last executing test programs: 2m8.499756939s ago: executing program 3 (id=18): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a40)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000540)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x1e, 0x805, 0x0) connect$tipc(r4, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(r4) 2m2.004123425s ago: executing program 3 (id=26): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) mremap(&(0x7f0000aeb000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) capset(0x0, 0x0) socket(0x2, 0x3, 0xff) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r4, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000c41000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f00004c3000/0x3000)=nil) r5 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x3}) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r5, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0) read$dsp(r6, &(0x7f0000000200)=""/168, 0xa8) 1m58.991182572s ago: executing program 3 (id=31): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002f80)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$unix(0x1, 0x5, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, &(0x7f0000000000)=0xc, 0x4) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x98, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4, 0x200], [0x0, 0x8, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xa040, 0x168, 0x0, 0x0, 0x0, 0x9a]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x10000001}]}}]}, 0x98}}, 0x0) 1m55.630266701s ago: executing program 3 (id=35): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) r1 = dup(r0) write$uinput_user_dev(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() syz_create_resource$binfmt(&(0x7f0000000e40)='./file0\x00') execve(&(0x7f0000001040)='./file0\x00', 0x0, &(0x7f0000000040)={[0x0]}) r5 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r5, &(0x7f0000000200)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x2, @remote}}, 0x24) sendmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) 1m53.546230283s ago: executing program 3 (id=38): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a40)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000540)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x1e, 0x805, 0x0) connect$tipc(r4, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(r4) 1m52.14798602s ago: executing program 3 (id=40): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a40)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000540)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x1e, 0x805, 0x0) connect$tipc(r4, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(r4) 1m37.017046955s ago: executing program 32 (id=40): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a40)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000540)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x1e, 0x805, 0x0) connect$tipc(r4, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(r4) 2.628555285s ago: executing program 2 (id=832): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000640)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_UPDATE_FT_IES(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x20, 0x0, 0x4, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x80000000, 0x80}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4404c) 2.546696156s ago: executing program 2 (id=836): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) syz_open_procfs(0x0, &(0x7f00000000c0)='clear_refs\x00') madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 2.072125638s ago: executing program 1 (id=850): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=r2, @ANYBLOB="0000000000800200380012800b0001006272696467650000280002800c002300fbffffffffffffff05002400000000010500240001000000060027"], 0x58}}, 0x0) io_submit(0x0, 0x1, &(0x7f0000000080)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1004, 0xffffffffffffffff, 0x0, 0x0, 0x8000, 0x0, 0x2}]) 1.86709997s ago: executing program 1 (id=854): socket$netlink(0x10, 0x3, 0xe) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000700), 0x2, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) wait4(r0, 0x0, 0x20000000, 0x0) 1.689740721s ago: executing program 2 (id=856): socket$netlink(0x10, 0x3, 0x0) r0 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x0, 0x41, 0x0, 0x0) 1.603076641s ago: executing program 1 (id=858): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000980)=ANY=[@ANYBLOB="001501080000e4"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000b80)={0x34, &(0x7f0000000100)={0x40, 0xf, 0x1, '$'}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 1.022942484s ago: executing program 1 (id=875): r0 = syz_usb_connect$cdc_ncm(0x2, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12015001020000402505a1a44000010203010902640002010030000904000001020d0000052406000105240000000d240f01fdffffff000008000006241a00000808241cff000a02000905810340000000000904010000020d00000904010102420d000009058202100000000009050302"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 786.290515ms ago: executing program 5 (id=882): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = syz_io_uring_setup(0x23b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) 710.827016ms ago: executing program 5 (id=884): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x4c080}, 0x4000000) 658.597626ms ago: executing program 4 (id=886): r0 = fsopen(&(0x7f0000000040)='devpts\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 639.322686ms ago: executing program 4 (id=887): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x5, 0x2, 0x1, "444900e1b0faa9b0071c937f7f00002e0c0000f507247eff0f0000c39b00", 0x64737664}) 628.891506ms ago: executing program 5 (id=888): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000000)=0x7) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) 555.137937ms ago: executing program 4 (id=889): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x10000000000a, 0x2) write(r0, 0x0, 0x0) 554.883987ms ago: executing program 5 (id=890): r0 = socket(0xa, 0x3, 0x6) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') 542.837057ms ago: executing program 4 (id=891): r0 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000380)={&(0x7f0000000040)={0x1b, 0x0, @remote}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) 535.278867ms ago: executing program 5 (id=892): socket$nl_route(0x10, 0x3, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$xdp(0x2c, 0x3, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x801, 0x0) socket$alg(0x26, 0x5, 0x0) socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000030400000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="7fff000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r1], 0x44}}, 0x0) 455.124448ms ago: executing program 4 (id=893): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x80, 0x7fff0000}]}) syz_mount_image$fuse(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0xc00, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}}, 0x0, 0x0, 0x0) 454.971958ms ago: executing program 1 (id=894): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0x80}}, 0x0) r0 = socket(0x1d, 0x2, 0x6) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x6a, 0x5, 0x20000002, 0x3) 414.520328ms ago: executing program 4 (id=895): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000001c0), 0x2) read(r0, &(0x7f0000000280)=""/248, 0xf8) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000200), 0x2) 406.025228ms ago: executing program 1 (id=896): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000300)='GPL\x00', 0x8, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 314.981868ms ago: executing program 0 (id=897): r0 = socket(0x2, 0x3, 0xff) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[], 0xfdef) 307.561218ms ago: executing program 0 (id=898): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x103700, 0x0) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f0000000040)=0x8) 291.724998ms ago: executing program 5 (id=899): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8) r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) syz_usb_connect(0x6, 0x137, &(0x7f0000000300)={{0x12, 0x1, 0x250, 0x13, 0x15, 0xd1, 0x20, 0x66b, 0x20f9, 0xf040, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x125, 0x1, 0x1, 0x10, 0x40, 0x9, [{{0x9, 0x4, 0xe2, 0x1, 0x5, 0x7e, 0x8c, 0x8f, 0x9, [], [{{0x9, 0x5, 0xd, 0x4, 0x3ff, 0xff, 0x0, 0x2, [@generic={0xd1, 0x2a, "9428396419763ac68f96845acad86936bec066f19a969f13f446427ce62820ce86cdd82b614ad729ae6207cf2738bdca1190ecca091395cbf117290cc336f76b1ba71e6597cf89b81d552adae619a93f06ea291e9375e557be2f3ea8eaee6579e6ae108e9475d3d3a63f6847d5797c48f8a2bb589a97d6cd6dee9262614035c957359683c66c1e13cf833210a5a31937b1ade02de4c64dc9a1c40518399abe2e948be6b12a3329021fc832fdc1389d49519b08c01c87abc02c5dcbe6e4ff45f83c8d92992a2b68600e5d7d501b19e5"}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x1, 0x2}]}}, {{0x9, 0x5, 0xf, 0x2, 0x740, 0x3, 0xa, 0x4}}, {{0x9, 0x5, 0x2, 0x1b, 0x20, 0x9, 0x5, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x4, 0x9}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x5}]}}, {{0x9, 0x5, 0x9, 0x12, 0x8, 0xd, 0x7f, 0xdd}}, {{0x9, 0x5, 0x7, 0x10, 0x40, 0x4, 0xff, 0x5}}]}}]}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x959c20e7b8f01757, &(0x7f0000000400)=ANY=[]) syz_usb_control_io(r0, 0x0, 0x0) 211.034868ms ago: executing program 2 (id=900): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0xff7f, 0x0, {0x0, 0x0, 0x0, r2, 0x40000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, r2, 0x60044, 0x42242}}}}}}]}, 0x48}}, 0x0) 210.897409ms ago: executing program 0 (id=901): bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r0 = syz_io_uring_setup(0x32d5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_LINK_TIMEOUT={0xf, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, {0x0, r3}}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) r5 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r5, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r5, &(0x7f0000000000), 0x10) r6 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r6, 0x65, 0x1, &(0x7f0000000080), 0x1d0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_pts(r7, 0x80000) setsockopt$CAN_RAW_ERR_FILTER(r5, 0x65, 0x2, &(0x7f0000001040)=0x7, 0x4) bind$can_raw(r6, &(0x7f00000001c0), 0x10) dup3(r4, r5, 0x0) 191.915059ms ago: executing program 0 (id=902): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000002640)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000480)={0x2020}, 0x2020) 148.682179ms ago: executing program 0 (id=903): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x10001) socket(0x40000000015, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502ffffffa100001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x4c}, 0x1, 0xba01}, 0x0) 91.12478ms ago: executing program 2 (id=904): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 45.46576ms ago: executing program 2 (id=905): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x57}, 0x0) getpid() connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x4, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6}) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=906): syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="0434"], 0x6) kernel console output (not intermixed with test programs): V_CHANGE): wlan1: link becomes ready [ 60.521759][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.523662][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.526358][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.696289][ T4149] loop1: detected capacity change from 0 to 40427 [ 60.825636][ T4152] loop0: detected capacity change from 0 to 