last executing test programs: 2.868135426s ago: executing program 1 (id=2667): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_TIOCOUTQ(r2, 0x5411, &(0x7f000000a080)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="9e90b06e89e9160dd70f5edf525aaa23eec23640ed89f6d5543707b9e68d8823f67d4135fe3ffbc541da8e98c15bce821cf006795df092aafe2fa7c51653f3804734561882d03b3fcf2f14fba52ee428e7a16ba89e5f505d79a0e1117e387bc783a275e7a81542b09050eae7fa5171ae76fc7b62ebd53f09931a5e0c3b8d11ea53f34a59d2f5b60af3a11ad090bda276cb0262cc54fef3ebc11648e4b622bbae890e89d64f545de73ac5999872b7b444c538baf9d5173d6b967563cc98d2df1d248fb5c2a46620d7439a382d9acfb82e48a3dca845d08f002ae671fece2a9ed52a5b64fd9bbe1baacf9fc59feddfbd12c118"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0) close(r3) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, 0x0, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @private=0xa010102}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000380)='yeah\x00', 0x5) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f00000002c0)=[@window, @timestamp, @mss={0x2, 0x8}, @timestamp, @mss={0x2, 0x9}, @timestamp], 0x6) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r4, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a", 0xfdef, 0x805, 0x0, 0x0) ioctl$sock_SIOCGSKNS(r4, 0x894c, &(0x7f0000000580)=0x7) ioctl$SIOCSIFHWADDR(r3, 0x8b26, &(0x7f0000000000)={'wlan1\x00'}) 2.124379866s ago: executing program 0 (id=2690): r0 = epoll_create1(0x80000) r1 = socket(0x1, 0x80802, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x60000007}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x90000015}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000600)) 1.968403639s ago: executing program 0 (id=2696): setsockopt(0xffffffffffffffff, 0x7, 0xd72b, &(0x7f0000000000)="e4a3e0160f1294b1974a2eae99edc86e833b981d8b0677e166fb1e26a949b801bed574af43036a997f5d18a9564fdfab712ac8e083", 0x35) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfde3, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r4, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x20040000) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r5, 0x9) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r5, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) recvfrom(r6, &(0x7f0000000180)=""/60, 0x13e58, 0x40000000, 0x0, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r2, 0x4018f50b, &(0x7f00000001c0)={0x1, 0xaf, 0x401}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'}) 1.958945691s ago: executing program 1 (id=2697): setsockopt(0xffffffffffffffff, 0x7, 0xd72b, &(0x7f0000000000)="e4a3e0160f1294b1974a2eae99edc86e833b981d8b0677e166fb1e26a949b801bed574af43036a997f5d18a9564fdfab712a", 0x32) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00'}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x54}}, 0x20040000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4000004) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r2, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000000)=0x495e, 0x4) setsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x20, 0x8f, 0x2, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xe) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="3000000000000000840000000100"], 0x30}], 0x1, 0x0) read$alg(r4, &(0x7f0000000340)=""/173, 0xad) recvfrom(r3, &(0x7f0000000180)=""/60, 0x13e58, 0x40000000, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000300), r4) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x4000) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(0xffffffffffffffff, 0x4018f50b, &(0x7f00000001c0)={0x1, 0xaf, 0x401}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 1.184147323s ago: executing program 3 (id=2729): bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x14, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.112795799s ago: executing program 3 (id=2732): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$tipc(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) close(r0) 1.112562943s ago: executing program 4 (id=2733): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x6d}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 1.112343381s ago: executing program 2 (id=2734): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002900000018010000202070250000000000202020631af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095000000000000002f81c461b3fea834ceb0e17d802cfb227e656a3698c79205e02f1561b0010095448e9f7024b45fb2006c9117fe2a42fcd2ce278009682dc8f7c867b177ec5bd50b92aedef35b6cd87b56690b4c96f63ab02174911d5e51b76d2c31b8bece7b0f841f393c401d8f51383f0f28d4c00fa2149870f1779f204103dbebff2a0e292b42f01b0bb114fa6e1889a6437285a0c9f00c4245e4d3524af00636736e812558294430bf4b365e0a9c468c9eb4977fb131145e0179c4ddb37a6704a36503e63d66ddcf9b8e1035383b90de09d000c223ffb7f13624e3ac52b248f92d041959c1f7985eb94aad8c0adf4e8730313d1b02662c6847a9851f40a969486ebbe7bfcb5b28fc7dbe1bb80c4a2c18a53fecc51e51de59049bab8dd71ff26ba598394000000000000000f8bcc79a99da31fce5c3afe32a91fad1a75d1bc07c595291bb21d3efdc6281ee36b3d825686bf95f78bcfd51843ab79d72aef6d486a2a127b33f71170e4fd95182e7f8a840fbab080e91cbe30687f09dd46221c0fc5e86f4c571b9ea7c91562f2e7621ac15b9d1e7209f95514452fb0c896f6b6f3f9956e34b1e994c7fece2c34821abec74ef96c059ba7c88292728698e55678c4217da44c66b0a9dee76037447452ca149f6d4495554a5d36725125f125ff999bb3f63ed"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x65) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.110981657s ago: executing program 0 (id=2735): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x2000000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 1.032256484s ago: executing program 2 (id=2736): bpf$MAP_CREATE(0x4000000000000, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x48) 1.031871196s ago: executing program 3 (id=2737): socket(0x10, 0x803, 0x0) socket(0x200000100000011, 0x3, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@setlink={0x28, 0x13, 0xbaa23f3d13f2d1f5, 0x3, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_TXQLEN={0x8, 0xd, 0xc3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0) 1.030481215s ago: executing program 1 (id=2738): bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1600000000000000080000000200180000000000", @ANYRES32, @ANYBLOB="000000c4e800000000000000000000000000dfff00", @ANYRES32=0x0, @ANYRES32], 0x48) 976.48693ms ago: executing program 0 (id=2739): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r0, 0x0, 0x0}, 0x20) 976.273063ms ago: executing program 4 (id=2740): r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 963.710696ms ago: executing program 1 (id=2741): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000180)=0x8000, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r1}, 0x10) 923.766925ms ago: executing program 2 (id=2742): socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f0000000340)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{}, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8010}, 0x20000000) 860.496224ms ago: executing program 4 (id=2743): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xe, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x19}, @generic={0x7e}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 860.112259ms ago: executing program 1 (id=2744): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 810.125145ms ago: executing program 0 (id=2745): syz_clone(0x4080b000, 0x0, 0x0, &(0x7f0000000e40), 0x0, 0x0) 795.843259ms ago: executing program 4 (id=2746): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket(0x10, 0x3, 0x0) sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, 0x0, 0x40814) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x0, 0x10}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x4, 0x2, 0xdc, 0x8, 0x8}, 0x6, 0x1, 0x9, 0x4, 0x7, 0x8, 0x5, 0x7, 0x1, 0x8, {0x5, 0x0, 0x3, 0x3b3, 