovl_getattr+0xf80/0xf80 [ 134.137076][ T2531] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 134.145828][ T2472] ? ovl_set_redirect+0x670/0x670 [ 134.163080][ T2531] System zones: 0-5 [ 134.172035][ T2531] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 134.201629][ T2472] ? selinux_inode_rmdir+0x22/0x30 [ 134.206878][ T2472] ovl_rmdir+0x1a/0x20 [ 134.210962][ T2472] vfs_rmdir+0x313/0x460 [ 134.247294][ T2472] incfs_kill_sb+0x198/0x220 [ 134.258584][ T2472] deactivate_locked_super+0xa0/0x100 [ 134.275041][ T2538] incfs: ino conflict with backing FS 1 [ 134.282232][ T2472] deactivate_super+0xaf/0xe0 [ 134.286935][ T2472] cleanup_mnt+0x45b/0x510 [ 134.291371][ T2472] __cleanup_mnt+0x19/0x20 [ 134.315477][ T2472] task_work_run+0x127/0x190 [ 134.320116][ T2472] do_exit+0xa9e/0x27e0 [ 134.324348][ T2472] ? slab_free_freelist_hook+0xc2/0x190 [ 134.330061][ T2472] ? kmem_cache_free+0x100/0x320 [ 134.335103][ T2472] ? put_task_struct+0x90/0x90 [ 134.341727][ T2472] ? futex_exit_release+0x1d0/0x1d0 [ 134.352262][ T2472] ? __kasan_check_write+0x14/0x20 [ 134.357547][ T2472] ? _raw_spin_lock_irq+0x95/0xf0 [ 134.363298][ T2472] do_group_exit+0x141/0x310 [ 134.368012][ T2472] ? __kasan_check_write+0x14/0x20 [ 134.373415][ T2472] get_signal+0x66a/0x1480 [ 134.377886][ T2472] arch_do_signal_or_restart+0xdf/0x11c0 [ 134.384436][ T2472] ? putname+0x111/0x160 [ 134.388949][ T2472] ? kmem_cache_free+0x100/0x320 [ 134.394369][ T2472] ? putname+0x111/0x160 [ 134.398718][ T2472] ? get_sigframe_size+0x10/0x10 [ 134.469149][ T2472] ? __se_sys_futex+0x135/0x330 [ 134.476046][ T2472] ? __x64_sys_recvmmsg+0x195/0x250 [ 134.481711][ T2472] exit_to_user_mode_loop+0xa7/0xe0 [ 134.491906][ T2472] exit_to_user_mode_prepare+0x87/0xd0 [ 134.497397][ T2472] syscall_exit_to_user_mode+0x1a/0x30 [ 134.526963][ T2472] do_syscall_64+0x58/0xa0 [ 134.536018][ T2550] loop2: detected capacity change from 0 to 512 [ 134.546796][ T2472] ? clear_bhb_loop+0x50/0xa0 [ 134.620704][ T2472] ? clear_bhb_loop+0x50/0xa0 [ 134.625783][ T2472] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 134.635879][ T2472] RIP: 0033:0x7fb270fd8dd9 [ 134.640318][ T2472] Code: Unable to access opcode bytes at RIP 0x7fb270fd8daf. [ 134.655837][ T2472] RSP: 002b:00007fb26fa330e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 134.671618][ T2472] RAX: fffffffffffffe00 RBX: 00007fb271251fa8 RCX: 00007fb270fd8dd9 [ 134.695808][ T2472] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb271251fa8 [ 134.732486][ T2550] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.741: missing EA_INODE flag [ 134.797117][ T2550] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.741: error while reading EA inode 12 err=-117 [ 134.824097][ T2472] RBP: 00007fb271251fa0 R08: 0000000000000000 R09: 0000000000000000 [ 134.857234][ T2472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.865356][ T2550] EXT4-fs (loop2): 1 orphan inode deleted [ 134.871121][ T2550] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 134.885764][ T2472] R13: 00007fb271252038 R14: 00007ffd6491c9c0 R15: 00007ffd6491caa8 [ 134.893854][ T2472] [ 134.896873][ T2472] ---[ end trace 46756aad84db7e63 ]--- [ 134.935145][ T2558] loop1: detected capacity change from 0 to 2048 [ 134.978174][ T2558] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 135.027165][ T2558] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 135.048150][ T2558] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 135.060612][ T2558] EXT4-fs (loop1): This should not happen!! Data will be lost [ 135.060612][ T2558] [ 135.070599][ T2558] EXT4-fs (loop1): Total free blocks count 0 [ 135.074294][ T2566] loop4: detected capacity change from 0 to 4096 [ 135.077270][ T2558] EXT4-fs (loop1): Free/Dirty block details [ 135.088897][ T2558] EXT4-fs (loop1): free_blocks=2415919504 [ 135.094708][ T2558] EXT4-fs (loop1): dirty_blocks=16 [ 135.100068][ T2558] EXT4-fs (loop1): Block reservation details [ 135.105950][ T2566] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 135.118022][ T2558] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 135.124941][ T2568] device veth0 entered promiscuous mode [ 135.159649][ T8] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 135.171985][ T8] EXT4-fs (loop1): This should not happen!! Data will be lost [ 135.171985][ T8] [ 135.203381][ T2573] tipc: Enabling of bearer rejected, failed to enable media [ 135.824877][ T2559] device veth0 left promiscuous mode [ 136.564316][ T2584] loop2: detected capacity change from 0 to 512 [ 136.693516][ T2591] netlink: 8 bytes leftover after parsing attributes in process `syz.1.748'. [ 136.771366][ T2584] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.752: missing EA_INODE flag [ 136.952376][ T2584] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.752: error while reading EA inode 12 err=-117 [ 136.983625][ T2584] EXT4-fs (loop2): 1 orphan inode deleted [ 136.994936][ T2584] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 137.066817][ T2603] tipc: Enabling of bearer rejected, failed to enable media [ 137.791804][ T290] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 138.081624][ T290] usb 5-1: Using ep0 maxpacket: 32 [ 138.090591][ T2630] loop1: detected capacity change from 0 to 256 [ 138.131930][ T2630] exfat: Deprecated parameter 'utf8' [ 138.137289][ T2630] exfat: Deprecated parameter 'namecase' [ 138.143049][ T2630] exfat: Deprecated parameter 'namecase' [ 138.148695][ T2630] exfat: Deprecated parameter 'utf8' [ 138.162831][ T2630] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 138.231074][ T2632] netlink: 8 bytes leftover after parsing attributes in process `syz.3.767'. [ 138.282019][ T290] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 138.563607][ T290] usb 5-1: config 0 has no interface number 0 [ 138.569828][ T290] usb 5-1: config 0 interface 184 has no altsetting 0 [ 138.741755][ T290] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 138.751174][ T290] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.759456][ T290] usb 5-1: Product: syz [ 138.763862][ T290] usb 5-1: Manufacturer: syz [ 138.769302][ T290] usb 5-1: SerialNumber: syz [ 138.778690][ T290] usb 5-1: config 0 descriptor?? [ 138.845180][ T290] smsc75xx v1.0.0 [ 139.245686][ T2650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.773'. [ 139.306356][ T2650] netlink: 12 bytes leftover after parsing attributes in process `syz.3.773'. [ 139.913088][ T2654] loop2: detected capacity change from 0 to 4096 [ 139.991950][ T290] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 140.015643][ T2661] loop1: detected capacity change from 0 to 4096 [ 140.022230][ T290] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 140.063071][ T2661] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 140.096119][ T2654] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 141.661715][ T290] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 141.749046][ T290] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 141.932552][ T290] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 141.942262][ T290] smsc75xx: probe of 5-1:0.184 failed with error -71 [ 141.954863][ T290] usb 5-1: USB disconnect, device number 9 [ 142.034703][ T2684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'. [ 142.584810][ T2693] loop2: detected capacity change from 0 to 256 [ 142.621830][ T2693] exfat: Deprecated parameter 'utf8' [ 142.627176][ T2693] exfat: Deprecated parameter 'namecase' [ 142.633004][ T2693] exfat: Deprecated parameter 