last executing test programs:

8.337206183s ago: executing program 2 (id=1682):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)

8.017390535s ago: executing program 2 (id=1685):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/timers\x00', 0x0, 0x0)
close(r0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, 0x0, 0x11f6)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x20018000)

6.192074828s ago: executing program 1 (id=1698):
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, 0x0, 0x0)

6.054284119s ago: executing program 1 (id=1699):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000340), &(0x7f0000000300)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000f80)={0x0, 0x0, 0x0}, 0x0)
recvmsg(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000a00)=""/198, 0xc6}], 0x1}, 0x0)

5.096444118s ago: executing program 1 (id=1708):
ioprio_set$uid(0x3, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21c91c, &(0x7f0000000440)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@jqfmt_vfsold}, {@noinit_itable}, {@quota}, {@noauto_da_alloc}, {@sysvgroups}, {@resgid, 0x32}]}, 0x1, 0x4e0, &(0x7f0000001a40)="$eJzs3d9rW9cdAPDvla0sP5zZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYX/AYIy10Kc+9aXQP6BQ8ieUQqB9L21pKW3SPhTaRkVXUuI4UuwQWUqtzweOdO7Rvfqeo4uO7rn3cBVA3zoVEacj4kG1Wj0bEcON8kwjxWY91da7f+/WTC0lUa1e/SyJSOpltdXGtrznkcZmByPir3+K+EfyZNzy+sbidLFYWG0s5ytLK/ny+sa5haXp+cJ8YXlycuLi1KWpC1PjHWnnUERc/sNH///Pa3+8/Navbrx/7ZOxfyaN8ohH7ei0etOz6WfRNBgRq3sRrEcG0xYCAPB90DzO/3lEnI3hGEiP5gAAAID9pPrbofgmiagCAAAA+1YmnQObZHKNeQBDkcnkcvU5vD+Ow5liqVz55VxpbXm2Pld2JLKZuYViYbwxV3gksklteSLNP1o+v215MiKORcT/hg+ly7mZUnG21yc/AAAAoE8c2Tb+/3K4Pv7f4uueVQ4AAADonJFeVwAAAADYc8b/AAAAsP8Z/wMAAMC+9ucrV2qp2vz/69nr62uLpevnZgvlxdzS2kxuprS6kpsvlebTe/Yt7fR+xVJp5dexvHYzXymUK/ny+sa1pdLacuXawmN/gQ0AAAB00bGf3XkviYjN3xxKU82BXlcK6IrBZ1n5w72rB9B9A72uANAzz/T7D+wr2V5XAOi5ZIfX207eebvzdQEAAPbG6E9aX/8f2PHcwGamS1UE9ojzf9C/XP+H/uX6P/SvbAyEgTz0t51uAfr81/+r1WeqEAAA0HFDaUoyuYj0PMBQZDK5XMTRdEyQTeYWioXxiPhhRLw7nP1BbXki3TLZcc4wAAAAAAAAAAAAAAAAAAAAAAAAAFBXrSZRBQAAAPa1iMzHSXo3/4jR4TND288PHEi+Gk6fI+LGK1dfujldqaxO1Mo/f1heeblRfr4XZzAAAACA7Zrj9OY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66f69WzPN1M24n/4+IkZaxR+Mg+nzwchGxOEvkhjcsl0SEQMdiL95OyKOt4qf1KoVI41atIp/qMfxj3QgPvSzO7X+53etvn+ZOJU+t/7+XUx7qOfXvv/LPOz/BlrEr5Ud3WWME3ffyLeNfzvixGDr/qcZP2nT/5zeZfy//21jo91r1VcjRlv+/iSPxcpXllby5fWNcwtL0/OF+cLy5OTExalLUxemxvNzC8VC47FljP/+9M0HT2v/4TbxR3Zo/5ldtv/buzfv/aiezT7cPHkUf+x06/1/vE38TGP//6KRr70+2sxv1vNbnXz9nZNPa/9sm/bvtP/Hdtn+s3/59we7XBUA6ILy+sbidLFYWO3rzHN9GrXDoheiFS9mpva5vgDVaJn51x68c+3IvNft6kSmp90SAACwB54cAwMAAAAAAAAAAAAAAAAAAADd1o3biWW3xdxMHztx93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM75LgAA///6fNJN")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1aca421, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

4.507452773s ago: executing program 2 (id=1714):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)

3.640421376s ago: executing program 4 (id=1722):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x20780, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
ioprio_get$pid(0x1, 0x0)

3.586540936s ago: executing program 1 (id=1723):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
msgsnd(0x0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0)
msgctl$IPC_SET(0x0, 0x1, 0x0)
syz_clone3(0x0, 0x0)

3.490847891s ago: executing program 2 (id=1725):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

3.373398462s ago: executing program 4 (id=1726):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="40000000100005ff00000008000000000000024a", @ANYRES32=0x0, @ANYBLOB="6f77000000000000140012800b0001006261746164760000040002800a0001"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x20000840)

3.045274253s ago: executing program 2 (id=1728):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x0, 0x0})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000020601080000000000000000030000000900020073797a3100000000050001000700000005000500020000000c000780080006400000040111000300686173683a6e65742c6e657400000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000006ce6016000000900020073797a31000000000500010007000000280007800c00018008000140640103010c00148008000140ac1414bb0c00028008000140", @ANYRES8=r2], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x0)

2.99193362s ago: executing program 0 (id=1729):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, 0x1}}, 0x18)

2.867122237s ago: executing program 0 (id=1730):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x4)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)="1e583bd1", 0x4}], 0x1)

2.865289059s ago: executing program 4 (id=1731):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="192c2fbd7000fcdbdf2515000000080014006e666310080001006e9d"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x840)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xd6)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000100), &(0x7f0000000200)=0x4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff47}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
r7 = dup2(r3, r3)
r8 = openat$cgroup_ro(r7, &(0x7f0000000340)='cpuacct.usage_all\x00', 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0x1218088, &(0x7f00000005c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae356940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c1a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b52a0352a82c794995bbb97c82fcde79d14fb20e5127150de"], 0xa, 0x2c2, &(0x7f00000008c0)="$eJzs3T+LI2UcB/DfZHOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZndk1uyayWXH382n24Xl+33meJxmySZEnH74823+Qx6OnX/wSWZZEbxzjOExiFL1ofBUnjL8JAOD/7LAo4vdiYZ1cEhHZ5pYFAGzQav//+23zp0tZFgCwQffffe/tnd3du+9kkcW92dcHk/KTffl3Mb7zKD6OaTyM12IYRxHV+4T6g3/ZvlcUxbyfl0ZxazY/mJTJ2QfP6uvv/BZR5bdjGKPjWPVuo8q/tXt3u4rng05+Xq7j+Xr+cZm/E8N48Th8In9nkc+7+Zik8eornfXfjmH8/FF8EtN4UC2izX+5nedvFt/+8fn75fLKfDI/mAyqulaxdZnPCwAAAAAAAAAAAAAAAAAAAAAAV9vtvDl8J78Zt2ZlV33+ztZRWtfUJaM2VY4vWknT1TkfqDQv4vvOkYJ5URe25/v046V+92BBAAAAAAAAAAAAAAAAAAAAuL6efPrZ/t50+vDxhTSa0wD6EfHn/Yh/e51xp+dmnF88qOfcm057dfNEzbO02xNbTU0Sce4yyk1c0MPyT43nTq+5afzwY7nBdS6YdXpeX77BG5vfV3N37e8ly+caRNOT1TfJd2lEW5PGinOlZw0Vsc7tly4dGq699/SFqjE/s6Y5B+Os67zx62K87klO7yKtHtWls9+oG534qXtjpec9skX8768VSXVax2BDr0QAAAAAAAAAAAAAAAAAAED77d8lg0/PjfYKXwUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ipof/9/jca8Dq9QnMbjJ//xFgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgG/goAAP///CFRHg==")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00')
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', 0x0)
write$binfmt_script(r8, &(0x7f00000004c0), 0x208e24b)
mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xc3\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q\x00'/1189, 0x42, 0x4, 0x0)

2.83181658s ago: executing program 2 (id=1732):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
r1 = socket$kcm(0xa, 0x5, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8936, &(0x7f0000000000))
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)

2.668942696s ago: executing program 0 (id=1733):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
prlimit64(0x0, 0xa, 0x0, 0x0)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

2.520964674s ago: executing program 0 (id=1735):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)

2.417582234s ago: executing program 1 (id=1736):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)

2.417035484s ago: executing program 4 (id=1737):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a0302000200000000000002000000090002"], 0x80}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0x110}}, 0x0)

2.245992613s ago: executing program 3 (id=1738):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
set_tid_address(0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0x41100, 0x65, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}, 0x94)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/timer_list\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000001500)=[{&(0x7f0000002980)=""/4084, 0xff4}], 0x1, 0xf73, 0x3)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r1, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000004000/0x4000)=nil)
sendmsg$can_bcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2, 0x0, 0x0, 0x8084}, 0x0)

2.198440707s ago: executing program 1 (id=1739):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000008000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x4000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00"/13], 0x50)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x18)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05d", 0x1b, 0xfffffffffffffffd)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000003140100c68f7bec9aff068609000200737962320000000008004100736977001400330062726964676530"], 0x38}, 0x1, 0x0, 0x0, 0x44805}, 0x50)
syz_usbip_server_init(0x6)
bind$tipc(r4, 0x0, 0x0)
bind$tipc(r4, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r5, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x3, 0x3}}, 0x10)
bind$tipc(r4, 0x0, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x18)
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0x7d, 0x0, &(0x7f0000000840))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})

2.041551015s ago: executing program 4 (id=1740):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, 0x1}}, 0x18)

1.964510613s ago: executing program 3 (id=1741):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000013c0)={{0x14, 0x3e9, 0x1, 0x0, 0x0, {0x5}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x64049}, 0x40000)

1.89417255s ago: executing program 4 (id=1742):
r0 = gettid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7c}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)='%pI4   \x00'}, 0x20)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x2000001, {0x0, 0x0, 0x0, r5, {0x7, 0xa}, {0xd, 0xffe0}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r8 = io_uring_setup(0xee4, &(0x7f00000002c0)={0x0, 0xe, 0x2, 0xffffffff, 0xfffffffe})
r9 = dup3(r7, r8, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r9, 0x4004550c, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f00000001c0), &(0x7f00000005c0)=r1}, 0x20)
r10 = syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')
lseek(r10, 0x289e0cb5, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1}, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x50)
mq_open(&(0x7f0000000ac0)='eth0\x00\xdd\xad\xff=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9%\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xcfL\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe9XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xa2@\xeb\x18\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4\x80\x00\x00\x00a\xdf\xb5\xd9\xe4\x01\xea|.\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9J\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x9e\xef\x9b\x97\xcb\xc6\x89\xba\x8e\xf2\xfb\xd5\a\xcb\xf6\xf7{\xec\xf0@\xc2\xb2\xbcAQx\xa4\x12\xf8\x9cji\"\xf7\x1a\xbd\xac\xde\xf4\x9b\xd7#\xab\\q\xd6\xdf#>}\x97\xd0U\xe4\x9e+|\xb1MT\xa0\x1bf\v9\xcdx\xab\x83\x87\xd3q3\xbeL\xd2\x1f6\x1ffL\x9eM\x0f?\'\xc3YB0\x80!\xe9Y\xf1:\xeeX\xf7G\x85K\xbb\xbdijaA\x00&\x0e\xb3\x99\xbc9\xee\x8f\aVy!d^\r\xd1\x9b\xd5<y \xff\x05o\xc2\xef\x87~\x9au\x10\xef\x89\xfb\xa2v\a\xd3\x8f\x85\xf6\xef\xc6\x92;cj\xc0\x12m\\Thf`\x1c\xc3I\xc3VY\xcf\b\x03R@\x8eI\xd7\xdf>\x06\xbc$\xc9[\x8e[', 0x1, 0x50, 0x0)

1.770378899s ago: executing program 3 (id=1743):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x8000}, 0x18)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r2, &(0x7f00000003c0)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x4004001)

1.406340308s ago: executing program 0 (id=1744):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f00000000c0)='.\x00', 0xa4000061)
read(r2, &(0x7f0000000140)=""/68, 0x44)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)

1.334164924s ago: executing program 3 (id=1745):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, &(0x7f0000000540), &(0x7f0000000580)}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x28}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0)
process_vm_readv(r0, &(0x7f0000000d00)=[{0x0}, {&(0x7f0000000140)=""/111, 0x6f}, {&(0x7f0000000240)=""/123, 0x7b}, {&(0x7f0000000440)=""/121, 0x79}, {&(0x7f0000000a80)=""/159, 0x9f}, {&(0x7f0000000b40)=""/148, 0x94}, {0x0}], 0x7, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
creat(&(0x7f0000000040)='./bus\x00', 0x0)
chown(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0)
ioctl$VT_RESIZE(r4, 0x5609, &(0x7f0000000180)={0x5, 0x0, 0xfff6})

222.19479ms ago: executing program 3 (id=1746):
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0)

194.270864ms ago: executing program 0 (id=1747):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
r1 = socket$kcm(0xa, 0x5, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8936, 0x0)
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)

0s ago: executing program 3 (id=1748):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000002f009703000000000000000003"], 0x14}}, 0x0)

kernel console output (not intermixed with test programs):