0xb8, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x55}, 0x4000) sendto$inet6(0xffffffffffffffff, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x2, @loopback}, 0x1c) 744.608013ms ago: executing program 2 (id=2747): r0 = epoll_create1(0x80000) r1 = socket(0x1, 0x80802, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x60000007}) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000600)) 744.324322ms ago: executing program 1 (id=2748): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xcb, 0x27, 0x28, 0x10, 0x2717, 0x4106, 0x2892, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0x68, 0x8}}]}}]}}, 0x0) syz_usb_disconnect(r0) syz_usb_disconnect(r0) 666.107261ms ago: executing program 2 (id=2749): syz_usb_connect(0x5, 0x41, &(0x7f0000000100)={{0x12, 0x1, 0x300, 0x71, 0x82, 0x73, 0x40, 0x12d1, 0x6210, 0xf1fa, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x1, 0xff, 0xa0, 0x7, [{{0x9, 0x4, 0xde, 0x2, 0x0, 0xe, 0x1, 0x0, 0xb4, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0xd7b, 0x2, 0x8, 0xf8}, {0x6, 0x24, 0x1a, 0xfe00, 0xc}}]}}]}}]}}, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0}) 616.813891ms ago: executing program 4 (id=2750): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5013, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x64, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x4, 0xbc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x107040) 613.476173ms ago: executing program 3 (id=2751): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000100)={0x0, 0x14}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 524.321618ms ago: executing program 0 (id=2752): syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000a80ff420c80a103400740102030109021200010000000009040000000e010002"], &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x2, &(0x7f0000000240)=@string={0x2}}, {0x4d750f9919073fc3, 0x0}, {0x18, &(0x7f0000000100)=@string={0x18, 0x3, "db67628cf55f23d3022c1f3e669f79af695cf28bda65"}}]}) 132.454111ms ago: executing program 2 (id=2753): syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x201, 0x5b, 0xe, 0x8c, 0x10, 0x17ef, 0x720c, 0x5190, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe3, 0x9c, 0xcb}}]}}]}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0xfff, 0x0) ioctl$EVIOCGMASK(r0, 0x4020940d, &(0x7f00000003c0)={0x4, 0x0, 0x0}) ioctl$EVIOCGABS3F(r0, 0x8018457f, 0x0) 48.774416ms ago: executing program 3 (id=2754): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000180)=0x8000, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r1}, 0x10) 310.067µs ago: executing program 4 (id=2755): syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)=ANY=[@ANYBLOB="120100003a982a08cd0ca310a223010203010902120001000200000904"], 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 3 (id=2756): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200010010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000700)={0x44, &(0x7f0000000300)={0x40, 0x14, 0x2, "bb4f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000009c0)={0x1c, &(0x7f0000000900)={0x20, 0x1, 0x2, "1053"}, 0x0, 0x0}) kernel console output (not intermixed with test programs): 1.381'. [ 235.583511][ T8049] netlink: 'syz.1.381': attribute type 11 has an invalid length. [ 235.600097][ T8100] FAULT_INJECTION: forcing a failure. [ 235.600097][ T8100] name failslab, interval 1, probability 0, space 0, times 0 [ 235.603026][ T8100] CPU: 0 UID: 0 PID: 8100 Comm: syz.3.401 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 235.605015][ T8100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 235.607162][ T8100] Call trace: [ 235.607873][ T8100] show_stack+0x2c/0x3c (C) [ 235.608812][ T8100] dump_stack_lvl+0xe4/0x150 [ 235.609786][ T8100] dump_stack+0x1c/0x28 [ 235.610705][ T8100] should_fail_ex+0x3b0/0x50c [ 235.611696][ T8100] should_failslab+0xc8/0x130 [ 235.612630][ T8100] kmem_cache_alloc_node_noprof+0x88/0x420 [ 235.613744][ T8100] __alloc_skb+0x1e0/0x420 [ 235.614614][ T8100] netlink_alloc_large_skb+0xd0/0x110 [ 235.615835][ T8100] netlink_sendmsg+0x4d4/0xa8c [ 235.616910][ T8100] ____sys_sendmsg+0x56c/0x840 [ 235.617963][ T8100] __sys_sendmsg+0x238/0x304 [ 235.618956][ T8100] __arm64_sys_sendmsg+0x80/0x94 [ 235.619916][ T8100] invoke_syscall+0x98/0x2b8 [ 235.620876][ T8100] el0_svc_common+0x130/0x23c [ 235.621793][ T8100] do_el0_svc+0x48/0x58 [ 235.622687][ T8100] el0_svc+0x54/0x168 [ 235.623519][ T8100] el0t_64_sync_handler+0x84/0x108 [ 235.624657][ T8100] el0t_64_sync+0x198/0x19c [ 235.682105][ T8103] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 235.828775][ T8110] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 236.244871][ T8123] FAULT_INJECTION: forcing a failure. [ 236.244871][ T8123] name failslab, interval 1, probability 0, space 0, times 0 [ 236.253463][ T8123] CPU: 1 UID: 0 PID: 8123 Comm: syz.1.410 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 236.255693][ T8123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 236.257753][ T8123] Call trace: [ 236.258456][ T8123] show_stack+0x2c/0x3c (C) [ 236.259370][ T8123] dump_stack_lvl+0xe4/0x150 [ 236.260316][ T8123] dump_stack+0x1c/0x28 [ 236.261199][ T8123] should_fail_ex+0x3b0/0x50c [ 236.262137][ T8123] should_failslab+0xc8/0x130 [ 236.263081][ T8123] __kmalloc_noprof+0xf4/0x54c [ 236.264037][ T8123] tomoyo_encode+0x270/0x4b0 [ 236.264964][ T8123] tomoyo_realpath_from_path+0x478/0x4cc [ 236.266088][ T8123] tomoyo_path_number_perm+0x1ec/0x6a8 [ 236.267261][ T8123] tomoyo_file_ioctl+0x2c/0x3c [ 236.268267][ T8123] security_file_ioctl+0xe8/0x2f0 [ 236.269387][ T8123] __arm64_sys_ioctl+0xa8/0x1cc [ 236.270373][ T8123] invoke_syscall+0x98/0x2b8 [ 236.271325][ T8123] el0_svc_common+0x130/0x23c [ 236.272237][ T8123] do_el0_svc+0x48/0x58 [ 236.273138][ T8123] el0_svc+0x54/0x168 [ 236.273970][ T8123] el0t_64_sync_handler+0x84/0x108 [ 236.275037][ T8123] el0t_64_sync+0x198/0x19c [ 236.290141][ T8123] ERROR: Out of memory at tomoyo_realpath_from_path. [ 236.374147][ T8127] FAULT_INJECTION: forcing a failure. [ 236.374147][ T8127] name failslab, interval 1, probability 0, space 0, times 0 [ 236.381964][ T8127] CPU: 0 UID: 0 PID: 8127 Comm: syz.1.412 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 236.383925][ T8127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 236.385822][ T8127] Call trace: [ 236.386441][ T8127] show_stack+0x2c/0x3c (C) [ 236.387399][ T8127] dump_stack_lvl+0xe4/0x150 [ 236.388403][ T8127] dump_stack+0x1c/0x28 [ 236.389251][ T8127] should_fail_ex+0x3b0/0x50c [ 236.390257][ T8127] should_failslab+0xc8/0x130 [ 236.391266][ T8127] kmem_cache_alloc_node_noprof+0x88/0x420 [ 236.392449][ T8127] __alloc_skb+0x1e0/0x420 [ 236.393325][ T8127] netlink_alloc_large_skb+0xd0/0x110 [ 236.394354][ T8127] netlink_sendmsg+0x4d4/0xa8c [ 236.395321][ T8127] ____sys_sendmsg+0x56c/0x840 [ 236.396266][ T8127] __sys_sendmsg+0x238/0x304 [ 236.397209][ T8127] __arm64_sys_sendmsg+0x80/0x94 [ 236.398148][ T8127] invoke_syscall+0x98/0x2b8 [ 236.399040][ T8127] el0_svc_common+0x130/0x23c [ 236.400004][ T8127] do_el0_svc+0x48/0x58 [ 236.400833][ T8127] el0_svc+0x54/0x168 [ 236.401624][ T8127] el0t_64_sync_handler+0x84/0x108 [ 236.402625][ T8127] el0t_64_sync+0x198/0x19c [ 236.430787][ T8129] vxcan1: entered allmulticast mode [ 236.434183][ T8129] vxcan1: left allmulticast mode [ 236.561060][ T8131] netlink: 4 bytes leftover after parsing attributes in process `syz.2.414'. [ 236.563950][ T8138] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 236.599992][ T8129] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 236.674204][ T8144] fuse: Unknown parameter '0x000000000000000500000000000000000005' [ 236.717447][ T8148] binder: 8147:8148 got transaction to invalid handle, 1 [ 236.718910][ T8148] binder: 8148:8147 cannot find target node [ 236.720128][ T8148] binder: 8147:8148 transaction call to 0:0 failed 