'namecase' [ 142.638643][ T2693] exfat: Deprecated parameter 'utf8' [ 142.666859][ T2693] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 142.748966][ T2697] loop4: detected capacity change from 0 to 2048 [ 142.912147][ T2697] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled [ 143.048051][ T2697] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 143.103480][ T2697] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.133514][ T2697] fs-verity (loop4, inode 13): Unknown hash algorithm number: 3 [ 143.364299][ T2716] incfs: ino conflict with backing FS 1 [ 143.408603][ T2718] loop1: detected capacity change from 0 to 2048 [ 143.415368][ T2720] loop4: detected capacity change from 0 to 4096 [ 143.445925][ T2718] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 143.466753][ T2718] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 143.482058][ T2718] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 143.494300][ T2718] EXT4-fs (loop1): This should not happen!! Data will be lost [ 143.494300][ T2718] [ 143.505377][ T2718] EXT4-fs (loop1): Total free blocks count 0 [ 143.511375][ T2718] EXT4-fs (loop1): Free/Dirty block details [ 143.517341][ T2718] EXT4-fs (loop1): free_blocks=2415919504 [ 143.523114][ T2718] EXT4-fs (loop1): dirty_blocks=16 [ 143.528393][ T2718] EXT4-fs (loop1): Block reservation details [ 143.528552][ T2720] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 143.534515][ T2718] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 143.548170][ T2724] loop2: detected capacity change from 0 to 4096 [ 143.565764][ T2724] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 143.575892][ T1885] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 143.588572][ T2724] EXT4-fs (loop2): Test dummy encryption mode enabled [ 143.595644][ T1885] EXT4-fs (loop1): This should not happen!! Data will be lost [ 143.595644][ T1885] [ 143.607223][ T2724] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 143.616993][ T2724] System zones: 0-5 [ 143.621925][ T2724] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 143.657325][ T2724] ------------[ cut here ]------------ [ 143.663425][ T2724] WARNING: CPU: 1 PID: 2724 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 143.679298][ T2724] Modules linked in: [ 143.683500][ T2724] CPU: 1 PID: 2724 Comm: syz.2.796 Tainted: G W syzkaller #0 [ 143.692303][ T2724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 143.703025][ T2724] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 143.709161][ T2724] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 143.734015][ T2724] RSP: 0018:ffffc9000a18f6c0 EFLAGS: 00010293 [ 143.740196][ T2724] RAX: ffffffff820173d9 RBX: 1ffff1102233bc06 RCX: ffff888133b3bb40 [ 143.748877][ T2724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 143.833209][ T2736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.798'. [ 144.340565][ T2724] RBP: ffffc9000a18f6f0 R08: ffff88812f9af2bf R09: 1ffff11025f35e57 [ 144.419520][ T2724] R10: dffffc0000000000 R11: ffffed1025f35e58 R12: ffff8881119de000 [ 144.430466][ T2724] R13: 0000000000000000 R14: ffff88812f9af218 R15: ffff8881119de030 [ 144.441303][ T2724] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 144.450551][ T2724] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.457385][ T2724] CR2: 00007f94e8c76000 CR3: 0000000118982000 CR4: 00000000003506b0 [ 144.480870][ T2724] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 144.509380][ T2724] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 144.520389][ T2724] Call Trace: [ 144.523824][ T2724] [ 144.526845][ T2724] ovl_do_remove+0x5f6/0x9a0 [ 144.531502][ T2724] ? ovl_getattr+0xf80/0xf80 [ 144.536158][ T2724] ? ovl_set_redirect+0x670/0x670 [ 144.541253][ T2724] ? selinux_inode_rmdir+0x22/0x30 [ 144.556310][ T2724] ovl_rmdir+0x1a/0x20 [ 144.560734][ T2724] vfs_rmdir+0x313/0x460 [ 144.565149][ T2724] incfs_kill_sb+0x105/0x220 [ 144.601689][ T2724] deactivate_locked_super+0xa0/0x100 [ 144.616390][ T2724] deactivate_super+0xaf/0xe0 [ 144.633552][ T2724] cleanup_mnt+0x45b/0x510 [ 144.645242][ T2724] __cleanup_mnt+0x19/0x20 [ 144.655477][ T2724] task_work_run+0x127/0x190 [ 144.660142][ T2724] do_exit+0xa9e/0x27e0 [ 144.677148][ T2750] incfs: ino conflict with backing FS 1 [ 144.677837][ T2724] ? slab_free_freelist_hook+0xc2/0x190 [ 144.688444][ T2724] ? kmem_cache_free+0x100/0x320 [ 144.693621][ T2724] ? put_task_struct+0x90/0x90 [ 144.698401][ T2724] ? futex_exit_release+0x1d0/0x1d0 [ 144.703645][ T2724] ? __kasan_check_write+0x14/0x20 [ 144.708755][ T2724] ? _raw_spin_lock_irq+0x95/0xf0 [ 144.713820][ T2724] do_group_exit+0x141/0x310 [ 144.719591][ T2724] ? __kasan_check_write+0x14/0x20 [ 144.773472][ T2754] loop4: detected capacity change from 0 to 4096 [ 144.780207][ T2724] get_signal+0x66a/0x1480 [ 144.784758][ T2724] arch_do_signal_or_restart+0xdf/0x11c0 [ 144.790610][ T2724] ? putname+0x111/0x160 [ 144.795121][ T2724] ? kmem_cache_free+0x100/0x320 [ 144.800084][ T2724] ? putname+0x111/0x160 [ 144.801728][ T2754] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 144.804406][ T2724] ? get_sigframe_size+0x10/0x10 [ 144.804428][ T2724] ? __se_sys_futex+0x135/0x330 [ 144.804449][ T2724] exit_to_user_mode_loop+0xa7/0xe0 [ 144.804464][ T2724] exit_to_user_mode_prepare+0x87/0xd0 [ 144.804478][ T2724] syscall_exit_to_user_mode+0x1a/0x30 [ 144.804493][ T2724] do_syscall_64+0x58/0xa0 [ 144.823269][ T2754] EXT4-fs (loop4): Test dummy encryption mode enabled [ 144.823829][ T2724] ? clear_bhb_loop+0x50/0xa0 [ 144.838895][ T2754] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 144.855990][ T2724] ? clear_bhb_loop+0x50/0xa0 [ 144.869286][ T2754] System zones: 0-5 [ 144.877336][ T2754] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 144.928581][ T2724] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 144.961760][ T2724] RIP: 0033:0x7f6b24184dd9 [ 144.985768][ T2724] Code: Unable to access opcode bytes at RIP 0x7f6b24184daf. [ 145.025194][ T2724] RSP: 002b:00007f6b22bdf0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 145.069094][ T2724] RAX: fffffffffffffe00 RBX: 00007f6b243fdfa8 RCX: 00007f6b24184dd9 [ 145.077668][ T2724] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6b243fdfa8 [ 145.086016][ T2724] RBP: 00007f6b243fdfa0 R08: 0000000000000000 R09: 0000000000000000 [ 145.094362][ T2724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.102587][ T2724] R13: 00007f6b243fe038 R14: 00007ffe512d9110 R15: 00007ffe512d91f8 [ 145.110696][ T2724] [ 145.114030][ T2724] ---[ end trace 46756aad84db7e64 ]--- [ 145.122271][ T2724] ------------[ cut here ]------------ [ 145.127816][ T2724] WARNING: CPU: 1 PID: 2724 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 145.137505][ T2724] Modules linked in: [ 145.141499][ T2724] CPU: 1 PID: 2724 Comm: syz.2.796 Tainted: G W syzkaller #0 [ 145.150505][ T2724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 145.168123][ T2724] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 145.179850][ T2760] loop4: detected capacity change from 0 to 2048 [ 145.180524][ T2724] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 145.208180][ T2724] RSP: 0018:ffffc9000a18f6c0 EFLAGS: 00010293 [ 145.214609][ T2724] RAX: ffffffff820173d9 RBX: 1ffff1102233bc06 RCX: ffff888133b3bb40 [ 145.222868][ T2724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 145.230887][ T2724] RBP: ffffc9000a18f6f0 R08: ffff88812f9af2bf R09: 1ffff11025f35e57 [ 145.239562][ T2724] R10: dffffc0000000000 R11: ffffed1025f35e58 