iles+0x2a/0x420
[  185.131479][ T6918]  ? __fget_files+0x3a0/0x420
[  185.131504][ T6918]  ? __fget_files+0x2a/0x420
[  185.131539][ T6918]  ksys_read+0x145/0x250
[  185.131562][ T6918]  ? __pfx_ksys_read+0x10/0x10
[  185.131579][ T6918]  ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0
[  185.131614][ T6918]  ? syscall_user_dispatch+0x4f/0x90
[  185.131643][ T6918]  do_syscall_64+0xfa/0xf80
[  185.131668][ T6918]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.131689][ T6918]  ? clear_bhb_loop+0x60/0xb0
[  185.131714][ T6918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.131734][ T6918] RIP: 0033:0x7f3dd5b8e15c
[  185.131759][ T6918] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  185.131777][ T6918] RSP: 002b:00007f3dd6984030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  185.131803][ T6918] RAX: ffffffffffffffda RBX: 00007f3dd5de5fa0 RCX: 00007f3dd5b8e15c
[  185.131818][ T6918] RDX: 000000000000000f RSI: 00007f3dd69840a0 RDI: 0000000000000003
[  185.131831][ T6918] RBP: 00007f3dd6984090 R08: 0000000000000000 R09: 0000000000000000
[  185.131851][ T6918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.131863][ T6918] R13: 00007f3dd5de6038 R14: 00007f3dd5de5fa0 R15: 00007fff084a43d8
[  185.131897][ T6918]  </TASK>
[  186.769230][ T6953] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  186.778122][ T6953] overlayfs: failed to set xattr on upper
[  186.784254][ T6953] overlayfs: ...falling back to redirect_dir=nofollow.
[  186.791224][ T6953] overlayfs: ...falling back to index=off.
[  186.797320][ T6953] overlayfs: maximum fs stacking depth exceeded
[  189.493919][  T934] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  189.695935][  T934] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.821991][  T934] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  189.940131][  T934] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  190.117046][ T7045] fuse: Bad value for 'fd'
[  190.181198][  T934] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  190.225242][  T934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.237211][  T934] usb 4-1: Product: syz
[  190.245908][  T934] usb 4-1: Manufacturer: syz
[  190.250830][  T934] usb 4-1: SerialNumber: syz
[  190.347780][ T7026] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  191.004255][  T934] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[  191.014415][  T934] cdc_ncm 4-1:1.0: bind() failure
[  192.161356][ T7102] netlink: 'syz.1.341': attribute type 21 has an invalid length.
[  192.182374][ T7102] netlink: 128 bytes leftover after parsing attributes in process `syz.1.341'.
[  192.206414][ T7102] netlink: 'syz.1.341': attribute type 4 has an invalid length.
[  192.224815][ T7102] netlink: 'syz.1.341': attribute type 3 has an invalid length.
[  192.243886][ T7102] netlink: 3 bytes leftover after parsing attributes in process `syz.1.341'.
[  192.832702][ T5987] usb 4-1: USB disconnect, device number 2
[  192.945610][ T7125] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  192.983285][ T7125] overlayfs: failed to set xattr on upper
[  193.001816][ T7125] overlayfs: ...falling back to redirect_dir=nofollow.
[  193.017051][ T7129] loop3: detected capacity change from 0 to 128
[  193.023659][ T7125] overlayfs: ...falling back to index=off.
[  193.029796][ T7125] overlayfs: maximum fs stacking depth exceeded
[  193.067623][ T7129] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  193.106540][ T7129] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  193.799787][ T7155] FAULT_INJECTION: forcing a failure.
[  193.799787][ T7155] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.824679][ T7155] CPU: 1 UID: 0 PID: 7155 Comm: syz.3.363 Not tainted syzkaller #0 PREEMPT(full) 
[  193.824707][ T7155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  193.824719][ T7155] Call Trace:
[  193.824728][ T7155]  <TASK>
[  193.824737][ T7155]  dump_stack_lvl+0x189/0x250
[  193.824769][ T7155]  ? __pfx____ratelimit+0x10/0x10
[  193.824792][ T7155]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.824817][ T7155]  ? __pfx__printk+0x10/0x10
[  193.824848][ T7155]  ? __might_fault+0xb0/0x130
[  193.824891][ T7155]  should_fail_ex+0x414/0x560
[  193.824921][ T7155]  _copy_from_user+0x2d/0xb0
[  193.824952][ T7155]  ___sys_sendmsg+0x158/0x2a0
[  193.824983][ T7155]  ? __pfx____sys_sendmsg+0x10/0x10
[  193.825017][ T7155]  ? rcu_read_lock_any_held+0xb3/0x120
[  193.825072][ T7155]  ? __fget_files+0x2a/0x420
[  193.825098][ T7155]  ? __fget_files+0x3a0/0x420
[  193.825134][ T7155]  __x64_sys_sendmsg+0x19b/0x260
[  193.825164][ T7155]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  193.825229][ T7155]  ? __pfx_ksys_write+0x10/0x10
[  193.825263][ T7155]  ? do_syscall_64+0xbe/0xf80
[  193.825291][ T7155]  do_syscall_64+0xfa/0xf80
[  193.825315][ T7155]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.825335][ T7155]  ? clear_bhb_loop+0x60/0xb0
[  193.825360][ T7155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.825379][ T7155] RIP: 0033:0x7f3dd5b8f749
[  193.825398][ T7155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.825416][ T7155] RSP: 002b:00007f3dd6984038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  193.825438][ T7155] RAX: ffffffffffffffda RBX: 00007f3dd5de5fa0 RCX: 00007f3dd5b8f749
[  193.825454][ T7155] RDX: 0000000020000000 RSI: 0000200000000100 RDI: 0000000000000005
[  193.825467][ T7155] RBP: 00007f3dd6984090 R08: 0000000000000000 R09: 0000000000000000
[  193.825479][ T7155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.825492][ T7155] R13: 00007f3dd5de6038 R14: 00007f3dd5de5fa0 R15: 00007fff084a43d8
[  193.825525][ T7155]  </TASK>
[  195.271299][ T7177] xt_CT: No such helper "pptp"
[  196.891942][ T7203] fuse: Bad value for 'fd'
[  198.601471][ T7268] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  198.608826][ T7268] overlayfs: failed to set xattr on upper
[  198.618266][ T7268] overlayfs: ...falling back to redirect_dir=nofollow.
[  198.626088][ T7268] overlayfs: ...falling back to index=off.
[  198.632104][ T7268] overlayfs: maximum fs stacking depth exceeded
[  199.996029][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  200.003189][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  200.099567][ T7300] FAULT_INJECTION: forcing a failure.
[  200.099567][ T7300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.183001][ T7300] CPU: 1 UID: 0 PID: 7300 Comm: syz.4.408 Not tainted syzkaller #0 PREEMPT(full) 
[  200.183032][ T7300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  200.183046][ T7300] Call Trace:
[  200.183054][ T7300]  <TASK>
[  200.183064][ T7300]  dump_stack_lvl+0x189/0x250
[  200.183094][ T7300]  ? __pfx____ratelimit+0x10/0x10
[  200.183118][ T7300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.183144][ T7300]  ? __pfx__printk+0x10/0x10
[  200.183175][ T7300]  ? __might_fault+0xb0/0x130
[  200.183219][ T7300]  should_fail_ex+0x414/0x560
[  200.183249][ T7300]  _copy_from_user+0x2d/0xb0
[  200.183281][ T7300]  __sys_bpf+0x1e3/0x860
[  200.183315][ T7300]  ? __pfx___sys_bpf+0x10/0x10
[  200.183362][ T7300]  ? ksys_write+0x22a/0x250
[  200.183385][ T7300]  ? __pfx_ksys_write+0x10/0x10
[  200.183413][ T7300]  __x64_sys_bpf+0x7c/0x90
[  200.183440][ T7300]  do_syscall_64+0xfa/0xf80
[  200.183467][ T7300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.183488][ T7300]  ? clear_bhb_loop+0x60/0xb0
[  200.183514][ T7300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.183535][ T7300] RIP: 0033:0x7f5a24b8f749
[  200.183554][ T7300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.183572][ T7300] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  200.183594][ T7300] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  200.183610][ T7300] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[  200.183623][ T7300] RBP: 00007f5a25a42090 R08: 0000000000000000 R09: 0000000000000000
[  200.183635][ T7300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.183647][ T7300] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  200.183689][ T7300]  </TASK>
[  200.650421][ T7314] warning: `syz.3.411' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  200.669040][ T7314] netlink: 'syz.3.411': attribute type 10 has an invalid length.
[  200.819591][ T7314] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  200.852079][ T7319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.414'.
[  200.975093][ T7320] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  200.982247][ T7320] overlayfs: failed to set xattr on upper
[  200.988476][ T7320] overlayfs: ...falling back to redirect_dir=nofollow.
[  200.995507][ T7320] overlayfs: ...falling back to index=off.
[  201.001573][ T7320] overlayfs: maximum fs stacking depth exceeded
[  203.614425][ T5989] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  203.763932][  T934] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  203.785355][ T5989] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  203.802395][ T5989] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  203.816788][ T5989] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  203.856762][ T5989] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  203.877068][ T5989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.907450][ T5989] usb 5-1: Product: syz
[  203.911800][ T5989] usb 5-1: Manufacturer: syz
[  203.928104][ T5989] usb 5-1: SerialNumber: syz
[  203.958020][  T934] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  203.971043][ T7364] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  203.979114][  T934] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  204.015180][  T934] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  204.074319][  T934] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  204.094531][  T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.103306][  T934] usb 1-1: Product: syz
[  204.124038][  T934] usb 1-1: Manufacturer: syz
[  204.129285][  T934] usb 1-1: SerialNumber: syz
[  204.153681][ T7370] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  205.598047][ T5989] cdc_ncm 5-1:1.0: bind() failure
[  205.603446][  T934] cdc_ncm 1-1:1.0: bind() failure
[  205.640717][ T5989] usb 5-1: USB disconnect, device number 4
[  205.813469][  T934] usb 1-1: USB disconnect, device number 2
[  211.515846][ T7532] futex_wake_op: syz.4.483 tries to shift op by 144; fix this program
[  211.903688][ T7542] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  211.910885][ T7542] overlayfs: failed to set xattr on upper
[  211.916835][ T7542] overlayfs: ...falling back to redirect_dir=nofollow.
[  211.924904][ T7542] overlayfs: ...falling back to index=off.
[  211.930891][ T7542] overlayfs: maximum fs stacking depth exceeded
[  216.723901][ T6097] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  216.904080][ T6097] usb 5-1: Using ep0 maxpacket: 16
[  216.916610][ T6097] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  216.938507][ T6097] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  216.963892][ T6097] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.007145][ T6097] usb 5-1: config 0 descriptor??
[  217.232981][ T6097] usbhid 5-1:0.0: can't add hid device: -71
[  217.249820][ T6097] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  217.292355][ T6097] usb 5-1: USB disconnect, device number 5
[  222.548847][ T7646] trusted_key: syz.4.517 sent an empty control message without MSG_MORE.
[  223.823568][ T7661] xt_CT: No such helper "pptp"
[  224.640080][ T7671] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  224.647228][ T7671] overlayfs: failed to set xattr on upper
[  224.653031][ T7671] overlayfs: ...falling back to redirect_dir=nofollow.
[  224.660089][ T7671] overlayfs: ...falling back to index=off.
[  224.666189][ T7671] overlayfs: maximum fs stacking depth exceeded
[  225.519774][ T7677] FAULT_INJECTION: forcing a failure.
[  225.519774][ T7677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.566121][ T7677] CPU: 1 UID: 0 PID: 7677 Comm: syz.0.518 Not tainted syzkaller #0 PREEMPT(full) 
[  225.566151][ T7677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  225.566165][ T7677] Call Trace:
[  225.566174][ T7677]  <TASK>
[  225.566183][ T7677]  dump_stack_lvl+0x189/0x250
[  225.566213][ T7677]  ? __pfx____ratelimit+0x10/0x10
[  225.566238][ T7677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.566263][ T7677]  ? __pfx__printk+0x10/0x10
[  225.566293][ T7677]  ? __might_fault+0xb0/0x130
[  225.566337][ T7677]  should_fail_ex+0x414/0x560
[  225.566367][ T7677]  _copy_from_user+0x2d/0xb0
[  225.566399][ T7677]  ___sys_sendmsg+0x158/0x2a0
[  225.566431][ T7677]  ? __pfx____sys_sendmsg+0x10/0x10
[  225.566496][ T7677]  ? __fget_files+0x2a/0x420
[  225.566522][ T7677]  ? __fget_files+0x3a0/0x420
[  225.566560][ T7677]  __sys_sendmmsg+0x227/0x430
[  225.566593][ T7677]  ? __pfx___sys_sendmmsg+0x10/0x10
[  225.566631][ T7677]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  225.566676][ T7677]  ? ksys_write+0x22a/0x250
[  225.566714][ T7677]  ? __pfx_ksys_write+0x10/0x10
[  225.566740][ T7677]  __x64_sys_sendmmsg+0xa0/0xc0
[  225.566771][ T7677]  do_syscall_64+0xfa/0xf80
[  225.566796][ T7677]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.566817][ T7677]  ? clear_bhb_loop+0x60/0xb0
[  225.566843][ T7677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.566864][ T7677] RIP: 0033:0x7f5ac238f749
[  225.566882][ T7677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.566900][ T7677] RSP: 002b:00007f5ac05f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  225.566929][ T7677] RAX: ffffffffffffffda RBX: 00007f5ac25e5fa0 RCX: 00007f5ac238f749
[  225.566944][ T7677] RDX: 0000000000000001 RSI: 00002000000010c0 RDI: 0000000000000004
[  225.566957][ T7677] RBP: 00007f5ac05f6090 R08: 0000000000000000 R09: 0000000000000000
[  225.566970][ T7677] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  225.566983][ T7677] R13: 00007f5ac25e6038 R14: 00007f5ac25e5fa0 R15: 00007ffd92342f58
[  225.567016][ T7677]  </TASK>
[  227.503941][ T5843] Bluetooth: hci4: command 0x0406 tx timeout
[  227.510047][ T5843] Bluetooth: hci2: command 0x0406 tx timeout
[  227.516271][ T5834] Bluetooth: hci3: command 0x0406 tx timeout
[  227.522342][ T5846] Bluetooth: hci0: command 0x0406 tx timeout
[  227.529321][ T5847] Bluetooth: hci1: command 0x0406 tx timeout
[  228.853552][ T7709] xt_CT: No such helper "pptp"
[  229.176249][ T7713] loop2: detected capacity change from 0 to 4096
[  229.225532][ T7713] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  229.279892][ T7713] ntfs3(loop2): ino=3, mi_enum_attr
[  229.703671][ T7713] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  232.853527][ T7799] overlayfs: failed to resolve './file0': -2
[  233.967363][ T7808] loop2: detected capacity change from 0 to 512
[  234.109559][ T7809] loop4: detected capacity change from 0 to 1024
[  234.128974][ T7808] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.144218][ T7808] ext4 filesystem being mounted at /122/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  234.360667][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.743314][ T7897] netlink: 'syz.4.597': attribute type 1 has an invalid length.
[  237.253911][ T5891] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  237.543957][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  237.572521][ T5891] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  237.595476][ T5891] usb 5-1: config 1 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  237.683882][ T5891] usb 5-1: config 1 interface 0 altsetting 254 bulk endpoint 0x82 has invalid maxpacket 32
[  237.706320][ T5891] usb 5-1: config 1 interface 0 altsetting 254 has 2 endpoint descriptors, different from the interface descriptor's value: 22
[  237.732813][ T5891] usb 5-1: config 1 interface 0 has no altsetting 0
[  237.742187][ T5891] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  237.784702][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  237.792783][ T5891] usb 5-1: SerialNumber: syz
[  237.838449][ T7897] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  237.890183][ T5891] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[  237.900941][ T5891] cdc_acm 5-1:1.0: This needs exactly 3 endpoints
[  237.924099][ T5891] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[  238.043175][ T7915] loop3: detected capacity change from 0 to 4096
[  238.064923][ T7915] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  238.110383][ T7915] ntfs3(loop3): ino=3, mi_enum_attr
[  238.184395][ T7915] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  238.221520][ T7897] loop4: detected capacity change from 0 to 1024
[  238.251956][ T7897] hfsplus: Unknown parameter '
'
[  238.338659][ T7921] futex_wake_op: syz.2.606 tries to shift op by 144; fix this program
[  238.534314][ T5972] IPVS: starting estimator thread 0...
[  238.643959][ T7927] IPVS: using max 24 ests per chain, 57600 per kthread
[  239.254423][ T6096] usb 5-1: USB disconnect, device number 6
[  240.830385][ T7954] loop0: detected capacity change from 0 to 32768
[  240.870312][ T7954] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.616 (7954)
[  241.846562][ T7954] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  241.928997][ T7954] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  242.870926][ T7954] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  242.875361][ T7954] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  242.924448][ T7954] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  242.973738][ T7954] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  243.004401][ T7954] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  243.042628][ T7954] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  243.450884][ T7954] BTRFS error (device loop0): open_ctree failed: -12
[  244.844294][ T8045] loop3: detected capacity change from 0 to 512
