last executing test programs: 3.03229492s ago: executing program 3 (id=338): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000d00)='./file0\x00', 0x2, &(0x7f0000000680)={[{@minixdf}, {@journal_async_commit}, {@nouid32}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@delalloc}, {@mblk_io_submit}, {@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3}}, {@noinit_itable}, {@init_itable_val={'init_itable', 0x3d, 0x4}}]}, 0xfa, 0x477, &(0x7f0000001900)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKgs1tCZCiFYPeDQk3o3/hfGkF6NeNPGqd0NCDBdQL2tmZwaWZbfd0m0X2M8nme57M6/73ndm3u6bebsbQM8ayf4kEVsj4o+IGMqztxYYyR+uX70w9c/VC1NJVKtv/53Uyl27emGqLFr+35Y8U60W+Q1N6r34XsRkpTJztsiPLZz+cGz+3PkXZ09Pnpw5OXNm4ujRQwf3DB6ZONyROLO4ru36ZG73zmPvXnpz6vil939O0sjjjoY4OmUk37tNPdPpyrpsW1066a/fsvfXm+lmZwLd1BcR2eEaqPX/oeiLTTe2DcXrn3e1ccCaqlar1SVelRerwH0siW63AOiO8o0+u/4tl3UaetwVrrySXwBlcV8vlnxLf6R5Yu9Aw/Xt1g7WPxIRxxf//TpbYo3uQwAA1Ps+G/+80Gz8l8YjeWIw+/NAMYcyHBEPRsT2iHgoInZExMMRtbKPRsRjK6y/cYbk9vFPevmOg2tDNv57uZjbunX8l5ZFhvuK3LZa/APJidnKzIFin+yPgQ0nZpOZ8SXq+OG1379sta1+/JctWf3lWLBox+X+hht005MLk6uJud6VzyJ29TeLP4lyGieJiJ0RsesO65h9rr/ltuXjX0Lrp21b9ZuIZ/PjvxgN8ZeSlvOT4y8dmTg8tjEqMwfGyrPidr/8dvGtVvWvKv4OyI7/5qbn/434h5ONEfPnzp+qzdfOr+jps64TF//8ouU1TRF/1r3aOf+PbSvO/8HkndqKwWLDx5MLC2fHIwaTN25fP3Hz2cp8WT6Lf/++5v1/e9zcE49HxO6I2BMRT2QXhUXbn4yIpyJi3xI74adXn/5gmfibHP/1mSvN4p9e7vhH/fFfeaLv1I/fLR//xohodfwP1VL7izXtvP6128DV7DsAAAC4V+SfgU/S0RvpNB0dzT/DvyM2p5W5+YXnT8x9dGY6n/cejoG0vNM1VHc/dLy4N1zmJxryB4v7xl/1barlR6fmKtPdDh563JYW/T/zV1+3WwesuQ7MowH3KP0fepf+D70p0f+hp+n/0Lua9f9PW5Ye/XZNGwOsK+//0Lva6P+L+UPrUQFwb/L+D71L/4ee1PK78emqvvK/7on/it8zvFvac/8nIr0rmnH/J/rb/jGLFSSqQ3n/z9ZsaFqm269MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfF/AAAA//8Qi+Nc") syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2ca, &(0x7f0000001440)="$eJzs3U9rI2UYAPBn8mcS9ZAcPInggB48Lbt79ZIiuyD25BJBPWhxd2FpgrCFwqo47smrFw9+BkHwg3jxG/gBBG9WKIzMZNJJ2pg2panY/f0O7dt3nmfeZ94M7bTQJ5+9Pt1/mMXj51//Hv1+Eq1RjOIoiWG0Yu7bWDL6PgCA/7Ojoog/i5lN8pKI6G+vLABgiy7287/TDH+5lrIAgC168NHH7+/s7t77IMv6cX/63eG4/M2+/Dw7vvNhPIlJPIrbMYjjiOpBoRvV00I5vF8URd7JSsN4a5ofjsvM6ae/1uff+aP+Y0FpWH08edqo8t/bvXcnm1nIz8s6Xi7zH8eTUbn+3RjEqyfJS/l3V+THOI2335zlV/XfikH89nl8EZN4WBXR5H9zJ8veLX7466tPyvLK/CQ/HPequEbRvsaXBQAAAAAAAAAAAAAAAAAAAACAG+5W3TunF1X/nnKq7r/TPi6/6EY2N1zuzzPLn7f2WeoPVBRFXrXLmfXXuZ1lWVEHNvmdeK2z2FgQAAAAAAAAAAAAAAAAAAAAXlwHz77c35tMHj29ksG8G0AnIv5+EHHZ84wWZt6I9cG9es29yaRVD5djOosz0Z7HJBFryygv4oq25bzBS2dqrgc//bzpCfvNTJKsjumuXuvgWfuyr1d+emZ+d+3vJav3sBfzmX696I9pRBOTxgVXT//tUBGb3H7pykODjXcjfaUa5GtiIllX2Dv1ztUzyemrSKtdXZnerQcL6afujQvdz9GfpZ/9XpHo1gEAAAAAAAAAAAAAAAAAAFvV/PfvioPP16a2it7WygIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAa9W8//8GgzwiuvUJzglO4+lBFZf8p5cJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfdPAAAA//+cAVSV") sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000780)={0x174, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FTM_RESPONDER={0x114, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x8, 0x3, "d1b55cc0"}, @NL80211_FTM_RESP_ATTR_LCI={0xdd, 0x2, "023af1cf9ba037ffb69de1fdba7cd8250bea61866ae4314f76fef4e1dbe77cec3c2120e9009ad7952bf7534c5f86b939067a5400b5381fc586f4999195ee12ded887c596ee9688d3735a0df971f6a9742d90be4422d8034923457f9ae0edd78e4141708b3e8e445e2dbc48920519a81b9417a463bf581da1abd418e7d115de2f1a69d1f8816bfb7cf04cbd5202e0f1f9938b2f67e105ea7e44d152efdd06dd7c80535a157c261972be3092ea7c3e4a8ec13a52ea997b89cc2e7afdde8480398f237def98bb00ad801c27d98808a56d81f61fd35a404f9485c8"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1e, 0x2, "959789d71acfdca7027a657e268d7fbdae374b458a11f8e986d5"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_FTM_RESPONDER={0x44, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x3b, 0x3, "b4e85e844b983068d9178ac8f0083e3770c5904b0554aa8453933c94355474cad2d6ebba3eef40a087cfdc4127e71b7e8ceed1a595a5a8"}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x20008051}, 0x841) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) read$msr(r0, &(0x7f0000000d40)=""/43, 0x2b) 2.487063082s ago: executing program 3 (id=343): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=ANY=[@ANYBLOB="94010000100001000000000000000000fc010000000000000000000000000001000000000000000000000000000000000000ecdf00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc010000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000"], 0x194}}, 0x4050) 2.203325129s ago: executing program 3 (id=347): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000002c80)=@gcm_128={{0x304}, '\x00', "362574ad5924c0c5aedd72261081b10f", "0700d871", "d97ab19fbd9a8e17"}, 0x28) sendto$inet6(r0, 0x0, 0x0, 0x80c0, 0x0, 0x0) 2.027755169s ago: executing program 0 (id=349): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) syz_emit_ethernet(0x7a, 0x0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file1/file3\x00', 0x4014, &(0x7f0000000140)={[{@auto_da_alloc}, {@norecovery}, {@noblock_validity}, {@noacl}, {@lazytime}], [{@fowner_lt={'fowner<', 0xee01}}, {@smackfstransmute={'smackfstransmute', 0x3d, ')&]^-\'%+,['}}, {@subj_role={'subj_role', 0x3d, 'fowner<'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'noblock_validity'}}, {@smackfsfloor={'smackfsfloor', 0x3d, ',]'}}]}, 0x1, 0x40c, &(0x7f0000000280)="$eJzs3c9PHFUcAPDvDGwplLo08VD1QtREEiMU2qpNNJF48dCe7KFHCdBKCq0BTGxD/BGNN000/gH1oP4JHvXg/6Bn60GbEMNB6sFkzezOwLo/aJfuupR+Pslk35s3O+/NvL7Zmdc3jwAeWeMR8VpEDETEqYgo5+vTfIkPa0u23fbWxvzfWxvzSVQqb/6ZRJKvK/aV5J/H8h1MpBHpJ0k81SLftRs3r84tLy+u5vGp9ZV3ptZu3HxhaWXuyuKVxWszL54+c/bsy+dmXurasW6uJJ89++353774dOHLn//4YSwr72ieVn8c3TIe4zvnpNG5bmfWZ0frwslgHwsCAMCe0vzef7B6/1+Ogdi9eSvH5z/1tXAAAABAV1QqxScAAABweCWe/QEAAOCQK8YBbG9tzBdLH4cj8D/bnI2IsVr9382XWsrgzju9pYb3e7tpPCLeOHphJluiR+9hAwAAADzKfpytTfzX3P/3T+Vk3XbDETFSzO3XReMN8eb+n/ROl7OkzuZsxCsRcbep/y8tNhkbyGPHq12FpeTy0vLiqYh4LCImojSUxaf3yOP9p69+1y6tvv/v1u1L01n+2efuFumdwaH/fmdhbn3uQY6ZXZsfRTw52Kr+k50+3/p5MjNLHebx1tL2q+3SsvrP6vvW7Uul1vVPL1W+TuK5lu1/d+bSZO/5Waeq14Op/Kow1JzHr6PffNwu//r2ny1Z/sX/BdB7Wfsf2bv+q/Pk7szXu9Z5Ht//deGXdmn3rv/W1/8jycVqAY/k696bW19fnY44kpxvXj9T6rzQD5t2Ew03qJ2P3fOV1f/EM61//0/W7fp4/ntf3kfRXv/gxMV2adp/f2X1v9BR++888PbIExPt8r+/9n+mWphiJ+7/7u1+K6jf5QQAAAAAAACgO9KIGC0n6WQRjjSdnKyN8308RtLl62vrz1++/u61hdoYwLEopcX4z3LdeNDp2mvkO/GZhvjpiDgREV+Vh6vxyfnh6rgDAAAAoPeOVZ/5m5//M7/v52UPAAAA4GAa63cBAAAAgJ7z/A8AAACH2oPM67+8uFr8iaB9fl3goQskcSCKMZD/wzsop+XwBfp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg/g0AAP//Ogi85g==") socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="12000000050000000800000002"], 0x50) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000180)={@cgroup, 0xffffffffffffffff, 0x18}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r3, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000100)=r2}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r4, &(0x7f00000003c0), 0x0}, 0x20) ioctl$sock_ifreq(r1, 0x8931, 0x0) 1.996095724s ago: executing program 3 (id=350): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xac5) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x2810400, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000540)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0x5) gettid() futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000500)='./file0\x00', 0x8415, &(0x7f0000000ac0)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@nodiscard}, {@data_err_ignore}, {@abort}], [{@measure}, {@context={'context', 0x3d, 'unconfined_u'}, 0x22}, {@smackfsfloor={'smackfsfloor', 0x3d, '\xb6lt\xa7{\buY\xec(\xce\x9c:\xecv\x97_?\xb1\xc2\rBA\xd0\x90\x9f\x9c%\xef3\xc0\xf7\x0e\xd0\xd6\x8eRww/\xea\x14\x11\x1b\xe9\x94\xba\a1\x82\xeb$b\xeb\x84\x8bR\x87\t\xba\xef\x06\x00\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x36, 0x65, 0x61, 0x0, 0x39, 0x31, 0x38], 0x2d, [0x34, 0x38, 0x39, 0x35], 0x2d, [0x39, 0x38, 0x62, 0x32], 0x2d, [0x65, 0x31, 0x39, 0x38], 0x2d, [0x63, 0x38, 0x63, 0x64, 0x34, 0x62, 0x65, 0xe]}}}]}, 0x0, 0x54a, &(0x7f0000000540)="$eJzs3c9vI1cdAPDveO10f2SbFDhAJdrSFu2uYO1No7YRh1IkVE6VgHLgtoTEiaI48RI77SZa0UT8AUgIARInuCAhJP4AJFSJC0eEVAnORQWBEGzhABLdQWOP3eDYSZo4Nk0+H2l23o+Z+b5neWbnzUw8AZxbL+bTgzRNb0TEVF5eyKcns8xOxBMR8c79ewvZlESavvK3JJK8rLOttOWhuNJeJaIY8eUvRHw92R+3sbW9Ol+rVTfyfKW5dqfS2Nq+ubI2v1xdrq7Pzs48N/f83LNzt07SvaUreeJqRLzw+T9979s/eemFX376tT/c/sv1bybtNr8ePf14n4oHVba7XoqLef5GPt84ZrD/R8W9iUtHW2c3/4oAADBa2Xnph/Lz/AeHLPvuiNoEAAAADFf62cn4T9K5d7fPxIByAAAA4AOkEBGTkRTK+fO+k1EolMvReob3I3G5UKs3mp9aqm+uL2Z1EdNRKiyt1Kq38meFp6OUZPmZVvq9/DM9+dmIeCQivjt1qZUvL9Rri+O++AEAAADnxJWe8f8/p9rjfwAAAOCMmR53AwAAAIBTZ/wPAAAAZ5/xPwAAAJxpX3z55WxKO++/Xnx1a3O1/urNxWpjtby2uVBeqG/cKS/X68ut3+xbO3Bj3RdBr2/erTSrjWalsbV9e62+ud68vdJ9BTYAAAAwYo88/sbvk4jY+cyl1pSZ2FP/7/w9AWNrIHBqupfsIsnnE/sXeuvh9oJ/HF27gNN3YdwNAMamOO4GAGNTGncDgLFLDqkf+PDOb/L5J4bbHgAAYPiufWzw/f9CxEtTA9fcKYyoicApsRPD+eX+P5xfrfv/fR7568vJApwpJWcAcO6d+P7/ofwNEQAAjNtka0oK5fzy3mQUCuVyxNXWawFKydJKrXorIh6OiN9NlR7K8jOtNZNDxwwAAAAAAAAAAAAAAAAAAAAAAAAAQFuaJpEe4MkDawEAAIAPgojCn5NftX/L/9rU05O91wcmkn9NRf6K0Nd++Mr37843mxszWfnfu+XNH+Tlz4zjCgYAAADQqzNO74zjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGB4dvP5vYV37t9bGGXkv34uIqYjsridqV1TjIut+cUoRcTlfyRR3LNeEhEXhhB/J+v6R/vFT7JmdUP2i3/p9OPHdP4p9It/ZQjx4Tx7Izv+vNhv/yvEE615//2vGPE/+eMafPyL7vHvwoD9/+oRYzz65s8rA+PvRjxa7H/86cRPBsR/6ojxv/aV7e1BdemPIq5F//h7Y1Waa3cqja3tmytr88vV5er67OzMc3PPzz07d6uytFKr5v/2jfGdj//iwUH9vzwg/vQh/X+67xbf/kZvybtv3r3/4Xay1C/+9af6xP/1j/Ml9scv5P/3fTJPZ/XXOumddnqvx37228cO6v/i/v4nsef7N6j/1wdttMeNL33r7SMuCgCMQGNre3W+VqtuDCdRHPIGk+KJt5ON0ofXwbOWuBjHWj1NIsbf+BMnXt9f9fjx+5WmaZrtUydoWDKcT3Vi73f+rXgfqyfdktbh4adfbc0mxnuQAgAAhuK9s/9xtwQAAAAAAAAAAAAAAAAAAADOr1H8ylpvzN1uKhnGT2gDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzFfwMAAP//dg/i2w==") munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) write$binfmt_aout(r0, &(0x7f0000000500)=ANY=[], 0xff2e) socket$l2tp6(0xa, 0x2, 0x73) 1.564528566s ago: executing program 2 (id=353): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x800000, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x12, 0x6, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000004"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r2, &(0x7f00000003c0), &(0x7f0000000580)=@tcp=r4}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r2, &(0x7f00000003c0), &(0x7f0000000300)=@tcp6=r4, 0x1}, 0x20) capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000000)={0x6, 0x6, 0x4, 0x0, 0xffffffff, 0x2}) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0x19, 0x2, {0x1c8, {0x80, 0x6, 0x100}, 0x8b, 0x0, 0x0, 0xff, 0x5, 0x4000084, 0xbf44, 0x170a, 0x10001, 0x2, 0x5, 0x2, 0x5, 0x5, 0x4, 0x8000000000405, 0x4, 0x8}}, 0xa0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, 0x140f, 0x1, 0x70bd28, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x9, 0x45, 'umad\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000010) r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4d, 0x600, 0xf, 0x80, 0x0, 0x0, 0xfc, 0x1, 0x80, 0x4, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3]}}) r8 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r8, 0x5393, &(0x7f00000001c0)) mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a70000000060a0b0400000000000000000200000244000480400001800b00010074617267657400003000028014000300e18eb063bae294fe8f45a9b02fdf068408000240000000010d000100434f4e4e4d41524b000000000900010073797a30000000000900020073797a320022000014000000110001"], 0x98}}, 0x0) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r11 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r11, 0x84, 0x10, &(0x7f0000000140)=@assoc_value, 0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r11, 0x84, 0x10, &(0x7f0000000700)=@assoc_value={0x0, 0x80c2}, &(0x7f00000000c0)=0x8) close_range(r10, 0xffffffffffffffff, 0x0) 1.529843162s ago: executing program 0 (id=354): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="bc0500000000000071105a00000000001ca00000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffffb}, 0x48) 1.400224235s ago: executing program 1 (id=355): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xfc) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f00000003c0)={@val={0x70, 0x886b}, @void, @eth={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x2, 0x2, 0x2c, 0x64, 0x0, 0x56, 0x6, 0x0, @loopback, @multicast2, {[@timestamp_prespec={0x44, 0x4, 0x74, 0x3, 0x8}]}}, {{0x4e20, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x1, 0x0, 0x6}}}}}}}, 0x3e) 1.36363901s ago: executing program 0 (id=356): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10000, &(0x7f0000000080)={[{@quota}, {@delalloc}, {@acl}, {@journal_dev={'journal_dev', 0x3d, 0x11}}, {@usrjquota}, {@bsdgroups}]}, 0x1, 0x50a, &(0x7f0000001f40)="$eJzs3M9vVNUeAPDvnXZoC49HH49HQh/vvQLP2JjYQkFh4QYTExeaGHEhy6YdSGUAQ7sQ0siQGFyTuDcujTtN3OrSuPIPwIULE0NClA1gYjLmztw7nc6PzrTW1rafTzJwzp17z7nfuefMnHtP7w1g1xpP/0ki/hYR9yPiQD27coXx+n9PHi3NPn20NBuVavXCz0ltvcdpPpNvty/LTBQiCh8kLQXWLdy8dWWmXC7diEotP7V49d2phZu3np+/OnO5dLl0bfrcuTOnT519cfqFFWVHxHDPoDrUl8b1eOz960ePvHrx3uuzg62FNcfRVb7VL5Weq0b+2XbxTHN5O8D+pnTSHtftTd0Z+jacNcNi2v+XyscvbvUOAZumWq1Wh7q/Xam2utO2BNi2ktjqPQC2Rv5Dn57/5q/6kuJmDD+23MPz9ROgx4+WqrdjcPZJI/7BKGTrFFvOb1OrjJnWZDwi3q78+nH6itWuQ/ywQRUCALve1+ezYWASLeO/QhxuWu/v2RzKaET8IyIORsQ/I+JQRPwrYsW6KyQR1VXqP9S6oFH/F9ksQuHBemPrRzr+eymb28pfWb35KqMDWW5/RD5gLp3MPpOJKA5dmi+XTnUpf0+P+pvHf+krrT8fC2b78WCwZbA5N7M4s75o2z28EzE22Bp/MpgeuHwaJ4mIIxExtoZyR5vS8899erSRaTmt6B1/TbXDlN6GzJ9VP4l4tn78K9GIf2TFJGLSPD9ZaJufnBqOcunkVNoKTnbcyW+/u/tGt/p7xv/lj62bvHL2qwt/PPBMevz3NrX/yOdvl+MfTSKSxnztQkR1YG113P3+w1q54yfa31tv+9+TvFVL5/3rvZnFxRunIvYkr7Uvn17eNs/n66fxT5zo3P8PZtukn8S/IyJtxP+JiP9GDOT7fiwijkdEh9Aavnn5/+90e6/P9v+nSeOf6/j9l2TtoHb8l+fr+0zk5adLBq4cu/90rPPEfRb/gdWP/5laaiJb0vn7L1nxFdHvnm7ARwgAAAB/eYWo/e1/YbKRLhQmJ+vXgA7F3kL5+sLi/yLi2lz9HoHRKBYuzZdL+QW50Sgm+fXP0ab8dEv+dHbd+KOBkVp+cvZ6eW6rg4ddbl+tzydt/T/10xqv8wLb0A66Dw1Yo179//C9TdoRYNP5/Yfdq6n/d3uyRcVfysDO5Pcfdq9O/f92fLbqvQu+M2D7q+rLsKut3v97P28T2L4G481Gunbbc8e7bYGdqPvvvzMD2MF63yQ/tOZ7/5cT1aHObw1HhycGDK+rip6JkQ51bUkiHVltYIHFiOhv5ZH1VJEPAbs/4aGwtgKHov2tgVhtq6TzcxwiotJ1q/RT6bk/lw/32/hLN5Kn9Qdl9ggwfybKRjebz5f7abHPw90l8Vu/zc/5PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsKP8HgAA//87jdA6") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000440)={'#! ', '', [{0x20, '\xd4T\xc1V2E\xda\x06\xf4\xc5\xcb\xfc_\x97{\xc72\\\x81\f\xfay\x9enu\xa2\xa6^\xd40d9\x02\xf1Ke\x1d\x12\xe6N\x86\xa9\x98\xe6B\xa5s\xb8\x88\xc2\x9e\xa5\x0e\x9f\xfb\xf6\xb7\xf9q\xcb\x10eL\xab\x8a\xd0\xb8\x03\xb8\xe6\xa3\xe3\xbe\xafQl\xc5\x9e\xd2\x12\x18'}]}, 0x56) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) listen(0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 1.243811971s ago: executing program 3 (id=357): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x21c91c, &(0x7f0000000180)={[{@nodioread_nolock}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@resgid}, {@norecovery}, {@quota}, {@resuid}, {@sysvgroups}, {@resgid, 0x32}]}, 0x1, 0x50c, &(0x7f00000008c0)="$eJzs3U9vG2kZAPBnnDibNgnJCg7LSrus6KIkgjoJYbsRh2WREJxWApb7EhIniuLEUeK0TVQgFR8ACSGKxKknLkh8ACTUj4CQKsEdAeKPoIVDJWiNZmynaTppXNWOS/z7SZN5550ZP+9jK6/nnRmNA+hbb0XEpYh4VK/XpyNivFlfaE5x0JjS7e7fu7GUTknU6x/+I4lIGnXpZlNHXnOkudtwRHzzaxHfSZ6Ou7O3v75YqZS3m8sztY2tmZ29/ctrG4ur5dXy5vz83JWFdxfeWZjtSJ6jEfHeV/78kx/+/Kvv/fpz1/7w0V+nvjfUrI94nEenNVIvZu9Fy2BEbHcjWI8MZhkCAPD/oHWc/+mImI7xGMiO5gAAAIDzpP6l0fhvElFvy3B7mwEAAAAvlUJ2D2xSKDXvAxiNN26VSo17eD8RFwuV6k7tsyvV3c3lxr2yE1EsrKxVyrPNe4Unopiky3NZ+XA5Ih4cXS7PR8SrEfHj8QvZcmmpWlnu9ckPAAAA6BMjx8b//x4vFNLx/xH/6VnjAAAAgM6Z6HUDAAAAgK4z/gcAAIDzz/gfAAAAzrWvf/BBOtVbv3+9fHVvd7169fJyeWe9tLG7VFqqbm+VVqvV1eyZfRunvV6lWt36QmzuXp+plf821qir7m7WPlp74iewAQAAgDP06qfu/D6JiIMvXsim1FCvGwWcicHn2fhP3WsHcPYGet0AoGee6/sfOFeKvW4A0HPJKeuHb383f8VvutEaAACgGyY/mX/9f+DUcwMHhTNqItAlzv9B/3L9H/qX6//Qv4oxEAby0N9OegToSHN+4sM72r7+X68/d6MAAICOGs2mpFCKyM4DjEahUCpFjGVjgmKyslYpz0bExyLid+PFV9LluWzPJJLTbhoGAAAAAAAAAAAAAAAAAAAAAAAAADL1ehJ1AAAA4FyLKPwlyZ7mHzE5/vbo8fMDQ8mD8WweEdd+9uGt64u12vZcWv/Pw/raT5v1n+/FGQwAAADguNY4vTWOBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBOun/vxlJrOsu4f/9yREzkxR+M4Ww+HMWIuPivJAaP7JdExEAH4h/cjIjX8uInabNiotmKvPgXehx/pAPxoZ/dSfuf9/P+/wrxVjbP//+7kvVQL+7k/q9w2P8N5MRP68YOS8/2+t1fzpwY/2bE64P5/U8rfhJjT8Y/aPQ/l9rM8dvf2t8/aV39dsRk7vdPcrhNWpqpbWzN7OztX17bWFwtr5Y35+fnriy8u/DOwuzMylql3PybG+NHb/zq0bPyv3hC/InD/PP737fbzP/h3ev3Pt4oFg93Tx7Hn7qU//m/dkL8QvNT/0yznK6fbJUPGuWj3vzFb99sld/PyX/5eP7Tcezzz89/qs38p7/xgz+2uSkAcAZ29vbXFyuV8nZfF17o3UgPi16KLF6oMNStLNL39WVIMK/w/S68cnpk3uu82ikMn7JNxCs97ZkAAIBOe3oMDAAAAAAAAAAAAAAAAAAAAJy1Lj9p7GFaKB6LeZD97cTT8wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOud/AQAA////B9CV") 1.06842504s ago: executing program 1 (id=358): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x3, 0x4) sendto$inet(r0, &(0x7f0000000000)="04915000", 0x4, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) 932.446583ms ago: executing program 0 (id=359): r0 = socket(0x2b, 0x80801, 0x1) listen(r0, 0x9) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x148}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000044) 911.305407ms ago: executing program 3 (id=360): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x42}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r2, 0x1, 0x8, 0x8, 0x2, 0x6}, 0x14) 852.487327ms ago: executing program 2 (id=361): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000080000000050000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r1, 0x0, 0x5d, 0x0, &(0x7f0000000140)="b379bc8f09ac623843040b134796ca89edf0eb7e5e9008b866e6c9b81c70055214e74617de49f1209e7ebee3b00703733bd113e1a837acaec30e9b942561362070858f3d53803e949cac4a80e3ab2ba657376c0b174a17427595d345ec", 0x0, 0xffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) 852.266197ms ago: executing program 1 (id=362): r0 = socket(0x18, 0x6, 0x0) accept4$llc(r0, 0x0, 0x0, 0x80000) 694.590413ms ago: executing program 2 (id=363): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000000)={0x6, 0x6, 0x2, 0x0, 0xffffffff, 0x2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x1a1, 0x0, &(0x7f0000000540)="e30080670000ec67838717bd86dde148f0630962bb87dd44fe42904bcee14db4241544716bd9c62231ed3373a3e2995363bb217d9c1fd05dacf5bb80b4b7c9c3abc539bfa9ce38978defbb39a1ffa8a175e8257c3c5386795f7aaa2b182cc4c3705dc9f253d21fba2eace93b558c750cfba810dc7a19dbb15a5a39c850a7541d5e2765acdedc1330ff030000b727e42ad8305aaecab5141901b2fe9df9b70001000000002e226c0d3da103584e12f876c1ceeb5cde8d693c54260d41d1037995a1cd288118dbf12115ce226253e5a18f67ce0dadaaa51388f90ba0e104cc90ab1ffb103d4875d667fab1d2ab0f37a5d7964da187d982a1b03a2871abf3c69b6302e18a7c98eddb1bff82830721a399c20000008fd5e97fcad5bdf82bd8271643b28efad5b464465a978e95a26785ae67dc11e634c7e30d853049017c970145ddfb98293210ae7dba87befd9832d5b1b6ed003bb67548aada7778d4af9ec26c99038d63137e25a91c28b165226f2cad3fd4a8761a549bfee3306273f309e7f7fe9dc3654b2e8798ccf92f98fb81cb63bac6beae374d7b07b6f388d99ea3322c53cf", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfa1d}, 0x50) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x28101) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 660.338209ms ago: executing program 0 (id=364): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x1000000, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1211, &(0x7f0000001280)="$eJzs3E9rXFUYB+A3aU1iav6otdqCeNCNbi5NFm50EyQF6YDSNkJbEG7NjQ65zoTcITAi1oLg1s8hggjuBHGnm2z8BoK7bFy2IF6ZuZI2ZrpIKZkSnmczL7znN5wzwxmYw5zZe/ubTzc3qmwj78XkxERM3otId1OcismImIqBL+ONt3797eWr129cXmm1Vq+kdGnl2tKbKaX5V36++fl3r/7SO/PBj/M/Tcfu4od7fy3/uXtu9/zeP9c+aVepXaVOt5fydKvb7eW3yiKtt6vNLKX3yyKvitTuVMX2gf5G2d3a6qe8sz43u7VdVFXKO/20WfRTr5t62/2Uf5y3OynLsjQ3Gxzd6f1q7du7dV1H1PVTMRV1XddPx2yciWdiLuZjIRbj2Xguno+z8UKcixfjpfjhj+/7gwQAAAAAAAAAAAAAAAAAAADw+Bz1/v/54ahxzxoAAAAAAAAAAAAAAAAAAABOlqvXb1xeabVWr6Q0E1F+vbO2s9Y8Nv2VjWhHGUVcjIX4O4a3/xtNfend1urFNLQYd8rb/+Vv76ydOphfGv6dwMj8UpNPB/PTMftgfjkW4uzo/PLI/Ey8/toD+SwW4vePohtlrMcgez//xVJK77zX+l/+wnAcAAAAnARZ2jfy+3uWPazf5A+dD9ycaRqHzwdS3PlqPz8YcuH0+NZNo+p/tpmXZbGtOJZisKseNT413snfq+v6iXgNx1E8fKdMR8QjP/NERDwZCzxUjPuTieNw/00f90wAAAAAAAAAAAA4iuP4OeG41wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC/7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//3RTyj0=") 524.356262ms ago: executing program 2 (id=365): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000140)=0x40, 0x4) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, 0x0, 0x0) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r3, 0x0, r1}, 0x10) 524.079612ms ago: executing program 1 (id=366): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64, @ANYRES64, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="ecff000001"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="0000000001"], 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="0200"], 0x48}}, 0x0) 449.459734ms ago: executing program 1 (id=367): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000001500)='\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x9}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)="08e0ac8fb1d99df61d7b518d0a62", 0xe}, {&(0x7f0000000180)="8a", 0x1}, {&(0x7f00000005c0)="f5fbfd4f1595317700ff55f1f960ff70fba64053ef1c952b8561071ccfbed96b7227eaaf92a1358afc148a8aafa58b2444561acf9a5114b207019da8518fea9fd189e3616ec0ad37f86f431d6f4f1fbe1b0e3e640ac2b1f7ff33cf28d27c40513b6cee87fbd144c842c5c7b6752ea19efcfca738ac5207318c1bc30db2a727ce9a82303920eb2a3b0aa99902f8423e754843e7d6ceb06048a8d918680c042a42370dc807a398af793f4b1a3107c3771474ba13d826ce5634d33c485f3f97cffc9ea1e026f4327e96d5a40268c75358061e75633ebe43e946f2bad55973c81fff7d4843dd1db36180dd3b5692f98ace6805c67a9e20216aac908b9a6111c6", 0xfe}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce90bfdb", 0x4}, {&(0x7f00000007c0)="f2e659", 0x3}, {&(0x7f0000002e40)="d4", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000003000)="e1", 0x1}, {&(0x7f00000010c0)="fa", 0x1}, {&(0x7f0000001680)="d8", 0x1}, {&(0x7f0000001600)="f2964dd1", 0x4}, {&(0x7f0000000580)="b8a2f6", 0x3}, {&(0x7f00000002c0)="7940e900e0377757a9edc0d9376c21328ad2f7584fe4c8b712b3e5e08ecff5258151bd9eea7b4ce21f67ab51922ce035987127fda5812df903188e321419610f4beb6cdf6fa073876157c4f1d2054439d8db3f4d937872de928b62741fd60e6b56979ad883f89a02e24a577275bfb498b7a127abd0eb099e704d18d63dad611b45acfc3b8dc5457c8383d7d8621942e8e2ce6e4017dd6e5ed9732e739be6593c3b033524669ce17c3b822a6953eb11a20921220000000000000000", 0xbb}, {&(0x7f0000000280)="87", 0x1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000880)="87", 0x1}, {&(0x7f0000000900)="11e09017", 0xfffffec4}], 0x2}}], 0x4, 0x4000000) sendmmsg(r0, &(0x7f0000002c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000004) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4) 434.272697ms ago: executing program 2 (id=368): socket$inet6(0xa, 0x80002, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') read$eventfd(r0, &(0x7f0000000080), 0x51) 228.112462ms ago: executing program 2 (id=369): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r2, 0x3, {0x1, 0xff, 0x4}}, 0x18) sendmmsg(r1, &(0x7f0000003dc0)=[{{&(0x7f0000000180)=@can, 0x80, &(0x7f0000001840)=[{&(0x7f0000000440)="4e358ed59ee7a636d3a35d9bb1a218701d8f", 0x12}], 0x1}}], 0x1, 0x48010) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050) 209.463415ms ago: executing program 0 (id=370): set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800) syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x8000, &(0x7f0000000340)=ANY=[@ANYBLOB="e3e103c43ca1442b21eba1a45658601fc7f350c576e7ff90af737ac95043834f213c23bf0544470549e0110c9542b098f3e8c84f53bf1468", @ANYRESHEX=0x0, @ANYBLOB=',dos1xfloppy,dots,nfs,nocase,quiet,dots,nodots,nodots,flush,dots,dots,dots,dos1xfloppy,nocase,nodots,dots,umask=00000000000000000000000,\x00'], 0x21, 0x23d, &(0x7f0000000a40)="$eJzs3cFqE0EcBvB/27Td9mLP4mHBi6eivkGQCOKCENmDnlyoXloR0svqKY/hM/hIPkZPva3YXZq6UQ+yySbu7wdhP/IxMHPJ5DCTvHvw8fzs0+WH6vvXSJI0RhHzuI44id3Yi9pO89y9yQdx1zwAgG0znRbjvudAh3aW3jmKiGI/Ig6XqvzbmmYFAAAAAAAAAABAx5z/B4Dhcf7//zebjYvj5vvbr5z/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPpzXVX3qr+8+p4fANA9+z8ADI/9HwCGx/4PAMPz+s3bl+Msm0zTNIm4mpd5mdfPun/+Ips8Tm+cLEZdlWW+3+Rs8qTu03Z/3Ix/+tv+IB49rPuf3bNXWas/jLNVLx4AAAAAAAAAAAAAAAAAAAA2xGl6q3W/f6/uT//U1+nO7wO07u+P4v5obcsAAAAAAAAAAAAAAAAAAACArXb5+ct5cXHxfiYIt+Eo/mFUEpsxeaGT0PcnEwAAAAAAAAAAAAAAAAAADM/i0m/fMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/iz+/391oe81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMPwIwAA//++jJCI") bpf$PROG_LOAD(0x5, 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x4eb) io_uring_register$IORING_REGISTER_RESIZE_RINGS(0xffffffffffffffff, 0x21, 0x0, 0x1) syz_mount_image$ext4(&(0x7f00000009c0)='ext4\x00', &(0x7f0000000540)='./file0\x00', 0x800718, &(0x7f0000000200)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@mblk_io_submit}]}, 0x0, 0x48d, &(0x7f0000000a00)="$eJzs281rHOUfAPDvTLKb9teX5FfrS2vVaBGCYtKkVXvwolQQqSjooR5jsi2h20aaKLYWm4p4EqSgZ/Eo+hd4E0HUk+DVkycpFO2lrafITGaSTbp5odlk0+7nAzP7PDPP7Dzfnbdnn2c3gI7Vn82SiJ0R8UdE9M5lFxfon3u5ef3i2K3rF8eSmJ198+8kL3fj+sWxsmi53Y4iM5BGpJ8kxU4Wmzp/4fRovV47V+SHps+8OzR1/sIz758ZPVU7VTs7cvTokcPDzz838mxL4sziurH/o8kD+155+8prYyeuvPPLd1l9dxbrG+Nolf4s8H9mc0vXPdnqnbXZrnzek8+T7jZXhjXriojscFXy6783umLh4PXGyx+3tXLAhsqeTT3Lr56ZBe5hSay1ZKXhngHc/coHffb9t5w2odmxZVx7ce4LUBb3zWKaW9MdaVGmMv/9tvX6I+LEzL9fZVNsUD8EAECjz8a+PF6Nnvjw1revZm2P3vk1aTyQv/6Zz3cXYyh9EfH/iNgTEfdFxN6IuD8iL/tgRDy0zvrc3v5Jr67zLVeUtf9eKMa2Frf/ytZf9HUVuV15/JXk5ES9dqj4TAai0pPlh1fYxw/Hfv98uXWN7b9syvZftgWLelztXtJBNz46PRqV9US94NrliP3dzeJP5kcCkojYFxH757da0wDP7jIx8dQ3B5YrtHr8K2jBONPs11l4M1n8M7Ek/lLSOD45cdv45NC2qNcODZVnxe1+/e3TN5bb/7rib4FrtbnXhuO/tEhf0jheO9Xa/d/h+Z9Wk7fyceZqMeb4wej09LnhiGpyPM9Xi7L58pGFbct8WT47/wcONr/+9xTbZPE/HBHZSfxIRDwaEY8VdX88Ip6IiIMrxPjzS6vHH2mbjv/liPGm97/583/J8T9/4XR5a1xYsmKi6/RP3y+3/7Ud/yN5aqBYkt//VtGsOt1NqnynnxsAAADcTdL8N/BJOjifTtPBwbnf8O+N/6X1yanpp09Ovnd2fO638n1RScuert6iP7Q+Ua8NJzPFO1aSY1GvjRR9xWV/6eGi3/iLru15fnBssj7e5tih0+1Y5vrP/NXV7toBG2x706Uj1U2vCNAGS8fR08XZS6+HmwHcq/xfGzrXKtd/uln1ADaf5z90rmbX/6UleWMBcG/y/IfO5fqHDpX+2O4aAG3k+Q8dadU/77cnsa1xSXXlwtUtUueWJbbqQckTEWUi3RL1kdigRLvvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK3xXwAAAP//uIXZzg==") 0s ago: executing program 1 (id=371): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0xf8e77000) syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10000, &(0x7f0000001180)=ANY=[], 0x1, 0xa08, &(0x7f0000008280)="$eJzs3c1vXOW9B/DvGduJMSgJkMvlRkAm4SYY8HVs55LciMW9iT1JzPXLle1IRHdBKHGqKG5pSSsBqtQgVV0VtVKrLtod6qorJDZlU7Frd+2qi0oV/wLqKlIruToz43hsjz2O69gmfD7WzJyX33me33l9NOOZ84Qvl8WDK8YWF+uPLY5f+fUOZMwedmHs848+/rB8fHAn+9KVV4rfJL1Jqkl3kqeTntGxmenJDgXdSq4l+SwpkuxP43VTrqX4cR5bHv8sxS/Lete1b7Ml08kiX2m7ffwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeVIyODQ0NF/syPnXl9WpDUl1jdGxmusji4to5S8s0fFrv9bv4tGO9SVE+0tu71NX304eXZz+VpHo8zzTGnql3SJ7evP/oU4defbK7srT8etn8U/Zvvtjb771/682Fhfl3Hkgie9+l2tT47PT45PlLter47HT13JkzQ6cuX5ytXhyfqM1enZ2rTVZHZ2rn56Znqv2jL1aHz507Xa0NXp2+MnVpbHCitjTx7H+MDA2dqb42+H+18zOz01OnXhucHb08PjExPnWpHlPOLmPOlgfi/47PVedq5yer1Rs3F+ZPr8qpq350tUwog4Y7rUkZNNIpaGRoZGR4eGRk+INm79n3Jpx55dwrZ4eGuodWyci+VREP6KBlb3lk/d28/Rdx2KJKo/1PJjKeqVzJ69mXapu/0YxlJtP525lysbXzm5ba/xOnahvW29r+N1v57pbZR8qn43muOdq7TvvfNtOd/Lud9/J+buXNLGQh83ln1zPa2b9LqWUq45nNdMYzmfP1KdXmlGrO5UzOZChv5HKOZjbVXMx4JlLLbK5mNnOpZbJ+dM2klvOZy3RmUk1/RvNiqhnOuZzL6VRTy2CuZjpXMpVLGcv5eik3crO+3U9vkOO9oOHNBI1sELSmud9E+78yojwpdrQdYs/Z9ms4bNVis/3f1zm0f3QnEgIAAAC23b/9PgcOP/G7vyRFnq1/Ln9xfKI2tNtpAQAAANuo/nW9Z8qXnnLo2RTe/wMAAMDDpqj/xq5I0pejjaGlX0L5EAAAAAAeEvX//z+X4ujyBO//AQAA4CHT+R77HSOKgaXb/1avN16vNyMaY0XfxfGJ2uDo9MSrwzlZv8tA/ZcGa0rrSoqe+s8PXsqxRtSxvsZr33KJZZ29ZdTw4KvDeSnHmyvS/3z58nx/m8iRRuQLjcgXWiO7siLydBkJAA+74xu0x5tt/1/KQCNi4Ei9ye8+0qYNHtKyAsBecTy3m0PNLs3atP/NXnieW6/9/88N3v+XEU/kxtHGVwoG81bezkKuZyDNbxwcbVfqUm8Eja8hDHT4NKCv+ZWFP56tZGDN5wG999a1NXY+Ixlo+4lAS7lFeldsrK5t3vgAsEuOb9gOb679H+jw/n+5zd2/S2sJALS614N924FKM2qjmM4Du7yKAMAqWmkAAAAAAAAAAAAAAAAAAAAAAAAAAADYfpu6gf8fTiYLC/PJ1u7/v7WB3vvJcOOBSjaI+fvOrM7ODHQl2a3a/zv3vVS5j/fKpjOwcmCXL0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsiCLpaje9kuxPMpTk1M5n9eDc2e0Etkt1a4sVd3M37+bAdqcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBV17z/fyWN10cbk9JdSU4kuZbk/3c7x+10d7cT2DXfqD+33P+/kvRksUh3Y7en6Bkdm5meLHd/sb+c//lHH39YPjqXvbZXhbKAsoYVnUs0a2iZ0rNyqcfrS/WNzd++9Z23v1Udu1A/MC/MXZwYm7w08z/LgU8VnzS6QKgWyxOX8v3eid/+pKXQfc3KPynXtL3V9V6s1zu2tt5/bbf0OvVuws2F+ZGyprna63Pf/ebNd1tmPZFjyfP9Sf/Kmr5ePtap6djq7blS8UXxw+JAfp5r9f1fbo1isSh30cH6+j9y4+bC/OBbby9cv5fT91fkdChHk1xPejef09EU6+VTP+oqPWWtQ/Wg8ulwh/I21FLi8Drb9fH6YdN3X+tQXX8d6jps92ZGp9tm9NNvP5mT972nT3aosa3ii+LPxeX8KT9o6f+jUu7/E2l7drYpoh7ZcqS0zltxelUakfU1H2md8cbqMtc9K+95pGMEm/WjfC3/dW//V1qu/819VTYLD/561FJj+/Miuf/z4lcH17Qoy+ot0uFVLVLz6rPeMs08Dzei1snzX/Jy0n3kvq4oL3e4ojyo8/8XRX/+mjv6/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPa+IulqN72SnEhyKMnBcryaLK6OubOF+ip9xVbS3DZbyfnLp1h3RYu7uZt3c2CnMwIAAAAAAADgwbgw9vlHH39YPur/j+/Kv1eac6pJd5JDxc96Rsdmpic7FNSTXFv6l37v/eVwrXx6bHn8s3Ls6Q4L7e7XBwDgS+0fAQAA//9T8Gpj") openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): mem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10800kB pagetables:2380kB sec_pagetables:0kB all_unreclaimable? no [ 140.232885][ T6038] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 140.446769][ T6038] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 140.487245][ T6038] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 141.009196][ T6048] IPVS: sed: FWM 3 0x00000003 - no destination available [ 141.086699][ T5818] IPVS: starting estimator thread 0... [ 141.092536][ T6038] Node 0 DMA32 free:1509148kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21548kB inactive_anon:0kB active_file:4704kB inactive_file:158776kB unevictable:1536kB writepending:488kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:29652kB local_pcp:15556kB free_cma:0kB [ 141.167297][ T6038] lowmem_reserve[]: 0 0 0 0 0 [ 141.173058][ T6038] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 141.211366][ T6038] lowmem_reserve[]: 0 0 0 0 0 [ 141.236931][ T6052] IPVS: using max 26 ests per chain, 62400 per kthread [ 142.106809][ T6038] Node 1 Normal free:3897148kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18656kB local_pcp:12160kB free_cma:0kB [ 142.161262][ T6038] lowmem_reserve[]: 0 0 0 0 0 [ 142.167013][ T6038] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 142.216990][ T6038] Node 0 DMA32: 3*4kB (UE) 558*8kB (UE) 587*16kB (UME) 94*32kB (UME) 107*64kB (UME) 45*128kB (UME) 12*256kB (UME) 26*512kB (M) 23*1024kB (UM) 5*2048kB (UME) 349*4096kB (M) = 1509164kB [ 142.272210][ T6038] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 142.356696][ T6038] Node 1 Normal: 207*4kB (UME) 62*8kB (UME) 39*16kB (UME) 53*32kB (UME) 12*64kB (UME) 10*128kB (UME) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 949*4096kB (M) = 3897148kB [ 142.392605][ T6038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 142.420089][ T6038] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 142.451634][ T6038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 142.484494][ T6057] loop2: detected capacity change from 0 to 2048 [ 142.503186][ T6038] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 142.556340][ T6057] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 142.566604][ T6038] 42735 total pagecache pages [ 142.566660][ T6038] 0 pages in swap cache [ 142.566670][ T6038] Free swap = 124996kB [ 142.566679][ T6038] Total swap = 124996kB [ 142.566690][ T6038] 2097051 pages RAM [ 142.566698][ T6038] 0 pages HighMem/MovableOnly [ 142.566707][ T6038] 416927 pages reserved [ 142.566715][ T6038] 0 pages cma reserved [ 142.906717][ T789] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 143.129865][ T789] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.144498][ T789] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 143.190398][ T789] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 143.216291][ T789] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.229661][ T789] usb 1-1: config 0 descriptor?? [ 143.656704][ T6059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.689706][ T6059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.780332][ T6061] loop1: detected capacity change from 0 to 32768 [ 143.857264][ T6061] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 143.969214][ T6061] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 144.084865][ T6072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.500867][ T6072] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.626665][ T27] audit: type=1804 audit(1776044942.132:8): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.50" name="/newroot/13/file0/bus" dev="loop1" ino=17058 res=1 errno=0 [ 144.804463][ T6072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.859323][ T6072] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.342820][ T6065] loop2: detected capacity change from 0 to 32768 [ 145.543310][ T6065] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 145.556781][ T6065] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 145.583542][ T6065] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 145.633668][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 145.674185][ T789] usb 1-1: USB disconnect, device number 4 [ 146.727639][ T6085] loop1: detected capacity change from 0 to 736 [ 146.796799][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 149.141451][ T6094] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.58'. [ 149.159852][ T6094] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 149.168061][ T6094] CPU: 0 PID: 6094 Comm: syz.0.58 Not tainted syzkaller #0 [ 149.175308][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 149.185407][ T6094] Call Trace: [ 149.188738][ T6094] [ 149.191716][ T6094] dump_stack_lvl+0x18c/0x250 [ 149.196473][ T6094] ? show_regs_print_info+0x20/0x20 [ 149.201736][ T6094] ? load_image+0x420/0x420 [ 149.206332][ T6094] sysfs_warn_dup+0x8e/0xa0 [ 149.210905][ T6094] sysfs_do_create_link_sd+0xc0/0x110 [ 149.216421][ T6094] device_add_class_symlinks+0x1cf/0x240 [ 149.222115][ T6094] device_add+0x507/0xc20 [ 149.226512][ T6094] wiphy_register+0x1dad/0x2ae0 [ 149.231439][ T6094] ? cfg80211_event_work+0x40/0x40 [ 149.236685][ T6094] ? minstrel_ht_alloc+0x88a/0x990 [ 149.241880][ T6094] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 149.248015][ T6094] ieee80211_register_hw+0x3464/0x4250 [ 149.253554][ T6094] ? ieee80211_tasklet_handler+0x20/0x20 [ 149.259230][ T6094] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 149.265197][ T6094] ? __debug_object_init+0xec/0x450 [ 149.270543][ T6094] ? __asan_memset+0x22/0x40 [ 149.275202][ T6094] ? __hrtimer_init+0x186/0x270 [ 149.280107][ T6094] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 149.285937][ T6094] ? mac80211_hwsim_free+0x220/0x220 [ 149.291277][ T6094] ? rcu_is_watching+0x15/0xb0 [ 149.296106][ T6094] ? kstrndup+0xbd/0x140 [ 149.300413][ T6094] hwsim_new_radio_nl+0xdc9/0x1a90 [ 149.305581][ T6094] ? __nla_validate+0x50/0x50 [ 149.310317][ T6094] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 149.316710][ T6094] ? __nla_parse+0x40/0x50 [ 149.321193][ T6094] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 149.327662][ T6094] genl_family_rcv_msg_doit+0x211/0x310 [ 149.333286][ T6094] ? end_current_label_crit_section+0x170/0x170 [ 149.339591][ T6094] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 149.345545][ T6094] ? bpf_lsm_capable+0x9/0x10 [ 149.350271][ T6094] ? security_capable+0x89/0xb0 [ 149.355186][ T6094] genl_rcv_msg+0x619/0x7a0 [ 149.359762][ T6094] ? genl_bind+0x360/0x360 [ 149.364225][ T6094] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 149.370630][ T6094] netlink_rcv_skb+0x241/0x4d0 [ 149.375462][ T6094] ? genl_bind+0x360/0x360 [ 149.379930][ T6094] ? netlink_ack+0x1180/0x1180 [ 149.384770][ T6094] ? __lock_acquire+0x7d40/0x7d40 [ 149.389867][ T6094] ? down_read+0x1ac/0x2e0 [ 149.394343][ T6094] genl_rcv+0x28/0x40 [ 149.398375][ T6094] netlink_unicast+0x751/0x8d0 [ 149.403227][ T6094] netlink_sendmsg+0x8d0/0xbf0 [ 149.408077][ T6094] ? netlink_getsockopt+0x590/0x590 [ 149.413334][ T6094] ? aa_sock_msg_perm+0x94/0x150 [ 149.418339][ T6094] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 149.423682][ T6094] ? security_socket_sendmsg+0x80/0xa0 [ 149.429209][ T6094] ? netlink_getsockopt+0x590/0x590 [ 149.434566][ T6094] ____sys_sendmsg+0x5ba/0x960 [ 149.439390][ T6094] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 149.445099][ T6094] ? __asan_memset+0x22/0x40 [ 149.449763][ T6094] ? __sys_sendmsg_sock+0x30/0x30 [ 149.454843][ T6094] ? __import_iovec+0x5f2/0x850 [ 149.459758][ T6094] ? import_iovec+0x73/0xa0 [ 149.464325][ T6094] ___sys_sendmsg+0x2a6/0x360 [ 149.469072][ T6094] ? __sys_sendmsg+0x2a0/0x2a0 [ 149.473948][ T6094] __se_sys_sendmsg+0x1c2/0x2b0 [ 149.478853][ T6094] ? __x64_sys_sendmsg+0x80/0x80 [ 149.483863][ T6094] ? lockdep_hardirqs_on+0x98/0x150 [ 149.489111][ T6094] do_syscall_64+0x55/0xa0 [ 149.493566][ T6094] ? clear_bhb_loop+0x40/0x90 [ 149.498289][ T6094] ? clear_bhb_loop+0x40/0x90 [ 149.503020][ T6094] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 149.508970][ T6094] RIP: 0033:0x7f9268b9c819 [ 149.513434][ T6094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.533088][ T6094] RSP: 002b:00007f9269aad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.541551][ T6094] RAX: ffffffffffffffda RBX: 00007f9268e16090 RCX: 00007f9268b9c819 [ 149.549583][ T6094] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 149.557701][ T6094] RBP: 00007f9268c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 149.565751][ T6094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.573781][ T6094] R13: 00007f9268e16128 R14: 00007f9268e16090 R15: 00007ffc4b081598 [ 149.581936][ T6094] [ 151.938823][ T6098] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.56'. [ 151.963625][ T6098] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 151.971944][ T6098] CPU: 1 PID: 6098 Comm: syz.2.56 Not tainted syzkaller #0 [ 151.979194][ T6098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 151.989399][ T6098] Call Trace: [ 151.992729][ T6098] [ 151.995700][ T6098] dump_stack_lvl+0x18c/0x250 [ 152.000439][ T6098] ? show_regs_print_info+0x20/0x20 [ 152.005698][ T6098] ? load_image+0x420/0x420 [ 152.010272][ T6098] sysfs_warn_dup+0x8e/0xa0 [ 152.014828][ T6098] sysfs_do_create_link_sd+0xc0/0x110 [ 152.020344][ T6098] device_add_class_symlinks+0x1cf/0x240 [ 152.026049][ T6098] device_add+0x507/0xc20 [ 152.030448][ T6098] wiphy_register+0x1dad/0x2ae0 [ 152.035374][ T6098] ? cfg80211_event_work+0x40/0x40 [ 152.040535][ T6098] ? minstrel_ht_alloc+0x88a/0x990 [ 152.045716][ T6098] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 152.051841][ T6098] ieee80211_register_hw+0x3464/0x4250 [ 152.057379][ T6098] ? ieee80211_tasklet_handler+0x20/0x20 [ 152.063080][ T6098] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 152.069128][ T6098] ? __debug_object_init+0xec/0x450 [ 152.074386][ T6098] ? __asan_memset+0x22/0x40 [ 152.079129][ T6098] ? __hrtimer_init+0x186/0x270 [ 152.084051][ T6098] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 152.089945][ T6098] ? mac80211_hwsim_free+0x220/0x220 [ 152.095282][ T6098] ? rcu_is_watching+0x15/0xb0 [ 152.100189][ T6098] ? kstrndup+0xbd/0x140 [ 152.104507][ T6098] hwsim_new_radio_nl+0xdc9/0x1a90 [ 152.109686][ T6098] ? __nla_validate+0x50/0x50 [ 152.114474][ T6098] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 152.120872][ T6098] ? __nla_parse+0x40/0x50 [ 152.125343][ T6098] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 152.131740][ T6098] genl_family_rcv_msg_doit+0x211/0x310 [ 152.137377][ T6098] ? end_current_label_crit_section+0x170/0x170 [ 152.143691][ T6098] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 152.149683][ T6098] ? bpf_lsm_capable+0x9/0x10 [ 152.154416][ T6098] ? security_capable+0x89/0xb0 [ 152.159332][ T6098] genl_rcv_msg+0x619/0x7a0 [ 152.163895][ T6098] ? genl_bind+0x360/0x360 [ 152.168361][ T6098] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 152.174777][ T6098] netlink_rcv_skb+0x241/0x4d0 [ 152.179606][ T6098] ? genl_bind+0x360/0x360 [ 152.184083][ T6098] ? netlink_ack+0x1180/0x1180 [ 152.188950][ T6098] ? __lock_acquire+0x7d40/0x7d40 [ 152.194038][ T6098] ? down_read+0x1ac/0x2e0 [ 152.198536][ T6098] genl_rcv+0x28/0x40 [ 152.202590][ T6098] netlink_unicast+0x751/0x8d0 [ 152.207433][ T6098] netlink_sendmsg+0x8d0/0xbf0 [ 152.212270][ T6098] ? netlink_getsockopt+0x590/0x590 [ 152.217526][ T6098] ? aa_sock_msg_perm+0x94/0x150 [ 152.222520][ T6098] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 152.227868][ T6098] ? security_socket_sendmsg+0x80/0xa0 [ 152.233393][ T6098] ? netlink_getsockopt+0x590/0x590 [ 152.238668][ T6098] ____sys_sendmsg+0x5ba/0x960 [ 152.243520][ T6098] ? __asan_memset+0x22/0x40 [ 152.248174][ T6098] ? __sys_sendmsg_sock+0x30/0x30 [ 152.253251][ T6098] ? __import_iovec+0x5f2/0x850 [ 152.258163][ T6098] ? import_iovec+0x73/0xa0 [ 152.262724][ T6098] ___sys_sendmsg+0x2a6/0x360 [ 152.267463][ T6098] ? __sys_sendmsg+0x2a0/0x2a0 [ 152.272439][ T6098] __se_sys_sendmsg+0x1c2/0x2b0 [ 152.277344][ T6098] ? __x64_sys_sendmsg+0x80/0x80 [ 152.282355][ T6098] ? lockdep_hardirqs_on+0x98/0x150 [ 152.287619][ T6098] do_syscall_64+0x55/0xa0 [ 152.292081][ T6098] ? clear_bhb_loop+0x40/0x90 [ 152.296826][ T6098] ? clear_bhb_loop+0x40/0x90 [ 152.301676][ T6098] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 152.307633][ T6098] RIP: 0033:0x7f544d99c819 [ 152.312110][ T6098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.331772][ T6098] RSP: 002b:00007f544e81c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 152.340263][ T6098] RAX: ffffffffffffffda RBX: 00007f544dc16180 RCX: 00007f544d99c819 [ 152.348306][ T6098] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 152.356327][ T6098] RBP: 00007f544da32c91 R08: 0000000000000000 R09: 0000000000000000 [ 152.364443][ T6098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.372493][ T6098] R13: 00007f544dc16218 R14: 00007f544dc16180 R15: 00007ffe7ff0ff38 [ 152.380546][ T6098] [ 152.899768][ T6102] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.59'. [ 152.919632][ T6102] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 152.928912][ T6102] CPU: 1 PID: 6102 Comm: syz.1.59 Not tainted syzkaller #0 [ 152.936173][ T6102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 152.946278][ T6102] Call Trace: [ 152.949618][ T6102] [ 152.952597][ T6102] dump_stack_lvl+0x18c/0x250 [ 152.957342][ T6102] ? show_regs_print_info+0x20/0x20 [ 152.962606][ T6102] ? load_image+0x420/0x420 [ 152.967275][ T6102] sysfs_warn_dup+0x8e/0xa0 [ 152.971827][ T6102] sysfs_do_create_link_sd+0xc0/0x110 [ 152.977254][ T6102] device_add_class_symlinks+0x1cf/0x240 [ 152.982949][ T6102] device_add+0x507/0xc20 [ 152.987336][ T6102] wiphy_register+0x1dad/0x2ae0 [ 152.992261][ T6102] ? cfg80211_event_work+0x40/0x40 [ 152.997434][ T6102] ? minstrel_ht_alloc+0x88a/0x990 [ 153.002619][ T6102] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 153.008743][ T6102] ieee80211_register_hw+0x3464/0x4250 [ 153.014303][ T6102] ? ieee80211_tasklet_handler+0x20/0x20 [ 153.019984][ T6102] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 153.025933][ T6102] ? __debug_object_init+0xec/0x450 [ 153.031204][ T6102] ? __asan_memset+0x22/0x40 [ 153.035885][ T6102] ? __hrtimer_init+0x186/0x270 [ 153.040810][ T6102] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 153.046640][ T6102] ? mac80211_hwsim_free+0x220/0x220 [ 153.051971][ T6102] ? rcu_is_watching+0x15/0xb0 [ 153.056798][ T6102] ? kstrndup+0xbd/0x140 [ 153.061119][ T6102] hwsim_new_radio_nl+0xdc9/0x1a90 [ 153.066305][ T6102] ? __nla_validate+0x50/0x50 [ 153.071077][ T6102] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 153.077474][ T6102] ? __nla_parse+0x40/0x50 [ 153.081944][ T6102] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 153.088364][ T6102] genl_family_rcv_msg_doit+0x211/0x310 [ 153.093964][ T6102] ? end_current_label_crit_section+0x170/0x170 [ 153.100255][ T6102] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 153.106221][ T6102] ? bpf_lsm_capable+0x9/0x10 [ 153.110956][ T6102] ? security_capable+0x89/0xb0 [ 153.115881][ T6102] genl_rcv_msg+0x619/0x7a0 [ 153.120536][ T6102] ? genl_bind+0x360/0x360 [ 153.125085][ T6102] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 153.131476][ T6102] netlink_rcv_skb+0x241/0x4d0 [ 153.136294][ T6102] ? genl_bind+0x360/0x360 [ 153.140766][ T6102] ? netlink_ack+0x1180/0x1180 [ 153.145613][ T6102] ? __lock_acquire+0x7d40/0x7d40 [ 153.150692][ T6102] ? down_read+0x1ac/0x2e0 [ 153.155169][ T6102] genl_rcv+0x28/0x40 [ 153.159193][ T6102] netlink_unicast+0x751/0x8d0 [ 153.164119][ T6102] netlink_sendmsg+0x8d0/0xbf0 [ 153.168952][ T6102] ? netlink_getsockopt+0x590/0x590 [ 153.174212][ T6102] ? aa_sock_msg_perm+0x94/0x150 [ 153.179206][ T6102] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 153.184559][ T6102] ? security_socket_sendmsg+0x80/0xa0 [ 153.190077][ T6102] ? netlink_getsockopt+0x590/0x590 [ 153.195345][ T6102] ____sys_sendmsg+0x5ba/0x960 [ 153.200173][ T6102] ? __asan_memset+0x22/0x40 [ 153.204816][ T6102] ? __sys_sendmsg_sock+0x30/0x30 [ 153.209883][ T6102] ? __import_iovec+0x5f2/0x850 [ 153.214791][ T6102] ? import_iovec+0x73/0xa0 [ 153.219347][ T6102] ___sys_sendmsg+0x2a6/0x360 [ 153.224085][ T6102] ? __sys_sendmsg+0x2a0/0x2a0 [ 153.228966][ T6102] __se_sys_sendmsg+0x1c2/0x2b0 [ 153.233869][ T6102] ? __x64_sys_sendmsg+0x80/0x80 [ 153.238871][ T6102] ? lockdep_hardirqs_on+0x98/0x150 [ 153.244128][ T6102] do_syscall_64+0x55/0xa0 [ 153.248591][ T6102] ? clear_bhb_loop+0x40/0x90 [ 153.253316][ T6102] ? clear_bhb_loop+0x40/0x90 [ 153.258049][ T6102] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 153.264002][ T6102] RIP: 0033:0x7fb50639c819 [ 153.268457][ T6102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 153.288114][ T6102] RSP: 002b:00007fb5045d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.296579][ T6102] RAX: ffffffffffffffda RBX: 00007fb506616180 RCX: 00007fb50639c819 [ 153.304681][ T6102] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 153.312692][ T6102] RBP: 00007fb506432c91 R08: 0000000000000000 R09: 0000000000000000 [ 153.320708][ T6102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 153.328725][ T6102] R13: 00007fb506616218 R14: 00007fb506616180 R15: 00007ffe0e2fafd8 [ 153.336772][ T6102] [ 156.110918][ T6110] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.60'. [ 156.130407][ T6110] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 156.139152][ T6110] CPU: 0 PID: 6110 Comm: syz.3.60 Not tainted syzkaller #0 [ 156.146409][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 156.156511][ T6110] Call Trace: [ 156.159831][ T6110] [ 156.162801][ T6110] dump_stack_lvl+0x18c/0x250 [ 156.167548][ T6110] ? show_regs_print_info+0x20/0x20 [ 156.172816][ T6110] ? load_image+0x420/0x420 [ 156.177410][ T6110] sysfs_warn_dup+0x8e/0xa0 [ 156.181967][ T6110] sysfs_do_create_link_sd+0xc0/0x110 [ 156.187401][ T6110] device_add_class_symlinks+0x1cf/0x240 [ 156.193113][ T6110] device_add+0x507/0xc20 [ 156.197539][ T6110] wiphy_register+0x1dad/0x2ae0 [ 156.202469][ T6110] ? cfg80211_event_work+0x40/0x40 [ 156.207640][ T6110] ? minstrel_ht_alloc+0x88a/0x990 [ 156.212823][ T6110] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 156.218951][ T6110] ieee80211_register_hw+0x3464/0x4250 [ 156.224574][ T6110] ? ieee80211_tasklet_handler+0x20/0x20 [ 156.230277][ T6110] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 156.236256][ T6110] ? __debug_object_init+0xec/0x450 [ 156.241529][ T6110] ? __asan_memset+0x22/0x40 [ 156.246175][ T6110] ? __hrtimer_init+0x186/0x270 [ 156.251088][ T6110] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 156.256892][ T6110] ? mac80211_hwsim_free+0x220/0x220 [ 156.262242][ T6110] ? rcu_is_watching+0x15/0xb0 [ 156.267071][ T6110] ? kstrndup+0xbd/0x140 [ 156.271383][ T6110] hwsim_new_radio_nl+0xdc9/0x1a90 [ 156.276547][ T6110] ? __nla_validate+0x50/0x50 [ 156.281381][ T6110] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 156.287775][ T6110] ? __nla_parse+0x40/0x50 [ 156.292243][ T6110] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 156.298718][ T6110] genl_family_rcv_msg_doit+0x211/0x310 [ 156.304313][ T6110] ? end_current_label_crit_section+0x170/0x170 [ 156.310613][ T6110] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 156.316558][ T6110] ? bpf_lsm_capable+0x9/0x10 [ 156.321320][ T6110] ? security_capable+0x89/0xb0 [ 156.326246][ T6110] genl_rcv_msg+0x619/0x7a0 [ 156.330813][ T6110] ? genl_bind+0x360/0x360 [ 156.335301][ T6110] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 156.341701][ T6110] netlink_rcv_skb+0x241/0x4d0 [ 156.346531][ T6110] ? genl_bind+0x360/0x360 [ 156.351028][ T6110] ? netlink_ack+0x1180/0x1180 [ 156.355893][ T6110] ? __lock_acquire+0x7d40/0x7d40 [ 156.361001][ T6110] ? down_read+0x1ac/0x2e0 [ 156.365491][ T6110] genl_rcv+0x28/0x40 [ 156.369524][ T6110] netlink_unicast+0x751/0x8d0 [ 156.374356][ T6110] netlink_sendmsg+0x8d0/0xbf0 [ 156.379190][ T6110] ? netlink_getsockopt+0x590/0x590 [ 156.384482][ T6110] ? aa_sock_msg_perm+0x94/0x150 [ 156.389521][ T6110] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 156.394863][ T6110] ? security_socket_sendmsg+0x80/0xa0 [ 156.400380][ T6110] ? netlink_getsockopt+0x590/0x590 [ 156.405664][ T6110] ____sys_sendmsg+0x5ba/0x960 [ 156.410498][ T6110] ? __asan_memset+0x22/0x40 [ 156.415149][ T6110] ? __sys_sendmsg_sock+0x30/0x30 [ 156.420258][ T6110] ? __import_iovec+0x5f2/0x850 [ 156.425166][ T6110] ? import_iovec+0x73/0xa0 [ 156.429725][ T6110] ___sys_sendmsg+0x2a6/0x360 [ 156.434462][ T6110] ? __sys_sendmsg+0x2a0/0x2a0 [ 156.439338][ T6110] __se_sys_sendmsg+0x1c2/0x2b0 [ 156.444251][ T6110] ? __x64_sys_sendmsg+0x80/0x80 [ 156.449278][ T6110] ? lockdep_hardirqs_on+0x98/0x150 [ 156.454541][ T6110] do_syscall_64+0x55/0xa0 [ 156.459000][ T6110] ? clear_bhb_loop+0x40/0x90 [ 156.463753][ T6110] ? clear_bhb_loop+0x40/0x90 [ 156.468493][ T6110] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 156.474439][ T6110] RIP: 0033:0x7f2ab4d9c819 [ 156.478905][ T6110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.498577][ T6110] RSP: 002b:00007f2ab23cf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 156.507065][ T6110] RAX: ffffffffffffffda RBX: 00007f2ab5016450 RCX: 00007f2ab4d9c819 [ 156.515110][ T6110] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 156.523125][ T6110] RBP: 00007f2ab4e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 156.531150][ T6110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.539174][ T6110] R13: 00007f2ab50164e8 R14: 00007f2ab5016450 R15: 00007fff234a7d48 [ 156.547221][ T6110] [ 160.076951][ T5836] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 160.268724][ T5836] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 160.279168][ T5836] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 160.299712][ T5836] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 160.326576][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.341121][ T6117] loop0: detected capacity change from 0 to 32768 [ 160.362235][ T5836] usb 3-1: config 0 descriptor?? [ 160.402086][ T6117] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 160.462208][ T6117] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 160.528723][ T6123] loop3: detected capacity change from 0 to 32768 [ 160.566689][ T27] audit: type=1804 audit(1776044958.172:9): pid=6117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.64" name="/newroot/15/file0/bus" dev="loop0" ino=17058 res=1 errno=0 [ 160.747309][ T6123] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 160.804388][ T6121] loop1: detected capacity change from 0 to 32768 [ 160.827058][ T6123] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 160.880729][ T6121] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 160.891250][ T6121] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 160.912528][ T6123] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 160.987418][ T6121] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 161.208150][ T6132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 161.266935][ T6132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 161.339266][ T27] audit: type=1804 audit(1776044958.942:10): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.67" name="/newroot/15/file0/bus" dev="loop3" ino=17058 res=1 errno=0 [ 161.609609][ T27] audit: type=1804 audit(1776044959.222:11): pid=6121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.66" name="/newroot/17/file0/bus" dev="loop1" ino=17058 res=1 errno=0 [ 162.389996][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 162.565998][ T6132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.578242][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 162.590631][ T5778] ocfs2: Unmounting device (7,3) on (node local) [ 162.666815][ T6132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.709742][ T6132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.748773][ T6132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.268635][ T23] usb 3-1: USB disconnect, device number 4 [ 163.546236][ T6140] loop1: detected capacity change from 0 to 32768 [ 163.587866][ T6140] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 163.641558][ T6140] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 163.642371][ T6144] loop3: detected capacity change from 0 to 32768 [ 163.693500][ T6144] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 163.750938][ T6144] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 163.820376][ T6144] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 164.727993][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 164.914245][ T5778] ocfs2: Unmounting device (7,3) on (node local) [ 164.926720][ T5854] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 165.363180][ T5854] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.041553][ T5854] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 166.055268][ T5854] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 166.065491][ T5854] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.089596][ T5854] usb 3-1: config 0 descriptor?? [ 166.547430][ T6157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.557086][ T6157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.432523][ T5818] IPVS: starting estimator thread 0... [ 167.452863][ T6157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.478110][ T6157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.499274][ T6157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.518182][ T6175] IPVS: sed: FWM 3 0x00000003 - no destination available [ 167.525868][ T6157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.554619][ T5818] usb 3-1: USB disconnect, device number 5 [ 167.576864][ T6178] IPVS: using max 27 ests per chain, 64800 per kthread [ 167.890396][ T6170] loop1: detected capacity change from 0 to 32768 [ 167.935418][ T6170] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 167.969525][ T6170] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 168.187142][ T27] audit: type=1804 audit(1776044965.802:12): pid=6186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.75" name="/newroot/20/file0/bus" dev="loop1" ino=17058 res=1 errno=0 [ 168.991105][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 169.227030][ T6187] loop3: detected capacity change from 0 to 32768 [ 169.398657][ T6187] find_entry called with index >= next_index [ 169.442026][ T6187] find_entry called with index >= next_index [ 169.536101][ T6187] find_entry called with index >= next_index [ 169.612309][ T6187] find_entry called with index >= next_index [ 169.721366][ T6187] find_entry called with index >= next_index [ 169.895226][ T6187] add_index: next_index = 0. Resetting! [ 170.041989][ T6187] find_entry called with index >= next_index [ 170.061468][ T6187] find_entry called with index >= next_index [ 170.089271][ T6187] find_entry called with index >= next_index [ 170.304310][ T6197] fuse: Unknown parameter '°fd' [ 170.596556][ T5818] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 170.672192][ T6201] loop0: detected capacity change from 0 to 32768 [ 170.700514][ T6201] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 170.714365][ T6201] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 170.993200][ T5818] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 171.003682][ T5818] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 171.013251][ T5818] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 171.022759][ T5818] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.037357][ T5818] usb 2-1: config 0 descriptor?? [ 171.618881][ T6199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.651911][ T6199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 171.750900][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 171.825922][ T6211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.847517][ T6211] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 171.917963][ T6211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.956069][ T6211] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.219460][ T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 172.279715][ T789] usb 2-1: USB disconnect, device number 4 [ 172.376705][ T2192] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 172.428649][ T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.453776][ T23] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 172.470382][ T23] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 172.485816][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.503644][ T23] usb 3-1: config 0 descriptor?? [ 172.598533][ T2192] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.609005][ T2192] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 172.625438][ T2192] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 172.634976][ T2192] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.643567][ T2192] usb 1-1: Product: syz [ 172.648104][ T2192] usb 1-1: Manufacturer: syz [ 172.652759][ T2192] usb 1-1: SerialNumber: syz [ 172.660566][ T2192] usb 1-1: config 0 descriptor?? [ 172.824111][ T6216] loop3: detected capacity change from 0 to 32768 [ 172.913960][ T6216] find_entry called with index >= next_index [ 172.927795][ T6210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.958470][ T6216] find_entry called with index >= next_index [ 172.968440][ T6210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.035645][ T6216] find_entry called with index >= next_index [ 173.119011][ T6216] find_entry called with index >= next_index [ 173.218115][ T6216] find_entry called with index >= next_index [ 173.418702][ T6216] add_index: next_index = 0. Resetting! [ 173.480621][ T6217] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.86'. [ 173.500492][ T6217] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 173.508720][ T6217] CPU: 1 PID: 6217 Comm: syz.0.86 Not tainted syzkaller #0 [ 173.515966][ T6217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 173.526067][ T6217] Call Trace: [ 173.529412][ T6217] [ 173.532392][ T6217] dump_stack_lvl+0x18c/0x250 [ 173.537137][ T6217] ? show_regs_print_info+0x20/0x20 [ 173.542393][ T6217] ? load_image+0x420/0x420 [ 173.546976][ T6217] sysfs_warn_dup+0x8e/0xa0 [ 173.551545][ T6217] sysfs_do_create_link_sd+0xc0/0x110 [ 173.557073][ T6217] device_add_class_symlinks+0x1cf/0x240 [ 173.562771][ T6217] device_add+0x507/0xc20 [ 173.567171][ T6217] wiphy_register+0x1dad/0x2ae0 [ 173.572093][ T6217] ? cfg80211_event_work+0x40/0x40 [ 173.577286][ T6217] ? minstrel_ht_alloc+0x88a/0x990 [ 173.582570][ T6217] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 173.588701][ T6217] ieee80211_register_hw+0x3464/0x4250 [ 173.594250][ T6217] ? ieee80211_tasklet_handler+0x20/0x20 [ 173.599930][ T6217] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 173.605911][ T6217] ? __debug_object_init+0xec/0x450 [ 173.611178][ T6217] ? __asan_memset+0x22/0x40 [ 173.615830][ T6217] ? __hrtimer_init+0x186/0x270 [ 173.620737][ T6217] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 173.626546][ T6217] ? mac80211_hwsim_free+0x220/0x220 [ 173.631897][ T6217] ? rcu_is_watching+0x15/0xb0 [ 173.636725][ T6217] ? kstrndup+0xbd/0x140 [ 173.641151][ T6217] hwsim_new_radio_nl+0xdc9/0x1a90 [ 173.646338][ T6217] ? __nla_validate+0x50/0x50 [ 173.651090][ T6217] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 173.657486][ T6217] ? __nla_parse+0x40/0x50 [ 173.661959][ T6217] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 173.668355][ T6217] genl_family_rcv_msg_doit+0x211/0x310 [ 173.673955][ T6217] ? end_current_label_crit_section+0x170/0x170 [ 173.680266][ T6217] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 173.686268][ T6217] ? bpf_lsm_capable+0x9/0x10 [ 173.691017][ T6217] ? security_capable+0x89/0xb0 [ 173.695936][ T6217] genl_rcv_msg+0x619/0x7a0 [ 173.700588][ T6217] ? genl_bind+0x360/0x360 [ 173.705050][ T6217] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 173.711444][ T6217] netlink_rcv_skb+0x241/0x4d0 [ 173.716271][ T6217] ? genl_bind+0x360/0x360 [ 173.720748][ T6217] ? netlink_ack+0x1180/0x1180 [ 173.725609][ T6217] ? __lock_acquire+0x7d40/0x7d40 [ 173.730794][ T6217] ? down_read+0x1ac/0x2e0 [ 173.735272][ T6217] genl_rcv+0x28/0x40 [ 173.739324][ T6217] netlink_unicast+0x751/0x8d0 [ 173.744176][ T6217] netlink_sendmsg+0x8d0/0xbf0 [ 173.749035][ T6217] ? netlink_getsockopt+0x590/0x590 [ 173.754304][ T6217] ? aa_sock_msg_perm+0x94/0x150 [ 173.759303][ T6217] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 173.764638][ T6217] ? security_socket_sendmsg+0x80/0xa0 [ 173.770160][ T6217] ? netlink_getsockopt+0x590/0x590 [ 173.775424][ T6217] ____sys_sendmsg+0x5ba/0x960 [ 173.780255][ T6217] ? __asan_memset+0x22/0x40 [ 173.784917][ T6217] ? __sys_sendmsg_sock+0x30/0x30 [ 173.789993][ T6217] ? __import_iovec+0x5f2/0x850 [ 173.794902][ T6217] ? import_iovec+0x73/0xa0 [ 173.799456][ T6217] ___sys_sendmsg+0x2a6/0x360 [ 173.804210][ T6217] ? __sys_sendmsg+0x2a0/0x2a0 [ 173.809053][ T6217] ? debug_mutex_init+0x38/0x70 [ 173.814002][ T6217] __se_sys_sendmsg+0x1c2/0x2b0 [ 173.818908][ T6217] ? __x64_sys_sendmsg+0x80/0x80 [ 173.823914][ T6217] ? lockdep_hardirqs_on+0x98/0x150 [ 173.829183][ T6217] do_syscall_64+0x55/0xa0 [ 173.833642][ T6217] ? clear_bhb_loop+0x40/0x90 [ 173.838366][ T6217] ? clear_bhb_loop+0x40/0x90 [ 173.843095][ T6217] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 173.849033][ T6217] RIP: 0033:0x7f9268b9c819 [ 173.853519][ T6217] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.873172][ T6217] RSP: 002b:00007f9269aad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 173.881639][ T6217] RAX: ffffffffffffffda RBX: 00007f9268e16090 RCX: 00007f9268b9c819 [ 173.889751][ T6217] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 173.897786][ T6217] RBP: 00007f9268c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 173.905807][ T6217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.913842][ T6217] R13: 00007f9268e16128 R14: 00007f9268e16090 R15: 00007ffc4b081598 [ 173.921875][ T6217] [ 173.925038][ C1] vkms_vblank_simulate: vblank timer overrun [ 173.969942][ T6216] find_entry called with index >= next_index [ 174.083697][ T6216] find_entry called with index >= next_index [ 174.099251][ T6220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.171758][ T6216] find_entry called with index >= next_index [ 174.291974][ T6220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.940309][ T6210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.079045][ T6210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.629834][ T789] usb 3-1: USB disconnect, device number 6 [ 177.372232][ T6226] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.91'. [ 177.407877][ T6226] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 177.416007][ T6226] CPU: 0 PID: 6226 Comm: syz.1.91 Not tainted syzkaller #0 [ 177.423255][ T6226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 177.433358][ T6226] Call Trace: [ 177.436687][ T6226] [ 177.439669][ T6226] dump_stack_lvl+0x18c/0x250 [ 177.444409][ T6226] ? show_regs_print_info+0x20/0x20 [ 177.449664][ T6226] ? load_image+0x420/0x420 [ 177.454349][ T6226] sysfs_warn_dup+0x8e/0xa0 [ 177.458915][ T6226] sysfs_do_create_link_sd+0xc0/0x110 [ 177.464352][ T6226] device_add_class_symlinks+0x1cf/0x240 [ 177.470053][ T6226] device_add+0x507/0xc20 [ 177.474445][ T6226] wiphy_register+0x1dad/0x2ae0 [ 177.479459][ T6226] ? cfg80211_event_work+0x40/0x40 [ 177.484637][ T6226] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 177.490836][ T6226] ieee80211_register_hw+0x3464/0x4250 [ 177.496376][ T6226] ? ieee80211_tasklet_handler+0x20/0x20 [ 177.502058][ T6226] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 177.508018][ T6226] ? __debug_object_init+0xec/0x450 [ 177.513277][ T6226] ? __asan_memset+0x22/0x40 [ 177.517927][ T6226] ? __hrtimer_init+0x186/0x270 [ 177.522835][ T6226] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 177.528634][ T6226] ? mac80211_hwsim_free+0x220/0x220 [ 177.533986][ T6226] ? rcu_is_watching+0x15/0xb0 [ 177.538815][ T6226] ? kstrndup+0xbd/0x140 [ 177.543118][ T6226] hwsim_new_radio_nl+0xdc9/0x1a90 [ 177.548290][ T6226] ? __nla_validate+0x50/0x50 [ 177.553030][ T6226] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 177.559420][ T6226] ? __nla_parse+0x40/0x50 [ 177.563885][ T6226] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 177.570290][ T6226] genl_family_rcv_msg_doit+0x211/0x310 [ 177.575902][ T6226] ? end_current_label_crit_section+0x170/0x170 [ 177.582203][ T6226] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 177.588162][ T6226] ? bpf_lsm_capable+0x9/0x10 [ 177.592899][ T6226] ? security_capable+0x89/0xb0 [ 177.597830][ T6226] genl_rcv_msg+0x619/0x7a0 [ 177.602389][ T6226] ? genl_bind+0x360/0x360 [ 177.606858][ T6226] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 177.613265][ T6226] netlink_rcv_skb+0x241/0x4d0 [ 177.618141][ T6226] ? genl_bind+0x360/0x360 [ 177.622615][ T6226] ? netlink_ack+0x1180/0x1180 [ 177.627457][ T6226] ? __lock_acquire+0x7d40/0x7d40 [ 177.632551][ T6226] ? down_read+0x1ac/0x2e0 [ 177.637018][ T6226] genl_rcv+0x28/0x40 [ 177.641067][ T6226] netlink_unicast+0x751/0x8d0 [ 177.645901][ T6226] netlink_sendmsg+0x8d0/0xbf0 [ 177.650750][ T6226] ? netlink_getsockopt+0x590/0x590 [ 177.656012][ T6226] ? aa_sock_msg_perm+0x94/0x150 [ 177.661006][ T6226] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 177.666338][ T6226] ? security_socket_sendmsg+0x80/0xa0 [ 177.671845][ T6226] ? netlink_getsockopt+0x590/0x590 [ 177.677108][ T6226] ____sys_sendmsg+0x5ba/0x960 [ 177.681937][ T6226] ? __asan_memset+0x22/0x40 [ 177.686584][ T6226] ? __sys_sendmsg_sock+0x30/0x30 [ 177.691662][ T6226] ? __import_iovec+0x5f2/0x850 [ 177.696577][ T6226] ? import_iovec+0x73/0xa0 [ 177.701135][ T6226] ___sys_sendmsg+0x2a6/0x360 [ 177.705871][ T6226] ? __sys_sendmsg+0x2a0/0x2a0 [ 177.710753][ T6226] __se_sys_sendmsg+0x1c2/0x2b0 [ 177.715659][ T6226] ? __x64_sys_sendmsg+0x80/0x80 [ 177.720665][ T6226] ? lockdep_hardirqs_on+0x98/0x150 [ 177.725924][ T6226] do_syscall_64+0x55/0xa0 [ 177.730383][ T6226] ? clear_bhb_loop+0x40/0x90 [ 177.735110][ T6226] ? clear_bhb_loop+0x40/0x90 [ 177.739841][ T6226] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 177.745798][ T6226] RIP: 0033:0x7fb50639c819 [ 177.750264][ T6226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.769919][ T6226] RSP: 002b:00007fb5045d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.778398][ T6226] RAX: ffffffffffffffda RBX: 00007fb506616180 RCX: 00007fb50639c819 [ 177.786423][ T6226] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 177.794525][ T6226] RBP: 00007fb506432c91 R08: 0000000000000000 R09: 0000000000000000 [ 177.802585][ T6226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.810593][ T6226] R13: 00007fb506616218 R14: 00007fb506616180 R15: 00007ffe0e2fafd8 [ 177.818636][ T6226] [ 178.406684][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 180.033139][ T5818] usb 1-1: USB disconnect, device number 5 [ 180.116260][ T5854] IPVS: starting estimator thread 0... [ 180.128542][ T6231] IPVS: sed: FWM 3 0x00000003 - no destination available [ 180.216789][ T6232] IPVS: using max 27 ests per chain, 64800 per kthread [ 180.616470][ T6237] fuse: Unknown parameter '°fd' [ 181.129562][ T6235] loop0: detected capacity change from 0 to 32768 [ 181.145103][ T6235] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 181.205073][ T6235] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 181.246631][ T23] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 181.421248][ T27] audit: type=1804 audit(1776044979.032:13): pid=6235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.94" name="/newroot/21/file0/bus" dev="loop0" ino=17058 res=1 errno=0 [ 181.438436][ T23] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.684610][ T23] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 182.222384][ T23] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 182.231761][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.233812][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 182.242011][ T23] usb 2-1: Product: syz [ 182.250908][ T23] usb 2-1: Manufacturer: syz [ 182.255627][ T23] usb 2-1: SerialNumber: syz [ 182.274080][ T23] usb 2-1: config 0 descriptor?? [ 183.652058][ T6249] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.96'. [ 183.670208][ T6249] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 183.678270][ T6249] CPU: 1 PID: 6249 Comm: syz.1.96 Not tainted syzkaller #0 [ 183.685508][ T6249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 183.695612][ T6249] Call Trace: [ 183.698941][ T6249] [ 183.701965][ T6249] dump_stack_lvl+0x18c/0x250 [ 183.706735][ T6249] ? show_regs_print_info+0x20/0x20 [ 183.711992][ T6249] ? load_image+0x420/0x420 [ 183.716561][ T6249] sysfs_warn_dup+0x8e/0xa0 [ 183.721109][ T6249] sysfs_do_create_link_sd+0xc0/0x110 [ 183.726558][ T6249] device_add_class_symlinks+0x1cf/0x240 [ 183.732252][ T6249] device_add+0x507/0xc20 [ 183.736657][ T6249] wiphy_register+0x1dad/0x2ae0 [ 183.741585][ T6249] ? cfg80211_event_work+0x40/0x40 [ 183.746756][ T6249] ? minstrel_ht_alloc+0x88a/0x990 [ 183.751935][ T6249] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 183.758059][ T6249] ieee80211_register_hw+0x3464/0x4250 [ 183.763587][ T6249] ? ieee80211_tasklet_handler+0x20/0x20 [ 183.769271][ T6249] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 183.775230][ T6249] ? __debug_object_init+0xec/0x450 [ 183.780493][ T6249] ? __asan_memset+0x22/0x40 [ 183.785145][ T6249] ? __hrtimer_init+0x186/0x270 [ 183.790056][ T6249] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 183.795856][ T6249] ? mac80211_hwsim_free+0x220/0x220 [ 183.801203][ T6249] ? rcu_is_watching+0x15/0xb0 [ 183.806022][ T6249] ? kstrndup+0xbd/0x140 [ 183.810328][ T6249] hwsim_new_radio_nl+0xdc9/0x1a90 [ 183.815494][ T6249] ? __nla_validate+0x50/0x50 [ 183.820243][ T6249] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 183.826676][ T6249] ? __nla_parse+0x40/0x50 [ 183.831148][ T6249] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 183.837660][ T6249] genl_family_rcv_msg_doit+0x211/0x310 [ 183.843273][ T6249] ? end_current_label_crit_section+0x170/0x170 [ 183.849563][ T6249] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 183.855506][ T6249] ? bpf_lsm_capable+0x9/0x10 [ 183.860236][ T6249] ? security_capable+0x89/0xb0 [ 183.865147][ T6249] genl_rcv_msg+0x619/0x7a0 [ 183.869702][ T6249] ? genl_bind+0x360/0x360 [ 183.874165][ T6249] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 183.880557][ T6249] netlink_rcv_skb+0x241/0x4d0 [ 183.885380][ T6249] ? genl_bind+0x360/0x360 [ 183.889847][ T6249] ? netlink_ack+0x1180/0x1180 [ 183.894697][ T6249] ? __lock_acquire+0x7d40/0x7d40 [ 183.899783][ T6249] ? down_read+0x1ac/0x2e0 [ 183.904262][ T6249] genl_rcv+0x28/0x40 [ 183.908287][ T6249] netlink_unicast+0x751/0x8d0 [ 183.913126][ T6249] netlink_sendmsg+0x8d0/0xbf0 [ 183.917961][ T6249] ? netlink_getsockopt+0x590/0x590 [ 183.923251][ T6249] ? aa_sock_msg_perm+0x94/0x150 [ 183.928245][ T6249] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 183.933577][ T6249] ? security_socket_sendmsg+0x80/0xa0 [ 183.939091][ T6249] ? netlink_getsockopt+0x590/0x590 [ 183.944356][ T6249] ____sys_sendmsg+0x5ba/0x960 [ 183.949179][ T6249] ? __asan_memset+0x22/0x40 [ 183.953827][ T6249] ? __sys_sendmsg_sock+0x30/0x30 [ 183.958952][ T6249] ? __import_iovec+0x5f2/0x850 [ 183.963900][ T6249] ? import_iovec+0x73/0xa0 [ 183.968455][ T6249] ___sys_sendmsg+0x2a6/0x360 [ 183.973190][ T6249] ? __sys_sendmsg+0x2a0/0x2a0 [ 183.978029][ T6249] ? debug_mutex_init+0x38/0x70 [ 183.982959][ T6249] __se_sys_sendmsg+0x1c2/0x2b0 [ 183.987890][ T6249] ? __x64_sys_sendmsg+0x80/0x80 [ 183.992889][ T6249] ? lockdep_hardirqs_on+0x98/0x150 [ 183.998139][ T6249] do_syscall_64+0x55/0xa0 [ 184.002600][ T6249] ? clear_bhb_loop+0x40/0x90 [ 184.007330][ T6249] ? clear_bhb_loop+0x40/0x90 [ 184.012068][ T6249] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.018099][ T6249] RIP: 0033:0x7fb50639c819 [ 184.022577][ T6249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 184.042263][ T6249] RSP: 002b:00007fb5045f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.050758][ T6249] RAX: ffffffffffffffda RBX: 00007fb506616090 RCX: 00007fb50639c819 [ 184.058806][ T6249] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 184.066830][ T6249] RBP: 00007fb506432c91 R08: 0000000000000000 R09: 0000000000000000 [ 184.074871][ T6249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.082890][ T6249] R13: 00007fb506616128 R14: 00007fb506616090 R15: 00007ffe0e2fafd8 [ 184.090931][ T6249] [ 184.836992][ T6254] loop0: detected capacity change from 0 to 8 [ 187.719218][ T789] usb 2-1: USB disconnect, device number 5 [ 187.816703][ T6263] netlink: 48 bytes leftover after parsing attributes in process `syz.3.101'. [ 188.916587][ T5854] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 188.966598][ T789] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 188.999789][ T6273] loop3: detected capacity change from 0 to 32768 [ 189.024980][ T6273] find_entry called with index >= next_index [ 189.035859][ T6273] find_entry called with index >= next_index [ 189.042855][ T6273] find_entry called with index >= next_index [ 189.051060][ T6270] loop0: detected capacity change from 0 to 32768 [ 189.059726][ T6273] find_entry called with index >= next_index [ 189.065974][ T6273] find_entry called with index >= next_index [ 189.075996][ T6273] add_index: next_index = 0. Resetting! [ 189.077101][ T5854] usb 3-1: device descriptor read/64, error -71 [ 189.089625][ T6273] find_entry called with index >= next_index [ 189.095877][ T6273] find_entry called with index >= next_index [ 189.107270][ T6273] find_entry called with index >= next_index [ 189.128493][ T6270] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 189.151270][ T6270] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 189.191108][ T789] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.232325][ T789] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 189.276706][ T789] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 189.320754][ T789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.371575][ T789] usb 2-1: Product: syz [ 189.375824][ T789] usb 2-1: Manufacturer: syz [ 189.416154][ T789] usb 2-1: SerialNumber: syz [ 189.463852][ T789] usb 2-1: config 0 descriptor?? [ 190.085401][ T5854] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 190.546583][ T5854] usb 3-1: device descriptor read/64, error -71 [ 190.622876][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 190.672805][ T5854] usb usb3-port1: attempt power cycle [ 191.306888][ T5854] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 191.889635][ T5854] usb 3-1: device descriptor read/8, error -71 [ 192.140971][ T6295] FAULT_INJECTION: forcing a failure. [ 192.140971][ T6295] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 192.166220][ T789] usb 2-1: USB disconnect, device number 6 [ 192.203511][ T6295] CPU: 1 PID: 6295 Comm: syz.3.108 Not tainted syzkaller #0 [ 192.210971][ T6295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 192.221074][ T6295] Call Trace: [ 192.224413][ T6295] [ 192.227389][ T6295] dump_stack_lvl+0x18c/0x250 [ 192.232159][ T6295] ? show_regs_print_info+0x20/0x20 [ 192.237412][ T6295] ? load_image+0x420/0x420 [ 192.241972][ T6295] ? __lock_acquire+0x7d40/0x7d40 [ 192.247109][ T6295] ? snprintf+0xe9/0x140 [ 192.251421][ T6295] should_fail_ex+0x39d/0x4d0 [ 192.256167][ T6295] _copy_to_user+0x2f/0xa0 [ 192.260668][ T6295] simple_read_from_buffer+0xe7/0x150 [ 192.266104][ T6295] proc_fail_nth_read+0x1e8/0x260 [ 192.271210][ T6295] ? proc_fault_inject_write+0x360/0x360 [ 192.276904][ T6295] ? fsnotify_perm+0x271/0x5e0 [ 192.281731][ T6295] ? proc_fault_inject_write+0x360/0x360 [ 192.287418][ T6295] vfs_read+0x28b/0x970 [ 192.291631][ T6295] ? kernel_read+0x1e0/0x1e0 [ 192.296277][ T6295] ? __fget_files+0x28/0x4b0 [ 192.300939][ T6295] ? __fget_files+0x28/0x4b0 [ 192.305575][ T6295] ? __fget_files+0x43d/0x4b0 [ 192.310310][ T6295] ? __fdget_pos+0x2a3/0x330 [ 192.314968][ T6295] ? ksys_read+0x75/0x260 [ 192.319350][ T6295] ksys_read+0x150/0x260 [ 192.323651][ T6295] ? vfs_write+0x990/0x990 [ 192.328126][ T6295] ? lockdep_hardirqs_on+0x98/0x150 [ 192.333371][ T6295] do_syscall_64+0x55/0xa0 [ 192.337832][ T6295] ? clear_bhb_loop+0x40/0x90 [ 192.342568][ T6295] ? clear_bhb_loop+0x40/0x90 [ 192.347290][ T6295] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 192.353230][ T6295] RIP: 0033:0x7f2ab4d5d04e [ 192.357697][ T6295] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 192.377350][ T6295] RSP: 002b:00007f2ab5bd5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 192.385819][ T6295] RAX: ffffffffffffffda RBX: 00007f2ab5bd66c0 RCX: 00007f2ab4d5d04e [ 192.393844][ T6295] RDX: 000000000000000f RSI: 00007f2ab5bd60a0 RDI: 0000000000000003 [ 192.401953][ T6295] RBP: 00007f2ab5bd6090 R08: 0000000000000000 R09: 0000000000000000 [ 192.409981][ T6295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.417995][ T6295] R13: 00007f2ab5016038 R14: 00007f2ab5015fa0 R15: 00007fff234a7d48 [ 192.426026][ T6295] [ 194.143076][ T6313] netlink: 48 bytes leftover after parsing attributes in process `syz.3.112'. [ 194.531243][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.537838][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.583435][ T6315] fuse: Unknown parameter '°fd' [ 194.853964][ T6301] loop0: detected capacity change from 0 to 32768 [ 194.937802][ T6301] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 195.010596][ T6301] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 195.188089][ T27] audit: type=1804 audit(1776044992.802:14): pid=6301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.106" name="/newroot/24/file0/bus" dev="loop0" ino=17058 res=1 errno=0 [ 195.279385][ T6322] syz.2.115: attempt to access beyond end of device [ 195.279385][ T6322] loop2: rw=0, sector=1, nr_sectors = 1 limit=0 [ 195.347854][ T6322] qnx4: unable to read the superblock [ 195.697007][ T789] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 195.782342][ T6325] syz.0.106 (6325) used greatest stack depth: 19248 bytes left [ 196.018107][ T789] usb 3-1: unable to get BOS descriptor or descriptor too short [ 196.053841][ T789] usb 3-1: not running at top speed; connect to a high speed hub [ 196.079224][ T6320] loop3: detected capacity change from 0 to 32768 [ 196.093700][ T789] usb 3-1: config 1 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 196.130984][ T789] usb 3-1: config 1 interface 0 has no altsetting 0 [ 196.181223][ T6320] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 196.212263][ T789] usb 3-1: string descriptor 0 read error: -22 [ 196.220140][ T789] usb 3-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.40 [ 196.231252][ T789] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.252380][ T6323] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 196.267483][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 196.316837][ T6320] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 196.367497][ T6320] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 196.704255][ T6322] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 196.816935][ T5854] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 197.320713][ T789] aureal 0003:0755:2626.0001: invalid report_size -1149171161 [ 197.328661][ T789] aureal 0003:0755:2626.0001: item 0 4 1 7 parsing failed [ 197.391190][ T789] aureal: probe of 0003:0755:2626.0001 failed with error -22 [ 197.665414][ T5778] ocfs2: Unmounting device (7,3) on (node local) [ 197.837487][ T5854] usb 2-1: device descriptor read/64, error -71 [ 197.870431][ T789] usb 3-1: USB disconnect, device number 11 [ 200.046548][ T5854] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 200.046597][ T2192] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 200.309101][ T2192] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 200.337839][ T6349] netlink: 48 bytes leftover after parsing attributes in process `syz.2.122'. [ 201.238738][ T2192] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 201.316545][ T2192] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.324622][ T2192] usb 4-1: Product: syz [ 201.353536][ T2192] usb 4-1: config 0 descriptor?? [ 201.398516][ T2192] usb 4-1: can't set config #0, error -71 [ 201.505052][ T2192] usb 4-1: USB disconnect, device number 5 [ 202.453457][ T6358] loop2: detected capacity change from 0 to 7 [ 202.526012][ T5772] Dev loop2: unable to read RDB block 7 [ 202.638656][ T5772] loop2: AHDI p1 p2 [ 202.642659][ T5772] loop2: partition table partially beyond EOD, truncated [ 202.696848][ T5772] loop2: p1 start 6643572 is beyond EOD, truncated [ 202.714846][ T6365] fuse: Unknown parameter '°fd' [ 202.775029][ T6362] netlink: 'syz.3.124': attribute type 1 has an invalid length. [ 202.783011][ T6362] netlink: 32 bytes leftover after parsing attributes in process `syz.3.124'. [ 202.797029][ T6358] Dev loop2: unable to read RDB block 7 [ 202.812596][ T6358] loop2: AHDI p1 p2 [ 202.824294][ T6358] loop2: partition table partially beyond EOD, truncated [ 202.841764][ T6358] loop2: p1 start 6643572 is beyond EOD, truncated [ 203.547491][ T5854] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 203.580681][ T6368] loop2: detected capacity change from 0 to 32768 [ 203.691770][ T6374] FAULT_INJECTION: forcing a failure. [ 203.691770][ T6374] name failslab, interval 1, probability 0, space 0, times 1 [ 203.705180][ T6374] CPU: 1 PID: 6374 Comm: syz.0.120 Not tainted syzkaller #0 [ 203.712523][ T6374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 203.722671][ T6374] Call Trace: [ 203.726000][ T6374] [ 203.728974][ T6374] dump_stack_lvl+0x18c/0x250 [ 203.733858][ T6374] ? show_regs_print_info+0x20/0x20 [ 203.739124][ T6374] ? load_image+0x420/0x420 [ 203.743681][ T6374] ? __might_sleep+0xe0/0xe0 [ 203.748410][ T6374] ? __lock_acquire+0x7d40/0x7d40 [ 203.753483][ T6374] should_fail_ex+0x39d/0x4d0 [ 203.758223][ T6374] should_failslab+0x9/0x20 [ 203.762782][ T6374] slab_pre_alloc_hook+0x59/0x310 [ 203.767875][ T6374] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 203.773557][ T6374] ? tomoyo_encode+0x28b/0x540 [ 203.778452][ T6374] ? tomoyo_encode+0x28b/0x540 [ 203.783257][ T6374] __kmem_cache_alloc_node+0x53/0x250 [ 203.788689][ T6374] ? tomoyo_encode+0x28b/0x540 [ 203.793507][ T6374] __kmalloc+0xa4/0x230 [ 203.797723][ T6374] tomoyo_encode+0x28b/0x540 [ 203.802371][ T6374] tomoyo_realpath_from_path+0x592/0x5d0 [ 203.808169][ T6374] tomoyo_path_number_perm+0x248/0x620 [ 203.813689][ T6374] ? tomoyo_path_number_perm+0x217/0x620 [ 203.819402][ T6374] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 203.824925][ T6374] ? ksys_write+0x1c4/0x260 [ 203.829532][ T6374] ? __fget_files+0x28/0x4b0 [ 203.834262][ T6374] ? __fget_files+0x28/0x4b0 [ 203.839013][ T6374] security_file_ioctl+0x70/0xa0 [ 203.844004][ T6374] __se_sys_ioctl+0x48/0x170 [ 203.848653][ T6374] do_syscall_64+0x55/0xa0 [ 203.853115][ T6374] ? clear_bhb_loop+0x40/0x90 [ 203.857950][ T6374] ? clear_bhb_loop+0x40/0x90 [ 203.862677][ T6374] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 203.868796][ T6374] RIP: 0033:0x7f9268b9c819 [ 203.873269][ T6374] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 203.893010][ T6374] RSP: 002b:00007f9269aad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.901486][ T6374] RAX: ffffffffffffffda RBX: 00007f9268e16090 RCX: 00007f9268b9c819 [ 203.909508][ T6374] RDX: 0000200000002dc0 RSI: 00000000c058565d RDI: 0000000000000003 [ 203.917627][ T6374] RBP: 00007f9269aad090 R08: 0000000000000000 R09: 0000000000000000 [ 203.925734][ T6374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.933839][ T6374] R13: 00007f9268e16128 R14: 00007f9268e16090 R15: 00007ffc4b081598 [ 203.941981][ T6374] [ 203.951589][ T6374] ERROR: Out of memory at tomoyo_realpath_from_path. [ 204.359993][ T5854] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 204.410386][ T5854] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 204.420855][ T5854] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 204.430039][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.434470][ T6368] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 204.473964][ T5854] usb 4-1: config 0 descriptor?? [ 204.484379][ T6368] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 204.630878][ T27] audit: type=1804 audit(1776045002.242:15): pid=6368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.126" name="/newroot/28/file0/bus" dev="loop2" ino=17058 res=1 errno=0 [ 205.212041][ T6382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 205.240701][ T6382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.412626][ T6382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 205.476351][ T6382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.554342][ T6382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 205.623282][ T6382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.673682][ T6379] loop1: detected capacity change from 0 to 32768 [ 205.766634][ T6379] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 205.787110][ T6379] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 205.887842][ T6379] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 205.982629][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 206.037406][ T2192] usb 4-1: USB disconnect, device number 6 [ 206.063036][ T27] audit: type=1804 audit(1776045003.672:16): pid=6379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.128" name="/newroot/31/file0/bus" dev="loop1" ino=17058 res=1 errno=0 [ 207.324568][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 207.616674][ T5854] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 207.791959][ T6402] netlink: 48 bytes leftover after parsing attributes in process `syz.1.131'. [ 207.806708][ T789] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 207.835793][ T5854] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 207.925166][ T5854] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 207.976216][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.039122][ T5854] usb 4-1: Product: syz [ 208.070312][ T5854] usb 4-1: Manufacturer: syz [ 208.112902][ T5854] usb 4-1: SerialNumber: syz [ 208.232342][ T5854] usb 4-1: config 0 descriptor?? [ 208.393741][ T6393] loop2: detected capacity change from 0 to 32768 [ 208.635112][ T6393] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 208.777864][ T789] usb 1-1: device descriptor read/64, error -71 [ 208.873525][ T6393] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 209.104351][ T6411] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.132'. [ 209.124426][ T6411] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 209.132770][ T6411] CPU: 1 PID: 6411 Comm: syz.3.132 Not tainted syzkaller #0 [ 209.140111][ T6411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 209.150221][ T6411] Call Trace: [ 209.153547][ T6411] [ 209.156537][ T6411] dump_stack_lvl+0x18c/0x250 [ 209.161297][ T6411] ? show_regs_print_info+0x20/0x20 [ 209.166559][ T6411] ? load_image+0x420/0x420 [ 209.171136][ T6411] sysfs_warn_dup+0x8e/0xa0 [ 209.175693][ T6411] sysfs_do_create_link_sd+0xc0/0x110 [ 209.181117][ T6411] device_add_class_symlinks+0x1cf/0x240 [ 209.186837][ T6411] device_add+0x507/0xc20 [ 209.191227][ T6411] wiphy_register+0x1dad/0x2ae0 [ 209.196157][ T6411] ? cfg80211_event_work+0x40/0x40 [ 209.201313][ T6411] ? minstrel_ht_alloc+0x88a/0x990 [ 209.206497][ T6411] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 209.212630][ T6411] ieee80211_register_hw+0x3464/0x4250 [ 209.218172][ T6411] ? ieee80211_tasklet_handler+0x20/0x20 [ 209.223854][ T6411] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 209.229891][ T6411] ? __debug_object_init+0xec/0x450 [ 209.235158][ T6411] ? __asan_memset+0x22/0x40 [ 209.239802][ T6411] ? __hrtimer_init+0x186/0x270 [ 209.244707][ T6411] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 209.250593][ T6411] ? mac80211_hwsim_free+0x220/0x220 [ 209.255931][ T6411] ? rcu_is_watching+0x15/0xb0 [ 209.260755][ T6411] ? kstrndup+0xbd/0x140 [ 209.265064][ T6411] hwsim_new_radio_nl+0xdc9/0x1a90 [ 209.270237][ T6411] ? __nla_validate+0x50/0x50 [ 209.274993][ T6411] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 209.281397][ T6411] ? __nla_parse+0x40/0x50 [ 209.285876][ T6411] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 209.292272][ T6411] genl_family_rcv_msg_doit+0x211/0x310 [ 209.298181][ T6411] ? end_current_label_crit_section+0x170/0x170 [ 209.304491][ T6411] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 209.310443][ T6411] ? bpf_lsm_capable+0x9/0x10 [ 209.315175][ T6411] ? security_capable+0x89/0xb0 [ 209.320095][ T6411] genl_rcv_msg+0x619/0x7a0 [ 209.324658][ T6411] ? genl_bind+0x360/0x360 [ 209.329123][ T6411] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 209.335518][ T6411] netlink_rcv_skb+0x241/0x4d0 [ 209.340390][ T6411] ? genl_bind+0x360/0x360 [ 209.344857][ T6411] ? netlink_ack+0x1180/0x1180 [ 209.349711][ T6411] ? __lock_acquire+0x7d40/0x7d40 [ 209.354809][ T6411] ? down_read+0x1ac/0x2e0 [ 209.359276][ T6411] genl_rcv+0x28/0x40 [ 209.363355][ T6411] netlink_unicast+0x751/0x8d0 [ 209.368200][ T6411] netlink_sendmsg+0x8d0/0xbf0 [ 209.373045][ T6411] ? lockdep_hardirqs_on+0x98/0x150 [ 209.378316][ T6411] ? netlink_getsockopt+0x590/0x590 [ 209.383600][ T6411] ? aa_sock_msg_perm+0x94/0x150 [ 209.388603][ T6411] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 209.393940][ T6411] ? security_socket_sendmsg+0x80/0xa0 [ 209.399546][ T6411] ? netlink_getsockopt+0x590/0x590 [ 209.404857][ T6411] ____sys_sendmsg+0x5ba/0x960 [ 209.409693][ T6411] ? __asan_memset+0x22/0x40 [ 209.414349][ T6411] ? __sys_sendmsg_sock+0x30/0x30 [ 209.419468][ T6411] ? __import_iovec+0x5f2/0x850 [ 209.424391][ T6411] ? import_iovec+0x73/0xa0 [ 209.428958][ T6411] ___sys_sendmsg+0x2a6/0x360 [ 209.433801][ T6411] ? __sys_sendmsg+0x2a0/0x2a0 [ 209.438695][ T6411] __se_sys_sendmsg+0x1c2/0x2b0 [ 209.443617][ T6411] ? __x64_sys_sendmsg+0x80/0x80 [ 209.448635][ T6411] ? lockdep_hardirqs_on+0x98/0x150 [ 209.453903][ T6411] do_syscall_64+0x55/0xa0 [ 209.458375][ T6411] ? clear_bhb_loop+0x40/0x90 [ 209.463309][ T6411] ? clear_bhb_loop+0x40/0x90 [ 209.468064][ T6411] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.474030][ T6411] RIP: 0033:0x7f2ab4d9c819 [ 209.478496][ T6411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.498164][ T6411] RSP: 002b:00007f2ab23cf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 209.506633][ T6411] RAX: ffffffffffffffda RBX: 00007f2ab5016450 RCX: 00007f2ab4d9c819 [ 209.514860][ T6411] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 209.522879][ T6411] RBP: 00007f2ab4e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 209.530941][ T6411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.539057][ T6411] R13: 00007f2ab50164e8 R14: 00007f2ab5016450 R15: 00007fff234a7d48 [ 209.547098][ T6411] [ 209.550171][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.773354][ T789] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 210.276746][ T789] usb 1-1: device descriptor read/64, error -71 [ 210.456545][ T789] usb usb1-port1: attempt power cycle [ 210.896855][ T789] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 211.371978][ T789] usb 1-1: device descriptor read/8, error -71 [ 211.653121][ T5854] usb 4-1: USB disconnect, device number 7 [ 212.126712][ T5085] Bluetooth: hci3: command 0x0406 tx timeout [ 212.126854][ T5785] Bluetooth: hci2: command 0x0406 tx timeout [ 212.210395][ T5085] Bluetooth: hci0: command 0x0406 tx timeout [ 212.216818][ T5785] Bluetooth: hci1: command 0x0406 tx timeout [ 213.007673][ T6422] fuse: Unknown parameter '°fd' [ 213.548914][ T6420] loop3: detected capacity change from 0 to 32768 [ 213.599607][ T6420] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 213.619941][ T6420] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 213.623699][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 213.705072][ T6420] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 213.774748][ T27] audit: type=1804 audit(1776045011.382:17): pid=6420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.138" name="/newroot/40/file0/bus" dev="loop3" ino=17058 res=1 errno=0 [ 213.805231][ T6424] loop0: detected capacity change from 0 to 32768 [ 213.903218][ T6424] find_entry called with index >= next_index [ 213.954642][ T6424] find_entry called with index >= next_index [ 214.004304][ T6424] find_entry called with index >= next_index [ 214.086927][ T6424] find_entry called with index >= next_index [ 214.103344][ T6424] find_entry called with index >= next_index [ 214.295325][ T6424] add_index: next_index = 0. Resetting! [ 214.417780][ T6424] find_entry called with index >= next_index [ 214.457303][ T6424] find_entry called with index >= next_index [ 214.506687][ T6424] find_entry called with index >= next_index [ 214.555039][ T6428] read_mapping_page failed! [ 214.587173][ T6428] ERROR: (device loop0): txCommit: [ 214.587173][ T6428] [ 214.644633][ T6428] ERROR: (device loop0): remounting filesystem as read-only [ 214.676886][ T6432] syzkaller0: entered promiscuous mode [ 214.682538][ T6432] syzkaller0: entered allmulticast mode [ 214.808446][ T5778] ocfs2: Unmounting device (7,3) on (node local) [ 214.873553][ T6432] tipc: Started in network mode [ 214.886709][ T6432] tipc: Node identity b2f8f6301b51, cluster identity 4711 [ 214.899638][ T6432] tipc: Enabled bearer , priority 0 [ 214.931524][ T6431] tipc: Resetting bearer [ 214.974552][ T6431] tipc: Disabling bearer [ 215.886589][ T6434] loop1: detected capacity change from 0 to 8192 [ 219.916441][ C0] sched: RT throttling activated [ 221.063231][ T6459] netlink: 48 bytes leftover after parsing attributes in process `syz.3.143'. [ 222.611297][ T6468] program syz.0.147 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.651924][ T28] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 222.738930][ T6471] Bluetooth: MGMT ver 1.22 [ 222.838491][ T28] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.874465][ T28] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 