last executing test programs: 10.144247847s ago: executing program 2 (id=1338): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00') read$FUSE(r2, &(0x7f0000000140)={0x2020}, 0x2020) 8.997622781s ago: executing program 2 (id=1356): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) syz_emit_ethernet(0x5e, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb88a800008100400086dd600a843500203b"], 0x0) 3.313779657s ago: executing program 2 (id=1380): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x5}}], 0x10) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000000c0), &(0x7f0000000180)=0x8) 2.355869915s ago: executing program 2 (id=1389): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet(0x2, 0x2, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x16, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x22d00, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) close(r0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.476080079s ago: executing program 0 (id=1403): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c) sendmsg$inet(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f00000002c0)="feb8defb9d1fdc5e6d50b18da9f2e1939f40fce0c6e312b5101d44d38f4f8be7a294a85f1fb1d0dbca84e97e7b65bde2b94d11b429f6eeb68a0a0797fa77868310d85a1e50fcb3f339b1cdfdb1b4a2568465ba23724cc0c3ea01b458a95ca005d72d69811bdab6ec333abecdc68772fc97efa65ce95c6846ef2b0966863e20a1ec582b8aebf1924bd8edf86337a0fb6b0c100349117acc219ff91a5a7c568f62774167ac087ba9abbcb2dce06df67aaf34cb8204a86cc4b8219001203d49ea306b59cf3eaaa35b2ae5add30eea3f7a543670419c8143875f337c47e84b5c2eb3de3fd75aabaf5168fbd402b8980fd2f48486fe8a0ab33a8808355ff32f114b2966d115f8c2fe587618af47de0a9a2b10d7cc3169db127fdaf6a1cf9a731180680720c437cb09b1a4c289781b2af70fc2513bb89a51062df574374afef335ee5227c68db0bcfe0e51b9fba0e8c0658198a9de6fe19a0e29c3239818d5cd922d12725f9a2cf5f830655afd3cd90866e7b9e3c9867a3afa16d60242fb2569a67d8e2a077a1f8058179a5040e69d1854807ee5264dc62d688c78f1c3e5c8d0e200b9b8e54b569a3db22752e7c7c98302880cbc5047c8c575fa02cfb380b3aef9fe30bb5f59ce5861263f049be8a1fcdff70137dc658a712a755b556d5e7b0b759a1f87a8a19d8e2c3850c37a519b5b57351cb1b56dd57165964be22a1807d37340e9ef7949800990af954382b3b1e8f45dc56a84b065da15b377335146b4ce8b556a1ca40106a37696be4b5ba83c6fbe7f2a16ca83b2b7badf2b8a174951fc2c33b382ab14fdc62c3e87ca088324cd0c9a106ea7ca117e66418657478675277da07f5187da0d00766c9714d425c1c8af26cc526f40600f08ad40829ed0cb29934e8a4d8c29a62b0ad5e15aecc1768b268837db3bbba4156e0ea2a458d7e0159fd8905640449dc2e05cc52abfc0967d7239851e7308bea25a019d290740702523075f3a26d263a27c612e3d8d80473a21f6952062bc432bc0a8156a0e016edf1c80e35a6267517c04754d494ed0961c06e1a7308bf2b3175a4dd74aded5cdf2eabaac5d186175501b1052fdbf0b85fe4e2375b4717ef2eccd48d12545a2f1fad324c81f3ac35a09353f9824076031f449e08cdb5e4183492bd5c93a9244f4989e725e69ed242f610822daff8dd0e160cf21b73a80361eb000b447bd29fcb236193601e284a08c10d6dd5a359f269010528e774c82f0b62080516239e36e98d248182ded17a70b6ac1ac70cafbb9fbc339569fc606267aac59004918a5ebb4ab7978b0fd68ec77a223c0c79e454097469638816fc621deaceca47f5e42958e29ab84ace4b89ffeb6d3c05b9b65e048d70ddceb29c0a00c5db952637138b3e9edb8af209d9b813c9b425bf95651ab1ac35f9b650aa82994b9087c67102e16a1791cbf9a8c7be18cf1ca82a0bf11a758d07af677fda4e127ea4a1ddf067e72ba7efc7edfd40e40d754120d4d6c0de69ed0f1d45ca584c435847e91950583836ba68e6867347dfccfaf817c99448b2e9f4ccdba2313d6c39694f75305051795a355a1b9103183013faf6096f8c971dae4a693dfa18593ea7aa1c34e10ab7c53f51c66bcaa1c4e88942cb63e9cbee21fdd5752732ff870c95ec549ed3788134cb628f6ecd94bda04eca6ebe1ca529bc9b9c1468ae758c87a6adee4aa180f24bb6714e61689084ad321551883b85483035d3d5078d71b2419af06631343fa6c3109dc25972a785266cc17339aac5032af3e1076f08b5c593f96aaa9e5ff512d31c1b99bf0f2a64e45eb7515cea626d1c59413b2a2de0d953984e6f268aba70082cd7cd7da309dcf0783a34c795b6d87c5addc74929e4191516b97fc28785c6d7cc6bb51d42fbf0cd54139facbdae3d61a9f71883699f32630132afd59c67719592089067a173c754c13b1a54a50c4119c93f279166d82b075ed0df831bc3d6b62d4b8cb5cfedb48edf4b0e15b73170bad473efcf298095dd1d2c0017f782e", 0xfffffd15}], 0x1}, 0x0) 1.463141036s ago: executing program 2 (id=1405): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x2, 0x10}, 0xc) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x3}, 0x8) writev(r0, &(0x7f00000001c0)=[{&(0x7f00000016c0)="48cc", 0x2}], 0x1) 1.315401939s ago: executing program 0 (id=1406): r0 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) syz_usb_disconnect(r0) 1.042065247s ago: executing program 3 (id=1412): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0x9000, 0x2000, &(0x7f0000000000/0x2000)=nil}) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 979.432865ms ago: executing program 1 (id=1413): r0 = syz_open_dev$cec(0x0, 0x0, 0x180) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000080)={'@\x00', 0x0, 0x6, 0x2, 0x0, 0x1, "f70000000000000000deffffff00", '\x00\x00\a\x00', "020500", "0001ffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0cdd42000000000000c20d00"]}) 951.81067ms ago: executing program 1 (id=1414): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x95}) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000200)) 912.000523ms ago: executing program 1 (id=1415): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) recvmsg(r1, &(0x7f00000043c0)={0x0, 0x0, 0x0}, 0x20000080) 827.405197ms ago: executing program 3 (id=1416): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x2, {0x0, 0x0, 0x0, r1, {0x0, 0xfff8}, {0xffff, 0xffff}, {0x16, 0xa}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000020000000008f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0xd, 0x81, 0x16, 0x2, 0x12, 0x5}}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) 791.32702ms ago: executing program 3 (id=1417): syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x8, 0x6, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x41000, 0xf72cb191e650caa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x1, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x700, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x31]}}) 583.356121ms ago: executing program 0 (id=1418): symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x80) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000005c0), 0x8040, &(0x7f0000000600)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) rename(&(0x7f0000000040)='./file2\x00', &(0x7f0000000100)='./file0\x00') 503.369686ms ago: executing program 3 (id=1419): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040)=0x40, 0x4) 480.873011ms ago: executing program 2 (id=1420): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001340)='lp', 0x2) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 335.019333ms ago: executing program 0 (id=1421): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0xcc0, 0x0) openat$pidfd(0xffffffffffffff9c, 0x0, 0x2000, 0x0) syz_emit_vhci(&(0x7f0000002f80)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x9, 0xc9, 0x2, 0x800}}}, 0x9) 311.403679ms ago: executing program 1 (id=1422): r0 = syz_open_dev$cec(0x0, 0x0, 0x180) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000080)={'@\x00', 0x0, 0x6, 0x2, 0x0, 0x1, "f70000000000000000deffffff00", '\x00\x00\a\x00', "020500", "0001ffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0cdd42000000000000c20d00"]}) 303.929968ms ago: executing program 3 (id=1423): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040), 0xc) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) writev(r0, &(0x7f0000000840)=[{&(0x7f0000000300)="bf", 0x1}], 0x1) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r2, 0xffffffffffffffff, 0x0) 172.214413ms ago: executing program 1 (id=1424): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000048, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) rename(&(0x7f0000000040)='./file2\x00', &(0x7f0000000100)='./file0\x00') 171.760022ms ago: executing program 3 (id=1425): syz_usb_connect(0x0, 0x59, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000100)}}], 0x1, 0x2004000) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) 170.860643ms ago: executing program 0 (id=1426): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) socket$unix(0x1, 0x1, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x5}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1000005, 0x8, 0x4, 0xa, 0x3}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x40, 0x1}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x404c000}, 0x0) 47.281759ms ago: executing program 1 (id=1427): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x60, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, 0x0, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB], 0x3c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4) sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4040850}, 0x0) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x30, r4, 0x1, 0x3, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_TID={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r6 = socket(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) 0s ago: executing program 0 (id=1428): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x2, 0x10}, 0xc) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x3}, 0x8) writev(r0, &(0x7f00000001c0)=[{&(0x7f00000016c0)="48cc", 0x2}], 0x1) kernel console output (not intermixed with test programs): 433.131993][ T7914] ? __lock_acquire+0x7d40/0x7d40 [ 433.137137][ T7914] should_fail_ex+0x39d/0x4d0 [ 433.141833][ T7914] _copy_from_user+0x2f/0xe0 [ 433.146529][ T7914] __se_sys_memfd_create+0x295/0x660 [ 433.151960][ T7914] do_syscall_64+0x55/0xa0 [ 433.156418][ T7914] ? clear_bhb_loop+0x40/0x90 [ 433.161120][ T7914] ? clear_bhb_loop+0x40/0x90 [ 433.165843][ T7914] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 433.171770][ T7914] RIP: 0033:0x7f978919c799 [ 433.176214][ T7914] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 433.195868][ T7914] RSP: 002b:00007f978a0f2e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 433.204312][ T7914] RAX: ffffffffffffffda RBX: 00000000000002c4 RCX: 00007f978919c799 [ 433.212282][ T7914] RDX: 00007f978a0f2ee0 RSI: 0000000000000000 RDI: 00007f9789232db9 [ 433.220471][ T7914] RBP: 00002000000003c0 R08: 00000000ffffffff R09: 0000000000000000 [ 433.228488][ T7914] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000340 [ 433.236479][ T7914] R13: 00007f978a0f2ee0 R14: 00007f978a0f2ea0 R15: 0000200000000380 [ 433.244468][ T7914] [ 433.708250][ T7918] netlink: 'syz.3.537': attribute type 1 has an invalid length. [ 433.779883][ T7921] loop0: detected capacity change from 0 to 128 [ 433.798979][ T7921] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 433.848743][ T7918] bond1: entered promiscuous mode [ 433.854283][ T7918] 8021q: adding VLAN 0 to HW filter on device bond1 [ 433.869029][ T7921] hpfs: filesystem error: improperly stopped [ 433.875367][ T7921] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 433.897907][ T7921] hpfs: You really don't want any checks? You are crazy... [ 433.909895][ T7921] hpfs: Code page index out of array [ 433.925397][ T7921] hpfs: code page support is disabled [ 433.940610][ T7921] hpfs: hpfs_map_4sectors(): unaligned read [ 433.946774][ T7921] hpfs: hpfs_map_4sectors(): unaligned read [ 433.960532][ T7921] hpfs: filesystem error: unable to find root dir [ 433.975768][ T7922] 8021q: adding VLAN 0 to HW filter on device bond1 [ 434.018034][ T7922] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 434.034855][ T7916] hpfs: bad mount options. [ 434.064793][ T7925] loop2: detected capacity change from 0 to 512 [ 434.072337][ T7922] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 434.081919][ T7925] EXT4-fs: inline encryption not supported [ 434.096280][ T7922] bond1: (slave vcan1): making interface the new active one [ 434.096608][ T7927] FAULT_INJECTION: forcing a failure. [ 434.096608][ T7927] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 434.104453][ T7922] vcan1: entered promiscuous mode [ 434.126150][ T7922] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 434.146969][ T7925] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 434.167221][ T7925] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 434.177147][ T7927] CPU: 1 PID: 7927 Comm: syz.1.540 Not tainted syzkaller #0 [ 434.184479][ T7927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 434.194651][ T7927] Call Trace: [ 434.197951][ T7927] [ 434.200899][ T7927] dump_stack_lvl+0x18c/0x250 [ 434.205607][ T7927] ? show_regs_print_info+0x20/0x20 [ 434.210826][ T7927] ? load_image+0x400/0x400 [ 434.215357][ T7927] ? __might_fault+0xaa/0x120 [ 434.220135][ T7927] ? __lock_acquire+0x7d40/0x7d40 [ 434.225198][ T7927] should_fail_ex+0x39d/0x4d0 [ 434.229923][ T7927] _copy_from_user+0x2f/0xe0 [ 434.234824][ T7927] __se_sys_memfd_create+0x295/0x660 [ 434.240170][ T7927] do_syscall_64+0x55/0xa0 [ 434.244863][ T7927] ? clear_bhb_loop+0x40/0x90 [ 434.249557][ T7927] ? clear_bhb_loop+0x40/0x90 [ 434.254262][ T7927] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 434.260182][ T7927] RIP: 0033:0x7faf9ef9c799 [ 434.264612][ T7927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 434.284335][ T7927] RSP: 002b:00007faf9fe5ce08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 434.292875][ T7927] RAX: ffffffffffffffda RBX: 00000000000005ef RCX: 00007faf9ef9c799 [ 434.301082][ T7927] RDX: 00007faf9fe5cee0 RSI: 0000000000000000 RDI: 00007faf9f032db9 [ 434.309249][ T7927] RBP: 00002000000006c0 R08: 00000000ffffffff R09: 0000000000000000 [ 434.317242][ T7927] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000640 [ 434.325243][ T7927] R13: 00007faf9fe5cee0 R14: 00007faf9fe5cea0 R15: 0000200000000680 [ 434.333247][ T7927] [ 434.373455][ T7925] Quota error (device loop2): do_insert_tree: Free block already used in tree: block 1 [ 434.407065][ T7925] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 434.432294][ T7925] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.539: Failed to acquire dquot type 1 [ 434.468469][ T7936] loop3: detected capacity change from 0 to 512 [ 434.480399][ T7925] EXT4-fs (loop2): Remounting filesystem read-only [ 434.510682][ T7925] EXT4-fs (loop2): 1 truncate cleaned up [ 434.548187][ T7925] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 434.643791][ T7925] Illegal XDP return value 4294900224 on prog (id 32) dev syz_tun, expect packet loss! [ 434.902207][ T7940] loop1: detected capacity change from 0 to 128 [ 435.502959][ T7942] loop3: detected capacity change from 0 to 128 [ 435.583190][ T7942] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 435.610140][ T7942] hpfs: filesystem error: improperly stopped [ 435.616792][ T7942] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 435.646755][ T7942] hpfs: You really don't want any checks? You are crazy... [ 435.662779][ T7942] hpfs: Code page index out of array [ 435.677156][ T7942] hpfs: code page support is disabled [ 435.703376][ T7942] hpfs: hpfs_map_4sectors(): unaligned read [ 435.737279][ T7942] hpfs: hpfs_map_4sectors(): unaligned read [ 435.743493][ T7942] hpfs: filesystem error: unable to find root dir [ 435.796013][ T7942] hpfs: bad mount options. [ 435.855888][ T7934] loop0: detected capacity change from 0 to 32768 [ 436.024263][ T7934] overlay: filesystem on ./bus not supported [ 436.245444][ T7952] loop3: detected capacity change from 0 to 16 [ 436.303972][ T7952] erofs: (device loop3): mounted with root inode @ nid 36. [ 436.352540][ T7950] loop1: detected capacity change from 0 to 32768 [ 436.493901][ T7952] syz.3.548: attempt to access beyond end of device [ 436.493901][ T7952] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 436.517199][ T7953] ERROR: (device loop1): dbAlloc: the hint is outside the map [ 436.517199][ T7953] [ 436.547087][ T7953] ERROR: (device loop1): remounting filesystem as read-only [ 436.559793][ T7953] syz.1.549: attempt to access beyond end of device [ 436.559793][ T7953] loop1: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 436.947557][ T112] blkno = 1580, nblocks = 1 [ 436.955594][ T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 436.955594][ T112] [ 436.984889][ T7952] syz.3.548: attempt to access beyond end of device [ 436.984889][ T7952] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 437.102140][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 437.158123][ T7952] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 437.231795][ T28] audit: type=1800 audit(1772749553.402:91): pid=7952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.548" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 437.373342][ T7956] loop0: detected capacity change from 0 to 32768 [ 437.684964][ T7957] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 437.684964][ T7957] [ 437.714055][ T7957] ERROR: (device loop0): remounting filesystem as read-only [ 437.726802][ T7957] syz.0.550: attempt to access beyond end of device [ 437.726802][ T7957] loop0: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 438.137132][ T113] blkno = 1580, nblocks = 1 [ 438.141712][ T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 438.141712][ T113] [ 438.156825][ T7961] FAULT_INJECTION: forcing a failure. [ 438.156825][ T7961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 438.170344][ T7961] CPU: 0 PID: 7961 Comm: syz.2.553 Not tainted syzkaller #0 [ 438.177674][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 438.187765][ T7961] Call Trace: [ 438.191100][ T7961] [ 438.194065][ T7961] dump_stack_lvl+0x18c/0x250 [ 438.198799][ T7961] ? show_regs_print_info+0x20/0x20 [ 438.204053][ T7961] ? load_image+0x400/0x400 [ 438.208609][ T7961] ? __might_fault+0xaa/0x120 [ 438.213408][ T7961] ? __lock_acquire+0x7d40/0x7d40 [ 438.218464][ T7961] should_fail_ex+0x39d/0x4d0 [ 438.223170][ T7961] _copy_from_user+0x2f/0xe0 [ 438.227791][ T7961] __se_sys_memfd_create+0x295/0x660 [ 438.233115][ T7961] do_syscall_64+0x55/0xa0 [ 438.237644][ T7961] ? clear_bhb_loop+0x40/0x90 [ 438.242362][ T7961] ? clear_bhb_loop+0x40/0x90 [ 438.247083][ T7961] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 438.253096][ T7961] RIP: 0033:0x7fafe7d9c799 [ 438.257555][ T7961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 438.277291][ T7961] RSP: 002b:00007fafe8ce4e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 438.285737][ T7961] RAX: ffffffffffffffda RBX: 000000000001f675 RCX: 00007fafe7d9c799 [ 438.293739][ T7961] RDX: 00007fafe8ce4ee0 RSI: 0000000000000000 RDI: 00007fafe7e32db9 [ 438.301881][ T7961] RBP: 000020000001f740 R08: 00000000ffffffff R09: 0000000000000000 [ 438.309852][ T7961] R10: 0000000000000001 R11: 0000000000000202 R12: 000020000001f6c0 [ 438.317824][ T7961] R13: 00007fafe8ce4ee0 R14: 00007fafe8ce4ea0 R15: 000020000001f700 [ 438.325805][ T7961] [ 438.466005][ T7963] netlink: 12 bytes leftover after parsing attributes in process `syz.3.555'. [ 438.567962][ T7965] loop1: detected capacity change from 0 to 2048 [ 438.766531][ T7972] loop2: detected capacity change from 0 to 128 [ 438.794050][ T7972] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 438.848451][ T7972] hpfs: filesystem error: improperly stopped [ 438.867147][ T787] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 438.875777][ T7972] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 438.899883][ T7972] hpfs: You really don't want any checks? You are crazy... [ 438.910760][ T7972] hpfs: Code page index out of array [ 438.916326][ T7972] hpfs: code page support is disabled [ 438.926634][ T7972] hpfs: hpfs_map_4sectors(): unaligned read [ 438.927391][ T7637] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 438.933866][ T7972] hpfs: hpfs_map_4sectors(): unaligned read [ 438.952134][ T7972] hpfs: filesystem error: unable to find root dir [ 438.977173][ T7972] hpfs: bad mount options. [ 439.059030][ T787] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 439.069802][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.090383][ T787] usb 1-1: config 0 descriptor?? [ 439.120949][ T7637] usb 2-1: config 0 has an invalid interface number: 37 but max is 1 [ 439.153612][ T7637] usb 2-1: config 0 has an invalid interface number: 255 but max is 1 [ 439.168342][ T7976] FAULT_INJECTION: forcing a failure. [ 439.168342][ T7976] name failslab, interval 1, probability 0, space 0, times 0 [ 439.182159][ T7976] CPU: 1 PID: 7976 Comm: syz.2.559 Not tainted syzkaller #0 [ 439.189668][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 439.192822][ T7637] usb 2-1: config 0 has no interface number 0 [ 439.199730][ T7976] Call Trace: [ 439.199751][ T7976] [ 439.199759][ T7976] dump_stack_lvl+0x18c/0x250 [ 439.199791][ T7976] ? show_regs_print_info+0x20/0x20 [ 439.199811][ T7976] ? load_image+0x400/0x400 [ 439.199831][ T7976] ? __might_sleep+0xe0/0xe0 [ 439.199849][ T7976] ? __lock_acquire+0x7d40/0x7d40 [ 439.199871][ T7976] should_fail_ex+0x39d/0x4d0 [ 439.199897][ T7976] should_failslab+0x9/0x20 [ 439.199917][ T7976] slab_pre_alloc_hook+0x59/0x310 [ 439.199947][ T7976] ? do_signalfd4+0x134/0x320 [ 439.199969][ T7976] __kmem_cache_alloc_node+0x53/0x250 [ 439.226689][ T7637] usb 2-1: config 0 has no interface number 1 [ 439.226985][ T7976] ? __lock_acquire+0x7d40/0x7d40 [ 439.227016][ T7976] ? do_signalfd4+0x134/0x320 [ 439.227039][ T7976] kmalloc_trace+0x2a/0xe0 [ 439.227062][ T7976] do_signalfd4+0x134/0x320 [ 439.227087][ T7976] __x64_sys_signalfd4+0x15b/0x1a0 [ 439.247156][ T7637] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 439.251161][ T7976] ? lock_chain_count+0x20/0x20 [ 439.251197][ T7976] ? signalfd_cleanup+0x60/0x60 [ 439.270931][ T7637] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 439.272310][ T7976] ? lockdep_hardirqs_on+0x98/0x150 [ 439.287398][ T7637] usb 2-1: config 0 interface 255 has no altsetting 0 [ 439.291019][ T7976] do_syscall_64+0x55/0xa0 [ 439.291056][ T7976] ? clear_bhb_loop+0x40/0x90 [ 439.291076][ T7976] ? clear_bhb_loop+0x40/0x90 [ 439.291094][ T7976] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 439.340093][ T7637] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=20.a3 [ 439.342269][ T7976] RIP: 0033:0x7fafe7d9c799 [ 439.342295][ T7976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 439.353733][ T7637] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.357750][ T7976] RSP: 002b:00007fafe8ce5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000121 [ 439.357776][ T7976] RAX: ffffffffffffffda RBX: 00007fafe8015fa0 RCX: 00007fafe7d9c799 [ 439.357788][ T7976] RDX: 0000000000000008 RSI: 0000200000000080 RDI: ffffffffffffffff [ 439.357799][ T7976] RBP: 00007fafe8ce5090 R08: 0000000000000000 R09: 0000000000000000 [ 439.357810][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.357822][ T7976] R13: 00007fafe8016038 R14: 00007fafe8015fa0 R15: 00007ffd4634fad8 [ 439.357854][ T7976] [ 439.441176][ T7974] loop3: detected capacity change from 0 to 32768 [ 439.472393][ T7637] usb 2-1: Product: syz [ 439.476645][ T7637] usb 2-1: Manufacturer: syz [ 439.481597][ T7637] usb 2-1: SerialNumber: syz [ 439.567590][ T7974] overlay: filesystem on ./bus not supported [ 439.573771][ T7637] usb 2-1: config 0 descriptor?? [ 439.675200][ T7969] capability: warning: `syz.0.554' uses 32-bit capabilities (legacy support in use) [ 439.861753][ T7965] loop1: detected capacity change from 0 to 16 [ 439.881992][ T7965] erofs: (device loop1): mounted with root inode @ nid 36. [ 439.940856][ T7980] loop2: detected capacity change from 0 to 32768 [ 440.054633][ T7981] ERROR: (device loop2): dbAlloc: the hint is outside the map [ 440.054633][ T7981] [ 440.072536][ T7981] ERROR: (device loop2): remounting filesystem as read-only [ 440.085218][ T7981] syz.2.560: attempt to access beyond end of device [ 440.085218][ T7981] loop2: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 440.501357][ T7637] usb 2-1: USB disconnect, device number 5 [ 440.522882][ T112] blkno = 1580, nblocks = 1 [ 440.528822][ T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 440.528822][ T112] [ 440.540763][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.547344][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.960139][ T7988] loop1: detected capacity change from 0 to 16 [ 441.015497][ T7988] erofs: (device loop1): mounted with root inode @ nid 36. [ 441.053847][ T7988] syz.1.563: attempt to access beyond end of device [ 441.053847][ T7988] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 441.141833][ T7991] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 441.375690][ T7988] syz.1.563: attempt to access beyond end of device [ 441.375690][ T7988] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 441.740874][ T7988] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 441.817789][ T28] audit: type=1800 audit(1772749557.982:92): pid=7988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.563" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 441.877191][ T787] [drm:udl_init] *ERROR* Selecting channel failed [ 441.949024][ T787] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [ 441.954484][ T7994] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 441.956613][ T787] [drm] Initialized udl on minor 2 [ 442.038034][ T787] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 442.074503][ T787] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 442.135264][ T7637] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 442.145514][ T787] usb 1-1: USB disconnect, device number 6 [ 442.163761][ T7637] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 442.269018][ T8000] loop2: detected capacity change from 0 to 128 [ 442.308117][ T8000] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 442.342496][ T8000] hpfs: filesystem error: improperly stopped [ 442.343749][ T8004] loop3: detected capacity change from 0 to 4096 [ 442.349293][ T8000] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 442.363720][ T8000] hpfs: You really don't want any checks? You are crazy... [ 442.374004][ T8000] hpfs: Code page index out of array [ 442.388673][ T8004] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 442.394905][ T8000] hpfs: code page support is disabled [ 442.413223][ T8000] hpfs: hpfs_map_4sectors(): unaligned read [ 442.413522][ T8004] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 442.428515][ T8000] hpfs: hpfs_map_4sectors(): unaligned read [ 442.434806][ T8000] hpfs: filesystem error: unable to find root dir [ 442.441515][ T8004] ntfs3: loop3: try to read out of volume at offset 0x1ff000 [ 442.469647][ T8000] hpfs: bad mount options. [ 442.474493][ T8004] ntfs3: loop3: Failed to load $MFT. [ 442.824242][ T8009] loop2: detected capacity change from 0 to 8 [ 442.867345][ T8009] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 442.968852][ T8007] loop3: detected capacity change from 0 to 32768 [ 443.089959][ T8010] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 443.089959][ T8010] [ 443.103025][ T8010] ERROR: (device loop3): remounting filesystem as read-only [ 443.115150][ T8010] syz.3.571: attempt to access beyond end of device [ 443.115150][ T8010] loop3: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 443.584286][ T113] blkno = 1580, nblocks = 1 [ 443.588939][ T113] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map [ 443.588939][ T113] [ 443.954692][ T7637] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 444.009017][ T8018] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 444.157944][ T7637] usb 1-1: Using ep0 maxpacket: 16 [ 444.171313][ T7637] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 444.188050][ T7637] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 444.224577][ T7637] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 444.262047][ T7637] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.297465][ T7637] usb 1-1: Product: syz [ 444.310280][ T7637] usb 1-1: Manufacturer: syz [ 444.332637][ T7637] usb 1-1: SerialNumber: syz [ 444.347521][ T5813] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 444.390881][ T8026] bridge2: entered promiscuous mode [ 444.539729][ T5813] usb 2-1: Using ep0 maxpacket: 8 [ 444.568650][ T5813] usb 2-1: config index 0 descriptor too short (expected 29970, got 18) [ 444.597678][ T5813] usb 2-1: config 0 has too many interfaces: 168, using maximum allowed: 32 [ 444.616952][ T5813] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 168 [ 444.630675][ T5813] usb 2-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a [ 444.640113][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.656289][ T5813] usb 2-1: Product: syz [ 444.662583][ T8028] loop3: detected capacity change from 0 to 2048 [ 444.670396][ T5813] usb 2-1: Manufacturer: syz [ 444.685353][ T5813] usb 2-1: SerialNumber: syz [ 444.718853][ T5813] usb 2-1: config 0 descriptor?? [ 444.737919][ T8028] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 444.754068][ T5813] gspca_main: xirlink-cit-2.14.0 probing 0545:800c [ 444.777323][ T5813] input: xirlink-cit as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 444.799391][ T7637] usb 1-1: 0:2 : does not exist [ 444.998977][ T5813] usb 2-1: USB disconnect, device number 6 [ 446.044019][ T8014] loop0: detected capacity change from 0 to 131072 [ 446.081330][ T8014] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0) [ 446.091014][ T8014] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 446.106571][ T8014] F2FS-fs (loop0): invalid crc value [ 446.139692][ T8014] F2FS-fs (loop0): Found nat_bits in checkpoint [ 446.226673][ T8014] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 446.234268][ T8014] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 446.283937][ T8014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 446.293022][ T8014] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 446.441361][ T7637] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 446.473239][ T8043] loop2: detected capacity change from 0 to 128 [ 446.574727][ T7637] usb 1-1: USB disconnect, device number 7 [ 446.586320][ T8043] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 446.691654][ T8043] hpfs: filesystem error: improperly stopped [ 446.751231][ T7383] udevd[7383]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 446.767680][ T8043] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 446.775524][ T8043] hpfs: You really don't want any checks? You are crazy... [ 446.846896][ T8047] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 446.929978][ T8043] hpfs: Code page index out of array [ 447.095305][ T8043] hpfs: code page support is disabled [ 447.262654][ T8043] hpfs: hpfs_map_4sectors(): unaligned read [ 447.383630][ T8043] hpfs: hpfs_map_4sectors(): unaligned read [ 447.445779][ T8043] hpfs: filesystem error: unable to find root dir [ 447.557707][ T8043] hpfs: bad mount options. [ 447.649827][ T8028] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 447.954718][ T8050] loop1: detected capacity change from 0 to 32768 [ 448.086713][ T8055] ERROR: (device loop1): dbAlloc: the hint is outside the map [ 448.086713][ T8055] [ 448.112434][ T8055] ERROR: (device loop1): remounting filesystem as read-only [ 448.125586][ T8055] syz.1.582: attempt to access beyond end of device [ 448.125586][ T8055] loop1: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 448.544651][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 448.812171][ T8057] netlink: 12 bytes leftover after parsing attributes in process `syz.3.583'. [ 448.822056][ T113] blkno = 1580, nblocks = 1 [ 448.854627][ T113] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 448.854627][ T113] [ 449.368104][ T8069] FAULT_INJECTION: forcing a failure. [ 449.368104][ T8069] name failslab, interval 1, probability 0, space 0, times 0 [ 449.397626][ T8069] CPU: 0 PID: 8069 Comm: syz.3.588 Not tainted syzkaller #0 [ 449.405056][ T8069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 449.415132][ T8069] Call Trace: [ 449.418514][ T8069] [ 449.421467][ T8069] dump_stack_lvl+0x18c/0x250 [ 449.426176][ T8069] ? show_regs_print_info+0x20/0x20 [ 449.431409][ T8069] ? load_image+0x400/0x400 [ 449.435984][ T8069] ? __might_sleep+0xe0/0xe0 [ 449.440595][ T8069] ? __lock_acquire+0x7d40/0x7d40 [ 449.445703][ T8069] should_fail_ex+0x39d/0x4d0 [ 449.450462][ T8069] should_failslab+0x9/0x20 [ 449.454971][ T8069] slab_pre_alloc_hook+0x59/0x310 [ 449.460017][ T8069] ? __might_sleep+0xe0/0xe0 [ 449.464640][ T8069] kmem_cache_alloc_node+0x60/0x320 [ 449.469864][ T8069] ? __alloc_skb+0x103/0x2c0 [ 449.474546][ T8069] __alloc_skb+0x103/0x2c0 [ 449.479009][ T8069] netlink_sendmsg+0x66a/0xbf0 [ 449.483928][ T8069] ? netlink_getsockopt+0x590/0x590 [ 449.489295][ T8069] ? aa_sock_msg_perm+0x94/0x150 [ 449.494406][ T8069] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 449.499700][ T8069] ? security_socket_sendmsg+0x80/0xa0 [ 449.505148][ T8069] ? netlink_getsockopt+0x590/0x590 [ 449.510378][ T8069] ____sys_sendmsg+0x5ba/0x960 [ 449.515137][ T8069] ? __asan_memset+0x22/0x40 [ 449.519901][ T8069] ? __sys_sendmsg_sock+0x30/0x30 [ 449.524940][ T8069] ? __import_iovec+0x5f2/0x850 [ 449.529939][ T8069] ? import_iovec+0x73/0xa0 [ 449.534559][ T8069] ___sys_sendmsg+0x2a6/0x360 [ 449.539261][ T8069] ? get_pid_task+0x20/0x1e0 [ 449.543878][ T8069] ? __sys_sendmsg+0x2a0/0x2a0 [ 449.548640][ T8069] ? __lock_acquire+0x7d40/0x7d40 [ 449.553747][ T8069] __se_sys_sendmsg+0x1c2/0x2b0 [ 449.558603][ T8069] ? __x64_sys_sendmsg+0x80/0x80 [ 449.563557][ T8069] ? lockdep_hardirqs_on+0x98/0x150 [ 449.568791][ T8069] do_syscall_64+0x55/0xa0 [ 449.573251][ T8069] ? clear_bhb_loop+0x40/0x90 [ 449.577955][ T8069] ? clear_bhb_loop+0x40/0x90 [ 449.582625][ T8069] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 449.588514][ T8069] RIP: 0033:0x7f992ad9c799 [ 449.593008][ T8069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 449.612612][ T8069] RSP: 002b:00007f992bc9d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 449.621014][ T8069] RAX: ffffffffffffffda RBX: 00007f992b015fa0 RCX: 00007f992ad9c799 [ 449.628998][ T8069] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 449.637023][ T8069] RBP: 00007f992bc9d090 R08: 0000000000000000 R09: 0000000000000000 [ 449.645019][ T8069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 449.653087][ T8069] R13: 00007f992b016038 R14: 00007f992b015fa0 R15: 00007fff2265d408 [ 449.661080][ T8069] [ 450.118087][ T8081] FAULT_INJECTION: forcing a failure. [ 450.118087][ T8081] name failslab, interval 1, probability 0, space 0, times 0 [ 450.989259][ T8081] CPU: 0 PID: 8081 Comm: syz.3.590 Not tainted syzkaller #0 [ 450.996656][ T8081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 451.006887][ T8081] Call Trace: [ 451.010432][ T8081] [ 451.013356][ T8081] dump_stack_lvl+0x18c/0x250 [ 451.018046][ T8081] ? show_regs_print_info+0x20/0x20 [ 451.023240][ T8081] ? load_image+0x400/0x400 [ 451.027745][ T8081] ? __might_sleep+0xe0/0xe0 [ 451.032415][ T8081] ? __lock_acquire+0x7d40/0x7d40 [ 451.037520][ T8081] should_fail_ex+0x39d/0x4d0 [ 451.042318][ T8081] should_failslab+0x9/0x20 [ 451.046901][ T8081] slab_pre_alloc_hook+0x59/0x310 [ 451.051936][ T8081] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 451.057482][ T8081] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 451.063136][ T8081] __kmem_cache_alloc_node+0x53/0x250 [ 451.068682][ T8081] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 451.074597][ T8081] __kmalloc+0xa4/0x230 [ 451.079157][ T8081] bpf_prog_test_run_skb+0x238/0x12b0 [ 451.084630][ T8081] ? __fget_files+0x28/0x4b0 [ 451.089405][ T8081] ? __fget_files+0x28/0x4b0 [ 451.094109][ T8081] ? __fget_files+0x43d/0x4b0 [ 451.098795][ T8081] ? cpu_online+0x60/0x60 [ 451.103121][ T8081] bpf_prog_test_run+0x321/0x390 [ 451.108146][ T8081] __sys_bpf+0x49d/0x890 [ 451.112410][ T8081] ? bpf_link_show_fdinfo+0x390/0x390 [ 451.117809][ T8081] ? lock_chain_count+0x20/0x20 [ 451.122668][ T8081] __x64_sys_bpf+0x7c/0x90 [ 451.127092][ T8081] do_syscall_64+0x55/0xa0 [ 451.131512][ T8081] ? clear_bhb_loop+0x40/0x90 [ 451.136178][ T8081] ? clear_bhb_loop+0x40/0x90 [ 451.140860][ T8081] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 451.146743][ T8081] RIP: 0033:0x7f992ad9c799 [ 451.151151][ T8081] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 451.170837][ T8081] RSP: 002b:00007f992bc9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 451.179245][ T8081] RAX: ffffffffffffffda RBX: 00007f992b015fa0 RCX: 00007f992ad9c799 [ 451.187210][ T8081] RDX: 0000000000000028 RSI: 0000200000000180 RDI: 000000000000000a [ 451.195345][ T8081] RBP: 00007f992bc9d090 R08: 0000000000000000 R09: 0000000000000000 [ 451.203307][ T8081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.211277][ T8081] R13: 00007f992b016038 R14: 00007f992b015fa0 R15: 00007fff2265d408 [ 451.219342][ T8081] [ 451.550889][ T8087] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 457.053587][ T8112] loop1: detected capacity change from 0 to 128 [ 457.087726][ T8112] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 457.099782][ T8112] hpfs: filesystem error: improperly stopped [ 457.127517][ T8112] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 457.135434][ T8112] hpfs: You really don't want any checks? You are crazy... [ 457.147752][ T8112] hpfs: Code page index out of array [ 457.153558][ T8112] hpfs: code page support is disabled [ 457.257298][ T8112] hpfs: hpfs_map_4sectors(): unaligned read [ 457.329301][ T8112] hpfs: hpfs_map_4sectors(): unaligned read [ 457.354560][ T8112] hpfs: filesystem error: unable to find root dir [ 457.447411][ T8112] hpfs: bad mount options. [ 457.772269][ T8118] loop3: detected capacity change from 0 to 4096 [ 457.793188][ T8118] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 457.823368][ T8118] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 457.857392][ T8118] ntfs3: loop3: try to read out of volume at offset 0x1ff000 [ 457.882509][ T8118] ntfs3: loop3: Failed to load $MFT. [ 458.230916][ T8125] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 458.907433][ T8124] dummy0: entered promiscuous mode [ 459.038438][ T8124] dummy0: left promiscuous mode [ 470.587461][ T5806] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 470.858402][ T5806] usb 3-1: Using ep0 maxpacket: 16 [ 470.873351][ T5806] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 470.922826][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 470.960037][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 471.007658][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 471.044576][ T5806] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 471.097696][ T5806] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 471.136723][ T5806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.175915][ T5806] usb 3-1: config 0 descriptor?? [ 471.557124][ T5806] rc_core: IR keymap rc-hauppauge not found [ 471.563256][ T5806] Registered IR keymap rc-empty [ 471.587758][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 471.636964][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 471.726382][ T5806] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 471.821199][ T5806] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input6 [ 471.889490][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 471.963967][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.037205][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.078935][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.152871][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.327192][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.572830][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.682907][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.814635][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.873203][ T8189] netlink: 20 bytes leftover after parsing attributes in process `syz.2.618'. [ 472.888576][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 472.939103][ T5806] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 472.977150][ T5806] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 473.038852][ T5806] usb 3-1: USB disconnect, device number 8 [ 475.383887][ T8210] loop2: detected capacity change from 0 to 32768 [ 475.430230][ T8210] JBD2: Ignoring recovery information on journal [ 475.472817][ T8210] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 475.542107][ T8210] OCFS2: ERROR (device loop2): int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *, handle_t *, u32, u32, struct ocfs2_suballoc_result *): Chain allocator dinode 23 has 4294967295 used bits but only 16777215 total [ 475.564064][ T8210] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 475.574132][ T8210] OCFS2: File system is now read-only. [ 475.579671][ T8210] (syz.2.625,8210,1):ocfs2_claim_suballoc_bits:1993 ERROR: status = -30 [ 475.588723][ T8210] (syz.2.625,8210,1):__ocfs2_claim_clusters:2365 ERROR: status = -30 [ 475.596792][ T8210] (syz.2.625,8210,1):__ocfs2_claim_clusters:2373 ERROR: status = -30 [ 475.604947][ T8210] (syz.2.625,8210,1):ocfs2_add_clusters_in_btree:4830 ERROR: status = -30 [ 475.613970][ T8210] (syz.2.625,8210,1):ocfs2_write_cluster:1153 ERROR: status = -30 [ 475.621948][ T8210] (syz.2.625,8210,1):ocfs2_write_cluster_by_desc:1248 ERROR: status = -30 [ 475.630664][ T8210] (syz.2.625,8210,1):ocfs2_write_begin_nolock:1820 ERROR: status = -30 [ 475.639357][ T8210] (syz.2.625,8210,1):ocfs2_write_begin:1907 ERROR: status = -30 [ 475.950376][ T5767] ocfs2: Unmounting device (7,2) on (node local) [ 476.277776][ T8223] FAULT_INJECTION: forcing a failure. [ 476.277776][ T8223] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 476.315880][ T8223] CPU: 0 PID: 8223 Comm: syz.3.629 Not tainted syzkaller #0 [ 476.323310][ T8223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 476.333391][ T8223] Call Trace: [ 476.336701][ T8223] [ 476.339643][ T8223] dump_stack_lvl+0x18c/0x250 [ 476.344353][ T8223] ? show_regs_print_info+0x20/0x20 [ 476.349572][ T8223] ? load_image+0x400/0x400 [ 476.354192][ T8223] ? __lock_acquire+0x7d40/0x7d40 [ 476.359237][ T8223] ? snprintf+0xe9/0x140 [ 476.363500][ T8223] should_fail_ex+0x39d/0x4d0 [ 476.368212][ T8223] _copy_to_user+0x2f/0xa0 [ 476.372723][ T8223] simple_read_from_buffer+0xe7/0x150 [ 476.378112][ T8223] proc_fail_nth_read+0x1e8/0x260 [ 476.383133][ T8223] ? proc_fault_inject_write+0x360/0x360 [ 476.388769][ T8223] ? fsnotify_perm+0x271/0x5e0 [ 476.393528][ T8223] ? proc_fault_inject_write+0x360/0x360 [ 476.399158][ T8223] vfs_read+0x28b/0x970 [ 476.403323][ T8223] ? kernel_read+0x1e0/0x1e0 [ 476.407912][ T8223] ? __fget_files+0x28/0x4b0 [ 476.412502][ T8223] ? __fget_files+0x28/0x4b0 [ 476.417264][ T8223] ? __fget_files+0x43d/0x4b0 [ 476.422039][ T8223] ? __fdget_pos+0x2a3/0x330 [ 476.426621][ T8223] ? ksys_read+0x75/0x260 [ 476.431032][ T8223] ksys_read+0x150/0x260 [ 476.435271][ T8223] ? vfs_write+0x990/0x990 [ 476.439685][ T8223] ? lockdep_hardirqs_on+0x98/0x150 [ 476.444894][ T8223] do_syscall_64+0x55/0xa0 [ 476.449574][ T8223] ? clear_bhb_loop+0x40/0x90 [ 476.454250][ T8223] ? clear_bhb_loop+0x40/0x90 [ 476.458921][ T8223] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 476.464914][ T8223] RIP: 0033:0x7f992ad5cfce [ 476.469498][ T8223] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 476.489198][ T8223] RSP: 002b:00007f992bc9cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 476.497959][ T8223] RAX: ffffffffffffffda RBX: 00007f992bc9d6c0 RCX: 00007f992ad5cfce [ 476.505923][ T8223] RDX: 000000000000000f RSI: 00007f992bc9d0a0 RDI: 0000000000000007 [ 476.513892][ T8223] RBP: 00007f992bc9d090 R08: 0000000000000000 R09: 0000000000000000 [ 476.521867][ T8223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 476.530068][ T8223] R13: 00007f992b016038 R14: 00007f992b015fa0 R15: 00007fff2265d408 [ 476.538766][ T8223] [ 476.780087][ T8228] loop2: detected capacity change from 0 to 16 [ 477.641923][ T8228] erofs: (device loop2): mounted with root inode @ nid 36. [ 477.653132][ T8228] syz.2.630: attempt to access beyond end of device [ 477.653132][ T8228] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 477.672604][ T8228] syz.2.630: attempt to access beyond end of device [ 477.672604][ T8228] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 477.686489][ T8228] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 477.705013][ T28] audit: type=1800 audit(1772749593.872:93): pid=8228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.630" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 478.165252][ T8235] overlayfs: refusing to follow metacopy origin for (/file1) [ 478.417197][ T5813] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 478.497756][ T5806] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 479.497639][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 479.504943][ T5813] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.628741][ T5813] usb 2-1: config 0 interface 0 has no altsetting 0 [ 479.651440][ T5813] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 479.671727][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.754556][ T8244] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 480.259160][ T5806] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 480.444170][ T5813] usb 2-1: config 0 descriptor?? [ 480.466522][ T5806] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 480.490409][ T5806] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 480.504439][ T8247] xt_cgroup: invalid path, errno=-2 [ 480.507661][ T5806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 480.528493][ T5806] usb 3-1: SerialNumber: syz [ 480.588681][ T8247] dummy0: entered promiscuous mode [ 480.594036][ T8247] vlan2: entered promiscuous mode [ 481.049824][ T5806] usb 3-1: 0:2 : does not exist [ 481.968542][ T5806] usb 3-1: USB disconnect, device number 9 [ 481.998783][ T5813] nzxt-smart2 0003:1E71:2009.0003: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 482.063859][ T8147] udevd[8147]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 482.457533][ T8233] tmpfs: Unknown parameter 'gHd' [ 482.490647][ T5806] usb 2-1: USB disconnect, device number 7 [ 482.601115][ T8248] loop3: detected capacity change from 0 to 32768 [ 482.663959][ T8248] (syz.3.635,8248,1):ocfs2_read_journal_inode:1659 ERROR: status = -13 [ 482.677688][ T8248] (syz.3.635,8248,0):ocfs2_mark_dead_nodes:1942 ERROR: status = -13 [ 482.685727][ T8248] (syz.3.635,8248,0):ocfs2_check_volume:2476 ERROR: status = -13 [ 482.707989][ T5808] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 482.716036][ T8248] (syz.3.635,8248,0):ocfs2_check_volume:2488 ERROR: status = -13 [ 482.746548][ T8248] (syz.3.635,8248,0):ocfs2_mount_volume:1820 ERROR: status = -13 [ 482.821494][ T8248] (syz.3.635,8248,0):ocfs2_fill_super:1178 ERROR: status = -13 [ 482.918580][ T5808] usb 3-1: Using ep0 maxpacket: 8 [ 482.933245][ T5808] usb 3-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17 [ 482.954758][ T5808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.975804][ T5808] usb 3-1: Product: syz [ 482.992082][ T5808] usb 3-1: Manufacturer: syz [ 483.007935][ T5808] usb 3-1: SerialNumber: syz [ 483.030235][ T5808] usb 3-1: config 0 descriptor?? [ 483.049364][ T5808] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 483.300460][ T23] usb 3-1: USB disconnect, device number 10 [ 483.918966][ T8283] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 484.348248][ T5813] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 484.984343][ T8294] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 485.119960][ T8295] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 485.667877][ T5813] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 485.717129][ T5813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.743877][ T5813] usb 4-1: config 0 descriptor?? [ 487.422283][ T5813] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 487.440522][ T5813] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 487.457683][ T5813] [drm:udl_init] *ERROR* Selecting channel failed [ 487.492837][ T5813] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2 [ 487.501857][ T5813] [drm] Initialized udl on minor 2 [ 487.509787][ T5813] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 487.522192][ T5813] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 487.535044][ T5806] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 487.557461][ T5813] usb 4-1: USB disconnect, device number 6 [ 487.577770][ T5806] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 487.986401][ T8318] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 488.976465][ T8325] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 489.723853][ T8329] FAULT_INJECTION: forcing a failure. [ 489.723853][ T8329] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 489.751499][ T8329] CPU: 1 PID: 8329 Comm: syz.1.660 Not tainted syzkaller #0 [ 489.758937][ T8329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 489.769212][ T8329] Call Trace: [ 489.772515][ T8329] [ 489.775444][ T8329] dump_stack_lvl+0x18c/0x250 [ 489.780130][ T8329] ? show_regs_print_info+0x20/0x20 [ 489.785327][ T8329] ? load_image+0x400/0x400 [ 489.789838][ T8329] ? __lock_acquire+0x7d40/0x7d40 [ 489.794947][ T8329] ? snprintf+0xe9/0x140 [ 489.799185][ T8329] should_fail_ex+0x39d/0x4d0 [ 489.803860][ T8329] _copy_to_user+0x2f/0xa0 [ 489.808275][ T8329] simple_read_from_buffer+0xe7/0x150 [ 489.813739][ T8329] proc_fail_nth_read+0x1e8/0x260 [ 489.818784][ T8329] ? proc_fault_inject_write+0x360/0x360 [ 489.824508][ T8329] ? fsnotify_perm+0x271/0x5e0 [ 489.829271][ T8329] ? proc_fault_inject_write+0x360/0x360 [ 489.834912][ T8329] vfs_read+0x28b/0x970 [ 489.839108][ T8329] ? kernel_read+0x1e0/0x1e0 [ 489.843695][ T8329] ? __fget_files+0x28/0x4b0 [ 489.848286][ T8329] ? __fget_files+0x28/0x4b0 [ 489.852894][ T8329] ? __fget_files+0x43d/0x4b0 [ 489.857597][ T8329] ? __fdget_pos+0x2a3/0x330 [ 489.862194][ T8329] ? ksys_read+0x75/0x260 [ 489.866542][ T8329] ksys_read+0x150/0x260 [ 489.870979][ T8329] ? vfs_write+0x990/0x990 [ 489.875405][ T8329] ? lockdep_hardirqs_on+0x98/0x150 [ 489.880601][ T8329] do_syscall_64+0x55/0xa0 [ 489.885026][ T8329] ? clear_bhb_loop+0x40/0x90 [ 489.889699][ T8329] ? clear_bhb_loop+0x40/0x90 [ 489.894462][ T8329] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 489.900347][ T8329] RIP: 0033:0x7faf9ef5cfce [ 489.904771][ T8329] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 489.924552][ T8329] RSP: 002b:00007faf9fe5cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 489.932963][ T8329] RAX: ffffffffffffffda RBX: 00007faf9fe5d6c0 RCX: 00007faf9ef5cfce [ 489.941015][ T8329] RDX: 000000000000000f RSI: 00007faf9fe5d0a0 RDI: 0000000000000003 [ 489.949065][ T8329] RBP: 00007faf9fe5d090 R08: 0000000000000000 R09: 0000000000000000 [ 489.957029][ T8329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.964993][ T8329] R13: 00007faf9f216038 R14: 00007faf9f215fa0 R15: 00007ffc1bf1c958 [ 489.972969][ T8329] [ 490.293275][ T8334] ip6_vti0 speed is unknown, defaulting to 1000 [ 490.408679][ T8341] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 491.213206][ T8349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.223983][ T8349] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.467120][ T5807] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 491.651825][ T5807] usb 2-1: Using ep0 maxpacket: 32 [ 491.675622][ T5807] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 491.710328][ T5807] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 491.734921][ T5807] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 491.752528][ T5807] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 491.767687][ T5807] usb 2-1: config 0 interface 0 has no altsetting 0 [ 491.774567][ T5807] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 491.788949][ T5807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.808896][ T5807] usb 2-1: config 0 descriptor?? [ 492.194976][ T5807] usbhid 2-1:0.0: can't add hid device: -71 [ 492.202760][ T5807] usbhid: probe of 2-1:0.0 failed with error -71 [ 492.225965][ T5807] usb 2-1: USB disconnect, device number 8 [ 492.384071][ T28] audit: type=1326 audit(1772749608.552:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.408566][ T28] audit: type=1326 audit(1772749608.562:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.431389][ T28] audit: type=1326 audit(1772749608.562:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.492766][ T28] audit: type=1326 audit(1772749608.562:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.532146][ T28] audit: type=1326 audit(1772749608.562:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.575108][ T28] audit: type=1326 audit(1772749608.562:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.630488][ T28] audit: type=1326 audit(1772749608.582:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.728275][ T28] audit: type=1326 audit(1772749608.582:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.766387][ T28] audit: type=1326 audit(1772749608.582:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.862162][ T28] audit: type=1326 audit(1772749608.632:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe7d9c799 code=0x7ffc0000 [ 492.928061][ T8370] loop1: detected capacity change from 0 to 4096 [ 492.936535][ T8370] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 492.951582][ T8370] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 493.263732][ T8370] ntfs3: loop1: try to read out of volume at offset 0x1ff000 [ 493.293545][ T8370] ntfs3: loop1: Failed to load $MFT. [ 493.312972][ T8370] netlink: 40 bytes leftover after parsing attributes in process `syz.1.669'. [ 493.333098][ T8364] loop2: detected capacity change from 0 to 512 [ 493.625503][ T8378] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 494.512303][ T8362] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 494.563719][ T8362] FAT-fs (loop2): Filesystem has been set read-only [ 494.587810][ T8362] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 548) [ 494.885301][ T8389] loop3: detected capacity change from 0 to 512 [ 494.892283][ T8372] loop0: detected capacity change from 0 to 32768 [ 494.903186][ T8389] ext2: Unknown parameter 'obj_role' [ 494.945450][ T8372] (syz.0.670,8372,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 494.968727][ T8391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.675'. [ 494.987368][ T8372] (syz.0.670,8372,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 495.066292][ T8372] JBD2: Ignoring recovery information on journal [ 495.072809][ T5813] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 495.106825][ T8393] loop3: detected capacity change from 0 to 512 [ 495.148514][ T8393] EXT4-fs: Invalid uid value -1 [ 495.205612][ T8147] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 495.233880][ T8372] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 495.267070][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 495.317172][ T5813] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.359518][ T5813] usb 2-1: config 0 interface 0 has no altsetting 0 [ 495.366193][ T5813] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 495.392257][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.419326][ T5813] usb 2-1: config 0 descriptor?? [ 495.514868][ T5769] ocfs2: Unmounting device (7,0) on (node local) [ 495.964012][ T5813] nzxt-smart2 0003:1E71:2009.0004: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 496.000602][ T8408] loop0: detected capacity change from 0 to 16 [ 496.010759][ T8408] erofs: (device loop0): mounted with root inode @ nid 36. [ 496.028974][ T8408] syz.0.678: attempt to access beyond end of device [ 496.028974][ T8408] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 496.436296][ T8408] syz.0.678: attempt to access beyond end of device [ 496.436296][ T8408] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 496.450321][ T8408] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 496.667209][ T5808] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 496.741587][ T787] usb 2-1: USB disconnect, device number 9 [ 496.909511][ T5808] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.932239][ T5808] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.951840][ T5808] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 496.969515][ T5808] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 496.980456][ T5808] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.008558][ T5808] usb 3-1: config 0 descriptor?? [ 497.456103][ T8430] netlink: 12 bytes leftover after parsing attributes in process `syz.1.687'. [ 497.543553][ T8423] loop3: detected capacity change from 0 to 32768 [ 497.569661][ T8431] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 498.101458][ T8397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.163780][ T5808] plantronics 0003:047F:FFFF.0005: unbalanced collection at end of report description [ 498.175561][ T5808] plantronics 0003:047F:FFFF.0005: parse failed [ 498.185121][ T5808] plantronics: probe of 0003:047F:FFFF.0005 failed with error -22 [ 498.202508][ T8397] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.346697][ T8433] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 498.346697][ T8433] [ 498.357515][ T8433] ERROR: (device loop3): remounting filesystem as read-only [ 498.366785][ T8433] syz.3.684: attempt to access beyond end of device [ 498.366785][ T8433] loop3: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 498.431115][ T5806] usb 3-1: USB disconnect, device number 11 [ 498.487938][ T8435] FAULT_INJECTION: forcing a failure. [ 498.487938][ T8435] name failslab, interval 1, probability 0, space 0, times 0 [ 499.272490][ T112] blkno = 1580, nblocks = 1 [ 499.277652][ T8435] CPU: 0 PID: 8435 Comm: syz.0.688 Not tainted syzkaller #0 [ 499.284969][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 499.287128][ T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map [ 499.287128][ T112] [ 499.295133][ T8435] Call Trace: [ 499.295143][ T8435] [ 499.311522][ T8435] dump_stack_lvl+0x18c/0x250 [ 499.316324][ T8435] ? show_regs_print_info+0x20/0x20 [ 499.321559][ T8435] ? load_image+0x400/0x400 [ 499.326102][ T8435] ? __might_sleep+0xe0/0xe0 [ 499.330815][ T8435] ? __lock_acquire+0x7d40/0x7d40 [ 499.335863][ T8435] ? prepend_path+0x4b/0x960 [ 499.340477][ T8435] should_fail_ex+0x39d/0x4d0 [ 499.345181][ T8435] should_failslab+0x9/0x20 [ 499.349713][ T8435] slab_pre_alloc_hook+0x59/0x310 [ 499.354762][ T8435] ? __asan_memcpy+0x40/0x70 [ 499.359375][ T8435] ? tomoyo_encode+0x28b/0x540 [ 499.364252][ T8435] ? tomoyo_encode+0x28b/0x540 [ 499.369040][ T8435] __kmem_cache_alloc_node+0x53/0x250 [ 499.374447][ T8435] ? prepend_path+0x4b/0x960 [ 499.379065][ T8435] ? tomoyo_encode+0x28b/0x540 [ 499.384032][ T8435] __kmalloc+0xa4/0x230 [ 499.388390][ T8435] tomoyo_encode+0x28b/0x540 [ 499.393003][ T8435] tomoyo_realpath_from_path+0x592/0x5d0 [ 499.398739][ T8435] tomoyo_path_number_perm+0x248/0x620 [ 499.404193][ T8435] ? tomoyo_path_number_perm+0x217/0x620 [ 499.409837][ T8435] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 499.415483][ T8435] ? ksys_write+0x1c4/0x260 [ 499.420080][ T8435] ? __fget_files+0x28/0x4b0 [ 499.424660][ T8435] ? __fget_files+0x28/0x4b0 [ 499.429265][ T8435] security_file_ioctl+0x70/0xa0 [ 499.434215][ T8435] __se_sys_ioctl+0x48/0x170 [ 499.438804][ T8435] do_syscall_64+0x55/0xa0 [ 499.443220][ T8435] ? clear_bhb_loop+0x40/0x90 [ 499.447897][ T8435] ? clear_bhb_loop+0x40/0x90 [ 499.452586][ T8435] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.458479][ T8435] RIP: 0033:0x7f978919c799 [ 499.462901][ T8435] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 499.483091][ T8435] RSP: 002b:00007f978a0f3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 499.491855][ T8435] RAX: ffffffffffffffda RBX: 00007f9789415fa0 RCX: 00007f978919c799 [ 499.500074][ T8435] RDX: 0000200000000080 RSI: 00000000c008561c RDI: 0000000000000003 [ 499.508051][ T8435] RBP: 00007f978a0f3090 R08: 0000000000000000 R09: 0000000000000000 [ 499.516036][ T8435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 499.524011][ T8435] R13: 00007f9789416038 R14: 00007f9789415fa0 R15: 00007ffffa2ce4c8 [ 499.531983][ T8435] [ 499.541496][ T8435] ERROR: Out of memory at tomoyo_realpath_from_path. [ 500.226047][ T8451] FAULT_INJECTION: forcing a failure. [ 500.226047][ T8451] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 500.250093][ T8451] CPU: 1 PID: 8451 Comm: syz.2.695 Not tainted syzkaller #0 [ 500.257598][ T8451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 500.267671][ T8451] Call Trace: [ 500.270941][ T8451] [ 500.273946][ T8451] dump_stack_lvl+0x18c/0x250 [ 500.278630][ T8451] ? show_regs_print_info+0x20/0x20 [ 500.283939][ T8451] ? load_image+0x400/0x400 [ 500.288458][ T8451] ? __lock_acquire+0x7d40/0x7d40 [ 500.293509][ T8451] ? snprintf+0xe9/0x140 [ 500.297780][ T8451] should_fail_ex+0x39d/0x4d0 [ 500.302479][ T8451] _copy_to_user+0x2f/0xa0 [ 500.306918][ T8451] simple_read_from_buffer+0xe7/0x150 [ 500.312305][ T8451] proc_fail_nth_read+0x1e8/0x260 [ 500.317357][ T8451] ? proc_fault_inject_write+0x360/0x360 [ 500.323004][ T8451] ? fsnotify_perm+0x271/0x5e0 [ 500.327774][ T8451] ? proc_fault_inject_write+0x360/0x360 [ 500.333407][ T8451] vfs_read+0x28b/0x970 [ 500.337570][ T8451] ? kernel_read+0x1e0/0x1e0 [ 500.342155][ T8451] ? __fget_files+0x28/0x4b0 [ 500.346736][ T8451] ? __fget_files+0x28/0x4b0 [ 500.351323][ T8451] ? __fget_files+0x43d/0x4b0 [ 500.355999][ T8451] ? __fdget_pos+0x2a3/0x330 [ 500.360586][ T8451] ? ksys_read+0x75/0x260 [ 500.364943][ T8451] ksys_read+0x150/0x260 [ 500.369338][ T8451] ? vfs_write+0x990/0x990 [ 500.373781][ T8451] ? lockdep_hardirqs_on+0x98/0x150 [ 500.379080][ T8451] do_syscall_64+0x55/0xa0 [ 500.383502][ T8451] ? clear_bhb_loop+0x40/0x90 [ 500.388174][ T8451] ? clear_bhb_loop+0x40/0x90 [ 500.392846][ T8451] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 500.398817][ T8451] RIP: 0033:0x7fafe7d5cfce [ 500.403244][ T8451] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 500.422951][ T8451] RSP: 002b:00007fafe8ce4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 500.431557][ T8451] RAX: ffffffffffffffda RBX: 00007fafe8ce56c0 RCX: 00007fafe7d5cfce [ 500.439620][ T8451] RDX: 000000000000000f RSI: 00007fafe8ce50a0 RDI: 0000000000000010 [ 500.447595][ T8451] RBP: 00007fafe8ce5090 R08: 0000000000000000 R09: 0000000000000000 [ 500.455557][ T8451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 500.463527][ T8451] R13: 00007fafe8016038 R14: 00007fafe8015fa0 R15: 00007ffd4634fad8 [ 500.471547][ T8451] [ 502.566062][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.577129][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.326283][ T8478] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 504.549988][ T8491] loop1: detected capacity change from 0 to 16 [ 504.639718][ T8491] erofs: (device loop1): mounted with root inode @ nid 36. [ 504.650524][ T8491] syz.1.701: attempt to access beyond end of device [ 504.650524][ T8491] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 504.673857][ T8491] syz.1.701: attempt to access beyond end of device [ 504.673857][ T8491] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 504.688127][ T8491] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 504.703407][ T28] kauditd_printk_skb: 121 callbacks suppressed [ 504.703454][ T28] audit: type=1800 audit(1772749620.872:225): pid=8491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.701" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 504.763966][ T8495] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 508.883189][ T8523] netlink: 12 bytes leftover after parsing attributes in process `syz.0.715'. [ 509.158480][ T8516] loop1: detected capacity change from 0 to 32768 [ 509.393084][ T8516] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 509.647548][ T8533] loop0: detected capacity change from 0 to 16 [ 509.773974][ T8533] erofs: (device loop0): mounted with root inode @ nid 36. [ 509.791010][ T8531] syz.0.716: attempt to access beyond end of device [ 509.791010][ T8531] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 509.841625][ T8531] syz.0.716: attempt to access beyond end of device [ 509.841625][ T8531] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 509.841784][ T5768] (syz-executor,5768,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 509.855718][ T8531] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 509.878453][ T28] audit: type=1800 audit(1772749626.052:226): pid=8531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.716" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 510.046482][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 511.998433][ T8546] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 513.461923][ T8558] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 514.134779][ T8549] loop0: detected capacity change from 0 to 32768 [ 514.222824][ T8561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.726'. [ 514.481031][ T8563] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 514.481031][ T8563] [ 514.671456][ T8567] loop2: detected capacity change from 0 to 16 [ 514.795520][ T8567] erofs: (device loop2): mounted with root inode @ nid 36. [ 514.811549][ T8565] syz.2.727: attempt to access beyond end of device [ 514.811549][ T8565] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 514.861451][ T8563] ERROR: (device loop0): remounting filesystem as read-only [ 514.883405][ T8565] syz.2.727: attempt to access beyond end of device [ 514.883405][ T8565] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 514.897141][ T8565] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 514.909406][ T28] audit: type=1800 audit(1772749631.082:227): pid=8565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.727" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 514.930776][ T8563] syz.0.722: attempt to access beyond end of device [ 514.930776][ T8563] loop0: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 515.211533][ T113] blkno = 1580, nblocks = 1 [ 515.216094][ T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 515.216094][ T113] [ 516.818683][ T8580] FAULT_INJECTION: forcing a failure. [ 516.818683][ T8580] name failslab, interval 1, probability 0, space 0, times 0 [ 516.867711][ T8580] CPU: 1 PID: 8580 Comm: syz.0.733 Not tainted syzkaller #0 [ 516.875018][ T8580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 516.885161][ T8580] Call Trace: [ 516.888458][ T8580] [ 516.891402][ T8580] dump_stack_lvl+0x18c/0x250 [ 516.896085][ T8580] ? show_regs_print_info+0x20/0x20 [ 516.901285][ T8580] ? load_image+0x400/0x400 [ 516.905776][ T8580] ? __might_sleep+0xe0/0xe0 [ 516.910698][ T8580] ? __lock_acquire+0x7d40/0x7d40 [ 516.915714][ T8580] should_fail_ex+0x39d/0x4d0 [ 516.920393][ T8580] should_failslab+0x9/0x20 [ 516.924886][ T8580] slab_pre_alloc_hook+0x59/0x310 [ 516.929940][ T8580] ? __lock_acquire+0x7d40/0x7d40 [ 516.935077][ T8580] kmem_cache_alloc_node+0x60/0x320 [ 516.940303][ T8580] ? __alloc_skb+0x103/0x2c0 [ 516.944938][ T8580] __alloc_skb+0x103/0x2c0 [ 516.949473][ T8580] netlink_sendmsg+0x66a/0xbf0 [ 516.954369][ T8580] ? netlink_getsockopt+0x590/0x590 [ 516.959597][ T8580] ? aa_sock_msg_perm+0x94/0x150 [ 516.964640][ T8580] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 516.969948][ T8580] ? security_socket_sendmsg+0x80/0xa0 [ 516.975425][ T8580] ? netlink_getsockopt+0x590/0x590 [ 516.980647][ T8580] ____sys_sendmsg+0x5ba/0x960 [ 516.985528][ T8580] ? __asan_memset+0x22/0x40 [ 516.990162][ T8580] ? __sys_sendmsg_sock+0x30/0x30 [ 516.995367][ T8580] ? __import_iovec+0x5f2/0x850 [ 517.000248][ T8580] ? import_iovec+0x73/0xa0 [ 517.004773][ T8580] ___sys_sendmsg+0x2a6/0x360 [ 517.009461][ T8580] ? get_pid_task+0x20/0x1e0 [ 517.014115][ T8580] ? __sys_sendmsg+0x2a0/0x2a0 [ 517.018909][ T8580] ? __lock_acquire+0x7d40/0x7d40 [ 517.023966][ T8580] __se_sys_sendmsg+0x1c2/0x2b0 [ 517.028834][ T8580] ? __x64_sys_sendmsg+0x80/0x80 [ 517.033892][ T8580] ? lockdep_hardirqs_on+0x98/0x150 [ 517.039117][ T8580] do_syscall_64+0x55/0xa0 [ 517.043555][ T8580] ? clear_bhb_loop+0x40/0x90 [ 517.048254][ T8580] ? clear_bhb_loop+0x40/0x90 [ 517.052969][ T8580] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 517.058882][ T8580] RIP: 0033:0x7f978919c799 [ 517.063318][ T8580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.083584][ T8580] RSP: 002b:00007f978a0f3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 517.092286][ T8580] RAX: ffffffffffffffda RBX: 00007f9789415fa0 RCX: 00007f978919c799 [ 517.100367][ T8580] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 517.108703][ T8580] RBP: 00007f978a0f3090 R08: 0000000000000000 R09: 0000000000000000 [ 517.116692][ T8580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.124768][ T8580] R13: 00007f9789416038 R14: 00007f9789415fa0 R15: 00007ffffa2ce4c8 [ 517.132779][ T8580] [ 517.498822][ T8575] loop1: detected capacity change from 0 to 32768 [ 517.630432][ T8582] loop0: detected capacity change from 0 to 4096 [ 517.664310][ T8582] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 517.713331][ T8582] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 517.728106][ T8582] ntfs3: loop0: try to read out of volume at offset 0x1ff000 [ 517.756007][ T8582] ntfs3: loop0: Failed to load $MFT. [ 518.044018][ T8586] loop0: detected capacity change from 0 to 1024 [ 518.482249][ T8588] loop2: detected capacity change from 0 to 4096 [ 518.549702][ T8588] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 518.576098][ T8588] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 518.612786][ T8588] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 518.783323][ T8588] ntfs: volume version 3.1. [ 518.945636][ T8600] netlink: 'syz.2.737': attribute type 10 has an invalid length. [ 519.034003][ T8601] loop3: detected capacity change from 0 to 16 [ 519.382709][ T8601] erofs: (device loop3): mounted with root inode @ nid 36. [ 519.585856][ T8597] syz.3.738: attempt to access beyond end of device [ 519.585856][ T8597] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 519.600856][ T8600] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.737'. [ 519.628295][ T8597] syz.3.738: attempt to access beyond end of device [ 519.628295][ T8597] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 519.642297][ T8597] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 519.653745][ T28] audit: type=1800 audit(1772749635.822:228): pid=8597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.738" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 519.673820][ T28] audit: type=1804 audit(1772749635.842:229): pid=8603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.737" name="/newroot/176/file2/file1" dev="loop2" ino=67 res=1 errno=0 [ 519.835151][ T28] audit: type=1800 audit(1772749636.002:230): pid=8605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.736" name="file0" dev="loop0" ino=26 res=0 errno=0 [ 519.867325][ T8600] netlink: 16 bytes leftover after parsing attributes in process `syz.2.737'. [ 521.147205][ T23] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 521.383257][ T8613] loop1: detected capacity change from 0 to 32768 [ 521.535437][ T8613] ERROR: (device loop1): dbAlloc: the hint is outside the map [ 521.535437][ T8613] [ 521.545758][ T8613] ERROR: (device loop1): remounting filesystem as read-only [ 521.554577][ T8613] syz.1.741: attempt to access beyond end of device [ 521.554577][ T8613] loop1: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 521.614651][ T5767] ntfs: (device loop2): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 521.789924][ T112] blkno = 1580, nblocks = 1 [ 521.794648][ T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 521.794648][ T112] [ 522.186233][ T8617] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 524.334124][ T8627] loop2: detected capacity change from 0 to 512 [ 525.088537][ T8627] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 525.598860][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 526.093239][ T8637] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 527.316225][ T8644] FAULT_INJECTION: forcing a failure. [ 527.316225][ T8644] name failslab, interval 1, probability 0, space 0, times 0 [ 527.329593][ T8644] CPU: 0 PID: 8644 Comm: syz.2.750 Not tainted syzkaller #0 [ 527.337289][ T8644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 527.347441][ T8644] Call Trace: [ 527.350719][ T8644] [ 527.353721][ T8644] dump_stack_lvl+0x18c/0x250 [ 527.358429][ T8644] ? show_regs_print_info+0x20/0x20 [ 527.363644][ T8644] ? load_image+0x400/0x400 [ 527.368146][ T8644] ? __might_sleep+0xe0/0xe0 [ 527.372728][ T8644] ? __lock_acquire+0x7d40/0x7d40 [ 527.377833][ T8644] should_fail_ex+0x39d/0x4d0 [ 527.382779][ T8644] should_failslab+0x9/0x20 [ 527.387344][ T8644] slab_pre_alloc_hook+0x59/0x310 [ 527.392419][ T8644] ? __se_sys_fanotify_init+0x3c9/0x7b0 [ 527.397973][ T8644] __kmem_cache_alloc_node+0x53/0x250 [ 527.403384][ T8644] ? __se_sys_fanotify_init+0x3c9/0x7b0 [ 527.408949][ T8644] kmalloc_trace+0x2a/0xe0 [ 527.413527][ T8644] __se_sys_fanotify_init+0x3c9/0x7b0 [ 527.419208][ T8644] do_syscall_64+0x55/0xa0 [ 527.423639][ T8644] ? clear_bhb_loop+0x40/0x90 [ 527.428319][ T8644] ? clear_bhb_loop+0x40/0x90 [ 527.432990][ T8644] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 527.438982][ T8644] RIP: 0033:0x7fafe7d9c799 [ 527.443387][ T8644] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 527.463212][ T8644] RSP: 002b:00007fafe8cc4028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 527.471879][ T8644] RAX: ffffffffffffffda RBX: 00007fafe8016090 RCX: 00007fafe7d9c799 [ 527.479958][ T8644] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 527.487945][ T8644] RBP: 00007fafe8cc4090 R08: 0000000000000000 R09: 0000000000000000 [ 527.495942][ T8644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.503936][ T8644] R13: 00007fafe8016128 R14: 00007fafe8016090 R15: 00007ffd4634fad8 [ 527.511919][ T8644] [ 528.520337][ T8650] netlink: 'syz.3.752': attribute type 64 has an invalid length. [ 528.547239][ T8650] netlink: 20 bytes leftover after parsing attributes in process `syz.3.752'. [ 528.570846][ T8650] netlink: 'syz.3.752': attribute type 64 has an invalid length. [ 528.590488][ T8650] netlink: 20 bytes leftover after parsing attributes in process `syz.3.752'. [ 528.637254][ T8651] loop3: detected capacity change from 0 to 64 [ 529.835000][ T8649] loop0: detected capacity change from 0 to 32768 [ 531.782840][ T8663] loop1: detected capacity change from 0 to 32768 [ 531.935520][ T8665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.754'. [ 531.966964][ T8663] ERROR: (device loop1): dbAlloc: the hint is outside the map [ 531.966964][ T8663] [ 531.987065][ T8663] ERROR: (device loop1): remounting filesystem as read-only [ 531.995014][ T8663] syz.1.753: attempt to access beyond end of device [ 531.995014][ T8663] loop1: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 532.219477][ T113] blkno = 1580, nblocks = 1 [ 532.224034][ T113] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 532.224034][ T113] [ 533.479832][ T8683] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 534.126476][ T8687] block device autoloading is deprecated and will be removed. [ 534.223646][ T8686] md: md2 stopped. [ 535.388062][ T8697] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 536.208350][ T28] audit: type=1326 audit(1772749652.372:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.764" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f978919c799 code=0x0 [ 536.351126][ T8704] loop0: detected capacity change from 0 to 128 [ 536.396008][ T8703] loop1: detected capacity change from 0 to 16 [ 536.498459][ T8699] loop2: detected capacity change from 0 to 4096 [ 536.521681][ T8699] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 536.532947][ T8703] erofs: (device loop1): mounted with root inode @ nid 36. [ 536.595834][ T8699] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 536.620334][ T8699] ntfs3: loop2: try to read out of volume at offset 0x1ff000 [ 536.637505][ T8699] ntfs3: loop2: Failed to load $MFT. [ 536.791013][ T8706] loop3: detected capacity change from 0 to 32768 [ 536.925569][ T8706] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 536.925569][ T8706] [ 536.938344][ T8706] ERROR: (device loop3): remounting filesystem as read-only [ 536.946362][ T8706] syz.3.766: attempt to access beyond end of device [ 536.946362][ T8706] loop3: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 536.964862][ T23] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 537.137237][ T23] usb 1-1: device descriptor read/64, error -71 [ 537.285529][ T112] blkno = 1580, nblocks = 1 [ 537.290365][ T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map [ 537.290365][ T112] [ 537.417153][ T23] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 537.586814][ T8703] erofs: (device loop1): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 32768 [ 537.631839][ T8703] erofs: (device loop1): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 32768 [ 537.657157][ T23] usb 1-1: device descriptor read/64, error -71 [ 537.764919][ T8703] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 32811 of nid 36 [ 537.777304][ T23] usb usb1-port1: attempt power cycle [ 537.827221][ T8718] netlink: 12 bytes leftover after parsing attributes in process `syz.2.771'. [ 538.207299][ T23] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 538.267663][ T23] usb 1-1: device descriptor read/8, error -71 [ 538.293636][ T8722] loop2: detected capacity change from 0 to 256 [ 538.553256][ T28] audit: type=1800 audit(1772749654.722:232): pid=8722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.773" name="file1" dev="loop2" ino=1048603 res=0 errno=0 [ 538.690367][ T23] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 538.777624][ T23] usb 1-1: device descriptor read/8, error -71 [ 538.909612][ T23] usb usb1-port1: unable to enumerate USB device [ 540.647129][ T5806] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 540.827109][ T5806] usb 1-1: Using ep0 maxpacket: 16 [ 540.839708][ T5806] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 540.897845][ T5806] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 540.926309][ T5806] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.967629][ T5806] usb 1-1: config 0 descriptor?? [ 541.395289][ T5806] usbhid 1-1:0.0: can't add hid device: -71 [ 541.444917][ T5806] usbhid: probe of 1-1:0.0 failed with error -71 [ 541.466143][ T8751] loop2: detected capacity change from 0 to 512 [ 541.468184][ T5806] usb 1-1: USB disconnect, device number 13 [ 541.491934][ T8751] EXT4-fs: Ignoring removed oldalloc option [ 541.527985][ T8751] ext4: Unknown parameter 'seclabel' [ 541.733219][ T8752] FAULT_INJECTION: forcing a failure. [ 541.733219][ T8752] name failslab, interval 1, probability 0, space 0, times 0 [ 541.746400][ T8752] CPU: 1 PID: 8752 Comm: syz.3.780 Not tainted syzkaller #0 [ 541.753707][ T8752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 541.763781][ T8752] Call Trace: [ 541.767178][ T8752] [ 541.770291][ T8752] dump_stack_lvl+0x18c/0x250 [ 541.775052][ T8752] ? show_regs_print_info+0x20/0x20 [ 541.780312][ T8752] ? load_image+0x400/0x400 [ 541.784866][ T8752] ? __might_sleep+0xe0/0xe0 [ 541.789481][ T8752] ? __lock_acquire+0x7d40/0x7d40 [ 541.794530][ T8752] should_fail_ex+0x39d/0x4d0 [ 541.799233][ T8752] should_failslab+0x9/0x20 [ 541.803757][ T8752] slab_pre_alloc_hook+0x59/0x310 [ 541.809584][ T8752] ? tomoyo_encode+0x28b/0x540 [ 541.814546][ T8752] ? tomoyo_encode+0x28b/0x540 [ 541.819320][ T8752] __kmem_cache_alloc_node+0x53/0x250 [ 541.824814][ T8752] ? tomoyo_encode+0x28b/0x540 [ 541.829587][ T8752] __kmalloc+0xa4/0x230 [ 541.833861][ T8752] tomoyo_encode+0x28b/0x540 [ 541.838471][ T8752] tomoyo_realpath_from_path+0x592/0x5d0 [ 541.844123][ T8752] tomoyo_path_number_perm+0x248/0x620 [ 541.849600][ T8752] ? tomoyo_path_number_perm+0x217/0x620 [ 541.855262][ T8752] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 541.860737][ T8752] ? ksys_write+0x1c4/0x260 [ 541.865285][ T8752] ? __fget_files+0x28/0x4b0 [ 541.869886][ T8752] ? __fget_files+0x28/0x4b0 [ 541.874613][ T8752] security_file_ioctl+0x70/0xa0 [ 541.879668][ T8752] __se_sys_ioctl+0x48/0x170 [ 541.884301][ T8752] do_syscall_64+0x55/0xa0 [ 541.888734][ T8752] ? clear_bhb_loop+0x40/0x90 [ 541.893508][ T8752] ? clear_bhb_loop+0x40/0x90 [ 541.898208][ T8752] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 541.904110][ T8752] RIP: 0033:0x7f992ad9c799 [ 541.908534][ T8752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 541.928499][ T8752] RSP: 002b:00007f992bc7c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 541.936955][ T8752] RAX: ffffffffffffffda RBX: 00007f992b016090 RCX: 00007f992ad9c799 [ 541.944937][ T8752] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000005 [ 541.952917][ T8752] RBP: 00007f992bc7c090 R08: 0000000000000000 R09: 0000000000000000 [ 541.953828][ T787] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 541.960889][ T8752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.960912][ T8752] R13: 00007f992b016128 R14: 00007f992b016090 R15: 00007fff2265d408 [ 541.960937][ T8752] [ 541.962234][ T8752] ERROR: Out of memory at tomoyo_realpath_from_path. [ 542.837119][ T787] usb 2-1: Using ep0 maxpacket: 8 [ 542.944219][ T8758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.782'. [ 542.954411][ T787] usb 2-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 542.997029][ T787] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 543.005209][ T787] usb 2-1: Product: syz [ 543.026535][ T787] usb 2-1: Manufacturer: syz [ 543.037046][ T787] usb 2-1: SerialNumber: syz [ 543.068659][ T787] usb 2-1: config 0 descriptor?? [ 543.100628][ T8762] loop0: detected capacity change from 0 to 16 [ 543.161777][ T8762] erofs: (device loop0): mounted with root inode @ nid 36. [ 543.305260][ T8762] syz.0.783: attempt to access beyond end of device [ 543.305260][ T8762] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 543.367888][ T8762] syz.0.783: attempt to access beyond end of device [ 543.367888][ T8762] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 543.427548][ T8747] netlink: 4 bytes leftover after parsing attributes in process `syz.1.778'. [ 543.507758][ T8762] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 543.618337][ T28] audit: type=1800 audit(1772749659.792:233): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.783" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 543.655614][ T8764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.778'. [ 545.227369][ T787] usb 2-1: USB disconnect, device number 10 [ 546.952083][ T8782] loop0: detected capacity change from 0 to 8 [ 547.005477][ T8782] SQUASHFS error: lzo decompression failed, data probably corrupt [ 547.043526][ T8782] SQUASHFS error: Failed to read block 0x91: -5 [ 547.109051][ T8782] SQUASHFS error: Unable to read metadata cache entry [8f] [ 547.165162][ T8782] SQUASHFS error: Unable to read inode 0x11f [ 547.291667][ T8784] capability: warning: `syz.1.789' uses deprecated v2 capabilities in a way that may be insecure [ 547.368469][ T8778] loop2: detected capacity change from 0 to 32768 [ 547.963860][ T8790] blkno = 8ed2c, nblocks = 1 [ 547.971105][ T8790] ERROR: (device loop2): dbFree: block to be freed is outside the map [ 547.971105][ T8790] [ 548.107177][ T8790] ERROR: (device loop2): remounting filesystem as read-only [ 548.137079][ T8790] ialloc: diAlloc returned -17! [ 549.105406][ T8792] loop0: detected capacity change from 0 to 32768 [ 549.490310][ T8799] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 549.762962][ T8794] loop1: detected capacity change from 0 to 32768 [ 549.841800][ T8796] loop3: detected capacity change from 0 to 32768 [ 550.074279][ T8801] loop0: detected capacity change from 0 to 32768 [ 550.218446][ T8801] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 550.218446][ T8801] [ 550.231767][ T8801] ERROR: (device loop0): remounting filesystem as read-only [ 550.239750][ T8801] syz.0.796: attempt to access beyond end of device [ 550.239750][ T8801] loop0: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 550.366420][ T112] blkno = 1580, nblocks = 1 [ 550.376167][ T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 550.376167][ T112] [ 550.851273][ T8811] loop0: detected capacity change from 0 to 2048 [ 551.086854][ T8811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 551.212900][ T8817] block device autoloading is deprecated and will be removed. [ 551.454802][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 551.664929][ T8819] FAULT_INJECTION: forcing a failure. [ 551.664929][ T8819] name failslab, interval 1, probability 0, space 0, times 0 [ 551.737336][ T8819] CPU: 1 PID: 8819 Comm: syz.3.803 Not tainted syzkaller #0 [ 551.744667][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 551.754894][ T8819] Call Trace: [ 551.758174][ T8819] [ 551.761105][ T8819] dump_stack_lvl+0x18c/0x250 [ 551.766143][ T8819] ? show_regs_print_info+0x20/0x20 [ 551.771360][ T8819] ? load_image+0x400/0x400 [ 551.775863][ T8819] ? __might_sleep+0xe0/0xe0 [ 551.780537][ T8819] ? __lock_acquire+0x7d40/0x7d40 [ 551.785552][ T8819] ? kasan_set_track+0x5f/0x70 [ 551.790395][ T8819] ? __kasan_kmalloc+0x8f/0xa0 [ 551.795248][ T8819] ? __kmalloc+0xb4/0x230 [ 551.799782][ T8819] should_fail_ex+0x39d/0x4d0 [ 551.804586][ T8819] should_failslab+0x9/0x20 [ 551.809203][ T8819] slab_pre_alloc_hook+0x59/0x310 [ 551.814236][ T8819] kmem_cache_alloc_lru+0x4d/0x2d0 [ 551.819350][ T8819] ? shmem_alloc_inode+0x28/0x40 [ 551.824487][ T8819] shmem_alloc_inode+0x28/0x40 [ 551.829268][ T8819] ? shmem_match+0x160/0x160 [ 551.833865][ T8819] new_inode_pseudo+0x63/0x1d0 [ 551.838810][ T8819] new_inode+0x22/0x1b0 [ 551.842960][ T8819] ? __rwlock_init+0x150/0x150 [ 551.847724][ T8819] shmem_get_inode+0x34f/0xcc0 [ 551.852495][ T8819] __shmem_file_setup+0x167/0x2c0 [ 551.857516][ T8819] __se_sys_memfd_create+0x357/0x660 [ 551.862821][ T8819] do_syscall_64+0x55/0xa0 [ 551.867337][ T8819] ? clear_bhb_loop+0x40/0x90 [ 551.872018][ T8819] ? clear_bhb_loop+0x40/0x90 [ 551.876709][ T8819] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 551.882610][ T8819] RIP: 0033:0x7f992ad9c799 [ 551.887030][ T8819] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 551.906637][ T8819] RSP: 002b:00007f992bc9ce08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 551.915060][ T8819] RAX: ffffffffffffffda RBX: 000000000000074d RCX: 00007f992ad9c799 [ 551.923113][ T8819] RDX: 00007f992bc9cee0 RSI: 0000000000000000 RDI: 00007f992ae32db9 [ 551.931166][ T8819] RBP: 0000200000000840 R08: 00000000ffffffff R09: 0000000000000000 [ 551.939214][ T8819] R10: 0000000000000001 R11: 0000000000000202 R12: 00002000000007c0 [ 551.947176][ T8819] R13: 00007f992bc9cee0 R14: 00007f992bc9cea0 R15: 0000200000000800 [ 551.955323][ T8819] [ 552.030063][ T8821] loop0: detected capacity change from 0 to 512 [ 552.088376][ T8821] EXT4-fs: Ignoring removed nomblk_io_submit option [ 552.275679][ T8821] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 552.329130][ T8821] ext4 filesystem being mounted at /185/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 552.554316][ T8834] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 552.595285][ T8836] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 552.755157][ T5808] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 552.771088][ T8834] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 552.794926][ T8834] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.804: Failed to acquire dquot type 1 [ 552.916833][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.948045][ T5808] usb 2-1: unable to get BOS descriptor or descriptor too short [ 552.968797][ T5808] usb 2-1: not running at top speed; connect to a high speed hub [ 552.996245][ T5808] usb 2-1: config 15 has an invalid interface number: 131 but max is 0 [ 553.007430][ T5808] usb 2-1: config 15 has no interface number 0 [ 553.014980][ T5808] usb 2-1: config 15 interface 131 has no altsetting 0 [ 553.035266][ T5808] usb 2-1: New USB device found, idVendor=093a, idProduct=010f, bcdDevice=ea.30 [ 553.164431][ T8838] loop2: detected capacity change from 0 to 32768 [ 553.326499][ T5808] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.334822][ T5808] usb 2-1: Product: syz [ 553.339051][ T5808] usb 2-1: Manufacturer: syz [ 553.343660][ T5808] usb 2-1: SerialNumber: syz [ 553.348521][ T8840] loop0: detected capacity change from 0 to 32768 [ 553.389652][ T8840] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 553.389652][ T8840] [ 553.401535][ T8840] ERROR: (device loop0): remounting filesystem as read-only [ 553.410104][ T8840] syz.0.808: attempt to access beyond end of device [ 553.410104][ T8840] loop0: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 553.474423][ T8842] loop3: detected capacity change from 0 to 1024 [ 553.499330][ T112] blkno = 1580, nblocks = 1 [ 553.524791][ T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 553.524791][ T112] [ 553.547390][ T8842] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 553.611383][ T5808] gspca_main: mr97310a-2.14.0 probing 093a:010f [ 553.664568][ T5808] gspca_mr97310a: reg write [21] error -22 [ 553.713558][ T5808] mr97310a: probe of 2-1:15.131 failed with error -22 [ 553.732643][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.748502][ T5808] usb 2-1: USB disconnect, device number 11 [ 553.938626][ T8845] loop2: detected capacity change from 0 to 4096 [ 553.941312][ T8847] loop3: detected capacity change from 0 to 4096 [ 553.964583][ T8845] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 553.982422][ T8845] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 554.001194][ T8845] ntfs3: loop2: try to read out of volume at offset 0x1ff000 [ 554.047246][ T8845] ntfs3: loop2: Failed to load $MFT. [ 554.161138][ T8847] ntfs: volume version 3.1. [ 554.393970][ T8856] FAULT_INJECTION: forcing a failure. [ 554.393970][ T8856] name failslab, interval 1, probability 0, space 0, times 0 [ 554.393999][ T8856] CPU: 1 PID: 8856 Comm: syz.1.814 Not tainted syzkaller #0 [ 554.394015][ T8856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 554.394025][ T8856] Call Trace: [ 554.394032][ T8856] [ 554.394039][ T8856] dump_stack_lvl+0x18c/0x250 [ 554.394070][ T8856] ? show_regs_print_info+0x20/0x20 [ 554.394092][ T8856] ? load_image+0x400/0x400 [ 554.394114][ T8856] ? __might_sleep+0xe0/0xe0 [ 554.394135][ T8856] ? __lock_acquire+0x7d40/0x7d40 [ 554.394152][ T8856] ? kasan_set_track+0x5f/0x70 [ 554.394169][ T8856] ? __kasan_kmalloc+0x8f/0xa0 [ 554.394185][ T8856] ? __kmalloc+0xb4/0x230 [ 554.394209][ T8856] should_fail_ex+0x39d/0x4d0 [ 554.394236][ T8856] should_failslab+0x9/0x20 [ 554.394256][ T8856] slab_pre_alloc_hook+0x59/0x310 [ 554.394282][ T8856] kmem_cache_alloc_lru+0x4d/0x2d0 [ 554.394300][ T8856] ? shmem_alloc_inode+0x28/0x40 [ 554.394323][ T8856] shmem_alloc_inode+0x28/0x40 [ 554.394339][ T8856] ? shmem_match+0x160/0x160 [ 554.394355][ T8856] new_inode_pseudo+0x63/0x1d0 [ 554.394371][ T8856] new_inode+0x22/0x1b0 [ 554.394389][ T8856] ? __rwlock_init+0x150/0x150 [ 554.394408][ T8856] shmem_get_inode+0x34f/0xcc0 [ 554.394429][ T8856] __shmem_file_setup+0x167/0x2c0 [ 554.394446][ T8856] __se_sys_memfd_create+0x357/0x660 [ 554.394463][ T8856] do_syscall_64+0x55/0xa0 [ 554.394479][ T8856] ? clear_bhb_loop+0x40/0x90 [ 554.394494][ T8856] ? clear_bhb_loop+0x40/0x90 [ 554.394509][ T8856] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 554.394523][ T8856] RIP: 0033:0x7faf9ef9c799 [ 554.394536][ T8856] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.394548][ T8856] RSP: 002b:00007faf9fe5ce08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 554.394563][ T8856] RAX: ffffffffffffffda RBX: 00000000000002c4 RCX: 00007faf9ef9c799 [ 554.394573][ T8856] RDX: 00007faf9fe5cee0 RSI: 0000000000000000 RDI: 00007faf9f032db9 [ 554.394582][ T8856] RBP: 00002000000003c0 R08: 00000000ffffffff R09: 0000000000000000 [ 554.394591][ T8856] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000340 [ 554.394599][ T8856] R13: 00007faf9fe5cee0 R14: 00007faf9fe5cea0 R15: 0000200000000380 [ 554.394618][ T8856] [ 554.465871][ T8858] FAULT_INJECTION: forcing a failure. [ 554.465871][ T8858] name failslab, interval 1, probability 0, space 0, times 0 [ 554.465898][ T8858] CPU: 0 PID: 8858 Comm: syz.3.815 Not tainted syzkaller #0 [ 554.465914][ T8858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 554.465924][ T8858] Call Trace: [ 554.465931][ T8858] [ 554.465937][ T8858] dump_stack_lvl+0x18c/0x250 [ 554.465965][ T8858] ? show_regs_print_info+0x20/0x20 [ 554.465986][ T8858] ? load_image+0x400/0x400 [ 554.466005][ T8858] ? __might_sleep+0xe0/0xe0 [ 554.466024][ T8858] ? __lock_acquire+0x7d40/0x7d40 [ 554.466040][ T8858] ? kasan_set_track+0x5f/0x70 [ 554.466058][ T8858] ? __kasan_kmalloc+0x8f/0xa0 [ 554.466073][ T8858] ? __kmalloc+0xb4/0x230 [ 554.466096][ T8858] should_fail_ex+0x39d/0x4d0 [ 554.466122][ T8858] should_failslab+0x9/0x20 [ 554.466141][ T8858] slab_pre_alloc_hook+0x59/0x310 [ 554.466166][ T8858] kmem_cache_alloc_lru+0x4d/0x2d0 [ 554.466186][ T8858] ? shmem_alloc_inode+0x28/0x40 [ 554.466208][ T8858] shmem_alloc_inode+0x28/0x40 [ 554.466225][ T8858] ? shmem_match+0x160/0x160 [ 554.466240][ T8858] new_inode_pseudo+0x63/0x1d0 [ 554.466259][ T8858] new_inode+0x22/0x1b0 [ 554.466273][ T8858] ? __rwlock_init+0x150/0x150 [ 554.466295][ T8858] shmem_get_inode+0x34f/0xcc0 [ 554.466321][ T8858] __shmem_file_setup+0x167/0x2c0 [ 554.466342][ T8858] __se_sys_memfd_create+0x357/0x660 [ 554.466381][ T8858] do_syscall_64+0x55/0xa0 [ 554.466401][ T8858] ? clear_bhb_loop+0x40/0x90 [ 554.466419][ T8858] ? clear_bhb_loop+0x40/0x90 [ 554.466438][ T8858] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 554.466456][ T8858] RIP: 0033:0x7f992ad9c799 [ 554.466471][ T8858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.466485][ T8858] RSP: 002b:00007f992bc9ce08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 554.466504][ T8858] RAX: ffffffffffffffda RBX: 00000000000005ef RCX: 00007f992ad9c799 [ 554.466515][ T8858] RDX: 00007f992bc9cee0 RSI: 0000000000000000 RDI: 00007f992ae32db9 [ 554.466526][ T8858] RBP: 00002000000006c0 R08: 00000000ffffffff R09: 0000000000000000 [ 554.466537][ T8858] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000640 [ 554.466548][ T8858] R13: 00007f992bc9cee0 R14: 00007f992bc9cea0 R15: 0000200000000680 [ 554.466571][ T8858] [ 554.498792][ T8851] loop0: detected capacity change from 0 to 512 [ 554.667560][ T8851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 554.667652][ T8851] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 554.796312][ T8867] loop3: detected capacity change from 0 to 16 [ 554.813687][ T8867] erofs: (device loop3): mounted with root inode @ nid 36. [ 554.833399][ T8867] syz.3.817: attempt to access beyond end of device [ 554.833399][ T8867] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 554.847948][ T8867] syz.3.817: attempt to access beyond end of device [ 554.847948][ T8867] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 554.848087][ T8867] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 554.848280][ T28] audit: type=1800 audit(1772749671.022:234): pid=8867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.817" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 554.857165][ T5813] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 555.067729][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.067761][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.067781][ T5813] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 555.067819][ T5813] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 555.067840][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.070324][ T5813] usb 2-1: config 0 descriptor?? [ 555.499182][ T5813] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x1 [ 555.499226][ T5813] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x7 [ 555.499296][ T5813] plantronics 0003:047F:FFFF.0006: unbalanced collection at end of report description [ 555.499679][ T5813] plantronics 0003:047F:FFFF.0006: parse failed [ 555.499723][ T5813] plantronics: probe of 0003:047F:FFFF.0006 failed with error -22 [ 555.757055][ T8860] loop1: detected capacity change from 0 to 128 [ 555.777427][ T8860] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 555.777470][ T8860] hpfs: filesystem error: improperly stopped [ 555.777479][ T8860] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 555.777487][ T8860] hpfs: You really don't want any checks? You are crazy... [ 555.777725][ T8860] hpfs: hpfs_map_sector(): read error [ 555.777731][ T8860] hpfs: code page support is disabled [ 555.783749][ T8860] hpfs: hpfs_map_4sectors(): unaligned read [ 555.785177][ T8860] hpfs: hpfs_map_4sectors(): unaligned read [ 555.785190][ T8860] hpfs: filesystem error: unable to find root dir [ 555.804111][ T8860] hpfs: hpfs_map_4sectors(): unaligned read [ 555.848111][ T8860] hpfs: hpfs_map_sector(): read error [ 555.854812][ T8860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 555.855123][ T8860] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 555.868626][ T5813] usb 2-1: USB disconnect, device number 12 [ 556.257284][ T8876] loop2: detected capacity change from 0 to 32768 [ 556.503430][ T8876] ERROR: (device loop2): dbAlloc: the hint is outside the map [ 556.503430][ T8876] [ 556.509067][ T8876] ERROR: (device loop2): remounting filesystem as read-only [ 556.509712][ T8876] syz.2.819: attempt to access beyond end of device [ 556.509712][ T8876] loop2: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 556.704186][ T113] blkno = 1580, nblocks = 1 [ 556.710071][ T113] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 556.710071][ T113] [ 556.790593][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.224296][ T8887] FAULT_INJECTION: forcing a failure. [ 557.224296][ T8887] name failslab, interval 1, probability 0, space 0, times 0 [ 557.242686][ T8887] CPU: 1 PID: 8887 Comm: syz.0.825 Not tainted syzkaller #0 [ 557.250018][ T8887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 557.260377][ T8887] Call Trace: [ 557.263682][ T8887] [ 557.266626][ T8887] dump_stack_lvl+0x18c/0x250 [ 557.271335][ T8887] ? show_regs_print_info+0x20/0x20 [ 557.276644][ T8887] ? load_image+0x400/0x400 [ 557.281266][ T8887] ? __might_sleep+0xe0/0xe0 [ 557.285876][ T8887] ? __lock_acquire+0x7d40/0x7d40 [ 557.290954][ T8887] ? kasan_set_track+0x5f/0x70 [ 557.295743][ T8887] ? __kasan_kmalloc+0x8f/0xa0 [ 557.300560][ T8887] ? __kmalloc+0xb4/0x230 [ 557.304904][ T8887] should_fail_ex+0x39d/0x4d0 [ 557.309663][ T8887] should_failslab+0x9/0x20 [ 557.314155][ T8887] slab_pre_alloc_hook+0x59/0x310 [ 557.319181][ T8887] kmem_cache_alloc_lru+0x4d/0x2d0 [ 557.324288][ T8887] ? shmem_alloc_inode+0x28/0x40 [ 557.329422][ T8887] shmem_alloc_inode+0x28/0x40 [ 557.334198][ T8887] ? shmem_match+0x160/0x160 [ 557.338879][ T8887] new_inode_pseudo+0x63/0x1d0 [ 557.343640][ T8887] new_inode+0x22/0x1b0 [ 557.347794][ T8887] ? __rwlock_init+0x150/0x150 [ 557.352726][ T8887] shmem_get_inode+0x34f/0xcc0 [ 557.357660][ T8887] __shmem_file_setup+0x167/0x2c0 [ 557.362765][ T8887] __se_sys_memfd_create+0x357/0x660 [ 557.368304][ T8887] do_syscall_64+0x55/0xa0 [ 557.372827][ T8887] ? clear_bhb_loop+0x40/0x90 [ 557.377578][ T8887] ? clear_bhb_loop+0x40/0x90 [ 557.382244][ T8887] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 557.388127][ T8887] RIP: 0033:0x7f978919c799 [ 557.392616][ T8887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 557.412396][ T8887] RSP: 002b:00007f978a0f2e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 557.420837][ T8887] RAX: ffffffffffffffda RBX: 000000000001f675 RCX: 00007f978919c799 [ 557.428896][ T8887] RDX: 00007f978a0f2ee0 RSI: 0000000000000000 RDI: 00007f9789232db9 [ 557.436944][ T8887] RBP: 000020000001f740 R08: 00000000ffffffff R09: 0000000000000000 [ 557.444901][ T8887] R10: 0000000000000001 R11: 0000000000000202 R12: 000020000001f6c0 [ 557.447262][ T5808] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 