[  244.867277][ T8045] EXT4-fs: Ignoring removed mblk_io_submit option
[  244.900513][ T8045] ext4: Unknown parameter 'hash'
[  248.124104][ T6097] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  248.303975][ T6097] usb 5-1: Using ep0 maxpacket: 16
[  248.321019][ T6097] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.348695][ T6097] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  248.396484][ T6097] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.426427][ T6097] usb 5-1: config 0 descriptor??
[  248.703265][ T6097] usbhid 5-1:0.0: can't add hid device: -71
[  248.731039][ T6097] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  248.756350][ T6097] usb 5-1: USB disconnect, device number 7
[  253.436773][ T8221] futex_wake_op: syz.4.697 tries to shift op by 144; fix this program
[  255.333675][ T8261] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  255.341353][ T8261] overlayfs: failed to set xattr on upper
[  255.347201][ T8261] overlayfs: ...falling back to redirect_dir=nofollow.
[  255.354212][ T8261] overlayfs: ...falling back to index=off.
[  255.360064][ T8261] overlayfs: maximum fs stacking depth exceeded
[  260.420568][ T8341] xt_CT: No such helper "pptp"
[  261.011214][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  261.017946][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  263.847459][ T8426] futex_wake_op: syz.0.760 tries to shift op by 144; fix this program
[  275.209780][ T8682] futex_wake_op: syz.2.840 tries to shift op by 144; fix this program
[  275.617076][ T8688] loop0: detected capacity change from 0 to 512
[  275.642122][ T8688] EXT4-fs: Ignoring removed mblk_io_submit option
[  275.667095][ T8688] ext4: Unknown parameter 'hash'
[  279.750147][ T8752] xt_CT: No such helper "pptp"
[  282.304588][ T8837] futex_wake_op: syz.3.891 tries to shift op by 144; fix this program
[  285.074162][ T6097] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  285.244118][ T6097] usb 2-1: Using ep0 maxpacket: 16
[  285.252560][ T6097] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  285.274262][ T6097] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  285.297645][ T6097] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.341452][ T6097] usb 2-1: config 0 descriptor??
[  285.597454][ T6097] usbhid 2-1:0.0: can't add hid device: -71
[  285.620287][ T6097] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  285.667334][ T6097] usb 2-1: USB disconnect, device number 3
[  285.794649][ T8934] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  285.801667][ T8934] overlayfs: failed to set xattr on upper
[  285.807889][ T8934] overlayfs: ...falling back to redirect_dir=nofollow.
[  285.814802][ T8934] overlayfs: ...falling back to index=off.
[  285.820647][ T8934] overlayfs: maximum fs stacking depth exceeded
[  289.414179][ T5949] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  289.535210][ T9024] futex_wake_op: syz.0.955 tries to shift op by 144; fix this program
[  289.615475][ T5949] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  289.659500][ T5949] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  289.692416][ T5949] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  289.702832][ T5949] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  289.722654][ T5949] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  289.753189][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.794315][ T5949] usb 2-1: config 0 descriptor??
[  289.824246][ T9028] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  290.262435][ T5949] gspca_main: spca561-2.14.0 probing abcd:cdee
[  290.274216][ T9012] 9p: Bad value for 'wfdno'
[  290.289654][ T5194] udevd[5194]: worker [5827] terminated by signal 33 (Unknown signal 33)
[  290.308859][ T8986] loop4: detected capacity change from 0 to 32768
[  290.319623][ T8986] =======================================================
[  290.319623][ T8986] WARNING: The mand mount option has been deprecated and
[  290.319623][ T8986]          and is ignored by this kernel. Remove the mand
[  290.319623][ T8986]          option from the mount to silence this warning.
[  290.319623][ T8986] =======================================================
[  290.321144][ T5194] udevd[5194]: worker [5827] failed while handling '/devices/platform/dummy_hcd.1/usb2/2-1'
[  290.469072][ T8986] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/loop4": -EINTR
[  290.819563][ T5949] spca561 2-1:0.0: probe with driver spca561 failed with error -22
[  290.860410][ T5949] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  290.881960][ T5949] usb 2-1: MIDIStreaming interface descriptor not found
[  291.004101][ T6097] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  291.090616][ T5949] usb 2-1: USB disconnect, device number 4
[  291.214822][ T6097] usb 5-1: Using ep0 maxpacket: 16
[  291.226910][ T6097] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.287496][ T6097] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  291.322753][ T6097] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.370205][ T6097] usb 5-1: config 0 descriptor??
[  291.633618][ T6097] usbhid 5-1:0.0: can't add hid device: -71
[  291.658306][ T6097] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  291.707528][ T6097] usb 5-1: USB disconnect, device number 8
[  292.133475][ T9075] futex_wake_op: syz.3.972 tries to shift op by 144; fix this program
[  293.761148][ T9099] futex_wake_op: syz.4.982 tries to shift op by 144; fix this program
[  293.862213][ T9108] futex_wake_op: syz.3.983 tries to shift op by 144; fix this program
[  294.015831][ T9112] futex_wake_op: syz.1.985 tries to shift op by 144; fix this program
[  297.547759][ T9201] futex_wake_op: syz.1.1021 tries to shift op by 144; fix this program
[  300.667770][ T9253] xt_CT: No such helper "pptp"
[  301.499159][ T9261] loop1: detected capacity change from 0 to 512
[  301.517272][ T9261] EXT4-fs: Ignoring removed mblk_io_submit option
[  301.532458][ T9261] ext4: Unknown parameter 'hash'
[  302.688839][ T9275] futex_wake_op: syz.0.1044 tries to shift op by 144; fix this program
[  303.108043][ T6097] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  303.274092][ T6097] usb 3-1: Using ep0 maxpacket: 16
[  303.297059][ T6097] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.317560][ T6097] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  303.424003][ T6097] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.455833][ T6097] usb 3-1: config 0 descriptor??
[  304.599383][ T6097] usbhid 3-1:0.0: can't add hid device: -71
[  304.634728][ T6097] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  304.689592][ T6097] usb 3-1: USB disconnect, device number 3
[  305.044177][ T9308] loop0: detected capacity change from 0 to 512
[  305.057218][ T9308] EXT4-fs: Ignoring removed mblk_io_submit option
[  305.080334][ T9308] ext4: Unknown parameter 'hash'
[  309.705659][ T9354] futex_wake_op: syz.3.1068 tries to shift op by 144; fix this program
[  310.174022][  T934] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  310.333933][  T934] usb 2-1: Using ep0 maxpacket: 16
[  310.341612][  T934] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.355978][  T934] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  310.396200][  T934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.445203][  T934] usb 2-1: config 0 descriptor??
[  310.681590][  T934] usbhid 2-1:0.0: can't add hid device: -71
[  310.704164][  T934] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  310.728087][  T934] usb 2-1: USB disconnect, device number 5
[  311.892030][ T9397] futex_wake_op: syz.0.1080 tries to shift op by 144; fix this program
[  312.807741][ T9417] FAULT_INJECTION: forcing a failure.
[  312.807741][ T9417] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  312.853852][ T9417] CPU: 0 UID: 0 PID: 9417 Comm: syz.3.1089 Not tainted syzkaller #0 PREEMPT(full) 
[  312.853883][ T9417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  312.853908][ T9417] Call Trace:
[  312.853918][ T9417]  <TASK>
[  312.853928][ T9417]  dump_stack_lvl+0x189/0x250
[  312.853960][ T9417]  ? __pfx____ratelimit+0x10/0x10
[  312.853984][ T9417]  ? __pfx_dump_stack_lvl+0x10/0x10
[  312.854010][ T9417]  ? __pfx__printk+0x10/0x10
[  312.854042][ T9417]  ? __might_fault+0xb0/0x130
[  312.854086][ T9417]  should_fail_ex+0x414/0x560
[  312.854117][ T9417]  _copy_from_user+0x2d/0xb0
[  312.854149][ T9417]  do_ipv6_setsockopt+0x23e/0x2eb0
[  312.854187][ T9417]  ? get_pid_task+0x20/0x1f0
[  312.854217][ T9417]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  312.854252][ T9417]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  312.854296][ T9417]  ? __lock_acquire+0x6b6/0x2cf0
[  312.854324][ T9417]  ? __pfx___might_resched+0x10/0x10
[  312.854352][ T9417]  ? ksys_write+0x1cb/0x250
[  312.854377][ T9417]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  312.854403][ T9417]  ? aa_sk_perm+0x15f/0x920
[  312.854435][ T9417]  ? aa_sk_perm+0x7ee/0x920
[  312.854471][ T9417]  ? __pfx_aa_sk_perm+0x10/0x10
[  312.854511][ T9417]  ? aa_sock_opt_perm+0xff/0x1a0
[  312.854550][ T9417]  ipv6_setsockopt+0x59/0x170
[  312.854580][ T9417]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  312.854604][ T9417]  do_sock_setsockopt+0x17c/0x1b0
[  312.854636][ T9417]  __x64_sys_setsockopt+0x13f/0x1b0
[  312.854668][ T9417]  do_syscall_64+0xfa/0xf80
[  312.854695][ T9417]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.854716][ T9417]  ? clear_bhb_loop+0x60/0xb0
[  312.854742][ T9417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.854764][ T9417] RIP: 0033:0x7f3dd5b8f749
[  312.854784][ T9417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.854802][ T9417] RSP: 002b:00007f3dd6984038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  312.854825][ T9417] RAX: ffffffffffffffda RBX: 00007f3dd5de5fa0 RCX: 00007f3dd5b8f749
[  312.854841][ T9417] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000003
[  312.854853][ T9417] RBP: 00007f3dd6984090 R08: 0000000000000090 R09: 0000000000000000
[  312.854866][ T9417] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  312.854879][ T9417] R13: 00007f3dd5de6038 R14: 00007f3dd5de5fa0 R15: 00007fff084a43d8
[  312.854913][ T9417]  </TASK>
[  314.954019][ T5898] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  315.134929][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  315.145206][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.164376][ T5898] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  315.188775][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.208645][ T5898] usb 2-1: config 0 descriptor??
[  315.461409][ T5898] usbhid 2-1:0.0: can't add hid device: -71
[  315.481854][ T5898] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  315.536681][ T5898] usb 2-1: USB disconnect, device number 6
[  315.692446][ T9454] xt_CT: No such helper "pptp"
[  316.383965][ T9487] loop4: detected capacity change from 0 to 2048
[  316.477226][ T9494] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  316.555918][ T5912] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  316.667895][ T9501] futex_wake_op: syz.3.1119 tries to shift op by 144; fix this program
[  316.794178][ T5912] usb 2-1: Using ep0 maxpacket: 32
[  316.845638][ T5912] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  316.896239][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.177753][ T5912] usb 2-1: config 0 descriptor??
[  317.221606][ T9494] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  317.245845][ T9494] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4)
[  317.310798][ T9494] Remounting filesystem read-only
[  317.319481][ T5829] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer
[  317.421734][ T5912] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  317.474707][ T5912] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  317.530176][ T5912] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  317.572955][ T5912] usb 2-1: media controller created
[  317.618761][ T5912] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  317.864293][ T6097] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  318.014524][ T5912] DVB: Unable to find symbol dib7000p_attach()
[  318.034332][ T5912] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  318.051621][ T6097] usb 5-1: Using ep0 maxpacket: 16
[  318.081641][ T6097] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  318.136548][ T6097] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  318.161719][ T6097] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.216624][ T6097] usb 5-1: config 0 descriptor??
[  318.308251][ T5912] rc_core: IR keymap rc-dib0700-rc5 not found
[  318.323786][ T5912] Registered IR keymap rc-empty
[  318.344408][ T5912] dvb-usb: could not initialize remote control.
[  318.363308][ T5912] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  318.397850][ T5912] usb 2-1: USB disconnect, device number 7
[  318.448063][ T6097] usbhid 5-1:0.0: can't add hid device: -71
[  318.460313][ T6097] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  318.498012][ T6097] usb 5-1: USB disconnect, device number 9
[  318.539456][ T5912] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  319.181426][ T9546] FAULT_INJECTION: forcing a failure.
[  319.181426][ T9546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.198083][ T9546] CPU: 1 UID: 0 PID: 9546 Comm: syz.4.1134 Not tainted syzkaller #0 PREEMPT(full) 
[  319.198111][ T9546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  319.198124][ T9546] Call Trace:
[  319.198132][ T9546]  <TASK>
[  319.198141][ T9546]  dump_stack_lvl+0x189/0x250
[  319.198172][ T9546]  ? __pfx____ratelimit+0x10/0x10
[  319.198195][ T9546]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.198219][ T9546]  ? __pfx__printk+0x10/0x10
[  319.198249][ T9546]  ? __might_fault+0xb0/0x130
[  319.198291][ T9546]  should_fail_ex+0x414/0x560
[  319.198320][ T9546]  _copy_from_user+0x2d/0xb0
[  319.198352][ T9546]  ___sys_sendmsg+0x158/0x2a0
[  319.198382][ T9546]  ? __pfx____sys_sendmsg+0x10/0x10
[  319.198416][ T9546]  ? rcu_read_lock_any_held+0xb3/0x120
[  319.198472][ T9546]  ? __fget_files+0x2a/0x420
[  319.198498][ T9546]  ? __fget_files+0x3a0/0x420
[  319.198534][ T9546]  __x64_sys_sendmsg+0x19b/0x260
[  319.198564][ T9546]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  319.198601][ T9546]  ? __pfx_ksys_write+0x10/0x10
[  319.198626][ T9546]  ? do_syscall_64+0xbe/0xf80
[  319.198654][ T9546]  do_syscall_64+0xfa/0xf80
[  319.198679][ T9546]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.198700][ T9546]  ? clear_bhb_loop+0x60/0xb0
[  319.198726][ T9546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.198746][ T9546] RIP: 0033:0x7f5a24b8f749
[  319.198765][ T9546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.198783][ T9546] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  319.198805][ T9546] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  319.198821][ T9546] RDX: 0000000000000800 RSI: 0000200000000000 RDI: 0000000000000003
[  319.198834][ T9546] RBP: 00007f5a25a42090 R08: 0000000000000000 R09: 0000000000000000
[  319.198847][ T9546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.198859][ T9546] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  319.198892][ T9546]  </TASK>
[  319.838199][ T9560] futex_wake_op: syz.2.1138 tries to shift op by 144; fix this program
[  321.765647][ T9598] FAULT_INJECTION: forcing a failure.
[  321.765647][ T9598] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.839104][ T9598] CPU: 1 UID: 0 PID: 9598 Comm: syz.4.1153 Not tainted syzkaller #0 PREEMPT(full) 
[  321.839133][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  321.839146][ T9598] Call Trace:
[  321.839155][ T9598]  <TASK>
[  321.839164][ T9598]  dump_stack_lvl+0x189/0x250
[  321.839192][ T9598]  ? __pfx____ratelimit+0x10/0x10
[  321.839215][ T9598]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.839240][ T9598]  ? __pfx__printk+0x10/0x10
[  321.839271][ T9598]  ? __might_fault+0xb0/0x130
[  321.839315][ T9598]  should_fail_ex+0x414/0x560
[  321.839345][ T9598]  _copy_to_iter+0x1de/0x1790
[  321.839384][ T9598]  ? anon_pipe_read+0xd14/0x1040
[  321.839409][ T9598]  ? __pfx__copy_to_iter+0x10/0x10
[  321.839434][ T9598]  ? __pfx___mutex_lock+0x10/0x10
[  321.839467][ T9598]  ? page_copy_sane+0x4e/0x280
[  321.839495][ T9598]  copy_page_to_iter+0x10c/0x1c0
[  321.839526][ T9598]  anon_pipe_read+0x4d1/0x1040
[  321.839585][ T9598]  ? __pfx_anon_pipe_read+0x10/0x10
[  321.839611][ T9598]  ? common_file_perm+0x1b5/0x220
[  321.839643][ T9598]  ? __pfx_autoremove_wake_function+0x10/0x10
[  321.839674][ T9598]  ? bpf_lsm_file_permission+0x9/0x20
[  321.839695][ T9598]  ? security_file_permission+0x75/0x290
[  321.839729][ T9598]  vfs_read+0x55a/0xa30
[  321.839758][ T9598]  ? __pfx_vfs_read+0x10/0x10
[  321.839787][ T9598]  ? __fget_files+0x2a/0x420
[  321.839826][ T9598]  ksys_read+0x145/0x250
[  321.839848][ T9598]  ? __pfx_ksys_read+0x10/0x10
[  321.839872][ T9598]  ? do_syscall_64+0xbe/0xf80
[  321.839900][ T9598]  do_syscall_64+0xfa/0xf80
[  321.839925][ T9598]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.839945][ T9598]  ? clear_bhb_loop+0x60/0xb0
[  321.839971][ T9598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.839992][ T9598] RIP: 0033:0x7f5a24b8f749
[  321.840010][ T9598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.840028][ T9598] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  321.840051][ T9598] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  321.840066][ T9598] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000003
[  321.840079][ T9598] RBP: 00007f5a25a42090 R08: 0000000000000000 R09: 0000000000000000
[  321.840092][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.840104][ T9598] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  321.840137][ T9598]  </TASK>