222.899354][ T28] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 222.921426][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.926180][ T6475] fuse: Unknown parameter '°fd' [ 222.947687][ T28] usb 2-1: config 0 descriptor?? [ 223.039112][ T6465] loop3: detected capacity change from 0 to 32768 [ 223.080069][ T6465] find_entry called with index >= next_index [ 223.086141][ T6465] find_entry called with index >= next_index [ 223.104247][ T6465] find_entry called with index >= next_index [ 223.121644][ T6465] find_entry called with index >= next_index [ 223.138157][ T6465] find_entry called with index >= next_index [ 223.145102][ T6465] add_index: next_index = 0. Resetting! [ 223.158798][ T6465] find_entry called with index >= next_index [ 223.164902][ T6465] find_entry called with index >= next_index [ 223.186560][ T789] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 223.204514][ T6465] find_entry called with index >= next_index [ 223.385595][ T6466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.400270][ T6466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 223.411105][ T789] usb 1-1: unable to get BOS descriptor or descriptor too short [ 223.421152][ T789] usb 1-1: not running at top speed; connect to a high speed hub [ 223.437945][ T789] usb 1-1: config 61 has an invalid interface number: 37 but max is 0 [ 223.446189][ T789] usb 1-1: config 61 has no interface number 0 [ 223.457727][ T789] usb 1-1: config 61 interface 37 has no altsetting 0 [ 223.471591][ T789] usb 1-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice=fa.4f [ 223.481972][ T789] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.493864][ T789] usb 1-1: Product: syz [ 223.498519][ T789] usb 1-1: Manufacturer: syz [ 223.503190][ T789] usb 1-1: SerialNumber: syz [ 223.509888][ T6479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.526132][ T6479] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 223.546348][ T6479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.555675][ T6479] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 223.940513][ T5818] usb 2-1: USB disconnect, device number 9 [ 223.959924][ T789] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 224.542397][ T6474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.149'. [ 225.227234][ T6474] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.236463][ T6474] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.245223][ T6474] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.264562][ T6474] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 225.710239][ T6474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.149'. [ 225.752766][ T6474] Zero length message leads to an empty skb [ 225.831140][ T789] gp8psk: usb out operation failed. [ 225.861051][ T789] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 225.883173][ T6482] loop3: detected capacity change from 0 to 8192 [ 225.896589][ T789] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver error while loading driver (-19) [ 226.022040][ T6493] netlink: 48 bytes leftover after parsing attributes in process `syz.1.156'. [ 226.807519][ T789] usb 1-1: USB disconnect, device number 10 [ 227.506848][ T5818] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 227.521432][ T6491] loop2: detected capacity change from 0 to 32768 [ 227.697040][ T6491] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 227.716763][ T5818] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.755631][ T5818] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 227.787510][ T5818] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 227.799699][ T5818] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.811316][ T5818] usb 2-1: config 0 descriptor?? [ 227.819042][ T6491] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 228.629639][ T27] audit: type=1804 audit(1776045026.182:18): pid=6491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.154" name="/newroot/36/file0/bus" dev="loop2" ino=17058 res=1 errno=0 [ 228.769619][ T6497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 228.801976][ T6495] loop0: detected capacity change from 0 to 32768 [ 228.834747][ T6495] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 228.838136][ T6497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.045202][ T6495] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 229.191926][ T6509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.347415][ T6509] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.655162][ T6495] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 229.727916][ T6497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.764775][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 229.905397][ T6497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.048966][ T5784] Bluetooth: hci3: command 0x0406 tx timeout [ 230.122968][ T2192] usb 2-1: USB disconnect, device number 10 [ 230.319619][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 230.460735][ T6516] netlink: 48 bytes leftover after parsing attributes in process `syz.3.162'. [ 231.694390][ T6524] fuse: Unknown parameter '°fd' [ 231.936517][ T5818] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 232.940933][ T5818] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 233.032969][ T5818] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 233.042441][ T5818] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 233.070391][ T5818] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.104591][ T5818] usb 2-1: config 0 descriptor?? [ 233.112277][ T6532] FAULT_INJECTION: forcing a failure. [ 233.112277][ T6532] name failslab, interval 1, probability 0, space 0, times 0 [ 233.146761][ T6532] CPU: 1 PID: 6532 Comm: syz.3.166 Not tainted syzkaller #0 [ 233.154129][ T6532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 233.164214][ T6532] Call Trace: [ 233.167529][ T6532] [ 233.170495][ T6532] dump_stack_lvl+0x18c/0x250 [ 233.175201][ T6532] ? show_regs_print_info+0x20/0x20 [ 233.180424][ T6532] ? load_image+0x420/0x420 [ 233.184943][ T6532] ? __might_sleep+0xe0/0xe0 [ 233.189575][ T6532] ? __lock_acquire+0x7d40/0x7d40 [ 233.194643][ T6532] should_fail_ex+0x39d/0x4d0 [ 233.199347][ T6532] should_failslab+0x9/0x20 [ 233.203868][ T6532] slab_pre_alloc_hook+0x59/0x310 [ 233.208929][ T6532] kmem_cache_alloc+0x5a/0x2d0 [ 233.213746][ T6532] ? do_timer_create+0x1a0/0x1290 [ 233.218785][ T6532] do_timer_create+0x1a0/0x1290 [ 233.223664][ T6532] ? __might_fault+0xaa/0x120 [ 233.228358][ T6532] ? __lock_acquire+0x7d40/0x7d40 [ 233.233389][ T6532] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 233.239052][ T6532] ? __ia32_sys_clock_nanosleep_time32+0xb0/0xb0 [ 233.245390][ T6532] ? __might_fault+0xaa/0x120 [ 233.250160][ T6532] ? __might_fault+0xc6/0x120 [ 233.254847][ T6532] ? __might_fault+0xaa/0x120 [ 233.259537][ T6532] __x64_sys_timer_create+0x16a/0x1c0 [ 233.264944][ T6532] ? posix_timer_event+0x100/0x100 [ 233.270112][ T6532] ? lockdep_hardirqs_on+0x98/0x150 [ 233.275336][ T6532] do_syscall_64+0x55/0xa0 [ 233.279767][ T6532] ? clear_bhb_loop+0x40/0x90 [ 233.284459][ T6532] ? clear_bhb_loop+0x40/0x90 [ 233.289175][ T6532] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 233.295089][ T6532] RIP: 0033:0x7f2ab4d9c819 [ 233.299594][ T6532] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.319323][ T6532] RSP: 002b:00007f2ab5bb5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 233.327765][ T6532] RAX: ffffffffffffffda RBX: 00007f2ab5016090 RCX: 00007f2ab4d9c819 [ 233.335760][ T6532] RDX: 0000200000000340 RSI: 0000200000533fa0 RDI: 0000000000000000 [ 233.343746][ T6532] RBP: 00007f2ab5bb5090 R08: 0000000000000000 R09: 0000000000000000 [ 233.351728][ T6532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.359716][ T6532] R13: 00007f2ab5016128 R14: 00007f2ab5016090 R15: 00007fff234a7d48 [ 233.367718][ T6532] [ 233.370851][ C1] vkms_vblank_simulate: vblank timer overrun [ 234.019373][ T6539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.046799][ T6539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.135711][ T6539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.236918][ T6539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.622739][ T6534] loop0: detected capacity change from 0 to 32768 [ 234.655163][ T5836] usb 2-1: USB disconnect, device number 11 [ 234.663407][ T6534] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 234.701900][ T6534] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 234.762541][ T6538] loop3: detected capacity change from 0 to 32768 [ 234.806683][ T6538] o2cb: This node has not been configured. [ 234.815717][ T6538] o2cb: Cluster check failed. Fix errors before retrying. [ 234.838255][ T6538] (syz.3.168,6538,0):ocfs2_dlm_init:3358 ERROR: status = -22 [ 234.899484][ T6538] (syz.3.168,6538,0):ocfs2_mount_volume:1791 ERROR: status = -22 [ 234.958498][ T6538] (syz.3.168,6538,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 235.843735][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 236.283903][ T6549] loop2: detected capacity change from 0 to 40427 [ 236.407060][ T6549] F2FS-fs (loop2): Corrupted extension count (64 + 1 > 64) [ 236.414485][ T6549] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 236.428096][ T6549] F2FS-fs (loop2): Image doesn't support compression [ 236.435010][ T6549] F2FS-fs (loop2): Image doesn't support compression [ 236.442062][ T6549] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x216 [ 236.465096][ T6549] F2FS-fs (loop2): invalid crc value [ 236.883114][ T6551] FAULT_INJECTION: forcing a failure. [ 236.883114][ T6551] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 237.043888][ T6551] CPU: 1 PID: 6551 Comm: syz.1.171 Not tainted syzkaller #0 [ 237.051379][ T6551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 237.061479][ T6551] Call Trace: [ 237.064801][ T6551] [ 237.067773][ T6551] dump_stack_lvl+0x18c/0x250 [ 237.072520][ T6551] ? show_regs_print_info+0x20/0x20 [ 237.077784][ T6551] ? load_image+0x420/0x420 [ 237.082370][ T6551] ? __lock_acquire+0x7d40/0x7d40 [ 237.087450][ T6551] ? snprintf+0xe9/0x140 [ 237.091749][ T6551] should_fail_ex+0x39d/0x4d0 [ 237.096486][ T6551] _copy_to_user+0x2f/0xa0 [ 237.100957][ T6551] simple_read_from_buffer+0xe7/0x150 [ 237.106434][ T6551] proc_fail_nth_read+0x1e8/0x260 [ 237.111613][ T6551] ? proc_fault_inject_write+0x360/0x360 [ 237.117340][ T6551] ? fsnotify_perm+0x271/0x5e0 [ 237.122210][ T6551] ? proc_fault_inject_write+0x360/0x360 [ 237.127908][ T6551] vfs_read+0x28b/0x970 [ 237.132133][ T6551] ? kernel_read+0x1e0/0x1e0 [ 237.136791][ T6551] ? __fget_files+0x28/0x4b0 [ 237.141437][ T6551] ? __fget_files+0x28/0x4b0 [ 237.146085][ T6551] ? __fget_files+0x43d/0x4b0 [ 237.150830][ T6551] ? __fdget_pos+0x2a3/0x330 [ 237.155474][ T6551] ? ksys_read+0x75/0x260 [ 237.159903][ T6551] ksys_read+0x150/0x260 [ 237.164210][ T6551] ? vfs_write+0x990/0x990 [ 237.168710][ T6551] ? lockdep_hardirqs_on+0x98/0x150 [ 237.174015][ T6551] do_syscall_64+0x55/0xa0 [ 237.178481][ T6551] ? clear_bhb_loop+0x40/0x90 [ 237.183207][ T6551] ? clear_bhb_loop+0x40/0x90 [ 237.187964][ T6551] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 237.193916][ T6551] RIP: 0033:0x7fb50635d04e [ 237.198374][ T6551] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 237.218033][ T6551] RSP: 002b:00007fb50717bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 237.226499][ T6551] RAX: ffffffffffffffda RBX: 00007fb50717c6c0 RCX: 00007fb50635d04e [ 237.234565][ T6551] RDX: 000000000000000f RSI: 00007fb50717c0a0 RDI: 0000000000000005 [ 237.242580][ T6551] RBP: 00007fb50717c090 R08: 0000000000000000 R09: 0000000000000000 [ 237.250705][ T6551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.258716][ T6551] R13: 00007fb506616038 R14: 00007fb506615fa0 R15: 00007ffe0e2fafd8 [ 237.266756][ T6551] [ 237.269885][ C1] vkms_vblank_simulate: vblank timer overrun [ 239.153297][ T6549] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 239.160860][ T6549] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 242.216251][ T6569] netlink: 48 bytes leftover after parsing attributes in process `syz.1.174'. [ 247.366559][ T2192] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 247.536745][ T789] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 247.573135][ T2192] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 247.600907][ T2192] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 247.612018][ T2192] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.630690][ T2192] usb 2-1: Product: syz [ 247.640063][ T2192] usb 2-1: Manufacturer: syz [ 247.656204][ T2192] usb 2-1: SerialNumber: syz [ 247.676861][ T2192] usb 2-1: config 0 descriptor?? [ 247.723808][ T789] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 247.740559][ T789] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 247.757045][ T789] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 247.766334][ T789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.784518][ T6579] loop3: detected capacity change from 0 to 32768 [ 247.798854][ T789] usb 3-1: config 0 descriptor?? [ 247.962840][ T6579] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 248.418219][ T6598] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.181'. [ 248.437230][ T6598] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 248.445417][ T6598] CPU: 0 PID: 6598 Comm: syz.1.181 Not tainted syzkaller #0 [ 248.452940][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 248.463063][ T6598] Call Trace: [ 248.466400][ T6598] [ 248.469413][ T6598] dump_stack_lvl+0x18c/0x250 [ 248.474167][ T6598] ? show_regs_print_info+0x20/0x20 [ 248.479440][ T6598] ? load_image+0x420/0x420 [ 248.484021][ T6598] sysfs_warn_dup+0x8e/0xa0 [ 248.488576][ T6598] sysfs_do_create_link_sd+0xc0/0x110 [ 248.494004][ T6598] device_add_class_symlinks+0x1cf/0x240 [ 248.499707][ T6598] device_add+0x507/0xc20 [ 248.504098][ T6598] wiphy_register+0x1dad/0x2ae0 [ 248.509025][ T6598] ? cfg80211_event_work+0x40/0x40 [ 248.514187][ T6598] ? minstrel_ht_alloc+0x88a/0x990 [ 248.519363][ T6598] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 248.525506][ T6598] ieee80211_register_hw+0x3464/0x4250 [ 248.531038][ T6598] ? ieee80211_tasklet_handler+0x20/0x20 [ 248.536718][ T6598] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 248.542650][ T6598] ? __debug_object_init+0xec/0x450 [ 248.547878][ T6598] ? __asan_memset+0x22/0x40 [ 248.552494][ T6598] ? __hrtimer_init+0x186/0x270 [ 248.557361][ T6598] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 248.563108][ T6598] ? mac80211_hwsim_free+0x220/0x220 [ 248.568431][ T6598] ? rcu_is_watching+0x15/0xb0 [ 248.573226][ T6598] ? kstrndup+0xbd/0x140 [ 248.577510][ T6598] hwsim_new_radio_nl+0xdc9/0x1a90 [ 248.582656][ T6598] ? __nla_validate+0x50/0x50 [ 248.587459][ T6598] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 248.593831][ T6598] ? __nla_parse+0x40/0x50 [ 248.598532][ T6598] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 248.604881][ T6598] genl_family_rcv_msg_doit+0x211/0x310 [ 248.610453][ T6598] ? end_current_label_crit_section+0x170/0x170 [ 248.616736][ T6598] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 248.623455][ T6598] ? bpf_lsm_capable+0x9/0x10 [ 248.628157][ T6598] ? security_capable+0x89/0xb0 [ 248.633036][ T6598] genl_rcv_msg+0x619/0x7a0 [ 248.637561][ T6598] ? genl_bind+0x360/0x360 [ 248.641995][ T6598] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 248.648349][ T6598] netlink_rcv_skb+0x241/0x4d0 [ 248.653139][ T6598] ? genl_bind+0x360/0x360 [ 248.657582][ T6598] ? netlink_ack+0x1180/0x1180 [ 248.662387][ T6598] ? __lock_acquire+0x7d40/0x7d40 [ 248.667433][ T6598] ? down_read+0x1ac/0x2e0 [ 248.671864][ T6598] genl_rcv+0x28/0x40 [ 248.675873][ T6598] netlink_unicast+0x751/0x8d0 [ 248.680672][ T6598] netlink_sendmsg+0x8d0/0xbf0 [ 248.685462][ T6598] ? netlink_getsockopt+0x590/0x590 [ 248.690694][ T6598] ? aa_sock_msg_perm+0x94/0x150 [ 248.695657][ T6598] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 248.700970][ T6598] ? security_socket_sendmsg+0x80/0xa0 [ 248.706461][ T6598] ? netlink_getsockopt+0x590/0x590 [ 248.711787][ T6598] ____sys_sendmsg+0x5ba/0x960 [ 248.716586][ T6598] ? __asan_memset+0x22/0x40 [ 248.721211][ T6598] ? __sys_sendmsg_sock+0x30/0x30 [ 248.726258][ T6598] ? __import_iovec+0x5f2/0x850 [ 248.731151][ T6598] ? import_iovec+0x73/0xa0 [ 248.735710][ T6598] ___sys_sendmsg+0x2a6/0x360 [ 248.740417][ T6598] ? __sys_sendmsg+0x2a0/0x2a0 [ 248.745239][ T6598] __se_sys_sendmsg+0x1c2/0x2b0 [ 248.750121][ T6598] ? __x64_sys_sendmsg+0x80/0x80 [ 248.755094][ T6598] ? lockdep_hardirqs_on+0x98/0x150 [ 248.760325][ T6598] do_syscall_64+0x55/0xa0 [ 248.764761][ T6598] ? clear_bhb_loop+0x40/0x90 [ 248.769463][ T6598] ? clear_bhb_loop+0x40/0x90 [ 248.774157][ T6598] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 248.780173][ T6598] RIP: 0033:0x7fb50639c819 [ 248.784602][ T6598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 248.804225][ T6598] RSP: 002b:00007fb50396c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.812678][ T6598] RAX: ffffffffffffffda RBX: 00007fb506616450 RCX: 00007fb50639c819 [ 248.820681][ T6598] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 248.828674][ T6598] RBP: 00007fb506432c91 R08: 0000000000000000 R09: 0000000000000000 [ 248.836672][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.844668][ T6598] R13: 00007fb5066164e8 R14: 00007fb506616450 R15: 00007ffe0e2fafd8 [ 248.852675][ T6598] [ 251.202023][ T789] usb 2-1: USB disconnect, device number 12 [ 251.210375][ T5759] usb 3-1: USB disconnect, device number 12 [ 251.228437][ T6579] JBD2: journal reset failed [ 251.244071][ T6579] (syz.3.179,6579,0):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 251.307823][ T6579] (syz.3.179,6579,0):ocfs2_check_volume:2432 ERROR: ocfs2 journal load failed! -4 [ 251.438752][ T6604] IPVS: sed: FWM 3 0x00000003 - no destination available [ 251.949372][ T6608] loop0: detected capacity change from 0 to 40427 [ 253.034475][ T6608] F2FS-fs (loop0): Corrupted extension count (64 + 1 > 64) [ 253.042198][ T6608] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 253.054009][ T6608] F2FS-fs (loop0): Image doesn't support compression [ 253.062116][ T6608] F2FS-fs (loop0): Image doesn't support compression [ 253.069020][ T6608] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x216 [ 254.042599][ T6608] F2FS-fs (loop0): invalid crc value [ 254.767141][ T6608] F2FS-fs (loop0): Failed to start F2FS issue_checkpoint_thread (-4) [ 256.037579][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.051813][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.065256][ T6626] netlink: 48 bytes leftover after parsing attributes in process `syz.3.186'. [ 260.566652][ T2192] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 260.732466][ T6628] loop2: detected capacity change from 0 to 32768 [ 260.763264][ T6628] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 260.791476][ T2192] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 