557.452869][ T8887] R13: 00007f978a0f2ee0 R14: 00007f978a0f2ea0 R15: 000020000001f700 [ 557.468427][ T8887] [ 557.471673][ C1] vkms_vblank_simulate: vblank timer overrun [ 557.855864][ T8879] loop1: detected capacity change from 0 to 32768 [ 558.493227][ T5808] usb 4-1: Using ep0 maxpacket: 8 [ 558.519289][ T5808] usb 4-1: unable to get BOS descriptor or descriptor too short [ 558.586871][ T5808] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 558.597860][ T5808] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 558.608156][ T5808] usb 4-1: config 1 interface 1 has no altsetting 2 [ 558.641146][ T5808] usb 4-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice= 0.40 [ 558.657075][ T5808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.677554][ T5808] usb 4-1: Product: syz [ 558.685694][ T5808] usb 4-1: Manufacturer: syz [ 558.695128][ T5808] usb 4-1: SerialNumber: syz [ 558.982234][ T8895] netlink: 12 bytes leftover after parsing attributes in process `syz.1.827'. [ 558.989656][ T5808] snd-usb-audio: probe of 4-1:1.0 failed with error -71 [ 559.024380][ T5808] snd-usb-audio: probe of 4-1:1.1 failed with error -71 [ 559.064272][ T5808] snd-usb-audio: probe of 4-1:1.2 failed with error -71 [ 559.099564][ T5808] usb 4-1: USB disconnect, device number 7 [ 559.167652][ T8897] loop2: detected capacity change from 0 to 512 [ 559.421403][ T8900] FAULT_INJECTION: forcing a failure. [ 559.421403][ T8900] name failslab, interval 1, probability 0, space 0, times 0 [ 559.435510][ T8900] CPU: 1 PID: 8900 Comm: syz.1.829 Not tainted syzkaller #0 [ 559.442829][ T8900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 559.452903][ T8900] Call Trace: [ 559.456228][ T8900] [ 559.459172][ T8900] dump_stack_lvl+0x18c/0x250 [ 559.463875][ T8900] ? show_regs_print_info+0x20/0x20 [ 559.469180][ T8900] ? load_image+0x400/0x400 [ 559.473707][ T8900] ? __might_sleep+0xe0/0xe0 [ 559.478506][ T8900] ? __lock_acquire+0x7d40/0x7d40 [ 559.483829][ T8900] ? kasan_set_track+0x5f/0x70 [ 559.488634][ T8900] ? __kasan_kmalloc+0x8f/0xa0 [ 559.493404][ T8900] ? __kmalloc+0xb4/0x230 [ 559.497746][ T8900] should_fail_ex+0x39d/0x4d0 [ 559.502441][ T8900] should_failslab+0x9/0x20 [ 559.506961][ T8900] slab_pre_alloc_hook+0x59/0x310 [ 559.512100][ T8900] kmem_cache_alloc_lru+0x4d/0x2d0 [ 559.517229][ T8900] ? shmem_alloc_inode+0x28/0x40 [ 559.522395][ T8900] shmem_alloc_inode+0x28/0x40 [ 559.527262][ T8900] ? shmem_match+0x160/0x160 [ 559.531962][ T8900] new_inode_pseudo+0x63/0x1d0 [ 559.536842][ T8900] new_inode+0x22/0x1b0 [ 559.541006][ T8900] ? __rwlock_init+0x150/0x150 [ 559.545863][ T8900] shmem_get_inode+0x34f/0xcc0 [ 559.550632][ T8900] __shmem_file_setup+0x167/0x2c0 [ 559.555660][ T8900] __se_sys_memfd_create+0x357/0x660 [ 559.561033][ T8900] do_syscall_64+0x55/0xa0 [ 559.565625][ T8900] ? clear_bhb_loop+0x40/0x90 [ 559.570295][ T8900] ? clear_bhb_loop+0x40/0x90 [ 559.574975][ T8900] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 559.580861][ T8900] RIP: 0033:0x7faf9ef9c799 [ 559.585363][ T8900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 559.604974][ T8900] RSP: 002b:00007faf9fe5ce08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 559.613383][ T8900] RAX: ffffffffffffffda RBX: 000000000001ec48 RCX: 00007faf9ef9c799 [ 559.621432][ T8900] RDX: 00007faf9fe5cee0 RSI: 0000000000000000 RDI: 00007faf9f032db9 [ 559.629493][ T8900] RBP: 000020000001ed40 R08: 00000000ffffffff R09: 0000000000000000 [ 559.637457][ T8900] R10: 0000000000000001 R11: 0000000000000202 R12: 000020000001ecc0 [ 559.645597][ T8900] R13: 00007faf9fe5cee0 R14: 00007faf9fe5cea0 R15: 000020000001ed00 [ 559.653574][ T8900] [ 560.026421][ T8903] loop3: detected capacity change from 0 to 32768 [ 560.217692][ T8903] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 560.217692][ T8903] [ 560.240057][ T8903] ERROR: (device loop3): remounting filesystem as read-only [ 560.248181][ T8903] syz.3.830: attempt to access beyond end of device [ 560.248181][ T8903] loop3: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 560.937567][ T112] blkno = 1580, nblocks = 1 [ 560.942218][ T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map [ 560.942218][ T112] [ 561.386742][ T8916] loop2: detected capacity change from 0 to 16 [ 562.534188][ T8916] erofs: (device loop2): mounted with root inode @ nid 36. [ 562.547829][ T8914] syz.2.835: attempt to access beyond end of device [ 562.547829][ T8914] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 562.562937][ T8914] syz.2.835: attempt to access beyond end of device [ 562.562937][ T8914] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 562.576526][ T8914] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 562.588277][ T28] audit: type=1800 audit(1772749678.762:235): pid=8914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.835" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 562.646463][ T8919] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 563.471982][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.478460][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.368461][ T8929] netlink: 12 bytes leftover after parsing attributes in process `syz.2.837'. [ 565.278059][ T8924] loop0: detected capacity change from 0 to 32768 [ 565.893494][ T8933] FAULT_INJECTION: forcing a failure. [ 565.893494][ T8933] name failslab, interval 1, probability 0, space 0, times 0 [ 565.977161][ T8933] CPU: 1 PID: 8933 Comm: syz.1.839 Not tainted syzkaller #0 [ 565.984487][ T8933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 565.994555][ T8933] Call Trace: [ 565.997927][ T8933] [ 566.000892][ T8933] dump_stack_lvl+0x18c/0x250 [ 566.005702][ T8933] ? show_regs_print_info+0x20/0x20 [ 566.010921][ T8933] ? load_image+0x400/0x400 [ 566.015544][ T8933] ? __might_sleep+0xe0/0xe0 [ 566.020130][ T8933] ? __lock_acquire+0x7d40/0x7d40 [ 566.025191][ T8933] ? slab_free_freelist_hook+0x130/0x1a0 [ 566.030828][ T8933] should_fail_ex+0x39d/0x4d0 [ 566.035525][ T8933] should_failslab+0x9/0x20 [ 566.040114][ T8933] slab_pre_alloc_hook+0x59/0x310 [ 566.045229][ T8933] ? tomoyo_path_number_perm+0x5b4/0x620 [ 566.050993][ T8933] ? video_usercopy+0x1bc/0x1380 [ 566.056065][ T8933] ? video_usercopy+0x1bc/0x1380 [ 566.061059][ T8933] __kmem_cache_alloc_node+0x53/0x250 [ 566.066629][ T8933] ? video_usercopy+0x1bc/0x1380 [ 566.071662][ T8933] __kmalloc+0xa4/0x230 [ 566.075891][ T8933] video_usercopy+0x1bc/0x1380 [ 566.080679][ T8933] ? video_ioctl2+0x30/0x30 [ 566.085268][ T8933] ? v4l_printk_ioctl+0x160/0x160 [ 566.090329][ T8933] v4l2_ioctl+0x18a/0x1e0 [ 566.094679][ T8933] ? v4l2_poll+0x2b0/0x2b0 [ 566.099102][ T8933] __se_sys_ioctl+0xfd/0x170 [ 566.103701][ T8933] do_syscall_64+0x55/0xa0 [ 566.108125][ T8933] ? clear_bhb_loop+0x40/0x90 [ 566.112870][ T8933] ? clear_bhb_loop+0x40/0x90 [ 566.117564][ T8933] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 566.123472][ T8933] RIP: 0033:0x7faf9ef9c799 [ 566.127887][ T8933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 566.147604][ T8933] RSP: 002b:00007faf9fe5d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 566.156057][ T8933] RAX: ffffffffffffffda RBX: 00007faf9f215fa0 RCX: 00007faf9ef9c799 [ 566.164076][ T8933] RDX: 0000200000000040 RSI: 00000000c0d05640 RDI: 0000000000000003 [ 566.172056][ T8933] RBP: 00007faf9fe5d090 R08: 0000000000000000 R09: 0000000000000000 [ 566.180059][ T8933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 566.188217][ T8933] R13: 00007faf9f216038 R14: 00007faf9f215fa0 R15: 00007ffc1bf1c958 [ 566.196205][ T8933] [ 573.202317][ T8954] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 573.236961][ T8951] loop1: detected capacity change from 0 to 2048 [ 573.268149][ T8951] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 573.666819][ T8961] loop1: detected capacity change from 0 to 1024 [ 573.927635][ T7101] hfsplus: b-tree write err: -5, ino 25 [ 573.941664][ T7101] hfsplus: b-tree write err: -5, ino 4 [ 573.962271][ T7101] hfsplus: b-tree write err: -5, ino 2 [ 574.714745][ T8984] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 575.047988][ T8988] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 575.054692][ T8988] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 575.088009][ T9003] netlink: 100 bytes leftover after parsing attributes in process `syz.1.864'. [ 575.090898][ T8988] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 575.110553][ T8988] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 575.195596][ T9004] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 575.388544][ T9006] netlink: 'syz.1.864': attribute type 3 has an invalid length. [ 575.549785][ T8988] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 575.654906][ T8988] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 575.719961][ T8988] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 575.733473][ T8988] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 576.575321][ T9027] loop1: detected capacity change from 0 to 16 [ 577.087139][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 577.167152][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 577.203594][ T9027] erofs: (device loop1): mounted with root inode @ nid 36. [ 577.219739][ T9025] syz.1.870: attempt to access beyond end of device [ 577.219739][ T9025] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 577.235653][ T9025] syz.1.870: attempt to access beyond end of device [ 577.235653][ T9025] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 577.249808][ T9025] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 577.261473][ T28] audit: type=1800 audit(1772749693.432:236): pid=9025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.870" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 577.364204][ T9010] loop0: detected capacity change from 0 to 32768 [ 577.493996][ T8945] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 577.576382][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 577.727333][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 577.964315][ T9040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.997851][ T9040] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 578.227248][ T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 578.397170][ T23] usb 1-1: device descriptor read/64, error -71 [ 578.479419][ T9037] loop1: detected capacity change from 0 to 32768 [ 578.558537][ T9035] loop3: detected capacity change from 0 to 32768 [ 578.615926][ T9041] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 578.677111][ T23] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 579.928170][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 579.934243][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 579.940746][ T5774] Bluetooth: hci3: command 0x0406 tx timeout [ 579.946784][ T5774] Bluetooth: hci1: command 0x0406 tx timeout [ 580.017085][ T23] usb 1-1: device descriptor read/64, error -71 [ 580.141547][ T23] usb usb1-port1: attempt power cycle [ 580.386498][ T9046] loop2: detected capacity change from 0 to 32768 [ 580.557096][ T23] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 580.597790][ T23] usb 1-1: device descriptor read/8, error -71 [ 580.706902][ T9055] loop2: detected capacity change from 0 to 4096 [ 580.715919][ T9055] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 580.731223][ T9055] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 580.741861][ T9055] ntfs3: loop2: try to read out of volume at offset 0x1ff000 [ 580.759967][ T9055] ntfs3: loop2: Failed to load $MFT. [ 580.778390][ T9055] netlink: 40 bytes leftover after parsing attributes in process `syz.2.881'. [ 580.969463][ T23] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 581.075642][ T23] usb 1-1: device descriptor read/8, error -71 [ 582.100155][ T23] usb usb1-port1: unable to enumerate USB device [ 582.152982][ T9068] loop3: detected capacity change from 0 to 16 [ 582.386372][ T9071] loop2: detected capacity change from 0 to 32768 [ 582.470776][ T9071] ERROR: (device loop2): dbAlloc: the hint is outside the map [ 582.470776][ T9071] [ 582.482006][ T9071] ERROR: (device loop2): remounting filesystem as read-only [ 582.490631][ T9071] syz.2.885: attempt to access beyond end of device [ 582.490631][ T9071] loop2: rw=2049, sector=44032, nr_sectors = 8 limit=32768 [ 582.600074][ T113] blkno = 1580, nblocks = 1 [ 582.604647][ T113] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 582.604647][ T113] [ 584.542723][ T9074] loop0: detected capacity change from 0 to 32768 [ 585.064833][ T9092] loop0: detected capacity change from 0 to 2048 [ 585.169133][ T9092] loop0: p1 < > p4 [ 585.169133][ T9092] p4: [ 585.187154][ T23] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 585.227958][ T9092] loop0: p4 size 722688 extends beyond EOD, truncated [ 585.298679][ T9084] loop2: detected capacity change from 0 to 32768 [ 585.437052][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 585.591134][ T9095] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 585.623413][ T9041] udevd[9041]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 585.634372][ T8945] udevd[8945]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 585.968230][ T23] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.003807][ T23] usb 2-1: config 0 interface 0 has no altsetting 0 [ 586.042825][ T23] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 586.193070][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.242547][ T23] usb 2-1: config 0 descriptor?? [ 586.343373][ T9101] loop3: detected capacity change from 0 to 4096 [ 586.368709][ T9101] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 587.450582][ T9101] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 587.497290][ T9101] ntfs3: loop3: try to read out of volume at offset 0x1ff000 [ 587.505484][ T9101] ntfs3: loop3: Failed to load $MFT. [ 587.649784][ T8945] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 587.742079][ T9101] netlink: 40 bytes leftover after parsing attributes in process `syz.3.896'. [ 587.799688][ T23] nzxt-smart2 0003:1E71:2009.0007: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 587.964831][ T9110] loop2: detected capacity change from 0 to 16 [ 587.982689][ T9110] erofs: (device loop2): mounted with root inode @ nid 36. [ 588.021250][ T9110] syz.2.897: attempt to access beyond end of device [ 588.021250][ T9110] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 588.279149][ T9110] syz.2.897: attempt to access beyond end of device [ 588.279149][ T9110] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 588.294307][ T9110] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 588.437299][ T28] audit: type=1800 audit(1772749704.472:237): pid=9110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.897" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 590.478383][ T7637] usb 2-1: USB disconnect, device number 13 [ 590.497678][ T9116] netlink: 12 bytes leftover after parsing attributes in process `syz.3.899'. [ 590.599058][ T9111] fido_id[9111]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 591.057145][ T9127] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 592.507248][ T5808] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 592.754161][ T5808] usb 3-1: not running at top speed; connect to a high speed hub [ 592.769822][ T5808] usb 3-1: New USB device found, idVendor=0582, idProduct=008b, bcdDevice= 0.40 [ 592.783153][ T5808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.803494][ T5808] usb 3-1: Product: 堒 [ 592.813598][ T5808] usb 3-1: Manufacturer: 㙱懯슂轻췺蛅Ƀﮑ瘿梂㎒펪ኼㅏ杧୪๓橊Χ蔋ऱ瘙愩앑鬍䛾댡㋋켻ີ设毙觢ꛪ旜坨㙷ఒ사虵繸怛䩍錭旑것鎰偸曟ꕼ坵蘸 [ 592.895420][ T5808] usb 3-1: SerialNumber: 㰊 [ 593.435388][ T9137] ip6_vti0 speed is unknown, defaulting to 1000 [ 593.548673][ T5808] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 593.607554][ T5808] snd-usb-audio: probe of 3-1:1.0 failed with error -2 [ 593.782863][ T5808] usb 3-1: USB disconnect, device number 12 [ 594.837799][ T9138] loop1: detected capacity change from 0 to 4096 [ 594.925249][ T9138] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 595.251460][ T9138] ntfs: (device loop1): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 595.379133][ T9138] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 595.476929][ T9138] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 595.605311][ T9138] ntfs: volume version 3.1. [ 595.780073][ T9138] ntfs: (device loop1): ntfs_read_locked_inode(): $INDEX_ROOT attribute name is placed after the attribute value. [ 595.902912][ T9138] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x5 as bad. Run chkdsk. [ 596.068748][ T9138] ntfs: (device loop1): load_system_files(): Failed to load root directory. [ 