[  322.459042][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  322.465840][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  322.858069][ T9636] loop4: detected capacity change from 0 to 256
[  322.936603][ T9636] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  322.976563][ T9636] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  323.566780][ T9648] futex_wake_op: syz.1.1168 tries to shift op by 144; fix this program
[  323.744108][ T5949] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  323.923921][ T5949] usb 5-1: Using ep0 maxpacket: 32
[  323.938494][ T5949] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  323.956375][ T5949] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  323.987736][ T5949] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  324.031293][ T5949] usb 5-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  324.072605][ T5949] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.099240][ T5949] usb 5-1: Product: syz
[  324.103488][ T5949] usb 5-1: Manufacturer: syz
[  324.131093][ T5949] usb 5-1: SerialNumber: syz
[  324.160647][ T5949] usb 5-1: config 0 descriptor??
[  324.171213][ T5949] rndis_host 5-1:0.0: skipping garbage
[  324.184097][ T5949] usb 5-1: bad CDC descriptors
[  324.192018][ T5949] cdc_acm 5-1:0.0: skipping garbage
[  324.198366][ T5949] cdc_acm 5-1:0.0: Control and data interfaces are not separated!
[  324.214368][ T5949] cdc_acm 5-1:0.0: This needs exactly 3 endpoints
[  324.222393][ T5949] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22
[  324.422009][ T9636] netlink: 27 bytes leftover after parsing attributes in process `syz.4.1166'.
[  324.783437][ T9676] sctp: [Deprecated]: syz.4.1166 (pid 9676) Use of struct sctp_assoc_value in delayed_ack socket option.
[  324.783437][ T9676] Use struct sctp_sack_info instead
[  326.367706][ T5925] usb 5-1: USB disconnect, device number 10
[  328.716011][ T9730] futex_wake_op: syz.4.1190 tries to shift op by 144; fix this program
[  328.881003][ T9737] FAULT_INJECTION: forcing a failure.
[  328.881003][ T9737] name failslab, interval 1, probability 0, space 0, times 0
[  328.910275][ T9737] CPU: 1 UID: 0 PID: 9737 Comm: syz.2.1195 Not tainted syzkaller #0 PREEMPT(full) 
[  328.910305][ T9737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  328.910319][ T9737] Call Trace:
[  328.910327][ T9737]  <TASK>
[  328.910337][ T9737]  dump_stack_lvl+0x189/0x250
[  328.910368][ T9737]  ? __pfx____ratelimit+0x10/0x10
[  328.910393][ T9737]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.910419][ T9737]  ? __pfx__printk+0x10/0x10
[  328.910455][ T9737]  ? __pfx___might_resched+0x10/0x10
[  328.910484][ T9737]  should_fail_ex+0x414/0x560
[  328.910514][ T9737]  should_failslab+0xa8/0x100
[  328.910543][ T9737]  __kmalloc_noprof+0xdf/0x800
[  328.910563][ T9737]  ? kfree+0x4d/0x660
[  328.910597][ T9737]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  328.910624][ T9737]  tomoyo_realpath_from_path+0xe3/0x5d0
[  328.910647][ T9737]  ? tomoyo_domain+0xd8/0x130
[  328.910675][ T9737]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  328.910704][ T9737]  tomoyo_path_number_perm+0x1e8/0x5a0
[  328.910737][ T9737]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  328.910784][ T9737]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  328.910832][ T9737]  ? __fget_files+0x2a/0x420
[  328.910866][ T9737]  ? __fget_files+0x3a0/0x420
[  328.910892][ T9737]  ? __fget_files+0x2a/0x420
[  328.910923][ T9737]  security_file_ioctl+0xcb/0x2d0
[  328.910952][ T9737]  __se_sys_ioctl+0x47/0x170
[  328.910975][ T9737]  do_syscall_64+0xfa/0xf80
[  328.911001][ T9737]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.911022][ T9737]  ? clear_bhb_loop+0x60/0xb0
[  328.911049][ T9737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.911070][ T9737] RIP: 0033:0x7f4ba6b8f749
[  328.911089][ T9737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.911114][ T9737] RSP: 002b:00007f4ba7b06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  328.911137][ T9737] RAX: ffffffffffffffda RBX: 00007f4ba6de5fa0 RCX: 00007f4ba6b8f749
[  328.911153][ T9737] RDX: 0000200000000000 RSI: 000000004008af30 RDI: 0000000000000003
[  328.911166][ T9737] RBP: 00007f4ba7b06090 R08: 0000000000000000 R09: 0000000000000000
[  328.911179][ T9737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.911191][ T9737] R13: 00007f4ba6de6038 R14: 00007f4ba6de5fa0 R15: 00007ffdca41c7f8
[  328.911226][ T9737]  </TASK>
[  328.912549][ T9737] ERROR: Out of memory at tomoyo_realpath_from_path.
[  329.260445][ T9746] MTD: Couldn't look up 'contention_end': -2
[  329.438022][ T9750] loop3: detected capacity change from 0 to 512
[  329.493792][ T9750] EXT4-fs: Ignoring removed mblk_io_submit option
[  329.528918][ T9750] ext4: Unknown parameter 'hash'
[  330.671903][ T9765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1204'.
[  331.874495][ T5912] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  332.059919][ T5912] usb 2-1: Using ep0 maxpacket: 32
[  332.068798][ T5912] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  332.078648][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.094825][ T5912] usb 2-1: config 0 descriptor??
[  332.373206][ T5912] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  332.385622][ T5912] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  332.412076][ T5912] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  332.421780][ T5912] usb 2-1: media controller created
[  332.460243][ T5912] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  332.468235][ T9826] FAULT_INJECTION: forcing a failure.
[  332.468235][ T9826] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  332.516905][ T9826] CPU: 0 UID: 0 PID: 9826 Comm: syz.2.1225 Not tainted syzkaller #0 PREEMPT(full) 
[  332.516934][ T9826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  332.516947][ T9826] Call Trace:
[  332.516955][ T9826]  <TASK>
[  332.516964][ T9826]  dump_stack_lvl+0x189/0x250
[  332.516994][ T9826]  ? __pfx____ratelimit+0x10/0x10
[  332.517018][ T9826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  332.517043][ T9826]  ? __pfx__printk+0x10/0x10
[  332.517073][ T9826]  ? __might_fault+0xb0/0x130
[  332.517117][ T9826]  should_fail_ex+0x414/0x560
[  332.517146][ T9826]  _copy_from_user+0x2d/0xb0
[  332.517178][ T9826]  ___sys_sendmsg+0x158/0x2a0
[  332.517209][ T9826]  ? __pfx____sys_sendmsg+0x10/0x10
[  332.517243][ T9826]  ? rcu_read_lock_any_held+0xb3/0x120
[  332.517299][ T9826]  ? __fget_files+0x2a/0x420
[  332.517325][ T9826]  ? __fget_files+0x3a0/0x420
[  332.517363][ T9826]  __x64_sys_sendmsg+0x19b/0x260
[  332.517394][ T9826]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  332.517432][ T9826]  ? __pfx_ksys_write+0x10/0x10
[  332.517457][ T9826]  ? do_syscall_64+0xbe/0xf80
[  332.517485][ T9826]  do_syscall_64+0xfa/0xf80
[  332.517510][ T9826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.517531][ T9826]  ? clear_bhb_loop+0x60/0xb0
[  332.517556][ T9826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.517582][ T9826] RIP: 0033:0x7f4ba6b8f749
[  332.517601][ T9826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.517619][ T9826] RSP: 002b:00007f4ba7b06038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  332.517641][ T9826] RAX: ffffffffffffffda RBX: 00007f4ba6de5fa0 RCX: 00007f4ba6b8f749
[  332.517656][ T9826] RDX: 0000000000000800 RSI: 0000200000006040 RDI: 0000000000000006
[  332.517669][ T9826] RBP: 00007f4ba7b06090 R08: 0000000000000000 R09: 0000000000000000
[  332.517681][ T9826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.517693][ T9826] R13: 00007f4ba6de6038 R14: 00007f4ba6de5fa0 R15: 00007ffdca41c7f8
[  332.517727][ T9826]  </TASK>
[  332.781005][ T5912] DVB: Unable to find symbol dib7000p_attach()
[  332.788747][ T5912] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  332.794537][ T9829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.806044][ T9829] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.966692][ T5912] rc_core: IR keymap rc-dib0700-rc5 not found
[  332.975924][ T5912] Registered IR keymap rc-empty
[  332.979463][ T9834] loop2: detected capacity change from 0 to 512
[  332.981252][ T5912] dvb-usb: could not initialize remote control.
[  332.994358][ T9834] EXT4-fs: Ignoring removed mblk_io_submit option
[  333.010989][ T9834] ext4: Unknown parameter 'hash'
[  333.032188][ T5912] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  334.026998][ T5912] usb 2-1: USB disconnect, device number 8
[  334.157333][ T5912] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  334.211956][ T9851] FAULT_INJECTION: forcing a failure.
[  334.211956][ T9851] name failslab, interval 1, probability 0, space 0, times 0
[  334.251455][ T9851] CPU: 0 UID: 0 PID: 9851 Comm: syz.4.1234 Not tainted syzkaller #0 PREEMPT(full) 
[  334.251485][ T9851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  334.251498][ T9851] Call Trace:
[  334.251507][ T9851]  <TASK>
[  334.251516][ T9851]  dump_stack_lvl+0x189/0x250
[  334.251548][ T9851]  ? __pfx____ratelimit+0x10/0x10
[  334.251572][ T9851]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.251597][ T9851]  ? __pfx__printk+0x10/0x10
[  334.251642][ T9851]  ? __pfx___might_resched+0x10/0x10
[  334.251671][ T9851]  should_fail_ex+0x414/0x560
[  334.251701][ T9851]  should_failslab+0xa8/0x100
[  334.251729][ T9851]  __kmalloc_noprof+0xdf/0x800
[  334.251749][ T9851]  ? kfree+0x4d/0x660
[  334.251776][ T9851]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  334.251804][ T9851]  tomoyo_realpath_from_path+0xe3/0x5d0
[  334.251827][ T9851]  ? tomoyo_domain+0xd8/0x130
[  334.251854][ T9851]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  334.251883][ T9851]  tomoyo_path_number_perm+0x1e8/0x5a0
[  334.251915][ T9851]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  334.251963][ T9851]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  334.252008][ T9851]  ? __fget_files+0x2a/0x420
[  334.252040][ T9851]  ? __fget_files+0x3a0/0x420
[  334.252065][ T9851]  ? __fget_files+0x2a/0x420
[  334.252095][ T9851]  security_file_ioctl+0xcb/0x2d0
[  334.252124][ T9851]  __se_sys_ioctl+0x47/0x170
[  334.252146][ T9851]  do_syscall_64+0xfa/0xf80
[  334.252171][ T9851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.252191][ T9851]  ? clear_bhb_loop+0x60/0xb0
[  334.252216][ T9851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.252236][ T9851] RIP: 0033:0x7f5a24b8f749
[  334.252255][ T9851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.252273][ T9851] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  334.252296][ T9851] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  334.252311][ T9851] RDX: 0000000000000000 RSI: 000000000000641e RDI: 0000000000000004
[  334.252323][ T9851] RBP: 00007f5a25a42090 R08: 0000000000000000 R09: 0000000000000000
[  334.252336][ T9851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.252347][ T9851] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  334.252381][ T9851]  </TASK>
[  334.252389][ T9851] ERROR: Out of memory at tomoyo_realpath_from_path.
[  335.439902][ T9887] xt_CT: No such helper "pptp"
[  336.105748][ T9917] loop2: detected capacity change from 0 to 4096
[  336.275480][ T9917] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  336.398008][ T9917] ntfs3(loop2): ino=9, ntfs_sync_fs failed, -22.
[  336.494333][ T5830] ntfs3(loop2): ino=9, ntfs_sync_fs failed, -22.
[  337.723505][ T9975] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  337.730862][ T9975] overlayfs: failed to set xattr on upper
[  337.736667][ T9975] overlayfs: ...falling back to redirect_dir=nofollow.
[  337.743567][ T9975] overlayfs: ...falling back to index=off.
[  337.749440][ T9975] overlayfs: maximum fs stacking depth exceeded
[  338.585078][ T9985] futex_wake_op: syz.2.1273 tries to shift op by 144; fix this program
[  339.882990][ T9993] loop4: detected capacity change from 0 to 32768
[  339.923381][ T9993] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1278 (9993)
[  339.999162][ T9993] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  340.033970][ T9993] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  340.196090][ T9993] BTRFS info (device loop4): rebuilding free space tree
[  340.277724][ T9993] BTRFS info (device loop4): disabling free space tree
[  340.340458][ T9993] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  340.393906][ T9993] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  340.473314][ T9993] BTRFS info (device loop4): setting nodatasum
[  340.493401][ T9993] BTRFS info (device loop4): setting nodatacow
[  340.519061][ T9993] BTRFS info (device loop4): turning off barriers
[  340.543886][ T9993] BTRFS info (device loop4): force clearing of disk cache
[  340.690354][ T9993] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1278'.
[  341.585379][ T5829] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  342.507454][T10074] futex_wake_op: syz.3.1298 tries to shift op by 144; fix this program
[  342.996904][T10080] futex_wake_op: syz.2.1299 tries to shift op by 144; fix this program
[  346.297713][T10118] loop2: detected capacity change from 0 to 256
[  346.344525][T10118] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  346.412411][T10118] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  346.472454][T10125] loop4: detected capacity change from 0 to 64
[  346.482388][T10126] FAULT_INJECTION: forcing a failure.
[  346.482388][T10126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  346.534993][T10126] CPU: 0 UID: 0 PID: 10126 Comm: syz.1.1317 Not tainted syzkaller #0 PREEMPT(full) 
[  346.535023][T10126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  346.535036][T10126] Call Trace:
[  346.535045][T10126]  <TASK>
[  346.535055][T10126]  dump_stack_lvl+0x189/0x250
[  346.535086][T10126]  ? __pfx____ratelimit+0x10/0x10
[  346.535109][T10126]  ? __pfx_dump_stack_lvl+0x10/0x10
[  346.535134][T10126]  ? __pfx__printk+0x10/0x10
[  346.535176][T10126]  ? __might_fault+0xb0/0x130
[  346.535220][T10126]  should_fail_ex+0x414/0x560
[  346.535249][T10126]  _copy_from_user+0x2d/0xb0
[  346.535281][T10126]  __sys_bpf+0x1e3/0x860
[  346.535314][T10126]  ? __pfx___sys_bpf+0x10/0x10
[  346.535361][T10126]  ? ksys_write+0x22a/0x250
[  346.535384][T10126]  ? __pfx_ksys_write+0x10/0x10
[  346.535412][T10126]  __x64_sys_bpf+0x7c/0x90
[  346.535440][T10126]  do_syscall_64+0xfa/0xf80
[  346.535466][T10126]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.535487][T10126]  ? clear_bhb_loop+0x60/0xb0
[  346.535514][T10126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.535534][T10126] RIP: 0033:0x7f04d8d8f749
[  346.535553][T10126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.535569][T10126] RSP: 002b:00007f04d9bad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  346.535592][T10126] RAX: ffffffffffffffda RBX: 00007f04d8fe5fa0 RCX: 00007f04d8d8f749
[  346.535608][T10126] RDX: 0000000000000094 RSI: 0000200000000980 RDI: 0000000000000005
[  346.535621][T10126] RBP: 00007f04d9bad090 R08: 0000000000000000 R09: 0000000000000000
[  346.535634][T10126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.535646][T10126] R13: 00007f04d8fe6038 R14: 00007f04d8fe5fa0 R15: 00007ffdea3a17b8
[  346.535679][T10126]  </TASK>
[  346.913388][ T5987] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  347.093834][ T5987] usb 3-1: Using ep0 maxpacket: 32
[  347.101503][ T5987] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  347.117387][ T5987] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  347.138108][ T5987] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  347.167034][ T5987] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  347.213825][ T5987] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.248664][ T5987] usb 3-1: Product: syz
[  347.263101][ T5987] usb 3-1: Manufacturer: syz
[  347.283364][ T5987] usb 3-1: SerialNumber: syz
[  347.315136][ T5987] usb 3-1: config 0 descriptor??
[  347.355643][ T5987] rndis_host 3-1:0.0: skipping garbage
[  347.361220][ T5987] usb 3-1: bad CDC descriptors
[  347.378950][ T5987] cdc_acm 3-1:0.0: skipping garbage
[  347.393939][ T5987] cdc_acm 3-1:0.0: Control and data interfaces are not separated!
[  347.413850][ T5987] cdc_acm 3-1:0.0: This needs exactly 3 endpoints
[  347.420730][ T5987] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  347.470882][T10143] loop3: detected capacity change from 0 to 4096
[  347.495912][T10143] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  347.526688][T10118] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1315'.
[  347.650574][T10143] ntfs3(loop3): MFT: r=b, expect seq=0 instead of b!
[  348.536693][T10150] loop3: detected capacity change from 0 to 512
[  348.548807][T10150] EXT4-fs: Ignoring removed mblk_io_submit option
[  348.604934][T10150] ext4: Unknown parameter 'hash'
[  349.712981][ T6096] usb 3-1: USB disconnect, device number 4
[  349.873219][T10162] loop4: detected capacity change from 0 to 512
[  349.901552][T10162] EXT4-fs: Ignoring removed mblk_io_submit option
[  349.924088][T10162] ext4: Unknown parameter 'hash'
[  351.853528][T10191] loop3: detected capacity change from 0 to 512
[  351.880653][T10191] EXT4-fs: Ignoring removed mblk_io_submit option
[  351.892799][T10191] ext4: Unknown parameter 'hash'
[  352.004422][   T30] kauditd_printk_skb: 76 callbacks suppressed