R12: ffff8881119de000 [ 145.248666][ T2760] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 145.251622][ T2724] R13: 0000000000000000 R14: ffff88812f9af218 R15: ffff8881119de030 [ 145.280428][ T2724] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 145.280450][ T2724] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.280462][ T2724] CR2: 00007f9f71706000 CR3: 000000010dea5000 CR4: 00000000003506b0 [ 145.280479][ T2724] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 145.280490][ T2724] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 145.280501][ T2724] Call Trace: [ 145.280506][ T2724] [ 145.280514][ T2724] ovl_do_remove+0x5f6/0x9a0 [ 145.280535][ T2724] ? ovl_getattr+0xf80/0xf80 [ 145.280553][ T2724] ? ovl_set_redirect+0x670/0x670 [ 145.280569][ T2724] ? selinux_inode_rmdir+0x22/0x30 [ 145.280588][ T2724] ovl_rmdir+0x1a/0x20 [ 145.280601][ T2724] vfs_rmdir+0x313/0x460 [ 145.280620][ T2724] incfs_kill_sb+0x198/0x220 [ 145.280638][ T2724] deactivate_locked_super+0xa0/0x100 [ 145.280656][ T2724] deactivate_super+0xaf/0xe0 [ 145.280672][ T2724] cleanup_mnt+0x45b/0x510 [ 145.280690][ T2724] __cleanup_mnt+0x19/0x20 [ 145.280705][ T2724] task_work_run+0x127/0x190 [ 145.280722][ T2724] do_exit+0xa9e/0x27e0 [ 145.280738][ T2724] ? slab_free_freelist_hook+0xc2/0x190 [ 145.280757][ T2724] ? kmem_cache_free+0x100/0x320 [ 145.280809][ T2724] ? put_task_struct+0x90/0x90 [ 145.280827][ T2724] ? futex_exit_release+0x1d0/0x1d0 [ 145.280846][ T2724] ? __kasan_check_write+0x14/0x20 [ 145.280863][ T2724] ? _raw_spin_lock_irq+0x95/0xf0 [ 145.280882][ T2724] do_group_exit+0x141/0x310 [ 145.280897][ T2724] ? __kasan_check_write+0x14/0x20 [ 145.280914][ T2724] get_signal+0x66a/0x1480 [ 145.280935][ T2724] arch_do_signal_or_restart+0xdf/0x11c0 [ 145.280958][ T2724] ? putname+0x111/0x160 [ 145.280972][ T2724] ? kmem_cache_free+0x100/0x320 [ 145.280990][ T2724] ? putname+0x111/0x160 [ 145.281004][ T2724] ? get_sigframe_size+0x10/0x10 [ 145.281019][ T2724] ? __se_sys_futex+0x135/0x330 [ 145.281039][ T2724] exit_to_user_mode_loop+0xa7/0xe0 [ 145.281056][ T2724] exit_to_user_mode_prepare+0x87/0xd0 [ 145.281072][ T2724] syscall_exit_to_user_mode+0x1a/0x30 [ 145.281089][ T2724] do_syscall_64+0x58/0xa0 [ 145.281105][ T2724] ? clear_bhb_loop+0x50/0xa0 [ 145.281120][ T2724] ? clear_bhb_loop+0x50/0xa0 [ 145.281135][ T2724] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 145.281163][ T2724] RIP: 0033:0x7f6b24184dd9 [ 145.281176][ T2724] Code: Unable to access opcode bytes at RIP 0x7f6b24184daf. [ 145.281185][ T2724] RSP: 002b:00007f6b22bdf0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 145.281204][ T2724] RAX: fffffffffffffe00 RBX: 00007f6b243fdfa8 RCX: 00007f6b24184dd9 [ 145.281217][ T2724] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6b243fdfa8 [ 145.281227][ T2724] RBP: 00007f6b243fdfa0 R08: 0000000000000000 R09: 0000000000000000 [ 145.281238][ T2724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.281247][ T2724] R13: 00007f6b243fe038 R14: 00007ffe512d9110 R15: 00007ffe512d91f8 [ 145.281261][ T2724] [ 145.281266][ T2724] ---[ end trace 46756aad84db7e65 ]--- [ 145.364187][ T2767] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 145.610298][ T2767] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 145.622811][ T2767] EXT4-fs (loop4): This should not happen!! Data will be lost [ 145.622811][ T2767] [ 145.633024][ T2767] EXT4-fs (loop4): Total free blocks count 0 [ 145.639147][ T2767] EXT4-fs (loop4): Free/Dirty block details [ 145.646015][ T2767] EXT4-fs (loop4): free_blocks=2415919504 [ 145.653570][ T2767] EXT4-fs (loop4): dirty_blocks=16 [ 145.659011][ T2767] EXT4-fs (loop4): Block reservation details [ 145.883593][ T2767] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 145.989961][ T2774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.811'. [ 146.004430][ T2774] netlink: 12 bytes leftover after parsing attributes in process `syz.3.811'. [ 146.545344][ T8] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 146.549240][ T2785] incfs: ino conflict with backing FS 1 [ 146.561823][ T8] EXT4-fs (loop4): This should not happen!! Data will be lost [ 146.561823][ T8] [ 146.801437][ T2789] netlink: 8 bytes leftover after parsing attributes in process `syz.1.814'. [ 147.891679][ T2793] loop4: detected capacity change from 0 to 2048 [ 147.915259][ T2793] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled [ 147.926625][ T2793] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 147.942313][ T2793] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.973196][ T2793] fs-verity (loop4, inode 13): Unknown hash algorithm number: 3 [ 148.030121][ T2803] netlink: 4 bytes leftover after parsing attributes in process `syz.3.818'. [ 148.096361][ T39] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 148.140892][ T2810] loop4: detected capacity change from 0 to 256 [ 148.148304][ T2811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.822'. [ 148.157798][ T2811] netlink: 12 bytes leftover after parsing attributes in process `syz.1.822'. [ 148.202916][ T2810] exfat: Deprecated parameter 'utf8' [ 148.208299][ T2810] exfat: Deprecated parameter 'namecase' [ 148.214144][ T2810] exfat: Deprecated parameter 'namecase' [ 148.219890][ T2810] exfat: Deprecated parameter 'utf8' [ 148.253803][ T2810] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 148.361653][ T39] usb 3-1: Using ep0 maxpacket: 32 [ 148.561762][ T39] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 148.570087][ T39] usb 3-1: config 0 has no interface number 0 [ 148.576400][ T39] usb 3-1: config 0 interface 184 has no altsetting 0 [ 148.841288][ T39] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 148.855520][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.865197][ T39] usb 3-1: Product: syz [ 149.039625][ T39] usb 3-1: Manufacturer: syz [ 149.044532][ T39] usb 3-1: SerialNumber: syz [ 149.131095][ T39] usb 3-1: config 0 descriptor?? [ 149.152059][ T2827] loop4: detected capacity change from 0 to 2048 [ 149.182521][ T39] smsc75xx v1.0.0 [ 149.564171][ T2827] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 149.633035][ T2827] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 149.648080][ T2827] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 149.660595][ T2827] EXT4-fs (loop4): This should not happen!! Data will be lost [ 149.660595][ T2827] [ 149.670545][ T2827] EXT4-fs (loop4): Total free blocks count 0 [ 149.676754][ T2827] EXT4-fs (loop4): Free/Dirty block details [ 149.682921][ T2827] EXT4-fs (loop4): free_blocks=2415919504 [ 149.732015][ T2827] EXT4-fs (loop4): dirty_blocks=16 [ 149.737362][ T2827] EXT4-fs (loop4): Block reservation details [ 149.749587][ T2827] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 149.766946][ T319] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 149.779457][ T319] EXT4-fs (loop4): This should not happen!! Data will be lost [ 149.779457][ T319] [ 150.184673][ T2843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.829'. [ 150.391644][ T39] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 150.402708][ T39] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 150.414102][ T2846] loop1: detected capacity change from 0 to 2048 [ 150.453249][ T2846] EXT4-fs (loop1): Journaled quota options ignored when QUOTA feature is enabled [ 150.468797][ T2850] loop4: detected capacity change from 0 to 4096 [ 150.476770][ T2850] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 150.495172][ T2846] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 150.498108][ T2850] EXT4-fs (loop4): Test dummy encryption mode enabled [ 150.525182][ T2846] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.542246][ T2846] fs-verity (loop1, inode 13): Unknown hash algorithm number: 3 [ 150.550053][ T2850] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 150.559419][ T2850] System zones: 0-5 [ 150.574981][ T2850] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 150.735522][ T39] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 150.741931][ T2859] tipc: Enabling of bearer rejected, failed to enable media [ 150.746427][ T39] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 150.764808][ T39] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 150.774282][ T39] smsc75xx: probe of 3-1:0.184 failed with error -61 [ 151.934392][ T39] usb 3-1: USB disconnect, device number 9 [ 151.970023][ T2880] loop1: detected capacity change from 0 to 4096 [ 152.070008][ T2885] incfs: ino conflict with backing FS 1 [ 152.300142][ T2892] netlink: 8 bytes leftover after parsing attributes in process `syz.4.845'. [ 152.685734][ T2880] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 152.688082][ T2885] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 152.707965][ T2885] overlayfs: conflicting lowerdir path [ 152.787108][ T2899] loop2: detected capacity change from 0 to 4096 [ 152.869552][ T2904] tipc: Enabling of bearer rejected, failed to enable media [ 152.914339][ T2899] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 152.959793][ T2899] EXT4-fs (loop2): Test dummy encryption mode enabled [ 152.998028][ T2899] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 153.019624][ T2899] System zones: 0-5 [ 153.030503][ T2899] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 154.141870][ T2932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.853'. [ 154.164005][ T2893] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 154.422197][ T2893] usb 5-1: Using ep0 maxpacket: 32 [ 154.922803][ T2893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.933875][ T2893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.941226][ T2937] tipc: Enabling of bearer rejected, failed to enable media [ 154.943863][ T2893] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 154.966687][ T2893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.027824][ T2945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.858'. [ 155.116821][ T2948] incfs: ino conflict with backing FS 1 [ 155.252495][ T2893] usb 5-1: config 0 descriptor?? [ 155.261426][ T2947] loop1: detected capacity change from 0 to 4096 [ 155.292268][ T2893] hub 5-1:0.0: USB hub found [ 155.311280][ T2947] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 155.501649][ T2893] hub 5-1:0.0: 1 port detected [ 155.881548][ T2970] device veth0 entered promiscuous mode [ 155.888456][ T2970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.867'. [ 156.267968][ T2976] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'. [ 156.686286][ T2893] hub 5-1:0.0: activate --> -90 [ 156.708777][ T2979] tipc: Enabling of bearer rejected, failed to enable media [ 156.713719][ T2981] loop2: detected capacity change from 0 to 2048 [ 156.743289][ T2987] incfs: ino conflict with backing FS 1 [ 156.840606][ T2981] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 156.945770][ T2999] netlink: 8 bytes leftover after parsing attributes in process `syz.1.879'. [ 157.087172][ T305] usb 5-1: USB disconnect, device number 10 [ 158.495051][ T3016] tipc: Enabling of bearer rejected, failed to enable media [ 159.136636][ T3034] netlink: 8 bytes leftover after parsing attributes in process `syz.4.890'. [ 159.451652][ T3037] loop1: detected capacity change from 0 to 4096 [ 159.477408][ T3037] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 160.069100][ T3054] incfs: ino conflict with backing FS 1 [ 160.076100][ T3054] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 160.085913][ T3054] overlayfs: conflicting lowerdir path [ 160.283081][ T3058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.897'. [ 160.422508][ T3060] tipc: Enabling of bearer rejected, failed to enable media [ 160.589192][ T3062] loop2: detected capacity change from 0 to 512 [ 160.639861][ T3062] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.899: missing EA_INODE flag [ 160.661992][ T3062] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.899: error while reading EA inode 12 err=-117 [ 160.681829][ T3062] EXT4-fs (loop2): 1 orphan inode deleted [ 160.689776][ T3062] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 162.125860][ T3086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.906'. [ 162.464403][ T3091] loop1: detected capacity change from 0 to 4096 [ 162.517953][ T3091] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 162.759264][ T3099] incfs: ino conflict with backing FS 1 [ 162.766605][ T3099] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 162.776414][ T3099] overlayfs: conflicting lowerdir path [ 163.144021][ T3109] loop4: detected capacity change from 0 to 4096 [ 163.247123][ T3109] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 163.376662][ T3103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.911'. [ 163.436376][ T3103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.911'. [ 163.553624][ T3116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.915'. [ 164.067174][ T3123] loop2: detected capacity change from 0 to 4096 [ 164.104233][ T3123] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 164.116308][ T3123] EXT4-fs (loop2): Test dummy encryption mode enabled [ 164.124338][ T3123] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 164.151693][ T3123] System zones: 0-5 [ 164.155817][ T3126] loop1: detected capacity change from 0 to 512 [ 164.156347][ T3123] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,norecovery,delalloc,nogrpid,minixdf,. Quota mode: writeback. [ 164.189014][ T3126] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.914: missing EA_INODE flag [ 164.220214][ T3126] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.914: error while reading EA inode 12 err=-117 [ 164.232705][ T3126] EXT4-fs (loop1): 1 orphan inode deleted [ 164.238840][ T3126] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 164.239490][ T3123] ------------[ cut here ]------------ [ 164.258950][ T3123] WARNING: CPU: 0 PID: 3123 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 164.268973][ T3123] Modules linked in: [ 164.289325][ T3123] CPU: 1 PID: 3123 Comm: syz.2.917 Tainted: G W syzkaller #0 [ 164.298457][ T3123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 164.308732][ T3123] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 164.314499][ T3123] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 164.334191][ T3123] RSP: 0018:ffffc900078376c0 EFLAGS: 00010293 [ 164.340656][ T3123] RAX: ffffffff820173d9 RBX: 1ffff11021a7a28e RCX: ffff88811018a780 [ 164.360798][ T3123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.369110][ T3123] RBP: ffffc900078376f0 R08: ffff8881293f9f87 R09: 1ffff1102527f3f0 [ 164.377382][ T3123] R10: dffffc0000000000 R11: ffffed102527f3f1 R12: ffff88810d3d1440 [ 164.385569][ T3123] R13: 0000000000000000 R14: ffff8881293f9ee0 R15: ffff88810d3d1470 [ 164.427466][ T3123] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 164.437548][ T3123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.444420][ T3123] CR2: 0000001b2ea20ff8 CR3: 0000000126e95000 CR4: 00000000003506b0 [ 164.452702][ T3123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 164.461404][ T3123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 164.469670][ T3123] Call Trace: [ 164.473205][ T3123] [ 164.476401][ T3123] ovl_do_remove+0x5f6/0x9a0 [ 164.695267][ T3138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.919'. [ 164.705573][ T3138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.919'. [ 165.859658][ T3123] ? ovl_getattr+0xf80/0xf80 [ 165.870272][ T3145] loop1: detected capacity change from 0 to 2048 [ 165.912223][ T3123] ? ovl_set_redirect+0x670/0x670 [ 165.917298][ T3123] ? selinux_inode_rmdir+0x22/0x30 [ 165.929983][ T3145] EXT4-fs (loop1): Journaled quota options ignored when QUOTA feature is enabled [ 165.941678][ T3123] ovl_rmdir+0x1a/0x20 [ 165.945869][ T3123] vfs_rmdir+0x313/0x460 [ 165.950130][ T3123] incfs_kill_sb+0x105/0x220 [ 165.956793][ T3123] deactivate_locked_super+0xa0/0x100 [ 165.962705][ T3123] deactivate_super+0xaf/0xe0 [ 165.967935][ T3145] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 165.968002][ T3123] cleanup_mnt+0x45b/0x510 [ 165.982817][ T3145] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.987901][ T3123] __cleanup_mnt+0x19/0x20 [ 166.020862][ T3123] task_work_run+0x127/0x190 [ 166.026543][ T3123] do_exit+0xa9e/0x27e0 [ 166.030744][ T3123] ? slab_free_freelist_hook+0xc2/0x190 [ 166.037528][ T3123] ? kmem_cache_free+0x100/0x320 [ 166.151329][ T3154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.921'. [ 166.255071][ T3123] ? put_task_struct+0x90/0x90 [ 166.264520][ T3123] ? futex_exit_release+0x1d0/0x1d0 [ 166.282341][ T3145] fs-verity (loop1, inode 13): Unknown hash algorithm number: 3 [ 166.290435][ T3123] ? __kasan_check_write+0x14/0x20 [ 166.305031][ T3123] ? _raw_spin_lock_irq+0x95/0xf0 [ 166.311163][ T3123] do_group_exit+0x141/0x310 [ 166.316843][ T3123] ? __kasan_check_write+0x14/0x20 [ 166.361970][ T3123] get_signal+0x66a/0x1480 [ 166.366495][ T3123] arch_do_signal_or_restart+0xdf/0x11c0 [ 166.388625][ T3123] ? putname+0x111/0x160 [ 166.394152][ T3123] ? kmem_cache_free+0x100/0x320 [ 166.399348][ T3123] ? putname+0x111/0x160 [ 166.403863][ T3123] ? get_sigframe_size+0x10/0x10 [ 166.408848][ T3123] ? __se_sys_futex+0x135/0x330 [ 166.413813][ T3123] ? __x64_sys_recvmmsg+0x195/0x250 [ 166.419080][ T3123] exit_to_user_mode_loop+0xa7/0xe0 [ 166.424478][ T3123] exit_to_user_mode_prepare+0x87/0xd0 [ 166.430145][ T3123] syscall_exit_to_user_mode+0x1a/0x30 [ 166.435710][ T3123] do_syscall_64+0x58/0xa0 [ 166.440181][ T3123] ? clear_bhb_loop+0x50/0xa0 [ 166.445122][ T3123] ? clear_bhb_loop+0x50/0xa0 [ 166.449855][ T3123] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 166.455833][ T3123] RIP: 0033:0x7f6b24184dd9 [ 166.461487][ T3123] Code: Unable to access opcode bytes at RIP 0x7f6b24184daf. [ 166.469246][ T3158] loop1: detected capacity change from 0 to 512 [ 166.476144][ T3123] RSP: 002b:00007f6b22bdf0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 166.484770][ T3123] RAX: 0000000000000001 RBX: 00007f6b243fdfa8 RCX: 00007f6b24184dd9 [ 166.493436][ T3123] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6b243fdfac [ 166.502570][ T3123] RBP: 00007f6b243fdfa0 R08: 000b0d0a1c40ff58 R09: 0000000000000000 [ 166.510638][ T3123] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 166.519781][ T3123] R13: 00007f6b243fe038 R14: 00007ffe512d9110 R15: 00007ffe512d91f8 [ 166.534459][ T3123] [ 166.538075][ T3123] ---[ end trace 46756aad84db7e66 ]--- [ 166.549260][ T3158] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.925: missing EA_INODE flag [ 166.563749][ T3123] ------------[ cut here ]------------ [ 166.569418][ T3123] WARNING: CPU: 1 PID: 3123 at fs/overlayfs/util.c:475 ovl_dir_modified+0x189/0x1c0 [ 166.582113][ T3158] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.925: error while reading EA inode 12 err=-117 [ 166.594713][ T3123] Modules linked in: [ 166.598843][ T3123] CPU: 1 PID: 3123 Comm: syz.2.917 Tainted: G W syzkaller #0 [ 166.603056][ T3158] EXT4-fs (loop1): 1 orphan inode deleted [ 166.611910][ T3123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 166.613399][ T3158] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 166.625763][ T3123] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 166.644854][ T3123] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ae 89 a7 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 07 56 68 ff <0f> 0b e9 17 ff ff ff e8 fb 55 68 ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 166.664805][ T3123] RSP: 0018:ffffc900078376c0 EFLAGS: 00010293 [ 166.671131][ T3123] RAX: ffffffff820173d9 RBX: 1ffff11021a7a28e RCX: ffff88811018a780 [ 166.679430][ T3123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 166.693763][ T3123] RBP: ffffc900078376f0 R08: ffff8881293f9f87 R09: 1ffff1102527f3f0 [ 166.702430][ T3123] R10: dffffc0000000000 R11: ffffed102527f3f1 R12: ffff88810d3d1440 [ 166.710654][ T3123] R13: 0000000000000000 R14: ffff8881293f9ee0 R15: ffff88810d3d1470 [ 166.718860][ T3123] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 166.728022][ T3123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 166.734871][ T3123] CR2: 000000110c2fb004 CR3: 000000010dc1d000 CR4: 00000000003506b0 [ 166.743042][ T3123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 166.771936][ T3123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 166.780009][ T3123] Call Trace: [ 166.783357][ T3123] [ 166.786283][ T3123] ovl_do_remove+0x5f6/0x9a0 [ 166.804992][ T3123] ? ovl_set_redirect+0x670/0x670 [ 166.810307][ T3123] ? selinux_inode_rmdir+0x22/0x30 [ 166.815744][ T3123] ovl_rmdir+0x1a/0x20 [ 166.819837][ T3123] vfs_rmdir+0x313/0x460 [ 166.824839][ T3123] incfs_kill_sb+0x198/0x220 [ 166.829532][ T3123] deactivate_locked_super+0xa0/0x100 [ 166.835113][ T3123] deactivate_super+0xaf/0xe0 [ 166.839907][ T3123] cleanup_mnt+0x45b/0x510 [ 166.853615][ T3123] __cleanup_mnt+0x19/0x20 [ 166.863340][ T3123] task_work_run+0x127/0x190 [ 166.893914][ T3123] do_exit+0xa9e/0x27e0 [ 166.905853][ T3123] ? slab_free_freelist_hook+0xc2/0x190 [ 166.914545][ T3168] loop4: detected capacity change from 0 to 512 [ 166.943926][ T3123] ? kmem_cache_free+0x100/0x320 [ 166.978128][ T3123] ? put_task_struct+0x90/0x90 [ 166.993309][ T3123] ? futex_exit_release+0x1d0/0x1d0 [ 167.008716][ T3123] ? __kasan_check_write+0x14/0x20 [ 167.024162][ T3123] ? _raw_spin_lock_irq+0x95/0xf0 [ 167.032912][ T3168] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.929: missing EA_INODE flag [ 167.056858][ T3123] do_group_exit+0x141/0x310 [ 167.061529][ T3123] ? __kasan_check_write+0x14/0x20 [ 167.064417][ T3168] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.929: error while reading EA inode 12 err=-117 [ 167.085675][ T3123] get_signal+0x66a/0x1480 [ 167.095713][ T3123] arch_do_signal_or_restart+0xdf/0x11c0 [ 167.108967][ T3123] ? putname+0x111/0x160 [ 167.115828][ T3123] ? kmem_cache_free+0x100/0x320 [ 167.123729][ T3168] EXT4-fs (loop4): 1 orphan inode deleted [ 167.133639][ T3123] ? putname+0x111/0x160 [ 167.139638][ T3168] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 167.162421][ T3123] ? get_sigframe_size+0x10/0x10 [ 167.171760][ T3123] ? __se_sys_futex+0x135/0x330 [ 167.181727][ T3123] ? __x64_sys_recvmmsg+0x195/0x250 [ 167.209002][ T3123] exit_to_user_mode_loop+0xa7/0xe0 [ 167.242444][ T3123] exit_to_user_mode_prepare+0x87/0xd0 [ 167.258110][ T3123] syscall_exit_to_user_mode+0x1a/0x30 [ 167.276156][ T3123] do_syscall_64+0x58/0xa0 [ 167.289281][ T3123] ? clear_bhb_loop+0x50/0xa0 [ 167.304171][ T3123] ? clear_bhb_loop+0x50/0xa0 [ 167.318538][ T3123] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 167.338009][ T3123] RIP: 0033:0x7f6b24184dd9 [ 167.350407][ T3123] Code: Unable to access opcode bytes at RIP 0x7f6b24184daf. [ 167.366702][ T3123] RSP: 002b:00007f6b22bdf0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 167.383987][ T3123] RAX: 0000000000000001 RBX: 00007f6b243fdfa8 RCX: 00007f6b24184dd9 [ 167.400812][ T3123] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6b243fdfac [ 167.417668][ T3123] RBP: 00007f6b243fdfa0 R08: 000b0d0a1c40ff58 R09: 0000000000000000 [ 167.431620][ T3123] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 167.449826][ T3123] R13: 00007f6b243fe038 R14: 00007ffe512d9110 R15: 00007ffe512d91f8 [ 167.456325][ T3162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.927'. [ 167.467724][ T3162] netlink: 12 bytes leftover after parsing attributes in process `syz.3.927'. [ 167.467862][ T3123] [ 167.490048][ T3123] ---[ end trace 46756aad84db7e67 ]--- [ 167.986518][ T3186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.932'. [ 168.018261][ T3186] netlink: 12 bytes leftover after parsing attributes in process `syz.2.932'. [ 169.091389][ T3189] netlink: 8 bytes leftover after parsing attributes in process `syz.4.930'. [ 169.313762][ T3195] incfs: ino conflict with backing FS 1 [ 169.324770][ T3195] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 169.334834][ T3195] overlayfs: conflicting lowerdir path [ 169.337782][ T3197] loop4: detected capacity change from 0 to 4096 [ 169.416639][ T3200] netlink: 8 bytes leftover after parsing attributes in process `syz.3.937'. [ 169.657385][ T3197] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 169.676052][ T3207] loop1: detected capacity change from 0 to 512 [ 169.701455][ T3210] loop2: detected capacity change from 0 to 512 [ 169.707194][ T3207] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.940: missing EA_INODE flag [ 169.719970][ T3207] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.940: error while reading EA inode 12 err=-117 [ 169.733393][ T3207] EXT4-fs (loop1): 1 orphan inode deleted [ 169.740670][ T3207] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 169.837073][ T3210] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.942: missing EA_INODE flag [ 169.891806][ T3210] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.942: error while reading EA inode 12 err=-117 [ 169.904982][ T3210] EXT4-fs (loop2): 1 orphan inode deleted [ 169.911126][ T3210] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 171.701527][ T3240] netlink: 4 bytes leftover after parsing attributes in process `syz.4.944'. [ 171.714818][ T3240] netlink: 12 bytes leftover after parsing attributes in process `syz.4.944'. [ 172.634570][ T3248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.949'. [ 172.692574][ T3257] tipc: Enabled bearer , priority 0 [ 172.700518][ T3256] tipc: Disabling bearer [ 173.529600][ T3265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.953'. [ 174.397461][ T3285] loop1: detected capacity change from 0 to 4096 [ 174.417931][ T3285] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 175.669578][ T3301] loop2: detected capacity change from 0 to 4096 [ 175.980670][ T3306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.967'. [ 176.004547][ T3306] netlink: 12 bytes leftover after parsing attributes in process `syz.0.967'. [ 176.128034][ T3301] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 176.154024][ T3310] tipc: Enabling of bearer rejected, failed to enable media [ 177.086795][ T3329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.966'. [ 179.155312][ T3349] loop1: detected capacity change from 0 to 512 [ 179.183257][ T3351] tipc: Enabled bearer , priority 0 [ 179.231441][ T3350] tipc: Disabling bearer [ 179.248337][ T3349] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.979: missing EA_INODE flag [ 179.284493][ T3349] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.979: error while reading EA inode 12 err=-117 [ 179.297128][ T3349] EXT4-fs (loop1): 1 orphan inode deleted [ 179.305389][ T3356] incfs: ino conflict with backing FS 1 [ 179.313621][ T3349] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 179.350408][ T3356] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 179.755161][ T3356] overlayfs: conflicting lowerdir path [ 179.779770][ T3358] loop4: detected capacity change from 0 to 4096 [ 179.849485][ T3368] loop2: detected capacity change from 0 to 512 [ 179.878345][ T3358] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 179.895548][ T3368] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.985: missing EA_INODE flag [ 179.941840][ T3368] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.985: error while reading EA inode 12 err=-117 [ 179.961878][ T3368] EXT4-fs (loop2): 1 orphan inode deleted [ 179.970867][ T3368] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 180.346051][ T3378] loop4: detected capacity change from 0 to 512 [ 180.833738][ T3378] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.987: missing EA_INODE flag [ 180.948749][ T3378] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.987: error while reading EA inode 12 err=-117 [ 181.017147][ T3392] netlink: 8 bytes leftover after parsing attributes in process `syz.0.990'. [ 181.081018][ T3378] EXT4-fs (loop4): 1 orphan inode deleted [ 181.089018][ T3378] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 181.414601][ T3397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.991'. [ 182.095992][ T3406] loop4: detected capacity change from 0 to 4096 [ 182.114503][ T3408] loop2: detected capacity change from 0 to 2048 [ 182.121513][ T3406] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 182.140951][ T3408] EXT4-fs (loop2): Journaled quota options ignored when QUOTA feature is enabled [ 182.259924][ T3408] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 182.276831][ T3408] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.744870][ T3408] fs-verity (loop2, inode 13): Unknown hash algorithm number: 3 [ 183.958488][ T3427] loop2: detected capacity change from 0 to 512 [ 183.994574][ T3433] loop1: detected capacity change from 0 to 2048 [ 184.045836][ T3427] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.999: missing EA_INODE flag [ 184.057654][ T3427] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.999: error while reading EA inode 12 err=-117 [ 184.075084][ T3427] EXT4-fs (loop2): 1 orphan inode deleted [ 184.082795][ T3427] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 184.096904][ T3440] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1002'. [ 184.107178][ T3433] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 184.173225][ T3433] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 184.243846][ T3433] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 184.276329][ T3433] EXT4-fs (loop1): This should not happen!! Data will be lost [ 184.276329][ T3433] [ 184.286779][ T3433] EXT4-fs (loop1): Total free blocks count 0 [ 184.293474][ T3433] EXT4-fs (loop1): Free/Dirty block details [ 184.299466][ T3433] EXT4-fs (loop1): free_blocks=2415919504 [ 184.305855][ T3433] EXT4-fs (loop1): dirty_blocks=16 [ 184.311113][ T3433] EXT4-fs (loop1): Block reservation details [ 184.317721][ T3433] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 184.356578][ T45] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 184.380033][ T45] EXT4-fs (loop1): This should not happen!! Data will be lost [ 184.380033][ T45] [ 184.701625][ T3450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1004'. [ 185.860928][ T3457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1006'. [ 186.098399][ T3463] incfs: ino conflict with backing FS 1 [ 186.107808][ T3463] overlayfs: upper fs does not support tmpfile. [ 186.768179][ T3468] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1010'. [ 187.024046][ T412] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 187.153478][ T3474] loop4: detected capacity change from 0 to 2048 [ 187.275117][ T3474] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled [ 187.291982][ T412] usb 2-1: Using ep0 maxpacket: 32 [ 187.406746][ T3474] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=./file1,noauto_da_alloc,bsddf,,errors=continue. Quota mode: writeback. [ 187.421820][ T3474] ext4 filesystem being mounted at /143/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.441777][ T3474] fs-verity (loop4, inode 13): Unknown hash algorithm number: 3 [ 187.461666][ T412] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.472603][ T412] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.483913][ T412] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 187.493890][ T412] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.609466][ T412] usb 2-1: config 0 descriptor?? [ 187.702805][ T3486] loop4: detected capacity change from 0 to 512 [ 187.793409][ T412] hub 2-1:0.0: USB hub found [ 187.802817][ T3486] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.1015: missing EA_INODE flag [ 187.803900][ T3491] loop2: detected capacity change from 0 to 512 [ 187.815006][ T3486] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.1015: error while reading EA inode 12 err=-117 [ 187.833377][ T3486] EXT4-fs (loop4): 1 orphan inode deleted [ 187.839178][ T3486] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 187.914221][ T3491] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.1017: missing EA_INODE flag [ 187.926074][ T3491] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.1017: error while reading EA inode 12 err=-117 [ 187.939278][ T3491] EXT4-fs (loop2): 1 orphan inode deleted [ 187.946543][ T3491] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 188.927891][ T412] hub 2-1:0.0: 1 port detected [ 189.635352][ T3504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1019'. [ 189.646041][ T3507] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1020'. [ 189.891677][ T412] hub 2-1:0.0: activate --> -90 [ 190.332057][ T26] usb 2-1: USB disconnect, device number 8 [ 190.682374][ T3527] loop2: detected capacity change from 0 to 4096 [ 191.019923][ T3539] loop1: detected capacity change from 0 to 512 [ 191.044235][ T3539] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #12: comm syz.1.1029: missing EA_INODE flag [ 191.044383][ T3527] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 191.068333][ T3539] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.1029: error while reading EA inode 12 err=-117 [ 191.086855][ T3539] EXT4-fs (loop1): 1 orphan inode deleted [ 191.095455][ T3539] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 191.572170][ T3549] incfs: ino conflict with backing FS 1 [ 191.593516][ T3549] overlayfs: upper fs does not support tmpfile. [ 191.693818][ T3555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1032'. [ 192.065036][ T3561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1033'. [ 192.105746][ T3561] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1033'. [ 192.965960][ T3577] ------------[ cut here ]------------ [ 192.971449][ T3577] WARNING: CPU: 0 PID: 3577 at fs/inode.c:335 drop_nlink+0xc5/0x110 [ 192.991642][ T3577] Modules linked in: [ 192.995787][ T3577] CPU: 1 PID: 3577 Comm: syz.3.1038 Tainted: G W syzkaller #0 [ 193.013779][ T3577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 193.032076][ T3577] RIP: 0010:drop_nlink+0xc5/0x110 [ 193.058001][ T3577] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 a3 03 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 fb cd b2 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 193.166543][ T3577] RSP: 0018:ffffc90000e172e0 EFLAGS: 00010287 [ 193.197271][ T3577] RAX: ffffffff81b6fbe5 RBX: ffff888129232cb0 RCX: 0000000000080000 [ 193.274725][ T3577] RDX: ffffc90002780000 RSI: 0000000000000868 RDI: 0000000000000869 [ 193.331925][ T3577] RBP: ffffc90000e17308 R08: 0000000000000003 R09: 0000000000000004 [ 193.341683][ T3577] R10: dffffc0000000000 R11: fffff520001c2e54 R12: dffffc0000000000 [ 193.342308][ T3583] loop4: detected capacity change from 0 to 512 [ 193.356473][ T3577] R13: 1ffff1102524659f R14: ffff888129232cf8 R15: 0000000000000000 [ 193.365128][ T3577] FS: 00007f9d99fd06c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 193.374782][ T3577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.382307][ T3577] CR2: 00007fb267652000 CR3: 000000011a1bd000 CR4: 00000000003506a0 [ 193.390781][ T3583] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #12: comm syz.4.1040: missing EA_INODE flag [ 193.404400][ T3577] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 193.412778][ T3577] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 193.417040][ T3583] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.1040: error while reading EA inode 12 err=-117 [ 193.420937][ T3577] Call Trace: [ 193.436578][ T3577] [ 193.439591][ T3577] simple_rmdir+0x12a/0x210 [ 193.444332][ T3577] vfs_rmdir+0x313/0x460 [ 193.448760][ T3577] dir_rmdir+0x236/0x320 [ 193.453044][ T3577] ? dir_mkdir+0x5b0/0x5b0 [ 193.454090][ T3583] EXT4-fs (loop4): 1 orphan inode deleted [ 193.457457][ T3577] ? selinux_inode_rmdir+0x22/0x30 [ 193.457483][ T3577] ? security_inode_rmdir+0xd0/0x120 [ 193.473611][ T3583] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 193.473853][ T3577] vfs_rmdir+0x313/0x460 [ 193.490488][ T3577] ovl_workdir_cleanup+0x139/0x7b0 [ 193.495668][ T3577] ? path_put+0x57/0x60 [ 193.499905][ T3577] ? dentry_revalidate+0x2cd/0x360 [ 193.505231][ T3577] ? ovl_dir_read+0x560/0x560 [ 193.510007][ T3577] ? lookup_one_len+0x2c2/0x2d0 [ 193.514972][ T3577] ? lookup_one_common+0x460/0x460 [ 193.520173][ T3577] ? inode_insert5+0x530/0x530 [ 193.525088][ T3577] ovl_workdir_create+0x23c/0x5c0 [ 193.530180][ T3577] ? ovl_mount_dir_noesc+0x260/0x260 [ 193.544773][ T3577] ? _raw_spin_lock+0x94/0xf0 [ 193.551905][ T3577] ? ovl_lookup_inode+0x140/0x140 [ 193.557228][ T3577] ? mnt_want_write+0x20b/0x2e0 [ 193.567364][ T3577] ovl_get_workdir+0x386/0x1130 [ 193.577367][ T3577] ? up_read+0x56/0x1d0 [ 193.586765][ T3577] ? ovl_get_upper+0x600/0x600 [ 193.592459][ T3577] ? ovl_inuse_trylock+0xc6/0xe0 [ 193.597649][ T3577] ? ovl_get_upper+0x456/0x600 [ 193.602485][ T3577] ? ovl_fill_super+0x2a20/0x2a20 [ 193.607553][ T3577] ? __kmalloc+0x13d/0x2c0 [ 193.612013][ T3577] ? ovl_fill_super+0x13db/0x2a20 [ 193.617097][ T3577] ovl_fill_super+0x18c2/0x2a20 [ 193.622132][ T3577] ? ovl_mount+0x40/0x40 [ 193.626420][ T3577] ? register_shrinker_prepared+0xd7/0x100 [ 193.632804][ T3577] ? sget+0x4a0/0x4c0 [ 193.636817][ T3577] ? ovl_mount+0x40/0x40 [ 193.641085][ T3577] mount_nodev+0x5c/0xf0 [ 193.645386][ T3577] ovl_mount+0x2c/0x40 [ 193.649477][ T3577] legacy_get_tree+0xed/0x190 [ 193.654205][ T3577] ? virtio_fs_request_complete+0xce0/0xce0 [ 193.660126][ T3577] vfs_get_tree+0x89/0x260 [ 193.664596][ T3577] do_new_mount+0x25a/0xa20 [ 193.677319][ T3577] path_mount+0x659/0xff0 [ 