40427 [ 61.033337][ T4149] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 61.035331][ T4149] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 61.049024][ T4152] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 61.050796][ T4152] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 62.183079][ T4149] F2FS-fs (loop1): Found nat_bits in checkpoint [ 62.183079][ T4152] F2FS-fs (loop0): Found nat_bits in checkpoint [ 62.248292][ T4149] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 62.250210][ T4149] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 62.253852][ T4152] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 62.255690][ T4152] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 65.300381][ T4194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21'. [ 68.734573][ T4208] loop4: detected capacity change from 0 to 128 [ 68.972481][ T4208] FAT-fs (loop4): Unrecognized mount option "±_±3}K]Ú;&check=relaxed" or missing value [ 69.049707][ T4215] Zero length message leads to an empty skb [ 71.024120][ T2056] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.026029][ T2056] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.143904][ T227] block nbd0: Attempted send on invalid socket [ 72.146043][ T227] blk_update_request: I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 72.149170][ T4231] isofs_fill_super: bread failed, dev=nbd0, iso_blknum=16, block=32 [ 72.892218][ T4232] loop4: detected capacity change from 0 to 512 [ 73.685316][ T4232] EXT4-fs (loop4): Ignoring removed orlov option [ 73.686857][ T4232] EXT4-fs (loop4): quotafile must be on filesystem root [ 74.772371][ T7] cfg80211: failed to load regulatory.db [ 74.842921][ T4239] usb usb7: usbfs: process 4239 (syz.2.34) did not claim interface 0 before use [ 74.880656][ T4235] loop0: detected capacity change from 0 to 40427 [ 74.996243][ T4235] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 74.998072][ T4235] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 75.092038][ T4235] F2FS-fs (loop0): Found nat_bits in checkpoint [ 79.014802][ T4275] loop2: detected capacity change from 0 to 40427 [ 79.321634][ T4275] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 79.323370][ T4275] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 79.517957][ T4275] F2FS-fs (loop2): Found nat_bits in checkpoint [ 79.545253][ T4275] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 79.546866][ T4275] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 82.204907][ T4302] loop1: detected capacity change from 0 to 128 [ 82.305599][ T4302] FAT-fs (loop1): Unrecognized mount option "±_±3}K]Ú;&check=relaxed" or missing value [ 83.794957][ T4315] netlink: 4 bytes leftover after parsing attributes in process `syz.0.52'. [ 90.397514][ T4346] loop4: detected capacity change from 0 to 40427 [ 92.515084][ T4346] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 92.517048][ T4346] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 93.650919][ T4346] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-4) [ 93.783350][ T4363] loop0: detected capacity change from 0 to 40427 [ 93.856451][ T4363] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 93.858277][ T4363] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 94.795048][ T4363] F2FS-fs (loop0): Found nat_bits in checkpoint [ 94.815862][ T4363] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 94.817440][ T4363] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 95.300084][ T4385] loop2: detected capacity change from 0 to 128 [ 99.243579][ T4163] Bluetooth: hci5: command 0x0409 tx timeout [ 99.444562][ T4385] FAT-fs (loop2): Unrecognized mount option "±_±3}K]Ú;&check=relaxed" or missing value [ 101.148363][ T4406] loop2: detected capacity change from 0 to 512 [ 101.620431][ T25] Bluetooth: hci5: command 0x041b tx timeout [ 102.828478][ T4420] loop0: detected capacity change from 0 to 256 [ 104.051715][ T4014] Bluetooth: hci5: command 0x040f tx timeout [ 104.133818][ T4392] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.410656][ T4392] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.916827][ T4392] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.036095][ T4440] loop4: detected capacity change from 0 to 40427 [ 106.047006][ T4392] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.091981][ T4440] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 106.093949][ T4440] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 106.105382][ T4440] F2FS-fs (loop4): Found nat_bits in checkpoint [ 106.111647][ T4163] Bluetooth: hci5: command 0x0419 tx timeout [ 106.126027][ T4440] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 106.128183][ T4440] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 106.234713][ T4377] chnl_net:caif_netlink_parms(): no params data found [ 106.782775][ T4377] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.786694][ T4429] loop0: detected capacity change from 0 to 32768 [ 106.790260][ T4377] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.792797][ T4377] device bridge_slave_0 entered promiscuous mode [ 106.796791][ T4377] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.798467][ T4377] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.800924][ T4377] device bridge_slave_1 entered promiscuous mode [ 106.833249][ T4377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.846396][ T4377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.868213][ T4429] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 106.870277][ T4429] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 106.931746][ T4429] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 106.939489][ T4377] team0: Port device team_slave_0 added [ 106.947402][ T4183] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 106.948619][ T4377] team0: Port device team_slave_1 added [ 106.949105][ T4183] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 107.086508][ T4183] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 137ms [ 107.094637][ T4183] gfs2: fsid=syz:syz.0: jid=0: Done [ 107.104676][ T4429] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 107.112930][ T4429] gfs2: fsid=syz:syz.0: can't start logd thread: -4 [ 108.155391][ T4377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.157194][ T4377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.190816][ T4377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.205796][ T4377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.207445][ T4377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.295565][ T4377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.668800][ T4472] loop4: detected capacity change from 0 to 40427 [ 108.744611][ T4472] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 108.746270][ T4472] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 108.777289][ T4472] F2FS-fs (loop4): Found nat_bits in checkpoint [ 108.801789][ T4472] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 108.803541][ T4472] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 108.813228][ T4377] device hsr_slave_0 entered promiscuous mode [ 108.968423][ T4377] device hsr_slave_1 entered promiscuous mode [ 108.982311][ T4477] loop0: detected capacity change from 0 to 4096 [ 109.031260][ T4377] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.033909][ T4377] Cannot create hsr debugfs directory [ 109.037280][ T4477] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 109.129815][ T4468] loop2: detected capacity change from 0 to 32768 [ 109.267529][ T4468] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.89 (4468) [ 109.427896][ T4468] BTRFS info (device loop2): using sha256 (sha256-ce) checksum algorithm [ 109.430026][ T4468] BTRFS info (device loop2): using free space tree [ 109.451064][ T4468] BTRFS info (device loop2): has skinny extents [ 109.461049][ T26] audit: type=1326 audit(109.410:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4476 comm="syz.0.87" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb3dfa328 code=0x0 [ 109.643133][ T4493] loop1: detected capacity change from 0 to 8192 [ 109.825314][ T4493] ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 109.827421][ T4493] ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 109.830122][ T4493] ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume. [ 110.664151][ T4377] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 110.759359][ T4377] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 110.765678][ T4468] BTRFS info (device loop2): enabling ssd optimizations [ 110.852939][ T4377] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 110.873878][ T4377] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 110.888161][ T4523] FAULT_INJECTION: forcing a failure. [ 110.888161][ T4523] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 110.919557][ T4523] CPU: 1 PID: 4523 Comm: syz.1.94 Not tainted 5.15.173-syzkaller #0 [ 110.921590][ T4523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 110.923776][ T4523] Call trace: [ 110.924509][ T4523] dump_backtrace+0x0/0x530 [ 110.925516][ T4523] show_stack+0x2c/0x3c [ 110.926452][ T4523] dump_stack_lvl+0x108/0x170 [ 110.927449][ T4523] dump_stack+0x1c/0x58 [ 110.928337][ T4523] should_fail+0x3b8/0x514 [ 110.929354][ T4523] should_fail_alloc_page+0x74/0xa8 [ 110.930528][ T4523] prepare_alloc_pages+0x160/0x460 [ 110.931721][ T4523] __alloc_pages+0x138/0x674 [ 110.932755][ T4523] alloc_pages_vma+0x294/0x7c0 [ 110.933945][ T4523] alloc_zeroed_user_highpage_movable+0x9c/0xd8 [ 110.935442][ T4523] handle_mm_fault+0x1ee8/0x33a8 [ 110.936548][ T4523] do_page_fault+0x700/0xb60 [ 110.937673][ T4523] do_translation_fault+0xe8/0x138 [ 110.938866][ T4523] do_mem_abort+0x70/0x1d8 [ 110.940016][ T4523] el0_da+0x94/0x20c [ 110.940916][ T4523] el0t_64_sync_handler+0xc0/0xe4 [ 110.942059][ T4523] el0t_64_sync+0x1a0/0x1a4 [ 111.120312][ T4525] loop4: detected capacity change from 0 to 4096 [ 111.137336][ T4377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.160503][ T4377] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.180976][ T4523] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 111.250682][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.302603][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.328203][ T4535] loop2: detected capacity change from 0 to 40427 [ 111.342165][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.361805][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.371820][ T4344] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.373410][ T4344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.377331][ T4525] ntfs: volume version 3.1. [ 111.383516][ T4523] loop1: detected capacity change from 0 to 4096 [ 111.388058][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.396475][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.403480][ T4535] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 111.405336][ T4535] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 111.406659][ T4344] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.408993][ T4344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.426952][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 111.434276][ T4535] F2FS-fs (loop2): Found nat_bits in checkpoint [ 111.474655][ T4535] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 111.476363][ T4535] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 111.480777][ T4523] ntfs: volume version 3.1. [ 111.960986][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.967075][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 111.970588][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 112.002689][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.005433][ T4552] FAULT_INJECTION: forcing a failure. [ 