[  352.004441][   T30] audit: type=1326 audit(1764344131.252:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  352.129216][   T30] audit: type=1326 audit(1764344131.272:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  352.224902][   T30] audit: type=1326 audit(1764344131.302:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  352.882958][   T30] audit: type=1326 audit(1764344131.302:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  352.943516][   T30] audit: type=1326 audit(1764344131.302:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  353.071567][   T30] audit: type=1326 audit(1764344131.302:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  353.094112][   T30] audit: type=1326 audit(1764344131.302:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  353.127137][   T30] audit: type=1326 audit(1764344131.302:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  353.206149][   T30] audit: type=1326 audit(1764344131.302:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  353.225177][T10207] FAULT_INJECTION: forcing a failure.
[  353.225177][T10207] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.282741][   T30] audit: type=1326 audit(1764344131.302:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10192 comm="syz.4.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  353.308928][T10207] CPU: 0 UID: 0 PID: 10207 Comm: syz.4.1340 Not tainted syzkaller #0 PREEMPT(full) 
[  353.308958][T10207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  353.308972][T10207] Call Trace:
[  353.308981][T10207]  <TASK>
[  353.308991][T10207]  dump_stack_lvl+0x189/0x250
[  353.309022][T10207]  ? __pfx____ratelimit+0x10/0x10
[  353.309045][T10207]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.309070][T10207]  ? __pfx__printk+0x10/0x10
[  353.309102][T10207]  ? __might_fault+0xb0/0x130
[  353.309145][T10207]  should_fail_ex+0x414/0x560
[  353.309175][T10207]  _copy_from_user+0x2d/0xb0
[  353.309207][T10207]  do_sock_getsockopt+0x15c/0x3d0
[  353.309238][T10207]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  353.309263][T10207]  ? do_syscall_64+0x80/0xf80
[  353.309287][T10207]  ? __fget_files+0x2a/0x420
[  353.309313][T10207]  ? __fget_files+0x3a0/0x420
[  353.309339][T10207]  ? __fget_files+0x2a/0x420
[  353.309373][T10207]  __x64_sys_getsockopt+0x1a5/0x250
[  353.309399][T10207]  ? do_syscall_64+0x80/0xf80
[  353.309425][T10207]  ? do_syscall_64+0x80/0xf80
[  353.309452][T10207]  do_syscall_64+0xfa/0xf80
[  353.309478][T10207]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.309499][T10207]  ? clear_bhb_loop+0x60/0xb0
[  353.309524][T10207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.309552][T10207] RIP: 0033:0x7f5a24b8f749
[  353.309571][T10207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.309589][T10207] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  353.309611][T10207] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  353.309627][T10207] RDX: 000000000000000f RSI: 0000000000000001 RDI: 0000000000000003
[  353.309639][T10207] RBP: 00007f5a25a42090 R08: 0000200000000140 R09: 0000000000000000
[  353.309652][T10207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.309664][T10207] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  353.309697][T10207]  </TASK>
[  354.403976][ T5987] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  354.574241][ T5987] usb 3-1: Using ep0 maxpacket: 8
[  354.823067][ T5987] usb 3-1: unable to get BOS descriptor or descriptor too short
[  354.862013][ T5987] usb 3-1: config 8 has an invalid interface number: 61 but max is 0
[  354.883800][ T5987] usb 3-1: config 8 has no interface number 0
[  354.889971][ T5987] usb 3-1: config 8 interface 61 altsetting 8 endpoint 0x8 has invalid wMaxPacketSize 0
[  355.449728][ T5987] usb 3-1: config 8 interface 61 has no altsetting 0
[  355.569347][ T5987] usb 3-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=e9.1f
[  355.593796][ T5987] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.601856][ T5987] usb 3-1: Product: syz
[  355.619117][ T5987] usb 3-1: Manufacturer: syz
[  355.628076][ T5987] usb 3-1: SerialNumber: syz
[  355.826783][T10247] FAULT_INJECTION: forcing a failure.
[  355.826783][T10247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.843558][T10242] loop0: detected capacity change from 0 to 4096
[  355.872262][T10247] CPU: 1 UID: 0 PID: 10247 Comm: syz.4.1353 Not tainted syzkaller #0 PREEMPT(full) 
[  355.872290][T10247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  355.872304][T10247] Call Trace:
[  355.872319][T10247]  <TASK>
[  355.872328][T10247]  dump_stack_lvl+0x189/0x250
[  355.872358][T10247]  ? __pfx____ratelimit+0x10/0x10
[  355.872380][T10247]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.872405][T10247]  ? __pfx__printk+0x10/0x10
[  355.872446][T10247]  should_fail_ex+0x414/0x560
[  355.872477][T10247]  _copy_to_user+0x31/0xb0
[  355.872510][T10247]  simple_read_from_buffer+0xe1/0x170
[  355.872541][T10247]  proc_fail_nth_read+0x1b3/0x220
[  355.872567][T10247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  355.872592][T10247]  ? rw_verify_area+0x2a6/0x4d0
[  355.872612][T10247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  355.872635][T10247]  vfs_read+0x200/0xa30
[  355.872654][T10247]  ? __pfx_aa_sk_perm+0x10/0x10
[  355.872690][T10247]  ? __pfx_vfs_read+0x10/0x10
[  355.872709][T10247]  ? netlink_connect+0x5d/0x500
[  355.872737][T10247]  ? bpf_lsm_socket_connect+0x9/0x20
[  355.872762][T10247]  ? __sys_connect+0x339/0x440
[  355.872785][T10247]  ? do_sys_openat2+0x15a/0x200
[  355.872812][T10247]  ? __pfx___sys_connect+0x10/0x10
[  355.872842][T10247]  ksys_read+0x145/0x250
[  355.872865][T10247]  ? __pfx_ksys_read+0x10/0x10
[  355.872888][T10247]  ? do_syscall_64+0xbe/0xf80
[  355.872917][T10247]  do_syscall_64+0xfa/0xf80
[  355.872941][T10247]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.872961][T10247]  ? clear_bhb_loop+0x60/0xb0
[  355.872986][T10247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.873006][T10247] RIP: 0033:0x7f5a24b8e15c
[  355.873024][T10247] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  355.873042][T10247] RSP: 002b:00007f5a25a42030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  355.873065][T10247] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8e15c
[  355.873080][T10247] RDX: 000000000000000f RSI: 00007f5a25a420a0 RDI: 0000000000000004
[  355.873092][T10247] RBP: 00007f5a25a42090 R08: 0000000000000000 R09: 0000000000000000
[  355.873104][T10247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.873116][T10247] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  355.873149][T10247]  </TASK>
[  356.152797][T10250] loop2: detected capacity change from 0 to 4096
[  356.174945][T10250] ntfs3: Unknown parameter '00000000000000000000000POô%F²$ýb±O;@�|(êUNu(ƒ|¯Ðé1ñ|¼„@ü‹'j?}IáCö‡YÄÄkº7‡EΦ­…9L•3R-S'ÝE|¦&ÐÍË!{’É ô¶µ²Ä†£<uóûyø_ý²j÷
¿þØ�e? P¢”>i¬ràÎOu-ž'
[  356.188764][T10242] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  356.535721][T10242] ntfs3(loop0): Failed to load $Extend (-22).
[  356.610676][ T5987] bfusb 3-1:8.61: probe with driver bfusb failed with error -5
[  356.631624][T10242] ntfs3(loop0): Failed to initialize $Extend.
[  356.709861][ T5987] usb 3-1: USB disconnect, device number 5
[  356.849229][T10258] loop3: detected capacity change from 0 to 1024
[  356.953357][T10258] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  357.006883][T10258] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  357.073967][T10258] JBD2: no valid journal superblock found
[  357.112346][T10258] EXT4-fs (loop3): Could not load journal inode
[  359.396444][T10319] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  359.473990][T10319] overlayfs: failed to set xattr on upper
[  359.516051][T10319] overlayfs: ...falling back to redirect_dir=nofollow.
[  359.543316][T10319] overlayfs: ...falling back to index=off.
[  359.584839][T10319] overlayfs: maximum fs stacking depth exceeded
[  359.759114][T10326] loop0: detected capacity change from 0 to 4096
[  359.916832][T10326] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  359.992697][T10326] FAULT_INJECTION: forcing a failure.
[  359.992697][T10326] name failslab, interval 1, probability 0, space 0, times 0
[  360.041566][T10326] CPU: 1 UID: 0 PID: 10326 Comm: syz.0.1376 Not tainted syzkaller #0 PREEMPT(full) 
[  360.041602][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  360.041616][T10326] Call Trace:
[  360.041624][T10326]  <TASK>
[  360.041634][T10326]  dump_stack_lvl+0x189/0x250
[  360.041666][T10326]  ? __pfx____ratelimit+0x10/0x10
[  360.041689][T10326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.041715][T10326]  ? __pfx__printk+0x10/0x10
[  360.041773][T10326]  ? __pfx___might_resched+0x10/0x10
[  360.041796][T10326]  ? fs_reclaim_acquire+0x7d/0x100
[  360.041825][T10326]  should_fail_ex+0x414/0x560
[  360.041862][T10326]  should_failslab+0xa8/0x100
[  360.041889][T10326]  kmem_cache_alloc_noprof+0x88/0x710
[  360.041922][T10326]  ? getname_flags+0xb8/0x540
[  360.041952][T10326]  getname_flags+0xb8/0x540
[  360.041982][T10326]  __x64_sys_mkdirat+0x7a/0xa0
[  360.042006][T10326]  do_syscall_64+0xfa/0xf80
[  360.042032][T10326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.042053][T10326]  ? clear_bhb_loop+0x60/0xb0
[  360.042079][T10326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.042106][T10326] RIP: 0033:0x7f5ac238de97
[  360.042125][T10326] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.042141][T10326] RSP: 002b:00007f5ac05f5e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  360.042164][T10326] RAX: ffffffffffffffda RBX: 00007f5ac05f5ef0 RCX: 00007f5ac238de97
[  360.042179][T10326] RDX: 00000000000001ff RSI: 00002000000001c0 RDI: 00000000ffffff9c
[  360.042193][T10326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  360.042205][T10326] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000001c0
[  360.042227][T10326] R13: 00007f5ac05f5eb0 R14: 0000000000000000 R15: 0000000000000000
[  360.042259][T10326]  </TASK>
[  360.421958][ T6112] ntfs3(loop0): ino=9, ntfs3_write_inode failed, -22.
[  360.433963][ T5835] ntfs3(loop0): ino=9, ntfs_sync_fs failed, -22.
[  367.644298][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  367.910458][T10470] loop1: detected capacity change from 0 to 256
[  367.952391][T10470] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  367.987837][T10474] loop4: detected capacity change from 0 to 128
[  368.010014][T10470] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  368.175329][T10474] syz.4.1424: attempt to access beyond end of device
[  368.175329][T10474] loop4: rw=2049, sector=145, nr_sectors = 8 limit=128
[  368.210188][T10474] syz.4.1424: attempt to access beyond end of device
[  368.210188][T10474] loop4: rw=2049, sector=161, nr_sectors = 8 limit=128
[  368.262504][T10474] syz.4.1424: attempt to access beyond end of device
[  368.262504][T10474] loop4: rw=2049, sector=177, nr_sectors = 8 limit=128
[  368.284835][T10474] syz.4.1424: attempt to access beyond end of device
[  368.284835][T10474] loop4: rw=2049, sector=193, nr_sectors = 8 limit=128
[  368.314316][T10474] syz.4.1424: attempt to access beyond end of device
[  368.314316][T10474] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128
[  368.343857][ T6096] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  368.353992][T10474] syz.4.1424: attempt to access beyond end of device
[  368.353992][T10474] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128
[  368.384200][T10474] syz.4.1424: attempt to access beyond end of device
[  368.384200][T10474] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128
[  368.424012][T10474] syz.4.1424: attempt to access beyond end of device
[  368.424012][T10474] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128
[  368.439366][T10474] syz.4.1424: attempt to access beyond end of device
[  368.439366][T10474] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128
[  368.473480][T10474] syz.4.1424: attempt to access beyond end of device
[  368.473480][T10474] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128
[  368.531812][ T6096] usb 2-1: Using ep0 maxpacket: 32
[  368.547047][ T6096] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  368.566372][ T6096] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.607103][ T6096] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  368.647208][ T6096] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  368.680987][ T6096] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.724379][ T6096] usb 2-1: Product: syz
[  368.728615][ T6096] usb 2-1: Manufacturer: syz
[  368.741877][T10472] loop2: detected capacity change from 0 to 32768
[  368.756375][T10476] sctp: [Deprecated]: syz.3.1425 (pid 10476) Use of int in max_burst socket option.
[  368.756375][T10476] Use struct sctp_assoc_value instead
[  368.774383][ T6096] usb 2-1: SerialNumber: syz
[  368.786496][T10472] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1423 (10472)
[  368.803284][ T6096] usb 2-1: config 0 descriptor??
[  368.828264][ T6096] rndis_host 2-1:0.0: skipping garbage
[  368.853810][ T6096] usb 2-1: bad CDC descriptors
[  369.034462][T10470] netlink: 27 bytes leftover after parsing attributes in process `syz.1.1422'.
[  369.105364][ T6096] cdc_acm 2-1:0.0: skipping garbage
[  369.111670][ T6096] cdc_acm 2-1:0.0: Control and data interfaces are not separated!
[  369.121483][ T6096] cdc_acm 2-1:0.0: This needs exactly 3 endpoints
[  369.129033][ T6096] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  369.892722][T10472] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  370.265684][T10500] sctp: [Deprecated]: syz.1.1422 (pid 10500) Use of struct sctp_assoc_value in delayed_ack socket option.
[  370.265684][T10500] Use struct sctp_sack_info instead
[  371.255350][T10472] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  371.312627][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  371.336364][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  371.424706][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  371.496748][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  371.514395][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  371.523515][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  371.615872][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  371.674179][T10472] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  371.753093][T10472] BTRFS error (device loop2): open_ctree failed: -12
[  372.448217][ T6022] usb 2-1: USB disconnect, device number 9
[  373.871951][T10579] FAULT_INJECTION: forcing a failure.
[  373.871951][T10579] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.885680][T10579] CPU: 1 UID: 0 PID: 10579 Comm: syz.3.1451 Not tainted syzkaller #0 PREEMPT(full) 
[  373.885710][T10579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  373.885727][T10579] Call Trace:
[  373.885736][T10579]  <TASK>
[  373.885745][T10579]  dump_stack_lvl+0x189/0x250
[  373.885776][T10579]  ? __pfx____ratelimit+0x10/0x10
[  373.885800][T10579]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.885826][T10579]  ? __pfx__printk+0x10/0x10
[  373.885858][T10579]  ? __might_fault+0xb0/0x130
[  373.885902][T10579]  should_fail_ex+0x414/0x560
[  373.885931][T10579]  _copy_from_user+0x2d/0xb0
[  373.885963][T10579]  ___sys_sendmsg+0x158/0x2a0
[  373.885994][T10579]  ? __pfx____sys_sendmsg+0x10/0x10
[  373.886029][T10579]  ? rcu_read_lock_any_held+0xb3/0x120
[  373.886086][T10579]  ? __fget_files+0x2a/0x420
[  373.886112][T10579]  ? __fget_files+0x3a0/0x420
[  373.886150][T10579]  __x64_sys_sendmsg+0x19b/0x260
[  373.886181][T10579]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  373.886219][T10579]  ? __pfx_ksys_write+0x10/0x10
[  373.886246][T10579]  ? do_syscall_64+0xbe/0xf80
[  373.886275][T10579]  do_syscall_64+0xfa/0xf80
[  373.886300][T10579]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.886321][T10579]  ? clear_bhb_loop+0x60/0xb0
[  373.886346][T10579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.886373][T10579] RIP: 0033:0x7f3dd5b8f749
[  373.886392][T10579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.886410][T10579] RSP: 002b:00007f3dd6984038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  373.886432][T10579] RAX: ffffffffffffffda RBX: 00007f3dd5de5fa0 RCX: 00007f3dd5b8f749
[  373.886448][T10579] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  373.886462][T10579] RBP: 00007f3dd6984090 R08: 0000000000000000 R09: 0000000000000000
[  373.886475][T10579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.886488][T10579] R13: 00007f3dd5de6038 R14: 00007f3dd5de5fa0 R15: 00007fff084a43d8
[  373.886527][T10579]  </TASK>
[  374.179646][T10580] futex_wake_op: syz.2.1447 tries to shift op by 144; fix this program
[  376.314070][T10613] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  376.321272][T10613] overlayfs: failed to set xattr on upper
[  376.327181][T10613] overlayfs: ...falling back to redirect_dir=nofollow.
[  376.334167][T10613] overlayfs: ...falling back to index=off.
[  376.340123][T10613] overlayfs: maximum fs stacking depth exceeded
[  380.805353][T10662] futex_wake_op: syz.0.1476 tries to shift op by 144; fix this program
[  380.863874][ T6096] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  380.946842][T10660] futex_wake_op: syz.1.1477 tries to shift op by 144; fix this program
[  381.049980][ T6096] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  381.061347][ T6096] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  381.075126][ T6096] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  381.116006][ T6096] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  381.134444][ T6096] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.352425][ T6096] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  381.536818][T10653] loop4: detected capacity change from 0 to 32768
[  381.554412][T10653] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1474 (10653)
[  381.618105][ T6096] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -12
[  381.638104][T10666] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1479'.
[  381.659938][T10666] tipc: Started in network mode
[  381.665998][ T5841] udevd[5841]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.671920][T10666] tipc: Node identity fff50000000000000000000000000001, cluster identity 4711
