last executing test programs: 43.420799856s ago: executing program 2 (id=310): socket$packet(0x11, 0x3, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x11, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x19}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000500)=""/73, 0x1800}, 0x20) 43.05316035s ago: executing program 2 (id=312): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@init_itable}, {@nombcache}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}]}, 0x2, 0x468, &(0x7f0000000780)="$eJzs28+LW0UcAPDve9nd/u5ua1Fbq64WcfHHbjdW7cGLguChouClHtfstpSmXemuYEuxq0i9CFLQs3gU/AsED15EPQle9S6For20CkLkJS9tkibbDZtN1ubzgbQzmUnefHdm8ua9SQIYWpPZP0nEzoj4LSLGa9nmCpO1/25ev1j6+/rFUhKVylt/JtV6N65fLNWr1l+3I89MpRHpx0l+kGZL5y+cniuXF87l+ZnlM+/OLJ2/8OypM3MnF04unC0ePXrkudkXXyg+35M4s7huHPhg8eD+196+8nrp+JV3fvoma+/OvLwxjl6ZzAL/q1LVWvZErw82YLsa0snIABtCVwoRkXXXaHX+j0chbnfeeLz60UAbB2yo7Ny0pXPxSgW4hyUx6BYAg1E/0WfXv/VHn5Yem8K1l2sXQFncN/NHrWQk0vz6aLTl+raXJiPi+Mo/X2aP2KD7EAAAjT4tfXEsnmm3/kvj/oZ6u/M9lImI2BMReyPivojY11DngYh4sMvjT7ZsN925/kmvdhtTN7L130v53lbz+i+tV5ko5Lld1fhHkxOnyguH87/JVIxuyfKzqxzj+62/ftaprHH9lz2y49fXgnk7ro603KCbn1ueqy5Ke+DahxEHRtrFn9zaCcg6aH9EHOjurXfXE6ee+vpgp0p3j38VPdhnqnwV8WSt/1eiJf66ZPX9yZmtUV44PFMfFXf6+ZfLb3Y6/rri74Gs/7c3j//WKhNJ437tUv3ptQ/Ay79/0vGaZq3jf6LhNdn4Hxtrfp/355aXz81GjCXHqvmxxueLLfWKt+tn8U8daj//9+avyeJ/KCKyQfxwRDwSEY/mbX8sIh6PiEOrxP/jK53LNkP/z7f9/Ls1/lv6v/tE4fQP33Y6/tr6/0g1NZU/U/38u4u1NnA9fzsAAAD4v0ir34FP0ulb6TSdnq59h39fbE/Li0vLT59YfO/sfO278hMxmtbvdI033A+dTVbyd6zli/m94ry8ejN1T0R8XthWLZ8uLZbnBxs6DL0dHeZ/5o/CoFsHbLh2+2jFsQE0BOi71vmfNmcvvdHPxgB95ffaMLzuMv/TfrUD6D/nfxhe7eb/pZa8vQC4Nzn/w/Ay/2F4mf8wvLqZ/9s2sB1AX63nd/0Sa0tULlUqm6AZPU5E2vhM9wPp38pmiKJT4rsdEZugGQNMDPqTCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+CwAA//+/++8d") r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003f00)=[{{&(0x7f0000000080)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000100)=""/58, 0x3a}], 0x1}, 0xfffffff2}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/5, 0x5}, {&(0x7f0000004100)=""/204, 0xcc}], 0x2, &(0x7f0000000340)=""/169, 0xa9}, 0x7}, {{&(0x7f0000000400)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10}, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000000480)=""/44, 0x2c}, {&(0x7f00000004c0)=""/96, 0x60}, {&(0x7f0000000d00)}, {&(0x7f0000000d40)=""/85, 0x55}], 0x4, &(0x7f0000000580)=""/124, 0x7c}, 0x3}, {{&(0x7f0000000600), 0x80, &(0x7f0000003e00)=[{&(0x7f0000000680)=""/172, 0xac}, {&(0x7f0000000c00)=""/161, 0xa1}, {&(0x7f0000000740)=""/38, 0x26}, {&(0x7f0000000cc0)=""/15, 0xb}, {&(0x7f0000004040)=""/151, 0x97}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000001dc0)=""/4096, 0x1000}, {&(0x7f0000002dc0)}, {&(0x7f0000002e00)=""/4096, 0x1000}], 0x9, &(0x7f0000003ec0)=""/3, 0x3}, 0x7}], 0x4, 0x1, &(0x7f0000004000)={0x0, 0x989680}) 42.104425808s ago: executing program 2 (id=316): unshare(0x24060400) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={0xffffffffffffffff, 0x0}, 0x20) 41.80881283s ago: executing program 2 (id=318): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x20048000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r0, &(0x7f0000000080)='syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001480)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x1ff) openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)=0x1, 0x12) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x8) syz_open_dev$evdev(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x12140, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x20000000, 0x0, 0x2, @thr={0x0, 0x0}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) sendfile(r5, r5, 0x0, 0x101) fdatasync(r4) syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') socket$kcm(0x29, 0x5, 0x0) 37.766372025s ago: executing program 2 (id=343): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) landlock_restrict_self(r1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 36.859991673s ago: executing program 2 (id=346): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, 0x0) 20.804850728s ago: executing program 32 (id=346): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, 0x0) 10.852063355s ago: executing program 0 (id=432): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x6}, 0x18) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x304}, "b1348a2fdf4bd032", "be214298687c62bc5b63c359fc146f68", "f48b7e34", "bad7cfa5892235d9"}, 0x28) setsockopt$inet6_tcp_int(r0, 0x11a, 0x4, &(0x7f0000000100), 0x3c) 10.655741303s ago: executing program 0 (id=435): connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x47) syz_open_dev$sndctrl(0x0, 0x0, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000001e00050300000000000000000000000008", @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB], 0x24}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000007c0)={0x3c, r6, 0x1, 0x70bd24, 0x25dfdbff, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_PORT={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20009005}, 0x0) 10.421450569s ago: executing program 4 (id=439): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x3, 0x2000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x0, 0xffff}}}, 0x86}}, 0x400c0) getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000700)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x110}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x3}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) 9.296796261s ago: executing program 0 (id=441): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c6176650000000044000580050009000000000005002000"], 0x7c}}, 0x0) 8.760055661s ago: executing program 1 (id=442): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@bridge_delneigh={0x30, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2, 0x2, 0xf2}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x30}}, 0x0) 8.435638463s ago: executing program 4 (id=443): syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$tipc(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x6734, 0x80, 0x40003, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x4, 0x10100, 0x0, 0xfffffffe}, 0x0, 0x0) syz_io_uring_setup(0x7414, &(0x7f00000003c0)={0x0, 0xd326, 0x800, 0x0, 0x2ac}, &(0x7f0000000040)=0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r5, 0x184c, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r4, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r1, 0x57de, 0x0, 0x0, 0x0, 0x0) 8.32905175s ago: executing program 0 (id=444): r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_setup(0x6, 0x0) sendmsg$rds(r1, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0) r5 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) close(r5) sendmsg$rds(r1, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24008880}, 0x40) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9, 0x23}, 0x20) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[], 0x5c}, 0x1, 0x6c}, 0x40000) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x28, 0x1, 0x0) getsockname$packet(r8, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000019c0)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0x0, 0x4}}}, 0x24}}, 0x0) 8.257707095s ago: executing program 3 (id=445): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000, 0x8000000}, 0xf5ff}], 0xf00, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4) shutdown(r0, 0x0) 8.222532216s ago: executing program 1 (id=446): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000400)=@mmap={0xdddd, 0x1, 0x4, 0x1000, 0xdc, {}, {0x2, 0xc, 0x0, 0x2, 0x8, 0x9, "e571d644"}, 0x0, 0x1, {}, 0x5}) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 7.981279833s ago: executing program 1 (id=447): ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000200)={0x71e5b317, 0x800000, 0x0, 0xffffffff, 0x40001000}) 7.288962938s ago: executing program 0 (id=448): syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c01000001090212000100000000090401"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000380)=[{0x3, 0x1010, 0x0, 0x0}, {0x1, 0x800, 0x0, 0x0}], 0x2}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x0) 7.284276817s ago: executing program 4 (id=449): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x15}}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 7.173223756s ago: executing program 4 (id=450): socket(0x10, 0x803, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="000008000002"}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0xff, 0x8, 0x7fffffff}]}) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x800) close_range(r2, 0xffffffffffffffff, 0x0) 7.172669847s ago: executing program 1 (id=451): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xbb721000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000001d80)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x8080410}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x18, r4, 0x309, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x800) 7.172375922s ago: executing program 3 (id=452): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 5.467583835s ago: executing program 1 (id=453): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x3, 0x2000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x0, 0xffff}}}, 0x86}}, 0x400c0) getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000700)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x110}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x3}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) 5.466279541s ago: executing program 3 (id=454): syz_emit_ethernet(0x3e, &(0x7f0000000940)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @dest_unreach={0x3, 0xd, 0x0, 0x0, 0x27, 0xd3f, {0x5, 0x4, 0x0, 0x3, 0x8, 0x64, 0x6, 0x1, 0x6c, 0xdd8, @multicast1, @local}}}}}}, 0x0) 5.434300907s ago: executing program 4 (id=455): socket$nl_crypto(0x10, 0x3, 0x15) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001b00)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x18, 0x2, {{0x7fffffff, 0x14, 0xfcc, 0x400, 0x9}, 0x81, 0x0, 0xc8c3, 0x40, 0x4, 0x1c, 0x11, 0x9, 0x8, 0xffffffff, {0xfffffff5, 0x4, 0xad8, 0x7, 0x4, 0x4}}}}]}, 0x78}}, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r7, 0x5412, 0x0) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000540)=0x9) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000180)=0x3) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000000)=0x7e) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140)={0x2, 0x0, [{0x0, 0x0, 0x0}, {0xd000, 0x52, &(0x7f0000000240)=""/82}]}) socket$nl_generic(0x10, 0x3, 0x10) 5.333289577s ago: executing program 3 (id=456): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000001180)=[{{&(0x7f00000002c0)={0xa, 0x4e21, 0x28d, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x2}, 0x1c, 0x0}}], 0x1, 0x800) 5.314748505s ago: executing program 3 (id=457): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x30, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x1, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5}) syz_open_dev$dri(0x0, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x2d8, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f, 0x2}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) r5 = socket$inet_smc(0x2b, 0x1, 0x0) io_uring_setup(0x6bcb, &(0x7f0000000080)={0x0, 0x6e16, 0x40, 0xffffffff, 0x33c}) getsockopt$IP_VS_SO_GET_INFO(r5, 0x0, 0x481, &(0x7f0000005fc0), &(0x7f0000000080)=0xc) 3.273917736s ago: executing program 3 (id=458): r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_setup(0x6, 0x0) sendmsg$rds(r1, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0) r5 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) close(r5) sendmsg$rds(r1, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24008880}, 0x40) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9, 0x23}, 0x20) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[], 0x5c}, 0x1, 0x6c}, 0x40000) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x28, 0x1, 0x0) getsockname$packet(r8, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000019c0)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0x0, 0x4}}}, 0x24}}, 0x0) 2.183745848s ago: executing program 0 (id=459): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000740)="565a92bd2ad96a4be42a5362d111", 0xe, 0x2000c0c0, &(0x7f0000000000)={0x11, 0x6, r1, 0x1, 0x1, 0x6, @local}, 0x14) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)={0x40, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x20, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x6, 0x2, @loopback}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x5}]}]}, 0x40}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettaction={0x28, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x28}}, 0x0) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) writev(0xffffffffffffffff, 0x0, 0x0) connect$inet(r7, 0x0, 0x0) sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r1, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0) listen(0xffffffffffffffff, 0xfffffffc) r9 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r9, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 184.022438ms ago: executing program 1 (id=460): socket(0x2, 0x3, 0xff) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x3) accept(r3, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB="20199ef7"], 0x16) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) setgroups(0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) setregid(0x0, 0xee01) r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$tcp_congestion(r4, 0x0, 0x0) socket(0x10, 0x3, 0x0) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000040)=""/119) 0s ago: executing program 4 (id=461): socket$nl_generic(0x10, 0x3, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$alg(0x26, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) kernel console output (not intermixed with test programs): lling back to uuid=null. [ 47.537215][ T55] Bluetooth: hci2: command tx timeout [ 47.537436][ T55] Bluetooth: hci1: command tx timeout [ 47.537606][ T55] Bluetooth: hci0: command tx timeout [ 47.607836][ T55] Bluetooth: hci3: command tx timeout [ 47.609888][ T6059] Bluetooth: hci4: command tx timeout [ 47.935072][ T6489] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=18) [ 47.935183][ T6489] NILFS error (device loop0): nilfs_readdir: bad page in #18 [ 47.950403][ T6613] NILFS (loop1): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3) [ 47.953723][ T6613] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=2) [ 47.956693][ T6614] NILFS (loop4): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3) [ 47.987523][ T6489] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 47.994721][ T6613] Remounting filesystem read-only [ 48.020560][ T6614] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=2) [ 48.023795][ T6614] Remounting filesystem read-only [ 48.191522][ T6631] loop2: detected capacity change from 0 to 32768 [ 48.192094][ T6631] ======================================================= [ 48.192094][ T6631] WARNING: The mand mount option has been deprecated and [ 48.192094][ T6631] and is ignored by this kernel. Remove the mand [ 48.192094][ T6631] option from the mount to silence this warning. [ 48.192094][ T6631] ======================================================= [ 48.192744][ T6631] XFS (loop2): invalid log iosize: 0 [not 12-30] [ 48.227165][ T6502] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=18) [ 48.227231][ T6502] NILFS error (device loop4): nilfs_readdir: bad page in #18 [ 48.232463][ T6492] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=18) [ 48.239600][ T6492] NILFS error (device loop1): nilfs_readdir: bad page in #18 [ 48.342548][ T6502] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 48.382782][ T6492] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 48.534933][ T6643] loop2: detected capacity change from 0 to 256 [ 49.101696][ T6643] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 49.490189][ T6655] FAULT_INJECTION: forcing a failure. [ 49.490189][ T6655] name failslab, interval 1, probability 0, space 0, times 0 [ 49.490366][ T6655] CPU: 1 UID: 0 PID: 6655 Comm: syz.1.22 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 49.490382][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 49.490390][ T6655] Call trace: [ 49.490394][ T6655] show_stack+0x2c/0x3c (C) [ 49.490411][ T6655] __dump_stack+0x30/0x40 [ 49.490422][ T6655] dump_stack_lvl+0xd8/0x12c [ 49.490432][ T6655] dump_stack+0x1c/0x28 [ 49.490442][ T6655] should_fail_ex+0x41c/0x594 [ 49.490454][ T6655] should_failslab+0xc0/0x128 [ 49.490467][ T6655] kmem_cache_alloc_noprof+0x80/0x3e8 [ 49.490481][ T6655] skb_clone+0x1b4/0x328 [ 49.490493][ T6655] __netlink_deliver_tap+0x36c/0x708 [ 49.490505][ T6655] netlink_deliver_tap+0x1ac/0x1b0 [ 49.490516][ T6655] netlink_unicast+0x5f0/0x824 [ 49.490526][ T6655] netlink_sendmsg+0x648/0x930 [ 49.490537][ T6655] ____sys_sendmsg+0x490/0x7b8 [ 49.490551][ T6655] ___sys_sendmsg+0x204/0x278 [ 49.490564][ T6655] __arm64_sys_sendmsg+0x184/0x238 [ 49.490577][ T6655] invoke_syscall+0x98/0x2b8 [ 49.490588][ T6655] el0_svc_common+0x130/0x23c [ 49.490598][ T6655] do_el0_svc+0x48/0x58 [ 49.490608][ T6655] el0_svc+0x58/0x17c [ 49.490622][ T6655] el0t_64_sync_handler+0x78/0x108 [ 49.490635][ T6655] el0t_64_sync+0x198/0x19c [ 50.186990][ T6660] loop1: detected capacity change from 0 to 16 [ 50.199927][ T6660] erofs (device loop1): mounted with root inode @ nid 36. [ 50.233510][ T6638] loop0: detected capacity change from 0 to 32768 [ 50.258866][ T6642] loop4: detected capacity change from 0 to 32768 [ 50.414582][ T6660] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.536539][ T6642] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 50.596790][ T6642] XFS (loop4): Mounting V5 filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb in no-recovery mode. Filesystem will be inconsistent. [ 50.874448][ T6642] XFS (loop4): Metadata CRC error detected at xfs_agf_read_verify+0x100/0x1d4, xfs_agf block 0x1 [ 50.880511][ T6642] XFS (loop4): Unmount and run xfs_repair [ 50.887734][ T6642] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 50.893625][ T6642] 00000000: 58 41 47 46 00 00 00 00 00 00 00 00 00 00 10 00 XAGF............ [ 50.901642][ T6642] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01 ................ [ 50.908832][ T6642] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 50.916056][ T6642] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00 ................ [ 50.927780][ T6642] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 50.943158][ T6642] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01 ................ [ 50.949111][ T6642] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 50.954623][ T6642] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 50.960951][ T6642] XFS (loop4): metadata I/O error in "xfs_read_agf+0x238/0x58c" at daddr 0x1 len 1 error 74 [ 51.070484][ T6642] XFS (loop4): Uncorrected metadata errors detected; please run xfs_repair. [ 51.148236][ T6650] loop3: detected capacity change from 0 to 32768 [ 51.210068][ T6650] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 51.353433][ T6684] loop4: detected capacity change from 0 to 2048 [ 51.370994][ T6650] XFS (loop3): Ending clean mount [ 51.391998][ T6650] XFS (loop3): Quotacheck needed: Please wait. [ 51.399379][ T6686] loop0: detected capacity change from 0 to 4096 [ 51.423448][ T6650] XFS (loop3): Quotacheck: Done. [ 51.435231][ T6687] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.660470][ T6691] process 'syz.0.27' launched '/dev/fd/8' with NULL argv: empty string added [ 52.690812][ T6539] IPVS: starting estimator thread 0... [ 52.720822][ T6688] overlayfs: failed to resolve './bus': -2 [ 52.760769][ T6496] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 53.238874][ T6693] IPVS: using max 33 ests per chain, 79200 per kthread [ 53.420176][ T6666] loop2: detected capacity change from 0 to 40427 [ 53.436986][ T6687] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 53.441584][ T6687] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 53.461584][ T6677] loop1: detected capacity change from 0 to 32768 [ 53.477957][ T6666] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x3fffff [ 53.595427][ T6687] Remounting filesystem read-only [ 53.596366][ T6502] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 53.607487][ T6666] F2FS-fs (loop2): invalid crc value [ 53.608188][ T6666] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-4) [ 53.616107][ T6677] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 54.747333][ T55] Bluetooth: hci4: command 0x0405 tx timeout [ 55.147072][ T6677] XFS (loop1): Ending clean mount [ 55.175671][ T6492] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 55.200775][ T6714] fuse: Bad value for 'user_id' [ 55.200851][ T6714] fuse: Bad value for 'user_id' [ 55.547209][ T6724] lo speed is unknown, defaulting to 1000 [ 55.559676][ T6724] lo speed is unknown, defaulting to 1000 [ 55.566303][ T6724] lo speed is unknown, defaulting to 1000 [ 56.210531][ T6724] infiniband sz1: set active [ 56.210643][ T6724] infiniband sz1: added lo [ 56.222378][ T6724] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 56.223910][ T6724] infiniband sz1: Couldn't open port 1 [ 56.239924][ T6724] RDS/IB: sz1: added [ 56.240174][ T6724] smc: adding ib device sz1 with port count 1 [ 56.240248][ T6724] smc: ib device sz1 port 1 has pnetid [ 56.241602][ T6724] lo speed is unknown, defaulting to 1000 [ 56.270097][ T6497] lo speed is unknown, defaulting to 1000 [ 56.273295][ T6497] lo speed is unknown, defaulting to 1000 [ 56.363355][ T6727] loop0: detected capacity change from 0 to 1024 [ 56.510716][ T6724] lo speed is unknown, defaulting to 1000 [ 56.625602][ T6724] lo speed is unknown, defaulting to 1000 [ 56.724685][ T6727] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.737309][ T6724] lo speed is unknown, defaulting to 1000 [ 56.813804][ T6724] lo speed is unknown, defaulting to 1000 [ 56.858995][ T6727] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 56.864412][ T6727] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 56.910241][ T6727] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 56.914233][ T6727] EXT4-fs (loop0): This should not happen!! Data will be lost [ 56.914233][ T6727] [ 56.920863][ T6727] EXT4-fs (loop0): Total free blocks count 0 [ 56.922710][ T6727] EXT4-fs (loop0): Free/Dirty block details [ 56.927264][ T6727] EXT4-fs (loop0): free_blocks=20480 [ 56.942648][ T6727] EXT4-fs (loop0): dirty_blocks=112 [ 56.942716][ T6727] EXT4-fs (loop0): Block reservation details [ 56.942739][ T6727] EXT4-fs (loop0): i_reserved_data_blocks=7 [ 56.974795][ T6727] netlink: 16 bytes leftover after parsing attributes in process `syz.0.36'. [ 57.166919][ T6729] loop4: detected capacity change from 0 to 65536 [ 57.245664][ T6745] netlink: 16 bytes leftover after parsing attributes in process `syz.2.39'. [ 57.860166][ T6732] loop3: detected capacity change from 0 to 40427 [ 57.866276][ T6741] loop1: detected capacity change from 0 to 256 [ 57.876664][ T45] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 86 with error 28 [ 57.877684][ T6729] XFS (loop4): Deprecated V4 format (crc=0) not supported by kernel. [ 57.878857][ T6732] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3fffff [ 57.884580][ T6732] F2FS-fs (loop3): invalid crc value [ 57.884869][ T6741] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 57.948795][ T6752] netlink: 8 bytes leftover after parsing attributes in process `syz.2.42'. [ 57.953355][ T6752] netlink: 4 bytes leftover after parsing attributes in process `syz.2.42'. [ 57.955967][ T6752] netlink: 'syz.2.42': attribute type 14 has an invalid length. [ 58.042490][ T6732] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 58.065754][ T6732] FAULT_INJECTION: forcing a failure. [ 58.065754][ T6732] name failslab, interval 1, probability 0, space 0, times 0 [ 58.065832][ T6732] CPU: 1 UID: 0 PID: 6732 Comm: syz.3.38 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 58.065846][ T6732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.065853][ T6732] Call trace: [ 58.065857][ T6732] show_stack+0x2c/0x3c (C) [ 58.065874][ T6732] __dump_stack+0x30/0x40 [ 58.065885][ T6732] dump_stack_lvl+0xd8/0x12c [ 58.065895][ T6732] dump_stack+0x1c/0x28 [ 58.065905][ T6732] should_fail_ex+0x41c/0x594 [ 58.065917][ T6732] should_failslab+0xc0/0x128 [ 58.065930][ T6732] kmem_cache_alloc_noprof+0x80/0x3e8 [ 58.065945][ T6732] getname_flags+0xb4/0x470 [ 58.065956][ T6732] user_path_at+0x34/0x74 [ 58.065967][ T6732] __arm64_sys_mount+0x3b0/0x468 [ 58.065988][ T6732] invoke_syscall+0x98/0x2b8 [ 58.066000][ T6732] el0_svc_common+0x130/0x23c [ 58.066010][ T6732] do_el0_svc+0x48/0x58 [ 58.066020][ T6732] el0_svc+0x58/0x17c [ 58.066035][ T6732] el0t_64_sync_handler+0x78/0x108 [ 58.066048][ T6732] el0t_64_sync+0x198/0x19c [ 58.262860][ T6761] FAULT_INJECTION: forcing a failure. [ 58.262860][ T6761] name failslab, interval 1, probability 0, space 0, times 0 [ 58.262983][ T6761] CPU: 0 UID: 0 PID: 6761 Comm: syz.4.43 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 58.263000][ T6761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.263007][ T6761] Call trace: [ 58.263011][ T6761] show_stack+0x2c/0x3c (C) [ 58.263027][ T6761] __dump_stack+0x30/0x40 [ 58.263039][ T6761] dump_stack_lvl+0xd8/0x12c [ 58.263048][ T6761] dump_stack+0x1c/0x28 [ 58.263058][ T6761] should_fail_ex+0x41c/0x594 [ 58.263070][ T6761] should_failslab+0xc0/0x128 [ 58.263083][ T6761] kmem_cache_alloc_noprof+0x80/0x3e8 [ 58.263098][ T6761] dst_alloc+0xf4/0x168 [ 58.263111][ T6761] ip6_create_rt_rcu+0x1e8/0x4a0 [ 58.263124][ T6761] ip6_pol_route_lookup+0x960/0xb44 [ 58.263145][ T6761] fib6_rule_lookup+0x258/0x45c [ 58.263157][ T6761] rt6_lookup+0x114/0x1c8 [ 58.263167][ T6761] ipv6_sock_ac_join+0x2e4/0x5e8 [ 58.263178][ T6761] do_ipv6_setsockopt+0x1a34/0x2c24 [ 58.263191][ T6761] ipv6_setsockopt+0x68/0x170 [ 58.263204][ T6761] udpv6_setsockopt+0xb8/0xd0 [ 58.263215][ T6761] sock_common_setsockopt+0xb0/0xcc [ 58.263228][ T6761] do_sock_setsockopt+0x1ec/0x328 [ 58.263242][ T6761] __arm64_sys_setsockopt+0x170/0x1e0 [ 58.263256][ T6761] invoke_syscall+0x98/0x2b8 [ 58.263266][ T6761] el0_svc_common+0x130/0x23c [ 58.263277][ T6761] do_el0_svc+0x48/0x58 [ 58.263286][ T6761] el0_svc+0x58/0x17c [ 58.263300][ T6761] el0t_64_sync_handler+0x78/0x108 [ 58.263314][ T6761] el0t_64_sync+0x198/0x19c [ 58.305335][ T6754] xt_CT: No such helper "pptp" [ 58.778657][ T6496] syz-executor: attempt to access beyond end of device [ 58.778657][ T6496] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 58.780797][ T6496] CPU: 1 UID: 0 PID: 6496 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 58.780827][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.780835][ T6496] Call trace: [ 58.780839][ T6496] show_stack+0x2c/0x3c (C) [ 58.780857][ T6496] __dump_stack+0x30/0x40 [ 58.780869][ T6496] dump_stack_lvl+0xd8/0x12c [ 58.780879][ T6496] dump_stack+0x1c/0x28 [ 58.780889][ T6496] f2fs_handle_critical_error+0x34c/0x4b8 [ 58.780903][ T6496] f2fs_stop_checkpoint+0x58/0x6c [ 58.780915][ T6496] f2fs_write_end_io+0x794/0xadc [ 58.780929][ T6496] bio_endio+0x81c/0x858 [ 58.780943][ T6496] submit_bio_noacct+0x158/0x176c [ 58.780954][ T6496] submit_bio+0x354/0x4d4 [ 58.780964][ T6496] f2fs_submit_write_bio+0x13c/0x324 [ 58.780989][ T6496] __submit_merged_bio+0x254/0x704 [ 58.781002][ T6496] __submit_merged_write_cond+0x23c/0x4ac [ 58.781015][ T6496] f2fs_write_data_pages+0x1e9c/0x27ac [ 58.781028][ T6496] do_writepages+0x2c0/0x6a8 [ 58.781043][ T6496] filemap_fdatawrite+0x144/0x1e8 [ 58.781053][ T6496] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 58.781065][ T6496] f2fs_write_checkpoint+0x684/0x1694 [ 58.781077][ T6496] kill_f2fs_super+0x21c/0x584 [ 58.781090][ T6496] deactivate_locked_super+0xc4/0x12c [ 58.781103][ T6496] deactivate_super+0xe0/0x100 [ 58.781114][ T6496] cleanup_mnt+0x31c/0x3ac [ 58.781126][ T6496] __cleanup_mnt+0x20/0x30 [ 58.781141][ T6496] task_work_run+0x1dc/0x260 [ 58.781153][ T6496] do_notify_resume+0x16c/0x1ec [ 58.781166][ T6496] el0_svc+0xb4/0x17c [ 58.781180][ T6496] el0t_64_sync_handler+0x78/0x108 [ 58.781193][ T6496] el0t_64_sync+0x198/0x19c [ 58.787203][ T6496] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 58.787384][ T6496] CPU: 1 UID: 0 PID: 6496 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 58.787404][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.787419][ T6496] Call trace: [ 58.787424][ T6496] show_stack+0x2c/0x3c (C) [ 58.787440][ T6496] __dump_stack+0x30/0x40 [ 58.787451][ T6496] dump_stack_lvl+0xd8/0x12c [ 58.787462][ T6496] dump_stack+0x1c/0x28 [ 58.787471][ T6496] f2fs_handle_critical_error+0x34c/0x4b8 [ 58.787486][ T6496] f2fs_stop_checkpoint+0x58/0x6c [ 58.787498][ T6496] f2fs_write_end_io+0x794/0xadc [ 58.787512][ T6496] bio_endio+0x81c/0x858 [ 58.787524][ T6496] submit_bio_noacct+0x158/0x176c [ 58.787536][ T6496] submit_bio+0x354/0x4d4 [ 58.787546][ T6496] f2fs_submit_write_bio+0x13c/0x324 [ 58.787559][ T6496] __submit_merged_bio+0x254/0x704 [ 58.787572][ T6496] __submit_merged_write_cond+0x23c/0x4ac [ 58.787585][ T6496] f2fs_write_data_pages+0x1e9c/0x27ac [ 58.787598][ T6496] do_writepages+0x2c0/0x6a8 [ 58.787612][ T6496] filemap_fdatawrite+0x144/0x1e8 [ 58.787623][ T6496] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 58.787635][ T6496] f2fs_write_checkpoint+0x684/0x1694 [ 58.787646][ T6496] kill_f2fs_super+0x21c/0x584 [ 58.787659][ T6496] deactivate_locked_super+0xc4/0x12c [ 58.787672][ T6496] deactivate_super+0xe0/0x100 [ 58.787683][ T6496] cleanup_mnt+0x31c/0x3ac [ 58.787695][ T6496] __cleanup_mnt+0x20/0x30 [ 58.787707][ T6496] task_work_run+0x1dc/0x260 [ 58.787719][ T6496] do_notify_resume+0x16c/0x1ec [ 58.787731][ T6496] el0_svc+0xb4/0x17c [ 58.787745][ T6496] el0t_64_sync_handler+0x78/0x108 [ 58.787758][ T6496] el0t_64_sync+0x198/0x19c [ 58.791868][ T6496] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 59.202957][ T6774] loop2: detected capacity change from 0 to 1024 [ 59.710353][ T6772] loop4: detected capacity change from 0 to 32768 [ 59.737395][ T6772] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.47 (6772) [ 59.784828][ T6772] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 59.785046][ T6772] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 59.786158][ T6772] BTRFS info (device loop4): using free-space-tree [ 59.858261][ T6783] netlink: 20 bytes leftover after parsing attributes in process `syz.3.49'. [ 60.594525][ T6772] netlink: 16 bytes leftover after parsing attributes in process `syz.4.47'. [ 60.672555][ T6502] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 60.763793][ T6801] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'. [ 60.763872][ T6801] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'. [ 60.869835][ T6792] loop3: detected capacity change from 0 to 32768 [ 60.870466][ T6792] xfs: Unknown parameter 'barrier' [ 60.904182][ T6816] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.904798][ T6816] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.967235][ T6817] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.967494][ T6817] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.984647][ T6792] loop3: detected capacity change from 0 to 2048 [ 60.991381][ T6792] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 61.010463][ T6819] FAULT_INJECTION: forcing a failure. [ 61.010463][ T6819] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 61.010536][ T6819] CPU: 0 UID: 0 PID: 6819 Comm: syz.4.57 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 61.010550][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.010557][ T6819] Call trace: [ 61.010561][ T6819] show_stack+0x2c/0x3c (C) [ 61.010577][ T6819] __dump_stack+0x30/0x40 [ 61.010589][ T6819] dump_stack_lvl+0xd8/0x12c [ 61.010599][ T6819] dump_stack+0x1c/0x28 [ 61.010608][ T6819] should_fail_ex+0x41c/0x594 [ 61.010621][ T6819] should_fail+0x14/0x24 [ 61.010631][ T6819] should_fail_usercopy+0x20/0x30 [ 61.010643][ T6819] _copy_from_iter+0x194/0x1284 [ 61.010656][ T6819] netlink_sendmsg+0x548/0x930 [ 61.010669][ T6819] ____sys_sendmsg+0x490/0x7b8 [ 61.010683][ T6819] ___sys_sendmsg+0x204/0x278 [ 61.010696][ T6819] __arm64_sys_sendmsg+0x184/0x238 [ 61.010709][ T6819] invoke_syscall+0x98/0x2b8 [ 61.010720][ T6819] el0_svc_common+0x130/0x23c [ 61.010730][ T6819] do_el0_svc+0x48/0x58 [ 61.010740][ T6819] el0_svc+0x58/0x17c [ 61.010753][ T6819] el0t_64_sync_handler+0x78/0x108 [ 61.010767][ T6819] el0t_64_sync+0x198/0x19c [ 61.052318][ T6820] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.136695][ T6822] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.586583][ T6828] loop4: detected capacity change from 0 to 32768 [ 61.687717][ T6839] FAULT_INJECTION: forcing a failure. [ 61.687717][ T6839] name failslab, interval 1, probability 0, space 0, times 0 [ 61.687791][ T6839] CPU: 1 UID: 0 PID: 6839 Comm: syz.3.64 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 61.687807][ T6839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.687814][ T6839] Call trace: [ 61.687818][ T6839] show_stack+0x2c/0x3c (C) [ 61.687837][ T6839] __dump_stack+0x30/0x40 [ 61.687848][ T6839] dump_stack_lvl+0xd8/0x12c [ 61.687858][ T6839] dump_stack+0x1c/0x28 [ 61.687868][ T6839] should_fail_ex+0x41c/0x594 [ 61.687880][ T6839] should_failslab+0xc0/0x128 [ 61.687893][ T6839] kmem_cache_alloc_noprof+0x80/0x3e8 [ 61.687908][ T6839] security_file_alloc+0x38/0x320 [ 61.687921][ T6839] init_file+0x90/0x2ac [ 61.687932][ T6839] alloc_empty_file+0x74/0x1c0 [ 61.687942][ T6839] alloc_file_pseudo+0x120/0x1f4 [ 61.687953][ T6839] sock_alloc_file+0xb4/0x298 [ 61.687966][ T6839] __sys_socket+0x148/0x1c0 [ 61.687987][ T6839] __arm64_sys_socket+0x7c/0x94 [ 61.688000][ T6839] invoke_syscall+0x98/0x2b8 [ 61.688011][ T6839] el0_svc_common+0x130/0x23c [ 61.688026][ T6839] do_el0_svc+0x48/0x58 [ 61.688037][ T6839] el0_svc+0x58/0x17c [ 61.688052][ T6839] el0t_64_sync_handler+0x78/0x108 [ 61.688065][ T6839] el0t_64_sync+0x198/0x19c [ 62.297570][ T6833] loop0: detected capacity change from 0 to 32768 [ 62.310234][ T6828] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 62.364102][ T6828] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io [ 62.364102][ T6828] allowing incompatible features above 0.0: (unknown version) [ 62.364691][ T6828] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 62.364857][ T6828] bcachefs (loop4): Version upgrade required: [ 62.364857][ T6828] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 62.364857][ T6828] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 62.364857][ T6828] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 62.406513][ T6828] bcachefs (loop4): dropping and reconstructing all alloc info [ 62.466381][ T6828] bcachefs (loop4): accounting_read... [ 62.480037][ T6857] loop2: detected capacity change from 0 to 512 [ 62.507832][ T6828] done [ 62.507905][ T6828] bcachefs (loop4): alloc_read... done [ 62.508008][ T6828] bcachefs (loop4): snapshots_read... done [ 62.508189][ T6828] bcachefs (loop4): check_allocations... [ 62.552218][ T6857] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.592261][ T6828] done [ 62.600385][ T6828] bcachefs (loop4): going read-write [ 62.630695][ T6499] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.655136][ T6828] bcachefs (loop4): done starting filesystem [ 62.743851][ T6873] FAULT_INJECTION: forcing a failure. [ 62.743851][ T6873] name failslab, interval 1, probability 0, space 0, times 0 [ 62.743923][ T6873] CPU: 1 UID: 0 PID: 6873 Comm: syz.1.73 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 62.743940][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 62.743947][ T6873] Call trace: [ 62.743951][ T6873] show_stack+0x2c/0x3c (C) [ 62.743968][ T6873] __dump_stack+0x30/0x40 [ 62.743992][ T6873] dump_stack_lvl+0xd8/0x12c [ 62.744002][ T6873] dump_stack+0x1c/0x28 [ 62.744012][ T6873] should_fail_ex+0x41c/0x594 [ 62.744025][ T6873] should_failslab+0xc0/0x128 [ 62.744038][ T6873] kmem_cache_alloc_node_noprof+0x88/0x3f4 [ 62.744060][ T6873] alloc_vmap_area+0x22c/0x2050 [ 62.744073][ T6873] __get_vm_area_node+0x220/0x330 [ 62.744085][ T6873] __vmalloc_node_range_noprof+0x2c0/0xfbc [ 62.744098][ T6873] vmalloc_noprof+0xf4/0x150 [ 62.744109][ T6873] bpf_prog_calc_tag+0xdc/0x544 [ 62.744121][ T6873] resolve_pseudo_ldimm64+0xc0/0xa10 [ 62.744134][ T6873] bpf_check+0x20c4/0x13a28 [ 62.744146][ T6873] bpf_prog_load+0xec8/0x13fc [ 62.744156][ T6873] __sys_bpf+0x43c/0x614 [ 62.744166][ T6873] __arm64_sys_bpf+0x80/0x98 [ 62.744176][ T6873] invoke_syscall+0x98/0x2b8 [ 62.744187][ T6873] el0_svc_common+0x130/0x23c [ 62.744197][ T6873] do_el0_svc+0x48/0x58 [ 62.744207][ T6873] el0_svc+0x58/0x17c [ 62.744221][ T6873] el0t_64_sync_handler+0x78/0x108 [ 62.744234][ T6873] el0t_64_sync+0x198/0x19c [ 62.744520][ T6873] syz.1.73: vmalloc error: size 64, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0 [ 62.744690][ T6873] CPU: 1 UID: 0 PID: 6873 Comm: syz.1.73 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 62.744706][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 62.744713][ T6873] Call trace: [ 62.744716][ T6873] show_stack+0x2c/0x3c (C) [ 62.744729][ T6873] __dump_stack+0x30/0x40 [ 62.744739][ T6873] dump_stack_lvl+0xd8/0x12c [ 62.744749][ T6873] dump_stack+0x1c/0x28 [ 62.744759][ T6873] warn_alloc+0x1f8/0x30c [ 62.744769][ T6873] __vmalloc_node_range_noprof+0x2e0/0xfbc [ 62.744782][ T6873] vmalloc_noprof+0xf4/0x150 [ 62.744793][ T6873] bpf_prog_calc_tag+0xdc/0x544 [ 62.744804][ T6873] resolve_pseudo_ldimm64+0xc0/0xa10 [ 62.744816][ T6873] bpf_check+0x20c4/0x13a28 [ 62.744827][ T6873] bpf_prog_load+0xec8/0x13fc [ 62.744838][ T6873] __sys_bpf+0x43c/0x614 [ 62.744848][ T6873] __arm64_sys_bpf+0x80/0x98 [ 62.744857][ T6873] invoke_syscall+0x98/0x2b8 [ 62.744868][ T6873] el0_svc_common+0x130/0x23c [ 62.744878][ T6873] do_el0_svc+0x48/0x58 [ 62.744888][ T6873] el0_svc+0x58/0x17c [ 62.744901][ T6873] el0t_64_sync_handler+0x78/0x108 [ 62.744914][ T6873] el0t_64_sync+0x198/0x19c [ 62.745060][ T6873] Mem-Info: [ 62.745085][ T6873] active_anon:394 inactive_anon:8538 isolated_anon:0 [ 62.745085][ T6873] active_file:2796 inactive_file:4876 isolated_file:0 [ 62.745085][ T6873] unevictable:768 dirty:1090 writeback:0 [ 62.745085][ T6873] slab_reclaimable:10246 slab_unreclaimable:93926 [ 62.745085][ T6873] mapped:29476 shmem:5139 pagetables:681 [ 62.745085][ T6873] sec_pagetables:0 bounce:0 [ 62.745085][ T6873] kernel_misc_reclaimable:0 [ 62.745085][ T6873] free:1438033 free_pcp:2060 free_cma:7360 [ 62.745135][ T6873] Node 0 active_anon:1576kB inactive_anon:34152kB active_file:11184kB inactive_file:19504kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:117904kB dirty:4360kB writeback:0kB shmem:20556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9004kB pagetables:2724kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 62.745184][ T6873] Node 0 DMA free:3076864kB boost:0kB min:20840kB low:26048kB high:31256kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:29440kB [ 62.745244][ T6873] lowmem_reserve[]: 0 0 3498 3498 3498 [ 62.745348][ T6873] Node 0 Normal free:2675268kB boost:0kB min:24212kB low:30264kB high:36316kB reserved_highatomic:0KB active_anon:1576kB inactive_anon:34152kB active_file:11184kB inactive_file:19504kB unevictable:3072kB writepending:4360kB present:5242880kB managed:3582812kB mlocked:0kB bounce:0kB free_pcp:8232kB local_pcp:920kB free_cma:0kB [ 62.745408][ T6873] lowmem_reserve[]: 0 0 0 0 0 [ 62.745512][ T6873] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB [ 62.745774][ T6873] Node 0 Normal: 141*4kB (ME) 158*8kB (UME) 356*16kB (UME) 144*32kB (UME) 127*64kB (UME) 43*128kB (M) 41*256kB (M) 32*512kB (UME) 7*1024kB (M) 3*2048kB (UE) 637*4096kB (M) = 2675108kB [ 62.746158][ T6873] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 62.746186][ T6873] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 62.746212][ T6873] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 62.746239][ T6873] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 62.746265][ T6873] 12814 total pagecache pages [ 62.746287][ T6873] 0 pages in swap cache [ 62.746308][ T6873] Free swap = 124996kB [ 62.746330][ T6873] Total swap = 124996kB [ 62.746352][ T6873] 2097152 pages RAM [ 62.746373][ T6873] 0 pages HighMem/MovableOnly [ 62.746395][ T6873] 431401 pages reserved [ 62.746416][ T6873] 8192 pages cma reserved [ 62.746437][ T6873] 0 pages hwpoisoned [ 62.936640][ T6875] loop0: detected capacity change from 0 to 4096 [ 62.991283][ T6875] ntfs3(loop0): It is recommened to use chkdsk. [ 62.995710][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00 [ 62.995822][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00 [ 62.995856][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00 [ 62.995888][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00 [ 62.995934][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc1c00 [ 62.995966][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc2c00 [ 62.996007][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc4c00 [ 62.996038][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffc8c00 [ 62.996084][ T6875] ntfs3(loop0): try to read out of volume at offset 0x3fffffd0c00 [ 63.016673][ T6881] loop1: detected capacity change from 0 to 4096 [ 63.029968][ T6881] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 63.175476][ T6828] netlink: 132 bytes leftover after parsing attributes in process `syz.4.60'. [ 63.273622][ T6502] bcachefs (loop4): shutting down [ 63.275576][ T6502] bcachefs (loop4): going read-only [ 63.279820][ T6502] bcachefs (loop4): finished waiting for writes to stop [ 63.392644][ T6502] bcachefs (loop4): flushing journal and stopping allocators, journal seq 10 [ 63.399262][ T6502] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 10 [ 63.444366][ T6502] bcachefs (loop4): unclean shutdown complete, journal seq 11 [ 63.690623][ T6502] bcachefs (loop4): done going read-only, filesystem not clean [ 63.754110][ T6889] capability: warning: `syz.1.78' uses deprecated v2 capabilities in a way that may be insecure [ 63.808792][ T6502] bcachefs (loop4): shutdown complete [ 64.086287][ T6897] loop2: detected capacity change from 0 to 4096 [ 64.103161][ T6897] NILFS (loop2): invalid segment: Checksum error in segment payload [ 64.103222][ T6897] NILFS (loop2): trying rollback from an earlier position [ 64.116075][ T6897] NILFS (loop2): recovery complete [ 64.120617][ T6900] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.532946][ T6911] loop2: detected capacity change from 0 to 512 [ 64.595800][ T6899] loop0: detected capacity change from 0 to 32768 [ 64.653342][ T6913] loop3: detected capacity change from 0 to 256 [ 64.654000][ T6913] exfat: Deprecated parameter 'utf8' [ 64.668167][ T6911] loop2: detected capacity change from 0 to 4096 [ 64.672008][ T6911] ntfs3: Unknown parameter 'noforce' [ 64.672808][ T6913] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 64.729566][ T2395] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.731637][ T2395] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.876219][ T6916] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 64.924697][ T6916] netlink: 24 bytes leftover after parsing attributes in process `syz.3.90'. [ 65.024466][ T6911] loop2: detected capacity change from 0 to 32768 [ 65.051408][ T6911] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 65.080437][ T6911] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 65.092828][ T6911] XFS (loop2): Starting recovery (logdev: internal) [ 65.101825][ T6911] XFS (loop2): Ending recovery (logdev: internal) [ 65.249706][ T6499] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 66.104455][ T6938] 9pnet_fd: p9_fd_create_tcp (6938): problem connecting socket to 127.0.0.1 [ 66.224470][ T6943] loop0: detected capacity change from 0 to 2048 [ 66.245729][ T6943] nilfs2: Unknown parameter './file2' [ 66.540222][ T6946] loop2: detected capacity change from 0 to 128 [ 66.674575][ T6946] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 66.758513][ T55] Bluetooth: hci4: command 0x0405 tx timeout [ 67.052801][ T6499] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 67.097755][ T6950] loop0: detected capacity change from 0 to 1024 [ 67.209286][ T6950] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.239216][ T6934] loop3: detected capacity change from 0 to 32768 [ 67.305489][ T6961] loop2: detected capacity change from 0 to 64 [ 67.306466][ T6934] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 67.325756][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.326194][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.398827][ T6963] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.98: bg 0: block 393: padding at end of block bitmap is not set [ 67.407788][ T6963] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1072 with error 117 [ 67.407911][ T6963] EXT4-fs (loop0): This should not happen!! Data will be lost [ 67.407911][ T6963] [ 67.485468][ T6963] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 67.485539][ T6963] EXT4-fs (loop0): This should not happen!! Data will be lost [ 67.485539][ T6963] [ 67.485605][ T6963] EXT4-fs (loop0): Total free blocks count 0 [ 67.485634][ T6963] EXT4-fs (loop0): Free/Dirty block details [ 67.485666][ T6963] EXT4-fs (loop0): free_blocks=0 [ 67.485698][ T6963] EXT4-fs (loop0): dirty_blocks=32 [ 67.485725][ T6963] EXT4-fs (loop0): Block reservation details [ 67.565183][ T6939] loop1: detected capacity change from 0 to 32768 [ 67.640066][ T6954] loop4: detected capacity change from 0 to 32768 [ 67.663197][ T6939] jfs: Unknown parameter 'io' [ 67.753048][ T6965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.796211][ T6965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.098921][ T6974] loop0: detected capacity change from 0 to 128 [ 68.323346][ T6932] loop1: detected capacity change from 0 to 32768 [ 68.417806][ T6989] binder: 6983:6989 ioctl 40045402 20000140 returned -22 [ 68.477397][ T6987] mmap: syz.0.107 (6987) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 69.816264][ T7007] loop0: detected capacity change from 0 to 256 [ 69.825638][ T7007] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 69.825695][ T7007] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 69.832546][ T7007] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 69.870092][ T6994] loop4: detected capacity change from 0 to 32768 [ 69.878586][ T24] cfg80211: failed to load regulatory.db [ 69.942123][ T6496] ocfs2: Unmounting device (7,3) on (node local) [ 69.958314][ T6999] loop1: detected capacity change from 0 to 32768 [ 70.013440][ T7012] netlink: 28 bytes leftover after parsing attributes in process `syz.2.117'. [ 70.017640][ T6999] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 70.037209][ T12] (kworker/u8:0,12,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2 [ 70.190413][ T7018] netlink: 'syz.2.118': attribute type 6 has an invalid length. [ 70.249830][ T6492] ocfs2: Unmounting device (7,1) on (node local) [ 70.303776][ T7029] FAULT_INJECTION: forcing a failure. [ 70.303776][ T7029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 70.308538][ T7029] CPU: 0 UID: 0 PID: 7029 Comm: syz.1.120 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 70.308562][ T7029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 70.308569][ T7029] Call trace: [ 70.308573][ T7029] show_stack+0x2c/0x3c (C) [ 70.308591][ T7029] __dump_stack+0x30/0x40 [ 70.308603][ T7029] dump_stack_lvl+0xd8/0x12c [ 70.308613][ T7029] dump_stack+0x1c/0x28 [ 70.308622][ T7029] should_fail_ex+0x41c/0x594 [ 70.308635][ T7029] should_fail+0x14/0x24 [ 70.308645][ T7029] should_fail_usercopy+0x20/0x30 [ 70.308657][ T7029] simple_read_from_buffer+0xc4/0x254 [ 70.308669][ T7029] proc_fail_nth_read+0x130/0x19c [ 70.308681][ T7029] vfs_read+0x22c/0x898 [ 70.308692][ T7029] ksys_read+0x120/0x210 [ 70.308702][ T7029] __arm64_sys_read+0x7c/0x90 [ 70.308712][ T7029] invoke_syscall+0x98/0x2b8 [ 70.308723][ T7029] el0_svc_common+0x130/0x23c [ 70.308733][ T7029] do_el0_svc+0x48/0x58 [ 70.308743][ T7029] el0_svc+0x58/0x17c [ 70.308757][ T7029] el0t_64_sync_handler+0x78/0x108 [ 70.308770][ T7029] el0t_64_sync+0x198/0x19c [ 70.314091][ T7027] warning: `syz.3.115' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 70.341277][ T7027] FAULT_INJECTION: forcing a failure. [ 70.341277][ T7027] name failslab, interval 1, probability 0, space 0, times 0 [ 70.341316][ T7027] CPU: 1 UID: 0 PID: 7027 Comm: syz.3.115 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 70.341330][ T7027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 70.341337][ T7027] Call trace: [ 70.341340][ T7027] show_stack+0x2c/0x3c (C) [ 70.341357][ T7027] __dump_stack+0x30/0x40 [ 70.341368][ T7027] dump_stack_lvl+0xd8/0x12c [ 70.341378][ T7027] dump_stack+0x1c/0x28 [ 70.341387][ T7027] should_fail_ex+0x41c/0x594 [ 70.341400][ T7027] should_failslab+0xc0/0x128 [ 70.341413][ T7027] __kmalloc_noprof+0xf4/0x4c8 [ 70.341423][ T7027] genl_family_rcv_msg_attrs_parse+0xac/0x240 [ 70.341438][ T7027] genl_family_rcv_msg_doit+0xcc/0x2bc [ 70.341450][ T7027] genl_rcv_msg+0x450/0x624 [ 70.341461][ T7027] netlink_rcv_skb+0x230/0x414 [ 70.341472][ T7027] genl_rcv+0x38/0x50 [ 70.341482][ T7027] netlink_unicast+0x60c/0x824 [ 70.341493][ T7027] netlink_sendmsg+0x648/0x930 [ 70.341504][ T7027] ____sys_sendmsg+0x490/0x7b8 [ 70.341518][ T7027] ___sys_sendmsg+0x204/0x278 [ 70.341530][ T7027] __arm64_sys_sendmsg+0x184/0x238 [ 70.341544][ T7027] invoke_syscall+0x98/0x2b8 [ 70.341554][ T7027] el0_svc_common+0x130/0x23c [ 70.341564][ T7027] do_el0_svc+0x48/0x58 [ 70.341574][ T7027] el0_svc+0x58/0x17c [ 70.341588][ T7027] el0t_64_sync_handler+0x78/0x108 [ 70.341602][ T7027] el0t_64_sync+0x198/0x19c [ 70.411698][ T7031] capability: warning: `syz.4.121' uses 32-bit capabilities (legacy support in use) [ 70.546666][ T7038] loop3: detected capacity change from 0 to 128 [ 70.599685][ T7014] loop0: detected capacity change from 0 to 32768 [ 70.707265][ T7014] [ 70.707265][ T7014] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 70.707265][ T7014] [ 70.717399][ T7014] ERROR: (device loop0): diWrite: ixpxd invalid [ 70.717399][ T7014] [ 70.730099][ T7014] ERROR: (device loop0): txAbort: [ 70.730099][ T7014] [ 70.749049][ T7014] FAULT_INJECTION: forcing a failure. [ 70.749049][ T7014] name failslab, interval 1, probability 0, space 0, times 0 [ 70.749211][ T7014] CPU: 0 UID: 0 PID: 7014 Comm: syz.0.116 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 70.749228][ T7014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 70.749235][ T7014] Call trace: [ 70.749239][ T7014] show_stack+0x2c/0x3c (C) [ 70.749257][ T7014] __dump_stack+0x30/0x40 [ 70.749268][ T7014] dump_stack_lvl+0xd8/0x12c [ 70.749278][ T7014] dump_stack+0x1c/0x28 [ 70.749288][ T7014] should_fail_ex+0x41c/0x594 [ 70.749300][ T7014] should_failslab+0xc0/0x128 [ 70.749313][ T7014] __kmalloc_noprof+0xf4/0x4c8 [ 70.749324][ T7014] security_inode_init_security+0xf8/0x7f4 [ 70.749337][ T7014] jfs_init_security+0xa4/0xec [ 70.749350][ T7014] jfs_create+0x228/0x8c4 [ 70.749364][ T7014] path_openat+0x12d8/0x2c40 [ 70.749376][ T7014] do_filp_open+0x18c/0x36c [ 70.749387][ T7014] do_sys_openat2+0x11c/0x1b4 [ 70.749400][ T7014] __arm64_sys_openat+0x120/0x158 [ 70.749414][ T7014] invoke_syscall+0x98/0x2b8 [ 70.749424][ T7014] el0_svc_common+0x130/0x23c [ 70.749434][ T7014] do_el0_svc+0x48/0x58 [ 70.749444][ T7014] el0_svc+0x58/0x17c [ 70.749458][ T7014] el0t_64_sync_handler+0x78/0x108 [ 70.749471][ T7014] el0t_64_sync+0x198/0x19c [ 70.856724][ T6489] [ 70.856724][ T6489] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 70.856724][ T6489] [ 70.861354][ T6489] [ 70.861354][ T6489] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 70.861354][ T6489] [ 71.856929][ T7061] FAULT_INJECTION: forcing a failure. [ 71.856929][ T7061] name failslab, interval 1, probability 0, space 0, times 0 [ 71.858205][ T7061] CPU: 1 UID: 0 PID: 7061 Comm: syz.0.129 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 71.858220][ T7061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 71.858227][ T7061] Call trace: [ 71.858231][ T7061] show_stack+0x2c/0x3c (C) [ 71.858248][ T7061] __dump_stack+0x30/0x40 [ 71.858260][ T7061] dump_stack_lvl+0xd8/0x12c [ 71.858270][ T7061] dump_stack+0x1c/0x28 [ 71.858279][ T7061] should_fail_ex+0x41c/0x594 [ 71.858291][ T7061] should_failslab+0xc0/0x128 [ 71.858305][ T7061] kmem_cache_alloc_node_noprof+0x88/0x3f4 [ 71.858319][ T7061] __alloc_skb+0x144/0x2ec [ 71.858333][ T7061] __ip6_append_data+0x26b4/0x3684 [ 71.858345][ T7061] ip6_append_data+0x178/0x314 [ 71.858356][ T7061] rawv6_sendmsg+0xe3c/0x13e0 [ 71.858368][ T7061] inet_sendmsg+0x154/0x284 [ 71.858380][ T7061] sock_write_iter+0x25c/0x378 [ 71.858391][ T7061] do_iter_readv_writev+0x460/0x6a8 [ 71.858402][ T7061] vfs_writev+0x2b4/0x81c [ 71.858412][ T7061] do_writev+0x128/0x290 [ 71.858422][ T7061] __arm64_sys_writev+0x80/0x94 [ 71.858433][ T7061] invoke_syscall+0x98/0x2b8 [ 71.858444][ T7061] el0_svc_common+0x130/0x23c [ 71.858454][ T7061] do_el0_svc+0x48/0x58 [ 71.858464][ T7061] el0_svc+0x58/0x17c [ 71.858478][ T7061] el0t_64_sync_handler+0x78/0x108 [ 71.858491][ T7061] el0t_64_sync+0x198/0x19c [ 72.228595][ T7078] loop0: detected capacity change from 0 to 512 [ 72.231482][ T7078] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 72.231556][ T7078] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 72.307335][ T7078] EXT4-fs (loop0): 1 truncate cleaned up [ 72.309558][ T7078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.539741][ T7090] FAULT_INJECTION: forcing a failure. [ 72.539741][ T7090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 72.545011][ T7090] CPU: 1 UID: 0 PID: 7090 Comm: syz.3.139 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 72.545034][ T7090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 72.545047][ T7090] Call trace: [ 72.545051][ T7090] show_stack+0x2c/0x3c (C) [ 72.545069][ T7090] __dump_stack+0x30/0x40 [ 72.545081][ T7090] dump_stack_lvl+0xd8/0x12c [ 72.545091][ T7090] dump_stack+0x1c/0x28 [ 72.545100][ T7090] should_fail_ex+0x41c/0x594 [ 72.545113][ T7090] should_fail+0x14/0x24 [ 72.545123][ T7090] should_fail_usercopy+0x20/0x30 [ 72.545135][ T7090] copy_to_bpfptr_offset+0x64/0x160 [ 72.545148][ T7090] bpf_check+0x27cc/0x13a28 [ 72.545160][ T7090] bpf_prog_load+0xec8/0x13fc [ 72.545171][ T7090] __sys_bpf+0x43c/0x614 [ 72.545181][ T7090] __arm64_sys_bpf+0x80/0x98 [ 72.545191][ T7090] invoke_syscall+0x98/0x2b8 [ 72.545202][ T7090] el0_svc_common+0x130/0x23c [ 72.545212][ T7090] do_el0_svc+0x48/0x58 [ 72.545222][ T7090] el0_svc+0x58/0x17c [ 72.545236][ T7090] el0t_64_sync_handler+0x78/0x108 [ 72.545250][ T7090] el0t_64_sync+0x198/0x19c [ 72.631523][ T6489] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.697151][ T7094] FAULT_INJECTION: forcing a failure. [ 72.697151][ T7094] name failslab, interval 1, probability 0, space 0, times 0 [ 72.701022][ T7094] CPU: 1 UID: 0 PID: 7094 Comm: syz.3.142 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 72.701052][ T7094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 72.701060][ T7094] Call trace: [ 72.701064][ T7094] show_stack+0x2c/0x3c (C) [ 72.701082][ T7094] __dump_stack+0x30/0x40 [ 72.701094][ T7094] dump_stack_lvl+0xd8/0x12c [ 72.701105][ T7094] dump_stack+0x1c/0x28 [ 72.701115][ T7094] should_fail_ex+0x41c/0x594 [ 72.701128][ T7094] should_failslab+0xc0/0x128 [ 72.701142][ T7094] __kmalloc_cache_noprof+0x80/0x3fc [ 72.701154][ T7094] smb3_init_fs_context+0xa0/0x8a8 [ 72.701166][ T7094] alloc_fs_context+0x538/0x76c [ 72.701181][ T7094] fs_context_for_mount+0x34/0x44 [ 72.701194][ T7094] do_new_mount+0xfc/0x814 [ 72.701207][ T7094] path_mount+0x5b4/0xde0 [ 72.701219][ T7094] __arm64_sys_mount+0x3e8/0x468 [ 72.701231][ T7094] invoke_syscall+0x98/0x2b8 [ 72.701242][ T7094] el0_svc_common+0x130/0x23c [ 72.701277][ T7094] do_el0_svc+0x48/0x58 [ 72.701288][ T7094] el0_svc+0x58/0x17c [ 72.701303][ T7094] el0t_64_sync_handler+0x78/0x108 [ 72.701317][ T7094] el0t_64_sync+0x198/0x19c [ 72.823376][ T7096] syz.0.141 uses obsolete (PF_INET,SOCK_PACKET) [ 73.823069][ T7104] geneve2: entered promiscuous mode [ 73.823135][ T7104] geneve2: entered allmulticast mode [ 73.845879][ T7063] loop1: detected capacity change from 0 to 40427 [ 73.865099][ T7063] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 73.865165][ T7063] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 73.881918][ T7063] F2FS-fs (loop1): invalid crc value [ 73.981771][ T7107] loop3: detected capacity change from 0 to 40427 [ 73.989251][ T7107] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3fffff [ 73.989316][ T7107] F2FS-fs (loop3): Image doesn't support compression [ 73.989358][ T7107] F2FS-fs (loop3): Image doesn't support compression [ 73.997707][ T7107] F2FS-fs (loop3): invalid crc value [ 74.016717][ T7107] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 74.085764][ T7063] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 74.085843][ T7063] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 74.159766][ T7121] loop0: detected capacity change from 0 to 2048 [ 74.207214][ T7121] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 74.207327][ T7121] UDF-fs: Scanning with blocksize 512 failed [ 74.230551][ T7121] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 74.289634][ T7123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.289958][ T7123] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.296004][ T55] Bluetooth: hci0: Dropping invalid advertising data [ 74.298344][ T55] Bluetooth: hci0: unknown advertising packet type: 0x64 [ 74.298589][ T55] Bluetooth: hci0: Dropping invalid advertising data [ 74.302718][ T55] Bluetooth: hci0: Malformed LE Event: 0x02 [ 74.311785][ T55] Bluetooth: hci0: Dropping invalid advertising data [ 74.311852][ T55] Bluetooth: hci0: unknown advertising packet type: 0x64 [ 74.314086][ T55] Bluetooth: hci0: Dropping invalid advertising data [ 74.314156][ T55] Bluetooth: hci0: Malformed LE Event: 0x02 [ 74.510119][ T6539] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 74.683818][ T6539] usb 1-1: Using ep0 maxpacket: 8 [ 74.702387][ T6539] usb 1-1: config 44 has an invalid descriptor of length 194, skipping remainder of the config [ 74.702552][ T6539] usb 1-1: config 44 has 0 interfaces, different from the descriptor's value: 3 [ 74.717044][ T6539] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 74.717106][ T6539] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.717145][ T6539] usb 1-1: Product: syz [ 74.717180][ T6539] usb 1-1: Manufacturer: syz [ 74.717208][ T6539] usb 1-1: SerialNumber: syz [ 74.818509][ T7128] geneve1: mtu less than device minimum [ 74.854893][ T7119] loop2: detected capacity change from 0 to 32768 [ 74.861763][ T7119] xfs: Bad value for 'logbsize' [ 75.008745][ T6500] usb 1-1: USB disconnect, device number 2 [ 75.128424][ T6496] F2FS-fs (loop3): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x494/0x1a64 [ 75.132509][ T6496] F2FS-fs (loop3): invalid blkaddr: 1029, type: 10, run fsck to fix. [ 75.160813][ T7133] loop1: detected capacity change from 0 to 16 [ 75.178146][ T7133] erofs (device loop1): negative i_size @ nid 36 [ 75.209029][ T7133] loop1: detected capacity change from 0 to 1024 [ 75.242291][ T7135] overlay: filesystem on ./file0 not supported as upperdir [ 75.509793][ T7141] FAULT_INJECTION: forcing a failure. [ 75.509793][ T7141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 75.509926][ T7141] CPU: 1 UID: 0 PID: 7141 Comm: syz.2.155 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 75.509942][ T7141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 75.509949][ T7141] Call trace: [ 75.509953][ T7141] show_stack+0x2c/0x3c (C) [ 75.509970][ T7141] __dump_stack+0x30/0x40 [ 75.509988][ T7141] dump_stack_lvl+0xd8/0x12c [ 75.509998][ T7141] dump_stack+0x1c/0x28 [ 75.510008][ T7141] should_fail_ex+0x41c/0x594 [ 75.510021][ T7141] should_fail+0x14/0x24 [ 75.510037][ T7141] should_fail_usercopy+0x20/0x30 [ 75.510049][ T7141] simple_read_from_buffer+0xc4/0x254 [ 75.510061][ T7141] proc_fail_nth_read+0x130/0x19c [ 75.510074][ T7141] vfs_read+0x22c/0x898 [ 75.510084][ T7141] ksys_read+0x120/0x210 [ 75.510094][ T7141] __arm64_sys_read+0x7c/0x90 [ 75.510104][ T7141] invoke_syscall+0x98/0x2b8 [ 75.510115][ T7141] el0_svc_common+0x130/0x23c [ 75.510126][ T7141] do_el0_svc+0x48/0x58 [ 75.510136][ T7141] el0_svc+0x58/0x17c [ 75.510150][ T7141] el0t_64_sync_handler+0x78/0x108 [ 75.510163][ T7141] el0t_64_sync+0x198/0x19c [ 75.989119][ T7154] FAULT_INJECTION: forcing a failure. [ 75.989119][ T7154] name failslab, interval 1, probability 0, space 0, times 0 [ 75.989297][ T7154] CPU: 1 UID: 0 PID: 7154 Comm: syz.0.160 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 75.989314][ T7154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 75.989321][ T7154] Call trace: [ 75.989325][ T7154] show_stack+0x2c/0x3c (C) [ 75.989342][ T7154] __dump_stack+0x30/0x40 [ 75.989354][ T7154] dump_stack_lvl+0xd8/0x12c [ 75.989363][ T7154] dump_stack+0x1c/0x28 [ 75.989373][ T7154] should_fail_ex+0x41c/0x594 [ 75.989386][ T7154] should_failslab+0xc0/0x128 [ 75.989399][ T7154] __kmalloc_noprof+0xf4/0x4c8 [ 75.989410][ T7154] tomoyo_realpath_from_path+0xc4/0x4d4 [ 75.989423][ T7154] tomoyo_path_number_perm+0x1a0/0x47c [ 75.989435][ T7154] tomoyo_file_ioctl+0x2c/0x3c [ 75.989448][ T7154] security_file_ioctl+0xe8/0x2f0 [ 75.989461][ T7154] __arm64_sys_ioctl+0xa8/0x1c4 [ 75.989474][ T7154] invoke_syscall+0x98/0x2b8 [ 75.989485][ T7154] el0_svc_common+0x130/0x23c [ 75.989495][ T7154] do_el0_svc+0x48/0x58 [ 75.989509][ T7154] el0_svc+0x58/0x17c [ 75.989524][ T7154] el0t_64_sync_handler+0x78/0x108 [ 75.989537][ T7154] el0t_64_sync+0x198/0x19c [ 76.007343][ T7154] ERROR: Out of memory at tomoyo_realpath_from_path. [ 76.102177][ T7156] sctp: [Deprecated]: syz.2.161 (pid 7156) Use of int in max_burst socket option deprecated. [ 76.102177][ T7156] Use struct sctp_assoc_value instead [ 76.364522][ T7162] netlink: 12 bytes leftover after parsing attributes in process `syz.1.162'. [ 76.365418][ T7162] FAULT_INJECTION: forcing a failure. [ 76.365418][ T7162] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 76.365593][ T7162] CPU: 0 UID: 0 PID: 7162 Comm: syz.1.162 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 76.365611][ T7162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 76.365619][ T7162] Call trace: [ 76.365623][ T7162] show_stack+0x2c/0x3c (C) [ 76.365640][ T7162] __dump_stack+0x30/0x40 [ 76.365652][ T7162] dump_stack_lvl+0xd8/0x12c [ 76.365662][ T7162] dump_stack+0x1c/0x28 [ 76.365671][ T7162] should_fail_ex+0x41c/0x594 [ 76.365684][ T7162] should_fail+0x14/0x24 [ 76.365694][ T7162] should_fail_usercopy+0x20/0x30 [ 76.365706][ T7162] _inline_copy_from_user+0x40/0x180 [ 76.365718][ T7162] kstrtouint_from_user+0xbc/0x158 [ 76.365730][ T7162] proc_fail_nth_write+0x94/0x190 [ 76.365742][ T7162] vfs_write+0x2a0/0x97c [ 76.365753][ T7162] ksys_write+0x120/0x210 [ 76.365763][ T7162] __arm64_sys_write+0x7c/0x90 [ 76.365773][ T7162] invoke_syscall+0x98/0x2b8 [ 76.365783][ T7162] el0_svc_common+0x130/0x23c [ 76.365793][ T7162] do_el0_svc+0x48/0x58 [ 76.365803][ T7162] el0_svc+0x58/0x17c [ 76.365817][ T7162] el0t_64_sync_handler+0x78/0x108 [ 76.365830][ T7162] el0t_64_sync+0x198/0x19c [ 76.376892][ T7145] loop3: detected capacity change from 0 to 32768 [ 76.460941][ T7164] loop0: detected capacity change from 0 to 512 [ 76.499138][ T7145] find_entry called with index >= next_index [ 76.524366][ T7164] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.164: casefold flag without casefold feature [ 76.535927][ T7164] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.164: couldn't read orphan inode 15 (err -117) [ 76.563383][ T7164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.778816][ T7170] netlink: 6 bytes leftover after parsing attributes in process `syz.4.165'. [ 76.840114][ T6489] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.876843][ T7176] FAULT_INJECTION: forcing a failure. [ 76.876843][ T7176] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 76.882491][ T7176] CPU: 0 UID: 0 PID: 7176 Comm: syz.4.170 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 76.882512][ T7176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 76.882520][ T7176] Call trace: [ 76.882524][ T7176] show_stack+0x2c/0x3c (C) [ 76.882541][ T7176] __dump_stack+0x30/0x40 [ 76.882553][ T7176] dump_stack_lvl+0xd8/0x12c [ 76.882563][ T7176] dump_stack+0x1c/0x28 [ 76.882572][ T7176] should_fail_ex+0x41c/0x594 [ 76.882585][ T7176] should_fail_alloc_page+0xec/0x10c [ 76.882599][ T7176] prepare_alloc_pages+0x1c8/0x50c [ 76.882610][ T7176] __alloc_frozen_pages_noprof+0x134/0x318 [ 76.882622][ T7176] alloc_pages_mpol+0x1e4/0x460 [ 76.882635][ T7176] folio_alloc_mpol_noprof+0x4c/0x24c [ 76.882649][ T7176] vma_alloc_folio_noprof+0xf4/0x230 [ 76.882659][ T7176] vma_alloc_zeroed_movable_folio+0x70/0x84 [ 76.882674][ T7176] folio_prealloc+0x3c/0x1c0 [ 76.882685][ T7176] handle_mm_fault+0x3bdc/0x4d18 [ 76.882699][ T7176] do_page_fault+0x428/0x1554 [ 76.882712][ T7176] do_translation_fault+0xc4/0x114 [ 76.882725][ T7176] do_mem_abort+0x70/0x194 [ 76.882738][ T7176] el0_da+0x64/0x160 [ 76.882752][ T7176] el0t_64_sync_handler+0x84/0x108 [ 76.882765][ T7176] el0t_64_sync+0x198/0x19c [ 76.907274][ T7176] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 76.951143][ T7176] loop4: detected capacity change from 0 to 4096 [ 76.954837][ T7178] netlink: 'syz.1.167': attribute type 1 has an invalid length. [ 76.966923][ T7176] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 76.977603][ T7179] loop2: detected capacity change from 0 to 2048 [ 77.040713][ T7182] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.902142][ T7192] FAULT_INJECTION: forcing a failure. [ 77.902142][ T7192] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 77.902286][ T7192] CPU: 1 UID: 0 PID: 7192 Comm: syz.3.171 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 77.902300][ T7192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 77.902307][ T7192] Call trace: [ 77.902310][ T7192] show_stack+0x2c/0x3c (C) [ 77.902327][ T7192] __dump_stack+0x30/0x40 [ 77.902338][ T7192] dump_stack_lvl+0xd8/0x12c [ 77.902348][ T7192] dump_stack+0x1c/0x28 [ 77.902357][ T7192] should_fail_ex+0x41c/0x594 [ 77.902369][ T7192] should_fail+0x14/0x24 [ 77.902380][ T7192] should_fail_usercopy+0x20/0x30 [ 77.902391][ T7192] copy_page_from_iter_atomic+0x338/0x1458 [ 77.902405][ T7192] generic_perform_write+0x4c0/0x79c [ 77.902417][ T7192] shmem_file_write_iter+0x10c/0x134 [ 77.902428][ T7192] vfs_write+0x62c/0x97c [ 77.902439][ T7192] ksys_write+0x120/0x210 [ 77.902448][ T7192] __arm64_sys_write+0x7c/0x90 [ 77.902458][ T7192] invoke_syscall+0x98/0x2b8 [ 77.902469][ T7192] el0_svc_common+0x130/0x23c [ 77.902479][ T7192] do_el0_svc+0x48/0x58 [ 77.902488][ T7192] el0_svc+0x58/0x17c [ 77.902502][ T7192] el0t_64_sync_handler+0x78/0x108 [ 77.902515][ T7192] el0t_64_sync+0x198/0x19c [ 77.951063][ T7192] loop3: detected capacity change from 0 to 128 [ 77.957325][ T7192] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 77.962943][ T7192] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 78.032965][ T7198] loop0: detected capacity change from 0 to 4096 [ 78.116084][ T7198] ntfs3(loop0): ino=4, mi_enum_attr [ 78.116283][ T7198] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 78.118112][ T7198] ntfs3(loop0): Failed to load $AttrDef (-22) [ 78.133351][ T7203] FAULT_INJECTION: forcing a failure. [ 78.133351][ T7203] name failslab, interval 1, probability 0, space 0, times 0 [ 78.133424][ T7203] CPU: 1 UID: 0 PID: 7203 Comm: syz.3.176 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 78.133439][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 78.133446][ T7203] Call trace: [ 78.133450][ T7203] show_stack+0x2c/0x3c (C) [ 78.133468][ T7203] __dump_stack+0x30/0x40 [ 78.133480][ T7203] dump_stack_lvl+0xd8/0x12c [ 78.133491][ T7203] dump_stack+0x1c/0x28 [ 78.133500][ T7203] should_fail_ex+0x41c/0x594 [ 78.133512][ T7203] should_failslab+0xc0/0x128 [ 78.133526][ T7203] kmem_cache_alloc_noprof+0x80/0x3e8 [ 78.133541][ T7203] ovs_flow_alloc+0x30/0x204 [ 78.133555][ T7203] ovs_flow_cmd_new+0x1c0/0xa64 [ 78.133567][ T7203] genl_family_rcv_msg_doit+0x1d8/0x2bc [ 78.133580][ T7203] genl_rcv_msg+0x450/0x624 [ 78.133592][ T7203] netlink_rcv_skb+0x230/0x414 [ 78.133603][ T7203] genl_rcv+0x38/0x50 [ 78.133614][ T7203] netlink_unicast+0x60c/0x824 [ 78.133624][ T7203] netlink_sendmsg+0x648/0x930 [ 78.133635][ T7203] ____sys_sendmsg+0x490/0x7b8 [ 78.133649][ T7203] ___sys_sendmsg+0x204/0x278 [ 78.133662][ T7203] __arm64_sys_sendmsg+0x184/0x238 [ 78.133675][ T7203] invoke_syscall+0x98/0x2b8 [ 78.133686][ T7203] el0_svc_common+0x130/0x23c [ 78.133697][ T7203] do_el0_svc+0x48/0x58 [ 78.133707][ T7203] el0_svc+0x58/0x17c [ 78.133720][ T7203] el0t_64_sync_handler+0x78/0x108 [ 78.133734][ T7203] el0t_64_sync+0x198/0x19c [ 78.223586][ T7206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.178'. [ 78.432716][ T7211] loop3: detected capacity change from 0 to 512 [ 78.443009][ T7211] EXT4-fs (loop3): Test dummy encryption mode enabled [ 78.464293][ T7212] loop1: detected capacity change from 0 to 4096 [ 78.479210][ T7211] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.485027][ T7215] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.515374][ T7211] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-ce" [ 78.636766][ T7211] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 79.314340][ T7208] loop4: detected capacity change from 0 to 32768 [ 80.199349][ T7232] FAULT_INJECTION: forcing a failure. [ 80.199349][ T7232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.199423][ T7232] CPU: 1 UID: 0 PID: 7232 Comm: syz.2.184 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 80.199439][ T7232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 80.199447][ T7232] Call trace: [ 80.199451][ T7232] show_stack+0x2c/0x3c (C) [ 80.199468][ T7232] __dump_stack+0x30/0x40 [ 80.199479][ T7232] dump_stack_lvl+0xd8/0x12c [ 80.199489][ T7232] dump_stack+0x1c/0x28 [ 80.199499][ T7232] should_fail_ex+0x41c/0x594 [ 80.199511][ T7232] should_fail+0x14/0x24 [ 80.199522][ T7232] should_fail_usercopy+0x20/0x30 [ 80.199534][ T7232] _copy_from_iter+0x194/0x1284 [ 80.199546][ T7232] netlink_sendmsg+0x548/0x930 [ 80.199559][ T7232] ____sys_sendmsg+0x490/0x7b8 [ 80.199573][ T7232] ___sys_sendmsg+0x204/0x278 [ 80.199586][ T7232] __arm64_sys_sendmsg+0x184/0x238 [ 80.199599][ T7232] invoke_syscall+0x98/0x2b8 [ 80.199610][ T7232] el0_svc_common+0x130/0x23c [ 80.199620][ T7232] do_el0_svc+0x48/0x58 [ 80.199630][ T7232] el0_svc+0x58/0x17c [ 80.199644][ T7232] el0t_64_sync_handler+0x78/0x108 [ 80.199657][ T7232] el0t_64_sync+0x198/0x19c [ 80.243147][ T7236] loop0: detected capacity change from 0 to 64 [ 80.263651][ T7233] loop1: detected capacity change from 0 to 1024 [ 80.423236][ T7238] mmap: syz.2.186 (7238): VmData 37617664 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data. [ 80.434926][ T7242] loop1: detected capacity change from 0 to 64 [ 80.709121][ T6496] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.804566][ T7258] loop2: detected capacity change from 0 to 1024 [ 80.842000][ T7258] ext4: Unknown parameter 'euid<00000000000000060929' [ 80.897819][ T7249] loop0: detected capacity change from 0 to 32768 [ 80.951053][ T7269] Bluetooth: MGMT ver 1.23 [ 80.951348][ T7269] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 80.975516][ T7249] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 81.171257][ T7249] XFS (loop0): Ending clean mount [ 81.174353][ T7249] XFS (loop0): Quotacheck needed: Please wait. [ 81.819612][ T7249] XFS (loop0): Quotacheck: Done. [ 81.893812][ T7253] netlink: 12 bytes leftover after parsing attributes in process `syz.0.189'. [ 82.089256][ T6489] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 83.001873][ T7259] loop1: detected capacity change from 0 to 32768 [ 83.066748][ T7291] FAULT_INJECTION: forcing a failure. [ 83.066748][ T7291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.066886][ T7291] CPU: 0 UID: 0 PID: 7291 Comm: syz.0.196 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 83.066902][ T7291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 83.066910][ T7291] Call trace: [ 83.066913][ T7291] show_stack+0x2c/0x3c (C) [ 83.066930][ T7291] __dump_stack+0x30/0x40 [ 83.066941][ T7291] dump_stack_lvl+0xd8/0x12c [ 83.066951][ T7291] dump_stack+0x1c/0x28 [ 83.066961][ T7291] should_fail_ex+0x41c/0x594 [ 83.066974][ T7291] should_fail+0x14/0x24 [ 83.066992][ T7291] should_fail_usercopy+0x20/0x30 [ 83.067004][ T7291] _inline_copy_from_user+0x40/0x180 [ 83.067018][ T7291] __sys_bpf+0x180/0x614 [ 83.067028][ T7291] __arm64_sys_bpf+0x80/0x98 [ 83.067038][ T7291] invoke_syscall+0x98/0x2b8 [ 83.067049][ T7291] el0_svc_common+0x130/0x23c [ 83.067059][ T7291] do_el0_svc+0x48/0x58 [ 83.067069][ T7291] el0_svc+0x58/0x17c [ 83.067088][ T7291] el0t_64_sync_handler+0x78/0x108 [ 83.067102][ T7291] el0t_64_sync+0x198/0x19c [ 83.708201][ T7259] workqueue: Failed to create a rescuer kthread for wq "bcachefs_journal": -EINTR [ 83.708336][ T7259] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 83.900969][ T7303] netlink: 'syz.0.199': attribute type 13 has an invalid length. [ 83.976276][ T7259] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc [ 84.060746][ T7306] Soft offlining pfn 0x12176f at process virtual address 0x20000000 [ 84.063297][ T7306] Soft offlining pfn 0x20b68f at process virtual address 0x20001000 [ 84.065807][ T7306] Memory failure: 0x20b68f: unhandlable page. [ 84.082022][ T7303] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.082196][ T7303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.082916][ T7303] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.083008][ T7303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.109281][ T7306] netlink: 48 bytes leftover after parsing attributes in process `syz.1.200'. [ 84.114349][ T7303] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 84.274647][ T7312] FAULT_INJECTION: forcing a failure. [ 84.274647][ T7312] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 84.278655][ T7312] CPU: 1 UID: 0 PID: 7312 Comm: syz.0.202 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 84.278681][ T7312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 84.278689][ T7312] Call trace: [ 84.278693][ T7312] show_stack+0x2c/0x3c (C) [ 84.278711][ T7312] __dump_stack+0x30/0x40 [ 84.278723][ T7312] dump_stack_lvl+0xd8/0x12c [ 84.278734][ T7312] dump_stack+0x1c/0x28 [ 84.278744][ T7312] should_fail_ex+0x41c/0x594 [ 84.278757][ T7312] should_fail_alloc_page+0xec/0x10c [ 84.278771][ T7312] prepare_alloc_pages+0x1c8/0x50c [ 84.278783][ T7312] __alloc_frozen_pages_noprof+0x134/0x318 [ 84.278796][ T7312] alloc_pages_mpol+0x1e4/0x460 [ 84.278811][ T7312] folio_alloc_mpol_noprof+0x4c/0x24c [ 84.278825][ T7312] vma_alloc_folio_noprof+0xf4/0x230 [ 84.278836][ T7312] vma_alloc_zeroed_movable_folio+0x70/0x84 [ 84.278851][ T7312] folio_prealloc+0x3c/0x1c0 [ 84.278862][ T7312] handle_mm_fault+0x3bdc/0x4d18 [ 84.278877][ T7312] do_page_fault+0x428/0x1554 [ 84.278890][ T7312] do_translation_fault+0xc4/0x114 [ 84.278905][ T7312] do_mem_abort+0x70/0x194 [ 84.278918][ T7312] el0_da+0x64/0x160 [ 84.278933][ T7312] el0t_64_sync_handler+0x84/0x108 [ 84.278947][ T7312] el0t_64_sync+0x198/0x19c [ 84.387159][ T7312] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 84.414139][ T7299] loop2: detected capacity change from 0 to 32768 [ 84.495379][ T7312] loop0: detected capacity change from 0 to 4096 [ 84.544842][ T7299] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 84.555517][ T7312] ntfs3(loop0): ino=4, mi_enum_attr [ 84.558265][ T7312] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 84.569138][ T7312] ntfs3(loop0): Failed to load $AttrDef (-22) [ 84.692771][ T7299] XFS (loop2): Ending clean mount [ 84.695863][ T7299] XFS (loop2): Quotacheck needed: Please wait. [ 84.793683][ T7299] XFS (loop2): Quotacheck: Done. [ 84.861314][ T6499] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 85.232424][ T7324] loop1: detected capacity change from 0 to 32768 [ 85.262335][ T7324] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.203 (7324) [ 85.311066][ T7324] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 85.314890][ T7324] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 85.320009][ T7324] BTRFS info (device loop1): using free-space-tree [ 85.412901][ T7334] binder: 7328:7334 tried to acquire reference to desc 0, got 1 instead [ 85.413918][ T7334] binder: 7328:7334 unknown command 1 [ 85.414058][ T7334] binder: 7328:7334 ioctl c0306201 20000180 returned -22 [ 86.251235][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.251375][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252261][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252302][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252334][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252364][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252394][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252424][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252454][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252484][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252513][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252543][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252573][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252603][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.252632][ T1804] hid-generic 0000:0000:0100.0001: unknown main item tag 0x0 [ 86.303753][ T1804] hid-generic 0000:0000:0100.0001: hidraw0: HID vffffff.fe Device [syz0] on syz1 [ 86.582806][ T7359] loop3: detected capacity change from 0 to 512 [ 86.597918][ T7359] EXT4-fs: Ignoring removed bh option [ 86.598026][ T7359] EXT4-fs: user quota file already specified [ 86.763515][ T7327] loop2: detected capacity change from 0 to 65536 [ 86.788581][ T7327] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 86.834583][ T7327] XFS (loop2): Ending clean mount [ 86.840472][ T7327] XFS (loop2): Quotacheck needed: Please wait. [ 86.873788][ T7327] XFS (loop2): Quotacheck: Done. [ 86.886489][ T7327] XFS (loop2): EXPERIMENTAL online shrink feature enabled. Use at your own risk! [ 87.138666][ T6499] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 87.286709][ T6492] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 87.386231][ T7377] loop3: detected capacity change from 0 to 2048 [ 87.429002][ T7377] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 87.468193][ T7380] loop2: detected capacity change from 0 to 1024 [ 87.472439][ T7378] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 87.530252][ T6496] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 147 [ 87.530391][ T6496] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 87.532938][ T6496] Remounting filesystem read-only [ 87.532968][ T6496] NILFS (loop3): error -5 truncating bmap (ino=15) [ 87.541932][ T6496] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 87.576078][ T7380] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.596064][ T7380] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 87.605307][ T7387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.213'. [ 87.611498][ T7387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.213'. [ 87.776020][ T6499] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.838842][ T7382] loop1: detected capacity change from 0 to 32768 [ 87.863808][ T7382] JBD2: Ignoring recovery information on journal [ 87.912656][ T7382] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 87.975168][ T6492] ocfs2: Unmounting device (7,1) on (node local) [ 88.206838][ T7409] loop1: detected capacity change from 0 to 4096 [ 88.221958][ T7409] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 88.342196][ T7398] loop2: detected capacity change from 0 to 32768 [ 88.555415][ T7398] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 88.566013][ T7415] loop3: detected capacity change from 0 to 32768 [ 88.569666][ T7415] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.220 (7415) [ 88.590396][ T7415] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 88.590506][ T7415] BTRFS info (device loop3): using crc32c (crc32c-arm64) checksum algorithm [ 88.590541][ T7415] BTRFS info (device loop3): using free-space-tree [ 88.611492][ T7398] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 88.611492][ T7398] allowing incompatible features above 0.0: (unknown version) [ 88.621922][ T7398] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 88.624670][ T7398] bcachefs (loop2): Version upgrade required: [ 88.624670][ T7398] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 88.624670][ T7398] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 88.624670][ T7398] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 88.639156][ T7398] bcachefs (loop2): dropping and reconstructing all alloc info [ 88.654812][ T7398] bcachefs (loop2): accounting_read... done [ 88.670254][ T7398] bcachefs (loop2): alloc_read... done [ 88.670310][ T7398] bcachefs (loop2): snapshots_read... done [ 88.670690][ T7398] bcachefs (loop2): done starting filesystem [ 88.716903][ T6499] bcachefs (loop2): shutting down [ 88.785043][ T7434] loop1: detected capacity change from 0 to 4096 [ 88.921228][ T6499] bcachefs (loop2): shutdown complete [ 89.516512][ T6496] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 89.756026][ T7444] loop3: detected capacity change from 0 to 4096 [ 89.786359][ T7444] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 89.804261][ T7444] ntfs3(loop3): ino=1a, mi_enum_attr [ 89.805901][ T7444] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 89.816254][ T7444] ntfs3(loop3): Failed to initialize $Extend/$ObjId. [ 89.889909][ T6552] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 89.898688][ T6552] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 90.252815][ T7449] netlink: 'syz.1.225': attribute type 142 has an invalid length. [ 91.399832][ T7455] loop3: detected capacity change from 0 to 32768 [ 91.402570][ T7455] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.227 (7455) [ 91.409946][ T7455] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 91.410053][ T7455] BTRFS info (device loop3): using crc32c (crc32c-arm64) checksum algorithm [ 91.410108][ T7455] BTRFS info (device loop3): using free-space-tree [ 91.742756][ T7480] FAULT_INJECTION: forcing a failure. [ 91.742756][ T7480] name failslab, interval 1, probability 0, space 0, times 0 [ 91.742894][ T7480] CPU: 1 UID: 0 PID: 7480 Comm: syz.3.227 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 91.742909][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 91.742917][ T7480] Call trace: [ 91.742922][ T7480] show_stack+0x2c/0x3c (C) [ 91.742938][ T7480] __dump_stack+0x30/0x40 [ 91.742950][ T7480] dump_stack_lvl+0xd8/0x12c [ 91.742960][ T7480] dump_stack+0x1c/0x28 [ 91.742969][ T7480] should_fail_ex+0x41c/0x594 [ 91.742989][ T7480] should_failslab+0xc0/0x128 [ 91.743003][ T7480] kmem_cache_alloc_noprof+0x80/0x3e8 [ 91.743019][ T7480] alloc_empty_file+0x60/0x1c0 [ 91.743030][ T7480] alloc_file_pseudo+0x120/0x1f4 [ 91.743041][ T7480] __shmem_file_setup+0x20c/0x28c [ 91.743052][ T7480] shmem_file_setup+0x40/0x54 [ 91.743063][ T7480] __arm64_sys_memfd_create+0x300/0x6f4 [ 91.743076][ T7480] invoke_syscall+0x98/0x2b8 [ 91.743086][ T7480] el0_svc_common+0x130/0x23c [ 91.743097][ T7480] do_el0_svc+0x48/0x58 [ 91.743107][ T7480] el0_svc+0x58/0x17c [ 91.743121][ T7480] el0t_64_sync_handler+0x78/0x108 [ 91.743134][ T7480] el0t_64_sync+0x198/0x19c [ 92.104827][ T7481] netlink: 24 bytes leftover after parsing attributes in process `syz.1.231'. [ 92.290404][ T6496] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 92.643513][ T7493] loop3: detected capacity change from 0 to 256 [ 92.646115][ T7493] vfat: Unknown parameter 'nnonumtail' [ 92.674227][ T7493] loop3: detected capacity change from 0 to 2048 [ 92.706687][ T7485] loop1: detected capacity change from 0 to 32768 [ 92.729263][ T7493] UDF-fs: warning (device loop3): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount [ 92.817519][ T7496] FAULT_INJECTION: forcing a failure. [ 92.817519][ T7496] name failslab, interval 1, probability 0, space 0, times 0 [ 92.817590][ T7496] CPU: 1 UID: 0 PID: 7496 Comm: syz.3.236 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 92.817606][ T7496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 92.817613][ T7496] Call trace: [ 92.817617][ T7496] show_stack+0x2c/0x3c (C) [ 92.817634][ T7496] __dump_stack+0x30/0x40 [ 92.817645][ T7496] dump_stack_lvl+0xd8/0x12c [ 92.817655][ T7496] dump_stack+0x1c/0x28 [ 92.817665][ T7496] should_fail_ex+0x41c/0x594 [ 92.817677][ T7496] should_failslab+0xc0/0x128 [ 92.817690][ T7496] __kmalloc_node_noprof+0xf8/0x4d4 [ 92.817701][ T7496] __vmalloc_node_range_noprof+0x4ec/0xfbc [ 92.817714][ T7496] __vmalloc_noprof+0xf8/0x154 [ 92.817725][ T7496] bpf_prog_alloc_no_stats+0x5c/0x460 [ 92.817737][ T7496] bpf_prog_alloc+0x48/0x10c [ 92.817747][ T7496] bpf_prog_load+0x520/0x13fc [ 92.817758][ T7496] __sys_bpf+0x43c/0x614 [ 92.817768][ T7496] __arm64_sys_bpf+0x80/0x98 [ 92.817778][ T7496] invoke_syscall+0x98/0x2b8 [ 92.817789][ T7496] el0_svc_common+0x130/0x23c [ 92.817799][ T7496] do_el0_svc+0x48/0x58 [ 92.817809][ T7496] el0_svc+0x58/0x17c [ 92.817838][ T7496] el0t_64_sync_handler+0x78/0x108 [ 92.817852][ T7496] el0t_64_sync+0x198/0x19c [ 92.849845][ T7496] syz.3.236: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0 [ 92.849950][ T7496] CPU: 0 UID: 0 PID: 7496 Comm: syz.3.236 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 92.849964][ T7496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 92.849971][ T7496] Call trace: [ 92.849975][ T7496] show_stack+0x2c/0x3c (C) [ 92.850001][ T7496] __dump_stack+0x30/0x40 [ 92.850012][ T7496] dump_stack_lvl+0xd8/0x12c [ 92.850023][ T7496] dump_stack+0x1c/0x28 [ 92.850032][ T7496] warn_alloc+0x1f8/0x30c [ 92.850044][ T7496] __vmalloc_node_range_noprof+0x594/0xfbc [ 92.850056][ T7496] __vmalloc_noprof+0xf8/0x154 [ 92.850068][ T7496] bpf_prog_alloc_no_stats+0x5c/0x460 [ 92.850079][ T7496] bpf_prog_alloc+0x48/0x10c [ 92.850090][ T7496] bpf_prog_load+0x520/0x13fc [ 92.850101][ T7496] __sys_bpf+0x43c/0x614 [ 92.850110][ T7496] __arm64_sys_bpf+0x80/0x98 [ 92.850129][ T7496] invoke_syscall+0x98/0x2b8 [ 92.850140][ T7496] el0_svc_common+0x130/0x23c [ 92.850151][ T7496] do_el0_svc+0x48/0x58 [ 92.850161][ T7496] el0_svc+0x58/0x17c [ 92.850175][ T7496] el0t_64_sync_handler+0x78/0x108 [ 92.850188][ T7496] el0t_64_sync+0x198/0x19c [ 92.850202][ T7496] Mem-Info: [ 92.850351][ T7496] active_anon:2966 inactive_anon:10890 isolated_anon:0 [ 92.850351][ T7496] active_file:3108 inactive_file:4740 