112.005433][ T4552] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 112.008478][ T4552] CPU: 0 PID: 4552 Comm: syz.1.97 Not tainted 5.15.173-syzkaller #0 [ 112.010190][ T4552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 112.012243][ T4552] Call trace: [ 112.012851][ T4552] dump_backtrace+0x0/0x530 [ 112.013856][ T4552] show_stack+0x2c/0x3c [ 112.014796][ T4552] dump_stack_lvl+0x108/0x170 [ 112.015766][ T4552] dump_stack+0x1c/0x58 [ 112.016679][ T4552] should_fail+0x3b8/0x514 [ 112.017639][ T4552] should_fail_alloc_page+0x74/0xa8 [ 112.018744][ T4552] prepare_alloc_pages+0x160/0x460 [ 112.019828][ T4552] __alloc_pages+0x138/0x674 [ 112.020869][ T4552] alloc_pages_vma+0x294/0x7c0 [ 112.021894][ T4552] alloc_zeroed_user_highpage_movable+0x9c/0xd8 [ 112.023262][ T4552] handle_mm_fault+0x1ee8/0x33a8 [ 112.024415][ T4552] do_page_fault+0x700/0xb60 [ 112.025464][ T4552] do_translation_fault+0xe8/0x138 [ 112.026615][ T4552] do_mem_abort+0x70/0x1d8 [ 112.027587][ T4552] el0_da+0x94/0x20c [ 112.028441][ T4552] el0t_64_sync_handler+0xc0/0xe4 [ 112.029570][ T4552] el0t_64_sync+0x1a0/0x1a4 [ 112.032805][ T4552] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 112.051588][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.075725][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 112.078252][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 112.120125][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 112.123544][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 112.132174][ T4377] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 112.135045][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 112.148050][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 112.150397][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 112.230936][ T4552] loop1: detected capacity change from 0 to 128 [ 112.274071][ T4552] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 112.278771][ T4552] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 112.615410][ T4377] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.617226][ T4147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 112.618966][ T4147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 112.858030][ T4392] device hsr_slave_0 left promiscuous mode [ 112.902491][ T4392] device hsr_slave_1 left promiscuous mode [ 112.991780][ T4392] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.993596][ T4392] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.996619][ T4392] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.998390][ T4392] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.009105][ T4551] loop4: detected capacity change from 0 to 40427 [ 113.031490][ T4392] device bridge_slave_1 left promiscuous mode [ 113.034121][ T4392] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.067209][ T4551] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 113.068784][ T4551] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 113.075211][ T4392] device bridge_slave_0 left promiscuous mode [ 113.076752][ T4392] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.110525][ T4551] F2FS-fs (loop4): Found nat_bits in checkpoint [ 113.136589][ T4551] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 113.138413][ T4551] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 113.233479][ T4036] attempt to access beyond end of device [ 113.233479][ T4036] loop4: rw=2049, want=45104, limit=40427 [ 113.271399][ T4392] device veth1_macvtap left promiscuous mode [ 113.273134][ T4392] device veth0_macvtap left promiscuous mode [ 113.274517][ T4392] device veth1_vlan left promiscuous mode [ 113.275964][ T4392] device veth0_vlan left promiscuous mode [ 113.665536][ T4584] loop2: detected capacity change from 0 to 512 [ 114.965768][ T4592] loop2: detected capacity change from 0 to 512 [ 115.009755][ T4592] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 115.012643][ T4592] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 115.015444][ T4592] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 115.052973][ T4392] team0 (unregistering): Port device team_slave_1 removed [ 115.063537][ T4392] team0 (unregistering): Port device team_slave_0 removed [ 115.077469][ T4392] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.088380][ T4592] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 115.107068][ T4592] EXT4-fs (loop2): 1 truncate cleaned up [ 115.118898][ T4592] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,mblk_io_submit,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,noload,,errors=continue. Quota mode: none. [ 115.126162][ T4392] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.158729][ T4588] loop4: detected capacity change from 0 to 32768 [ 115.192947][ T4588] jfs: Unrecognized mount option "rootcontext=root" or missing value [ 115.427692][ T4392] bond0 (unregistering): Released all slaves [ 115.464914][ T4588] loop4: detected capacity change from 0 to 512 [ 115.492690][ T4588] ======================================================= [ 115.492690][ T4588] WARNING: The mand mount option has been deprecated and [ 115.492690][ T4588] and is ignored by this kernel. Remove the mand [ 115.492690][ T4588] option from the mount to silence this warning. [ 115.492690][ T4588] ======================================================= [ 115.593484][ T4588] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 115.648862][ T4588] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e802e12c, mo2=0042] [ 115.651678][ T4588] System zones: 1-12 [ 115.653434][ T4588] EXT4-fs (loop4): orphan cleanup on readonly fs [ 115.668896][ T4588] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.103: bg 0: block 361: padding at end of block bitmap is not set [ 115.681495][ T4588] EXT4-fs (loop4): Remounting filesystem read-only [ 115.682987][ T4588] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 115.685287][ T4588] EXT4-fs (loop4): Remounting filesystem read-only [ 115.686846][ T4588] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #11: comm syz.4.103: attempt to clear invalid blocks 33619980 len 1 [ 115.694578][ T4588] EXT4-fs (loop4): Remounting filesystem read-only [ 115.712593][ T4588] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.103: invalid indirect mapped block 1811939328 (level 0) [ 115.716240][ T4588] EXT4-fs (loop4): Remounting filesystem read-only [ 115.717708][ T4588] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.103: invalid indirect mapped block 2 (level 2) [ 115.751285][ T4588] EXT4-fs (loop4): Remounting filesystem read-only [ 115.761682][ T4588] EXT4-fs (loop4): 1 truncate cleaned up [ 115.763074][ T4588] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,dax=inode,discard,errors=remount-ro,inode_readahead_blks=0x0000000000000000. Quota mode: none. [ 116.080875][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 116.083573][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 116.095032][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 116.097398][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 116.099775][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 116.115661][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 116.122464][ T4377] device veth0_vlan entered promiscuous mode [ 116.154368][ T4377] device veth1_vlan entered promiscuous mode [ 116.225035][ T4601] loop2: detected capacity change from 0 to 40427 [ 116.234440][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 116.237101][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 116.239445][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 116.243113][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 116.261358][ T4377] device veth0_macvtap entered promiscuous mode [ 116.269278][ T4377] device veth1_macvtap entered promiscuous mode [ 116.293383][ T4601] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 116.295629][ T4601] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 116.303237][ C1] F2FS-fs (loop2) : inject read IO error in f2fs_read_end_io of bio_endio+0x780/0x7c4 [ 116.329879][ T4616] loop4: detected capacity change from 0 to 4096 [ 116.333047][ T4601] F2FS-fs (loop2) : inject kmalloc in f2fs_kmalloc of f2fs_build_segment_manager+0x94c/0x47b8 [ 116.335589][ T4601] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-12) [ 116.349142][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.356165][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.358566][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.377279][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.379542][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.387431][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.389646][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.401422][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.405395][ T4377] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.407460][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 116.410280][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 116.414310][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 116.420461][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 116.434299][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.436934][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.439173][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.442822][ T4616] ntfs: (device loop4): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 116.453766][ T4616] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 116.456483][ T4616] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 116.459142][ T4616] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 116.478824][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.481382][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.485914][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.488055][ T4377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.490334][ T4377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.495470][ T4616] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 116.505625][ T4616] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 116.508801][ T4616] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 116.533096][ T4377] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.541469][ T4616] ntfs: (device loop4): check_mft_mirror(): Failed to read $MFTMirr. [ 116.543562][ T4147] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 116.545824][ T4616] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 116.546210][ T4147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 116.551933][ T4616] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 116.562756][ T4601] loop2: detected capacity change from 0 to 4096 [ 116.567247][ T4377] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.569188][ T4377] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.573480][ T4377] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.575483][ T4377] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.593663][ T4616] ntfs: volume version 3.1. [ 116.726864][ T4601] loop2: detected capacity change from 0 to 2048 [ 116.816385][ T4601] NILFS (loop2): couldn't find nilfs on the device [ 116.819904][ T4112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.824108][ T4112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.829014][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 116.901472][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.903427][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.906887][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 116.961825][ T4611] loop0: detected capacity change from 0 to 32768 [ 116.975826][ T4601] loop2: detected capacity change from 0 to 2048 [ 117.001667][ T4601] UDF-fs: bad mount option "uid=00000000000000000000~;¯ùÝßp„" or