[  381.692266][T10666] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  381.729562][T10653] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  381.747441][T10653] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  381.973463][T10653] BTRFS info (device loop4): enabling ssd optimizations
[  382.032613][T10653] BTRFS info (device loop4): turning on async discard
[  382.075392][T10653] BTRFS info (device loop4): enabling free space tree
[  382.322039][ T6955] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  382.695860][ T6096] usb 3-1: USB disconnect, device number 6
[  383.090080][ T5829] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  383.934110][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  383.945494][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  384.149382][T10715] loop1: detected capacity change from 0 to 256
[  384.315201][T10715] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  385.085811][T10718] FAULT_INJECTION: forcing a failure.
[  385.085811][T10718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.186759][T10715] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  385.244836][T10718] CPU: 1 UID: 0 PID: 10718 Comm: syz.4.1492 Not tainted syzkaller #0 PREEMPT(full) 
[  385.244866][T10718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  385.244879][T10718] Call Trace:
[  385.244887][T10718]  <TASK>
[  385.244897][T10718]  dump_stack_lvl+0x189/0x250
[  385.244928][T10718]  ? __pfx____ratelimit+0x10/0x10
[  385.244952][T10718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.244977][T10718]  ? __pfx__printk+0x10/0x10
[  385.245008][T10718]  ? __might_fault+0xb0/0x130
[  385.245052][T10718]  should_fail_ex+0x414/0x560
[  385.245082][T10718]  _copy_from_user+0x2d/0xb0
[  385.245115][T10718]  do_sys_poll+0x242/0x1070
[  385.245151][T10718]  ? __lock_acquire+0x6b6/0x2cf0
[  385.245176][T10718]  ? __pfx_do_sys_poll+0x10/0x10
[  385.245277][T10718]  ? rcu_read_lock_any_held+0xb3/0x120
[  385.245306][T10718]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  385.245337][T10718]  ? vfs_write+0x956/0xb30
[  385.245386][T10718]  ? set_user_sigmask+0xc1/0x250
[  385.245416][T10718]  ? __pfx_set_user_sigmask+0x10/0x10
[  385.245439][T10718]  ? do_sys_openat2+0x15a/0x200
[  385.245475][T10718]  __se_sys_ppoll+0x1ff/0x260
[  385.245503][T10718]  ? __pfx___se_sys_ppoll+0x10/0x10
[  385.245527][T10718]  ? __pfx_ksys_write+0x10/0x10
[  385.245551][T10718]  ? do_syscall_64+0xbe/0xf80
[  385.245574][T10718]  ? __x64_sys_ppoll+0x20/0xc0
[  385.245601][T10718]  do_syscall_64+0xfa/0xf80
[  385.245626][T10718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.245647][T10718]  ? clear_bhb_loop+0x60/0xb0
[  385.245673][T10718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.245694][T10718] RIP: 0033:0x7f5a24b8f749
[  385.245712][T10718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.245730][T10718] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  385.245752][T10718] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  385.245767][T10718] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  385.245781][T10718] RBP: 00007f5a25a42090 R08: 0000000000000000 R09: 0000000000000000
[  385.245794][T10718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.245806][T10718] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  385.245839][T10718]  </TASK>
[  385.763819][ T5925] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  385.954170][ T5925] usb 2-1: Using ep0 maxpacket: 32
[  385.973986][ T5925] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  385.997293][ T5925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  386.032620][ T5925] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  386.698978][ T5925] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  386.708858][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.753658][ T5925] usb 2-1: Product: syz
[  386.757945][ T5925] usb 2-1: Manufacturer: syz
[  386.788229][ T5925] usb 2-1: SerialNumber: syz
[  386.806936][ T5925] usb 2-1: config 0 descriptor??
[  386.840471][ T5925] rndis_host 2-1:0.0: skipping garbage
[  386.856328][ T5925] usb 2-1: bad CDC descriptors
[  386.875587][ T5925] cdc_acm 2-1:0.0: skipping garbage
[  386.901694][ T5925] cdc_acm 2-1:0.0: Control and data interfaces are not separated!
[  386.925750][ T5925] cdc_acm 2-1:0.0: This needs exactly 3 endpoints
[  386.934809][ T5925] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  387.046970][ T6096] usb 2-1: USB disconnect, device number 10
[  389.203596][T10784] FAULT_INJECTION: forcing a failure.
[  389.203596][T10784] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.255831][T10784] CPU: 1 UID: 0 PID: 10784 Comm: syz.3.1515 Not tainted syzkaller #0 PREEMPT(full) 
[  389.255861][T10784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  389.255873][T10784] Call Trace:
[  389.255882][T10784]  <TASK>
[  389.255891][T10784]  dump_stack_lvl+0x189/0x250
[  389.255922][T10784]  ? __pfx____ratelimit+0x10/0x10
[  389.255945][T10784]  ? __pfx_dump_stack_lvl+0x10/0x10
[  389.255970][T10784]  ? __pfx__printk+0x10/0x10
[  389.256001][T10784]  ? __might_fault+0xb0/0x130
[  389.256044][T10784]  should_fail_ex+0x414/0x560
[  389.256082][T10784]  _copy_from_user+0x2d/0xb0
[  389.256114][T10784]  ___sys_recvmsg+0x12e/0x510
[  389.256148][T10784]  ? __pfx____sys_recvmsg+0x10/0x10
[  389.256202][T10784]  ? __fget_files+0x3a0/0x420
[  389.256239][T10784]  do_recvmmsg+0x307/0x770
[  389.256276][T10784]  ? __pfx_do_recvmmsg+0x10/0x10
[  389.256315][T10784]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  389.256357][T10784]  __x64_sys_recvmmsg+0x190/0x240
[  389.256389][T10784]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  389.256421][T10784]  ? do_syscall_64+0xbe/0xf80
[  389.256450][T10784]  do_syscall_64+0xfa/0xf80
[  389.256475][T10784]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.256497][T10784]  ? clear_bhb_loop+0x60/0xb0
[  389.256521][T10784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.256541][T10784] RIP: 0033:0x7f3dd5b8f749
[  389.256560][T10784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.256578][T10784] RSP: 002b:00007f3dd6984038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  389.256600][T10784] RAX: ffffffffffffffda RBX: 00007f3dd5de5fa0 RCX: 00007f3dd5b8f749
[  389.256615][T10784] RDX: 0000000000000013 RSI: 0000200000000780 RDI: 0000000000000003
[  389.256626][T10784] RBP: 00007f3dd6984090 R08: 0000000000000000 R09: 0000000000000000
[  389.256638][T10784] R10: 0000000040012100 R11: 0000000000000246 R12: 0000000000000001
[  389.256651][T10784] R13: 00007f3dd5de6038 R14: 00007f3dd5de5fa0 R15: 00007fff084a43d8
[  389.256683][T10784]  </TASK>
[  391.579104][T10808] loop3: detected capacity change from 0 to 1024
[  392.712593][T10838] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  392.719805][T10838] overlayfs: failed to set xattr on upper
[  392.725715][T10838] overlayfs: ...falling back to redirect_dir=nofollow.
[  392.732728][T10838] overlayfs: ...falling back to index=off.
[  392.738713][T10838] overlayfs: maximum fs stacking depth exceeded
[  395.805736][T10896] FAULT_INJECTION: forcing a failure.
[  395.805736][T10896] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.227068][T10896] CPU: 1 UID: 0 PID: 10896 Comm: syz.4.1545 Not tainted syzkaller #0 PREEMPT(full) 
[  396.227098][T10896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  396.227110][T10896] Call Trace:
[  396.227118][T10896]  <TASK>
[  396.227127][T10896]  dump_stack_lvl+0x189/0x250
[  396.227156][T10896]  ? __pfx____ratelimit+0x10/0x10
[  396.227178][T10896]  ? __pfx_dump_stack_lvl+0x10/0x10
[  396.227201][T10896]  ? __pfx__printk+0x10/0x10
[  396.227226][T10896]  ? lock_acquire+0x16c/0x340
[  396.227259][T10896]  should_fail_ex+0x414/0x560
[  396.227286][T10896]  _copy_from_user+0x2d/0xb0
[  396.227315][T10896]  ___sys_sendmsg+0x158/0x2a0
[  396.227344][T10896]  ? __pfx____sys_sendmsg+0x10/0x10
[  396.227423][T10896]  ? __fget_files+0x2a/0x420
[  396.227449][T10896]  ? __fget_files+0x3a0/0x420
[  396.227487][T10896]  __x64_sys_sendmsg+0x19b/0x260
[  396.227518][T10896]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  396.227554][T10896]  ? rcu_is_watching+0x15/0xb0
[  396.227584][T10896]  ? do_syscall_64+0xbe/0xf80
[  396.227612][T10896]  do_syscall_64+0xfa/0xf80
[  396.227637][T10896]  ? rcu_is_watching+0x15/0xb0
[  396.227661][T10896]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.227682][T10896]  ? clear_bhb_loop+0x60/0xb0
[  396.227708][T10896]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.227729][T10896] RIP: 0033:0x7f5a24b8f749
[  396.227748][T10896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.227765][T10896] RSP: 002b:00007f5a25a21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  396.227788][T10896] RAX: ffffffffffffffda RBX: 00007f5a24de6090 RCX: 00007f5a24b8f749
[  396.227803][T10896] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  396.227816][T10896] RBP: 00007f5a25a21090 R08: 0000000000000000 R09: 0000000000000000
[  396.227828][T10896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.227840][T10896] R13: 00007f5a24de6128 R14: 00007f5a24de6090 R15: 00007fff3e3146b8
[  396.227875][T10896]  </TASK>
[  398.057590][T10928] loop3: detected capacity change from 0 to 2048
[  398.081867][T10928] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  398.235113][ T5912] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  398.474370][ T5912] usb 2-1: Using ep0 maxpacket: 16
[  398.829799][ T5144] Bluetooth: hci2: unexpected event for opcode 0x0c26
[  398.875992][ T5912] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  398.923234][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.997280][ T5912] usb 2-1: Product: syz
[  399.014822][T10931] loop2: detected capacity change from 0 to 2048
[  399.051270][ T5912] usb 2-1: Manufacturer: syz
[  399.111483][ T5912] usb 2-1: SerialNumber: syz
[  399.349619][ T5912] r8152-cfgselector 2-1: Unknown version 0x0000
[  399.371611][T10931] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  399.394564][ T5912] r8152-cfgselector 2-1: config 0 descriptor??
[  399.532565][ T5144] Bluetooth: hci3: unexpected event for opcode 0x0c26
[  399.533758][T10940] FAULT_INJECTION: forcing a failure.
[  399.533758][T10940] name failslab, interval 1, probability 0, space 0, times 0
[  399.552286][T10940] CPU: 0 UID: 0 PID: 10940 Comm: syz.2.1561 Not tainted syzkaller #0 PREEMPT(full) 
[  399.552317][T10940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  399.552329][T10940] Call Trace:
[  399.552338][T10940]  <TASK>
[  399.552349][T10940]  dump_stack_lvl+0x189/0x250
[  399.552372][T10940]  ? __pfx____ratelimit+0x10/0x10
[  399.552390][T10940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.552409][T10940]  ? __pfx__printk+0x10/0x10
[  399.552445][T10940]  ? __pfx___might_resched+0x10/0x10
[  399.552469][T10940]  ? fs_reclaim_acquire+0x7d/0x100
[  399.552498][T10940]  should_fail_ex+0x414/0x560
[  399.552521][T10940]  should_failslab+0xa8/0x100
[  399.552541][T10940]  kmem_cache_alloc_noprof+0x88/0x710
[  399.552564][T10940]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  399.552591][T10940]  ? getname_flags+0xb8/0x540
[  399.552616][T10940]  ? __pfx_vfs_write+0x10/0x10
[  399.552639][T10940]  getname_flags+0xb8/0x540
[  399.552669][T10940]  do_sys_openat2+0xbc/0x200
[  399.552692][T10940]  ? __pfx_do_sys_openat2+0x10/0x10
[  399.552716][T10940]  ? ksys_write+0x22a/0x250
[  399.552739][T10940]  ? __pfx_ksys_write+0x10/0x10
[  399.552763][T10940]  __x64_sys_openat+0x138/0x170
[  399.552796][T10940]  do_syscall_64+0xfa/0xf80
[  399.552822][T10940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.552838][T10940]  ? clear_bhb_loop+0x60/0xb0
[  399.552856][T10940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.552870][T10940] RIP: 0033:0x7f4ba6b8f749
[  399.552889][T10940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.552910][T10940] RSP: 002b:00007f4ba7ae5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  399.552932][T10940] RAX: ffffffffffffffda RBX: 00007f4ba6de6090 RCX: 00007f4ba6b8f749
[  399.552947][T10940] RDX: 0000000000200002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  399.552962][T10940] RBP: 00007f4ba7ae5090 R08: 0000000000000000 R09: 0000000000000000
[  399.552976][T10940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.552985][T10940] R13: 00007f4ba6de6128 R14: 00007f4ba6de6090 R15: 00007ffdca41c7f8
[  399.553009][T10940]  </TASK>
[  400.267433][T10941] FAULT_INJECTION: forcing a failure.
[  400.267433][T10941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.348647][T10941] CPU: 1 UID: 0 PID: 10941 Comm: syz.4.1563 Not tainted syzkaller #0 PREEMPT(full) 
[  400.348677][T10941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  400.348691][T10941] Call Trace:
[  400.348699][T10941]  <TASK>
[  400.348709][T10941]  dump_stack_lvl+0x189/0x250
[  400.348739][T10941]  ? __pfx____ratelimit+0x10/0x10
[  400.348762][T10941]  ? __pfx_dump_stack_lvl+0x10/0x10
[  400.348787][T10941]  ? __pfx__printk+0x10/0x10
[  400.348818][T10941]  ? __might_fault+0xb0/0x130
[  400.348862][T10941]  should_fail_ex+0x414/0x560
[  400.348891][T10941]  _copy_from_user+0x2d/0xb0
[  400.348930][T10941]  ___sys_recvmsg+0x12e/0x510
[  400.348964][T10941]  ? __pfx____sys_recvmsg+0x10/0x10
[  400.349018][T10941]  ? __fget_files+0x3a0/0x420
[  400.349056][T10941]  __x64_sys_recvmsg+0x198/0x260
[  400.349089][T10941]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  400.349128][T10941]  ? __pfx_ksys_write+0x10/0x10
[  400.349152][T10941]  ? do_syscall_64+0xbe/0xf80
[  400.349181][T10941]  do_syscall_64+0xfa/0xf80
[  400.349205][T10941]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.349226][T10941]  ? clear_bhb_loop+0x60/0xb0
[  400.349251][T10941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.349271][T10941] RIP: 0033:0x7f5a24b8f749
[  400.349285][T10941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.349299][T10941] RSP: 002b:00007f5a25a21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  400.349315][T10941] RAX: ffffffffffffffda RBX: 00007f5a24de6090 RCX: 00007f5a24b8f749
[  400.349326][T10941] RDX: 0000000000000100 RSI: 0000200000000200 RDI: 0000000000000008
[  400.349336][T10941] RBP: 00007f5a25a21090 R08: 0000000000000000 R09: 0000000000000000
[  400.349345][T10941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.349354][T10941] R13: 00007f5a24de6128 R14: 00007f5a24de6090 R15: 00007fff3e3146b8
[  400.349377][T10941]  </TASK>
[  400.790974][T10944] batadv_slave_1: entered promiscuous mode
[  400.816580][T10922] batadv_slave_1: left promiscuous mode
[  400.835671][  T934] r8152-cfgselector 2-1: USB disconnect, device number 11
[  401.764073][T10977] loop1: detected capacity change from 0 to 1024
[  402.095668][T10977] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  402.244063][T10977] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1575'.
[  402.327788][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.529807][T10993] futex_wake_op: syz.3.1577 tries to shift op by 144; fix this program
[  402.679898][ T5949] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  402.876185][ T5949] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  402.890116][ T5949] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  402.919732][ T5949] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  402.955897][ T5949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.989700][T10983] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  403.031184][ T5949] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  404.141027][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  404.141047][   T30] audit: type=1326 audit(1764344183.402:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ba6b8f749 code=0x7ffc0000
[  404.192043][   T30] audit: type=1326 audit(1764344183.442:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ba6b8f749 code=0x7ffc0000
[  404.246724][   T30] audit: type=1326 audit(1764344183.452:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4ba6b2b829 code=0x7ffc0000
[  404.342525][   T30] audit: type=1326 audit(1764344183.452:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ba6b8f749 code=0x7ffc0000
[  404.384179][   T30] audit: type=1326 audit(1764344183.452:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4ba6b2b829 code=0x7ffc0000
[  404.406820][   T30] audit: type=1326 audit(1764344183.452:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ba6b8f749 code=0x7ffc0000
[  404.526416][   T30] audit: type=1326 audit(1764344183.482:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4ba6b2b829 code=0x7ffc0000
[  404.577831][   T30] audit: type=1326 audit(1764344183.482:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ba6b8f749 code=0x7ffc0000
[  404.644587][   T30] audit: type=1326 audit(1764344183.492:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4ba6b2b829 code=0x7ffc0000
[  404.831450][   T30] audit: type=1326 audit(1764344183.492:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10982 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4ba6b2b829 code=0x7ffc0000
[  404.879475][T11023] loop0: detected capacity change from 0 to 128
[  404.980840][T11023] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  405.214246][T11023] hpfs: filesystem error: improperly stopped
[  405.363554][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  405.431361][T11023] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  405.557364][T11023] hpfs: You really don't want any checks? You are crazy...
[  405.574462][T11023] hpfs: hpfs_map_sector(): read error
[  405.596307][T11023] hpfs: code page support is disabled
[  405.625178][T11023] hpfs: hpfs_map_4sectors(): unaligned read
[  405.644016][T11023] hpfs: hpfs_map_4sectors(): unaligned read
[  405.649993][T11023] hpfs: filesystem error: unable to find root dir