isolated_file:0 [ 92.850351][ T7496] unevictable:768 dirty:486 writeback:0 [ 92.850351][ T7496] slab_reclaimable:10352 slab_unreclaimable:105714 [ 92.850351][ T7496] mapped:29804 shmem:9441 pagetables:747 [ 92.850351][ T7496] sec_pagetables:0 bounce:0 [ 92.850351][ T7496] kernel_misc_reclaimable:0 [ 92.850351][ T7496] free:1426860 free_pcp:1108 free_cma:7360 [ 92.850394][ T7496] Node 0 active_anon:11864kB inactive_anon:43560kB active_file:12432kB inactive_file:18960kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:119216kB dirty:1944kB writeback:0kB shmem:37764kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8668kB pagetables:2988kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 92.850437][ T7496] Node 0 DMA free:3076864kB boost:0kB min:20840kB low:26048kB high:31256kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:29440kB [ 92.850487][ T7496] lowmem_reserve[]: 0 0 3498 3498 3498 [ 92.850555][ T7496] Node 0 Normal free:2630576kB boost:0kB min:24212kB low:30264kB high:36316kB reserved_highatomic:0KB active_anon:11864kB inactive_anon:43560kB active_file:12432kB inactive_file:18960kB unevictable:3072kB writepending:1944kB present:5242880kB managed:3582812kB mlocked:0kB bounce:0kB free_pcp:4424kB local_pcp:1336kB free_cma:0kB [ 92.850605][ T7496] lowmem_reserve[]: 0 0 0 0 0 [ 92.850672][ T7496] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB [ 92.850846][ T7496] Node 0 Normal: 933*4kB (UE) 346*8kB (UE) 239*16kB (UME) 24*32kB (UE) 122*64kB (UME) 123*128kB (UME) 96*256kB (UME) 40*512kB (UME) 15*1024kB (UME) 6*2048kB (UME) 616*4096kB (M) = 2630484kB [ 92.851096][ T7496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 92.851118][ T7496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 92.851142][ T7496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 92.851164][ T7496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 92.851185][ T7496] 17279 total pagecache pages [ 92.858570][ T7496] 0 pages in swap cache [ 92.858596][ T7496] Free swap = 124996kB [ 92.858613][ T7496] Total swap = 124996kB [ 92.858630][ T7496] 2097152 pages RAM [ 92.858647][ T7496] 0 pages HighMem/MovableOnly [ 92.858663][ T7496] 431401 pages reserved [ 92.858679][ T7496] 8192 pages cma reserved [ 92.858696][ T7496] 1 pages hwpoisoned [ 93.022083][ T7491] loop2: detected capacity change from 0 to 32768 [ 93.040569][ T7491] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 93.080824][ T7491] XFS (loop2): Ending clean mount [ 93.100018][ T7491] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x50/0xf0, xfs_cntbt block 0x10 [ 93.100209][ T7491] XFS (loop2): Unmount and run xfs_repair [ 93.100233][ T7491] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 93.100256][ T7491] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 93.100278][ T7491] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 93.100300][ T7491] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 93.100321][ T7491] 00000030: 00 00 00 87 00 00 00 11 00 00 04 4e 00 00 00 02 ...........N.... [ 93.100342][ T7491] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 93.100364][ T7491] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 93.100385][ T7491] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 93.100406][ T7491] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 93.100431][ T7491] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1f8/0x380" at daddr 0x10 len 8 error 74 [ 93.155961][ T7491] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x4c8/0x964 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 93.156074][ T7491] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 93.198243][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.234'. [ 93.322425][ T6499] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 94.211920][ T7500] loop3: detected capacity change from 0 to 40427 [ 94.223601][ T7500] F2FS-fs (loop3): invalid crc value [ 94.248517][ T7500] F2FS-fs (loop3): Start checkpoint disabled! [ 94.253831][ T7500] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 94.402994][ T7500] FAULT_INJECTION: forcing a failure. [ 94.402994][ T7500] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 94.403144][ T7500] CPU: 0 UID: 0 PID: 7500 Comm: syz.3.237 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 94.403158][ T7500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 94.403165][ T7500] Call trace: [ 94.403169][ T7500] show_stack+0x2c/0x3c (C) [ 94.403186][ T7500] __dump_stack+0x30/0x40 [ 94.403198][ T7500] dump_stack_lvl+0xd8/0x12c [ 94.403208][ T7500] dump_stack+0x1c/0x28 [ 94.403217][ T7500] should_fail_ex+0x41c/0x594 [ 94.403230][ T7500] should_fail_alloc_page+0xec/0x10c [ 94.403244][ T7500] prepare_alloc_pages+0x1c8/0x50c [ 94.403255][ T7500] __alloc_frozen_pages_noprof+0x134/0x318 [ 94.403267][ T7500] alloc_pages_mpol+0x1e4/0x460 [ 94.403281][ T7500] alloc_pages_noprof+0xe0/0x308 [ 94.403290][ T7500] folio_alloc_noprof+0x2c/0x14c [ 94.403300][ T7500] filemap_alloc_folio_noprof+0xc4/0x3ac [ 94.403312][ T7500] __filemap_get_folio+0x448/0xc58 [ 94.403323][ T7500] f2fs_grab_cache_page+0x220/0x3d0 [ 94.403335][ T7500] f2fs_convert_inline_inode+0x50c/0x65c [ 94.403347][ T7500] f2fs_file_write_iter+0xcbc/0x1ba4 [ 94.403358][ T7500] vfs_write+0x62c/0x97c [ 94.403369][ T7500] __arm64_sys_pwrite64+0x170/0x208 [ 94.403380][ T7500] invoke_syscall+0x98/0x2b8 [ 94.403390][ T7500] el0_svc_common+0x130/0x23c [ 94.403401][ T7500] do_el0_svc+0x48/0x58 [ 94.403410][ T7500] el0_svc+0x58/0x17c [ 94.403425][ T7500] el0t_64_sync_handler+0x78/0x108 [ 94.403438][ T7500] el0t_64_sync+0x198/0x19c [ 94.470612][ T7529] loop4: detected capacity change from 0 to 512 [ 94.484169][ T523] kworker/u8:6: attempt to access beyond end of device [ 94.484169][ T523] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 94.485082][ T523] CPU: 0 UID: 0 PID: 523 Comm: kworker/u8:6 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 94.485103][ T523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 94.485111][ T523] Workqueue: writeback wb_workfn (flush-7:3) [ 94.485135][ T523] Call trace: [ 94.485139][ T523] show_stack+0x2c/0x3c (C) [ 94.485153][ T523] __dump_stack+0x30/0x40 [ 94.485164][ T523] dump_stack_lvl+0xd8/0x12c [ 94.485175][ T523] dump_stack+0x1c/0x28 [ 94.485185][ T523] f2fs_handle_critical_error+0x34c/0x4b8 [ 94.485199][ T523] f2fs_stop_checkpoint+0x58/0x6c [ 94.485211][ T523] f2fs_write_end_io+0x794/0xadc [ 94.485226][ T523] bio_endio+0x81c/0x858 [ 94.485239][ T523] submit_bio_noacct+0x158/0x176c [ 94.485250][ T523] submit_bio+0x354/0x4d4 [ 94.485261][ T523] f2fs_submit_write_bio+0x13c/0x324 [ 94.485274][ T523] __submit_merged_bio+0x254/0x704 [ 94.485287][ T523] __submit_merged_write_cond+0x23c/0x4ac [ 94.485300][ T523] f2fs_write_data_pages+0x1e9c/0x27ac [ 94.485313][ T523] do_writepages+0x2c0/0x6a8 [ 94.485327][ T523] __writeback_single_inode+0x15c/0x13e8 [ 94.485339][ T523] writeback_sb_inodes+0x558/0xe38 [ 94.485349][ T523] wb_writeback+0x3cc/0xd70 [ 94.485360][ T523] wb_workfn+0x338/0xdc0 [ 94.485372][ T523] process_one_work+0x7e8/0x156c [ 94.485384][ T523] worker_thread+0x958/0xed8 [ 94.485394][ T523] kthread+0x5fc/0x75c [ 94.485407][ T523] ret_from_fork+0x10/0x20 [ 94.486389][ T523] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 94.538635][ T7529] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.618373][ T7531] loop2: detected capacity change from 0 to 4096 [ 94.633106][ T7531] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 94.697830][ T7514] loop1: detected capacity change from 0 to 32768 [ 94.706390][ T7531] ntfs3(loop2): This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 94.706390][ T7531] Volume contains 64 bits run: vcn 0, lcn ffffe00000009000, len 13. [ 94.706390][ T7531] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 94.706522][ T7531] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 94.710875][ T7531] ntfs3(loop2): Failed to load $Secure (-95). [ 94.710913][ T7531] ntfs3(loop2): Failed to initialize $Secure (-95). [ 94.756280][ T7531] Zero length message leads to an empty skb [ 95.032020][ T7544] loop0: detected capacity change from 0 to 1024 [ 95.089791][ T7544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.247'. [ 95.123868][ T6502] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.191851][ T7538] loop2: detected capacity change from 0 to 32768 [ 95.293856][ T7538] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 95.520695][ T7558] loop3: detected capacity change from 0 to 64 [ 95.925976][ T7538] XFS (loop2): Ending clean mount [ 95.938110][ T7538] XFS (loop2): Quotacheck needed: Please wait. [ 95.980344][ T7538] XFS (loop2): Quotacheck: Done. [ 96.151939][ T6499] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 96.273703][ T7569] loop1: detected capacity change from 0 to 512 [ 96.348731][ T7569] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 96.364019][ T7569] EXT4-fs (loop1): 1 truncate cleaned up [ 96.364925][ T7569] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.516984][ T7568] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.526471][ T7560] loop4: detected capacity change from 0 to 32768 [ 96.537287][ T7560] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.249 (7560) [ 96.545261][ T7560] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 96.545379][ T7560] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 96.545424][ T7560] BTRFS info (device loop4): disk space caching is enabled [ 96.545586][ T7560] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 96.607891][ T7578] netlink: 12 bytes leftover after parsing attributes in process `syz.0.254'. [ 97.290501][ T7560] BTRFS info (device loop4): rebuilding free space tree [ 97.361538][ T7560] BTRFS info (device loop4): disabling free space tree [ 97.361641][ T7560] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.361788][ T7560] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 97.395933][ T7567] loop3: detected capacity change from 0 to 40427 [ 97.416281][ T6492] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.453157][ T7567] F2FS-fs (loop3): invalid crc value [ 97.553827][ T7567] F2FS-fs (loop3): Start checkpoint disabled! [ 97.561682][ T7567] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 97.572499][ T44] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 97.730753][ T7567] syz.3.252: attempt to access beyond end of device [ 97.730753][ T7567] loop3: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 97.786045][ T6502] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 97.818472][ T138] kworker/u8:4: attempt to access beyond end of device [ 97.818472][ T138] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 97.818573][ T138] CPU: 0 UID: 0 PID: 138 Comm: kworker/u8:4 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 97.818589][ T138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 97.818596][ T138] Workqueue: writeback wb_workfn (flush-7:3) [ 97.818619][ T138] Call trace: [ 97.818623][ T138] show_stack+0x2c/0x3c (C) [ 97.818637][ T138] __dump_stack+0x30/0x40 [ 97.818648][ T138] dump_stack_lvl+0xd8/0x12c [ 97.818658][ T138] dump_stack+0x1c/0x28 [ 97.818668][ T138] f2fs_handle_critical_error+0x34c/0x4b8 [ 97.818682][ T138] f2fs_stop_checkpoint+0x58/0x6c [ 97.818694][ T138] f2fs_write_end_io+0x794/0xadc [ 97.818708][ T138] bio_endio+0x81c/0x858 [ 97.818721][ T138] submit_bio_noacct+0x158/0x176c [ 97.818732][ T138] submit_bio+0x354/0x4d4 [ 97.818742][ T138] f2fs_submit_write_bio+0x13c/0x324 [ 97.818755][ T138] __submit_merged_bio+0x254/0x704 [ 97.818768][ T138] __submit_merged_write_cond+0x23c/0x4ac [ 97.818780][ T138] f2fs_write_data_pages+0x1e9c/0x27ac [ 97.818794][ T138] do_writepages+0x2c0/0x6a8 [ 97.818808][ T138] __writeback_single_inode+0x15c/0x13e8 [ 97.818819][ T138] writeback_sb_inodes+0x558/0xe38 [ 97.818829][ T138] wb_writeback+0x3cc/0xd70 [ 97.818839][ T138] wb_workfn+0x338/0xdc0 [ 97.818852][ T138] process_one_work+0x7e8/0x156c [ 97.818863][ T138] worker_thread+0x958/0xed8 [ 97.818873][ T138] kthread+0x5fc/0x75c [ 97.818886][ T138] ret_from_fork+0x10/0x20 [ 97.828787][ T138] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 97.892565][ T7598] loop2: detected capacity change from 0 to 32768 [ 98.168777][ T7610] loop0: detected capacity change from 0 to 32768 [ 98.459556][ T7624] netlink: 'syz.1.264': attribute type 2 has an invalid length. [ 98.636433][ T7627] loop0: detected capacity change from 0 to 2048 [ 98.684207][ T7632] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.703295][ T7631] loop3: detected capacity change from 0 to 4096 [ 98.747551][ T7627] netlink: 28 bytes leftover after parsing attributes in process `syz.0.267'. [ 98.747633][ T7627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.267'. [ 98.747695][ T7627] netlink: 128 bytes leftover after parsing attributes in process `syz.0.267'. [ 98.802107][ T7631] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.990518][ T7631] EXT4-fs error (device loop3): ext4_readdir:264: inode #12: block 80: comm syz.3.268: path /61/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 99.058664][ T7598] loop2: detected capacity change from 0 to 32768 [ 99.073760][ T7598] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.259 (7598) [ 99.085377][ T7598] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 99.095372][ T6496] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.095604][ T7598] BTRFS info (device loop2): using sha256 (sha256-ce) checksum algorithm [ 99.095648][ T7598] BTRFS info (device loop2): using free-space-tree [ 99.230962][ T7598] BTRFS info (device loop2): rebuilding free space tree [ 99.261894][ T7655] netlink: 20 bytes leftover after parsing attributes in process `syz.3.270'. [ 99.288540][ T7655] vlan2: entered promiscuous mode [ 99.288614][ T7655] erspan0: entered promiscuous mode [ 99.528782][ T7598] btrfs: Unknown parameter '' [ 99.576015][ T6499] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 99.813009][ T7663] loop3: detected capacity change from 0 to 256 [ 99.813683][ T7663] vfat: Bad value for 'gid' [ 99.813712][ T7663] vfat: Bad value for 'gid' [ 100.033472][ T7632] NILFS (loop0): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3) [ 100.036667][ T7632] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=2) [ 100.048496][ T7632] Remounting filesystem read-only [ 100.057165][ T6489] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 100.175066][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.0.275'. [ 100.180897][ T7666] netlink: 32 bytes leftover after parsing attributes in process `syz.0.275'. [ 100.356752][ T7671] loop0: detected capacity change from 0 to 256 [ 100.357830][ T7671] vfat: Unknown parameter 'ut8' [ 100.402053][ T7663] loop3: detected capacity change from 0 to 32768 [ 100.403940][ T7663] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.274 (7663) [ 100.466644][ T7657] loop4: detected capacity change from 0 to 32768 [ 100.516844][ T7663] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 100.516975][ T7663] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 100.517897][ T7663] BTRFS info (device loop3): using free-space-tree [ 100.526268][ T7657] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.271 (7657) [ 100.554042][ T7676] loop1: detected capacity change from 0 to 256 [ 100.568666][ T7657] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 100.571729][ T7657] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 100.574857][ T7657] BTRFS info (device loop4): using free-space-tree [ 100.862304][ T6496] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 101.054434][ T7712] binder: 7711 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 101.054503][ T7712] binder: 7711:7712 ioctl c018620c 20000640 returned -22 [ 101.136428][ T6502] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 101.667628][ T7721] netlink: 8 bytes leftover after parsing attributes in process `syz.3.280'. [ 101.687135][ T7721] netlink: 12 bytes leftover after parsing attributes in process `syz.3.280'. [ 103.516677][ T7724] loop1: detected capacity change from 0 to 32768 [ 103.547390][ T7724] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section journal_v2: journal bucket 9 before first bucket 16 [ 103.547390][ T7724] journal_v2 (size 40): [ 103.547390][ T7724] Buckets: 9-16 24-25 [ 103.547390][ T7724] [ 103.547528][ T7724] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal [ 104.413810][ T7732] loop4: detected capacity change from 0 to 32768 [ 104.430556][ T7732] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.285 (7732) [ 104.445042][ T7732] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 104.449293][ T7732] BTRFS info (device loop4): using crc32c (crc32c-arm64) checksum algorithm [ 104.451762][ T7732] BTRFS info (device loop4): using free-space-tree [ 104.495663][ T7760] gre1: entered promiscuous mode [ 104.543181][ T7761] bridge: RTM_NEWNEIGH with invalid state 0x1 [ 104.708840][ T7780] loop0: detected capacity change from 0 to 2048 [ 104.744338][ T7780] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 104.872800][ T6502] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 105.065788][ T7799] x_tables: duplicate underflow at hook 2 [ 105.283860][ T7806] loop0: detected capacity change from 0 to 1024 [ 105.379369][ T7783] loop1: detected capacity change from 0 to 32768 [ 105.384198][ T7783] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.297 (7783) [ 105.418595][ T7783] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 105.418714][ T7783] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 105.418756][ T7783] BTRFS info (device loop1): using free-space-tree [ 105.460109][ T7797] loop2: detected capacity change from 0 to 32768 [ 105.470468][ T7785] loop3: detected capacity change from 0 to 40427 [ 105.492511][ T7785] F2FS-fs (loop3): invalid crc value [ 105.529434][ T7825] loop4: detected capacity change from 0 to 8 [ 105.554818][ T44] hfsplus: b-tree write err: -5, ino 4 [ 105.569399][ T7825] SQUASHFS error: xz decompression failed, data probably corrupt [ 105.572974][ T7825] SQUASHFS error: Failed to read block 0x108: -5 [ 105.574894][ T7825] SQUASHFS error: Unable to read metadata cache entry [106] [ 105.575878][ T7785] F2FS-fs (loop3): Start checkpoint disabled! [ 105.578765][ T7825] SQUASHFS error: Unable to read inode 0x0 [ 105.581865][ T7785] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 105.819696][ T7832] loop0: detected capacity change from 0 to 1024 [ 105.825696][ T7832] ext4: Unknown parameter 'de' [ 106.381774][ T617] kworker/u8:7: attempt to access beyond end of device [ 106.381774][ T617] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 106.381887][ T617] CPU: 1 UID: 0 PID: 617 Comm: kworker/u8:7 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 106.381901][ T617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 106.381908][ T617] Workqueue: writeback wb_workfn (flush-7:3) [ 106.381931][ T617] Call trace: [ 106.381934][ T617] show_stack+0x2c/0x3c (C) [ 106.381949][ T617] __dump_stack+0x30/0x40 [ 106.381960][ T617] dump_stack_lvl+0xd8/0x12c [ 106.381970][ T617] dump_stack+0x1c/0x28 [ 106.381986][ T617] f2fs_handle_critical_error+0x34c/0x4b8 [ 106.382002][ T617] f2fs_stop_checkpoint+0x58/0x6c [ 106.382013][ T617] f2fs_write_end_io+0x794/0xadc [ 106.382027][ T617] bio_endio+0x81c/0x858 [ 106.382041][ T617] submit_bio_noacct+0x158/0x176c [ 106.382052][ T617] submit_bio+0x354/0x4d4 [ 106.382062][ T617] f2fs_submit_write_bio+0x13c/0x324 [ 106.382080][ T617] __submit_merged_bio+0x254/0x704 [ 106.382093][ T617] __submit_merged_write_cond+0x23c/0x4ac [ 106.382105][ T617] f2fs_write_data_pages+0x1e9c/0x27ac [ 106.382119][ T617] do_writepages+0x2c0/0x6a8 [ 106.382133][ T617] __writeback_single_inode+0x15c/0x13e8 [ 106.382144][ T617] writeback_sb_inodes+0x558/0xe38 [ 106.382154][ T617] wb_writeback+0x3cc/0xd70 [ 106.382164][ T617] wb_workfn+0x338/0xdc0 [ 106.382176][ T617] process_one_work+0x7e8/0x156c [ 106.382188][ T617] worker_thread+0x958/0xed8 [ 106.382198][ T617] kthread+0x5fc/0x75c [ 106.382210][ T617] ret_from_fork+0x10/0x20 [ 106.382224][ T617] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 106.735427][ T7844] loop2: detected capacity change from 0 to 512 [ 106.987300][ T7844] EXT4-fs: quotafile must be on filesystem root [ 107.024588][ T6492] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 108.337846][ T7864] loop4: detected capacity change from 0 to 512 [ 108.340413][ T7864] ext4: Unknown parameter 'nouser_xattr' [ 108.507292][ T7877] syz.1.322 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 109.763438][ T7882] loop0: detected capacity change from 0 to 4096 [ 109.859209][ T7887] FAULT_INJECTION: forcing a failure. [ 109.859209][ T7887] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.859280][ T7887] CPU: 0 UID: 0 PID: 7887 Comm: syz.0.323 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 109.859296][ T7887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.859303][ T7887] Call trace: [ 109.859307][ T7887] show_stack+0x2c/0x3c (C) [ 109.859323][ T7887] __dump_stack+0x30/0x40 [ 109.859335][ T7887] dump_stack_lvl+0xd8/0x12c [ 109.859345][ T7887] dump_stack+0x1c/0x28 [ 109.859354][ T7887] should_fail_ex+0x41c/0x594 [ 109.859366][ T7887] should_fail+0x14/0x24 [ 109.859377][ T7887] should_fail_usercopy+0x20/0x30 [ 109.859388][ T7887] simple_read_from_buffer+0xc4/0x254 [ 109.859400][ T7887] proc_fail_nth_read+0x130/0x19c [ 109.859412][ T7887] vfs_read+0x22c/0x898 [ 109.859423][ T7887] ksys_read+0x120/0x210 [ 109.859432][ T7887] __arm64_sys_read+0x7c/0x90 [ 109.859442][ T7887] invoke_syscall+0x98/0x2b8 [ 109.859453][ T7887] el0_svc_common+0x130/0x23c [ 109.859463][ T7887] do_el0_svc+0x48/0x58 [ 109.859473][ T7887] el0_svc+0x58/0x17c [ 109.859487][ T7887] el0t_64_sync_handler+0x78/0x108 [ 109.859500][ T7887] el0t_64_sync+0x198/0x19c [ 109.875198][ T7889] FAULT_INJECTION: forcing a failure. [ 109.875198][ T7889] name failslab, interval 1, probability 0, space 0, times 0 [ 109.875240][ T7889] CPU: 1 UID: 0 PID: 7889 Comm: syz.3.326 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 109.875254][ T7889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.875261][ T7889] Call trace: [ 109.875265][ T7889] show_stack+0x2c/0x3c (C) [ 109.875281][ T7889] __dump_stack+0x30/0x40 [ 109.875293][ T7889] dump_stack_lvl+0xd8/0x12c [ 109.875303][ T7889] dump_stack+0x1c/0x28 [ 109.875312][ T7889] should_fail_ex+0x41c/0x594 [ 109.875325][ T7889] should_failslab+0xc0/0x128 [ 109.875337][ T7889] __kvmalloc_node_noprof+0x160/0x640 [ 109.875349][ T7889] check_cfg+0x11c/0x156c [ 109.875362][ T7889] bpf_check+0xf548/0x13a28 [ 109.875373][ T7889] bpf_prog_load+0xec8/0x13fc [ 109.875383][ T7889] __sys_bpf+0x43c/0x614 [ 109.875393][ T7889] __arm64_sys_bpf+0x80/0x98 [ 109.875403][ T7889] invoke_syscall+0x98/0x2b8 [ 109.875414][ T7889] el0_svc_common+0x130/0x23c [ 109.875424][ T7889] do_el0_svc+0x48/0x58 [ 109.875434][ T7889] el0_svc+0x58/0x17c [ 109.875448][ T7889] el0t_64_sync_handler+0x78/0x108 [ 109.875462][ T7889] el0t_64_sync+0x198/0x19c [ 110.140014][ T7894] bond_slave_0: entered promiscuous mode [ 110.140206][ T7894] bond_slave_1: entered promiscuous mode [ 110.150917][ T7896] netlink: 'syz.0.329': attribute type 13 has an invalid length. [ 110.153293][ T7896] netlink: 'syz.0.329': attribute type 27 has an invalid length. [ 110.164686][ T7894] macvlan2: entered allmulticast mode [ 110.164765][ T7894] bond0: entered allmulticast mode [ 110.164812][ T7894] bond_slave_0: entered allmulticast mode [ 110.164842][ T7894] bond_slave_1: entered allmulticast mode [ 110.177445][ T7894] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 110.180155][ T7894] bridge0: port 3(macvlan2) entered blocking state [ 110.180285][ T7894] bridge0: port 3(macvlan2) entered disabled state [ 110.186465][ T7894] macvlan2: entered promiscuous mode [ 110.186522][ T7894] bond0: entered promiscuous mode [ 110.187813][ T7894] bridge0: port 3(macvlan2) entered blocking state [ 110.187891][ T7894] bridge0: port 3(macvlan2) entered forwarding state [ 110.213496][ T7900] loop3: detected capacity change from 0 to 164 [ 110.230956][ T7900] rock: directory entry would overflow storage [ 110.232825][ T7900] rock: sig=0x4543, size=28, remaining=18 [ 110.350512][ T7898] loop1: detected capacity change from 0 to 4096 [ 110.360503][ T7898] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 110.425370][ T7898] ntfs3(loop1): Failed to load $Extend (-22). [ 110.425439][ T7898] ntfs3(loop1): Failed to initialize $Extend. [ 110.885695][ T7902] FAULT_INJECTION: forcing a failure. [ 110.885695][ T7902] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 110.885762][ T7902] CPU: 0 UID: 0 PID: 7902 Comm: syz.0.332 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 110.885777][ T7902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.885784][ T7902] Call trace: [ 110.885788][ T7902] show_stack+0x2c/0x3c (C) [ 110.885806][ T7902] __dump_stack+0x30/0x40 [ 110.885817][ T7902] dump_stack_lvl+0xd8/0x12c [ 110.885827][ T7902] dump_stack+0x1c/0x28 [ 110.885837][ T7902] should_fail_ex+0x41c/0x594 [ 110.885849][ T7902] should_fail+0x14/0x24 [ 110.885859][ T7902] should_fail_usercopy+0x20/0x30 [ 110.885871][ T7902] _copy_to_iter+0x410/0x1394 [ 110.885883][ T7902] copy_page_to_iter+0x24c/0x348 [ 110.885895][ T7902] filemap_read+0x870/0xf4c [ 110.885907][ T7902] generic_file_read_iter+0xa0/0x450 [ 110.885918][ T7902] do_iter_readv_writev+0x460/0x6a8 [ 110.885930][ T7902] vfs_readv+0x21c/0x704 [ 110.885940][ T7902] __arm64_sys_preadv+0x170/0x278 [ 110.885951][ T7902] invoke_syscall+0x98/0x2b8 [ 110.885961][ T7902] el0_svc_common+0x130/0x23c [ 110.885972][ T7902] do_el0_svc+0x48/0x58 [ 110.885990][ T7902] el0_svc+0x58/0x17c [ 110.886005][ T7902] el0t_64_sync_handler+0x78/0x108 [ 110.886018][ T7902] el0t_64_sync+0x198/0x19c [ 110.889392][ T7898] ntfs3(loop1): ino=1e, "file1" fallocate(0x10) is not supported [ 111.062923][ T7909] usb usb8: usbfs: process 7909 (syz.4.333) did not claim interface 0 before use [ 111.227257][ T31] audit: type=1326 audit(110.970:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7919 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c15b728 code=0x7ffc0000 [ 111.235614][ T31] audit: type=1326 audit(110.980:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7919 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c15b728 code=0x7ffc0000 [ 111.245550][ T31] audit: type=1326 audit(110.990:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7919 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=60 compat=0 ip=0xffff9c15b728 code=0x7ffc0000 [ 111.266053][ T31] audit: type=1326 audit(111.010:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7919 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c15b728 code=0x7ffc0000 [ 111.354471][ T7927] netlink: 72 bytes leftover after parsing attributes in process `syz.3.340'. [ 116.386354][ T7996] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11) [ 116.386476][ T7996] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 116.395199][ T7996] vhci_hcd vhci_hcd.0: Device attached [ 116.793635][ T8004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.362'. [ 116.793717][ T8004] netlink: 'syz.3.362': attribute type 5 has an invalid length. [ 116.793749][ T8004] netlink: 28 bytes leftover after parsing attributes in process `syz.3.362'. [ 116.797904][ T8004] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 116.798106][ T8004] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 116.798151][ T8004] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 116.798195][ T8004] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 116.798266][ T8004] geneve2: entered promiscuous mode [ 116.798298][ T8004] geneve2: entered allmulticast mode [ 116.827328][ T7996] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(13) [ 116.827365][ T7996] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 116.836166][ T7996] vhci_hcd vhci_hcd.0: Device attached [ 116.841676][ T8005] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(16) [ 116.841709][ T8005] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 116.841769][ T8005] vhci_hcd vhci_hcd.0: Device attached [ 116.843052][ T7996] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 116.854160][ T7996] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(19) [ 116.854205][ T7996] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 116.854266][ T7996] vhci_hcd vhci_hcd.0: Device attached [ 116.863717][ T7996] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(21) [ 116.863753][ T7996] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 116.863811][ T7996] vhci_hcd vhci_hcd.0: Device attached [ 116.875504][ T7996] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 116.876392][ T7996] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 116.878380][ T7996] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 116.893231][ T7996] vhci_hcd vhci_hcd.0: port 0 already used [ 116.941014][ T8011] vhci_hcd: connection closed [ 116.942847][ T7999] vhci_hcd: connection closed [ 116.944430][ T7997] vhci_hcd: connection closed [ 116.945045][ T8009] vhci_hcd: connection closed [ 116.945251][ T8007] vhci_hcd: connection closed [ 116.950452][ T12] vhci_hcd: stop threads [ 116.952348][ T12] vhci_hcd: release socket [ 116.952404][ T12] vhci_hcd: disconnect device [ 116.952886][ T12] vhci_hcd: stop threads [ 116.952912][ T12] vhci_hcd: release socket [ 116.961428][ T12] vhci_hcd: disconnect device [ 116.962923][ T12] vhci_hcd: stop threads [ 116.962968][ T12] vhci_hcd: release socket [ 116.963075][ T12] vhci_hcd: disconnect device [ 116.963281][ T12] vhci_hcd: stop threads [ 116.963301][ T12] vhci_hcd: release socket [ 116.965567][ T12] vhci_hcd: disconnect device [ 116.966076][ T12] vhci_hcd: stop threads [ 116.966096][ T12] vhci_hcd: release socket [ 116.966447][ T12] vhci_hcd: disconnect device [ 116.967860][ T6552] usb 10-1: new low-speed USB device number 2 using vhci_hcd [ 116.967930][ T6552] usb 10-1: enqueue for inactive port 0 [ 117.021568][ T8019] netlink: 8 bytes leftover after parsing attributes in process `syz.1.366'. [ 117.035662][ T55] Bluetooth: hci0: adv larger than maximum supported [ 117.035714][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 117.038014][ T6552] vhci_hcd: vhci_device speed not set [ 117.042959][ T8019] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 117.043040][ T8019] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 117.684449][ T8033] dvmrp8: entered allmulticast mode [ 119.443855][ T8055] netlink: 52 bytes leftover after parsing attributes in process `syz.3.374'. [ 120.650054][ T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 120.653953][ T55] CPU: 1 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 120.653975][ T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 120.653991][ T55] Workqueue: hci0 hci_rx_work [ 120.654012][ T55] Call trace: [ 120.654016][ T55] show_stack+0x2c/0x3c (C) [ 120.654032][ T55] __dump_stack+0x30/0x40 [ 120.654044][ T55] dump_stack_lvl+0xd8/0x12c [ 120.654054][ T55] dump_stack+0x1c/0x28 [ 120.654065][ T55] sysfs_create_dir_ns+0x22c/0x24c [ 120.654081][ T55] kobject_add_internal+0x5a8/0xb20 [ 120.654094][ T55] kobject_add+0x134/0x200 [ 120.654104][ T55] device_add+0x394/0xa60 [ 120.654117][ T55] hci_conn_add_sysfs+0xc0/0x1d0 [ 120.654128][ T55] le_conn_complete_evt+0x98c/0xe84 [ 120.654143][ T55] hci_le_conn_complete_evt+0x114/0x3f8 [ 120.654157][ T55] hci_le_meta_evt+0x2bc/0x4a0 [ 120.654169][ T55] hci_event_packet+0x5f8/0xe90 [ 120.654181][ T55] hci_rx_work+0x320/0xb18 [ 120.654207][ T55] process_one_work+0x7e8/0x156c [ 120.654219][ T55] worker_thread+0x958/0xed8 [ 120.654230][ T55] kthread+0x5fc/0x75c [ 120.654244][ T55] ret_from_fork+0x10/0x20 [ 120.657856][ T55] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 120.658094][ T55] Bluetooth: hci0: failed to register connection device [ 121.367285][ T8073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.381'. [ 121.370563][ T8073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.381'. [ 122.632297][ T8097] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 123.677219][ T6539] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 123.913527][ T6539] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 123.913594][ T6539] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.915677][ T6539] usb 1-1: config 0 descriptor?? [ 125.074627][ T6539] pegasus 1-1:0.0: probe with driver pegasus failed with error -32 [ 126.092244][ T8128] netlink: 12 bytes leftover after parsing attributes in process `syz.1.399'. [ 126.166289][ T6565] usb 1-1: USB disconnect, device number 3 [ 126.172210][ T2395] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.172284][ T2395] ieee802154 phy1 wpan1: encryption failed: -22 [ 127.177268][ T6059] Bluetooth: hci0: command 0x0406 tx timeout [ 127.964141][ T8144] sctp: [Deprecated]: syz.0.401 (pid 8144) Use of int in maxseg socket option. [ 127.964141][ T8144] Use struct sctp_assoc_value instead [ 128.717472][ T8149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.717811][ T8149] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.002362][ T6059] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 129.009398][ T6059] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 129.015007][ T6059] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 129.019283][ T6059] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 129.022715][ T6059] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 131.055666][ T6059] Bluetooth: hci5: command tx timeout [ 133.118368][ T671] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.127445][ T6059] Bluetooth: hci5: command tx timeout [ 134.325386][ T8157] lo speed is unknown, defaulting to 1000 [ 134.387305][ T8206] netlink: 8 bytes leftover after parsing attributes in process `syz.1.422'. [ 135.114578][ T671] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.232490][ T6059] Bluetooth: hci5: command tx timeout [ 136.092817][ T6059] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 136.976658][ T671] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.318830][ T6059] Bluetooth: hci5: command tx timeout [ 137.319716][ T31] audit: type=1326 audit(136.980:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8223 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8595b728 code=0x7fc00000 [ 138.528487][ T8245] netlink: 52 bytes leftover after parsing attributes in process `syz.4.433'. [ 138.543229][ T8245] bridge0: port 3(macvlan2) entered disabled state [ 138.543360][ T8245] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.543573][ T8245] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.906826][ T671] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.051730][ T8260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.435'. [ 140.329816][ T8265] netlink: 52 