missing value [ 117.266017][ T4601] loop2: detected capacity change from 0 to 256 [ 117.471598][ T4601] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 118.296691][ T4665] FAULT_INJECTION: forcing a failure. [ 118.296691][ T4665] name failslab, interval 1, probability 0, space 0, times 1 [ 118.299608][ T4665] CPU: 0 PID: 4665 Comm: syz.2.117 Not tainted 5.15.173-syzkaller #0 [ 118.301413][ T4665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 118.303745][ T4665] Call trace: [ 118.304438][ T4665] dump_backtrace+0x0/0x530 [ 118.305463][ T4665] show_stack+0x2c/0x3c [ 118.306421][ T4665] dump_stack_lvl+0x108/0x170 [ 118.307451][ T4665] dump_stack+0x1c/0x58 [ 118.308404][ T4665] should_fail+0x3b8/0x514 [ 118.309489][ T4665] __should_failslab+0xbc/0x110 [ 118.310593][ T4665] should_failslab+0x10/0x28 [ 118.310997][ T4662] FAULT_INJECTION: forcing a failure. [ 118.310997][ T4662] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 118.311632][ T4665] slab_pre_alloc_hook+0x64/0xe8 [ 118.315792][ T4665] kmem_cache_alloc+0x98/0x45c [ 118.316854][ T4665] getname_flags+0xd0/0x480 [ 118.317939][ T4665] getname+0x28/0x38 [ 118.318800][ T4665] do_sys_openat2+0xd4/0x3e0 [ 118.319831][ T4665] __arm64_sys_openat+0x1f0/0x240 [ 118.320959][ T4665] invoke_syscall+0x98/0x2b8 [ 118.322021][ T4665] el0_svc_common+0x138/0x258 [ 118.323148][ T4665] do_el0_svc+0x58/0x14c [ 118.324141][ T4665] el0_svc+0x7c/0x1f0 [ 118.324993][ T4665] el0t_64_sync_handler+0x84/0xe4 [ 118.326187][ T4665] el0t_64_sync+0x1a0/0x1a4 [ 118.327327][ C0] vkms_vblank_simulate: vblank timer overrun [ 118.351813][ T4662] CPU: 0 PID: 4662 Comm: syz.5.119 Not tainted 5.15.173-syzkaller #0 [ 118.353682][ T4662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 118.355963][ T4662] Call trace: [ 118.356704][ T4662] dump_backtrace+0x0/0x530 [ 118.357671][ T4662] show_stack+0x2c/0x3c [ 118.358687][ T4662] dump_stack_lvl+0x108/0x170 [ 118.359697][ T4662] dump_stack+0x1c/0x58 [ 118.360659][ T4662] should_fail+0x3b8/0x514 [ 118.361646][ T4662] should_fail_alloc_page+0x74/0xa8 [ 118.362783][ T4662] prepare_alloc_pages+0x160/0x460 [ 118.363858][ T4662] __alloc_pages+0x138/0x674 [ 118.364919][ T4662] alloc_pages_vma+0x294/0x7c0 [ 118.365980][ T4662] alloc_zeroed_user_highpage_movable+0x9c/0xd8 [ 118.367439][ T4662] handle_mm_fault+0x1ee8/0x33a8 [ 118.368567][ T4662] do_page_fault+0x700/0xb60 [ 118.369671][ T4662] do_translation_fault+0xe8/0x138 [ 118.370812][ T4662] do_mem_abort+0x70/0x1d8 [ 118.371760][ T4662] el0_da+0x94/0x20c [ 118.372637][ T4662] el0t_64_sync_handler+0xc0/0xe4 [ 118.373797][ T4662] el0t_64_sync+0x1a0/0x1a4 [ 118.374852][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.333538][ T4662] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 119.335979][ T4662] udc-core: couldn't find an available UDC or it's busy [ 119.337622][ T4662] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 119.457716][ T4670] binder: tried to use weak ref as strong ref [ 119.459508][ T4670] binder: 4669:4670 Acquire 1 refcount change on invalid ref 0 ret -22 [ 119.471370][ T4670] binder: 4669:4670 got transaction to invalid handle, 1 [ 119.473039][ T4670] binder: 4669:4670 transaction failed 29201/-22, size 0-0 line 2917 [ 119.516301][ T4670] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 119.531520][ T4670] netlink: 'syz.4.121': attribute type 1 has an invalid length. [ 119.541535][ T4183] binder: undelivered TRANSACTION_ERROR: 29201 [ 119.553653][ T4676] capability: warning: `syz.2.122' uses deprecated v2 capabilities in a way that may be insecure [ 119.589518][ T4676] FAULT_INJECTION: forcing a failure. [ 119.589518][ T4676] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 119.604422][ T4676] CPU: 1 PID: 4676 Comm: syz.2.122 Not tainted 5.15.173-syzkaller #0 [ 119.606142][ T4676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 119.608301][ T4676] Call trace: [ 119.609037][ T4676] dump_backtrace+0x0/0x530 [ 119.610023][ T4676] show_stack+0x2c/0x3c [ 119.610950][ T4676] dump_stack_lvl+0x108/0x170 [ 119.611983][ T4676] dump_stack+0x1c/0x58 [ 119.612831][ T4676] should_fail+0x3b8/0x514 [ 119.613786][ T4676] should_fail_usercopy+0x20/0x30 [ 119.614918][ T4676] simple_read_from_buffer+0xd8/0x26c [ 119.616199][ T4676] proc_fail_nth_read+0x1a0/0x248 [ 119.617336][ T4676] vfs_read+0x278/0xb18 [ 119.618230][ T4676] ksys_read+0x15c/0x26c [ 119.619200][ T4676] __arm64_sys_read+0x7c/0x90 [ 119.620233][ T4676] invoke_syscall+0x98/0x2b8 [ 119.621309][ T4676] el0_svc_common+0x138/0x258 [ 119.622528][ T4676] do_el0_svc+0x58/0x14c [ 119.623490][ T4676] el0_svc+0x7c/0x1f0 [ 119.624391][ T4676] el0t_64_sync_handler+0x84/0xe4 [ 119.625513][ T4676] el0t_64_sync+0x1a0/0x1a4 [ 119.872431][ T4688] FAULT_INJECTION: forcing a failure. [ 119.872431][ T4688] name failslab, interval 1, probability 0, space 0, times 0 [ 119.875527][ T4688] CPU: 1 PID: 4688 Comm: syz.4.126 Not tainted 5.15.173-syzkaller #0 [ 119.877215][ T4688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 119.879568][ T4688] Call trace: [ 119.880328][ T4688] dump_backtrace+0x0/0x530 [ 119.881294][ T4688] show_stack+0x2c/0x3c [ 119.882160][ T4688] dump_stack_lvl+0x108/0x170 [ 119.883156][ T4688] dump_stack+0x1c/0x58 [ 119.884130][ T4688] should_fail+0x3b8/0x514 [ 119.885107][ T4688] __should_failslab+0xbc/0x110 [ 119.886251][ T4688] should_failslab+0x10/0x28 [ 119.887265][ T4688] slab_pre_alloc_hook+0x64/0xe8 [ 119.888344][ T4688] kmem_cache_alloc_trace+0x9c/0x47c [ 119.889549][ T4688] fsnotify_alloc_group+0x80/0x334 [ 119.890649][ T4688] __arm64_sys_fanotify_init+0x1f0/0x77c [ 119.891892][ T4688] invoke_syscall+0x98/0x2b8 [ 119.892923][ T4688] el0_svc_common+0x138/0x258 [ 119.893969][ T4688] do_el0_svc+0x58/0x14c [ 119.894909][ T4688] el0_svc+0x7c/0x1f0 [ 119.895854][ T4688] el0t_64_sync_handler+0x84/0xe4 [ 119.897026][ T4688] el0t_64_sync+0x1a0/0x1a4 [ 120.004891][ T4692] netlink: 12 bytes leftover after parsing attributes in process `syz.2.127'. [ 120.855339][ T4692] loop2: detected capacity change from 0 to 131072 [ 120.886633][ T4692] F2FS-fs (loop2): Unrecognized mount option "" or missing value [ 121.417621][ T4692] loop2: detected capacity change from 0 to 32768 [ 121.462457][ T4692] (syz.2.127,4692,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "" or missing value [ 121.465110][ T4692] (syz.2.127,4692,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 121.833754][ T4699] loop4: detected capacity change from 0 to 32768 [ 122.036941][ T4691] loop5: detected capacity change from 0 to 40427 [ 122.168352][ T4691] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 122.170205][ T4691] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 122.868234][ T4691] F2FS-fs (loop5): Found nat_bits in checkpoint [ 123.310247][ T4714] loop2: detected capacity change from 0 to 40427 [ 123.345431][ T4735] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 123.384141][ T4714] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 123.385985][ T4714] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 123.397988][ T4740] netlink: 8 bytes leftover after parsing attributes in process `syz.5.134'. [ 123.411001][ T4740] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 123.489387][ T4714] F2FS-fs (loop2): Found nat_bits in checkpoint [ 123.537027][ T4750] FAULT_INJECTION: forcing a failure. [ 123.537027][ T4750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 123.540004][ T4750] CPU: 0 PID: 4750 Comm: syz.5.136 Not tainted 5.15.173-syzkaller #0 [ 123.541973][ T4750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 123.544269][ T4750] Call trace: [ 123.545059][ T4750] dump_backtrace+0x0/0x530 [ 123.546039][ T4750] show_stack+0x2c/0x3c [ 123.546931][ T4750] dump_stack_lvl+0x108/0x170 [ 123.548063][ T4750] dump_stack+0x1c/0x58 [ 123.549000][ T4750] should_fail+0x3b8/0x514 [ 123.549967][ T4750] should_fail_usercopy+0x20/0x30 [ 123.551090][ T4750] __copy_msghdr_from_user+0xbc/0x5d0 [ 123.552261][ T4750] ___sys_sendmsg+0x154/0x294 [ 123.553240][ T4750] __arm64_sys_sendmsg+0x1ac/0x25c [ 123.554365][ T4750] invoke_syscall+0x98/0x2b8 [ 123.555326][ T4750] el0_svc_common+0x138/0x258 [ 123.556359][ T4750] do_el0_svc+0x58/0x14c [ 123.557272][ T4750] el0_svc+0x7c/0x1f0 [ 123.558266][ T4750] el0t_64_sync_handler+0x84/0xe4 [ 123.559405][ T4750] el0t_64_sync+0x1a0/0x1a4 [ 123.560388][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.567592][ T4714] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 123.569237][ T4714] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 123.664868][ T4714] attempt to access beyond end of device [ 123.664868][ T4714] loop2: rw=2049, want=45224, limit=40427 [ 123.922690][ T4760] FAULT_INJECTION: forcing a failure. [ 123.922690][ T4760] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 123.925679][ T4760] CPU: 1 PID: 4760 Comm: syz.5.139 Not tainted 5.15.173-syzkaller #0 [ 123.927403][ T4760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 123.929442][ T4760] Call trace: [ 123.930121][ T4760] dump_backtrace+0x0/0x530 [ 123.931072][ T4760] show_stack+0x2c/0x3c [ 123.932003][ T4760] dump_stack_lvl+0x108/0x170 [ 123.932985][ T4760] dump_stack+0x1c/0x58 [ 123.933881][ T4760] should_fail+0x3b8/0x514 [ 123.934891][ T4760] should_fail_usercopy+0x20/0x30 [ 123.936009][ T4760] iovec_from_user+0xcc/0x630 [ 123.937037][ T4760] __import_iovec+0x80/0x414 [ 123.938017][ T4760] import_iovec+0x88/0xa4 [ 123.938883][ T4760] do_preadv+0x1b8/0x324 [ 123.939873][ T4760] __arm64_sys_preadv2+0xd4/0x108 [ 123.940958][ T4760] invoke_syscall+0x98/0x2b8 [ 123.941960][ T4760] el0_svc_common+0x138/0x258 [ 123.942939][ T4760] do_el0_svc+0x58/0x14c [ 123.943913][ T4760] el0_svc+0x7c/0x1f0 [ 123.944825][ T4760] el0t_64_sync_handler+0x84/0xe4 [ 123.945898][ T4760] el0t_64_sync+0x1a0/0x1a4 [ 124.263822][ T4764] FAULT_INJECTION: forcing a failure. [ 124.263822][ T4764] name failslab, interval 1, probability 0, space 0, times 0 [ 124.266902][ T4764] CPU: 1 PID: 4764 Comm: syz.5.141 Not tainted 5.15.173-syzkaller #0 [ 124.268719][ T4764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 124.270840][ T4764] Call trace: [ 124.271568][ T4764] dump_backtrace+0x0/0x530 [ 124.272569][ T4764] show_stack+0x2c/0x3c [ 124.273506][ T4764] dump_stack_lvl+0x108/0x170 [ 124.274500][ T4764] dump_stack+0x1c/0x58 [ 124.275379][ T4764] should_fail+0x3b8/0x514 [ 124.276297][ T4764] __should_failslab+0xbc/0x110 [ 124.277359][ T4764] should_failslab+0x10/0x28 [ 124.278397][ T4764] slab_pre_alloc_hook+0x64/0xe8 [ 124.279439][ T4764] __kmalloc+0xc0/0x4c8 [ 124.280404][ T4764] tomoyo_realpath_from_path+0xd0/0x508 [ 124.281646][ T4764] tomoyo_path_number_perm+0x1f8/0x6b0 [ 124.282849][ T4764] tomoyo_file_ioctl+0x2c/0x3c [ 124.283932][ T4764] security_file_ioctl+0x80/0xbc [ 124.284976][ T4764] __arm64_sys_ioctl+0xa8/0x1c8 [ 124.286006][ T4764] invoke_syscall+0x98/0x2b8 [ 124.287085][ T4764] el0_svc_common+0x138/0x258 [ 124.288107][ T4764] do_el0_svc+0x58/0x14c [ 124.289001][ T4764] el0_svc+0x7c/0x1f0 [ 124.289821][ T4764] el0t_64_sync_handler+0x84/0xe4 [ 124.290922][ T4764] el0t_64_sync+0x1a0/0x1a4 [ 124.471045][ T4764] ERROR: Out of memory at tomoyo_realpath_from_path. [ 124.571459][ T4735] loop1: detected capacity change from 0 to 32768 [ 124.646440][ T4735] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.135 (4735) [ 124.711226][ T4735] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 124.713682][ T4735] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 124.720914][ T4735] BTRFS info (device loop1): trying to use backup root at mount time [ 124.722767][ T4735] BTRFS info (device loop1): turning on flush-on-commit [ 124.724480][ T4735] BTRFS info (device loop1): using free space tree [ 124.726028][ T4735] BTRFS info (device loop1): has