last executing test programs: 4.55193301s ago: executing program 3 (id=528): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46) sendmsg$unix(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)='D', 0x1}], 0x1}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{&(0x7f00000003c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x8902, 0x0) 3.643732586s ago: executing program 3 (id=535): socket$xdp(0x2c, 0x3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x0, 0x1008}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) r2 = syz_io_uring_setup(0xf3b, &(0x7f0000000480), &(0x7f0000000080)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) 3.063825396s ago: executing program 4 (id=543): bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22, 0xffffffff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) landlock_create_ruleset(&(0x7f00000000c0)={0x210}, 0x46, 0x0) 2.455830297s ago: executing program 4 (id=546): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000480)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = socket$inet6(0xa, 0x80803, 0x87) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0003}]}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f00000001c0)={@ipv4={'\x00', '\xff\xff', @loopback}}, 0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r6, &(0x7f0000004340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r6, &(0x7f0000001200)={0x50, 0x0, r7, {0x7, 0x27, 0x0, 0x500000}}, 0x50) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', 0x0, 0x0) 2.347836171s ago: executing program 3 (id=548): r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.308550495s ago: executing program 1 (id=550): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 2.212080484s ago: executing program 3 (id=551): r0 = socket$unix(0x1, 0x2, 0x0) recvmmsg$unix(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}], 0x1, 0x0, 0x0) ioctl$NS_GET_PARENT(r1, 0x5450, 0x0) 1.672902367s ago: executing program 1 (id=552): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000700)='GPL\x00'}, 0x90) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index, 0x0, 0x0}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 1.53761679s ago: executing program 4 (id=554): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 1.513823125s ago: executing program 1 (id=555): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002ac0), 0x0, 0x0) read$rfkill(r0, 0x0, 0x0) 1.431957119s ago: executing program 1 (id=556): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000180)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000580)={0x10, 0x0, &(0x7f0000000700)=[@request_death={0x400c630e, 0x0, 0xffffff7f00000000}], 0x0, 0x1000000000000, 0x0}) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0) ioctl$TIOCGPKT(r0, 0x40045431, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 1.431744907s ago: executing program 4 (id=557): openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 1.286548212s ago: executing program 4 (id=561): read$eventfd(0xffffffffffffffff, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_procfs(0x0, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d0918108ac051582588d0000000109022d00010000000009040000030b08000009058d67c87d2a000009050502000000000009058b6e"], 0x0) 1.212010722s ago: executing program 2 (id=562): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, 0x0, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f00000006c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x10000001}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x0) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, 0x0, 0x0) socket(0x1f, 0x3, 0x6f47) 1.15308692s ago: executing program 2 (id=565): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index, 0x0, 0x0}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 1.095644844s ago: executing program 2 (id=567): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10000000}) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e24, @loopback}, 0x10) 1.091249462s ago: executing program 0 (id=568): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x25, 0x0, 0x8, 0xfffff010}, {0x80000006, 0x0, 0x0, 0x20000}]}, 0x10) 1.055889637s ago: executing program 2 (id=569): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaadfffffffffff86dd609fbbb000006c00fc010000000000000000000000000000fe8000000000000000000000000000aa"], 0x0) 971.924171ms ago: executing program 0 (id=570): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/156, 0x9c}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000009240)={&(0x7f0000000440)=@newtfilter={0xa8, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x3}, {}, {0xb, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x78, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0x50}, @TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @TCA_FLOWER_KEY_MPLS_OPTS={0x40, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x3c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL={0x8}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL={0x5, 0x2, 0xce}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x6}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL={0x5, 0x2, 0x4}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS={0x5}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS={0x5}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL={0x5, 0x2, 0xc}]}}, @TCA_FLOWER_KEY_ENC_IPV6_SRC={0xfec8, 0x1f, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}]}, 0xa8}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 971.460889ms ago: executing program 2 (id=571): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) flock(0xffffffffffffffff, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) mremap(&(0x7f0000ac3000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000b6a000/0x3000)=nil) 952.293263ms ago: executing program 0 (id=572): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) 892.082152ms ago: executing program 0 (id=573): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffd, 0xf84}, 0x1c) 751.713156ms ago: executing program 3 (id=574): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xfffffffd}, 0x48) 751.451252ms ago: executing program 3 (id=575): r0 = socket(0x1e, 0x4, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg(r2, &(0x7f0000002940)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)=""/110, 0x6e}], 0x1}}], 0x1, 0x0, 0x0) 124.842416ms ago: executing program 4 (id=576): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = socket(0x10, 0x3, 0x9) connect$netlink(r6, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r6) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r7, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r8, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="74020000", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d78430800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542fc010880"], 0x274}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r3, @ANYRES32=r10, @ANYBLOB="0000000000000000b7070000000000007b8af8ff00000000bfa200000000000007020020f8ffffffb703000008000000b70400000000de0085000000820000009500000000000000"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r9}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00'}, 0x10) 94.8272ms ago: executing program 1 (id=577): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x1}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48041}, 0x0) 36.046898ms ago: executing program 0 (id=578): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index, 0x0, 0x0}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 35.568347ms ago: executing program 2 (id=579): socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1a10716, &(0x7f0000000580)={[{@prjquota}, {@mblk_io_submit}, {@grpjquota_path}, {@resuid}, {@prjquota}, {@usrjquota}, {@usrjquota}, {@inode_readahead_blks}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0xff, 0x46d, &(0x7f0000001bc0)="$eJzs289vVEUcAPDve7sFBGUrIgqCVNGk8UdLCyoHE6PRxIMmJnrAY20LQRZqaE2ENFqNwaMh8W48mvgXePJk1JOJVzyaGBKixAT04pq3+17pLrullYXddD+fZGFm3+zMfPvevJ2d2Q1gYI1k/yQRd0fExYioNLLNBUYa/127sjj995XF6SRqtTf/SOrlrl5ZnK7litdty+scTSPST5O8kRhaWe382XMnp6rV2TN5fnzh1Hvj82fPPX3i1NTx2eOzpyePHDl8aOK5ZyefadPr3y6sN84svqt7Ppzbu/vVty+8Pn30wjs/fpP1d9e+xvEsjvXWeTMjWeB/Nv42rcce73ZjPfZv7XqcSbnXvWGtShFRzgfnxahEKa6fvEq88klPOwfcVtk9e3Pnw0s1YANLotc9AHqjeKPPPv8Wjzs09egLl19sfADK4r6WPxpHypE2Pho1L1x02UhEHF3658vsES3rELU26wYAALfqu2z+81S7+V8au1aU257vDQ1HxL0RsSMi7ouInRFxf0S97AMR8WCnhjpMokZa8jfOP9NL/zu4Ncjmf8/ne1vN87+0KDJcynP31OMfSo6dqM4ezP8mozG0OctPtKu8qOLlXz7v1P7K+V/2yNov5oJ5JZfKjQW6LcUzM1MLU92alF7+OGJPuV38yfJOQBIRuyNiz/qq3l4kTjzx9d5OhW4e/yq6sM9U+6qoZHEpWuIvJKvvT45vierswfHiqrjRTz+ff6NT+7cUfxdk539r8/XfUqLyV7Jyv3Z++cALa23j/K+fdfxMWV779b8su/43JW/V93Q35c99MLWwcGYiYlPyWj3f9Pzk9dcW+aJ8Fv/ogfbjf0f+miz+hyIiu4j3RcTDEbE/P3ePRMSjEXFglfh/eOmxdzsd64fzP9P2/rd8/Q83n//1J0onv/+2U/tru/8drqdG82fq97+b6Nyd4jbacjUDAADABpbWvxufpGPL6TQdG2t8h39nbE2rc/MLTx6be//0TOM79MMxlBYrXZUV66ETyVJeYyM/ma8VF8cP5evGX5TuqufHpueqMz2OHQbdtg7jP/N7qde9A247v9eCwdU6/tMe9QO487z/w+Ay/mFwGf8wuNqN/49a8vYCYCOqVXrdA6B3zP9hcBn/MLiMfxhIt/K7/tuVKK/y632JfklE2hfd6JvE/j4aTeUujO4e35gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC65L8AAAD///Uk+Ss=") syz_open_procfs$namespace(0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@can_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {}, [@CGW_LIM_HOPS={0x5}]}, 0x1c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x90) r3 = socket(0x8000000010, 0x2, 0x0) write(r3, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a010000003f481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 433.563µs ago: executing program 0 (id=580): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x11, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000480)=ANY=[], 0xdd12}], 0x1}, 0x0) 0s ago: executing program 1 (id=581): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90) r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) r4 = socket(0x11, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'gre0\x00', 0x0}) bind$packet(r4, &(0x7f0000000180)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r4, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="0301140001296d290e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e410820c520f061fecfd00000000a4fe942a31f48597e36e039b1c599db6e466749c2d05f64c8303a0f7fbda34fb8825f80200e3e46304f7ff00ffffca88"], 0xdd12}, {&(0x7f0000000600)=ANY=[], 0x94}, {&(0x7f0000004d40)=ANY=[], 0x2264}], 0x3}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b708000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r8}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffed0) sendmsg$nl_generic(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800040000000000050017"], 0x44}}, 0x0) kernel console output (not intermixed with test programs): n cluster "lock_nolock", "syz:syz" [ 76.058336][ T7416] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 76.063272][ T7431] FAT-fs (loop1): Directory bread(block 64) failed [ 76.066907][ T7416] gfs2: fsid=syz:syz.0: gfs2_check_dirent: zero inode number (not first in block) [ 76.073910][ T7416] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 3 2074, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 76.074217][ T7431] FAT-fs (loop1): Directory bread(block 65) failed [ 76.081447][ T7416] gfs2: fsid=syz:syz.0: G: s:SH n:2/81a f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 76.083978][ T7416] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:7416 [syz.2.167] init_inodes+0xe0/0x2d8 [ 76.085948][ T7431] FAT-fs (loop1): Directory bread(block 66) failed [ 76.086562][ T7416] gfs2: fsid=syz:syz.0: I: n:3/2074 t:4 f:0x00 d:0x00000201 s:3864 p:0 [ 76.088154][ T7431] FAT-fs (loop1): Directory bread(block 67) failed [ 76.092102][ T7431] FAT-fs (loop1): Directory bread(block 68) failed [ 76.093707][ T7431] FAT-fs (loop1): Directory bread(block 69) failed [ 76.093881][ T7416] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 76.095449][ T7431] FAT-fs (loop1): Directory bread(block 70) failed [ 76.100118][ T7431] FAT-fs (loop1): Directory bread(block 71) failed [ 76.101769][ T7431] FAT-fs (loop1): Directory bread(block 72) failed [ 76.103518][ T7431] FAT-fs (loop1): Directory bread(block 73) failed [ 76.107807][ T7416] gfs2: fsid=syz:syz.0: File system withdrawn [ 76.117904][ T7416] CPU: 1 PID: 7416 Comm: syz.2.167 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 76.120402][ T7416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 76.123014][ T7416] Call trace: [ 76.123829][ T7416] dump_backtrace+0x1b8/0x1e4 [ 76.125023][ T7416] show_stack+0x2c/0x3c [ 76.126072][ T7416] dump_stack_lvl+0xe4/0x150 [ 76.127219][ T7416] dump_stack+0x1c/0x28 [ 76.128316][ T7416] gfs2_withdraw+0xe00/0x133c [ 76.129572][ T7416] gfs2_consist_inode_i+0xf0/0x10c [ 76.130981][ T7416] gfs2_dirent_scan+0x46c/0x5b0 [ 76.132256][ T7416] gfs2_dirent_search+0x274/0x77c [ 76.133542][ T7416] gfs2_dir_check+0xb8/0x2d8 [ 76.134690][ T7416] init_journal+0x384/0x1fb8 [ 76.135863][ T7416] init_inodes+0xe0/0x2d8 [ 76.137005][ T7416] gfs2_fill_super+0x167c/0x1f54 [ 76.138254][ T7416] get_tree_bdev+0x320/0x470 [ 76.139487][ T7416] gfs2_get_tree+0x54/0x1b4 [ 76.140721][ T7416] vfs_get_tree+0x90/0x288 [ 76.141827][ T7416] do_new_mount+0x278/0x900 [ 76.142964][ T7416] path_mount+0x590/0xe04 [ 76.144051][ T7416] __arm64_sys_mount+0x3c4/0x488 [ 76.145288][ T7416] invoke_syscall+0x98/0x2b8 [ 76.146459][ T7416] el0_svc_common+0x130/0x23c [ 76.147733][ T7416] do_el0_svc+0x48/0x58 [ 76.148879][ T7416] el0_svc+0x54/0x168 [ 76.149885][ T7416] el0t_64_sync_handler+0x84/0xfc [ 76.151153][ T7416] el0t_64_sync+0x190/0x194 [ 76.152352][ C1] vkms_vblank_simulate: vblank timer overrun [ 76.161464][ T7416] gfs2: fsid=syz:syz.0: can't read journal index: -5 [ 76.313051][ T7440] loop3: detected capacity change from 0 to 128 [ 76.623640][ T7440] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 77.201014][ T7440] ext4 filesystem being mounted at /37/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 77.391671][ T7416] loop2: detected capacity change from 0 to 512 [ 77.435321][ T7416] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.167: corrupted in-inode xattr: e_value size too large [ 77.455172][ T7416] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.167: couldn't read orphan inode 15 (err -117) [ 77.478825][ T7416] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.636828][ T6378] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.047071][ T7436] loop4: detected capacity change from 0 to 32768 [ 78.054474][ T7436] gfs2: Bad value for 'quota_quantum' [ 78.206500][ T7449] loop0: detected capacity change from 0 to 32768 [ 78.218455][ T7449] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.175 (7449) [ 78.255985][ T7135] I/O error, dev loop4, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 78.265106][ T7449] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 78.267796][ T7449] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 78.298377][ T7449] BTRFS info (device loop0): using free-space-tree [ 78.386433][ T7449] BTRFS info (device loop0): checking UUID tree [ 79.353296][ T6385] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 79.364276][ T7480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 79.616318][ T7454] loop2: detected capacity change from 0 to 40427 [ 79.634533][ T7454] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 79.637054][ T7454] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 79.675715][ T7454] F2FS-fs (loop2): Found nat_bits in checkpoint [ 79.687274][ T7492] loop0: detected capacity change from 0 to 256 [ 79.692871][ T7494] loop4: detected capacity change from 0 to 1024 [ 79.702818][ T7454] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 