[  405.676106][ T6097] usb 3-1: USB disconnect, device number 7
[  406.520720][T11057] futex_wake_op: syz.3.1597 tries to shift op by 144; fix this program
[  408.064920][T11039] loop2: detected capacity change from 0 to 40427
[  408.434179][T11082] FAULT_INJECTION: forcing a failure.
[  408.434179][T11082] name failslab, interval 1, probability 0, space 0, times 0
[  408.446881][T11082] CPU: 0 UID: 0 PID: 11082 Comm: syz.4.1603 Not tainted syzkaller #0 PREEMPT(full) 
[  408.446902][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  408.446911][T11082] Call Trace:
[  408.446918][T11082]  <TASK>
[  408.446926][T11082]  dump_stack_lvl+0x189/0x250
[  408.446949][T11082]  ? __pfx____ratelimit+0x10/0x10
[  408.446965][T11082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.446982][T11082]  ? __pfx__printk+0x10/0x10
[  408.447009][T11082]  ? __pfx___might_resched+0x10/0x10
[  408.447028][T11082]  should_fail_ex+0x414/0x560
[  408.447048][T11082]  should_failslab+0xa8/0x100
[  408.447068][T11082]  __kmalloc_cache_noprof+0x84/0x700
[  408.447084][T11082]  ? alloc_pipe_info+0xe9/0x4d0
[  408.447103][T11082]  alloc_pipe_info+0xe9/0x4d0
[  408.447120][T11082]  splice_direct_to_actor+0xa5d/0xcc0
[  408.447151][T11082]  ? __pfx_aa_file_perm+0x10/0x10
[  408.447168][T11082]  ? __pfx_direct_splice_actor+0x10/0x10
[  408.447187][T11082]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  408.447226][T11082]  do_splice_direct+0x181/0x270
[  408.447248][T11082]  ? __pfx_do_splice_direct+0x10/0x10
[  408.447266][T11082]  ? common_file_perm+0x1b5/0x220
[  408.447290][T11082]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  408.447312][T11082]  ? bpf_lsm_file_permission+0x9/0x20
[  408.447329][T11082]  ? security_file_permission+0x75/0x290
[  408.447349][T11082]  ? rw_verify_area+0x255/0x4d0
[  408.447366][T11082]  do_sendfile+0x4da/0x7e0
[  408.447384][T11082]  ? __pfx_vfs_write+0x10/0x10
[  408.447402][T11082]  ? __pfx_do_sendfile+0x10/0x10
[  408.447421][T11082]  ? __fget_files+0x3a0/0x420
[  408.447447][T11082]  __se_sys_sendfile64+0x13e/0x190
[  408.447467][T11082]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  408.447488][T11082]  ? do_syscall_64+0xbe/0xf80
[  408.447508][T11082]  do_syscall_64+0xfa/0xf80
[  408.447525][T11082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.447540][T11082]  ? clear_bhb_loop+0x60/0xb0
[  408.447558][T11082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.447572][T11082] RIP: 0033:0x7f5a24b8f749
[  408.447587][T11082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.447601][T11082] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  408.447617][T11082] RAX: ffffffffffffffda RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  408.447628][T11082] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  408.447637][T11082] RBP: 00007f5a25a42090 R08: 0000000000000000 R09: 0000000000000000
[  408.447647][T11082] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000001
[  408.447656][T11082] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  408.447679][T11082]  </TASK>
[  408.784113][T11039] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  408.832477][T11039] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  409.245313][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  409.414392][T11099] loop3: detected capacity change from 0 to 512
[  409.421676][T11099] EXT4-fs: Ignoring removed mblk_io_submit option
[  409.555529][T11099] ext4: Unknown parameter 'hash'
[  411.625194][T11113] loop2: detected capacity change from 0 to 256
[  411.751916][T11113] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  411.861054][T11113] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  412.473729][ T6097] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  413.024105][ T6097] usb 3-1: Using ep0 maxpacket: 32
[  413.049671][ T6097] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  413.066106][ T6097] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.105482][ T6097] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  413.121807][ T6097] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  413.184685][T11140] futex_wake_op: syz.3.1618 tries to shift op by 144; fix this program
[  413.242842][ T6097] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.262096][ T6097] usb 3-1: Product: syz
[  413.361976][ T6097] usb 3-1: Manufacturer: syz
[  413.429051][ T6097] usb 3-1: SerialNumber: syz
[  413.459348][ T6097] usb 3-1: config 0 descriptor??
[  413.479676][ T6097] rndis_host 3-1:0.0: skipping garbage
[  413.531127][ T6097] usb 3-1: bad CDC descriptors
[  413.574622][ T6097] cdc_acm 3-1:0.0: skipping garbage
[  413.585926][ T6097] cdc_acm 3-1:0.0: Control and data interfaces are not separated!
[  413.605236][ T6097] cdc_acm 3-1:0.0: This needs exactly 3 endpoints
[  413.626770][ T6097] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  413.713590][T11113] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1606'.
[  414.163521][T11158] sctp: [Deprecated]: syz.2.1606 (pid 11158) Use of struct sctp_assoc_value in delayed_ack socket option.
[  414.163521][T11158] Use struct sctp_sack_info instead
[  414.845675][T11164] loop4: detected capacity change from 0 to 128
[  414.970914][T11164] bio_check_eod: 4 callbacks suppressed
[  414.970935][T11164] syz.4.1626: attempt to access beyond end of device
[  414.970935][T11164] loop4: rw=2049, sector=185, nr_sectors = 1 limit=128
[  415.146437][T11168] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1627'.
[  415.242797][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.242797][ T6575] loop4: rw=1, sector=145, nr_sectors = 40 limit=128
[  415.270307][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.270307][ T6575] loop4: rw=1, sector=186, nr_sectors = 1 limit=128
[  415.310325][T11168] syz.0.1627 (11168) used greatest stack depth: 16680 bytes left
[  415.320888][ T6575] Buffer I/O error on dev loop4, logical block 186, lost async page write
[  415.331406][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.331406][ T6575] loop4: rw=1, sector=187, nr_sectors = 1 limit=128
[  415.347892][ T6575] Buffer I/O error on dev loop4, logical block 187, lost async page write
[  415.358305][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.358305][ T6575] loop4: rw=1, sector=188, nr_sectors = 1 limit=128
[  415.372359][ T6575] Buffer I/O error on dev loop4, logical block 188, lost async page write
[  415.381805][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.381805][ T6575] loop4: rw=1, sector=189, nr_sectors = 1 limit=128
[  415.397471][ T6575] Buffer I/O error on dev loop4, logical block 189, lost async page write
[  415.407301][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.407301][ T6575] loop4: rw=1, sector=190, nr_sectors = 1 limit=128
[  415.477771][ T6575] Buffer I/O error on dev loop4, logical block 190, lost async page write
[  415.519987][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.519987][ T6575] loop4: rw=1, sector=191, nr_sectors = 1 limit=128
[  415.571122][ T6575] Buffer I/O error on dev loop4, logical block 191, lost async page write
[  415.593167][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.593167][ T6575] loop4: rw=1, sector=192, nr_sectors = 1 limit=128
[  415.651746][ T6575] Buffer I/O error on dev loop4, logical block 192, lost async page write
[  415.683667][T11173] loop1: detected capacity change from 0 to 8192
[  415.730948][ T5912] usb 3-1: USB disconnect, device number 8
[  415.750552][ T6575] kworker/u8:18: attempt to access beyond end of device
[  415.750552][ T6575] loop4: rw=1, sector=193, nr_sectors = 848 limit=128
[  415.809944][   T30] kauditd_printk_skb: 192 callbacks suppressed
[  415.809966][   T30] audit: type=1800 audit(1764344195.072:334): pid=11173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1630" name="file1" dev="loop1" ino=1048611 res=0 errno=0
[  416.244687][   T30] audit: type=1326 audit(1764344195.502:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd5b8f749 code=0x7ffc0000
[  416.334438][   T30] audit: type=1326 audit(1764344195.502:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd5b8f749 code=0x7ffc0000
[  416.378536][T11188] loop4: detected capacity change from 0 to 512
[  416.394032][   T30] audit: type=1326 audit(1764344195.532:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f3dd5b8f749 code=0x7ffc0000
[  416.466877][T11188] EXT4-fs (loop4): orphan cleanup on readonly fs
[  416.471279][   T30] audit: type=1326 audit(1764344195.532:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd5b8f749 code=0x7ffc0000
[  416.512964][T11188] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.1636: bad orphan inode 13
[  416.535961][T11188] ext4_test_bit(bit=12, block=18) = 1
[  416.541447][T11188] is_bad_inode(inode)=0
[  416.556180][T11188] NEXT_ORPHAN(inode)=2130706432
[  416.583616][   T30] audit: type=1326 audit(1764344195.532:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd5b8f749 code=0x7ffc0000
[  416.606649][T11188] max_ino=32
[  416.609089][   T30] audit: type=1326 audit(1764344195.592:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.4.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  416.610092][T11188] i_nlink=1
[  416.667546][T11195] tipc: New replicast peer: 255.255.255.255
[  416.675329][   T30] audit: type=1326 audit(1764344195.612:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.4.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  416.696263][T11188] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  416.723443][T11195] tipc: Enabled bearer <udp:syz2>, priority 10
[  416.754170][   T30] audit: type=1326 audit(1764344195.612:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.4.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5a24b8f749 code=0x7ffc0000
[  416.812558][   T30] audit: type=1326 audit(1764344195.612:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.4.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5a24b8f783 code=0x7ffc0000
[  416.832133][T11188] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  416.920467][T11188] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  416.953358][T11207] EXT4-fs error (device loop4): ext4_lookup:1785: inode #15: comm syz.4.1636: iget: bad i_size value: 360287970189639690
[  417.155366][T11203] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  417.170277][T11209] loop0: detected capacity change from 0 to 8192
[  417.239221][T11126]  loop0: p1 p2 p3 p4
[  417.239221][T11126]  p1: <minix: p5 >
[  417.261364][T11126] loop0: p1 size 196608 extends beyond EOD, truncated
[  417.282498][T11126] loop0: p2 start 164919041 is beyond EOD, truncated
[  417.288095][ T5829] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.302621][T11126] loop0: p3 size 66846464 extends beyond EOD, truncated
[  417.326079][T11216] loop3: detected capacity change from 0 to 2048
[  417.359848][T11126] loop0: p4 size 37048832 extends beyond EOD, truncated
[  417.386891][T11126] loop0: p5 size 196608 extends beyond EOD, truncated
[  417.426165][T11216] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  417.456947][T11209]  loop0: p1 p2 p3 p4
[  417.456947][T11209]  p1: <minix: p5 >
[  417.479693][T11220] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  417.484549][T11209] loop0: p1 size 196608 extends beyond EOD, truncated
[  417.505798][T11209] loop0: p2 start 164919041 is beyond EOD, truncated
[  417.512115][T11220] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  417.533910][T11209] loop0: p3 size 66846464 extends beyond EOD, truncated
[  417.572641][T11209] loop0: p4 size 37048832 extends beyond EOD, truncated
[  417.614278][T11209] loop0: p5 size 196608 extends beyond EOD, truncated
[  417.707827][  T934] tipc: Node number set to 4294246401
[  417.756207][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.956045][T11224] Falling back ldisc for ttyS3.
[  418.043356][T11232] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1650'.
[  418.137254][T11125] udevd[11125]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  418.168214][ T5995] udevd[5995]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory
[  418.180699][T11126] udevd[11126]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  418.213761][ T5841] udevd[5841]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  418.397160][T11125] udevd[11125]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  418.400440][ T5995] udevd[5995]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory
[  418.418500][ T5841] udevd[5841]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  418.432262][T11126] udevd[11126]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  421.059632][ T5144] Bluetooth: hci5: command 0x1003 tx timeout
[  421.129274][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  421.789850][   T30] kauditd_printk_skb: 69 callbacks suppressed
[  421.789878][   T30] audit: type=1326 audit(1764344201.052:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.1.1669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  421.864818][   T30] audit: type=1326 audit(1764344201.082:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.1.1669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  421.983910][   T30] audit: type=1326 audit(1764344201.082:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.1.1669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  422.103279][   T30] audit: type=1326 audit(1764344201.092:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.1.1669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  422.162912][T11300] loop0: detected capacity change from 0 to 512
[  422.230182][   T30] audit: type=1326 audit(1764344201.152:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.1.1669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  422.276880][T11300] EXT4-fs (loop0): orphan cleanup on readonly fs
[  422.283945][   T30] audit: type=1326 audit(1764344201.152:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.1.1669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  422.306670][   T30] audit: type=1326 audit(1764344201.152:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.1.1669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  422.344375][T11303] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  422.371851][T11300] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.1673: bad orphan inode 13
[  422.415656][T11300] ext4_test_bit(bit=12, block=18) = 1
[  422.421096][T11300] is_bad_inode(inode)=0
[  422.443789][T11300] NEXT_ORPHAN(inode)=2130706432
[  422.448897][T11300] max_ino=32
[  422.452120][T11300] i_nlink=1
[  422.468276][T11300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  422.586462][T11300] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  422.658040][T11300] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  422.881716][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  423.112479][T11325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1678'.
[  423.242927][T11326] loop3: detected capacity change from 0 to 2048
[  423.364760][T11326] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  423.380295][T11326] ext4 filesystem being mounted at /343/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  423.432141][T11325] team0: Port device team_slave_1 removed
[  423.459409][T11327] loop1: detected capacity change from 0 to 512
[  423.535503][T11327] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  423.603645][T11327] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  423.634288][T11327] EXT4-fs (loop1): orphan cleanup on readonly fs
[  423.663796][ T5925] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  423.740298][T11327] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.1680: corrupted inode contents
[  423.793820][T11327] EXT4-fs (loop1): Remounting filesystem read-only
[  423.801427][T11327] EXT4-fs (loop1): 1 truncate cleaned up
[  423.824873][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  423.836941][T11341] netlink: 'syz.4.1684': attribute type 1 has an invalid length.
[  423.837093][ T5925] usb 4-1: device descriptor read/64, error -71
[  423.867587][   T37] Quota error (device loop1): write_blk: dquota write failed
[  423.898981][   T37] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  423.920221][T11345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1684'.
[  423.921112][T11341] 8021q: adding VLAN 0 to HW filter on device bond1
[  423.938219][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  423.948882][   T37] Quota error (device loop1): write_blk: dquota write failed
[  423.963860][   T37] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  424.004074][T11327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  424.127672][ T5925] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  424.175152][T11352] loop0: detected capacity change from 0 to 512
[  424.247066][T11352] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  424.266319][ T5925] usb 4-1: device descriptor read/64, error -71
[  424.296766][T11352] ext4 filesystem being mounted at /365/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  424.441838][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.461957][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.499525][ T5925] usb usb4-port1: attempt power cycle
[  424.547700][T11345] bond1 (unregistering): Released all slaves
[  424.882360][ T5925] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  424.892236][T11367] loop4: detected capacity change from 0 to 128
[  424.894585][T11365] smc: net device bond0 applied user defined pnetid SYZ0
[  424.916391][ T5925] usb 4-1: device descriptor read/8, error -71
[  424.927031][T11365] smc: net device bond0 erased user defined pnetid SYZ0
[  425.173996][ T5925] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  425.225742][ T5925] usb 4-1: device descriptor read/8, error -71