skinny extents [ 124.757459][ T4774] loop4: detected capacity change from 0 to 64 [ 125.138347][ T4735] BTRFS info (device loop1): enabling ssd optimizations [ 126.070626][ T4802] loop5: detected capacity change from 0 to 32768 [ 126.100225][ T4774] loop4: detected capacity change from 0 to 32768 [ 126.388165][ T4774] XFS (loop4): Mounting V5 Filesystem [ 126.548447][ T4810] loop0: detected capacity change from 0 to 40427 [ 126.588219][ T4774] XFS (loop4): Ending clean mount [ 126.603649][ T4810] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 126.605597][ T4810] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 126.672323][ T4810] F2FS-fs (loop0): Found nat_bits in checkpoint [ 126.807480][ T4810] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 126.809069][ T4810] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 126.829555][ T4816] loop1: detected capacity change from 0 to 40427 [ 126.897723][ T4816] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 126.899319][ T4816] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 126.914386][ T4816] F2FS-fs (loop1): invalid crc value [ 126.942480][ T4816] F2FS-fs (loop1): Found nat_bits in checkpoint [ 127.005438][ T4036] XFS (loop4): Unmounting Filesystem [ 127.040412][ T4816] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 127.042245][ T4816] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 127.159650][ T4816] FAULT_INJECTION: forcing a failure. [ 127.159650][ T4816] name failslab, interval 1, probability 0, space 0, times 0 [ 127.174937][ T4816] CPU: 1 PID: 4816 Comm: syz.1.145 Not tainted 5.15.173-syzkaller #0 [ 127.176804][ T4816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 127.178854][ T4816] Call trace: [ 127.179544][ T4816] dump_backtrace+0x0/0x530 [ 127.180535][ T4816] show_stack+0x2c/0x3c [ 127.181490][ T4816] dump_stack_lvl+0x108/0x170 [ 127.182654][ T4816] dump_stack+0x1c/0x58 [ 127.183641][ T4816] should_fail+0x3b8/0x514 [ 127.184704][ T4816] __should_failslab+0xbc/0x110 [ 127.185832][ T4816] should_failslab+0x10/0x28 [ 127.186938][ T4816] slab_pre_alloc_hook+0x64/0xe8 [ 127.188019][ T4816] kmem_cache_alloc+0x98/0x45c [ 127.189144][ T4816] getname_flags+0xd0/0x480 [ 127.190154][ T4816] __arm64_sys_unlinkat+0xb4/0xfc [ 127.191353][ T4816] invoke_syscall+0x98/0x2b8 [ 127.192369][ T4816] el0_svc_common+0x138/0x258 [ 127.193428][ T4816] do_el0_svc+0x58/0x14c [ 127.194414][ T4816] el0_svc+0x7c/0x1f0 [ 127.195272][ T4816] el0t_64_sync_handler+0x84/0xe4 [ 127.196518][ T4816] el0t_64_sync+0x1a0/0x1a4 [ 127.283114][ T4023] attempt to access beyond end of device [ 127.283114][ T4023] loop1: rw=2049, want=45104, limit=40427 [ 128.019469][ T4878] FAULT_INJECTION: forcing a failure. [ 128.019469][ T4878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.054461][ T4878] CPU: 1 PID: 4878 Comm: syz.1.153 Not tainted 5.15.173-syzkaller #0 [ 128.056478][ T4878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 128.058641][ T4878] Call trace: [ 128.059338][ T4878] dump_backtrace+0x0/0x530 [ 128.060288][ T4878] show_stack+0x2c/0x3c [ 128.061160][ T4878] dump_stack_lvl+0x108/0x170 [ 128.062194][ T4878] dump_stack+0x1c/0x58 [ 128.063089][ T4878] should_fail+0x3b8/0x514 [ 128.064148][ T4878] should_fail_usercopy+0x20/0x30 [ 128.065202][ T4878] do_fcntl+0x48c/0x1d4c [ 128.066158][ T4878] __arm64_sys_fcntl+0x110/0x1f8 [ 128.067209][ T4878] invoke_syscall+0x98/0x2b8 [ 128.068225][ T4878] el0_svc_common+0x138/0x258 [ 128.069325][ T4878] do_el0_svc+0x58/0x14c [ 128.070294][ T4878] el0_svc+0x7c/0x1f0 [ 128.071165][ T4878] el0t_64_sync_handler+0x84/0xe4 [ 128.072337][ T4878] el0t_64_sync+0x1a0/0x1a4 [ 129.597141][ T4886] loop1: detected capacity change from 0 to 32768 [ 129.641853][ T4886] jfs: Unrecognized mount option "" or missing value [ 129.643764][ T4857] loop4: detected capacity change from 0 to 40427 [ 129.645759][ T4853] loop2: detected capacity change from 0 to 40427 [ 129.694854][ T4853] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 129.696602][ T4857] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 129.698251][ T4853] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 129.700165][ T4857] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 129.708623][ T4853] F2FS-fs (loop2): invalid crc value [ 129.708656][ T4857] F2FS-fs (loop4): invalid crc value [ 129.728346][ T4857] F2FS-fs (loop4): Found nat_bits in checkpoint [ 129.736296][ T4853] F2FS-fs (loop2): Found nat_bits in checkpoint [ 129.777402][ T4857] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 129.779299][ T4857] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 129.876880][ T4853] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 129.878572][ T4853] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 129.959522][ T4163] Bluetooth: hci1: command 0x0c24 tx timeout [ 130.000595][ T4894] loop1: detected capacity change from 0 to 64 [ 130.007747][ T4874] loop0: detected capacity change from 0 to 40427 [ 130.015907][ T4853] FAULT_INJECTION: forcing a failure. [ 130.015907][ T4853] name failslab, interval 1, probability 0, space 0, times 0 [ 130.018844][ T4853] CPU: 0 PID: 4853 Comm: syz.2.150 Not tainted 5.15.173-syzkaller #0 [ 130.020576][ T4853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 130.022915][ T4853] Call trace: [ 130.023696][ T4853] dump_backtrace+0x0/0x530 [ 130.024689][ T4853] show_stack+0x2c/0x3c [ 130.025679][ T4853] dump_stack_lvl+0x108/0x170 [ 130.026839][ T4853] dump_stack+0x1c/0x58 [ 130.027789][ T4853] should_fail+0x3b8/0x514 [ 130.028812][ T4853] __should_failslab+0xbc/0x110 [ 130.029956][ T4853] should_failslab+0x10/0x28 [ 130.030976][ T4853] slab_pre_alloc_hook+0x64/0xe8 [ 130.032044][ T4853] kmem_cache_alloc+0x98/0x45c [ 130.033102][ T4853] getname_flags+0xd0/0x480 [ 130.034106][ T4853] __arm64_sys_symlinkat+0x80/0xbc [ 130.035295][ T4853] invoke_syscall+0x98/0x2b8 [ 130.036335][ T4853] el0_svc_common+0x138/0x258 [ 130.037293][ T4853] do_el0_svc+0x58/0x14c [ 130.038269][ T4853] el0_svc+0x7c/0x1f0 [ 130.039191][ T4853] el0t_64_sync_handler+0x84/0xe4 [ 130.040464][ T4853] el0t_64_sync+0x1a0/0x1a4 [ 130.041522][ C0] vkms_vblank_simulate: vblank timer overrun [ 130.057251][ T4874] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 130.058846][ T4874] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 130.087881][ T4874] F2FS-fs (loop0): invalid crc value [ 130.099289][ T4874] F2FS-fs (loop0): Found nat_bits in checkpoint [ 130.121262][ T4036] attempt to access beyond end of device [ 130.121262][ T4036] loop4: rw=2049, want=40992, limit=40427 [ 130.167037][ T4874] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 130.168873][ T4874] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 130.377208][ T4031] attempt to access beyond end of device [ 130.377208][ T4031] loop0: rw=2049, want=40992, limit=40427 [ 131.025669][ T4909] FAULT_INJECTION: forcing a failure. [ 131.025669][ T4909] name failslab, interval 1, probability 0, space 0, times 0 [ 131.028518][ T4909] CPU: 0 PID: 4909 Comm: syz.2.157 Not tainted 5.15.173-syzkaller #0 [ 131.030171][ T4909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 131.032499][ T4909] Call trace: [ 131.033241][ T4909] dump_backtrace+0x0/0x530 [ 131.034255][ T4909] show_stack+0x2c/0x3c [ 131.035153][ T4909] dump_stack_lvl+0x108/0x170 [ 131.036168][ T4909] dump_stack+0x1c/0x58 [ 131.037130][ T4909] should_fail+0x3b8/0x514 [ 131.038100][ T4909] __should_failslab+0xbc/0x110 [ 131.039344][ T4909] should_failslab+0x10/0x28 [ 131.040511][ T4909] slab_pre_alloc_hook+0x64/0xe8 [ 131.041645][ T4909] __kmalloc+0xc0/0x4c8 [ 131.042679][ T4909] tomoyo_realpath_from_path+0xd0/0x508 [ 131.044030][ T4909] tomoyo_path_number_perm+0x1f8/0x6b0 [ 131.045342][ T4909] tomoyo_file_ioctl+0x2c/0x3c [ 131.046446][ T4909] security_file_ioctl+0x80/0xbc [ 131.047634][ T4909] __arm64_sys_ioctl+0xa8/0x1c8 [ 131.049035][ T4909] invoke_syscall+0x98/0x2b8 [ 131.050276][ T4909] el0_svc_common+0x138/0x258 [ 131.051442][ T4909] do_el0_svc+0x58/0x14c [ 131.052485][ T4909] el0_svc+0x7c/0x1f0 [ 131.053507][ T4909] el0t_64_sync_handler+0x84/0xe4 [ 131.054738][ T4909] el0t_64_sync+0x1a0/0x1a4 [ 131.075373][ T2056] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.076793][ T2056] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.141452][ T4909] ERROR: Out of memory at tomoyo_realpath_from_path. [ 131.158191][ T4906] loop4: detected capacity change from 0 to 4096 [ 131.190968][ T4913] netlink: 28 bytes leftover after parsing attributes in process `syz.5.160'. [ 131.193169][ T4913] netlink: 28 bytes leftover after parsing attributes in process `syz.5.160'. [ 131.279823][ T4906] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 131.649966][ T4894] loop1: detected capacity change from 0 to 32768 [ 131.786900][ T4894] XFS (loop1): Mounting V5 Filesystem [ 131.916242][ T4916] loop2: detected capacity change from 0 to 40427 [ 131.955406][ T4916] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 131.957385][ T4916] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 131.973657][ T4916] F2FS-fs (loop2): Found nat_bits in checkpoint [ 132.048455][ T4916] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 132.050170][ T4916] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 132.108387][ T4894] XFS (loop1): Ending clean mount [ 132.264004][ T4956] loop5: detected capacity change from 0 to 2048 [ 132.382942][ T4023] XFS (loop1): Unmounting Filesystem [ 132.438915][ T4956] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 132.469312][ T4956] EXT4-fs (loop5): Online resizing not supported with bigalloc [ 132.837399][ T4971] netlink: 8 bytes leftover after parsing attributes in process `syz.5.172'. [ 132.967046][ T4936] loop4: detected capacity change from 0 to 40427 [ 133.005872][ T4936] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 133.007634][ T4936] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 133.015238][ T4976] loop1: detected capacity change from 0 to 47 [ 133.043828][ T4985] FAULT_INJECTION: forcing a failure. [ 133.043828][ T4985] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.046732][ T4985] CPU: 0 PID: 4985 Comm: syz.5.175 Not tainted 5.15.173-syzkaller #0 [ 133.048473][ T4985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 133.050679][ T4985] Call trace: [ 133.051477][ T4985] dump_backtrace+0x0/0x530 [ 133.052507][ T4985] show_stack+0x2c/0x3c [ 133.053373][ T4985] dump_stack_lvl+0x108/0x170 [ 133.054488][ T4985] dump_stack+0x1c/0x58 [ 133.055364][ T4985] should_fail+0x3b8/0x514 [ 133.056327][ T4985] should_fail_usercopy+0x20/0x30 [ 133.057392][ T4985] copy_bpf_fprog_from_user+0xec/0x564 [ 133.058532][ T4985] fanout_set_data+0x1e0/0x558 [ 133.059597][ T4985] packet_setsockopt+0x6b8/0x127c [ 133.060673][ T4985] __sys_setsockopt+0x3a8/0x6b4 [ 133.061703][ T4985] __arm64_sys_setsockopt+0xb8/0xd4 [ 133.062839][ T4985] invoke_syscall+0x98/0x2b8 [ 133.063899][ T4985] el0_svc_common+0x138/0x258 [ 133.064927][ T4985] do_el0_svc+0x58/0x14c [ 133.065797][ T4985] el0_svc+0x7c/0x1f0 [ 133.066687][ T4985] el0t_64_sync_handler+0x84/0xe4 [ 133.067818][ T4985] el0t_64_sync+0x1a0/0x1a4 [ 133.084946][ T4936] F2FS-fs (loop4): Found nat_bits in checkpoint [ 133.147193][ T4936] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 133.148805][ T4936] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 133.276827][ T4994] loop2: detected capacity change from 0 to 512 [ 133.306841][ T4995] xt_CT: You must specify a L4 protocol and not use inversions on it [ 133.316619][ T4994] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2766: inode #11: comm syz.2.177: corrupted xattr block 95 [ 133.318339][ T4995] loop5: detected capacity change from 0 to 8 [ 133.350864][ T4994] EXT4-fs (loop2): Remounting filesystem read-only [ 