79.704664][ T7454] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 79.707374][ T6381] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 79.720838][ T7492] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 79.726925][ T7494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.741011][ T7494] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.745998][ T6378] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 79.747979][ T6378] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 79.750522][ T6378] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 79.752687][ T6378] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 79.755318][ T6378] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 79.757362][ T6378] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 79.759907][ T6378] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 79.814504][ T7500] FAULT_INJECTION: forcing a failure. [ 79.814504][ T7500] name failslab, interval 1, probability 0, space 0, times 0 [ 79.817917][ T7500] CPU: 0 PID: 7500 Comm: syz.3.183 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 79.820433][ T7500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 79.822590][ T6380] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.822966][ T7500] Call trace: [ 79.826262][ T7500] dump_backtrace+0x1b8/0x1e4 [ 79.827537][ T7500] show_stack+0x2c/0x3c [ 79.828812][ T7500] dump_stack_lvl+0xe4/0x150 [ 79.830179][ T7500] dump_stack+0x1c/0x28 [ 79.831332][ T7500] should_fail_ex+0x3b0/0x50c [ 79.832576][ T7500] __should_failslab+0xc8/0x128 [ 79.833969][ T7500] should_failslab+0x10/0x28 [ 79.835221][ T7500] __kmalloc_noprof+0xf8/0x494 [ 79.836493][ T7500] sk_prot_alloc+0xc4/0x1f0 [ 79.837737][ T7500] sk_alloc+0x44/0x3f0 [ 79.838799][ T7500] __netlink_create+0x80/0x260 [ 79.840150][ T7500] netlink_create+0x40c/0x73c [ 79.841321][ T7500] __sock_create+0x43c/0x884 [ 79.842464][ T7500] __sys_socket+0x134/0x340 [ 79.843656][ T7500] __arm64_sys_socket+0x7c/0x94 [ 79.844945][ T7500] invoke_syscall+0x98/0x2b8 [ 79.846212][ T7500] el0_svc_common+0x130/0x23c [ 79.847479][ T7500] do_el0_svc+0x48/0x58 [ 79.848602][ T7500] el0_svc+0x54/0x168 [ 79.849673][ T7500] el0t_64_sync_handler+0x84/0xfc [ 79.850923][ T7500] el0t_64_sync+0x190/0x194 [ 79.898096][ T7502] FAULT_INJECTION: forcing a failure. [ 79.898096][ T7502] name failslab, interval 1, probability 0, space 0, times 0 [ 79.901748][ T7502] CPU: 1 PID: 7502 Comm: syz.0.186 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 79.904142][ T7502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 79.906711][ T7502] Call trace: [ 79.907518][ T7502] dump_backtrace+0x1b8/0x1e4 [ 79.908790][ T7502] show_stack+0x2c/0x3c [ 79.910005][ T7502] dump_stack_lvl+0xe4/0x150 [ 79.911244][ T7502] dump_stack+0x1c/0x28 [ 79.912460][ T7502] should_fail_ex+0x3b0/0x50c [ 79.913676][ T7502] __should_failslab+0xc8/0x128 [ 79.914917][ T7502] should_failslab+0x10/0x28 [ 79.916082][ T7502] kmem_cache_alloc_noprof+0x84/0x350 [ 79.917518][ T7502] vm_area_alloc+0xf8/0x1bc [ 79.918838][ T7502] mmap_region+0x9e4/0x17d8 [ 79.920082][ T7502] do_mmap+0x788/0xd90 [ 79.921195][ T7502] vm_mmap_pgoff+0x1a0/0x38c [ 79.922466][ T7502] ksys_mmap_pgoff+0xd0/0x5c8 [ 79.923674][ T7502] __arm64_sys_mmap+0xf8/0x110 [ 79.924884][ T7502] invoke_syscall+0x98/0x2b8 [ 79.926084][ T7502] el0_svc_common+0x130/0x23c [ 79.927318][ T7502] do_el0_svc+0x48/0x58 [ 79.928447][ T7502] el0_svc+0x54/0x168 [ 79.929515][ T7502] el0t_64_sync_handler+0x84/0xfc [ 79.930832][ T7502] el0t_64_sync+0x190/0x194 [ 80.004185][ T7507] loop1: detected capacity change from 0 to 256 [ 80.006794][ T7504] netlink: 'syz.4.185': attribute type 10 has an invalid length. [ 80.013661][ T7504] netlink: 40 bytes leftover after parsing attributes in process `syz.4.185'. [ 80.065090][ T7507] FAT-fs (loop1): Directory bread(block 64) failed [ 80.066905][ T7507] FAT-fs (loop1): Directory bread(block 65) failed [ 80.069252][ T7507] FAT-fs (loop1): Directory bread(block 66) failed [ 80.072504][ T7507] FAT-fs (loop1): Directory bread(block 67) failed [ 80.073341][ T7504] team0: Port device geneve0 added [ 80.074240][ T7507] FAT-fs (loop1): Directory bread(block 68) failed [ 80.077440][ T7507] FAT-fs (loop1): Directory bread(block 69) failed [ 80.084327][ T7512] loop2: detected capacity change from 0 to 64 [ 80.098427][ T7507] FAT-fs (loop1): Directory bread(block 70) failed [ 80.100142][ T7507] FAT-fs (loop1): Directory bread(block 71) failed [ 80.106830][ T7507] FAT-fs (loop1): Directory bread(block 72) failed [ 80.114866][ T7507] FAT-fs (loop1): Directory bread(block 73) failed [ 80.124543][ T7504] vhci_hcd: invalid port number 0 [ 81.438876][ T7509] loop0: detected capacity change from 0 to 32768 [ 81.448142][ T7509] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.188 (7509) [ 81.478665][ T7509] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 81.497289][ T7509] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 81.516423][ T7509] BTRFS info (device loop0): using free-space-tree [ 81.758554][ T6385] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 81.934059][ T7515] loop2: detected capacity change from 0 to 32768 [ 81.951557][ T7515] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.189 (7515) [ 82.270569][ T7515] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 82.298244][ T7515] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 82.300611][ T7515] BTRFS info (device loop2): using free-space-tree [ 82.417673][ T7515] BTRFS info (device loop2): checking UUID tree [ 82.469280][ T7544] loop0: detected capacity change from 0 to 40427 [ 82.519751][ T7565] loop3: detected capacity change from 0 to 128 [ 82.552376][ T7544] F2FS-fs (loop0): invalid crc value [ 82.606508][ T7544] F2FS-fs (loop0): Found nat_bits in checkpoint [ 82.657470][ T7565] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 82.661624][ T7544] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 82.668551][ T7565] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 82.824718][ T7576] loop1: detected capacity change from 0 to 1024 [ 82.834888][ T6378] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 82.851383][ T6385] syz-executor: attempt to access beyond end of device [ 82.851383][ T6385] loop0: rw=2049, sector=40960, nr_sectors = 48 limit=40427 [ 82.855502][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 82.857307][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 82.867429][ T6381] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 82.871004][ T7576] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.874122][ T7576] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.882643][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 82.902980][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 82.904837][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 82.906528][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 83.019339][ T7580] netlink: 168 bytes leftover after parsing attributes in process `syz.3.198'. [ 83.022765][ T7580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 83.070153][ T6847] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.100750][ T7584] loop2: detected capacity change from 0 to 256 [ 83.106168][ T7584] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 83.150560][ T7587] trusted_key: encrypted_key: insufficient parameters specified [ 83.262267][ T30] audit: type=1326 audit(2000000002.820:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.4.200" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7fc00000 [ 83.296365][ T30] audit: type=1326 audit(2000000002.850:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.4.200" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffff8a343de8 code=0x7fc00000 [ 83.315223][ T30] audit: type=1326 audit(2000000002.860:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.4.200" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7fc00000 [ 83.401983][ T7595] loop4: detected capacity change from 0 to 256 [ 83.467158][ T7595] FAT-fs (loop4): Directory bread(block 64) failed [ 83.470111][ T7595] FAT-fs (loop4): Directory bread(block 65) failed [ 83.471834][ T7595] FAT-fs (loop4): Directory bread(block 66) failed [ 83.478415][ T7595] FAT-fs (loop4): Directory bread(block 67) failed [ 83.480199][ T7595] FAT-fs (loop4): Directory bread(block 68) failed [ 83.482090][ T7595] FAT-fs (loop4): Directory bread(block 69) failed [ 83.488328][ T7595] FAT-fs (loop4): Directory bread(block 70) failed [ 83.490183][ T7595] FAT-fs (loop4): Directory bread(block 71) failed [ 83.491910][ T7595] FAT-fs (loop4): Directory bread(block 72) failed [ 83.493596][ T7595] FAT-fs (loop4): Directory bread(block 73) failed [ 83.633981][ T7597] 9pnet_fd: Insufficient options for proto=fd [ 83.687868][ T7591] loop0: detected capacity change from 0 to 40427 [ 83.877932][ T7591] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 83.903770][ T7591] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 84.282262][ T7591] F2FS-fs (loop0): Found nat_bits in checkpoint [ 85.017410][ T7591] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 85.025721][ T7591] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 85.060041][ T7587] loop1: detected capacity change from 0 to 32768 [ 85.165705][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 85.167934][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 85.209154][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 85.211115][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 85.213085][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 85.215776][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 85.217711][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 85.269034][ T7593] loop2: detected capacity change from 0 to 32768 [ 85.271071][ T7593] gfs2: Bad value for 'quota_quantum' [ 85.402628][ T7609] loop1: detected capacity change from 0 to 128 [ 85.432693][ T7609] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 85.461153][ T7609] ext4 filesystem being mounted at /15/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 85.730797][ T7612] loop4: detected capacity change from 0 to 1024 [ 85.761103][ T7612] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.764285][ T7612] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.790208][ T7607] loop3: detected capacity change from 0 to 32768 [ 85.794112][ T7607] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.206 (7607) [ 85.830202][ T6847] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 85.844253][ T7607] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 85.846918][ T7607] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 85.874960][ T7607] BTRFS info (device loop3): using free-space-tree [ 85.907768][ T6380] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.912373][ T7621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.960438][ T7607] BTRFS info (device loop3): checking UUID tree [ 85.966759][ T7637] loop1: detected capacity change from 0 to 256 [ 85.984174][ T7637] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 86.004802][ T7640] FAULT_INJECTION: forcing a failure. [ 86.004802][ T7640] name failslab, interval 1, probability 0, space 0, times 0 [ 86.008101][ T7640] CPU: 1 PID: 7640 Comm: syz.4.212 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 86.010542][ T7640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 86.013177][ T7640] Call trace: [ 86.013989][ T7640] dump_backtrace+0x1b8/0x1e4 [ 86.015352][ T7640] show_stack+0x2c/0x3c [ 86.016421][ T7640] dump_stack_lvl+0xe4/0x150 [ 86.017722][ T7640] dump_stack+0x1c/0x28 [ 86.018836][ T7640] should_fail_ex+0x3b0/0x50c [ 86.020216][ T7640] __should_failslab+0xc8/0x128 [ 86.021547][ T7640] should_failslab+0x10/0x28 [ 86.022742][ T7640] kmem_cache_alloc_noprof+0x84/0x350 [ 86.024154][ T7640] mas_alloc_nodes+0x218/0x728 [ 86.025371][ T7640] mas_preallocate+0x9d0/0x1204 [ 86.026653][ T7640] mmap_region+0xe80/0x17d8 [ 86.027891][ T7640] do_mmap+0x788/0xd90 [ 86.029029][ T7640] vm_mmap_pgoff+0x1a0/0x38c [ 86.030256][ T7640] ksys_mmap_pgoff+0xd0/0x5c8 [ 86.031569][ T7640] __arm64_sys_mmap+0xf8/0x110 [ 86.032849][ T7640] invoke_syscall+0x98/0x2b8 [ 86.034124][ T7640] el0_svc_common+0x130/0x23c [ 86.035575][ T7640] do_el0_svc+0x48/0x58 [ 86.036780][ T7640] el0_svc+0x54/0x168 [ 86.037917][ T7640] el0t_64_sync_handler+0x84/0xfc [ 86.039284][ T7640] el0t_64_sync+0x190/0x194 [ 86.069658][ T6381] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 86.166670][ T7644] loop4: detected capacity change from 0 to 4096 [ 86.230470][ T7647] FAULT_INJECTION: forcing a failure. [ 86.230470][ T7647] name failslab, interval 1, probability 0, space 0, times 0 [ 86.247749][ T7647] CPU: 0 PID: 7647 Comm: syz.1.215 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 86.250200][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 86.252849][ T7647] Call trace: [ 86.253689][ T7647] dump_backtrace+0x1b8/0x1e4 [ 86.254877][ T7647] show_stack+0x2c/0x3c [ 86.255923][ T7647] dump_stack_lvl+0xe4/0x150 [ 86.257174][ T7647] dump_stack+0x1c/0x28 [ 86.258289][ T7647] should_fail_ex+0x3b0/0x50c [ 86.259546][ T7647] __should_failslab+0xc8/0x128 [ 86.260828][ T7647] should_failslab+0x10/0x28 [ 86.262099][ T7647] kmalloc_trace_noprof+0x80/0x374 [ 86.263461][ T7647] smack_sk_alloc_security+0xf4/0x214 [ 86.264821][ T7647] security_sk_alloc+0x80/0xbc [ 86.266137][ T7647] sk_prot_alloc+0xe0/0x1f0 [ 86.267341][ T7647] sk_alloc+0x44/0x3f0 [ 86.268458][ T7647] __netlink_create+0x80/0x260 [ 86.269801][ T7647] netlink_create+0x40c/0x73c [ 86.271058][ T7647] __sock_create+0x43c/0x884 [ 86.272268][ T7647] __sys_socket+0x134/0x340 [ 86.273466][ T7647] __arm64_sys_socket+0x7c/0x94 [ 86.274723][ T7647] invoke_syscall+0x98/0x2b8 [ 86.275966][ T7647] el0_svc_common+0x130/0x23c [ 86.277212][ T7647] do_el0_svc+0x48/0x58 [ 86.278316][ T7647] el0_svc+0x54/0x168 [ 86.279344][ T7647] el0t_64_sync_handler+0x84/0xfc [ 86.280717][ T7647] el0t_64_sync+0x190/0x194 [ 86.288110][ T7650] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 86.306318][ T7644] sch_tbf: burst 64 is lower than device lo mtu (65550) ! [ 86.357077][ T7644] vlan0: entered promiscuous mode [ 86.359097][ T7644] vlan0: entered allmulticast mode [ 86.440764][ T7644] veth0_vlan: entered allmulticast mode [ 86.459341][ T7644] team0: Port device vlan0 added [ 86.710899][ T7670] loop4: detected capacity change from 0 to 256 [ 86.737853][ T7670] FAT-fs (loop4): Directory bread(block 64) failed [ 86.745204][ T7670] FAT-fs (loop4): Directory bread(block 65) failed [ 86.747047][ T7670] FAT-fs (loop4): Directory bread(block 66) failed [ 86.760638][ T7670] FAT-fs (loop4): Directory bread(block 67) failed [ 86.762571][ T7670] FAT-fs (loop4): Directory bread(block 68) failed [ 86.774548][ T7670] FAT-fs (loop4): Directory bread(block 69) failed [ 86.776393][ T7670] FAT-fs (loop4): Directory bread(block 70) failed [ 86.778113][ T7670] FAT-fs (loop4): Directory bread(block 71) failed [ 86.788323][ T7670] FAT-fs (loop4): Directory bread(block 72) failed [ 86.790376][ T7670] FAT-fs (loop4): Directory bread(block 73) failed [ 86.908444][ T7673] loop1: detected capacity change from 0 to 128 [ 86.962865][ T7673] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 86.985392][ T7673] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 88.236928][ T7662] loop0: detected capacity change from 0 to 32768 [ 88.271792][ T6847] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 88.340773][ T7662] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 88.377334][ T7668] loop3: detected capacity change from 0 to 40427 [ 88.388657][ T7662] XFS (loop0): Ending clean mount [ 88.414118][ T7662] XFS (loop0): User initiated shutdown received. [ 88.416036][ T7662] XFS (loop0): Log I/O Error (0x6) detected at xfs_fs_goingdown+0xe0/0x15c (fs/xfs/xfs_fsops.c:457). Shutting down filesystem. [ 88.420426][ T7668] F2FS-fs (loop3): invalid crc value [ 88.436036][ T7668] F2FS-fs (loop3): Found nat_bits in checkpoint [ 88.441457][ T7662] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 88.487818][ T7668] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 88.574886][ T6381] syz-executor: attempt to access beyond end of device [ 88.574886][ T6381] loop3: rw=2049, sector=40960, nr_sectors = 48 limit=40427 [ 88.591871][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 88.599174][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 88.600918][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 88.618463][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 88.620307][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 88.622008][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 88.804545][ T7693] loop1: detected capacity change from 0 to 1024 [ 88.827843][ T7693] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.831231][ T7693] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.917666][ T6847] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.075551][ T7691] loop2: detected capacity change from 0 to 32768 [ 89.092777][ T7691] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.223 (7691) [ 89.119965][ T7691] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 89.122595][ T7691] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 89.124826][ T7691] BTRFS info (device loop2): using free-space-tree [ 89.149348][ T7700] loop1: detected capacity change from 0 to 256 [ 89.175977][ T7700] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 89.861702][ T7691] BTRFS info (device loop2): checking UUID tree [ 89.975915][ T6385] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 90.042448][ T6378] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 90.235264][ T7703] loop3: detected capacity change from 0 to 40427 [ 90.258567][ T7703] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 90.260608][ T7703] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 90.413749][ T7703] F2FS-fs (loop3): Found nat_bits in checkpoint [ 90.476992][ T7703] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 90.503094][ T7703] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 90.584916][ T7745] loop0: detected capacity change from 0 to 128 [ 90.630669][ T7745] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.655526][ T7745] ext4 filesystem being mounted at /48/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 90.772034][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 90.784693][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 90.798897][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 90.802768][ T7727] loop4: detected capacity change from 0 to 32768 [ 90.811592][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 90.814019][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 90.816250][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 90.818107][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 90.831489][ T7727] gfs2: Bad value for 'quota_quantum' [ 91.075737][ T7754] loop1: detected capacity change from 0 to 1024 [ 91.111174][ T7754] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.149200][ T7754] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.261152][ T6847] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.302786][ T7734] loop2: detected capacity change from 0 to 32768 [ 91.325097][ T7734] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 91.327264][ T7734] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 91.357865][ T7734] gfs2: fsid=syz:syz.0: gfs2_check_dirent: zero inode number (not first in block) [ 91.367165][ T7734] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 3 2074, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 91.384741][ T7734] gfs2: fsid=syz:syz.0: G: s:SH n:2/81a f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 91.394399][ T7734] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:7734 [syz.2.230] init_inodes+0xe0/0x2d8 [ 91.420557][ T7763] loop1: detected capacity change from 0 to 256 [ 91.425630][ T7734] gfs2: fsid=syz:syz.0: I: n:3/2074 t:4 f:0x00 d:0x00000201 s:3864 p:0 [ 91.434505][ T7734] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 91.436839][ T7734] gfs2: fsid=syz:syz.0: File system withdrawn [ 91.453335][ T7734] CPU: 0 PID: 7734 Comm: syz.2.230 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 91.455807][ T7734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 91.458362][ T7734] Call trace: [ 91.459143][ T7734] dump_backtrace+0x1b8/0x1e4 [ 91.460285][ T7734] show_stack+0x2c/0x3c [ 91.461346][ T7734] dump_stack_lvl+0xe4/0x150 [ 91.462526][ T7734] dump_stack+0x1c/0x28 [ 91.463712][ T7734] gfs2_withdraw+0xe00/0x133c [ 91.465030][ T7734] gfs2_consist_inode_i+0xf0/0x10c [ 91.466334][ T7734] gfs2_dirent_scan+0x46c/0x5b0 [ 91.467509][ T7734] gfs2_dirent_search+0x274/0x77c [ 91.468738][ T7734] gfs2_dir_check+0xb8/0x2d8 [ 91.469877][ T7734] init_journal+0x384/0x1fb8 [ 91.471067][ T7734] init_inodes+0xe0/0x2d8 [ 91.472135][ T7734] gfs2_fill_super+0x167c/0x1f54 [ 91.473465][ T7734] get_tree_bdev+0x320/0x470 [ 91.474600][ T7734] gfs2_get_tree+0x54/0x1b4 [ 91.475765][ T7734] vfs_get_tree+0x90/0x288 [ 91.476837][ T7734] do_new_mount+0x278/0x900 [ 91.477927][ T7734] path_mount+0x590/0xe04 [ 91.478971][ T7734] __arm64_sys_mount+0x3c4/0x488 [ 91.480152][ T7734] invoke_syscall+0x98/0x2b8 [ 91.481359][ T7734] el0_svc_common+0x130/0x23c [ 91.482574][ T7734] do_el0_svc+0x48/0x58 [ 91.483658][ T7734] el0_svc+0x54/0x168 [ 91.484683][ T7734] el0t_64_sync_handler+0x84/0xfc [ 91.485935][ T7734] el0t_64_sync+0x190/0x194 [ 91.506759][ T7763] FAT-fs (loop1): Directory bread(block 64) failed [ 91.512984][ T7763] FAT-fs (loop1): Directory bread(block 65) failed [ 91.515015][ T7763] FAT-fs (loop1): Directory bread(block 66) failed [ 91.516664][ T7763] FAT-fs (loop1): Directory bread(block 67) failed [ 91.528273][ T7734] gfs2: fsid=syz:syz.0: can't read journal index: -5 [ 91.530457][ T7763] FAT-fs (loop1): Directory bread(block 68) failed [ 91.532131][ T7763] FAT-fs (loop1): Directory bread(block 69) failed [ 91.537128][ T7763] FAT-fs (loop1): Directory bread(block 70) failed [ 91.540217][ T7763] FAT-fs (loop1): Directory bread(block 71) failed [ 91.552314][ T7763] FAT-fs (loop1): Directory bread(block 72) failed [ 91.554093][ T7763] FAT-fs (loop1): Directory bread(block 73) failed [ 92.732167][ T7769] FAULT_INJECTION: forcing a failure. [ 92.732167][ T7769] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 92.735476][ T7769] CPU: 0 PID: 7769 Comm: syz.4.237 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 92.737739][ T7769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 92.740223][ T7769] Call trace: [ 92.741113][ T7769] dump_backtrace+0x1b8/0x1e4 [ 92.742393][ T7769] show_stack+0x2c/0x3c [ 92.743468][ T7769] dump_stack_lvl+0xe4/0x150 [ 92.744640][ T7769] dump_stack+0x1c/0x28 [ 92.745679][ T7769] should_fail_ex+0x3b0/0x50c [ 92.746875][ T7769] __should_fail_alloc_page+0x104/0x124 [ 92.748260][ T7769] should_fail_alloc_page+0x10/0x20 [ 92.749566][ T7769] prepare_alloc_pages+0x1b4/0x508 [ 92.750906][ T7769] __alloc_pages_noprof+0x150/0x6c0 [ 92.752302][ T7769] alloc_pages_mpol_noprof+0x33c/0x5f0 [ 92.753696][ T7769] alloc_pages_noprof+0x168/0x200 [ 92.754978][ T7769] __pmd_alloc+0xa4/0x63c [ 92.756081][ T7769] handle_mm_fault+0x125c/0x15cc [ 92.757332][ T7769] do_page_fault+0x38c/0xb1c [ 92.758488][ T7769] do_translation_fault+0xc4/0x114 [ 92.759819][ T7769] do_mem_abort+0x74/0x200 [ 92.760972][ T7769] el0_da+0x60/0x178 [ 92.761974][ T7769] el0t_64_sync_handler+0xcc/0xfc [ 92.763238][ T7769] el0t_64_sync+0x190/0x194 [ 92.835027][ T7769] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 93.117627][ T7771] loop2: detected capacity change from 0 to 256 [ 93.163163][ T7771] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 93.498514][ T6385] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 93.525187][ T7772] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 93.667641][ T7769] loop4: detected capacity change from 0 to 32768 [ 93.688793][ T7769] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 93.690999][ T7769] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 93.713636][ T7769] gfs2: fsid=syz:syz.0: gfs2_check_dirent: zero inode number (not first in block) [ 93.716087][ T7769] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 3 2074, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 93.730741][ T7769] gfs2: fsid=syz:syz.0: G: s:SH n:2/81a f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 93.733164][ T7769] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:7769 [syz.4.237] init_inodes+0xe0/0x2d8 [ 93.735544][ T7769] gfs2: fsid=syz:syz.0: I: n:3/2074 t:4 f:0x00 d:0x00000201 s:3864 p:0 [ 93.737623][ T7769] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 93.749118][ T7769] gfs2: fsid=syz:syz.0: File system withdrawn [ 93.756467][ T7769] CPU: 1 PID: 7769 Comm: syz.4.237 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 93.758923][ T7769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 93.761576][ T7769] Call trace: [ 93.762414][ T7769] dump_backtrace+0x1b8/0x1e4 [ 93.763597][ T7769] show_stack+0x2c/0x3c [ 93.764682][ T7769] dump_stack_lvl+0xe4/0x150 [ 93.765921][ T7769] dump_stack+0x1c/0x28 [ 93.767022][ T7769] gfs2_withdraw+0xe00/0x133c [ 93.768239][ T7769] gfs2_consist_inode_i+0xf0/0x10c [ 93.769702][ T7769] gfs2_dirent_scan+0x46c/0x5b0 [ 93.771043][ T7769] gfs2_dirent_search+0x274/0x77c [ 93.772477][ T7769] gfs2_dir_check+0xb8/0x2d8 [ 93.773726][ T7769] init_journal+0x384/0x1fb8 [ 93.775016][ T7769] init_inodes+0xe0/0x2d8 [ 93.776154][ T7769] gfs2_fill_super+0x167c/0x1f54 [ 93.777466][ T7769] get_tree_bdev+0x320/0x470 [ 93.778727][ T7769] gfs2_get_tree+0x54/0x1b4 [ 93.779985][ T7769] vfs_get_tree+0x90/0x288 [ 93.781181][ T7769] do_new_mount+0x278/0x900 [ 93.782407][ T7769] path_mount+0x590/0xe04 [ 93.783536][ T7769] __arm64_sys_mount+0x3c4/0x488 [ 93.784922][ T7769] invoke_syscall+0x98/0x2b8 [ 93.786173][ T7769] el0_svc_common+0x130/0x23c [ 93.787385][ T7769] do_el0_svc+0x48/0x58 [ 93.788466][ T7769] el0_svc+0x54/0x168 [ 93.789549][ T7769] el0t_64_sync_handler+0x84/0xfc [ 93.790898][ T7769] el0t_64_sync+0x190/0x194 [ 93.901289][ T7769] gfs2: fsid=syz:syz.0: can't read journal index: -5 [ 94.079538][ T7782] FAULT_INJECTION: forcing a failure. [ 94.079538][ T7782] name failslab, interval 1, probability 0, space 0, times 0 [ 94.088542][ T7782] CPU: 1 PID: 7782 Comm: syz.2.243 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 94.091124][ T7782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 94.093689][ T7782] Call trace: [ 94.094551][ T7782] dump_backtrace+0x1b8/0x1e4 [ 94.095739][ T7782] show_stack+0x2c/0x3c [ 94.096805][ T7782] dump_stack_lvl+0xe4/0x150 [ 94.097969][ T7782] dump_stack+0x1c/0x28 [ 94.099325][ T7782] should_fail_ex+0x3b0/0x50c [ 94.099610][ T7777] loop0: detected capacity change from 0 to 32768 [ 94.100729][ T7782] __should_failslab+0xc8/0x128 [ 94.103796][ T7782] should_failslab+0x10/0x28 [ 94.105102][ T7782] kmem_cache_alloc_lru_noprof+0x88/0x354 [ 94.106567][ T7782] __d_alloc+0x40/0x658 [ 94.107651][ T7782] d_alloc_pseudo+0x30/0x16c [ 94.108921][ T7782] alloc_file_pseudo+0x110/0x25c [ 94.110274][ T7782] sock_alloc_file+0xb8/0x268 [ 94.111556][ T7782] __sys_socket+0x1b4/0x340 [ 94.112746][ T7782] __arm64_sys_socket+0x7c/0x94 [ 94.114039][ T7782] invoke_syscall+0x98/0x2b8 [ 94.115309][ T7782] el0_svc_common+0x130/0x23c [ 94.116519][ T7782] do_el0_svc+0x48/0x58 [ 94.117002][ T7777] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.240 (7777) [ 94.117598][ T7782] el0_svc+0x54/0x168 [ 94.122139][ T7782] el0t_64_sync_handler+0x84/0xfc [ 94.123592][ T7782] el0t_64_sync+0x190/0x194 [ 94.140370][ T7777] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 94.143098][ T7777] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 94.147303][ T7777] BTRFS info (device loop0): using free-space-tree [ 94.290986][ T7777] BTRFS info (device loop0): checking UUID tree [ 94.364856][ T7780] loop3: detected capacity change from 0 to 32768 [ 94.369002][ T7778] loop1: detected capacity change from 0 to 40427 [ 94.380389][ T7778] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 94.382427][ T7778] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 94.383774][ T7784] loop4: detected capacity change from 0 to 32768 [ 94.389538][ T7778] F2FS-fs (loop1): Unrecognized mount option "" or missing value [ 94.390447][ T6385] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 94.395789][ T7780] [ 94.395789][ T7780] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.395789][ T7780] [ 94.400004][ T7784] BTRFS: device /dev/loop4 (7:4) using temp-fsid c37a4d0a-b0f2-4aa7-98ca-1167b20f8527 [ 94.402654][ T7784] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.244 (7784) [ 94.404135][ T7778] Bluetooth: MGMT ver 1.22 [ 94.422889][ T7780] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 94.422889][ T7780] [ 94.428163][ T7784] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 94.431070][ T7784] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 94.433334][ T7784] BTRFS info (device loop4): using free-space-tree [ 94.452065][ T7778] syzkaller1: entered promiscuous mode [ 94.455512][ T7778] syzkaller1: entered allmulticast mode [ 94.596704][ T43] read_mapping_page failed! [ 94.606137][ T43] ERROR: (device loop3): txAbort: [ 94.606137][ T43] [ 94.616237][ T43] jfs_write_inode: jfs_commit_inode failed! [ 94.617817][ T6381] [ 94.617817][ T6381] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.617817][ T6381] [ 94.634498][ T6381] [ 94.634498][ T6381] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.634498][ T6381] [ 94.902075][ T7820] overlay: ./file1 is not a directory [ 95.104650][ T7835] loop1: detected capacity change from 0 to 256 [ 95.122317][ T7835] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 95.185600][ T7837] loop2: detected capacity change from 0 to 128 [ 95.225402][ T7837] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 95.237360][ T7837] ext4 filesystem being mounted at /50/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 95.372840][ T6380] BTRFS info (device loop4): last unmount of filesystem c37a4d0a-b0f2-4aa7-98ca-1167b20f8527 [ 95.559177][ T7846] netlink: 224 bytes leftover after parsing attributes in process `syz.0.253'. [ 95.571486][ T7847] loop4: detected capacity change from 0 to 256 [ 95.574475][ T7846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.589069][ T7832] loop3: detected capacity change from 0 to 40427 [ 95.604622][ T7832] F2FS-fs (loop3): invalid crc value [ 95.620454][ T7847] FAT-fs (loop4): Directory bread(block 64) failed [ 95.622166][ T7847] FAT-fs (loop4): Directory bread(block 65) failed [ 95.623057][ T7832] F2FS-fs (loop3): Found nat_bits in checkpoint [ 95.636123][ T7832] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 95.645771][ T7847] FAT-fs (loop4): Directory bread(block 66) failed [ 95.647531][ T7847] FAT-fs (loop4): Directory bread(block 67) failed [ 95.666989][ T7847] FAT-fs (loop4): Directory bread(block 68) failed [ 95.673184][ T6381] syz-executor: attempt to access beyond end of device [ 95.673184][ T6381] loop3: rw=2049, sector=40960, nr_sectors = 48 limit=40427 [ 95.673208][ T7847] FAT-fs (loop4): Directory bread(block 69) failed [ 95.687357][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 95.688370][ T7847] FAT-fs (loop4): Directory bread(block 70) failed [ 95.689483][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 