[  425.336195][ T5925] usb usb4-port1: unable to enumerate USB device
[  425.966859][T11311] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set
[  426.003373][T11311] EXT4-fs (loop3): Remounting filesystem read-only
[  426.026507][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.160408][T11387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1701'.
[  426.190829][T11387] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1701'.
[  426.505098][T11397] loop3: detected capacity change from 0 to 512
[  426.533604][T11397] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  426.618587][T11397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  426.634136][T11397] ext4 filesystem being mounted at /346/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  426.867323][T11408] loop1: detected capacity change from 0 to 512
[  426.894607][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  426.978600][T11408] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  427.033771][T11408] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  427.118878][T11408] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4215: comm syz.1.1708: Allocating blocks 41-42 which overlap fs metadata
[  427.128563][T11421] process 'syz.0.1712' launched './file0' with NULL argv: empty string added
[  427.142976][T11408] __quota_error: 4 callbacks suppressed
[  427.142996][T11408] Quota error (device loop1): write_blk: dquota write failed
[  427.156689][T11408] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5
[  427.168406][T11408] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4215: comm syz.1.1708: Allocating blocks 41-42 which overlap fs metadata
[  427.183807][T11408] Quota error (device loop1): write_blk: dquota write failed
[  427.191367][T11408] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  427.202081][T11408] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.1708: Failed to acquire dquot type 1
[  427.214373][T11408] EXT4-fs error (device loop1): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  427.233175][T11408] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.1708: corrupted inode contents
[  427.254183][T11408] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #12: comm syz.1.1708: mark_inode_dirty error
[  427.296007][T11408] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.1708: corrupted inode contents
[  427.382388][T11408] EXT4-fs error (device loop1): __ext4_ext_dirty:211: inode #12: comm syz.1.1708: mark_inode_dirty error
[  427.444926][T11408] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.1708: corrupted inode contents
[  427.503215][T11428] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1716'.
[  427.561840][T11408] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem
[  427.597440][T11408] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.1708: corrupted inode contents
[  427.612255][T11408] EXT4-fs error (device loop1): ext4_truncate:4635: inode #12: comm syz.1.1708: mark_inode_dirty error
[  427.648929][T11408] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem
[  427.696201][T11431] loop3: detected capacity change from 0 to 512
[  427.697279][T11408] EXT4-fs (loop1): 1 truncate cleaned up
[  427.726268][T11408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  427.741400][T11431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  427.783938][T11431] ext4 filesystem being mounted at /349/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  427.885471][   T30] audit: type=1800 audit(1764344207.142:421): pid=11431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1717" name="file1" dev="loop3" ino=15 res=0 errno=0
[  428.072352][T11408] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  428.183616][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.344709][   T30] audit: type=1326 audit(1764344207.612:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11446 comm="syz.1.1723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  428.438940][   T30] audit: type=1326 audit(1764344207.632:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11446 comm="syz.1.1723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  428.503850][   T30] audit: type=1326 audit(1764344207.632:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11446 comm="syz.1.1723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  428.528954][   T30] audit: type=1326 audit(1764344207.642:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11446 comm="syz.1.1723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  428.564429][   T30] audit: type=1326 audit(1764344207.642:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11446 comm="syz.1.1723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04d8d8f749 code=0x7ffc0000
[  428.626222][T11453] batadv1: entered promiscuous mode
[  428.641647][T11453] batadv1: entered allmulticast mode
[  429.022548][T11464] loop4: detected capacity change from 0 to 128
[  429.189528][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.989210][T11486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1742'.
[  430.484394][T11491] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  430.491317][T11491] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  430.505452][T11491] vhci_hcd vhci_hcd.0: Device attached
[  430.623208][T11495] vhci_hcd: connection closed
[  431.146619][ T5912] usb 36-1: SetAddress Request (2) to port 0
[  431.483919][ T5912] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd
[  431.506818][ T6112] vhci_hcd vhci_hcd.1: stop threads
[  431.534331][ T6112] vhci_hcd vhci_hcd.1: release socket
[  431.561124][ T6112] vhci_hcd vhci_hcd.1: disconnect device
[  431.650567][T11480] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  431.741431][T11480] infiniband syb2: RDMA CMA: cma_listen_on_dev, error -98
[  431.766471][T11486] ==================================================================
[  431.774602][T11486] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[  431.782102][T11486] Read of size 1 at addr ffff8881442ba1d8 by task syz.4.1742/11486
[  431.790031][T11486] 
[  431.792385][T11486] CPU: 0 UID: 0 PID: 11486 Comm: syz.4.1742 Not tainted syzkaller #0 PREEMPT(full) 
[  431.792415][T11486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  431.792430][T11486] Call Trace:
[  431.792441][T11486]  <TASK>
[  431.792452][T11486]  dump_stack_lvl+0x189/0x250
[  431.792483][T11486]  ? __virt_addr_valid+0x1c8/0x5c0
[  431.792513][T11486]  ? rcu_is_watching+0x15/0xb0
[  431.792540][T11486]  ? __kasan_check_byte+0x12/0x40
[  431.792567][T11486]  ? __pfx_dump_stack_lvl+0x10/0x10
[  431.792592][T11486]  ? rcu_is_watching+0x15/0xb0
[  431.792618][T11486]  ? lock_release+0x4b/0x3b0
[  431.792642][T11486]  ? __virt_addr_valid+0x1c8/0x5c0
[  431.792672][T11486]  ? __virt_addr_valid+0x4a5/0x5c0
[  431.792703][T11486]  print_report+0xca/0x240
[  431.792725][T11486]  ? _raw_spin_lock+0x2e/0x40
[  431.792745][T11486]  kasan_report+0x118/0x150
[  431.792771][T11486]  ? _raw_spin_lock+0x2e/0x40
[  431.792796][T11486]  ? mqueue_flush_file+0x49/0x270
[  431.792823][T11486]  __kasan_check_byte+0x2a/0x40
[  431.792848][T11486]  lock_acquire+0x84/0x340
[  431.792875][T11486]  ? __pfx_mqueue_flush_file+0x10/0x10
[  431.792902][T11486]  _raw_spin_lock+0x2e/0x40
[  431.792929][T11486]  ? mqueue_flush_file+0x49/0x270
[  431.792956][T11486]  mqueue_flush_file+0x49/0x270
[  431.792982][T11486]  ? filp_flush+0xae/0x190
[  431.793014][T11486]  ? __pfx_mqueue_flush_file+0x10/0x10
[  431.793040][T11486]  filp_flush+0xbd/0x190
[  431.793071][T11486]  filp_close+0x1d/0x40
[  431.793100][T11486]  put_files_struct+0x1ba/0x350
[  431.793130][T11486]  do_exit+0x67f/0x2310
[  431.793162][T11486]  ? do_raw_spin_lock+0x121/0x290
[  431.793194][T11486]  ? __pfx_do_exit+0x10/0x10
[  431.793232][T11486]  do_group_exit+0x21c/0x2d0
[  431.793262][T11486]  ? lockdep_hardirqs_on+0x98/0x140
[  431.793289][T11486]  get_signal+0x1285/0x1340
[  431.793321][T11486]  arch_do_signal_or_restart+0x9a/0x7a0
[  431.793356][T11486]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  431.793386][T11486]  ? __x64_sys_sendmsg+0x230/0x260
[  431.793423][T11486]  ? exit_to_user_mode_loop+0x55/0x4f0
[  431.793448][T11486]  exit_to_user_mode_loop+0x87/0x4f0
[  431.793470][T11486]  ? rcu_is_watching+0x15/0xb0
[  431.793499][T11486]  do_syscall_64+0x2e3/0xf80
[  431.793527][T11486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.793549][T11486]  ? clear_bhb_loop+0x60/0xb0
[  431.793573][T11486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.793596][T11486] RIP: 0033:0x7f5a24b8f749
[  431.793615][T11486] Code: Unable to access opcode bytes at 0x7f5a24b8f71f.
[  431.793627][T11486] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  431.793650][T11486] RAX: 0000000000000024 RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  431.793667][T11486] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 0000000000000007
[  431.793680][T11486] RBP: 00007f5a24c13f91 R08: 0000000000000000 R09: 0000000000000000
[  431.793693][T11486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  431.793705][T11486] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  431.793729][T11486]  </TASK>
[  431.793736][T11486] 
[  432.086612][T11486] Allocated by task 11486:
[  432.091037][T11486]  kasan_save_track+0x3e/0x80
[  432.095739][T11486]  __kasan_slab_alloc+0x6c/0x80
[  432.100616][T11486]  kmem_cache_alloc_lru_noprof+0x36c/0x6e0
[  432.106459][T11486]  mqueue_alloc_inode+0x28/0x40
[  432.111330][T11486]  alloc_inode+0x6a/0x1b0
[  432.115675][T11486]  new_inode+0x22/0x170
[  432.119842][T11486]  mqueue_get_inode+0x27/0xb50
[  432.124618][T11486]  mqueue_create_attr+0x1ac/0x2e0
[  432.129655][T11486]  vfs_mkobj+0xcf/0x290
[  432.133833][T11486]  do_mq_open+0x60d/0x7c0
[  432.138184][T11486]  __x64_sys_mq_open+0x16a/0x1c0
[  432.143162][T11486]  do_syscall_64+0xfa/0xf80
[  432.147691][T11486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.153598][T11486] 
[  432.155943][T11486] Freed by task 23:
[  432.159751][T11486]  kasan_save_track+0x3e/0x80
[  432.164438][T11486]  kasan_save_free_info+0x46/0x50
[  432.169476][T11486]  __kasan_slab_free+0x5c/0x80
[  432.174262][T11486]  kmem_cache_free+0x197/0x620
[  432.179048][T11486]  rcu_core+0xd70/0x1870
[  432.183315][T11486]  handle_softirqs+0x27d/0x850
[  432.188102][T11486]  run_ksoftirqd+0x9b/0x100
[  432.192634][T11486]  smpboot_thread_fn+0x542/0xa60
[  432.197582][T11486]  kthread+0x711/0x8a0
[  432.201678][T11486]  ret_from_fork+0x599/0xb30
[  432.206277][T11486]  ret_from_fork_asm+0x1a/0x30
[  432.211058][T11486] 
[  432.213394][T11486] Last potentially related work creation:
[  432.219114][T11486]  kasan_save_stack+0x3e/0x60
[  432.223805][T11486]  kasan_record_aux_stack+0xbd/0xd0
[  432.229032][T11486]  call_rcu+0x157/0x9c0
[  432.233204][T11486]  evict+0x931/0xae0
[  432.237133][T11486]  __dentry_kill+0x209/0x660
[  432.241750][T11486]  finish_dput+0xc9/0x480
[  432.246105][T11486]  __fput+0x68e/0xa70
[  432.250106][T11486]  task_work_run+0x1d4/0x260
[  432.254717][T11486]  exit_to_user_mode_loop+0xff/0x4f0
[  432.260020][T11486]  do_syscall_64+0x2e3/0xf80
[  432.264659][T11486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.270566][T11486] 
[  432.272905][T11486] The buggy address belongs to the object at ffff8881442ba1c0
[  432.272905][T11486]  which belongs to the cache mqueue_inode_cache of size 1576
[  432.287675][T11486] The buggy address is located 24 bytes inside of
[  432.287675][T11486]  freed 1576-byte region [ffff8881442ba1c0, ffff8881442ba7e8)
[  432.301492][T11486] 
[  432.303835][T11486] The buggy address belongs to the physical page:
[  432.310277][T11486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1442b8
[  432.319141][T11486] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  432.327648][T11486] memcg:ffff888141ef5001
[  432.331889][T11486] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  432.339534][T11486] page_type: f5(slab)
[  432.343521][T11486] raw: 057ff00000000040 ffff888145a8a3c0 dead000000000122 0000000000000000
[  432.352120][T11486] raw: 0000000000000000 0000000080120012 00000000f5000000 ffff888141ef5001
[  432.360713][T11486] head: 057ff00000000040 ffff888145a8a3c0 dead000000000122 0000000000000000
[  432.369390][T11486] head: 0000000000000000 0000000080120012 00000000f5000000 ffff888141ef5001
[  432.378159][T11486] head: 057ff00000000003 ffffea000510ae01 00000000ffffffff 00000000ffffffff
[  432.386841][T11486] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  432.395515][T11486] page dumped because: kasan: bad access detected
[  432.401944][T11486] page_owner tracks the page as allocated
[  432.407659][T11486] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8676735188, free_ts 0
[  432.427382][T11486]  post_alloc_hook+0x234/0x290
[  432.432164][T11486]  get_page_from_freelist+0x2365/0x2440
[  432.437722][T11486]  __alloc_frozen_pages_noprof+0x181/0x370
[  432.443553][T11486]  alloc_pages_mpol+0x232/0x4a0
[  432.448416][T11486]  allocate_slab+0x86/0x3b0
[  432.452933][T11486]  ___slab_alloc+0xf2b/0x1960
[  432.457634][T11486]  __slab_alloc+0x65/0x100
[  432.462059][T11486]  kmem_cache_alloc_lru_noprof+0x3fe/0x6e0
[  432.467881][T11486]  mqueue_alloc_inode+0x28/0x40
[  432.472747][T11486]  alloc_inode+0x6a/0x1b0
[  432.477091][T11486]  new_inode+0x22/0x170
[  432.481261][T11486]  mqueue_fill_super+0xdc/0x380
[  432.486124][T11486]  get_tree_nodev+0xbb/0x150
[  432.490719][T11486]  vfs_get_tree+0x92/0x2a0
[  432.495165][T11486]  fc_mount_longterm+0x1c/0x100
[  432.500023][T11486]  mq_init_ns+0x275/0x360
[  432.504367][T11486] page_owner free stack trace missing
[  432.509743][T11486] 
[  432.512074][T11486] Memory state around the buggy address:
[  432.517738][T11486]  ffff8881442ba080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  432.525895][T11486]  ffff8881442ba100: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  432.533969][T11486] >ffff8881442ba180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  432.542134][T11486]                                                     ^
[  432.549098][T11486]  ffff8881442ba200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  432.557164][T11486]  ffff8881442ba280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  432.565226][T11486] ==================================================================
[  432.575098][T11486] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  432.582337][T11486] CPU: 0 UID: 0 PID: 11486 Comm: syz.4.1742 Not tainted syzkaller #0 PREEMPT(full) 
[  432.591738][T11486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  432.601839][T11486] Call Trace:
[  432.605142][T11486]  <TASK>
[  432.608084][T11486]  dump_stack_lvl+0x99/0x250
[  432.612718][T11486]  ? __asan_memcpy+0x40/0x70
[  432.617334][T11486]  ? __pfx_dump_stack_lvl+0x10/0x10
[  432.622556][T11486]  ? __pfx__printk+0x10/0x10
[  432.627169][T11486]  vpanic+0x237/0x6d0
[  432.631167][T11486]  ? __pfx_vpanic+0x10/0x10
[  432.635690][T11486]  ? irqentry_exit+0x5dd/0x660
[  432.640484][T11486]  ? trace_irq_disable+0x37/0x100
[  432.645542][T11486]  panic+0xb9/0xc0
[  432.649292][T11486]  ? __pfx_panic+0x10/0x10
[  432.653740][T11486]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  432.659676][T11486]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  432.666021][T11486]  ? _raw_spin_lock+0x2e/0x40
[  432.670745][T11486]  check_panic_on_warn+0x89/0xb0
[  432.675749][T11486]  ? _raw_spin_lock+0x2e/0x40
[  432.680460][T11486]  end_report+0x6f/0x140
[  432.684809][T11486]  kasan_report+0x129/0x150
[  432.689333][T11486]  ? _raw_spin_lock+0x2e/0x40
[  432.694111][T11486]  ? mqueue_flush_file+0x49/0x270
[  432.699191][T11486]  __kasan_check_byte+0x2a/0x40
[  432.704069][T11486]  lock_acquire+0x84/0x340
[  432.708521][T11486]  ? __pfx_mqueue_flush_file+0x10/0x10
[  432.714002][T11486]  _raw_spin_lock+0x2e/0x40
[  432.718537][T11486]  ? mqueue_flush_file+0x49/0x270
[  432.723668][T11486]  mqueue_flush_file+0x49/0x270
[  432.728541][T11486]  ? filp_flush+0xae/0x190
[  432.733002][T11486]  ? __pfx_mqueue_flush_file+0x10/0x10
[  432.738478][T11486]  filp_flush+0xbd/0x190
[  432.742834][T11486]  filp_close+0x1d/0x40
[  432.747047][T11486]  put_files_struct+0x1ba/0x350
[  432.751922][T11486]  do_exit+0x67f/0x2310
[  432.756110][T11486]  ? do_raw_spin_lock+0x121/0x290
[  432.761250][T11486]  ? __pfx_do_exit+0x10/0x10
[  432.766066][T11486]  do_group_exit+0x21c/0x2d0
[  432.770710][T11486]  ? lockdep_hardirqs_on+0x98/0x140
[  432.775941][T11486]  get_signal+0x1285/0x1340
[  432.780505][T11486]  arch_do_signal_or_restart+0x9a/0x7a0
[  432.786089][T11486]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  432.792283][T11486]  ? __x64_sys_sendmsg+0x230/0x260
[  432.797451][T11486]  ? exit_to_user_mode_loop+0x55/0x4f0
[  432.802956][T11486]  exit_to_user_mode_loop+0x87/0x4f0
[  432.808277][T11486]  ? rcu_is_watching+0x15/0xb0
[  432.813091][T11486]  do_syscall_64+0x2e3/0xf80
[  432.817757][T11486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.823845][T11486]  ? clear_bhb_loop+0x60/0xb0
[  432.828543][T11486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.834460][T11486] RIP: 0033:0x7f5a24b8f749
[  432.838905][T11486] Code: Unable to access opcode bytes at 0x7f5a24b8f71f.
[  432.845940][T11486] RSP: 002b:00007f5a25a42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  432.854374][T11486] RAX: 0000000000000024 RBX: 00007f5a24de5fa0 RCX: 00007f5a24b8f749
[  432.862373][T11486] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 0000000000000007
[  432.870369][T11486] RBP: 00007f5a24c13f91 R08: 0000000000000000 R09: 0000000000000000
[  432.878361][T11486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  432.886391][T11486] R13: 00007f5a24de6038 R14: 00007f5a24de5fa0 R15: 00007fff3e3146b8
[  432.894400][T11486]  </TASK>
[  432.897784][T11486] Kernel Offset: disabled
[  432.902126][T11486] Rebooting in 86400 seconds..