133.352729][ T4994] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.177: bg 0: block 7: invalid block bitmap [ 133.363019][ T4936] attempt to access beyond end of device [ 133.363019][ T4936] loop4: rw=2049, want=45224, limit=40427 [ 133.381499][ T4994] EXT4-fs (loop2): Remounting filesystem read-only [ 133.383136][ T4994] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 133.404649][ T4994] EXT4-fs (loop2): Remounting filesystem read-only [ 133.438189][ T4995] SQUASHFS error: zlib decompression failed, data probably corrupt [ 133.440302][ T4995] SQUASHFS error: Failed to read block 0x9b: -5 [ 133.449810][ T4995] SQUASHFS error: Unable to read metadata cache entry [99] [ 133.465708][ T4994] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2932: inode #11: comm syz.2.177: corrupted xattr block 95 [ 133.470083][ T5001] (unnamed net_device) (uninitialized): option mode: invalid value (7) [ 133.470611][ T4995] SQUASHFS error: Unable to read inode 0x127 [ 133.503047][ T4994] EXT4-fs (loop2): Remounting filesystem read-only [ 133.504716][ T4994] EXT4-fs warning (device loop2): ext4_evict_inode:302: xattr delete (err -117) [ 133.506634][ T4994] EXT4-fs (loop2): 1 orphan inode deleted [ 133.507995][ T4994] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,. Quota mode: none. [ 133.547225][ T5003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.180'. [ 133.606647][ T5005] FAULT_INJECTION: forcing a failure. [ 133.606647][ T5005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.609645][ T5005] CPU: 1 PID: 5005 Comm: syz.1.183 Not tainted 5.15.173-syzkaller #0 [ 133.611568][ T5005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 133.613793][ T5005] Call trace: [ 133.614528][ T5005] dump_backtrace+0x0/0x530 [ 133.615465][ T5005] show_stack+0x2c/0x3c [ 133.616404][ T5005] dump_stack_lvl+0x108/0x170 [ 133.617469][ T5005] dump_stack+0x1c/0x58 [ 133.618311][ T5005] should_fail+0x3b8/0x514 [ 133.619345][ T5005] should_fail_usercopy+0x20/0x30 [ 133.620538][ T5005] simple_read_from_buffer+0xd8/0x26c [ 133.621766][ T5005] proc_fail_nth_read+0x1a0/0x248 [ 133.622867][ T5005] vfs_read+0x278/0xb18 [ 133.623861][ T5005] ksys_read+0x15c/0x26c [ 133.624814][ T5005] __arm64_sys_read+0x7c/0x90 [ 133.625838][ T5005] invoke_syscall+0x98/0x2b8 [ 133.626821][ T5005] el0_svc_common+0x138/0x258 [ 133.627874][ T5005] do_el0_svc+0x58/0x14c [ 133.628880][ T5005] el0_svc+0x7c/0x1f0 [ 133.629811][ T5005] el0t_64_sync_handler+0x84/0xe4 [ 133.631016][ T5005] el0t_64_sync+0x1a0/0x1a4 [ 133.654012][ T5007] FAULT_INJECTION: forcing a failure. [ 133.654012][ T5007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.657140][ T5007] CPU: 1 PID: 5007 Comm: syz.5.185 Not tainted 5.15.173-syzkaller #0 [ 133.659018][ T5007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 133.661313][ T5007] Call trace: [ 133.662079][ T5007] dump_backtrace+0x0/0x530 [ 133.663222][ T5007] show_stack+0x2c/0x3c [ 133.664102][ T5007] dump_stack_lvl+0x108/0x170 [ 133.665116][ T5007] dump_stack+0x1c/0x58 [ 133.665962][ T5007] should_fail+0x3b8/0x514 [ 133.666945][ T5007] should_fail_usercopy+0x20/0x30 [ 133.668076][ T5007] __copy_msghdr_from_user+0xbc/0x5d0 [ 133.669318][ T5007] ___sys_sendmsg+0x154/0x294 [ 133.670336][ T5007] __arm64_sys_sendmsg+0x1ac/0x25c [ 133.671440][ T5007] invoke_syscall+0x98/0x2b8 [ 133.672515][ T5007] el0_svc_common+0x138/0x258 [ 133.673569][ T5007] do_el0_svc+0x58/0x14c [ 133.674567][ T5007] el0_svc+0x7c/0x1f0 [ 133.675488][ T5007] el0t_64_sync_handler+0x84/0xe4 [ 133.676757][ T5007] el0t_64_sync+0x1a0/0x1a4 [ 133.788418][ T5011] 9pnet: Insufficient options for proto=fd [ 133.795438][ T5011] loop5: detected capacity change from 0 to 256 [ 133.798159][ T5011] FAT-fs (loop5): Unrecognized mount option "ÿÿÿÿÿÿÿÿ" or missing value [ 133.955810][ T5017] syz.1.189 uses obsolete (PF_INET,SOCK_PACKET) [ 134.332925][ T5025] FAULT_INJECTION: forcing a failure. [ 134.332925][ T5025] name failslab, interval 1, probability 0, space 0, times 0 [ 134.340908][ T5025] CPU: 0 PID: 5025 Comm: syz.0.192 Not tainted 5.15.173-syzkaller #0 [ 134.342669][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 134.344902][ T5025] Call trace: [ 134.345632][ T5025] dump_backtrace+0x0/0x530 [ 134.346672][ T5025] show_stack+0x2c/0x3c [ 134.347559][ T5025] dump_stack_lvl+0x108/0x170 [ 134.348691][ T5025] dump_stack+0x1c/0x58 [ 134.349588][ T5025] should_fail+0x3b8/0x514 [ 134.350570][ T5025] __should_failslab+0xbc/0x110 [ 134.351667][ T5025] should_failslab+0x10/0x28 [ 134.352641][ T5025] slab_pre_alloc_hook+0x64/0xe8 [ 134.353716][ T5025] __kmalloc+0xc0/0x4c8 [ 134.354487][ T5025] tomoyo_realpath_from_path+0xd0/0x508 [ 134.355504][ T5025] tomoyo_path_number_perm+0x1f8/0x6b0 [ 134.356545][ T5025] tomoyo_file_ioctl+0x2c/0x3c [ 134.357636][ T5025] security_file_ioctl+0x80/0xbc [ 134.358795][ T5025] __arm64_sys_ioctl+0xa8/0x1c8 [ 134.359969][ T5025] invoke_syscall+0x98/0x2b8 [ 134.361000][ T5025] el0_svc_common+0x138/0x258 [ 134.362086][ T5025] do_el0_svc+0x58/0x14c [ 134.363031][ T5025] el0_svc+0x7c/0x1f0 [ 134.364004][ T5025] el0t_64_sync_handler+0x84/0xe4 [ 134.365139][ T5025] el0t_64_sync+0x1a0/0x1a4 [ 134.443716][ T5009] loop2: detected capacity change from 0 to 32768 [ 134.451145][ T5025] ERROR: Out of memory at tomoyo_realpath_from_path. [ 134.474022][ T5011] loop5: detected capacity change from 0 to 32768 [ 134.534648][ T5011] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 scanned by syz.5.186 (5011) [ 134.560380][ T5011] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 134.569248][ T5011] BTRFS error (device loop5): unrecognized mount option 'P”wlÀ ±dný¡[ð±_.#fêz“‚Çó—~' [ 134.597747][ T5011] BTRFS error (device loop5): open_ctree failed [ 134.616337][ T5009] XFS (loop2): Mounting V5 Filesystem [ 134.723143][ T4673] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 scanned by udevd (4673) [ 135.307273][ T5009] XFS (loop2): Ending clean mount [ 135.324477][ T5009] XFS (loop2): Quotacheck needed: Please wait. [ 135.367651][ T5046] FAULT_INJECTION: forcing a failure. [ 135.367651][ T5046] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.371059][ T5046] CPU: 1 PID: 5046 Comm: syz.1.197 Not tainted 5.15.173-syzkaller #0 [ 135.372953][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 135.375137][ T5046] Call trace: [ 135.375847][ T5046] dump_backtrace+0x0/0x530 [ 135.376823][ T5046] show_stack+0x2c/0x3c [ 135.377756][ T5046] dump_stack_lvl+0x108/0x170 [ 135.378719][ T5046] dump_stack+0x1c/0x58 [ 135.379786][ T5046] should_fail+0x3b8/0x514 [ 135.380883][ T5046] should_fail_usercopy+0x20/0x30 [ 135.382118][ T5046] copy_from_bpfptr+0x78/0x20c [ 135.383293][ T5046] __sys_bpf+0x1b8/0x610 [ 135.384265][ T5046] __arm64_sys_bpf+0x80/0x98 [ 135.385285][ T5046] invoke_syscall+0x98/0x2b8 [ 135.386093][ T5027] loop4: detected capacity change from 0 to 32768 [ 135.386313][ T5046] el0_svc_common+0x138/0x258 [ 135.388863][ T5046] do_el0_svc+0x58/0x14c [ 135.389895][ T5046] el0_svc+0x7c/0x1f0 [ 135.390791][ T5046] el0t_64_sync_handler+0x84/0xe4 [ 135.391964][ T5046] el0t_64_sync+0x1a0/0x1a4 [ 135.403892][ T5009] XFS (loop2): Quotacheck: Done. [ 135.496173][ T5009] XFS (loop2): Unmounting Filesystem [ 135.505041][ T5027] XFS (loop4): Mounting V5 Filesystem [ 135.620002][ T5039] loop5: detected capacity change from 0 to 40427 [ 135.652166][ T5062] netlink: 12 bytes leftover after parsing attributes in process `syz.1.200'. [ 135.677146][ T5027] XFS (loop4): Ending clean mount [ 135.680234][ T5039] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 135.682190][ T5039] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 135.690872][ T5027] XFS (loop4): Quotacheck needed: Please wait. [ 135.732437][ T5039] F2FS-fs (loop5): Found nat_bits in checkpoint [ 135.786992][ T5027] XFS (loop4): Quotacheck: Done. [ 135.802913][ T5027] "syz.4.193" (5027) uses obsolete ecb(arc4) skcipher [ 135.815525][ T5039] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 135.817273][ T5039] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 135.836397][ T5027] vxcan1: tx address claim with different name [ 135.948032][ T4036] XFS (loop4): Unmounting Filesystem [ 136.165906][ T5039] attempt to access beyond end of device [ 136.165906][ T5039] loop5: rw=2049, want=45224, limit=40427 [ 136.474087][ T5062] loop1: detected capacity change from 0 to 131072 [ 136.507717][ T5074] FAULT_INJECTION: forcing a failure. [ 136.507717][ T5074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.537094][ T5062] F2FS-fs (loop1): Unrecognized mount option "" or missing value [ 136.577624][ T5078] loop0: detected capacity change from 0 to 164 [ 136.591040][ T5074] CPU: 0 PID: 5074 Comm: syz.2.204 Not tainted 5.15.173-syzkaller #0 [ 136.592993][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 136.595368][ T5074] Call trace: [ 136.596144][ T5074] dump_backtrace+0x0/0x530 [ 136.597199][ T5074] show_stack+0x2c/0x3c [ 136.598186][ T5074] dump_stack_lvl+0x108/0x170 [ 136.599244][ T5074] dump_stack+0x1c/0x58 [ 136.600119][ T5074] should_fail+0x3b8/0x514 [ 136.601200][ T5074] should_fail_usercopy+0x20/0x30 [ 136.602346][ T5074] copy_page_from_iter+0x2fc/0x760 [ 136.603671][ T5074] tun_get_user+0x177c/0x3774 [ 136.604667][ T5074] tun_chr_write_iter+0xfc/0x20c [ 136.605860][ T5074] vfs_write+0x884/0xb44 [ 136.606713][ T5074] ksys_write+0x15c/0x26c [ 136.607624][ T5074] __arm64_sys_write+0x7c/0x90 [ 136.608661][ T5074] invoke_syscall+0x98/0x2b8 [ 136.609683][ T5074] el0_svc_common+0x138/0x258 [ 136.610722][ T5074] do_el0_svc+0x58/0x14c [ 136.611811][ T5074] el0_svc+0x7c/0x1f0 [ 136.612770][ T5074] el0t_64_sync_handler+0x84/0xe4 [ 136.614008][ T5074] el0t_64_sync+0x1a0/0x1a4 [ 137.013449][ T5062] loop1: detected capacity change from 0 to 32768 [ 137.076109][ T5062] (syz.1.200,5062,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "" or missing value [ 137.078614][ T5062] (syz.1.200,5062,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 137.100611][ T5078] netlink: 8 bytes leftover after parsing attributes in process `syz.0.205'. [ 137.114731][ T5092] FAULT_INJECTION: forcing a failure. [ 137.114731][ T5092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.117775][ T5092] CPU: 0 PID: 5092 Comm: syz.2.206 Not tainted 5.15.173-syzkaller #0 [ 137.119651][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 137.121990][ T5092] Call trace: [ 137.122769][ T5092] dump_backtrace+0x0/0x530 [ 137.123806][ T5092] show_stack+0x2c/0x3c [ 137.124755][ T5092] dump_stack_lvl+0x108/0x170 [ 137.125828][ T5092] dump_stack+0x1c/0x58 [ 137.126876][ T5092] should_fail+0x3b8/0x514 [ 137.127944][ T5092] should_fail_usercopy+0x20/0x30 [ 137.129093][ T5092] strncpy_from_user+0x48/0x580 [ 137.130166][ T5092] bpf_prog_load+0x168/0x15c8 [ 137.131328][ T5092] __sys_bpf+0x2e8/0x610 [ 137.132271][ T5092] __arm64_sys_bpf+0x80/0x98 [ 137.133294][ T5092] invoke_syscall+0x98/0x2b8 [ 137.134391][ T5092] el0_svc_common+0x138/0x258 [ 137.135465][ T5092] do_el0_svc+0x58/0x14c [ 137.136439][ T5092] el0_svc+0x7c/0x1f0 [ 137.137401][ T5092] el0t_64_sync_handler+0x84/0xe4 [ 137.138619][ T5092] el0t_64_sync+0x1a0/0x1a4 [ 138.766687][ T5112] loop1: detected capacity change from 0 to 164 [ 139.884106][ T5124] netlink: 28 bytes leftover after parsing attributes in process `syz.2.213'. [ 139.915437][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 139.915450][ T26] audit: type=1326 audit(139.870:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5119 comm="syz.0.212" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb3dfa328 code=0x0 [ 139.927860][ T5129] FAULT_INJECTION: forcing a failure. [ 139.927860][ T5129] name failslab, interval 1, probability 0, space 0, times 0 [ 139.930702][ T5129] CPU: 1 PID: 5129 Comm: syz.1.214 Not tainted 5.15.173-syzkaller #0 [ 139.932603][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 139.934885][ T5129] Call trace: [ 139.935593][ T5129] dump_backtrace+0x0/0x530 [ 139.936531][ T5129] show_stack+0x2c/0x3c [ 139.937443][ T5129] dump_stack_lvl+0x108/0x170 [ 139.938432][ T5129] dump_stack+0x1c/0x58 [ 139.939407][ T5129] should_fail+0x3b8/0x514 [ 139.940468][ T5129] __should_failslab+0xbc/0x110 [ 139.941508][ T5129] should_failslab+0x10/0x28 [ 139.942559][ T5129] slab_pre_alloc_hook+0x64/0xe8 [ 139.943675][ T5129] __kmalloc+0xc0/0x4c8 [ 139.944593][ T5129] __arm64_sys_memfd_create+0x168/0x610 [ 139.945918][ T5129] invoke_syscall+0x98/0x2b8 [ 139.946978][ T5129] el0_svc_common+0x138/0x258 [ 139.948021][ T5129] do_el0_svc+0x58/0x14c [ 139.948958][ T5129] el0_svc+0x7c/0x1f0 [ 139.949832][ T5129] el0t_64_sync_handler+0x84/0xe4 [ 139.950907][ T5129] el0t_64_sync+0x1a0/0x1a4 [ 140.042876][ T5135] loop2: detected capacity change from 0 to 256 [ 140.101911][ T5135] exfat: Unknown parameter 'ÿÿÿÿe'àð´ú€úBÞìlº© max 0 [ 172.022306][ T5865] udc-core: couldn't find an available UDC or it's busy [ 172.023920][ T5865] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 172.071936][ T5871] netlink: 'syz.2.457': attribute type 1 has an invalid length. [ 172.119429][ T5877] sctp: [Deprecated]: syz.2.460 (pid 5877) Use of int in max_burst socket option deprecated. [ 172.119429][ T5877] Use struct sctp_assoc_value instead [ 172.470497][ T5901] udc-core: couldn't find an available UDC or it's busy [ 172.481070][ T5901] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 173.105531][ T144] Bluetooth: unknown link type 3 [ 173.951262][ T5318] Bluetooth: hci1: command 0x2021 tx timeout [ 174.811096][ T5318] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 175.053302][ T5318] usb 1-1: Using ep0 maxpacket: 32 [ 175.117240][ T6050] netlink: 12 bytes leftover after parsing attributes in process `syz.5.535'. [ 175.170977][ T5318] usb 1-1: config 0 has an invalid interface number: 54 but max is 0 [ 175.173668][ T5318] usb 1-1: config 0 has no interface number 0 [ 175.175154][ T5318] usb 1-1: config 0 interface 54 has no altsetting 0 [ 175.315318][ T6061] netlink: 4 bytes leftover after parsing attributes in process `syz.4.537'. [ 175.331833][ T5318] usb 1-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42 [ 175.334067][ T5318] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.335730][ T5318] usb 1-1: Product: syz [ 175.336652][ T5318] usb 1-1: Manufacturer: syz [ 175.337681][ T5318] usb 1-1: SerialNumber: syz [ 175.364883][ T5318] usb 1-1: config 0 descriptor?? [ 175.411860][ T6067] udc-core: couldn't find an available UDC or it's busy [ 175.414838][ T6067] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 175.557518][ T6073] udc-core: couldn't find an available UDC or it's busy [ 175.559283][ T6073] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 175.571512][ T6073] loop2: detected capacity change from 0 to 7 [ 175.587704][ T6073] Dev loop2: unable to read RDB block 7 [ 175.589253][ T6073] loop2: unable to read partition table [ 175.590575][ T6073] loop2: partition table beyond EOD, truncated [ 175.592389][ T6073] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 175.723939][ T5318] ums_eneub6250 1-1:0.54: USB Mass Storage device detected [ 175.804332][ T5318] usb 1-1: USB disconnect, device number 2 [ 176.030954][ T5318] Bluetooth: hci1: command 0x0409 tx timeout [ 176.103213][ T6095] IPVS: sync thread started: state = BACKUP, mcast_ifn = netdevsim0, syncid = 1, id = 0 [ 176.233478][ T6104] udc-core: couldn't find an available UDC or it's busy [ 176.239719][ T6104] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 176.563101][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.566344][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.569345][ T6117] udc-core: couldn't find an available UDC or it's busy [ 176.573199][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.575221][ T6117] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 176.578135][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.582026][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.584657][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.586510][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.588422][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.590254][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.592998][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.594915][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.596818][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.598698][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.600584][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.603808][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.605684][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.607524][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.609399][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.611778][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.613868][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.615864][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.617789][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.619572][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.622125][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.624121][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.626070][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.627895][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.629716][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.632269][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.634356][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.636262][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.638123][ T4025] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.647096][ T4025] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 176.671943][ T6121] udc-core: couldn't find an available UDC or it's busy [ 176.673618][ T6121] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 176.974793][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 177.092851][ T6137] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.099073][ T6137] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 177.104133][ T6138] tipc: Started in network mode [ 177.105440][ T6138] tipc: Node identity 3, cluster identity 4711 [ 177.106791][ T6138] tipc: Node number set to 3 [ 177.518890][ T6171] device team_slave_0 entered promiscuous mode [ 177.520519][ T6171] device team_slave_1 entered promiscuous mode [ 177.522567][ T6171] device macsec2 entered promiscuous mode [ 177.523806][ T6171] device team0 entered promiscuous mode [ 177.526442][ T6171] team0: Device macsec2 is already an upper device of the team interface [ 177.540496][ T6171] device team0 left promiscuous mode [ 177.543704][ T6171] device team_slave_0 left promiscuous mode [ 177.545086][ T6171] device team_slave_1 left promiscuous mode [ 178.225195][ T6214] mmap: syz.0.592 (6214): VmData 37490688 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data. [ 178.781002][ T6239] netlink: 8 bytes leftover after parsing attributes in process `syz.5.604'. [ 178.801494][ T6239] netlink: 8 bytes leftover after parsing attributes in process `syz.5.604'. [ 178.868409][ T6246] netlink: 8 bytes leftover after parsing attributes in process `syz.5.608'. [ 178.903572][ T6246] device hsr0 entered promiscuous mode [ 179.027600][ T26] audit: type=1326 audit(178.980:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.4.611" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97531328 code=0x7ffc0000 [ 179.222293][ T6269] device netdevsim0 entered promiscuous mode [ 179.258133][ T6269] netlink: 44 bytes leftover after parsing attributes in process `syz.5.616'. [ 179.260215][ T6269] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 179.421042][ T13] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 179.584012][ T6291] udc-core: couldn't find an available UDC or it's busy [ 179.585491][ T6291] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 179.723293][ T6299] netlink: 'syz.5.632': attribute type 3 has an invalid length. [ 180.021209][ T6312] udc-core: couldn't find an available UDC or it's busy [ 180.022759][ T6312] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 180.045761][ T13] usb 1-1: config 0 has no interfaces? [ 180.236850][ T13] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 180.238992][ T13] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.240650][ T13] usb 1-1: Product: syz [ 180.242246][ T13] usb 1-1: Manufacturer: syz [ 180.243367][ T13] usb 1-1: SerialNumber: syz [ 180.258629][ T13] usb 1-1: config 0 descriptor?? [ 180.343618][ T6320] udc-core: couldn't find an available UDC or it's busy [ 180.345235][ T6320] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 180.370128][ T26] audit: type=1326 audit(180.320:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff86a74328 code=0x7ffc0000 [ 180.393050][ T26] audit: type=1326 audit(180.350:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=237 compat=0 ip=0xffff86a74328 code=0x7ffc0000 [ 180.401318][ T26] audit: type=1326 audit(180.360:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff86a74328 code=0x7ffc0000 [ 180.735492][ T6344] udc-core: couldn't find an available UDC or it's busy [ 180.737193][ T6344] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 180.789798][ T6346] netlink: 128 bytes leftover after parsing attributes in process `syz.1.653'. [ 180.858677][ T6348] syz.5.654 sent an empty control message without MSG_MORE. [ 180.863553][ T6350] udc-core: couldn't find an available UDC or it's busy [ 180.865105][ T6350] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 181.786059][ T26] audit: type=1326 audit(181.740:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff860df328 code=0x7ffc0000 [ 181.798857][ T26] audit: type=1326 audit(181.740:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff860dd8c4 code=0x7ffc0000 [ 181.817044][ T26] audit: type=1326 audit(181.740:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff860df328 code=0x7ffc0000 [ 181.836649][ T26] audit: type=1326 audit(181.750:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=63 compat=0 ip=0xffff860df328 code=0x7ffc0000 [ 181.864004][ T26] audit: type=1326 audit(181.750:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.2.670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff860df328 code=0x7ffc0000 [ 181.992159][ T6401] netlink: 284 bytes leftover after parsing attributes in process `syz.1.675'. [ 182.112701][ T26] audit: type=1326 audit(182.070:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6408 comm="syz.1.679" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e70a328 code=0x0 [ 182.136984][ T6411] netlink: 128 bytes leftover after parsing attributes in process `syz.5.680'. [ 182.139498][ T6411] netlink: 20 bytes leftover after parsing attributes in process `syz.5.680'. [ 182.141952][ T6411] netlink: 20 bytes leftover after parsing attributes in process `syz.5.680'. [ 182.249510][ T5319] usb 1-1: USB disconnect, device number 3 [ 182.278311][ T6420] netlink: 12 bytes leftover after parsing attributes in process `syz.2.683'. [ 182.465762][ T6435] binder: 6433:6435 tried to acquire reference to desc 0, got 1 instead [ 182.475332][ T6435] binder: 6433:6435 BC_FREE_BUFFER u0000001600000002 no match [ 182.479469][ T6435] binder: 6433:6435 unknown command 0 [ 182.483121][ T6435] binder: 6433:6435 ioctl c0306201 20000340 returned -22 [ 182.487480][ T4025] binder: undelivered TRANSACTION_COMPLETE [ 182.506428][ T4025] binder: undelivered transaction 10, process died. [ 182.577209][ T6443] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 182.773427][ T6455] udc-core: couldn't