95.693268][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 95.694975][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 95.695339][ T7847] FAT-fs (loop4): Directory bread(block 71) failed [ 95.696650][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 95.701516][ T6381] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 95.718427][ T7847] FAT-fs (loop4): Directory bread(block 72) failed [ 95.720131][ T7847] FAT-fs (loop4): Directory bread(block 73) failed [ 98.192431][ T7859] loop0: detected capacity change from 0 to 32768 [ 98.198293][ T7859] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.255 (7859) [ 98.229136][ T7859] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 98.231880][ T7859] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 98.234340][ T7859] BTRFS info (device loop0): using free-space-tree [ 98.277003][ T7857] loop3: detected capacity change from 0 to 40427 [ 98.315309][ T7857] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 98.316889][ T7861] loop1: detected capacity change from 0 to 32768 [ 98.317367][ T7857] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 98.333368][ T6378] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 98.354488][ T7861] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 98.360509][ T7857] F2FS-fs (loop3): Found nat_bits in checkpoint [ 98.426325][ T7859] BTRFS info (device loop0): checking UUID tree [ 98.444898][ T7861] XFS (loop1): Ending clean mount [ 98.461882][ T7861] XFS (loop1): Quotacheck needed: Please wait. [ 98.462778][ T7891] loop2: detected capacity change from 0 to 1024 [ 98.472832][ T7857] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 98.474901][ T7857] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 98.514893][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 98.516881][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 98.518269][ T7891] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.518867][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 98.521759][ T7891] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.523801][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 98.529867][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 98.531891][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 98.534117][ T6381] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 98.573543][ T7861] XFS (loop1): Quotacheck: Done. [ 98.574552][ T6385] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 98.693287][ T6378] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.809098][ T7863] loop4: detected capacity change from 0 to 32768 [ 98.936919][ T7899] capability: warning: `syz.1.256' uses 32-bit capabilities (legacy support in use) [ 99.082189][ T7863] gfs2: Bad value for 'quota_quantum' [ 99.273815][ T7901] loop2: detected capacity change from 0 to 1024 [ 99.362024][ T7901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.365214][ T7901] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.372045][ T6847] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 99.375449][ T7907] loop0: detected capacity change from 0 to 1024 [ 99.413254][ T7907] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.416463][ T7907] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.490250][ T7907] FAULT_INJECTION: forcing a failure. [ 99.490250][ T7907] name failslab, interval 1, probability 0, space 0, times 0 [ 99.493688][ T7907] CPU: 0 PID: 7907 Comm: syz.0.260 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 99.496088][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 99.498598][ T7907] Call trace: [ 99.499482][ T7907] dump_backtrace+0x1b8/0x1e4 [ 99.500701][ T7907] show_stack+0x2c/0x3c [ 99.501808][ T7907] dump_stack_lvl+0xe4/0x150 [ 99.502941][ T7907] dump_stack+0x1c/0x28 [ 99.504044][ T7907] should_fail_ex+0x3b0/0x50c [ 99.505393][ T7907] __should_failslab+0xc8/0x128 [ 99.506707][ T7907] should_failslab+0x10/0x28 [ 99.507946][ T7907] kmalloc_trace_noprof+0x80/0x374 [ 99.509304][ T7907] __iomap_dio_rw+0x32c/0x216c [ 99.510528][ T7907] iomap_dio_rw+0x5c/0xa8 [ 99.511619][ T7907] ext4_file_write_iter+0x1410/0x1780 [ 99.513010][ T7907] do_iter_readv_writev+0x438/0x658 [ 99.514415][ T7907] vfs_writev+0x410/0xb80 [ 99.515654][ T7907] __arm64_sys_pwritev+0x18c/0x29c [ 99.517035][ T7907] invoke_syscall+0x98/0x2b8 [ 99.518269][ T7907] el0_svc_common+0x130/0x23c [ 99.519492][ T7907] do_el0_svc+0x48/0x58 [ 99.520573][ T7907] el0_svc+0x54/0x168 [ 99.521594][ T7907] el0t_64_sync_handler+0x84/0xfc [ 99.522908][ T7907] el0t_64_sync+0x190/0x194 [ 99.651612][ T7910] loop3: detected capacity change from 0 to 128 [ 99.663894][ T6385] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.670863][ T7910] FAT-fs (loop3): Unrecognized mount option " " or missing value [ 99.717506][ T7918] loop1: detected capacity change from 0 to 256 [ 99.795655][ T7918] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 99.924813][ T7922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.994929][ T7925] netlink: 232 bytes leftover after parsing attributes in process `syz.1.265'. [ 100.009208][ T30] audit: type=1400 audit(2000000003.880:7): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=7924 comm="syz.1.265" src=20002 netif=wpan0 [ 100.047720][ T7135] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 100.163248][ T6378] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.454786][ T7929] loop4: detected capacity change from 0 to 128 [ 100.483929][ T7929] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.511510][ T7929] ext4 filesystem being mounted at /57/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 100.528090][ T7932] loop0: detected capacity change from 0 to 256 [ 100.597907][ T7925] loop1: detected capacity change from 0 to 32768 [ 100.607658][ T7925] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 100.610412][ T7925] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 100.616552][ T7925] gfs2: fsid=syz:syz.0: gfs2_check_dirent: zero inode number (not first in block) [ 100.634607][ T7925] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 3 2074, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 100.668373][ T7936] loop3: detected capacity change from 0 to 1024 [ 100.670473][ T7936] EXT4-fs: Ignoring removed oldalloc option [ 100.673397][ T7925] gfs2: fsid=syz:syz.0: G: s:SH n:2/81a f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 100.675698][ T7925] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:7925 [syz.1.265] init_inodes+0xe0/0x2d8 [ 100.678058][ T7925] gfs2: fsid=syz:syz.0: I: n:3/2074 t:4 f:0x00 d:0x00000201 s:3864 p:0 [ 100.680148][ T7936] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 100.686201][ T7932] FAT-fs (loop0): Directory bread(block 64) failed [ 100.687993][ T7932] FAT-fs (loop0): Directory bread(block 65) failed [ 100.703381][ T7932] FAT-fs (loop0): Directory bread(block 66) failed [ 100.709129][ T7932] FAT-fs (loop0): Directory bread(block 67) failed [ 100.710845][ T7932] FAT-fs (loop0): Directory bread(block 68) failed [ 100.712535][ T7932] FAT-fs (loop0): Directory bread(block 69) failed [ 100.714265][ T7932] FAT-fs (loop0): Directory bread(block 70) failed [ 100.715972][ T7925] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 100.732266][ T7925] gfs2: fsid=syz:syz.0: File system withdrawn [ 100.733216][ T7932] FAT-fs (loop0): Directory bread(block 71) failed [ 100.739527][ T7925] CPU: 0 PID: 7925 Comm: syz.1.265 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 100.741355][ T7932] FAT-fs (loop0): Directory bread(block 72) failed [ 100.741968][ T7925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 100.743772][ T7932] FAT-fs (loop0): Directory bread(block 73) failed [ 100.746288][ T7925] Call trace: [ 100.748722][ T7925] dump_backtrace+0x1b8/0x1e4 [ 100.749878][ T7925] show_stack+0x2c/0x3c [ 100.750907][ T7925] dump_stack_lvl+0xe4/0x150 [ 100.752164][ T7925] dump_stack+0x1c/0x28 [ 100.753287][ T7925] gfs2_withdraw+0xe00/0x133c [ 100.754592][ T7925] gfs2_consist_inode_i+0xf0/0x10c [ 100.755857][ T7925] gfs2_dirent_scan+0x46c/0x5b0 [ 100.757086][ T7925] gfs2_dirent_search+0x274/0x77c [ 100.758341][ T7925] gfs2_dir_check+0xb8/0x2d8 [ 100.759518][ T7925] init_journal+0x384/0x1fb8 [ 100.760775][ T7925] init_inodes+0xe0/0x2d8 [ 100.761965][ T7925] gfs2_fill_super+0x167c/0x1f54 [ 100.763302][ T7925] get_tree_bdev+0x320/0x470 [ 100.764462][ T7925] gfs2_get_tree+0x54/0x1b4 [ 100.765619][ T7925] vfs_get_tree+0x90/0x288 [ 100.766744][ T7925] do_new_mount+0x278/0x900 [ 100.767886][ T7925] path_mount+0x590/0xe04 [ 100.768965][ T7925] __arm64_sys_mount+0x3c4/0x488 [ 100.770281][ T7925] invoke_syscall+0x98/0x2b8 [ 100.771515][ T7925] el0_svc_common+0x130/0x23c [ 100.772729][ T7925] do_el0_svc+0x48/0x58 [ 100.773800][ T7925] el0_svc+0x54/0x168 [ 100.774795][ T7925] el0t_64_sync_handler+0x84/0xfc [ 100.776053][ T7925] el0t_64_sync+0x190/0x194 [ 100.818759][ T7936] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.954078][ T7925] gfs2: fsid=syz:syz.0: can't read journal index: -5 [ 100.964601][ T6381] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.152869][ T7947] FAULT_INJECTION: forcing a failure. [ 102.152869][ T7947] name failslab, interval 1, probability 0, space 0, times 0 [ 102.156127][ T7947] CPU: 1 PID: 7947 Comm: syz.1.272 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 102.158447][ T7947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 102.160941][ T7947] Call trace: [ 102.161759][ T7947] dump_backtrace+0x1b8/0x1e4 [ 102.162989][ T7947] show_stack+0x2c/0x3c [ 102.164073][ T7947] dump_stack_lvl+0xe4/0x150 [ 102.165241][ T7947] dump_stack+0x1c/0x28 [ 102.166285][ T7947] should_fail_ex+0x3b0/0x50c [ 102.167476][ T7947] __should_failslab+0xc8/0x128 [ 102.168684][ T7947] should_failslab+0x10/0x28 [ 102.169823][ T7947] kmem_cache_alloc_noprof+0x84/0x350 [ 102.171156][ T7947] pte_alloc_one_noprof+0x78/0x2fc [ 102.172613][ T7947] handle_pte_fault+0x468c/0x5714 [ 102.173895][ T7947] handle_mm_fault+0xe84/0x15cc [ 102.175145][ T7947] do_page_fault+0x38c/0xb1c [ 102.176338][ T7947] do_translation_fault+0xc4/0x114 [ 102.177640][ T7947] do_mem_abort+0x74/0x200 [ 102.178784][ T7947] el0_da+0x60/0x178 [ 102.179780][ T7947] el0t_64_sync_handler+0xcc/0xfc [ 102.181104][ T7947] el0t_64_sync+0x190/0x194 [ 102.298727][ T7947] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 102.747266][ T7945] loop3: detected capacity change from 0 to 32768 [ 102.767806][ T7945] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.271 (7945) [ 102.907308][ T7945] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 102.924291][ T7945] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 102.926543][ T7945] BTRFS info (device loop3): using free-space-tree [ 102.932473][ T7947] loop1: detected capacity change from 0 to 32768 [ 102.944796][ T7947] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 102.947917][ T7947] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 102.966100][ T7947] gfs2: fsid=syz:syz.0: gfs2_check_dirent: zero inode number (not first in block) [ 102.978270][ T7947] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 3 2074, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 102.981841][ T7947] gfs2: fsid=syz:syz.0: G: s:SH n:2/81a f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 102.984427][ T7947] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:7947 [syz.1.272] init_inodes+0xe0/0x2d8 [ 102.986978][ T7947] gfs2: fsid=syz:syz.0: I: n:3/2074 t:4 f:0x00 d:0x00000201 s:3864 p:0 [ 102.991256][ T7947] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 102.993192][ T7947] gfs2: fsid=syz:syz.0: File system withdrawn [ 102.998239][ T7947] CPU: 0 PID: 7947 Comm: syz.1.272 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 103.000592][ T7947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 103.003162][ T7947] Call trace: [ 103.003972][ T7947] dump_backtrace+0x1b8/0x1e4 [ 103.005147][ T7947] show_stack+0x2c/0x3c [ 103.006177][ T7947] dump_stack_lvl+0xe4/0x150 [ 103.007326][ T7947] dump_stack+0x1c/0x28 [ 103.008415][ T7947] gfs2_withdraw+0xe00/0x133c [ 103.009590][ T7947] gfs2_consist_inode_i+0xf0/0x10c [ 103.010904][ T7947] gfs2_dirent_scan+0x46c/0x5b0 [ 103.012154][ T7947] gfs2_dirent_search+0x274/0x77c [ 103.013427][ T7947] gfs2_dir_check+0xb8/0x2d8 [ 103.014601][ T7947] init_journal+0x384/0x1fb8 [ 103.015769][ T7947] init_inodes+0xe0/0x2d8 [ 103.016869][ T7947] gfs2_fill_super+0x167c/0x1f54 [ 103.018172][ T7947] get_tree_bdev+0x320/0x470 [ 103.019341][ T7947] gfs2_get_tree+0x54/0x1b4 [ 103.020476][ T7947] vfs_get_tree+0x90/0x288 [ 103.021596][ T7947] do_new_mount+0x278/0x900 [ 103.022725][ T7947] path_mount+0x590/0xe04 [ 103.023875][ T7947] __arm64_sys_mount+0x3c4/0x488 [ 103.025151][ T7947] invoke_syscall+0x98/0x2b8 [ 103.026316][ T7947] el0_svc_common+0x130/0x23c [ 103.027538][ T7947] do_el0_svc+0x48/0x58 [ 103.028591][ T7947] el0_svc+0x54/0x168 [ 103.029591][ T7947] el0t_64_sync_handler+0x84/0xfc [ 103.030875][ T7947] el0t_64_sync+0x190/0x194 [ 103.037652][ T7945] BTRFS info (device loop3): checking UUID tree [ 103.044272][ T7947] gfs2: fsid=syz:syz.0: can't read journal index: -5 [ 103.184128][ T7971] loop0: detected capacity change from 0 to 256 [ 103.228881][ T7970] loop1: detected capacity change from 0 to 2048 [ 103.245700][ T7970] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 103.247315][ T6381] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 103.256788][ T7971] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 103.405606][ T7135] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 103.445413][ T6380] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 103.467548][ T7976] netlink: 16 bytes leftover after parsing attributes in process `syz.1.277'. [ 103.479303][ T7976] netlink: 16 bytes leftover after parsing attributes in process `syz.1.277'. [ 103.483465][ T7981] FAULT_INJECTION: forcing a failure. [ 103.483465][ T7981] name failslab, interval 1, probability 0, space 0, times 0 [ 103.486573][ T7981] CPU: 0 PID: 7981 Comm: syz.3.276 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 103.488868][ T7981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 103.491381][ T7981] Call trace: [ 103.492210][ T7981] dump_backtrace+0x1b8/0x1e4 [ 103.493405][ T7981] show_stack+0x2c/0x3c [ 103.494490][ T7981] dump_stack_lvl+0xe4/0x150 [ 103.495656][ T7981] dump_stack+0x1c/0x28 [ 103.496726][ T7981] should_fail_ex+0x3b0/0x50c [ 103.497912][ T7981] __should_failslab+0xc8/0x128 [ 103.499169][ T7981] should_failslab+0x10/0x28 [ 103.500380][ T7981] kmem_cache_alloc_noprof+0x84/0x350 [ 103.501734][ T7981] alloc_empty_file+0xac/0x1d4 [ 103.502933][ T7981] alloc_file_pseudo+0x1a0/0x25c [ 103.504225][ T7981] sock_alloc_file+0xb8/0x268 [ 103.505413][ T7981] __sys_socket+0x1b4/0x340 [ 103.506578][ T7981] __arm64_sys_socket+0x7c/0x94 [ 103.507828][ T7981] invoke_syscall+0x98/0x2b8 [ 103.509022][ T7981] el0_svc_common+0x130/0x23c [ 103.510184][ T7981] do_el0_svc+0x48/0x58 [ 103.511235][ T7981] el0_svc+0x54/0x168 [ 103.512270][ T7981] el0t_64_sync_handler+0x84/0xfc [ 103.513582][ T7981] el0t_64_sync+0x190/0x194 [ 103.524141][ T7983] 9pnet_fd: Insufficient options for proto=fd [ 103.570453][ T7985] loop2: detected capacity change from 0 to 512 [ 103.606628][ T7985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.610170][ T7985] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.766153][ T7992] loop1: detected capacity change from 0 to 256 [ 103.800795][ T7992] FAT-fs (loop1): Directory bread(block 64) failed [ 103.806760][ T7992] FAT-fs (loop1): Directory bread(block 65) failed [ 103.818272][ T7992] FAT-fs (loop1): Directory bread(block 66) failed [ 103.819989][ T7992] FAT-fs (loop1): Directory bread(block 67) failed [ 103.821713][ T7992] FAT-fs (loop1): Directory bread(block 68) failed [ 103.828381][ T7992] FAT-fs (loop1): Directory bread(block 69) failed [ 103.830263][ T7992] FAT-fs (loop1): Directory bread(block 70) failed [ 103.832011][ T7992] FAT-fs (loop1): Directory bread(block 71) failed [ 103.844041][ T7992] FAT-fs (loop1): Directory bread(block 72) failed [ 103.846780][ T7992] FAT-fs (loop1): Directory bread(block 73) failed [ 104.039258][ T7990] loop4: detected capacity change from 0 to 40427 [ 104.046418][ T7990] F2FS-fs (loop4): invalid crc value [ 104.517767][ T7990] F2FS-fs (loop4): Found nat_bits in checkpoint [ 105.161179][ T7990] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 105.189131][ T8000] FAULT_INJECTION: forcing a failure. [ 105.189131][ T8000] name failslab, interval 1, probability 0, space 0, times 0 [ 105.213160][ T8000] CPU: 1 PID: 8000 Comm: syz.0.284 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 105.215647][ T8000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 105.218236][ T8000] Call trace: [ 105.219051][ T8000] dump_backtrace+0x1b8/0x1e4 [ 105.220249][ T8000] show_stack+0x2c/0x3c [ 105.221300][ T8000] dump_stack_lvl+0xe4/0x150 [ 105.222532][ T8000] dump_stack+0x1c/0x28 [ 105.223641][ T8000] should_fail_ex+0x3b0/0x50c [ 105.224872][ T8000] __should_failslab+0xc8/0x128 [ 105.226157][ T8000] should_failslab+0x10/0x28 [ 105.227331][ T8000] kmem_cache_alloc_noprof+0x84/0x350 [ 105.228685][ T8000] __anon_vma_prepare+0xc4/0x400 [ 105.229934][ T8000] handle_pte_fault+0x4910/0x5714 [ 105.231203][ T8000] handle_mm_fault+0xe84/0x15cc [ 105.232489][ T8000] do_page_fault+0x38c/0xb1c [ 105.233707][ T8000] do_translation_fault+0xc4/0x114 [ 105.235046][ T8000] do_mem_abort+0x74/0x200 [ 105.236199][ T8000] el0_da+0x60/0x178 [ 105.237199][ T8000] el0t_64_sync_handler+0xcc/0xfc [ 105.238476][ T8000] el0t_64_sync+0x190/0x194 [ 105.327562][ T6380] syz-executor: attempt to access beyond end of device [ 105.327562][ T6380] loop4: rw=2049, sector=40960, nr_sectors = 48 limit=40427 [ 105.344770][ T6380] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 105.346635][ T6380] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 105.360044][ T8000] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 105.362937][ T6380] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 105.364655][ T6380] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 105.366314][ T6380] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 105.367995][ T6380] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 105.632217][ T6378] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.967216][ T8002] loop3: detected capacity change from 0 to 32768 [ 106.057488][ T7135] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 106.093801][ T8009] loop4: detected capacity change from 0 to 512 [ 106.162870][ T8002] loop3: detected capacity change from 0 to 256 [ 106.214094][ T8000] loop0: detected capacity change from 0 to 32768 [ 106.222799][ T8000] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 106.228358][ T8000] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 106.243625][ T8000] gfs2: fsid=syz:syz.0: gfs2_check_dirent: zero inode number (not first in block) [ 106.245977][ T8000] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 3 2074, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 106.276078][ T8000] gfs2: fsid=syz:syz.0: G: s:SH n:2/81a f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 106.287929][ T8000] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:8000 [syz.0.284] init_inodes+0xe0/0x2d8 [ 106.304997][ T8000] gfs2: fsid=syz:syz.0: I: n:3/2074 t:4 f:0x00 d:0x00000201 s:3864 p:0 [ 106.318794][ T8006] loop2: detected capacity change from 0 to 32768 [ 106.321115][ T8000] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 106.323790][ T8000] gfs2: fsid=syz:syz.0: File system withdrawn [ 106.325559][ T8006] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.287 (8006) [ 106.329095][ T8000] CPU: 1 PID: 8000 Comm: syz.0.284 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 106.331604][ T8000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 106.334302][ T8000] Call trace: [ 106.335180][ T8000] dump_backtrace+0x1b8/0x1e4 [ 106.336382][ T8000] show_stack+0x2c/0x3c [ 106.337453][ T8000] dump_stack_lvl+0xe4/0x150 [ 106.338686][ T8000] dump_stack+0x1c/0x28 [ 106.339848][ T8000] gfs2_withdraw+0xe00/0x133c [ 106.341093][ T8000] gfs2_consist_inode_i+0xf0/0x10c [ 106.342390][ T8000] gfs2_dirent_scan+0x46c/0x5b0 [ 106.343660][ T8000] gfs2_dirent_search+0x274/0x77c [ 106.344987][ T8000] gfs2_dir_check+0xb8/0x2d8 [ 106.346159][ T8000] init_journal+0x384/0x1fb8 [ 106.347363][ T8000] init_inodes+0xe0/0x2d8 [ 106.348472][ T8000] gfs2_fill_super+0x167c/0x1f54 [ 106.349781][ T8000] get_tree_bdev+0x320/0x470 [ 106.351012][ T8000] gfs2_get_tree+0x54/0x1b4 [ 106.352280][ T8000] vfs_get_tree+0x90/0x288 [ 106.353461][ T8000] do_new_mount+0x278/0x900 [ 106.354609][ T8000] path_mount+0x590/0xe04 [ 106.355775][ T8000] __arm64_sys_mount+0x3c4/0x488 [ 106.357113][ T8000] invoke_syscall+0x98/0x2b8 [ 106.358300][ T8000] el0_svc_common+0x130/0x23c [ 106.359587][ T8000] do_el0_svc+0x48/0x58 [ 106.360719][ T8000] el0_svc+0x54/0x168 [ 106.361792][ T8000] el0t_64_sync_handler+0x84/0xfc [ 106.363130][ T8000] el0t_64_sync+0x190/0x194 [ 106.363877][ T8006] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 106.365060][ T8000] gfs2: fsid=syz:syz.0: can't read journal index: -5 [ 106.383965][ T8006] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 106.388457][ T8006] BTRFS info (device loop2): using free-space-tree [ 106.401874][ T8019] loop4: detected capacity change from 0 to 128 [ 106.424351][ T8019] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 106.441081][ T8019] ext4 filesystem being mounted at /61/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 106.649823][ T8006] BTRFS info (device loop2): checking UUID tree [ 106.730924][ T8044] loop0: detected capacity change from 0 to 256 [ 106.765882][ T8044] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 106.809410][ T6378] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 107.336475][ T8046] loop3: detected capacity change from 0 to 32768 [ 107.359461][ T8046] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 107.370831][ T6380] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.386656][ T8049] loop2: detected capacity change from 0 to 32768 [ 107.413615][ T8049] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 107.467988][ T8046] XFS (loop3): Ending clean mount [ 107.487351][ T8046] XFS (loop3): Quotacheck needed: Please wait. [ 107.518065][ T8046] XFS (loop3): Quotacheck: Done. [ 107.549946][ T8049] XFS (loop2): Ending clean mount [ 107.647284][ T8072] FAULT_INJECTION: forcing a failure. [ 107.647284][ T8072] name failslab, interval 1, probability 0, space 0, times 0 [ 107.652446][ T8072] CPU: 0 PID: 8072 Comm: syz.4.296 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 107.654870][ T8072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 107.657486][ T8072] Call trace: [ 107.658313][ T8072] dump_backtrace+0x1b8/0x1e4 [ 107.659492][ T8072] show_stack+0x2c/0x3c [ 107.660526][ T8072] dump_stack_lvl+0xe4/0x150 [ 107.661697][ T8072] dump_stack+0x1c/0x28 [ 107.662749][ T8072] should_fail_ex+0x3b0/0x50c [ 107.663918][ T8072] __should_failslab+0xc8/0x128 [ 107.665157][ T8072] should_failslab+0x10/0x28 [ 107.666380][ T8072] kmem_cache_alloc_noprof+0x84/0x350 [ 107.667716][ T8072] security_file_alloc+0x30/0x124 [ 107.668968][ T8072] init_file+0x90/0x1f8 [ 107.670015][ T8072] alloc_empty_file+0xc0/0x1d4 [ 107.671262][ T8072] alloc_file_pseudo+0x1a0/0x25c [ 107.672503][ T8072] sock_alloc_file+0xb8/0x268 [ 107.673689][ T8072] __sys_socket+0x1b4/0x340 [ 107.674839][ T8072] __arm64_sys_socket+0x7c/0x94 [ 107.676131][ T8072] invoke_syscall+0x98/0x2b8 [ 107.677317][ T8072] el0_svc_common+0x130/0x23c [ 107.678506][ T8072] do_el0_svc+0x48/0x58 [ 107.679586][ T8072] el0_svc+0x54/0x168 [ 107.680624][ T8072] el0t_64_sync_handler+0x84/0xfc [ 107.681917][ T8072] el0t_64_sync+0x190/0x194 [ 107.692912][ T6381] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 107.780696][ T8074] loop1: detected capacity change from 0 to 256 [ 107.797282][ T8074] FAT-fs (loop1): Directory bread(block 64) failed [ 107.799172][ T8074] FAT-fs (loop1): Directory bread(block 65) failed [ 107.803505][ T8074] FAT-fs (loop1): Directory bread(block 66) failed [ 107.806253][ T8074] FAT-fs (loop1): Directory bread(block 67) failed [ 107.810647][ T8074] FAT-fs (loop1): Directory bread(block 68) failed [ 107.812377][ T8074] FAT-fs (loop1): Directory bread(block 69) failed [ 107.814565][ T8074] FAT-fs (loop1): Directory bread(block 70) failed [ 107.816249][ T8074] FAT-fs (loop1): Directory bread(block 71) failed [ 107.823870][ T8074] FAT-fs (loop1): Directory bread(block 72) failed [ 107.826300][ T8074] FAT-fs (loop1): Directory bread(block 73) failed [ 107.877255][ T8077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.031749][ T8079] loop3: detected capacity change from 0 to 8 [ 109.619628][ T8086] SQUASHFS error: Unable to read directory block [631:26] [ 109.761929][ T6378] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.945506][ T8095] loop4: detected capacity change from 0 to 256 [ 109.992843][ T8095] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 110.275726][ T8100] loop4: detected capacity change from 0 to 128 [ 110.313924][ T8100] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 110.342248][ T8100] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 110.454303][ T8088] loop0: detected capacity change from 0 to 40427 [ 110.498312][ T8088] F2FS-fs (loop0): Invalid log sectorsize (2) [ 110.505068][ T8088] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 110.546474][ T8088] F2FS-fs (loop0): Found nat_bits in checkpoint [ 110.582642][ T8110] loop3: detected capacity change from 0 to 1024 [ 110.594532][ T8112] FAULT_INJECTION: forcing a failure. [ 110.594532][ T8112] name failslab, interval 1, probability 0, space 0, times 0 [ 110.597731][ T8112] CPU: 0 PID: 8112 Comm: syz.2.302 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 110.600098][ T8112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 110.602605][ T8112] Call trace: [ 110.603416][ T8112] dump_backtrace+0x1b8/0x1e4 [ 110.604673][ T8112] show_stack+0x2c/0x3c [ 110.605757][ T8112] dump_stack_lvl+0xe4/0x150 [ 110.606982][ T8112] dump_stack+0x1c/0x28 [ 110.608027][ T8112] should_fail_ex+0x3b0/0x50c [ 110.609197][ T8112] __should_failslab+0xc8/0x128 [ 110.610416][ T8112] should_failslab+0x10/0x28 [ 110.611566][ T8112] kmem_cache_alloc_noprof+0x84/0x350 [ 110.612897][ T8112] __anon_vma_prepare+0x104/0x400 [ 110.614185][ T8112] handle_pte_fault+0x4910/0x5714 [ 110.615505][ T8112] handle_mm_fault+0xe84/0x15cc [ 110.616781][ T8112] do_page_fault+0x38c/0xb1c [ 110.617940][ T8112] do_translation_fault+0xc4/0x114 [ 110.619087][ T8088] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 110.619242][ T8112] do_mem_abort+0x74/0x200 [ 110.621158][ T8088] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 110.622108][ T8112] el0_da+0x60/0x178 [ 110.622126][ T8112] el0t_64_sync_handler+0xcc/0xfc [ 110.622137][ T8112] el0t_64_sync+0x190/0x194 [ 110.631966][ T8112] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 110.670727][ T8110] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.683094][ T8110] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.856571][ T8112] loop2: detected capacity change from 0 to 32768 [ 110.882037][ T8112] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 110.885757][ T8112] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 110.901778][ T8112] gfs2: fsid=syz:syz.0: gfs2_check_dirent: zero inode number (not first in block) [ 110.907593][ T8112] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 3 2074, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 110.915630][ T8112] gfs2: fsid=syz:syz.0: G: s:SH n:2/81a f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 110.922274][ T8112] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:8112 [syz.2.302] init_inodes+0xe0/0x2d8 [ 110.927038][ T8112] gfs2: fsid=syz:syz.0: I: n:3/2074 t:4 f:0x00 d:0x00000201 s:3864 p:0 [ 110.951877][ T8112] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 110.953991][ T8112] gfs2: fsid=syz:syz.0: File system withdrawn [ 110.955478][ T8112] CPU: 0 PID: 8112 Comm: syz.2.302 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 110.957829][ T8112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 110.960333][ T8112] Call trace: [ 110.961142][ T8112] dump_backtrace+0x1b8/0x1e4 [ 110.962438][ T8112] show_stack+0x2c/0x3c [ 110.963559][ T8112] dump_stack_lvl+0xe4/0x150 [ 110.964847][ T8112] dump_stack+0x1c/0x28 [ 110.966007][ T8112] gfs2_withdraw+0xe00/0x133c [ 110.967210][ T8112] gfs2_consist_inode_i+0xf0/0x10c [ 110.968496][ T8112] gfs2_dirent_scan+0x46c/0x5b0 [ 110.969726][ T8112] gfs2_dirent_search+0x274/0x77c [ 110.971028][ T8112] gfs2_dir_check+0xb8/0x2d8 [ 110.972325][ T8112] init_journal+0x384/0x1fb8 [ 110.973509][ T8112] init_inodes+0xe0/0x2d8 [ 110.974709][ T8112] gfs2_fill_super+0x167c/0x1f54 [ 110.976085][ T8112] get_tree_bdev+0x320/0x470 [ 110.977230][ T8112] gfs2_get_tree+0x54/0x1b4 [ 110.978348][ T8112] vfs_get_tree+0x90/0x288 [ 110.979469][ T8112] do_new_mount+0x278/0x900 [ 110.980659][ T8112] path_mount+0x590/0xe04 [ 110.981829][ T8112] __arm64_sys_mount+0x3c4/0x488 [ 110.983183][ T8112] invoke_syscall+0x98/0x2b8 [ 110.984377][ T8112] el0_svc_common+0x130/0x23c [ 110.985722][ T8112] do_el0_svc+0x48/0x58 [ 110.986760][ T8112] el0_svc+0x54/0x168 [ 110.987742][ T8112] el0t_64_sync_handler+0x84/0xfc [ 110.989020][ T8112] el0t_64_sync+0x190/0x194 [ 111.032478][ T8112] gfs2: fsid=syz:syz.0: can't read journal index: -5 [ 111.139272][ T6385] syz-executor: attempt to access beyond end of device [ 111.139272][ T6385] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 111.142763][ T6380] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 111.144375][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 111.146213][ T6381] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.147060][ T6385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 111.304880][ T8124] FAULT_INJECTION: forcing a failure. [ 111.304880][ T8124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.314102][ T8124] CPU: 0 PID: 8124 Comm: syz.2.311 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 111.316692][ T8124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 111.319275][ T8124] Call trace: [ 111.320092][ T8124] dump_backtrace+0x1b8/0x1e4 [ 111.321269][ T8124] show_stack+0x2c/0x3c [ 111.322320][ T8124] dump_stack_lvl+0xe4/0x150 [ 111.323476][ T8124] dump_stack+0x1c/0x28 [ 111.324669][ T8124] should_fail_ex+0x3b0/0x50c [ 111.325925][ T8124] should_fail+0x14/0x24 [ 111.327111][ T8124] should_fail_usercopy+0x20/0x30 [ 111.328385][ T8124] move_addr_to_kernel+0x9c/0x1d0 [ 111.329675][ T8124] __sys_sendto+0x224/0x4f4 [ 111.330815][ T8124] __arm64_sys_sendto+0xd8/0xf8 [ 111.332057][ T8124] invoke_syscall+0x98/0x2b8 [ 111.333214][ T8124] el0_svc_common+0x130/0x23c [ 111.334472][ T8124] do_el0_svc+0x48/0x58 [ 111.335596][ T8124] el0_svc+0x54/0x168 [ 111.336661][ T8124] el0t_64_sync_handler+0x84/0xfc [ 111.337948][ T8124] el0t_64_sync+0x190/0x194 [ 111.353796][ T8125] loop1: detected capacity change from 0 to 512 [ 111.366023][ T8125] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 111.394250][ T8125] EXT4-fs (loop1): 1 truncate cleaned up [ 111.396120][ T8125] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.400933][ T8127] loop4: detected capacity change from 0 to 512 [ 111.403275][ T8127] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 