bytes leftover after parsing attributes in process `syz.3.440'. [ 141.070607][ T8157] chnl_net:caif_netlink_parms(): no params data found [ 142.162822][ T8157] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.165033][ T8157] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.172139][ T8157] bridge_slave_0: entered allmulticast mode [ 142.175776][ T8157] bridge_slave_0: entered promiscuous mode [ 143.004182][ T8157] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.006358][ T8157] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.011274][ T8157] bridge_slave_1: entered allmulticast mode [ 143.655619][ T6500] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 143.658077][ T8157] bridge_slave_1: entered promiscuous mode [ 143.859918][ T8157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.861722][ T8157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 143.954468][ T671] bridge_slave_1: left allmulticast mode [ 143.954612][ T671] bridge_slave_1: left promiscuous mode [ 143.957798][ T671] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.048965][ T671] bridge_slave_0: left allmulticast mode [ 144.049026][ T671] bridge_slave_0: left promiscuous mode [ 144.057128][ T671] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.061478][ T6500] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 144.061531][ T6500] usb 1-1: config 0 has no interface number 0 [ 144.062374][ T6500] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 144.062418][ T6500] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 144.062450][ T6500] usb 1-1: Manufacturer: syz [ 145.047700][ T6500] usb 1-1: config 0 descriptor?? [ 145.061741][ T6500] usb 1-1: selecting invalid altsetting 1 [ 145.065483][ T6500] dvb_ttusb_budget: ttusb_init_controller: error [ 145.076735][ T6500] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 146.149838][ T6500] DVB: Unable to find symbol cx22700_attach() [ 146.169466][ T6500] DVB: Unable to find symbol tda10046_attach() [ 146.171492][ T6500] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 146.178633][ T6500] usb 1-1: USB disconnect, device number 4 [ 147.034701][ T8351] netlink: 'syz.0.459': attribute type 2 has an invalid length. [ 147.304645][ T8353] netlink: 'syz.0.459': attribute type 2 has an invalid length. [ 148.913153][ T671] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 148.964958][ T671] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.008680][ T671] bond0 (unregistering): Released all slaves [ 149.029298][ T8334] netlink: 52 bytes leftover after parsing attributes in process `syz.4.455'. [ 149.237587][ T8353] batman_adv: batadv0: Adding interface: dummy0 [ 149.237650][ T8353] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.237742][ T8353] batman_adv: batadv0: Interface activated: dummy0 [ 149.246575][ T8354] batadv0: mtu less than device minimum [ 149.249684][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.252643][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.255523][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.258422][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.261371][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.264250][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.267142][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.269996][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.272913][ T8354] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 149.920926][ T6059] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 149.921140][ T6059] CPU: 1 UID: 0 PID: 6059 Comm: kworker/u9:1 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 149.921156][ T6059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 149.921164][ T6059] Workqueue: hci1 hci_rx_work [ 149.921184][ T6059] Call trace: [ 149.921188][ T6059] show_stack+0x2c/0x3c (C) [ 149.921203][ T6059] __dump_stack+0x30/0x40 [ 149.921215][ T6059] dump_stack_lvl+0xd8/0x12c [ 149.921226][ T6059] dump_stack+0x1c/0x28 [ 149.921236][ T ** replaying previous printk message ** [ 149.921236][ T6059] sysfs_create_dir_ns+0x22c/0x24c [ 149.921262][ T6059] kobject_add_internal+0x5a8/0xb20 [ 149.921276][ T6059] kobject_add+0x134/0x200 [ 149.921286][ T6059] device_add+0x394/0xa60 [ 149.921298][ T6059] hci_conn_add_sysfs+0xc0/0x1d0 [ 149.921309][ T6059] le_conn_complete_evt+0x98c/0xe84 [ 149.921324][ T6059] hci_le_conn_complete_evt+0x114/0x3f8 [ 149.921338][ T6059] hci_le_meta_evt+0x2bc/0x4a0 [ 149.921350][ T6059] hci_event_packet+0x5f8/0xe90 [ 149.921362][ T6059] hci_rx_work+0x320/0xb18 [ 149.921375][ T6059] process_one_work+0x7e8/0x156c [ 149.921387][ T6059] worker_thread+0x958/0xed8 [ 149.921398][ T6059] kthread+0x5fc/0x75c [ 149.921412][ T6059] ret_from_fork+0x10/0x20 [ 149.921436][ T6059] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 149.922723][ T6059] Bluetooth: hci1: failed to register connection device [ 149.931336][ T6059] ================================================================== [ 149.931360][ T6059] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1d4/0x284 [ 149.931388][ T6059] Read of size 8 at addr ffff0000d0c5c588 by task kworker/u9:1/6059 [ 149.931405][ T6059] [ 149.931417][ T6059] CPU: 1 UID: 0 PID: 6059 Comm: kworker/u9:1 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 149.931432][ T6059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 149.931440][ T6059] Workqueue: hci1 hci_rx_work [ 149.931456][ T6059] Call trace: [ 149.931459][ T6059] show_stack+0x2c/0x3c (C) [ 149.931474][ T6059] __dump_stack+0x30/0x40 [ 149.931486][ T6059] dump_stack_lvl+0xd8/0x12c [ 149.931497][ T6059] print_address_description+0xa8/0x254 [ 149.931512][ T6059] print_report+0x68/0x84 [ 149.931525][ T6059] kasan_report+0xb0/0x110 [ 149.931537][ T6059] __asan_report_load8_noabort+0x20/0x2c [ 149.931549][ T6059] l2cap_sock_new_connection_cb+0x1d4/0x284 [ 149.931564][ T6059] l2cap_connect_cfm+0x2d8/0xd40 [ 149.931577][ T6059] hci_connect_cfm+0x98/0x134 [ 149.931590][ T6059] le_conn_complete_evt+0x9f4/0xe84 [ 149.931605][ T6059] hci_le_conn_complete_evt+0x114/0x3f8 [ 149.931620][ T6059] hci_le_meta_evt+0x2bc/0x4a0 [ 149.931632][ T6059] hci_event_packet+0x5f8/0xe90 [ 149.931643][ T6059] hci_rx_work+0x320/0xb18 [ 149.931657][ T6059] process_one_work+0x7e8/0x156c [ 149.931669][ T6059] worker_thread+0x958/0xed8 [ 149.931680][ T6059] kthread+0x5fc/0x75c [ 149.931694][ T6059] ret_from_fork+0x10/0x20 [ 149.931707][ T6059] [ 149.931828][ T6059] Allocated by task 6059: [ 149.931841][ T6059] kasan_save_track+0x40/0x78 [ 149.931861][ T6059] kasan_save_alloc_info+0x44/0x54 [ 149.931878][ T6059] __kasan_kmalloc+0x9c/0xb4 [ 149.931897][ T6059] __kmalloc_noprof+0x2fc/0x4c8 [ 149.931913][ T6059] sk_prot_alloc+0xc4/0x1f0 [ 149.931932][ T6059] sk_alloc+0x44/0x3ac [ 149.931948][ T6059] bt_sock_alloc+0x4c/0x300 [ 149.931965][ T6059] l2cap_sock_new_connection_cb+0xe4/0x284 [ 149.931997][ T6059] l2cap_connect_cfm+0x2d8/0xd40 [ 149.932016][ T6059] hci_connect_cfm+0x98/0x134 [ 149.932032][ T6059] le_conn_complete_evt+0x9f4/0xe84 [ 149.932052][ T6059] hci_le_conn_complete_evt+0x114/0x3f8 [ 149.932071][ T6059] hci_le_meta_evt+0x2bc/0x4a0 [ 149.932088][ T6059] hci_event_packet+0x5f8/0xe90 [ 149.932104][ T6059] hci_rx_work+0x320/0xb18 [ 149.932122][ T6059] process_one_work+0x7e8/0x156c [ 149.932137][ T6059] worker_thread+0x958/0xed8 [ 149.932153][ T6059] kthread+0x5fc/0x75c [ 149.932171][ T6059] ret_from_fork+0x10/0x20 [ 149.932188][ T6059] [ 149.932197][ T6059] Freed by task 8360: [ 149.932209][ T6059] kasan_save_track+0x40/0x78 [ 149.932228][ T6059] kasan_save_free_info+0x58/0x70 [ 149.932245][ T6059] __kasan_slab_free+0x68/0x88 [ 149.932270][ T6059] kfree+0x17c/0x474 [ 149.932289][ T6059] __sk_destruct+0x4f4/0x760 [ 149.932306][ T6059] __sk_free+0x320/0x430 [ 149.932323][ T6059] sk_free+0x60/0xc8 [ 149.932339][ T6059] l2cap_sock_kill+0x12c/0x234 [ 149.932356][ T6059] l2cap_sock_cleanup_listen+0xf4/0x28c [ 149.932373][ T6059] l2cap_sock_release+0x5c/0x1ac [ 149.932390][ T6059] sock_close+0xa0/0x1e4 [ 149.932404][ T6059] __fput+0x340/0x75c [ 149.932420][ T6059] ____fput+0x20/0x58 [ 149.932437][ T6059] task_work_run+0x1dc/0x260 [ 149.932453][ T6059] get_signal+0x112c/0x12f8 [ 149.932472][ T6059] do_signal+0x274/0x4438 [ 149.932487][ T6059] do_notify_resume+0xac/0x1ec [ 149.932504][ T6059] el0_svc+0xb4/0x17c [ 149.932523][ T6059] el0t_64_sync_handler+0x78/0x108 [ 149.932542][ T6059] el0t_64_sync+0x198/0x19c [ 149.932557][ T6059] [ 149.932566][ T6059] The buggy address belongs to the object at ffff0000d0c5c000 [ 149.932566][ T6059] which belongs to the cache kmalloc-2k of size 2048 [ 149.932582][ T6059] The buggy address is located 1416 bytes inside of [ 149.932582][ T6059] freed 2048-byte region [ffff0000d0c5c000, ffff0000d0c5c800) [ 149.932600][ T6059] [ 149.932610][ T6059] The buggy address belongs to the physical page: [ 149.932621][ T6059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110c58 [ 149.932638][ T6059] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 149.932653][ T6059] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 149.932671][ T6059] page_type: f5(slab) [ 149.932688][ T6059] raw: 05ffc00000000040 ffff0000c0002000 dead000000000100 dead000000000122 [ 149.932704][ T6059] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 149.932722][ T6059] head: 05ffc00000000040 ffff0000c0002000 dead000000000100 dead000000000122 [ 149.932738][ T6059] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 149.932754][ T6059] head: 05ffc00000000003 fffffdffc3431601 00000000ffffffff 00000000ffffffff [ 149.932770][ T6059] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 149.932783][ T6059] page dumped because: kasan: bad access detected [ 149.932794][ T6059] [ 149.932802][ T6059] Memory state around the buggy address: [ 149.932814][ T6059] ffff0000d0c5c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.932828][ T6059] ffff0000d0c5c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.932842][ T6059] >ffff0000d0c5c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.932854][ T6059] ^ [ 149.932866][ T6059] ffff0000d0c5c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.932879][ T6059] ffff0000d0c5c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.932891][ T6059] ================================================================== [ 149.932904][ T6059] Disabling lock debugging due to kernel taint [ 149.964594][ T6059] ------------[ cut here ]------------ [ 149.964617][ T6059] ODEBUG: assert_init not available (active state 0) object: 00000000409c7fa7 object type: timer_list hint: l2cap_chan_timeout+0x0/0x280 [ 149.965012][ T6059] WARNING: CPU: 1 PID: 6059 at lib/debugobjects.c:615 debug_print_object+0x168/0x1e0 [ 150.133123][ T6059] Modules linked in: [ 150.133138][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.135536][ T6059] CPU: 1 UID: 0 PID: 6059 Comm: kworker/u9:1 Tainted: G B 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 150.138686][ T6059] Tainted: [B]=BAD_PAGE [ 150.139774][ T6059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 150.142288][ T6059] Workqueue: hci1 hci_rx_work [ 150.143480][ T6059] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 150.145440][ T6059] pc : debug_print_object+0x168/0x1e0 [ 150.146813][ T6059] lr : debug_print_object+0x168/0x1e0 [ 150.148211][ T6059] sp : ffff80009d7b7130 [ 150.149343][ T6059] x29: ffff80009d7b7130 x28: dfff800000000000 x27: 000000000000000a [ 150.151534][ T6059] x26: ffff80008f321000 x25: dfff800000000000 x24: ffff0000d0c5a150 [ 150.153673][ T6059] x23: ffff80008b3ec740 x22: ffff80008a02c344 x21: ffff80008ae91da0 [ 150.155857][ T6059] x20: 0000000000000000 x19: ffff80008b3ec220 x18: 1fffe0003386f276 [ 150.158004][ T6059] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 150.160163][ T6059] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 150.162386][ T6059] x11: 0000000000100000 x10: 000000000002cdd2 x9 : 15919c6d16d2ff00 [ 150.164462][ T6059] x8 : 15919c6d16d2ff00 x7 : 0000000000000001 x6 : 0000000000000001 [ 150.166536][ T6059] x5 : ffff80009d7b6a78 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 150.168642][ T6059] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 150.170823][ T6059] Call trace: [ 150.171721][ T6059] debug_print_object+0x168/0x1e0 (P) [ 150.173159][ T6059] debug_object_assert_init+0x250/0x2c8 [ 150.174642][ T6059] __timer_delete+0x48/0x354 [ 150.175852][ T6059] timer_delete+0x24/0x34 [ 150.177140][ T6059] work_grab_pending+0xc0/0x830 [ 150.178466][ T6059] __cancel_work+0x50/0x218 [ 150.179684][ T6059] cancel_delayed_work+0x24/0x38 [ 150.181060][ T6059] l2cap_le_start+0x7ac/0x10c0 [ 150.182323][ T6059] l2cap_connect_cfm+0x558/0xd40 [ 150.183650][ T6059] hci_connect_cfm+0x98/0x134 [ 150.184884][ T6059] le_conn_complete_evt+0x9f4/0xe84 [ 150.186272][ T6059] hci_le_conn_complete_evt+0x114/0x3f8 [ 150.187796][ T6059] hci_le_meta_evt+0x2bc/0x4a0 [ 150.189103][ T6059] hci_event_packet+0x5f8/0xe90 [ 150.190385][ T6059] hci_rx_work+0x320/0xb18 [ 150.191509][ T6059] process_one_work+0x7e8/0x156c [ 150.192842][ T6059] worker_thread+0x958/0xed8 [ 150.193998][ T6059] kthread+0x5fc/0x75c [ 150.195042][ T6059] ret_from_fork+0x10/0x20 [ 150.196317][ T6059] irq event stamp: 8145 [ 150.197435][ T6059] hardirqs last enabled at (8145): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 150.200222][ T6059] hardirqs last disabled at (8144): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 150.202822][ T6059] softirqs last enabled at (8138): [] release_sock+0x14c/0x1ac [ 150.205128][ T6059] softirqs last disabled at (8134): [] release_sock+0x34/0x1ac [ 150.207331][ T6059] ---[ end trace 0000000000000000 ]--- [ 150.209961][ T6059] Unable to handle kernel paging request at virtual address dfff800000000038 [ 150.210016][ T6059] KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] [ 150.210044][ T6059] Mem abort info: [ 150.210063][ T6059] ESR = 0x0000000096000005 [ 150.210083][ T6059] EC = 0x25: DABT (current EL), IL = 32 bits [ 150.210104][ T6059] SET = 0, FnV = 0 [ 150.210124][ T6059] EA = 0, S1PTW = 0 [ 150.210143][ T6059] FSC = 0x05: level 1 translation fault SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 150.210163][ T6059] Data abort info: [ 150.210181][ T6059] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 150.210201][ T6059] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 150.210223][ T6059] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 150.210245][ T6059] [dfff800000000038] address between user and kernel address ranges [ 150.210277][ T6059] Internal error: Oops: 0000000096000005 [#1] SMP [ 150.232138][ T6059] Modules linked in: [ 150.233181][ T6059] CPU: 1 UID: 0 PID: 6059 Comm: kworker/u9:1 Tainted: G B W 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT [ 150.233513][ T8157] team0: Port device team_slave_0 added [ 150.236253][ T8157] team0: Port device team_slave_1 added [ 150.239647][ T6059] Tainted: [B]=BAD_PAGE, [W]=WARN [ 150.240952][ T6059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 150.243621][ T6059] Workqueue: hci1 hci_rx_work [ 150.244894][ T6059] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 150.247078][ T6059] pc : do_raw_spin_lock+0x84/0x2cc [ 150.248425][ T6059] lr : _raw_spin_lock_bh+0x50/0x60 [ 150.249787][ T6059] sp : ffff80009d7b7240 [ 150.250866][ T6059] x29: ffff80009d7b72d0 x28: ffff80009d7b7400 x27: 1fffe0001a18b404 [ 150.253131][ T6059] x26: 1fffe0001a18b402 x25: 1fffe0001a18b400 x24: dfff800000000000 [ 150.255380][ T6059] x23: 0000000000000002 x22: dfff800000000000 x21: 0000000000000000 [ 150.257571][ T6059] x20: 00000000000001c4 x19: 00000000000001c0 x18: 1fffe0003386f276 [ 150.259763][ T6059] x17: 0000000000000000 x16: ffff800080528c04 x15: ffff60001a18b421 [ 150.261969][ T6059] x14: 1fffe0001a18b421 x13: 00000000000000fb x12: ffffffffffffffff [ 150.264152][ T6059] x11: 1ffff00013af6e4c x10: ffff80008eae97d3 x9 : f3f3f304f1f1f1f1 [ 150.266260][ T6059] x8 : 0000000000000038 x7 : 0000000000000001 x6 : ffff800089053800 [ 150.268438][ T6059] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 150.270630][ T6059] x2 : 0000000000000000 x1 : ffff80008b3ebc00 x0 : 00000000000001c0 [ 150.272716][ T6059] Call trace: [ 150.273557][ T6059] do_raw_spin_lock+0x84/0x2cc (P) [ 150.274852][ T6059] _raw_spin_lock_bh+0x50/0x60 [ 150.276147][ T6059] lock_sock_nested+0x70/0x118 [ 150.277412][ T6059] l2cap_sock_ready_cb+0x4c/0x130 [ 150.278719][ T6059] l2cap_le_start+0x950/0x10c0 [ 150.279996][ T6059] l2cap_connect_cfm+0x558/0xd40 [ 150.281464][ T6059] hci_connect_cfm+0x98/0x134 [ 150.282737][ T6059] le_conn_complete_evt+0x9f4/0xe84 [ 150.284149][ T6059] hci_le_conn_complete_evt+0x114/0x3f8 [ 150.285692][ T6059] hci_le_meta_evt+0x2bc/0x4a0 [ 150.286970][ T6059] hci_event_packet+0x5f8/0xe90 [ 150.288351][ T6059] hci_rx_work+0x320/0xb18 [ 150.289557][ T6059] process_one_work+0x7e8/0x156c [ 150.290884][ T6059] worker_thread+0x958/0xed8 [ 150.292122][ T6059] kthread+0x5fc/0x75c [ 150.293236][ T6059] ret_from_fork+0x10/0x20 [ 150.294466][ T6059] Code: aa0003f3 f9000feb f2fe7e69 f8386969 (38f86908) [ 150.296246][ T6059] ---[ end trace 0000000000000000 ]--- [ 150.895912][ T6059] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 150.898086][ T6059] SMP: stopping secondary CPUs [ 150.899442][ T6059] Kernel Offset: disabled [ 150.900656][ T6059] CPU features: 0x0800,000040e0,01000250,82017203 [ 150.902475][ T6059] Memory Limit: none [ 151.453975][ T6059] Rebooting in 86400 seconds..