find an available UDC or it's busy [ 182.779816][ T6455] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 183.160486][ T6472] netlink: 'syz.2.707': attribute type 10 has an invalid length. [ 183.276675][ T6472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.286332][ T6472] team0: Port device bond0 added [ 183.290587][ T6473] device team0 entered promiscuous mode [ 183.300632][ T6473] device team_slave_0 entered promiscuous mode [ 183.305229][ T6473] device team_slave_1 entered promiscuous mode [ 183.309220][ T6473] device bond0 entered promiscuous mode [ 183.322501][ T6473] device bond_slave_0 entered promiscuous mode [ 183.332935][ T6473] device bond_slave_1 entered promiscuous mode [ 183.347277][ T6471] device team0 left promiscuous mode [ 183.357173][ T6471] device team_slave_0 left promiscuous mode [ 183.379254][ T6471] device team_slave_1 left promiscuous mode [ 183.389627][ T6471] device bond0 left promiscuous mode [ 183.393186][ T6471] device bond_slave_0 left promiscuous mode [ 183.405157][ T6471] device bond_slave_1 left promiscuous mode [ 183.416160][ T6478] netlink: 'syz.1.709': attribute type 1 has an invalid length. [ 183.992828][ T6516] udc-core: couldn't find an available UDC or it's busy [ 183.994534][ T6516] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 184.074636][ T6522] atomic_op 000000004f3b79cd conn xmit_atomic 0000000000000000 [ 184.123626][ T6526] udc-core: couldn't find an available UDC or it's busy [ 184.125198][ T6526] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 184.386065][ T6539] netlink: 'syz.4.738': attribute type 29 has an invalid length. [ 184.388175][ T6539] netlink: 'syz.4.738': attribute type 29 has an invalid length. [ 184.391986][ T6539] netlink: 'syz.4.738': attribute type 29 has an invalid length. [ 184.497462][ T6545] __nla_validate_parse: 1 callbacks suppressed [ 184.497477][ T6545] netlink: 4 bytes leftover after parsing attributes in process `syz.4.741'. [ 184.501559][ T6545] netlink: 4 bytes leftover after parsing attributes in process `syz.4.741'. [ 184.560527][ T6548] udc-core: couldn't find an available UDC or it's busy [ 184.562390][ T6548] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 184.568695][ T6548] udc-core: couldn't find an available UDC or it's busy [ 184.580660][ T6548] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 184.598754][ T6548] udc-core: couldn't find an available UDC or it's busy [ 184.600542][ T6548] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 184.804258][ T6548] udc-core: couldn't find an available UDC or it's busy [ 184.806070][ T6548] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 184.809550][ T6570] udc-core: couldn't find an available UDC or it's busy [ 184.813958][ T6570] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 184.863849][ T6573] device vlan2 entered promiscuous mode [ 184.868890][ T6573] bond0: (slave vlan2): Opening slave failed [ 185.339393][ T6600] CIFS: VFS: Malformed UNC in devname [ 185.359853][ T5319] hid-generic 0000:0003:0000.0002: item fetching failed at offset 0/2 [ 185.364804][ T5319] hid-generic: probe of 0000:0003:0000.0002 failed with error -22 [ 186.067496][ T6645] udc-core: couldn't find an available UDC or it's busy [ 186.069493][ T6645] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 186.169788][ T6648] netlink: 36 bytes leftover after parsing attributes in process `syz.4.787'. [ 186.341318][ T5317] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 186.398044][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 186.484297][ T6662] udc-core: couldn't find an available UDC or it's busy [ 186.485891][ T6662] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 186.580875][ T5317] usb 1-1: Using ep0 maxpacket: 32 [ 186.701028][ T5317] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 186.703397][ T5317] usb 1-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 186.705354][ T5317] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 186.707477][ T5317] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.873561][ T6678] netlink: 'syz.1.802': attribute type 1 has an invalid length. [ 186.980218][ T5317] usb 1-1: USB disconnect, device number 4 [ 187.016131][ T6682] udc-core: couldn't find an available UDC or it's busy [ 187.017817][ T6682] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 187.038025][ T6682] tipc: Started in network mode [ 187.039174][ T6682] tipc: Node identity , cluster identity 4711 [ 187.075795][ T6685] udc-core: couldn't find an available UDC or it's busy [ 187.077368][ T6685] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 187.103888][ T6687] udc-core: couldn't find an available UDC or it's busy [ 187.110846][ T6687] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 187.782693][ T6711] netlink: 24 bytes leftover after parsing attributes in process `syz.4.817'. [ 187.788729][ T26] audit: type=1326 audit(187.740:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6710 comm="syz.5.818" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff86a74328 code=0x7ffc0000 [ 187.804699][ T26] audit: type=1326 audit(187.760:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6710 comm="syz.5.818" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=192 compat=0 ip=0xffff86a74328 code=0x7ffc0000 [ 187.830199][ T26] audit: type=1326 audit(187.760:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6710 comm="syz.5.818" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff86a74328 code=0x7ffc0000 [ 187.900433][ T6725] udc-core: couldn't find an available UDC or it's busy [ 187.921183][ T6725] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 187.986618][ T6730] netlink: 16 bytes leftover after parsing attributes in process `syz.5.827'. [ 188.137668][ T6744] tipc: Trying to set illegal importance in message [ 188.169595][ T6749] netlink: 'syz.5.837': attribute type 21 has an invalid length. [ 188.176805][ T6749] netlink: 292 bytes leftover after parsing attributes in process `syz.5.837'. [ 188.782543][ T6780] netlink: 28 bytes leftover after parsing attributes in process `syz.5.852'. [ 188.784720][ T6780] netlink: 28 bytes leftover after parsing attributes in process `syz.5.852'. [ 188.871805][ T6780] device ip6gretap0 entered promiscuous mode [ 188.901928][ T6780] hsr1: Slave A (netdevsim0) is not up; please bring it up to get a fully working HSR network [ 188.907599][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 189.096753][ T6799] udc-core: couldn't find an available UDC or it's busy [ 189.098433][ T6799] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 189.127004][ T6803] udc-core: couldn't find an available UDC or it's busy [ 189.128541][ T6803] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 189.148634][ T6803] netlink: 20 bytes leftover after parsing attributes in process `syz.4.859'. [ 189.149411][ T6805] device syzkaller1 entered promiscuous mode [ 189.476012][ T6826] device batadv0 entered promiscuous mode [ 189.511647][ T6825] device batadv0 left promiscuous mode [ 189.674907][ T6835] udc-core: couldn't find an available UDC or it's busy [ 189.677128][ T6835] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 189.866211][ T6847] netlink: 'syz.4.881': attribute type 10 has an invalid length. [ 189.868349][ T6847] bridge0: port 3(team0) entered blocking state [ 189.891835][ T6847] bridge0: port 3(team0) entered disabled state [ 189.895762][ T6847] device team0 entered promiscuous mode [ 189.900227][ T6847] device team_slave_0 entered promiscuous mode [ 189.905497][ T6847] device team_slave_1 entered promiscuous mode [ 189.909069][ T6847] bridge0: port 3(team0) entered blocking state [ 189.910502][ T6847] bridge0: port 3(team0) entered forwarding state [ 190.190158][ T6869] device team_slave_0 entered promiscuous mode [ 190.191869][ T6869] device team_slave_1 entered promiscuous mode [ 190.194808][ T6869] device macsec1 entered promiscuous mode [ 190.196247][ T6869] device team0 entered promiscuous mode [ 190.208486][ T6869] team0: Device macsec1 is already an upper device of the team interface [ 190.212811][ T6869] device team0 left promiscuous mode [ 190.214442][ T6869] device team_slave_0 left promiscuous mode [ 190.215818][ T6869] device team_slave_1 left promiscuous mode [ 190.238383][ T6871] fuse: Bad value for 'user_id' [ 190.418556][ T6884] udc-core: couldn't find an available UDC or it's busy [ 190.436518][ T6884] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 190.514790][ T6891] binder: 6890:6891 got reply transaction with no transaction stack [ 190.516631][ T6891] binder: 6890:6891 transaction failed 29201/-71, size 0-0 line 2822 [ 190.521346][ T25] binder: undelivered TRANSACTION_ERROR: 29201 [ 190.699536][ T6897] Architecture has no drm_cache.c support [ 190.705460][ T6897] ------------[ cut here ]------------ [ 190.706671][ T6897] WARNING: CPU: 1 PID: 6897 at drivers/gpu/drm/drm_cache.c:116 drm_clflush_pages+0x1c/0x2c [ 190.708884][ T6897] Modules linked in: [ 190.709859][ T6897] CPU: 1 PID: 6897 Comm: syz.2.905 Not tainted 5.15.173-syzkaller #0 [ 190.711730][ T6897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 190.713949][ T6897] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 190.715729][ T6897] pc : drm_clflush_pages+0x1c/0x2c [ 190.716921][ T6897] lr : drm_clflush_pages+0x1c/0x2c [ 190.718166][ T6897] sp : ffff8000201f77f0 [ 190.719090][ T6897] x29: ffff8000201f77f0 x28: 1fffe0001cddba84 x27: ffff0000e6edd400 [ 190.720792][ T6897] x26: dfff800000000000 x25: 1fffe0001aac1347 x24: dfff800000000000 [ 190.722597][ T6897] x23: 0000000000017000 x22: ffff0000d5609a30 x21: ffff0000ceb74400 [ 190.724353][ T6897] x20: ffff0000d5609800 x19: ffff0000d5609a30 x18: ffff8000201f6e20 [ 190.726165][ T6897] x17: 1fffff7ffdfe5c16 x16: ffff800011ab8a34 x15: 00000000000370c5 [ 190.727971][ T6897] x14: 1ffff0000295806a x13: dfff800000000000 x12: 0000000000040000 [ 190.729936][ T6897] x11: 0000000000016143 x10: ffff80002172c000 x9 : cc405c49fb390d00 [ 190.731766][ T6897] x8 : cc405c49fb390d00 x7 : 0000000000000000 x6 : 0000000000000000 [ 190.733644][ T6897] x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000a98269c [ 190.735760][ T6897] x2 : ffff0001b41aed10 x1 : 0000000100000000 x0 : 0000000000000027 [ 190.737703][ T6897] Call trace: [ 190.738402][ T6897] drm_clflush_pages+0x1c/0x2c [ 190.739493][ T6897] vgem_prime_pin+0xd4/0x184 [ 190.740597][ T6897] drm_gem_pin+0x6c/0x8c [ 190.741681][ T6897] drm_gem_map_attach+0x40/0x50 [ 190.742842][ T6897] dma_buf_dynamic_attach+0x1b8/0x748 [ 190.744078][ T6897] dma_buf_attach+0x30/0x40 [ 190.745170][ T6897] drm_gem_prime_import_dev+0xf4/0x338 [ 190.746504][ T6897] drm_gem_prime_fd_to_handle+0x1ac/0x464 [ 190.747853][ T6897] drm_prime_fd_to_handle_ioctl+0x94/0xd0 [ 190.749193][ T6897] drm_ioctl_kernel+0x2cc/0x458 [ 190.750308][ T6897] drm_ioctl+0x5d0/0xa64 [ 190.751313][ T6897] __arm64_sys_ioctl+0x14c/0x1c8 [ 190.752497][ T6897] invoke_syscall+0x98/0x2b8 [ 190.753593][ T6897] el0_svc_common+0x138/0x258 [ 190.754696][ T6897] do_el0_svc+0x58/0x14c [ 190.755587][ T6897] el0_svc+0x7c/0x1f0 [ 190.756560][ T6897] el0t_64_sync_handler+0x84/0xe4 [ 190.757615][ T6897] el0t_64_sync+0x1a0/0x1a4 [ 190.758634][ T6897] irq event stamp: 1136 [ 190.759370][ T6897] hardirqs last enabled at (1135): [] finish_lock_switch+0xbc/0x1e8 [ 190.761495][ T6897] hardirqs last disabled at (1136): [] el1_dbg+0x24/0x80 [ 190.763381][ T6897] softirqs last enabled at (1130): [] handle_softirqs+0xb88/0xdbc [ 190.765600][ T6897] softirqs last disabled at (1083): [] __irq_exit_rcu+0x268/0x4d8 [ 190.767651][ T6897] ---[ end trace 91513db00e42936d ]--- [ 192.515790][ T2056] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.517397][ T2056] ieee802154 phy1 wpan1: encryption failed: -22