111.406150][ T8127] EXT4-fs (loop4): can't mount with commit=1908, fs mounted w/o journal [ 111.465621][ T8127] loop4: detected capacity change from 0 to 8 [ 111.467457][ T8127] squashfs: Unknown parameter '01777777777777777777777ÿ01777777777777777777777' [ 111.488037][ T8128] netem: change failed [ 111.568869][ T8127] netem: change failed [ 111.593544][ T6847] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.638647][ T8133] netlink: 44 bytes leftover after parsing attributes in process `syz.4.310'. [ 111.906777][ T8145] loop1: detected capacity change from 0 to 256 [ 111.944476][ T8145] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 112.037345][ T8147] loop2: detected capacity change from 0 to 256 [ 112.064160][ T8147] FAT-fs (loop2): Directory bread(block 64) failed [ 112.078400][ T8147] FAT-fs (loop2): Directory bread(block 65) failed [ 112.080249][ T8147] FAT-fs (loop2): Directory bread(block 66) failed [ 112.081866][ T8147] FAT-fs (loop2): Directory bread(block 67) failed [ 112.083547][ T8147] FAT-fs (loop2): Directory bread(block 68) failed [ 112.085275][ T8147] FAT-fs (loop2): Directory bread(block 69) failed [ 112.086927][ T8147] FAT-fs (loop2): Directory bread(block 70) failed [ 112.110261][ T8147] FAT-fs (loop2): Directory bread(block 71) failed [ 112.112033][ T8147] FAT-fs (loop2): Directory bread(block 72) failed [ 112.113651][ T8147] FAT-fs (loop2): Directory bread(block 73) failed [ 112.306445][ T8141] loop4: detected capacity change from 0 to 32768 [ 112.321376][ T8141] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.314 (8141) [ 112.355605][ T8141] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 112.367793][ T8141] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 112.373676][ T8158] loop3: detected capacity change from 0 to 128 [ 112.375400][ T8141] BTRFS info (device loop4): using free-space-tree [ 112.386171][ T8158] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 112.424676][ T8158] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 113.043204][ T6380] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 113.116117][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.126287][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.128037][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.138619][ T8187] netlink: 8 bytes leftover after parsing attributes in process `syz.4.323'. [ 113.139764][ T8185] netlink: 80 bytes leftover after parsing attributes in process `syz.1.321'. [ 113.190173][ T6372] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 113.218474][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.232819][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.234313][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.306523][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.326015][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.327619][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.337425][ T8200] loop4: detected capacity change from 0 to 256 [ 113.341881][ T6381] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 113.345374][ T8200] FAT-fs (loop4): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 113.358437][ T6372] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 113.435945][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.443730][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.445331][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.581585][ T8216] loop2: detected capacity change from 0 to 256 [ 113.583734][ T8216] FAT-fs (loop2): Unrecognized mount option "" or missing value [ 113.593835][ T8218] FAULT_INJECTION: forcing a failure. [ 113.593835][ T8218] name failslab, interval 1, probability 0, space 0, times 0 [ 113.597044][ T8218] CPU: 0 PID: 8218 Comm: syz.3.327 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 113.599463][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 113.600597][ T6372] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 113.602043][ T8218] Call trace: [ 113.602053][ T8218] dump_backtrace+0x1b8/0x1e4 [ 113.606755][ T8218] show_stack+0x2c/0x3c [ 113.607969][ T8218] dump_stack_lvl+0xe4/0x150 [ 113.609284][ T8218] dump_stack+0x1c/0x28 [ 113.610487][ T8218] should_fail_ex+0x3b0/0x50c [ 113.611749][ T8218] __should_failslab+0xc8/0x128 [ 113.613097][ T8218] should_failslab+0x10/0x28 [ 113.614377][ T8218] kmem_cache_alloc_node_noprof+0x88/0x3a4 [ 113.615938][ T8218] __alloc_skb+0x1e0/0x420 [ 113.617162][ T8218] netlink_alloc_large_skb+0xd0/0x110 [ 113.618636][ T8218] netlink_sendmsg+0x4d4/0xa84 [ 113.619892][ T8218] __sys_sendto+0x374/0x4f4 [ 113.621115][ T8218] __arm64_sys_sendto+0xd8/0xf8 [ 113.622449][ T8218] invoke_syscall+0x98/0x2b8 [ 113.623697][ T8218] el0_svc_common+0x130/0x23c [ 113.624914][ T8218] do_el0_svc+0x48/0x58 [ 113.626062][ T8218] el0_svc+0x54/0x168 [ 113.627129][ T8218] el0t_64_sync_handler+0x84/0xfc [ 113.628512][ T8218] el0t_64_sync+0x190/0x194 [ 113.635262][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.637792][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.646223][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.657709][ T8219] loop1: detected capacity change from 0 to 1024 [ 113.660122][ T8219] hfsplus: invalid uid specified [ 113.661629][ T8219] hfsplus: unable to parse mount options [ 113.701952][ T6372] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 113.710947][ T8216] loop2: detected capacity change from 0 to 1024 [ 113.713844][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.717973][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.720749][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.722677][ T8216] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 113.739379][ T8216] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.764396][ T7135] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 113.771850][ T8216] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 113.787949][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.789723][ T7135] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.789749][ T7135] Buffer I/O error on dev loop0, logical block 0, async page read [ 113.789816][ T7135] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.797827][ T8225] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 113.815169][ T7135] Buffer I/O error on dev loop0, logical block 0, async page read [ 113.826672][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.831047][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.878702][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.881487][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.883181][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 113.932555][ T8184] loop0: detected capacity change from 0 to 2048 [ 113.948113][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 113.950046][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.039278][ T6378] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.043792][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.049485][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.051146][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.084877][ T7135] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 114.129996][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.142423][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.145209][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.194395][ T7135] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 114.225937][ T8238] loop3: detected capacity change from 0 to 64 [ 114.237270][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.249773][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.252596][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.305737][ T7135] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 114.344425][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.361782][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.366985][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.430307][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.451859][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.460314][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.512238][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.522414][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.527488][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.612451][ T8234] loop2: detected capacity change from 0 to 32768 [ 114.620815][ T8246] loop4: detected capacity change from 0 to 64 [ 114.633859][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.654579][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.657266][ T8246] Trying to free block not in datazone [ 114.659691][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.666797][ T8246] Trying to free block not in datazone [ 114.867418][ T8249] netlink: 16 bytes leftover after parsing attributes in process `syz.3.337'. [ 114.869981][ T8249] netlink: 24 bytes leftover after parsing attributes in process `syz.3.337'. [ 114.872328][ T8249] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 114.891502][ T8249] bond1: entered allmulticast mode [ 114.893026][ T8249] 8021q: adding VLAN 0 to HW filter on device bond1 [ 114.915533][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.926515][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 114.928438][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 114.945744][ T8253] loop4: detected capacity change from 0 to 256 [ 114.981799][ T8184] loop0: detected capacity change from 0 to 2048 [ 114.982281][ T8253] FAT-fs (loop4): Directory bread(block 64) failed [ 114.985283][ T8253] FAT-fs (loop4): Directory bread(block 65) failed [ 114.995396][ T8253] FAT-fs (loop4): Directory bread(block 66) failed [ 114.997215][ T8253] FAT-fs (loop4): Directory bread(block 67) failed [ 115.000151][ T8253] FAT-fs (loop4): Directory bread(block 68) failed [ 115.003964][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.006690][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.012096][ T8253] FAT-fs (loop4): Directory bread(block 69) failed [ 115.031340][ T8253] FAT-fs (loop4): Directory bread(block 70) failed [ 115.033158][ T8253] FAT-fs (loop4): Directory bread(block 71) failed [ 115.034858][ T8253] FAT-fs (loop4): Directory bread(block 72) failed [ 115.036526][ T8253] FAT-fs (loop4): Directory bread(block 73) failed [ 115.072508][ T8184] loop0: detected capacity change from 0 to 2048 [ 115.082285][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.084051][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.157506][ T8184] loop0: detected capacity change from 0 to 2048 [ 115.207350][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.212257][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.247155][ T8184] loop0: detected capacity change from 0 to 2048 [ 115.256181][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.260615][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.305386][ T8184] loop0: detected capacity change from 0 to 2048 [ 115.311512][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.313299][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.332154][ T8184] loop0: detected capacity change from 0 to 2048 [ 115.336890][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.340902][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.398624][ T8184] loop0: detected capacity change from 0 to 2048 [ 115.401195][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.402827][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.443810][ T8184] loop0: detected capacity change from 0 to 2048 [ 115.446494][ T8184] EXT4-fs (loop0): unsupported inode size: 0 [ 115.449752][ T8184] EXT4-fs (loop0): blocksize: 4096 [ 115.784654][ T8268] loop0: detected capacity change from 0 to 1024 [ 115.787303][ T8268] ext4: Unknown parameter 'appraise_type' [ 115.846445][ T8268] SET target dimension over the limit! [ 115.856557][ T8268] bridge0: port 3(syz_tun) entered blocking state [ 115.859325][ T8268] bridge0: port 3(syz_tun) entered disabled state [ 115.862022][ T8268] syz_tun: entered allmulticast mode [ 115.866403][ T8268] syz_tun: entered promiscuous mode [ 115.871372][ T8268] bridge0: port 3(syz_tun) entered blocking state [ 115.871414][ T8264] loop1: detected capacity change from 0 to 40427 [ 115.873362][ T8268] bridge0: port 3(syz_tun) entered forwarding state [ 115.876580][ T8264] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 115.876600][ T8264] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 115.903423][ T8264] F2FS-fs (loop1): Found nat_bits in checkpoint [ 115.931774][ T8264] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 115.933567][ T8264] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 115.972231][ T6847] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 115.974301][ T6847] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 115.976245][ T6847] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 115.978135][ T6847] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 115.992758][ T6847] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 115.994832][ T6847] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 115.996796][ T6847] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 116.126422][ T8286] netlink: 'syz.0.348': attribute type 10 has an invalid length. [ 116.237169][ T8289] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 116.306580][ T8291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 116.329009][ T8291] loop0: detected capacity change from 0 to 1024 [ 116.614171][ T8302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 116.853787][ T8302] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 117.284595][ T8319] loop4: detected capacity change from 0 to 47 [ 117.558808][ T8304] loop3: detected capacity change from 0 to 32768 [ 117.578323][ T8304] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.352 (8304) [ 117.597498][ T8304] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 117.601833][ T8304] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 117.604043][ T8304] BTRFS info (device loop3): using free-space-tree [ 117.748936][ T8304] BTRFS info (device loop3): rebuilding free space tree [ 117.777278][ T8340] loop4: detected capacity change from 0 to 256 [ 117.793685][ T8340] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 117.815818][ T8312] loop1: detected capacity change from 0 to 32768 [ 117.858278][ T8312] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.353 (8312) [ 117.885553][ T8312] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 117.909830][ T8312] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 117.912216][ T8312] BTRFS info (device loop1): using free-space-tree [ 117.924358][ T8342] loop4: detected capacity change from 0 to 512 [ 117.952816][ T8342] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz.4.358: corrupted in-inode xattr: e_name out of bounds [ 117.958543][ T8342] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.358: couldn't read orphan inode 15 (err -117) [ 117.963614][ T8342] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.991191][ T8312] BTRFS info (device loop1): checking UUID tree [ 118.037197][ T8336] loop0: detected capacity change from 0 to 40427 [ 118.069064][ T8312] FAULT_INJECTION: forcing a failure. [ 118.069064][ T8312] name failslab, interval 1, probability 0, space 0, times 0 [ 118.079218][ T8312] CPU: 1 PID: 8312 Comm: syz.1.353 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 118.081757][ T8312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 118.084238][ T8312] Call trace: [ 118.085099][ T8312] dump_backtrace+0x1b8/0x1e4 [ 118.086298][ T8312] show_stack+0x2c/0x3c [ 118.087365][ T8312] dump_stack_lvl+0xe4/0x150 [ 118.088569][ T8312] dump_stack+0x1c/0x28 [ 118.089787][ T8312] should_fail_ex+0x3b0/0x50c [ 118.091073][ T8312] __should_failslab+0xc8/0x128 [ 118.092378][ T8312] should_failslab+0x10/0x28 [ 118.093626][ T8312] kmem_cache_alloc_noprof+0x84/0x350 [ 118.095182][ T8312] alloc_extent_state+0x3c/0x3c0 [ 118.096574][ T8312] __set_extent_bit+0x200/0x1b34 [ 118.097942][ T8312] lock_extent+0x114/0x794 [ 118.099118][ T8312] btrfs_lock_and_flush_ordered_range+0xc8/0x24c [ 118.101008][ T8312] btrfs_readahead+0xae0/0x10d8 [ 118.102288][ T8312] read_pages+0x160/0x694 [ 118.103498][ T8312] page_cache_ra_unbounded+0x484/0x584 [ 118.105075][ T8312] page_cache_ra_order+0x7f0/0xa10 [ 118.106512][ T8312] do_sync_mmap_readahead+0x3a8/0x834 [ 118.107973][ T8312] filemap_fault+0x5b4/0x10a0 [ 118.109269][ T8312] __do_fault+0x11c/0x374 [ 118.110507][ T8312] handle_pte_fault+0x3160/0x5714 [ 118.111888][ T8312] handle_mm_fault+0xe84/0x15cc [ 118.113232][ T8312] do_page_fault+0x428/0xb1c [ 118.114523][ T8312] do_translation_fault+0xc4/0x114 [ 118.115944][ T8312] do_mem_abort+0x74/0x200 [ 118.117211][ T8312] el1_abort+0x3c/0x5c [ 118.118323][ T8312] el1h_64_sync_handler+0x60/0xac [ 118.119720][ T8312] el1h_64_sync+0x64/0x68 [ 118.120910][ T8312] __arch_copy_from_user+0x84/0x230 [ 118.122383][ T8312] __sys_bpf+0x17c/0x5f0 [ 118.123535][ T8312] __arm64_sys_bpf+0x80/0x98 [ 118.124820][ T8312] invoke_syscall+0x98/0x2b8 [ 118.126137][ T8312] el0_svc_common+0x130/0x23c [ 118.127383][ T8312] do_el0_svc+0x48/0x58 [ 118.128548][ T8312] el0_svc+0x54/0x168 [ 118.129615][ T8312] el0t_64_sync_handler+0x84/0xfc [ 118.130977][ T8312] el0t_64_sync+0x190/0x194 [ 118.132822][ T8336] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 118.134981][ T8336] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 118.159449][ T6380] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.172347][ T8336] F2FS-fs (loop0): Found nat_bits in checkpoint [ 118.203248][ T8336] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 118.205128][ T8336] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 118.233823][ T6847] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 118.291080][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 118.293053][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 118.294924][ T6385] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 118.311394][ T8370] loop4: detected capacity change from 0 to 256 [ 118.376184][ T8370] FAT-fs (loop4): Directory bread(block 64) failed [ 118.378074][ T8370] FAT-fs (loop4): Directory bread(block 65) failed [ 118.382640][ T8370] FAT-fs (loop4): Directory bread(block 66) failed [ 118.384316][ T8370] FAT-fs (loop4): Directory bread(block 67) failed [ 118.408430][ T8370] FAT-fs (loop4): Directory bread(block 68) failed [ 118.410238][ T8370] FAT-fs (loop4): Directory bread(block 69) failed [ 118.411905][ T8370] FAT-fs (loop4): Directory bread(block 70) failed [ 118.413565][ T8370] FAT-fs (loop4): Directory bread(block 71) failed [ 118.415236][ T8370] FAT-fs (loop4): Directory bread(block 72) failed [ 118.447352][ T8370] FAT-fs (loop4): Directory bread(block 73) failed [ 118.455646][ T8376] netlink: 64 bytes leftover after parsing attributes in process `syz.1.360'. [ 118.619578][ T6381] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 118.848398][ T8383] usb usb1: check_ctrlrecip: process 8383 (syz.0.362) requesting ep 01 but needs 81 [ 118.850773][ T8383] usb usb1: usbfs: process 8383 (syz.0.362) did not claim interface 0 before use [ 118.978424][ T8380] loop3: detected capacity change from 0 to 40427 [ 118.981999][ T8380] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 118.984257][ T8380] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 118.994430][ T8380] F2FS-fs (loop3): Found nat_bits in checkpoint [ 119.015207][ T8380] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 119.037599][ T8380] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 119.040831][ T8380] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 119.147862][ T8397] loop2: detected capacity change from 0 to 4096 [ 119.156664][ T8397] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 119.163163][ T8397] ntfs3: loop2: Failed to load $MFT (-2). [ 119.251344][ T8399] loop2: detected capacity change from 0 to 1024 [ 119.276910][ T8399] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.280500][ T8399] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.719801][ T8401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.369'. [ 123.175692][ T8421] loop0: detected capacity change from 0 to 1024 [ 123.179812][ T6378] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 36: comm syz-executor: path /71/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.202473][ T30] audit: type=1326 audit(2000000004.520:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.220103][ T6378] EXT4-fs error (device loop2): ext4_empty_dir:3127: inode #11: block 36: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.227328][ T30] audit: type=1326 audit(2000000004.520:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.233831][ T30] audit: type=1326 audit(2000000004.520:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.248699][ T6378] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 36: comm syz-executor: path /71/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.251455][ T8421] hfsplus: request for non-existent node 40 in B*Tree [ 123.254321][ T30] audit: type=1326 audit(2000000004.520:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.275743][ T6378] EXT4-fs error (device loop2): ext4_empty_dir:3127: inode #11: block 36: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.281873][ T30] audit: type=1326 audit(2000000004.520:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.284337][ T8421] hfsplus: request for non-existent node 40 in B*Tree [ 123.287469][ T30] audit: type=1326 audit(2000000004.520:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.287503][ T30] audit: type=1326 audit(2000000004.520:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.312130][ T6378] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 36: comm syz-executor: path /71/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.329801][ T6378] EXT4-fs error (device loop2): ext4_empty_dir:3127: inode #11: block 36: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.347709][ T30] audit: type=1326 audit(2000000004.520:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=149 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.353878][ T6378] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 36: comm syz-executor: path /71/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.368375][ T30] audit: type=1326 audit(2000000004.520:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.384715][ T30] audit: type=1326 audit(2000000004.520:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.367" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8543de8 code=0x7ffc0000 [ 123.390559][ T6378] EXT4-fs error (device loop2): ext4_empty_dir:3127: inode #11: block 36: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.407611][ T8416] loop4: detected capacity change from 0 to 32768 [ 123.426167][ T6378] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 36: comm syz-executor: path /71/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.436375][ T8425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.372'. [ 123.439477][ T6378] EXT4-fs error (device loop2): ext4_empty_dir:3127: inode #11: block 36: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=67108864, rec_len=1024, size=1024 fake=0 [ 123.444716][ T8416] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.370 (8416) [ 123.460875][ T8416] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 123.499573][ T8416] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 123.501921][ T8416] BTRFS info (device loop4): using free-space-tree [ 123.582629][ T8423] loop1: detected capacity change from 0 to 32768 [ 123.588143][ T8423] BTRFS: device /dev/loop1 (7:1) using temp-fsid 75fdaa43-1521-485a-b4a2-b7cc09c7b9f2 [ 123.601850][ T8423] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.374 (8423) [ 123.626571][ T8423] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 123.642687][ T8423] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 123.644915][ T8423] BTRFS info (device loop1): using free-space-tree [ 123.660107][ T8416] BTRFS info (device loop4): checking UUID tree [ 123.720872][ T8416] FAULT_INJECTION: forcing a failure. [ 123.720872][ T8416] name failslab, interval 1, probability 0, space 0, times 0 [ 123.737742][ T8423] BTRFS info (device loop1): checking UUID tree [ 123.743474][ T8416] CPU: 0 PID: 8416 Comm: syz.4.370 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 123.745874][ T8416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 123.748528][ T8416] Call trace: [ 123.749370][ T8416] dump_backtrace+0x1b8/0x1e4 [ 123.750576][ T8416] show_stack+0x2c/0x3c [ 123.751600][ T8416] dump_stack_lvl+0xe4/0x150 [ 123.752732][ T8416] dump_stack+0x1c/0x28 [ 123.753832][ T8416] should_fail_ex+0x3b0/0x50c [ 123.754996][ T8416] __should_failslab+0xc8/0x128 [ 123.756258][ T8416] should_failslab+0x10/0x28 [ 123.757514][ T8416] kmem_cache_alloc_noprof+0x84/0x350 [ 123.758964][ T8416] alloc_extent_map+0x28/0xec [ 123.760215][ T8416] btrfs_get_extent+0x228/0x14e4 [ 123.761514][ T8416] btrfs_do_readpage+0x5e8/0x109c [ 123.762754][ T8416] btrfs_readahead+0xb30/0x10d8 [ 123.763997][ T8416] read_pages+0x160/0x694 [ 123.765075][ T8416] page_cache_ra_unbounded+0x484/0x584 [ 123.766626][ T8416] page_cache_ra_order+0x7f0/0xa10 [ 123.768104][ T8416] do_sync_mmap_readahead+0x3a8/0x834 [ 123.769512][ T8416] filemap_fault+0x5b4/0x10a0 [ 123.770750][ T8416] __do_fault+0x11c/0x374 [ 123.771950][ T8416] handle_pte_fault+0x3160/0x5714 [ 123.773220][ T8416] handle_mm_fault+0xe84/0x15cc [ 123.774501][ T8416] do_page_fault+0x428/0xb1c [ 123.775754][ T8416] do_translation_fault+0xc4/0x114 [ 123.777173][ T8416] do_mem_abort+0x74/0x200 [ 123.778283][ T8416] el1_abort+0x3c/0x5c [ 123.779425][ T8416] el1h_64_sync_handler+0x60/0xac [ 123.780725][ T8416] el1h_64_sync+0x64/0x68 [ 123.781864][ T8416] __arch_copy_from_user+0x84/0x230 [ 123.783180][ T8416] __sys_bpf+0x17c/0x5f0 [ 123.784360][ T8416] __arm64_sys_bpf+0x80/0x98 [ 123.785538][ T8416] invoke_syscall+0x98/0x2b8 [ 123.786757][ T8416] el0_svc_common+0x130/0x23c [ 123.787979][ T8416] do_el0_svc+0x48/0x58 [ 123.789050][ T8416] el0_svc+0x54/0x168 [ 123.790110][ T8416] el0t_64_sync_handler+0x84/0xfc [ 123.791384][ T8416] el0t_64_sync+0x190/0x194 [ 123.882928][ T6380] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 124.102665][ T6841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.190368][ T8441] loop0: detected capacity change from 0 to 40427 [ 124.214359][ T8441] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 124.216633][ T8441] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 124.229449][ T8441] F2FS-fs (loop0): Unrecognized mount option "" or missing value [ 124.735396][ T6847] BTRFS info (device loop1): last unmount of filesystem 75fdaa43-1521-485a-b4a2-b7cc09c7b9f2 [ 124.926545][ T8518] fuse: Unknown parameter 'œm±"u<' [ 124.948760][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 124.953284][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 124.956843][ T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 124.960827][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 124.963658][ T52] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 124.965723][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 125.042420][ T213] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.057412][ T8525] netlink: 20 bytes leftover after parsing attributes in process `syz.1.398'. [ 125.161683][ T213] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.200985][ T8517] chnl_net:caif_netlink_parms(): no params data found [ 125.316138][ T213] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.345052][ T8531] loop1: detected capacity change from 0 to 32768 [ 125.347888][ T8517] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.350309][ T8517] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.352357][ T8517] bridge_slave_0: entered allmulticast mode [ 125.355506][ T8517] bridge_slave_0: entered promiscuous mode [ 125.360363][ T8517] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.362713][ T8517] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.364881][ T8517] bridge_slave_1: entered allmulticast mode [ 125.366989][ T8517] bridge_slave_1: entered promiscuous mode [ 125.396017][ T8531] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 125.444649][ T213] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.451234][ T8531] XFS (loop1): Ending clean mount [ 125.455350][ T8517] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 125.465675][ T8531] XFS (loop1): Quotacheck needed: Please wait. [ 125.470046][ T8517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 125.486475][ T8531] XFS (loop1): Quotacheck: Done. [ 125.493072][ T8517] team0: Port device team_slave_0 added [ 125.497334][ T8517] team0: Port device team_slave_1 added [ 125.531430][ T8517] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 125.534345][ T8517] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.545682][ T8517] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 125.563858][ T6847] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 125.567466][ T8517] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 125.587531][ T8517] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.589787][ T8547] loop0: detected capacity change from 0 to 1024 [ 125.596334][ T8547] EXT4-fs: Ignoring removed i_version option [ 125.599856][ T8547] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 125.608531][ T8517] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 125.624329][ T8547] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.704824][ T6385] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.759030][ T8517] hsr_slave_0: entered promiscuous mode [ 125.788581][ T8517] hsr_slave_1: entered promiscuous mode [ 125.809763][ T8559] loop0: detected capacity change from 0 to 512 [ 125.822143][ T8559] EXT4-fs (loop0): blocks per group (95) and clusters per group (32768) inconsistent [ 125.840532][ T8517] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 125.842588][ T8517] Cannot create hsr debugfs directory [ 125.876880][ T8562] loop4: detected capacity change from 0 to 1024 [ 125.888667][ T8562] EXT4-fs: Ignoring removed i_version option [ 125.891793][ T8562] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 125.900706][ T8567] netlink: 32 bytes leftover after parsing attributes in process `syz.0.410'. [ 125.931188][ T2322] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.932856][ T2322] ieee802154 phy1 wpan1: encryption failed: -22 [ 125.937020][ T8562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.001404][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.411'. [ 126.085327][ T213] bridge_slave_1: left allmulticast mode [ 126.086862][ T213] bridge_slave_1: left promiscuous mode [ 126.088973][ T213] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.112162][ T6380] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.139690][ T213] bridge_slave_0: left allmulticast mode [ 126.141183][ T213] bridge_slave_0: left promiscuous mode [ 126.142625][ T213] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.153898][ T8557] loop1: detected capacity change from 0 to 32768 [ 126.173908][ T8557] XFS (loop1): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 126.241745][ T8597] netlink: 8 bytes leftover after parsing attributes in process `syz.4.413'. [ 126.247132][ T8557] XFS (loop1): Starting