193.684775][ T3577] ? user_path_at_empty+0x161/0x1c0 [ 193.695126][ T3577] __se_sys_mount+0x320/0x390 [ 193.707074][ T3577] ? __x64_sys_mount+0xd0/0xd0 [ 193.711964][ T3577] ? path_put+0x57/0x60 [ 193.716203][ T3577] ? __kasan_check_write+0x14/0x20 [ 193.727711][ T3577] __x64_sys_mount+0xbf/0xd0 [ 193.736500][ T3577] x64_sys_call+0x6bf/0x9a0 [ 193.744399][ T3577] do_syscall_64+0x4c/0xa0 [ 193.754016][ T3577] ? clear_bhb_loop+0x50/0xa0 [ 193.761619][ T3577] ? clear_bhb_loop+0x50/0xa0 [ 193.766642][ T3577] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 193.776621][ T3577] RIP: 0033:0x7f9d9b575dd9 [ 193.786194][ T3577] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.828167][ T3577] RSP: 002b:00007f9d99fd0028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 193.841658][ T3577] RAX: ffffffffffffffda RBX: 00007f9d9b7eefa0 RCX: 00007f9d9b575dd9 [ 193.857299][ T3577] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 193.865676][ T3577] RBP: 00007f9d9b60bd69 R08: 0000200000000280 R09: 0000000000000000 [ 193.874118][ T3577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.876912][ T3596] loop1: detected capacity change from 0 to 4096 [ 193.888693][ T3577] R13: 00007f9d9b7ef038 R14: 00007f9d9b7eefa0 R15: 00007fff8f61d6f8 [ 193.908607][ T3577] [ 193.911874][ T3596] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 193.916972][ T3577] ---[ end trace 46756aad84db7e68 ]--- [ 193.934322][ T3577] list_del corruption. prev->next should be ffff8881291961a0, but was ffff88812918e6f0 [ 193.944143][ T3577] ------------[ cut here ]------------ [ 193.949602][ T3577] kernel BUG at lib/list_debug.c:61! [ 193.954961][ T3577] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 193.961039][ T3577] CPU: 0 PID: 3577 Comm: syz.3.1038 Tainted: G W syzkaller #0 [ 193.969797][ T3577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 193.979847][ T3577] RIP: 0010:__list_del_entry_valid+0x10c/0x120 [ 193.986009][ T3577] Code: 48 89 de e8 16 d6 56 02 0f 0b 48 c7 c7 00 a6 63 85 48 89 de e8 05 d6 56 02 0f 0b 48 c7 c7 60 a6 63 85 48 89 de e8 f4 d5 56 02 <0f> 0b 48 c7 c7 c0 a6 63 85 48 89 de e8 e3 d5 56 02 0f 0b 00 55 48 [ 194.005619][ T3577] RSP: 0018:ffffc90000e174b8 EFLAGS: 00010246 [ 194.011698][ T3577] RAX: 0000000000000054 RBX: ffff8881291961a0 RCX: 6eb4bdc9724aa100 [ 194.019678][ T3577] RDX: ffffc90002780000 RSI: 000000000007ffff RDI: 0000000000080000 [ 194.027661][ T3577] RBP: ffffc90000e174d8 R08: ffffc90000e16f27 R09: 1ffff920001c2de4 [ 194.035639][ T3577] R10: dffffc0000000000 R11: fffff520001c2de5 R12: dffffc0000000000 [ 194.043634][ T3577] R13: dffffc0000000000 R14: ffff88812918e6f0 R15: ffff8881118bad50 [ 194.051605][ T3577] FS: 00007f9d99fd06c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 194.060544][ T3577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.067115][ T3577] CR2: 0000001b2e523ffc CR3: 000000011a1bd000 CR4: 00000000003506b0 [ 194.075276][ T3577] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.083234][ T3577] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.091187][ T3577] Call Trace: [ 194.094471][ T3577] [ 194.097407][ T3577] __dentry_kill+0x24c/0x650 [ 194.101982][ T3577] dentry_kill+0xc0/0x2a0 [ 194.106407][ T3577] dput+0x47/0x90 [ 194.110019][ T3577] path_put+0x39/0x60 [ 194.113979][ T3577] dentry_release+0x4f/0xa0 [ 194.118467][ T3577] ? dentry_revalidate+0x360/0x360 [ 194.123561][ T3577] __dentry_kill+0x4b5/0x650 [ 194.128157][ T3577] dentry_kill+0xc0/0x2a0 [ 194.132468][ T3577] dput+0x47/0x90 [ 194.136091][ T3577] ovl_workdir_create+0x249/0x5c0 [ 194.141098][ T3577] ? ovl_mount_dir_noesc+0x260/0x260 [ 194.146363][ T3577] ? _raw_spin_lock+0x94/0xf0 [ 194.151024][ T3577] ? ovl_lookup_inode+0x140/0x140 [ 194.156035][ T3577] ? mnt_want_write+0x20b/0x2e0 [ 194.160893][ T3577] ovl_get_workdir+0x386/0x1130 [ 194.165729][ T3577] ? up_read+0x56/0x1d0 [ 194.169880][ T3577] ? ovl_get_upper+0x600/0x600 [ 194.174715][ T3577] ? ovl_inuse_trylock+0xc6/0xe0 [ 194.179636][ T3577] ? ovl_get_upper+0x456/0x600 [ 194.184381][ T3577] ? ovl_fill_super+0x2a20/0x2a20 [ 194.189389][ T3577] ? __kmalloc+0x13d/0x2c0 [ 194.193787][ T3577] ? ovl_fill_super+0x13db/0x2a20 [ 194.198794][ T3577] ovl_fill_super+0x18c2/0x2a20 [ 194.203629][ T3577] ? ovl_mount+0x40/0x40 [ 194.207851][ T3577] ? register_shrinker_prepared+0xd7/0x100 [ 194.213641][ T3577] ? sget+0x4a0/0x4c0 [ 194.217601][ T3577] ? ovl_mount+0x40/0x40 [ 194.221822][ T3577] mount_nodev+0x5c/0xf0 [ 194.226044][ T3577] ovl_mount+0x2c/0x40 [ 194.230091][ T3577] legacy_get_tree+0xed/0x190 [ 194.234751][ T3577] ? virtio_fs_request_complete+0xce0/0xce0 [ 194.240627][ T3577] vfs_get_tree+0x89/0x260 [ 194.245022][ T3577] do_new_mount+0x25a/0xa20 [ 194.249508][ T3577] path_mount+0x659/0xff0 [ 194.253821][ T3577] ? user_path_at_empty+0x161/0x1c0 [ 194.259001][ T3577] __se_sys_mount+0x320/0x390 [ 194.263661][ T3577] ? __x64_sys_mount+0xd0/0xd0 [ 194.268404][ T3577] ? path_put+0x57/0x60 [ 194.272543][ T3577] ? __kasan_check_write+0x14/0x20 [ 194.277633][ T3577] __x64_sys_mount+0xbf/0xd0 [ 194.282206][ T3577] x64_sys_call+0x6bf/0x9a0 [ 194.286687][ T3577] do_syscall_64+0x4c/0xa0 [ 194.291089][ T3577] ? clear_bhb_loop+0x50/0xa0 [ 194.295746][ T3577] ? clear_bhb_loop+0x50/0xa0 [ 194.300405][ T3577] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 194.306282][ T3577] RIP: 0033:0x7f9d9b575dd9 [ 194.310681][ T3577] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.330271][ T3577] RSP: 002b:00007f9d99fd0028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 194.338667][ T3577] RAX: ffffffffffffffda RBX: 00007f9d9b7eefa0 RCX: 00007f9d9b575dd9 [ 194.346622][ T3577] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 194.354573][ T3577] RBP: 00007f9d9b60bd69 R08: 0000200000000280 R09: 0000000000000000 [ 194.362524][ T3577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.370475][ T3577] R13: 00007f9d9b7ef038 R14: 00007f9d9b7eefa0 R15: 00007fff8f61d6f8 [ 194.378449][ T3577] [ 194.381452][ T3577] Modules linked in: [ 194.385494][ T3577] ---[ end trace 46756aad84db7e69 ]--- [ 194.390954][ T3577] RIP: 0010:__list_del_entry_valid+0x10c/0x120 [ 194.397356][ T3577] Code: 48 89 de e8 16 d6 56 02 0f 0b 48 c7 c7 00 a6 63 85 48 89 de e8 05 d6 56 02 0f 0b 48 c7 c7 60 a6 63 85 48 89 de e8 f4 d5 56 02 <0f> 0b 48 c7 c7 c0 a6 63 85 48 89 de e8 e3 d5 56 02 0f 0b 00 55 48 [ 194.417130][ T3577] RSP: 0018:ffffc90000e174b8 EFLAGS: 00010246 [ 194.423238][ T3577] RAX: 0000000000000054 RBX: ffff8881291961a0 RCX: 6eb4bdc9724aa100 [ 194.431781][ T3577] RDX: ffffc90002780000 RSI: 000000000007ffff RDI: 0000000000080000 [ 194.439764][ T3577] RBP: ffffc90000e174d8 R08: ffffc90000e16f27 R09: 1ffff920001c2de4 [ 194.447778][ T3577] R10: dffffc0000000000 R11: fffff520001c2de5 R12: dffffc0000000000 [ 194.455795][ T3577] R13: dffffc0000000000 R14: ffff88812918e6f0 R15: ffff8881118bad50 [ 194.463795][ T3577] FS: 00007f9d99fd06c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 194.472790][ T3577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.479398][ T3577] CR2: 0000001b2e523ffc CR3: 000000011a1bd000 CR4: 00000000003506b0 [ 194.487398][ T3577] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.495391][ T3577] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.503415][ T3577] Kernel panic - not syncing: Fatal exception [ 194.504516][ T30] audit: type=1400 audit(1777512233.321:278): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 194.509792][ T3577] Kernel Offset: disabled [ 194.535792][ T3577] Rebooting in 86400 seconds..