596.080683][ T9153] loop0: detected capacity change from 0 to 32768 [ 596.208502][ T9138] ntfs: (device loop1): ntfs_fill_super(): Failed to load system files. [ 596.959848][ T9172] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 597.163563][ T9173] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 598.183106][ T9188] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 599.708604][ T9186] loop2: detected capacity change from 0 to 32768 [ 600.772374][ T9217] 9pnet_virtio: no channels available for device syz [ 602.392756][ T9254] ip6_vti0 speed is unknown, defaulting to 1000 [ 604.403546][ T9315] ip6_vti0 speed is unknown, defaulting to 1000 [ 604.538525][ T9319] loop3: detected capacity change from 0 to 512 [ 606.164263][ T9352] netlink: 60 bytes leftover after parsing attributes in process `syz.1.983'. [ 606.186545][ T9352] netlink: 32 bytes leftover after parsing attributes in process `syz.1.983'. [ 607.254417][ T9388] bpf: Bad value for 'mode' [ 607.557516][ T9393] loop3: detected capacity change from 0 to 8192 [ 608.106408][ T9407] ip6_vti0 speed is unknown, defaulting to 1000 [ 608.870686][ T9425] loop2: detected capacity change from 0 to 736 [ 609.071906][ T9425] rock: directory entry would overflow storage [ 609.093958][ T9425] rock: sig=0x3b10, size=4, remaining=3 [ 609.397190][ T9435] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1017'. [ 609.679775][ T9443] KVM: debugfs: duplicate directory 9443-4 [ 610.100555][ T9464] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1031'. [ 610.238436][ T9467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 610.292809][ T9467] batadv_slave_0: entered promiscuous mode [ 610.456591][ T9475] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1037'. [ 611.694545][ T9522] loop2: detected capacity change from 0 to 256 [ 611.731246][ T9522] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 611.744986][ T9520] ip6_vti0 speed is unknown, defaulting to 1000 [ 611.814355][ T9522] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 613.155435][ T9555] netlink: 'syz.3.1073': attribute type 4 has an invalid length. [ 617.763820][ T9697] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1136'. [ 617.965739][ T9706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1140'. [ 618.639831][ T9725] loop2: detected capacity change from 0 to 256 [ 618.991829][ T9718] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.999774][ T9718] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.520266][ T9737] overlayfs: failed to clone upperpath [ 619.816341][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 619.888835][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 620.482928][ T9718] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.495406][ T9718] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.505616][ T9718] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.515031][ T9718] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.681889][ T9718] bond1: left promiscuous mode [ 620.686826][ T9718] vcan1: left promiscuous mode [ 620.727477][ T9735] netlink: 'syz.2.1151': attribute type 11 has an invalid length. [ 620.761883][ T9751] ip6gre1: entered promiscuous mode [ 620.771018][ T9751] ip6gre1: entered allmulticast mode [ 621.360689][ T7101] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 621.371255][ T7101] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 621.392440][ T787] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 621.759103][ T787] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 621.817248][ T5808] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 622.295363][ T9816] netlink: 160 bytes leftover after parsing attributes in process `syz.3.1185'. [ 622.593519][ T9829] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1191'. [ 622.770667][ T9839] loop3: detected capacity change from 0 to 16 [ 622.818542][ T9839] erofs: (device loop3): mounted with root inode @ nid 36. [ 624.431985][ T9896] overlayfs: failed to resolve './file1/file0': -2 [ 624.853195][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.859800][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.299733][ T9928] loop2: detected capacity change from 0 to 164 [ 625.346603][ T9928] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 625.406502][ T9928] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 625.463841][ T9928] Symlink component flag not implemented [ 625.494505][ T9928] Symlink component flag not implemented [ 625.534721][ T9928] Symlink component flag not implemented (7) [ 625.545766][ T9928] Symlink component flag not implemented (116) [ 625.566870][ T9928] fuse: Bad value for 'fd' [ 625.807233][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 626.086677][ T9949] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 626.151821][ T9949] overlayfs: missing 'lowerdir' [ 632.318431][T10195] xt_hashlimit: size too large, truncated to 1048576 [ 632.342876][T10191] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 632.377265][T10189] ip6_vti0 speed is unknown, defaulting to 1000 [ 633.990459][T10228] syzkaller0: entered promiscuous mode [ 634.007215][T10228] syzkaller0: entered allmulticast mode [ 635.087618][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 638.532398][T10279] 9pnet_virtio: no channels available for device syz [ 638.656610][T10285] netlink: 'syz.0.1384': attribute type 3 has an invalid length. [ 639.043666][T10306] tipc: Enabling of bearer rejected, failed to enable media [ 639.373574][T10318] syz_tun: entered allmulticast mode [ 639.390936][T10318] pimreg: entered allmulticast mode [ 639.412077][T10317] syz_tun: left allmulticast mode [ 640.020754][T10351] autofs4:pid:10351:autofs_fill_super: called with bogus options [ 640.480193][T10370] loop5: detected capacity change from 0 to 3 [ 640.512695][T10370] loop5: p1 < > p4 [ 640.516564][T10370] loop5: partition table partially beyond EOD, truncated [ 640.527177][T10370] loop5: p1 start 4 is beyond EOD, truncated [ 640.604421][ T8945] udevd[8945]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 640.740248][T10372] overlayfs: failed to clone upperpath [ 641.044052][T10387] overlayfs: failed to clone upperpath [ 641.183583][T10395] netlink: 'syz.1.1427': attribute type 3 has an invalid length. [ 641.191567][T10395] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1427'. [ 641.201225][T10395] ------------[ cut here ]------------ [ 641.206899][T10395] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16) [ 641.220113][T10395] WARNING: CPU: 1 PID: 10395 at net/sched/cls_u32.c:855 u32_change+0x1c5a/0x24f0 [ 641.229864][T10395] Modules linked in: [ 641.233918][T10395] CPU: 1 PID: 10395 Comm: syz.1.1427 Not tainted syzkaller #0 [ 641.241562][T10395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 641.251915][T10395] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 641.257503][T10395] Code: f8 eb 59 e8 78 4f d9 f8 c6 05 51 c9 c7 05 01 b9 10 00 00 00 48 c7 c7 40 4f c7 8b 4c 89 f6 48 c7 c2 c0 4f c7 8b e8 96 09 a3 f8 <0f> 0b e9 86 f0 ff ff e8 4a 4f d9 f8 eb 24 e8 43 4f d9 f8 c6 05 f4 [ 641.277714][T10395] RSP: 0018:ffffc900032b6d40 EFLAGS: 00010246 [ 641.283817][T10395] RAX: a14c0cd940d84f00 RBX: ffff888030156000 RCX: 0000000000080000 [ 641.292127][T10395] RDX: ffffc9000cab9000 RSI: 000000000000c06f RDI: 000000000000c070 [ 641.300943][T10395] RBP: ffffc900032b6ef8 R08: ffffc900032b6a47 R09: 1ffff92000656d48 [ 641.309120][T10395] R10: dffffc0000000000 R11: fffff52000656d49 R12: ffff888030156c00 [ 641.317144][T10395] R13: ffff888030156ce8 R14: 0000000000000020 R15: ffff888030811dc0 [ 641.325130][T10395] FS: 00007faf9fe5d6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 641.334163][T10395] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 641.340825][T10395] CR2: 000000110c25150a CR3: 000000002f5ba000 CR4: 00000000003506e0 [ 641.348887][T10395] Call Trace: [ 641.352176][T10395] [ 641.355104][T10395] ? tc_new_tfilter+0x8c6/0x1640 [ 641.360137][T10395] ? u32_get+0x370/0x370 [ 641.364422][T10395] tc_new_tfilter+0xe4f/0x1640 [ 641.369635][T10395] ? tcf_proto_signal_destroying+0x240/0x240 [ 641.375631][T10395] ? rcu_read_unlock+0x8c/0xa0 [ 641.380561][T10395] ? tcf_proto_signal_destroying+0x240/0x240 [ 641.386568][T10395] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 641.391750][T10395] ? tcf_proto_signal_destroying+0x240/0x240 [ 641.397938][T10395] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 641.402894][T10395] ? lockdep_hardirqs_on+0x98/0x150 [ 641.408199][T10395] ? rtnetlink_bind+0x80/0x80 [ 641.412896][T10395] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 641.418981][T10395] ? lock_chain_count+0x20/0x20 [ 641.423867][T10395] ? __local_bh_enable_ip+0x13a/0x1c0 [ 641.429342][T10395] ? lockdep_hardirqs_on+0x98/0x150 [ 641.434595][T10395] ? __local_bh_enable_ip+0x13a/0x1c0 [ 641.440071][T10395] ? _local_bh_enable+0xa0/0xa0 [ 641.444950][T10395] ? __dev_queue_xmit+0x265/0x3660 [ 641.450230][T10395] ? __dev_queue_xmit+0x265/0x3660 [ 641.455450][T10395] ? __dev_queue_xmit+0x1b2c/0x3660 [ 641.460760][T10395] ? __dev_queue_xmit+0x265/0x3660 [ 641.465924][T10395] ? ref_tracker_free+0x690/0x840 [ 641.471521][T10395] netlink_rcv_skb+0x241/0x4d0 [ 641.476333][T10395] ? rtnetlink_bind+0x80/0x80 [ 641.481232][T10395] ? netlink_ack+0x1180/0x1180 [ 641.486119][T10395] ? __lock_acquire+0x7d40/0x7d40 [ 641.491416][T10395] ? netlink_deliver_tap+0x2e/0x1b0 [ 641.496645][T10395] netlink_unicast+0x751/0x8d0 [ 641.501497][T10395] netlink_sendmsg+0x8d0/0xbf0 [ 641.506296][T10395] ? netlink_getsockopt+0x590/0x590 [ 641.511666][T10395] ? aa_sock_msg_perm+0x94/0x150 [ 641.516649][T10395] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 641.522057][T10395] ? security_socket_sendmsg+0x80/0xa0 [ 641.527711][T10395] ? netlink_getsockopt+0x590/0x590 [ 641.532933][T10395] ____sys_sendmsg+0x5ba/0x960 [ 641.537791][T10395] ? __asan_memset+0x22/0x40 [ 641.542417][T10395] ? __sys_sendmsg_sock+0x30/0x30 [ 641.547594][T10395] ? __import_iovec+0x5f2/0x850 [ 641.552480][T10395] ? import_iovec+0x73/0xa0 [ 641.557174][T10395] ___sys_sendmsg+0x2a6/0x360 [ 641.561885][T10395] ? __sys_sendmsg+0x2a0/0x2a0 [ 641.566715][T10395] __sys_sendmmsg+0x2ca/0x510 [ 641.571811][T10395] ? __ia32_sys_sendmsg+0x90/0x90 [ 641.576936][T10395] ? __ia32_sys_get_robust_list+0x110/0x110 [ 641.582982][T10395] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 641.589050][T10395] ? lock_chain_count+0x20/0x20 [ 641.593948][T10395] __x64_sys_sendmmsg+0xa0/0xb0 [ 641.598923][T10395] do_syscall_64+0x55/0xa0 [ 641.603382][T10395] ? clear_bhb_loop+0x40/0x90 [ 641.608169][T10395] ? clear_bhb_loop+0x40/0x90 [ 641.612909][T10395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 641.618994][T10395] RIP: 0033:0x7faf9ef9c799 [ 641.623421][T10395] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 641.643407][T10395] RSP: 002b:00007faf9fe5d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 641.652030][T10395] RAX: ffffffffffffffda RBX: 00007faf9f215fa0 RCX: 00007faf9ef9c799 [ 641.660109][T10395] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006 [ 641.668232][T10395] RBP: 00007faf9f032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 641.676640][T10395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 641.684916][T10395] R13: 00007faf9f216038 R14: 00007faf9f215fa0 R15: 00007ffc1bf1c958 [ 641.693075][T10395] [ 641.696121][T10395] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 641.703411][T10395] CPU: 1 PID: 10395 Comm: syz.1.1427 Not tainted syzkaller #0 [ 641.710888][T10395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 641.720954][T10395] Call Trace: [ 641.724240][T10395] [ 641.727177][T10395] dump_stack_lvl+0x18c/0x250 [ 641.731903][T10395] ? show_regs_print_info+0x20/0x20 [ 641.737094][T10395] ? load_image+0x400/0x400 [ 641.741615][T10395] panic+0x2dc/0x730 [ 641.745523][T10395] ? bpf_jit_dump+0xd0/0xd0 [ 641.750046][T10395] __warn+0x2e0/0x470 [ 641.754024][T10395] ? u32_change+0x1c5a/0x24f0 [ 641.758703][T10395] ? u32_change+0x1c5a/0x24f0 [ 641.763370][T10395] report_bug+0x2be/0x4f0 [ 641.767690][T10395] ? u32_change+0x1c5a/0x24f0 [ 641.772358][T10395] ? u32_change+0x1c5a/0x24f0 [ 641.777204][T10395] ? u32_change+0x1c5c/0x24f0 [ 641.781974][T10395] handle_bug+0xcf/0x120 [ 641.786215][T10395] exc_invalid_op+0x1a/0x50 [ 641.790711][T10395] asm_exc_invalid_op+0x1a/0x20 [ 641.795550][T10395] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 641.800934][T10395] Code: f8 eb 59 e8 78 4f d9 f8 c6 05 51 c9 c7 05 01 b9 10 00 00 00 48 c7 c7 40 4f c7 8b 4c 89 f6 48 c7 c2 c0 4f c7 8b e8 96 09 a3 f8 <0f> 0b e9 86 f0 ff ff e8 4a 4f d9 f8 eb 24 e8 43 4f d9 f8 c6 05 f4 [ 641.820637][T10395] RSP: 0018:ffffc900032b6d40 EFLAGS: 00010246 [ 641.826707][T10395] RAX: a14c0cd940d84f00 RBX: ffff888030156000 RCX: 0000000000080000 [ 641.834674][T10395] RDX: ffffc9000cab9000 RSI: 000000000000c06f RDI: 000000000000c070 [ 641.842648][T10395] RBP: ffffc900032b6ef8 R08: ffffc900032b6a47 R09: 1ffff92000656d48 [ 641.850609][T10395] R10: dffffc0000000000 R11: fffff52000656d49 R12: ffff888030156c00 [ 641.858571][T10395] R13: ffff888030156ce8 R14: 0000000000000020 R15: ffff888030811dc0 [ 641.866558][T10395] ? tc_new_tfilter+0x8c6/0x1640 [ 641.871521][T10395] ? u32_get+0x370/0x370 [ 641.875873][T10395] tc_new_tfilter+0xe4f/0x1640 [ 641.880661][T10395] ? tcf_proto_signal_destroying+0x240/0x240 [ 641.886659][T10395] ? rcu_read_unlock+0x8c/0xa0 [ 641.891433][T10395] ? tcf_proto_signal_destroying+0x240/0x240 [ 641.897416][T10395] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 641.902531][T10395] ? tcf_proto_signal_destroying+0x240/0x240 [ 641.908504][T10395] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 641.913521][T10395] ? lockdep_hardirqs_on+0x98/0x150 [ 641.918717][T10395] ? rtnetlink_bind+0x80/0x80 [ 641.923390][T10395] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 641.929385][T10395] ? lock_chain_count+0x20/0x20 [ 641.934246][T10395] ? __local_bh_enable_ip+0x13a/0x1c0 [ 641.939624][T10395] ? lockdep_hardirqs_on+0x98/0x150 [ 641.944820][T10395] ? __local_bh_enable_ip+0x13a/0x1c0 [ 641.950210][T10395] ? _local_bh_enable+0xa0/0xa0 [ 641.955052][T10395] ? __dev_queue_xmit+0x265/0x3660 [ 641.960178][T10395] ? __dev_queue_xmit+0x265/0x3660 [ 641.965287][T10395] ? __dev_queue_xmit+0x1b2c/0x3660 [ 641.970483][T10395] ? __dev_queue_xmit+0x265/0x3660 [ 641.975648][T10395] ? ref_tracker_free+0x690/0x840 [ 641.980698][T10395] netlink_rcv_skb+0x241/0x4d0 [ 641.985471][T10395] ? rtnetlink_bind+0x80/0x80 [ 641.990144][T10395] ? netlink_ack+0x1180/0x1180 [ 641.994918][T10395] ? __lock_acquire+0x7d40/0x7d40 [ 641.999938][T10395] ? netlink_deliver_tap+0x2e/0x1b0 [ 642.005132][T10395] netlink_unicast+0x751/0x8d0 [ 642.009900][T10395] netlink_sendmsg+0x8d0/0xbf0 [ 642.014661][T10395] ? netlink_getsockopt+0x590/0x590 [ 642.019855][T10395] ? aa_sock_msg_perm+0x94/0x150 [ 642.024882][T10395] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 642.030162][T10395] ? security_socket_sendmsg+0x80/0xa0 [ 642.035610][T10395] ? netlink_getsockopt+0x590/0x590 [ 642.040806][T10395] ____sys_sendmsg+0x5ba/0x960 [ 642.045571][T10395] ? __asan_memset+0x22/0x40 [ 642.050193][T10395] ? __sys_sendmsg_sock+0x30/0x30 [ 642.055205][T10395] ? __import_iovec+0x5f2/0x850 [ 642.060056][T10395] ? import_iovec+0x73/0xa0 [ 642.064548][T10395] ___sys_sendmsg+0x2a6/0x360 [ 642.069218][T10395] ? __sys_sendmsg+0x2a0/0x2a0 [ 642.074004][T10395] __sys_sendmmsg+0x2ca/0x510 [ 642.078675][T10395] ? __ia32_sys_sendmsg+0x90/0x90 [ 642.083880][T10395] ? __ia32_sys_get_robust_list+0x110/0x110 [ 642.090001][T10395] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 642.095980][T10395] ? lock_chain_count+0x20/0x20 [ 642.100866][T10395] __x64_sys_sendmmsg+0xa0/0xb0 [ 642.105798][T10395] do_syscall_64+0x55/0xa0 [ 642.110221][T10395] ? clear_bhb_loop+0x40/0x90 [ 642.114890][T10395] ? clear_bhb_loop+0x40/0x90 [ 642.119560][T10395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 642.125445][T10395] RIP: 0033:0x7faf9ef9c799 [ 642.129859][T10395] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 642.149457][T10395] RSP: 002b:00007faf9fe5d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 642.157877][T10395] RAX: ffffffffffffffda RBX: 00007faf9f215fa0 RCX: 00007faf9ef9c799 [ 642.165841][T10395] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006 [ 642.173814][T10395] RBP: 00007faf9f032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 642.181863][T10395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.189929][T10395] R13: 00007faf9f216038 R14: 00007faf9f215fa0 R15: 00007ffc1bf1c958 [ 642.198004][T10395] [ 642.201492][T10395] Kernel Offset: disabled [ 642.205918][T10395] Rebooting in 86400 seconds..