recovery (logdev: internal) [ 126.276698][ T8557] XFS (loop1): Ending recovery (logdev: internal) [ 126.333722][ T6847] XFS (loop1): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 127.059173][ T52] Bluetooth: hci2: command tx timeout [ 127.682086][ T213] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 127.721163][ T213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 127.770609][ T213] bond0 (unregistering): Released all slaves [ 127.776486][ T213] bond1 (unregistering): Released all slaves [ 127.786642][ T8577] bridge0: port 3(syz_tun) entered disabled state [ 127.788843][ T8577] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.792004][ T8577] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.907412][ T8605] bridge_slave_1: left allmulticast mode [ 127.909334][ T8605] bridge_slave_1: left promiscuous mode [ 127.910872][ T8605] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.984798][ T8616] netlink: 24 bytes leftover after parsing attributes in process `syz.4.421'. [ 128.146354][ T8620] loop0: detected capacity change from 0 to 128 [ 128.292202][ T8621] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 128.472099][ T8635] netlink: 176 bytes leftover after parsing attributes in process `syz.4.427'. [ 128.855095][ T213] hsr_slave_0: left promiscuous mode [ 128.899441][ T213] hsr_slave_1: left promiscuous mode [ 128.933260][ T8655] loop4: detected capacity change from 0 to 2048 [ 128.954485][ T8655] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 128.978411][ T213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.980620][ T213] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.985300][ T213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.989891][ T213] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 129.034418][ T213] veth1_macvtap: left promiscuous mode [ 129.038550][ T213] veth0_macvtap: left promiscuous mode [ 129.041286][ T213] veth1_vlan: left promiscuous mode [ 129.045653][ T213] veth0_vlan: left promiscuous mode [ 129.145561][ T52] Bluetooth: hci2: command tx timeout [ 129.402373][ T8661] loop0: detected capacity change from 0 to 256 [ 129.703993][ T8673] futex_wake_op: syz.1.441 tries to shift op by 32; fix this program [ 130.101114][ T8678] loop1: detected capacity change from 0 to 40427 [ 130.108509][ T8678] F2FS-fs (loop1): Wrong NAT boundary, start(2560) end(462336) blocks(1024) [ 130.110798][ T8678] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 130.133112][ T8678] F2FS-fs (loop1): Found nat_bits in checkpoint [ 130.151731][ T8678] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 130.158322][ T8678] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 131.208241][ T52] Bluetooth: hci2: command tx timeout [ 131.733510][ T213] team0 (unregistering): Port device team_slave_1 removed [ 131.908011][ T8693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.912255][ T213] team0 (unregistering): Port device team_slave_0 removed [ 131.914286][ T8693] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.974644][ T8694] ptrace attach of "./syz-executor exec"[6381] was attempted by "./syz-executor exec"[8694] [ 133.298341][ T52] Bluetooth: hci2: command tx timeout [ 134.108028][ T6847] syz-executor: attempt to access beyond end of device [ 134.108028][ T6847] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 134.117463][ T6847] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 134.226007][ T8517] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 134.233732][ T8702] loop0: detected capacity change from 0 to 256 [ 134.266495][ T8517] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 134.281945][ T8517] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 134.295062][ T8517] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 134.332530][ T6372] blk_print_req_error: 4 callbacks suppressed [ 134.332545][ T6372] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 134.515299][ T8517] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.541085][ T8517] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.572210][ T6463] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.574124][ T6463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.844631][ T6463] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.846552][ T6463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.216594][ T8517] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 135.227150][ T8733] loop0: detected capacity change from 0 to 512 [ 135.239806][ T8729] input: syz0 as /devices/virtual/input/input6 [ 135.289817][ T8517] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 135.334717][ T8733] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.372681][ T8733] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.552410][ T8517] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.622636][ T8517] veth0_vlan: entered promiscuous mode [ 135.636965][ T8517] veth1_vlan: entered promiscuous mode [ 135.653265][ T6385] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.671194][ T8772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.683013][ T8772] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.685205][ T8517] veth0_macvtap: entered promiscuous mode [ 135.728842][ T8517] veth1_macvtap: entered promiscuous mode [ 135.735069][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.737672][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.766151][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.776889][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.781542][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.784096][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.786486][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.803845][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.815018][ T8517] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.826033][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.836205][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.844085][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.846799][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.868463][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.875136][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.877598][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.896351][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.903476][ T8517] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.906972][ T8517] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.918275][ T8517] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.920468][ T8517] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.925241][ T8517] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.015186][ T213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.017208][ T213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.050221][ T213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.052460][ T213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.421685][ T8827] netlink: 8 bytes leftover after parsing attributes in process `syz.4.482'. [ 136.532076][ T8836] pim6reg1: entered promiscuous mode [ 136.533431][ T8836] pim6reg1: entered allmulticast mode [ 136.666263][ T8848] loop4: detected capacity change from 0 to 2048 [ 136.692387][ T8850] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.542546][ T8946] netlink: 'syz.0.534': attribute type 2 has an invalid length. [ 138.751073][ T8958] loop2: detected capacity change from 0 to 1024 [ 138.751433][ T8958] EXT4-fs: Ignoring removed orlov option [ 138.751451][ T8958] EXT4-fs: Ignoring removed nomblk_io_submit option [ 138.781191][ T8958] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.914812][ T8958] netlink: 24 bytes leftover after parsing attributes in process `syz.2.539'. [ 138.955496][ T8517] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.686573][ T8978] sctp: [Deprecated]: syz.2.541 (pid 8978) Use of int in max_burst socket option. [ 139.686573][ T8978] Use struct sctp_assoc_value instead [ 139.980961][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 139.981004][ T30] audit: type=1326 audit(2000000021.210:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 139.988303][ T30] audit: type=1326 audit(2000000021.210:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 139.993923][ T30] audit: type=1326 audit(2000000021.220:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=208 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.079710][ T30] audit: type=1326 audit(2000000021.220:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.295527][ T30] audit: type=1326 audit(2000000021.220:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.354348][ T30] audit: type=1326 audit(2000000021.220:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.361160][ T30] audit: type=1326 audit(2000000021.220:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.378293][ T30] audit: type=1326 audit(2000000021.220:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.383700][ T30] audit: type=1326 audit(2000000021.230:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.408392][ T30] audit: type=1326 audit(2000000021.230:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8973 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a343de8 code=0x7ffc0000 [ 140.729236][ T9008] binder: 9002:9008 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 140.763538][ T9008] netlink: 'syz.1.556': attribute type 1 has an invalid length. [ 140.782844][ T9008] netlink: 224 bytes leftover after parsing attributes in process `syz.1.556'. [ 140.805257][ T9014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 140.820568][ T9014] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.010725][ T9054] loop2: detected capacity change from 0 to 512 [ 142.015031][ T9054] EXT4-fs: Ignoring removed mblk_io_submit option [ 142.037013][ T9054] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #12: comm syz.2.579: corrupted in-inode xattr: invalid ea_ino [ 142.052249][ T9054] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.579: couldn't read orphan inode 12 (err -117) [ 142.066684][ T9054] EXT4-fs (loop2): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.074436][ T9062] skb len=10605 headroom=232 headlen=10605 tailroom=21611 [ 142.074436][ T9062] mac=(256,-24) mac_len=24 net=(232,20) trans=252 [ 142.074436][ T9062] shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0)) [ 142.074436][ T9062] csum(0x350e2a55 start=10837 offset=13582 ip_summed=3 complete_sw=0 valid=0 level=0) [ 142.074436][ T9062] hash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0 [ 142.074436][ T9062] priority=0x0 mark=0x0 alloc_cpu=0 vlan_all=0x0 [ 142.074436][ T9062] encapsulation=1 inner(proto=0x0008, mac=256, net=256, trans=308) [ 142.087616][ T9062] dev name=ip6gre0 feat=0x00000006401d7869 [ 142.089145][ T9062] skb linear: 00000000: 45 02 29 6d 2e b9 00 00 0f 2f b3 7b ac 14 14 14 [ 142.091177][ T9062] skb linear: 00000010: e0 00 00 03 00 00 08 00 bd 0b 29 55 10 82 0c 52 [ 142.093157][ T9062] skb linear: 00000020: 0f 06 d4 e0 fd 00 00 00 00 a4 fe 94 2a 31 f4 85 [ 142.095243][ T9062] skb linear: 00000030: 97 e3 6e 03 9b 1c 59 9d b6 e4 66 74 9c 2d 05 f6 [ 142.097418][ T9062] skb linear: 00000040: 4c 83 03 a0 f7 fb da 34 fb 88 25 f8 02 00 e3 e4 [ 142.099434][ T9062] skb linear: 00000050: 63 04 f7 ff 00 ff ff ca 88 00 00 00 29 6c 00 00 [ 142.101448][ T9062] skb linear: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.103474][ T9062] skb linear: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.105636][ T9062] skb linear: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.107771][ T9062] skb linear: 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.109917][ T9062] skb linear: 000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.111992][ T9062] skb linear: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.114032][ T9062] skb linear: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.116110][ T9062] skb linear: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.118224][ T9062] skb linear: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.120271][ T9062] skb linear: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.122302][ T9062] skb linear: 00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.124365][ T9062] skb linear: 00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.126439][ T9062] skb linear: 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.128616][ T9062] ------------[ cut here ]------------ [ 142.129921][ T9062] offset (10605) >= skb_headlen() (10605) [ 142.131859][ T9062] WARNING: CPU: 0 PID: 9062 at net/core/dev.c:3325 skb_checksum_help+0x554/0x644 [ 142.134286][ T9062] Modules linked in: [ 142.135252][ T9062] CPU: 0 PID: 9062 Comm: syz.1.581 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 [ 142.137611][ T9062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 142.140204][ T9062] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 142.142165][ T9062] pc : skb_checksum_help+0x554/0x644 [ 142.143591][ T9062] lr : skb_checksum_help+0x550/0x644 [ 142.144994][ T9062] sp : ffff80009fe269e0 [ 142.146045][ T9062] x29: ffff80009fe26a00 x28: 1fffe00019a8cfa0 x27: dfff800000000000 [ 142.148089][ T9062] x26: 000000000000296d x25: 000000000000296d x24: 000000000000296d [ 142.150174][ T9062] x23: ffff0000cd467d58 x22: ffff0000cd467cf0 x21: ffff0000cd467c80 [ 142.152233][ T9062] x20: 00000000ffffffea x19: 000000000000296d x18: 0000000000000008 [ 142.154334][ T9062] x17: 0000000000000000 x16: ffff80008b07c030 x15: ffff700011e6a694 [ 142.156389][ T9062] x14: 1ffff00011e6a694 x13: 0000000000000004 x12: ffffffffffffffff [ 142.158415][ T9062] x11: 0000000000040000 x10: 0000000000013ea3 x9 : 520cc08f45965a00 [ 142.160444][ T9062] x8 : 520cc08f45965a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 142.162531][ T9062] x5 : ffff80009fe26138 x4 : ffff80008f3c53a0 x3 : ffff800080369018 [ 142.164622][ T9062] x2 : 0000000000000000 x1 : 0000000000000200 x0 : 0000000000000000 [ 142.166673][ T9062] Call trace: [ 142.167507][ T9062] skb_checksum_help+0x554/0x644 [ 142.168762][ T9062] ip_do_fragment+0x1cc/0x1b38 [ 142.169976][ T9062] ip_fragment+0x11c/0x304 [ 142.171152][ T9062] __ip_finish_output+0x378/0x458 [ 142.172463][ T9062] ip_finish_output+0x44/0x2e4 [ 142.173706][ T9062] ip_output+0x1a8/0x21c [ 142.174775][ T9062] ip_local_out+0x120/0x160 [ 142.175909][ T9062] iptunnel_xmit+0x428/0x940 [ 142.177097][ T9062] ip_tunnel_xmit+0x16d4/0x261c [ 142.178352][ T9062] ipgre_xmit+0x774/0xb34 [ 142.179462][ T9062] dev_hard_start_xmit+0x260/0x904 [ 142.180789][ T9062] __dev_queue_xmit+0x1670/0x33f4 [ 142.182099][ T9062] packet_xmit+0x6c/0x314 [ 142.183221][ T9062] packet_sendmsg+0x3788/0x4c9c [ 142.184451][ T9062] ____sys_sendmsg+0x4d8/0x77c [ 142.185679][ T9062] __sys_sendmsg+0x26c/0x33c [ 142.186849][ T9062] __arm64_sys_sendmsg+0x80/0x94 [ 142.188101][ T9062] invoke_syscall+0x98/0x2b8 [ 142.189324][ T9062] el0_svc_common+0x130/0x23c [ 142.190504][ T9062] do_el0_svc+0x48/0x58 [ 142.191585][ T9062] el0_svc+0x54/0x168 [ 142.192605][ T9062] el0t_64_sync_handler+0x84/0xfc [ 142.193880][ T9062] el0t_64_sync+0x190/0x194 [ 142.195037][ T9062] irq event stamp: 1071 [ 142.196078][ T9062] hardirqs last enabled at (1070): [] console_unlock+0x18c/0x3d4 [ 142.198466][ T9062] hardirqs last disabled at (1071): [] el1_dbg+0x24/0x80 [ 142.200679][ T9062] softirqs last enabled at (616): [] local_bh_enable+0x10/0x34 [ 142.203007][ T9062] softirqs last disabled at (708): [] local_bh_disable+0x10/0x34 [ 142.205392][ T9062] ---[ end trace 0000000000000000 ]--- [ 142.329700][ T9064] netlink: 'syz.2.579': attribute type 12 has an invalid length. [ 142.990257][ T8517] EXT4-fs (loop2): unmounting filesystem 00000005-0000-0000-0000-000000000000.