260.827262][ T6628] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 260.849644][ T2192] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.923609][ T27] audit: type=1804 audit(1776045058.532:19): pid=6628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.190" name="/newroot/42/file0/bus" dev="loop2" ino=17058 res=1 errno=0 [ 261.046585][ T2192] usb 2-1: Product: syz [ 261.126916][ T2192] usb 2-1: Manufacturer: syz [ 261.132637][ T2192] usb 2-1: SerialNumber: syz [ 261.140066][ T2192] usb 2-1: config 0 descriptor?? [ 261.581729][ T2192] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 013 [ 262.231662][ T6643] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.192'. [ 262.252480][ T6643] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 262.260661][ T6643] CPU: 1 PID: 6643 Comm: syz.1.192 Not tainted syzkaller #0 [ 262.268005][ T6643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 262.278119][ T6643] Call Trace: [ 262.281443][ T6643] [ 262.284417][ T6643] dump_stack_lvl+0x18c/0x250 [ 262.289186][ T6643] ? show_regs_print_info+0x20/0x20 [ 262.294447][ T6643] ? load_image+0x420/0x420 [ 262.299069][ T6643] sysfs_warn_dup+0x8e/0xa0 [ 262.303623][ T6643] sysfs_do_create_link_sd+0xc0/0x110 [ 262.309054][ T6643] device_add_class_symlinks+0x1cf/0x240 [ 262.314843][ T6643] device_add+0x507/0xc20 [ 262.319257][ T6643] wiphy_register+0x1dad/0x2ae0 [ 262.324215][ T6643] ? cfg80211_event_work+0x40/0x40 [ 262.329403][ T6643] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 262.335120][ T6643] ieee80211_register_hw+0x3464/0x4250 [ 262.340653][ T6643] ? ieee80211_tasklet_handler+0x20/0x20 [ 262.346347][ T6643] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 262.352301][ T6643] ? __debug_object_init+0xec/0x450 [ 262.357562][ T6643] ? __asan_memset+0x22/0x40 [ 262.362246][ T6643] ? __hrtimer_init+0x186/0x270 [ 262.367153][ T6643] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 262.373041][ T6643] ? mac80211_hwsim_free+0x220/0x220 [ 262.378402][ T6643] ? rcu_is_watching+0x15/0xb0 [ 262.383258][ T6643] ? kstrndup+0xbd/0x140 [ 262.387586][ T6643] hwsim_new_radio_nl+0xdc9/0x1a90 [ 262.392778][ T6643] ? __nla_validate+0x50/0x50 [ 262.397516][ T6643] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 262.403914][ T6643] ? __asan_memcpy+0x70/0x70 [ 262.408568][ T6643] ? __nla_parse+0x40/0x50 [ 262.413033][ T6643] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 262.419470][ T6643] genl_family_rcv_msg_doit+0x211/0x310 [ 262.425074][ T6643] ? end_current_label_crit_section+0x170/0x170 [ 262.431461][ T6643] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 262.437419][ T6643] ? bpf_lsm_capable+0x9/0x10 [ 262.442159][ T6643] ? security_capable+0x89/0xb0 [ 262.447090][ T6643] genl_rcv_msg+0x619/0x7a0 [ 262.451670][ T6643] ? genl_bind+0x360/0x360 [ 262.456145][ T6643] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 262.462561][ T6643] netlink_rcv_skb+0x241/0x4d0 [ 262.467389][ T6643] ? genl_bind+0x360/0x360 [ 262.471868][ T6643] ? netlink_ack+0x1180/0x1180 [ 262.476715][ T6643] ? __lock_acquire+0x7d40/0x7d40 [ 262.481808][ T6643] ? down_read+0x1ac/0x2e0 [ 262.486281][ T6643] genl_rcv+0x28/0x40 [ 262.490318][ T6643] netlink_unicast+0x751/0x8d0 [ 262.495153][ T6643] netlink_sendmsg+0x8d0/0xbf0 [ 262.499991][ T6643] ? netlink_getsockopt+0x590/0x590 [ 262.505271][ T6643] ? aa_sock_msg_perm+0x94/0x150 [ 262.510269][ T6643] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 262.515617][ T6643] ? security_socket_sendmsg+0x80/0xa0 [ 262.521160][ T6643] ? netlink_getsockopt+0x590/0x590 [ 262.526422][ T6643] ____sys_sendmsg+0x5ba/0x960 [ 262.531246][ T6643] ? __asan_memset+0x22/0x40 [ 262.535894][ T6643] ? __sys_sendmsg_sock+0x30/0x30 [ 262.540978][ T6643] ? __import_iovec+0x5f2/0x850 [ 262.545898][ T6643] ? import_iovec+0x73/0xa0 [ 262.550459][ T6643] ___sys_sendmsg+0x2a6/0x360 [ 262.555197][ T6643] ? __sys_sendmsg+0x2a0/0x2a0 [ 262.560066][ T6643] __se_sys_sendmsg+0x1c2/0x2b0 [ 262.564978][ T6643] ? __x64_sys_sendmsg+0x80/0x80 [ 262.569991][ T6643] ? lockdep_hardirqs_on+0x98/0x150 [ 262.575252][ T6643] do_syscall_64+0x55/0xa0 [ 262.579739][ T6643] ? clear_bhb_loop+0x40/0x90 [ 262.584479][ T6643] ? clear_bhb_loop+0x40/0x90 [ 262.589219][ T6643] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 262.595200][ T6643] RIP: 0033:0x7fb50639c819 [ 262.599674][ T6643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 262.619341][ T6643] RSP: 002b:00007fb50396c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.627815][ T6643] RAX: ffffffffffffffda RBX: 00007fb506616450 RCX: 00007fb50639c819 [ 262.635839][ T6643] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 262.643862][ T6643] RBP: 00007fb506432c91 R08: 0000000000000000 R09: 0000000000000000 [ 262.652074][ T6643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.660112][ T6643] R13: 00007fb5066164e8 R14: 00007fb506616450 R15: 00007ffe0e2fafd8 [ 262.668153][ T6643] [ 263.186453][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 263.296440][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 263.386447][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 264.126437][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 264.136439][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 264.356449][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 264.366450][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 264.376449][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 265.642846][ T2192] (null): failure setting delay to 10us [ 265.666574][ T2192] i2c-tiny-usb: probe of 2-1:0.0 failed with error -5 [ 265.748981][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 267.158570][ T23] usb 2-1: USB disconnect, device number 13 [ 267.292968][ T6656] loop1: detected capacity change from 0 to 128 [ 267.314623][ T6656] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 267.398623][ T6656] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 267.599481][ T6660] IPVS: sed: FWM 3 0x00000003 - no destination available [ 267.668935][ T6648] loop2: detected capacity change from 0 to 32768 [ 267.730530][ T6648] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 267.774716][ T6648] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 267.809267][ T6652] loop3: detected capacity change from 0 to 32768 [ 267.882739][ T6652] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 267.905648][ T6652] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 267.935153][ T6652] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 267.970641][ T27] audit: type=1804 audit(1776045065.582:20): pid=6648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.193" name="/newroot/43/file0/bus" dev="loop2" ino=17058 res=1 errno=0 [ 269.210832][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 269.217929][ T5778] ocfs2: Unmounting device (7,3) on (node local) [ 269.376144][ T6672] IPVS: sed: FWM 3 0x00000003 - no destination available [ 270.196045][ T6682] ieee802154 phy0 wpan0: encryption failed: -22 [ 271.316536][ T5854] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 271.349297][ T6696] loop1: detected capacity change from 0 to 1764 [ 271.367541][ T6696] ISOFS: Logical zone size(512) < hardware blocksize(1024) [ 271.499808][ T5854] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 271.515774][ T5854] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 271.566247][ T5854] usb 4-1: config 220 has no interface number 2 [ 271.598100][ T5854] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 271.663509][ T6698] loop1: detected capacity change from 0 to 1024 [ 271.716925][ T5854] usb 4-1: config 220 interface 0 has no altsetting 0 [ 271.722420][ T6698] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 271.723767][ T5854] usb 4-1: config 220 interface 76 has no altsetting 0 [ 271.818525][ T5854] usb 4-1: config 220 interface 1 has no altsetting 0 [ 271.859904][ T5854] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 271.869496][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.919125][ T5854] usb 4-1: Product: syz [ 271.923384][ T5854] usb 4-1: Manufacturer: syz [ 271.932469][ T6698] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.975548][ T5854] usb 4-1: SerialNumber: syz [ 271.977843][ T6698] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 272.013810][ T27] audit: type=1800 audit(1776045069.612:21): pid=6698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.210" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 272.060543][ T6704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'. [ 272.085838][ T6704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.211'. [ 272.115882][ T6704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'. [ 272.147482][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 272.160102][ T6704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.211'. [ 272.416877][ T6711] netlink: 44 bytes leftover after parsing attributes in process `syz.1.213'. [ 273.674776][ T5854] usb 4-1: selecting invalid altsetting 0 [ 273.698604][ T5854] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 273.726904][ T5854] usb 4-1: No valid video chain found. [ 273.751877][ T5854] usb 4-1: selecting invalid altsetting 0 [ 273.766509][ T5854] usbtest: probe of 4-1:220.1 failed with error -22 [ 273.794993][ T5854] usb 4-1: USB disconnect, device number 8 [ 274.220222][ T6749] loop3: detected capacity change from 0 to 1024 [ 274.302635][ T6749] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 274.482969][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.691451][ T6767] loop3: detected capacity change from 0 to 1764 [ 274.732571][ T6767] ISOFS: Logical zone size(512) < hardware blocksize(1024) [ 275.160456][ T6788] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 275.388358][ T6794] program syz.0.248 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 275.751347][ T6799] loop0: detected capacity change from 0 to 4096 [ 275.886968][ T6799] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.919228][ T27] audit: type=1800 audit(1776045073.532:22): pid=6799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.250" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 276.071039][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.383609][ T6777] syz.2.240: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 276.444480][ T6777] CPU: 0 PID: 6777 Comm: syz.2.240 Not tainted syzkaller #0 [ 276.451861][ T6777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 276.462030][ T6777] Call Trace: [ 276.465101][ T6816] loop0: detected capacity change from 0 to 512 [ 276.465337][ T6777] [ 276.474680][ T6777] dump_stack_lvl+0x18c/0x250 [ 276.479447][ T6777] ? show_regs_print_info+0x20/0x20 [ 276.484715][ T6777] ? load_image+0x420/0x420 [ 276.489301][ T6777] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 276.495771][ T6777] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 276.502339][ T6777] warn_alloc+0x246/0x340 [ 276.506740][ T6777] ? zone_watermark_ok_safe+0x230/0x230 [ 276.512365][ T6777] ? _raw_spin_unlock+0x28/0x40 [ 276.517298][ T6777] __vmalloc_node_range+0x662/0x1330 [ 276.517801][ T6816] EXT4-fs: Ignoring removed mblk_io_submit option [ 276.522627][ T6777] ? __asan_memset+0x22/0x40 [ 276.533851][ T6777] ? free_vm_area+0x50/0x50 [ 276.538425][ T6777] ? kvmalloc_node+0x70/0x180 [ 276.543156][ T6777] ? rcu_is_watching+0x15/0xb0 [ 276.547976][ T6777] ? kvmalloc_node+0x70/0x180 [ 276.552711][ T6777] ? trace_kmalloc+0x1f/0x90 [ 276.557450][ T6777] kvmalloc_node+0x13f/0x180 [ 276.562106][ T6777] ? translate_table+0x192/0x2090 [ 276.567204][ T6777] translate_table+0x192/0x2090 [ 276.572219][ T6777] ? ip6t_register_table+0x7e0/0x7e0 [ 276.577569][ T6777] ? __might_fault+0xaa/0x120 [ 276.582299][ T6777] ? __lock_acquire+0x7d40/0x7d40 [ 276.587378][ T6777] ? __virt_addr_valid+0x18c/0x540 [ 276.592588][ T6777] ? __might_fault+0xaa/0x120 [ 276.597327][ T6777] ? __might_fault+0xc6/0x120 [ 276.602071][ T6777] ? __might_fault+0xaa/0x120 [ 276.606824][ T6777] do_ip6t_set_ctl+0x9fc/0xe10 [ 276.611652][ T6777] ? ip6t_unregister_table_exit+0x230/0x230 [ 276.617619][ T6777] ? __lock_acquire+0x7d40/0x7d40 [ 276.622707][ T6777] ? rcu_is_watching+0x15/0xb0 [ 276.627531][ T6777] ? trace_contention_end+0x39/0xe0 [ 276.632788][ T6777] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 276.638477][ T6777] ? mutex_unlock+0x10/0x10 [ 276.643034][ T6777] ? mutex_lock_nested+0x20/0x20 [ 276.648024][ T6777] nf_setsockopt+0x263/0x280 [ 276.652665][ T6777] ? sock_common_recvmsg+0x190/0x190 [ 276.658025][ T6777] smc_setsockopt+0x243/0xac0 [ 276.662760][ T6777] ? smc_shutdown+0x9b0/0x9b0 [ 276.667481][ T6777] ? __fget_files+0x28/0x4b0 [ 276.672166][ T6777] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 276.677770][ T6777] ? security_socket_setsockopt+0x7e/0xa0 [ 276.683544][ T6777] ? smc_shutdown+0x9b0/0x9b0 [ 276.688293][ T6777] do_sock_setsockopt+0x175/0x1a0 [ 276.693392][ T6777] ? __fdget+0x180/0x210 [ 276.697702][ T6777] __x64_sys_setsockopt+0x182/0x200 [ 276.702968][ T6777] do_syscall_64+0x55/0xa0 [ 276.707439][ T6777] ? clear_bhb_loop+0x40/0x90 [ 276.712174][ T6777] ? clear_bhb_loop+0x40/0x90 [ 276.717001][ T6777] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 276.722964][ T6777] RIP: 0033:0x7f544d99c819 [ 276.727434][ T6777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 276.747181][ T6777] RSP: 002b:00007f544e85e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 276.755668][ T6777] RAX: ffffffffffffffda RBX: 00007f544dc15fa0 RCX: 00007f544d99c819 [ 276.763737][ T6777] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 276.771849][ T6777] RBP: 00007f544da32c91 R08: 0000000000000330 R09: 0000000000000000 [ 276.779875][ T6777] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 276.787899][ T6777] R13: 00007f544dc16038 R14: 00007f544dc15fa0 R15: 00007ffe7ff0ff38 [ 276.796027][ T6777] [ 276.814301][ T6777] Mem-Info: [ 276.817585][ T6777] active_anon:6153 inactive_anon:0 isolated_anon:0 [ 276.817585][ T6777] active_file:14354 inactive_file:40016 isolated_file:0 [ 276.817585][ T6777] unevictable:768 dirty:141 writeback:0 [ 276.817585][ T6777] slab_reclaimable:10443 slab_unreclaimable:92970 [ 276.817585][ T6777] mapped:26337 shmem:2068 pagetables:571 [ 276.817585][ T6777] sec_pagetables:0 bounce:0 [ 276.817585][ T6777] kernel_misc_reclaimable:0 [ 276.817585][ T6777] free:1332991 free_pcp:6411 free_cma:0 [ 276.876574][ T6777] Node 0 active_anon:23312kB inactive_anon:0kB active_file:57416kB inactive_file:159860kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105348kB dirty:564kB writeback:0kB shmem:5336kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10948kB pagetables:2284kB sec_pagetables:0kB all_unreclaimable? no [ 276.905692][ T6816] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 276.948894][ T6777] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 276.966601][ T6816] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 277.005121][ T6777] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 277.072137][ T6777] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 277.086161][ T6777] Node 0 DMA32 free:1419260kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:22376kB inactive_anon:0kB active_file:57416kB inactive_file:159036kB unevictable:1536kB writepending:564kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:9396kB local_pcp:9048kB free_cma:0kB [ 277.126935][ T6777] lowmem_reserve[]: 0 0 0 0 0 [ 277.174127][ T6777] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 277.201475][ T6816] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.203950][ T6777] lowmem_reserve[]: 0 0 0 0 0 [ 277.230610][ T6823] netlink: 24 bytes leftover after parsing attributes in process `syz.1.259'. [ 277.239828][ T6777] Node 1 Normal free:3897148kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18912kB local_pcp:6624kB free_cma:0kB [ 277.273207][ T6816] ext4 filesystem being mounted at /62/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 277.376535][ T6777] lowmem_reserve[]: 0 0 0 0 0 [ 277.381380][ T6777] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 277.418523][ T6777] Node 0 DMA32: 282*4kB (UME) 734*8kB (UM) 789*16kB (UME) 564*32kB (UME) 414*64kB (UME) 97*128kB (ME) 56*256kB (UM) 33*512kB (M) 20*1024kB (ME) 12*2048kB (UM) 309*4096kB (M) = 1418536kB [ 277.485638][ T6825] loop1: detected capacity change from 0 to 512 [ 277.490666][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.506568][ T6777] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 277.532536][ T6777] Node 1 Normal: 207*4kB (UME) 62*8kB (UME) 39*16kB (UME) 53*32kB (UME) 12*64kB (UME) 10*128kB (UME) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 949*4096kB (M) = 3897148kB [ 277.595266][ T6825] EXT4-fs (loop1): 1 truncate cleaned up [ 277.638890][ T6825] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 277.667288][ T6777] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 277.711164][ T6777] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 277.743875][ T6777] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 277.754220][ T27] audit: type=1800 audit(1776045075.362:23): pid=6825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.260" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 277.794630][ T6777] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 277.814502][ T6777] 55793 total pagecache pages [ 277.824664][ T6777] 0 pages in swap cache [ 277.834814][ T6777] Free swap = 124996kB [ 277.844976][ T6777] Total swap = 124996kB [ 277.855164][ T6777] 2097051 pages RAM [ 277.862409][ T6777] 0 pages HighMem/MovableOnly [ 277.867674][ T6777] 416927 pages reserved [ 277.871876][ T6777] 0 pages cma reserved [ 277.888470][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.266895][ T6835] netlink: 36 bytes leftover after parsing attributes in process `syz.1.264'. [ 278.277218][ T6835] netlink: 36 bytes leftover after parsing attributes in process `syz.1.264'. [ 278.794184][ T789] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 278.882480][ T789] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 278.912539][ T6843] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:00fc with DS=0xf [ 279.218982][ T6848] loop1: detected capacity change from 0 to 1024 [ 279.264342][ T6848] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 279.289577][ T6848] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 279.312360][ T6848] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 279.366214][ T6848] EXT4-fs error (device loop1): ext4_get_journal_inode:5820: inode #5: comm syz.1.270: unexpected bad inode w/o EXT4_IGET_BAD [ 279.412672][ T6848] EXT4-fs (loop1): no journal found [ 279.426710][ T6848] EXT4-fs (loop1): can't get journal size [ 279.455014][ T6848] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 279.623260][ T6848] EXT4-fs error (device loop1): __ext4_remount:6756: comm syz.1.270: Abort forced by user [ 279.668074][ T6848] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 279.690181][ T6848] EXT4-fs error (device loop1): ext4_inlinedir_to_tree:1430: inode #12: block 16: comm syz.1.270: path /72/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=20, inode=13, rec_len=16, size=60 fake=0 [ 279.835246][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.473178][ T6854] loop1: detected capacity change from 0 to 512 [ 280.588922][ T6854] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 280.644461][ T6854] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 280.809521][ T6865] netlink: 28 bytes leftover after parsing attributes in process `syz.0.274'. [ 280.899039][ T6854] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 281.750247][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 281.784909][ T6870] loop2: detected capacity change from 0 to 1024 [ 281.841763][ T6870] EXT4-fs: Ignoring removed bh option [ 281.919952][ T6870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 281.987279][ T6876] loop0: detected capacity change from 0 to 512 [ 282.005183][ T6870] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 282.048255][ T6876] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 282.070522][ T6876] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 282.115346][ T6876] EXT4-fs error (device loop0): ext4_orphan_get:1430: comm syz.0.278: bad orphan inode 131083 [ 282.156326][ T6876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 282.194096][ T6873] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 282.238151][ T27] audit: type=1800 audit(1776045079.852:24): pid=6876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.278" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 282.334356][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.436909][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.834941][ T6892] xt_hashlimit: size too large, truncated to 1048576 [ 282.856220][ T6890] netlink: 28 bytes leftover after parsing attributes in process `syz.0.283'. [ 282.916863][ T6893] –: renamed from vxcan1 (while UP) [ 283.220146][ T6901] loop3: detected capacity change from 0 to 256 [ 283.491993][ T6905] loop3: detected capacity change from 0 to 128 [ 283.689183][ T6908] syz.1.291: attempt to access beyond end of device [ 283.689183][ T6908] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 283.703490][ T6908] EXT4-fs (loop3): unable to read superblock [ 283.757501][ T6909] loop3: detected capacity change from 0 to 1764 [ 283.895253][ T6911] loop1: detected capacity change from 0 to 1024 [ 283.943350][ T6911] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 283.994312][ T6911] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.072203][ T6911] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.181151][ T27] audit: type=1800 audit(1776045081.792:25): pid=6911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.292" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 284.278424][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 285.756935][ T6949] loop1: detected capacity change from 0 to 128 [ 286.119395][ T6955] loop0: detected capacity change from 0 to 1024 [ 286.151731][ T6956] loop1: detected capacity change from 0 to 1024 [ 286.169862][ T6956] EXT4-fs: Ignoring removed bh option [ 286.193031][ T6955] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 286.251830][ T6956] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 286.329029][ T6956] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 286.429409][ T6956] EXT4-fs error (device loop1): ext4_check_all_de:666: inode #12: block 7: comm syz.1.310: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 286.510029][ T6956] EXT4-fs (loop1): Remounting filesystem read-only [ 286.649238][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.944646][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.481158][ T6990] loop0: detected capacity change from 0 to 256 [ 289.758593][ T6992] loop1: detected capacity change from 0 to 764 [ 290.136825][ T7002] syzkaller0: entered promiscuous mode [ 290.156466][ T7002] syzkaller0: entered allmulticast mode [ 290.262305][ T7004] loop0: detected capacity change from 0 to 512 [ 290.378757][ T7004] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 290.588498][ T7004] EXT4-fs (loop0): 1 orphan inode deleted [ 290.637397][ T7004] EXT4-fs (loop0): 1 truncate cleaned up [ 290.683692][ T7004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.796880][ T6999] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1430: inode #12: block 7: comm syz.0.326: path /83/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 290.867749][ T6999] EXT4-fs (loop0): Remounting filesystem read-only [ 291.072020][ T7017] ref_ctr_offset mismatch. inode: 0x1e6 offset: 0x0 ref_ctr_offset(old): 0x14 ref_ctr_offset(new): 0x0 [ 291.189930][ T7015] loop2: detected capacity change from 0 to 512 [ 291.235892][ T7015] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 291.271119][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.333048][ T7015] EXT4-fs (loop2): 1 truncate cleaned up [ 291.375893][ T7015] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 291.435228][ T7025] loop3: detected capacity change from 0 to 512 [ 291.454187][ T7025] EXT4-fs: Ignoring removed mblk_io_submit option [ 291.507282][ T7030] loop0: detected capacity change from 0 to 128 [ 291.685725][ T7025] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6 [ 291.761820][ T7025] loop3: detected capacity change from 0 to 256 [ 291.904878][ T7037] veth0_virt_wifi: entered allmulticast mode [ 291.956908][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.096667][ T7041] netlink: 164 bytes leftover after parsing attributes in process `syz.3.343'. [ 292.182455][ T7043] loop1: detected capacity change from 0 to 2048 [ 292.216802][ T7043] EXT4-fs: Ignoring removed i_version option [ 292.283721][ T7043] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 292.343353][ T7043] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.513957][ T27] audit: type=1800 audit(1776045090.122:26): pid=7043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.345" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 292.515273][ T7056] loop0: detected capacity change from 0 to 512 [ 292.579860][ T7058] loop3: detected capacity change from 0 to 128 [ 292.632243][ T7060] netlink: 24 bytes leftover after parsing attributes in process `syz.2.351'. [ 292.647297][ T5783] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 292.689672][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.718870][ T7058] syz.3.350: attempt to access beyond end of device [ 292.718870][ T7058] loop3: rw=2049, sector=138, nr_sectors = 2 limit=128 [ 292.744416][ T7058] Buffer I/O error on dev loop3, logical block 69, lost async page write [ 292.788426][ T7058] syz.3.350: attempt to access beyond end of device [ 292.788426][ T7058] loop3: rw=2049, sector=140, nr_sectors = 2 limit=128 [ 292.812311][ T7058] Buffer I/O error on dev loop3, logical block 70, lost async page write [ 292.843507][ T7058] syz.3.350: attempt to access beyond end of device [ 292.843507][ T7058] loop3: rw=2049, sector=142, nr_sectors = 2 limit=128 [ 292.894367][ T7058] Buffer I/O error on dev loop3, logical block 71, lost async page write [ 293.027526][ T5836] kernel write not supported for file /input/event2 (pid: 5836 comm: kworker/0:5) [ 293.049740][ T7067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.353'. [ 293.130154][ T7071] loop0: detected capacity change from 0 to 512 [ 293.146222][ T7071] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 293.162463][ T7067] sctp: [Deprecated]: syz.2.353 (pid 7067) Use of struct sctp_assoc_value in delayed_ack socket option. [ 293.162463][ T7067] Use struct sctp_sack_info instead [ 293.209236][ T7071] EXT4-fs error (device loop0): ext4_orphan_get:1404: inode #15: comm syz.0.356: iget: bad i_size value: 38620345925642 [ 293.247001][ T7072] sctp: [Deprecated]: syz.2.353 (pid 7072) Use of struct sctp_assoc_value in delayed_ack socket option. [ 293.247001][ T7072] Use struct sctp_sack_info instead [ 293.282573][ T7075] loop3: detected capacity change from 0 to 512 [ 293.303554][ T7071] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.356: couldn't read orphan inode 15 (err -117) [ 293.354310][ T7075] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 293.362966][ T7071] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.375967][ T7075] EXT4-fs (loop3): SIPHASH is not a valid default hash value [ 293.398368][ T7070] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.356: bg 0: block 5: invalid block bitmap [ 293.501090][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.803822][ T7088] program syz.2.363 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 294.071878][ T7090] loop0: detected capacity change from 0 to 8192 [ 294.083854][ T7090] FAT-fs (loop0): bogus number of directory entries (249) [ 294.091902][ T7090] FAT-fs (loop0): Can't find a valid FAT filesystem [ 294.252164][ T7101] netlink: 4 bytes leftover after parsing attributes in process `syz.2.369'. [ 294.340402][ T7103] EXT4-fs: Ignoring removed mblk_io_submit option [ 294.418886][ T7103] ------------[ cut here ]------------ [ 294.424914][ T7103] EA inode 11 i_nlink=2 [ 294.446715][ T7103] WARNING: CPU: 0 PID: 7103 at fs/ext4/xattr.c:1059 ext4_xattr_inode_update_ref+0x53c/0x590 [ 294.461336][ T7103] Modules linked in: [ 294.465298][ T7103] CPU: 0 PID: 7103 Comm: syz.0.370 Not tainted syzkaller #0 [ 294.472856][ T7103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 294.483200][ T7103] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 294.489905][ T7103] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 65 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 34 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 7e d5 3f 08 [ 294.509766][ T7103] RSP: 0018:ffffc9000439f2e0 EFLAGS: 00010246 [ 294.515909][ T7103] RAX: dff8e963dd1e4100 RBX: 0000000000000002 RCX: 0000000000080000 [ 294.523994][ T7103] RDX: ffffc900051e9000 RSI: 0000000000035a52 RDI: 0000000000035a53 [ 294.533548][ T7103] RBP: ffffc9000439f3d0 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 294.541957][ T7103] R10: dffffc0000000000 R11: ffffed10171e5183 R12: dffffc0000000000 [ 294.550100][ T7103] R13: ffff88805980e8a8 R14: ffff88805980e6b0 R15: ffff88805980e700 [ 294.558261][ T7103] FS: 00007f9269ace6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 294.567372][ T7103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 294.574075][ T7103] CR2: 00007f39a5e10000 CR3: 000000003089d000 CR4: 00000000003506f0 [ 294.582251][ T7103] Call Trace: [ 294.585600][ T7103] [ 294.588678][ T7103] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 294.594435][ T7103] ? __ext4_journal_ensure_credits+0x30/0x450 [ 294.600644][ T7103] ext4_xattr_inode_dec_ref_all+0x9a6/0x1040 [ 294.607444][ T7103] ? ext4_xattr_delete_inode+0xd10/0xd10 [ 294.613171][ T7103] ? __ext4_journal_ensure_credits+0x450/0x450 [ 294.619789][ T7103] ext4_xattr_delete_inode+0xb3e/0xd10 [ 294.625341][ T7103] ? up_write+0x1c3/0x410 [ 294.630999][ T7103] ? ext4_expand_extra_isize_ea+0x1e80/0x1e80 [ 294.637528][ T7103] ext4_evict_inode+0xaaf/0xea0 [ 294.642460][ T7103] ? _raw_spin_unlock+0x28/0x40 [ 294.647468][ T7103] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 294.653439][ T7103] ? do_raw_spin_unlock+0x121/0x230 [ 294.658779][ T7103] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 294.664854][ T7103] evict+0x4ca/0x8d0 [ 294.668934][ T7103] ? proc_nr_inodes+0x230/0x230 [ 294.673882][ T7103] ? do_raw_spin_unlock+0x121/0x230 [ 294.679215][ T7103] ? _raw_spin_unlock+0x28/0x40 [ 294.684126][ T7103] ? iput+0x706/0x920 [ 294.688271][ T7103] ext4_orphan_cleanup+0xbec/0x1420 [ 294.693550][ T7103] ? ext4_orphan_del+0xbf0/0xbf0 [ 294.698708][ T7103] ? ext4_register_li_request+0x183/0x940 [ 294.704680][ T7103] ? errseq_check_and_advance+0x66/0x120 [ 294.710486][ T7103] ext4_fill_super+0x5eea/0x67b0 [ 294.715534][ T7103] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 294.722031][ T7103] ? __might_sleep+0xe0/0xe0 [ 294.726776][ T7103] ? read_lock_is_recursive+0x20/0x20 [ 294.733558][ T7103] ? snprintf+0xe9/0x140 [ 294.738171][ T7103] ? down_read_killable+0x340/0x340 [ 294.743448][ T7103] ? setup_bdev_super+0x56b/0x660 [ 294.748629][ T7103] get_tree_bdev+0x3f3/0x520 [ 294.753283][ T7103] ? vfs_parse_fs_string+0x170/0x170 [ 294.758731][ T7103] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 294.765078][ T7103] ? setup_bdev_super+0x660/0x660 [ 294.770257][ T7103] ? apparmor_capable+0x137/0x1a0 [ 294.775361][ T7103] ? bpf_lsm_capable+0x9/0x10 [ 294.780157][ T7103] ? security_capable+0x89/0xb0 [ 294.785098][ T7103] vfs_get_tree+0x8c/0x280 [ 294.789659][ T7103] do_new_mount+0x24b/0xa40 [ 294.794233][ T7103] __se_sys_mount+0x2e7/0x3d0 [ 294.799055][ T7103] ? __x64_sys_mount+0xc0/0xc0 [ 294.803975][ T7103] ? lockdep_hardirqs_on+0x98/0x150 [ 294.809369][ T7103] ? __x64_sys_mount+0x20/0xc0 [ 294.814205][ T7103] do_syscall_64+0x55/0xa0 [ 294.818739][ T7103] ? clear_bhb_loop+0x40/0x90 [ 294.823487][ T7103] ? clear_bhb_loop+0x40/0x90 [ 294.828334][ T7103] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 294.835531][ T7103] RIP: 0033:0x7f9268b9da8a [ 294.840340][ T7103] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 294.860109][ T7103] RSP: 002b:00007f9269acde58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 294.868736][ T7103] RAX: ffffffffffffffda RBX: 00007f9269acdee0 RCX: 00007f9268b9da8a [ 294.876853][ T7103] RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007f9269acdea0 [ 294.884884][ T7103] RBP: 00002000000009c0 R08: 00007f9269acdee0 R09: 0000000000800718 [ 294.893001][ T7103] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 [ 294.901087][ T7103] R13: 00007f9269acdea0 R14: 000000000000048d R15: 0000200000000200 [ 294.909208][ T7103] [ 294.912296][ T7103] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 294.919612][ T7103] CPU: 0 PID: 7103 Comm: syz.0.370 Not tainted syzkaller #0 [ 294.926928][ T7103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 294.937013][ T7103] Call Trace: [ 294.940579][ T7103] [ 294.943624][ T7103] dump_stack_lvl+0x18c/0x250 [ 294.948343][ T7103] ? show_regs_print_info+0x20/0x20 [ 294.953600][ T7103] ? load_image+0x420/0x420 [ 294.958145][ T7103] panic+0x2dc/0x730 [ 294.962071][ T7103] ? bpf_jit_dump+0xd0/0xd0 [ 294.966622][ T7103] __warn+0x2e0/0x470 [ 294.970731][ T7103] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 294.976756][ T7103] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 294.982789][ T7103] report_bug+0x2be/0x4f0 [ 294.987152][ T7103] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 294.993166][ T7103] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 294.999178][ T7103] ? ext4_xattr_inode_update_ref+0x53e/0x590 [ 295.005197][ T7103] handle_bug+0xcf/0x120 [ 295.009465][ T7103] exc_invalid_op+0x1a/0x50 [ 295.014021][ T7103] asm_exc_invalid_op+0x1a/0x20 [ 295.018920][ T7103] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 295.025566][ T7103] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 65 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 34 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 7e d5 3f 08 [ 295.045292][ T7103] RSP: 0018:ffffc9000439f2e0 EFLAGS: 00010246 [ 295.051394][ T7103] RAX: dff8e963dd1e4100 RBX: 0000000000000002 RCX: 0000000000080000 [ 295.059394][ T7103] RDX: ffffc900051e9000 RSI: 0000000000035a52 RDI: 0000000000035a53 [ 295.067392][ T7103] RBP: ffffc9000439f3d0 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 295.075389][ T7103] R10: dffffc0000000000 R11: ffffed10171e5183 R12: dffffc0000000000 [ 295.083382][ T7103] R13: ffff88805980e8a8 R14: ffff88805980e6b0 R15: ffff88805980e700 [ 295.091402][ T7103] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 295.097103][ T7103] ? __ext4_journal_ensure_credits+0x30/0x450 [ 295.103233][ T7103] ext4_xattr_inode_dec_ref_all+0x9a6/0x1040 [ 295.109262][ T7103] ? ext4_xattr_delete_inode+0xd10/0xd10 [ 295.114933][ T7103] ? __ext4_journal_ensure_credits+0x450/0x450 [ 295.121138][ T7103] ext4_xattr_delete_inode+0xb3e/0xd10 [ 295.126646][ T7103] ? up_write+0x1c3/0x410 [ 295.131014][ T7103] ? ext4_expand_extra_isize_ea+0x1e80/0x1e80 [ 295.137169][ T7103] ext4_evict_inode+0xaaf/0xea0 [ 295.142055][ T7103] ? _raw_spin_unlock+0x28/0x40 [ 295.146951][ T7103] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 295.152877][ T7103] ? do_raw_spin_unlock+0x121/0x230 [ 295.158109][ T7103] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 295.164032][ T7103] evict+0x4ca/0x8d0 [ 295.167963][ T7103] ? proc_nr_inodes+0x230/0x230 [ 295.172843][ T7103] ? do_raw_spin_unlock+0x121/0x230 [ 295.178086][ T7103] ? _raw_spin_unlock+0x28/0x40 [ 295.182982][ T7103] ? iput+0x706/0x920 [ 295.187006][ T7103] ext4_orphan_cleanup+0xbec/0x1420 [ 295.192273][ T7103] ? ext4_orphan_del+0xbf0/0xbf0 [ 295.197258][ T7103] ? ext4_register_li_request+0x183/0x940 [ 295.203007][ T7103] ? errseq_check_and_advance+0x66/0x120 [ 295.208723][ T7103] ext4_fill_super+0x5eea/0x67b0 [ 295.213741][ T7103] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 295.220018][ T7103] ? __might_sleep+0xe0/0xe0 [ 295.224642][ T7103] ? read_lock_is_recursive+0x20/0x20 [ 295.230042][ T7103] ? snprintf+0xe9/0x140 [ 295.234327][ T7103] ? down_read_killable+0x340/0x340 [ 295.239562][ T7103] ? setup_bdev_super+0x56b/0x660 [ 295.244621][ T7103] get_tree_bdev+0x3f3/0x520 [ 295.249242][ T7103] ? vfs_parse_fs_string+0x170/0x170 [ 295.254560][ T7103] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 295.260834][ T7103] ? setup_bdev_super+0x660/0x660 [ 295.265886][ T7103] ? apparmor_capable+0x137/0x1a0 [ 295.270947][ T7103] ? bpf_lsm_capable+0x9/0x10 [ 295.275667][ T7103] ? security_capable+0x89/0xb0 [ 295.280563][ T7103] vfs_get_tree+0x8c/0x280 [ 295.285012][ T7103] do_new_mount+0x24b/0xa40 [ 295.289555][ T7103] __se_sys_mount+0x2e7/0x3d0 [ 295.294267][ T7103] ? __x64_sys_mount+0xc0/0xc0 [ 295.299059][ T7103] ? lockdep_hardirqs_on+0x98/0x150 [ 295.304281][ T7103] ? __x64_sys_mount+0x20/0xc0 [ 295.309078][ T7103] do_syscall_64+0x55/0xa0 [ 295.313519][ T7103] ? clear_bhb_loop+0x40/0x90 [ 295.318229][ T7103] ? clear_bhb_loop+0x40/0x90 [ 295.322938][ T7103] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 295.328878][ T7103] RIP: 0033:0x7f9268b9da8a [ 295.333340][ T7103] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.353078][ T7103] RSP: 002b:00007f9269acde58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 295.361526][ T7103] RAX: ffffffffffffffda RBX: 00007f9269acdee0 RCX: 00007f9268b9da8a [ 295.369521][ T7103] RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007f9269acdea0 [ 295.377692][ T7103] RBP: 00002000000009c0 R08: 00007f9269acdee0 R09: 0000000000800718 [ 295.385698][ T7103] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 [ 295.393703][ T7103] R13: 00007f9269acdea0 R14: 000000000000048d R15: 0000200000000200 [ 295.401732][ T7103] [ 295.405453][ T7103] Kernel Offset: disabled [ 295.409913][ T7103] Rebooting in 86400 seconds..