56/29201/-22, size 0-24 line 3151 [ 236.742208][ T5996] binder: undelivered TRANSACTION_ERROR: 29201 [ 236.851990][ T8158] dccp_invalid_packet: P.Data Offset(224) too large [ 237.775853][ T6475] atkbd serio0: keyboard reset failed on [ 237.868027][ T8176] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 238.799987][ T8196] warning: `syz.1.437' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 238.857209][ T8198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.876098][ T8198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 239.124923][ T8206] capability: warning: `syz.0.440' uses 32-bit capabilities (legacy support in use) [ 239.172129][ T8208] dccp_invalid_packet: P.Data Offset(224) too large [ 240.058441][ T8237] FAULT_INJECTION: forcing a failure. [ 240.058441][ T8237] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.213905][ T8237] CPU: 1 UID: 0 PID: 8237 Comm: syz.1.453 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 240.216121][ T8237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 240.218170][ T8237] Call trace: [ 240.218928][ T8237] show_stack+0x2c/0x3c (C) [ 240.219889][ T8237] dump_stack_lvl+0xe4/0x150 [ 240.220865][ T8237] dump_stack+0x1c/0x28 [ 240.221762][ T8237] should_fail_ex+0x3b0/0x50c [ 240.222798][ T8237] should_fail+0x14/0x24 [ 240.223733][ T8237] should_fail_usercopy+0x20/0x30 [ 240.224803][ T8237] put_timespec64+0xfc/0x238 [ 240.225800][ T8237] poll_select_finish+0x490/0x7e0 [ 240.226839][ T8237] __arm64_sys_ppoll+0x2d8/0x358 [ 240.227911][ T8237] invoke_syscall+0x98/0x2b8 [ 240.228918][ T8237] el0_svc_common+0x130/0x23c [ 240.229821][ T8237] do_el0_svc+0x48/0x58 [ 240.230771][ T8237] el0_svc+0x54/0x168 [ 240.231666][ T8237] el0t_64_sync_handler+0x84/0x108 [ 240.232691][ T8237] el0t_64_sync+0x198/0x19c [ 240.475105][ T8246] FAULT_INJECTION: forcing a failure. [ 240.475105][ T8246] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.482627][ T8246] CPU: 0 UID: 0 PID: 8246 Comm: syz.3.456 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 240.484816][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 240.486937][ T8246] Call trace: [ 240.487685][ T8246] show_stack+0x2c/0x3c (C) [ 240.488591][ T8246] dump_stack_lvl+0xe4/0x150 [ 240.489515][ T8246] dump_stack+0x1c/0x28 [ 240.490361][ T8246] should_fail_ex+0x3b0/0x50c [ 240.491409][ T8246] should_fail+0x14/0x24 [ 240.492316][ T8246] should_fail_usercopy+0x20/0x30 [ 240.493314][ T8246] __arm64_sys_memfd_create+0x2a4/0x864 [ 240.494422][ T8246] invoke_syscall+0x98/0x2b8 [ 240.495402][ T8246] el0_svc_common+0x130/0x23c [ 240.496357][ T8246] do_el0_svc+0x48/0x58 [ 240.497253][ T8246] el0_svc+0x54/0x168 [ 240.498098][ T8246] el0t_64_sync_handler+0x84/0x108 [ 240.499117][ T8246] el0t_64_sync+0x198/0x19c [ 240.632308][ T8253] netlink: 12 bytes leftover after parsing attributes in process `syz.2.450'. [ 242.631478][ T8274] dccp_invalid_packet: P.Data Offset(224) too large [ 242.838750][ T8278] FAULT_INJECTION: forcing a failure. [ 242.838750][ T8278] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.848578][ T8278] CPU: 1 UID: 0 PID: 8278 Comm: syz.3.466 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 242.850935][ T8278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 242.853034][ T8278] Call trace: [ 242.853729][ T8278] show_stack+0x2c/0x3c (C) [ 242.854627][ T8278] dump_stack_lvl+0xe4/0x150 [ 242.855661][ T8278] dump_stack+0x1c/0x28 [ 242.856561][ T8278] should_fail_ex+0x3b0/0x50c [ 242.857490][ T8278] should_fail+0x14/0x24 [ 242.858387][ T8278] should_fail_usercopy+0x20/0x30 [ 242.859493][ T8278] ppp_ioctl+0xc14/0x253c [ 242.860441][ T8278] __arm64_sys_ioctl+0x14c/0x1cc [ 242.861471][ T8278] invoke_syscall+0x98/0x2b8 [ 242.862487][ T8278] el0_svc_common+0x130/0x23c [ 242.863563][ T8278] do_el0_svc+0x48/0x58 [ 242.864470][ T8278] el0_svc+0x54/0x168 [ 242.865277][ T8278] el0t_64_sync_handler+0x84/0x108 [ 242.866407][ T8278] el0t_64_sync+0x198/0x19c [ 245.175434][ T8325] Process accounting resumed [ 245.884556][ T8343] bridge_slave_0: left allmulticast mode [ 245.907904][ T8344] netlink: 'syz.0.483': attribute type 10 has an invalid length. [ 245.915678][ T8344] netlink: 40 bytes leftover after parsing attributes in process `syz.0.483'. [ 245.917481][ T8343] bridge_slave_0: left promiscuous mode [ 245.919847][ T8343] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.980018][ T8343] bridge_slave_1: left allmulticast mode [ 245.981857][ T8343] bridge_slave_1: left promiscuous mode [ 245.983193][ T8343] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.991914][ T8343] bond0: (slave bond_slave_0): Releasing backup interface [ 246.013477][ T8347] FAULT_INJECTION: forcing a failure. [ 246.013477][ T8347] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 246.022066][ T8347] CPU: 1 UID: 0 PID: 8347 Comm: syz.4.484 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 246.024334][ T8347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 246.026476][ T8347] Call trace: [ 246.027146][ T8347] show_stack+0x2c/0x3c (C) [ 246.028067][ T8347] dump_stack_lvl+0xe4/0x150 [ 246.029040][ T8347] dump_stack+0x1c/0x28 [ 246.029947][ T8347] should_fail_ex+0x3b0/0x50c [ 246.030954][ T8347] should_fail+0x14/0x24 [ 246.031860][ T8347] should_fail_usercopy+0x20/0x30 [ 246.032946][ T8347] _copy_from_iter+0x1a0/0x16fc [ 246.034022][ T8347] netlink_sendmsg+0x598/0xa8c [ 246.035047][ T8347] ____sys_sendmsg+0x56c/0x840 [ 246.036158][ T8347] __sys_sendmsg+0x238/0x304 [ 246.037160][ T8347] __arm64_sys_sendmsg+0x80/0x94 [ 246.038129][ T8347] invoke_syscall+0x98/0x2b8 [ 246.039139][ T8347] el0_svc_common+0x130/0x23c [ 246.040024][ T8347] do_el0_svc+0x48/0x58 [ 246.040819][ T8347] el0_svc+0x54/0x168 [ 246.041617][ T8347] el0t_64_sync_handler+0x84/0x108 [ 246.042695][ T8347] el0t_64_sync+0x198/0x19c [ 246.057532][ T8343] bond0: (slave bond_slave_1): Releasing backup interface [ 246.131616][ T8349] binder: 8348:8349 got reply transaction with no transaction stack [ 246.133416][ T8349] binder: 8348:8349 transaction reply to 0:0 failed 57/29201/-71, size 0-0 line 3052 [ 246.184164][ T8343] team0: Port device team_slave_0 removed [ 246.203795][ T30] audit: type=1400 audit(246.180:2): lsm=SMACK fn=smack_inode_setattr action=denied subject="y" object="_" requested=w pid=8352 comm="syz.1.487" name="memfd:" dev="hugetlbfs" ino=10980 [ 246.209731][ T8343] team0: Port device team_slave_1 removed [ 246.211381][ T8343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.213029][ T8343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.236861][ T8343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.238387][ T8343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.254699][ T8344] batman_adv: batadv0: Adding interface: wlan0 [ 246.275833][ T8344] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.282454][ T8344] batman_adv: batadv0: Interface activated: wlan0 [ 246.331615][ T8359] dccp_invalid_packet: P.Data Offset(224) too large [ 246.416716][ T8361] tipc: Started in network mode [ 246.423679][ T8361] tipc: Node identity ffffffff, cluster identity 4711 [ 246.425130][ T8361] tipc: Node number set to 4294967295 [ 246.850709][ T8370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.879075][ T8369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.561297][ T8388] binfmt_misc: register: failed to install interpreter file ./file0 [ 248.762236][ T8388] netlink: 8 bytes leftover after parsing attributes in process `syz.4.498'. [ 248.795284][ T8388] ip6_vti0: entered allmulticast mode [ 248.833817][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.637348][ T8417] IPVS: set_ctl: invalid protocol: 92 172.20.20.14:20003 [ 249.940579][ T8435] netlink: 71 bytes leftover after parsing attributes in process `syz.3.508'. [ 249.942683][ T8437] dccp_invalid_packet: P.Data Offset(224) too large [ 250.546155][ T8450] FAULT_INJECTION: forcing a failure. [ 250.546155][ T8450] name failslab, interval 1, probability 0, space 0, times 0 [ 250.548827][ T8450] CPU: 1 UID: 0 PID: 8450 Comm: syz.4.514 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 250.550866][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 250.552844][ T8450] Call trace: [ 250.553483][ T8450] show_stack+0x2c/0x3c (C) [ 250.554334][ T8450] dump_stack_lvl+0xe4/0x150 [ 250.555219][ T8450] dump_stack+0x1c/0x28 [ 250.556067][ T8450] should_fail_ex+0x3b0/0x50c [ 250.557101][ T8450] should_failslab+0xc8/0x130 [ 250.558026][ T8450] kmem_cache_alloc_noprof+0x84/0x410 [ 250.559124][ T8450] security_inode_alloc+0x34/0x32c [ 250.560192][ T8450] inode_init_always_gfp+0x730/0xc00 [ 250.561294][ T8450] alloc_inode+0x80/0x19c [ 250.562230][ T8450] new_inode+0x30/0x16c [ 250.563077][ T8450] shmem_get_inode+0x308/0xd28 [ 250.563995][ T8450] __shmem_file_setup+0x148/0x280 [ 250.565000][ T8450] shmem_file_setup+0x40/0x54 [ 250.565923][ T8450] __arm64_sys_memfd_create+0x464/0x864 [ 250.567143][ T8450] invoke_syscall+0x98/0x2b8 [ 250.568106][ T8450] el0_svc_common+0x130/0x23c [ 250.569047][ T8450] do_el0_svc+0x48/0x58 [ 250.570008][ T8450] el0_svc+0x54/0x168 [ 250.570850][ T8450] el0t_64_sync_handler+0x84/0x108 [ 250.571894][ T8450] el0t_64_sync+0x198/0x19c [ 250.692121][ T8457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.708430][ T8457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.713614][ T8448] binder: 8447:8448 got reply transaction with no transaction stack [ 250.715689][ T8448] binder: 8447:8448 transaction reply to 0:0 failed 58/29201/-71, size 0-0 line 3052 [ 250.757082][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 250.793943][ T8463] sp0: Synchronizing with TNC [ 250.808265][ T8461] [U] è [ 251.693343][ T8477] FAULT_INJECTION: forcing a failure. [ 251.693343][ T8477] name failslab, interval 1, probability 0, space 0, times 0 [ 251.697578][ T8477] CPU: 1 UID: 0 PID: 8477 Comm: syz.0.521 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 251.699674][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 251.701826][ T8477] Call trace: [ 251.702544][ T8477] show_stack+0x2c/0x3c (C) [ 251.703456][ T8477] dump_stack_lvl+0xe4/0x150 [ 251.704382][ T8477] dump_stack+0x1c/0x28 [ 251.705324][ T8477] should_fail_ex+0x3b0/0x50c [ 251.706265][ T8477] should_failslab+0xc8/0x130 [ 251.707223][ T8477] __kmalloc_cache_noprof+0x80/0x428 [ 251.708283][ T8477] create_io_worker+0xd4/0x58c [ 251.709258][ T8477] io_wq_enqueue+0x6f8/0x9e0 [ 251.710236][ T8477] io_queue_iowq+0x370/0x6f8 [ 251.711240][ T8477] io_queue_async+0x2f8/0x3a8 [ 251.712206][ T8477] io_req_task_submit+0x18c/0x1bc [ 251.713290][ T8477] io_handle_tw_list+0x100/0x21c [ 251.714283][ T8477] tctx_task_work_run+0xbc/0x4ac [ 251.715335][ T8477] tctx_task_work+0x94/0x104 [ 251.716394][ T8477] task_work_run+0x230/0x2e0 [ 251.717278][ T8477] get_signal+0x1358/0x1534 [ 251.718222][ T8477] do_signal+0x22c/0x39e4 [ 251.719119][ T8477] do_notify_resume+0x74/0x1f4 [ 251.720071][ T8477] el0_svc+0xac/0x168 [ 251.720883][ T8477] el0t_64_sync_handler+0x84/0x108 [ 251.721876][ T8477] el0t_64_sync+0x198/0x19c [ 251.835420][ T8479] binder: tried to use weak ref as strong ref [ 251.844514][ T8479] binder: 8478:8479 Acquire 1 refcount change on invalid ref 0 ret -22 [ 251.880254][ T8479] binder: 8478:8479 got transaction to invalid handle, 1 [ 251.883863][ T8479] binder: 8479:8478 cannot find target node [ 251.888473][ T8479] binder: 8478:8479 transaction call to 0:0 failed 61/29201/-22, size 120-24 line 3151 [ 251.900960][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 252.348748][ T8495] ======================================================= [ 252.348748][ T8495] WARNING: The mand mount option has been deprecated and [ 252.348748][ T8495] and is ignored by this kernel. Remove the mand [ 252.348748][ T8495] option from the mount to silence this warning. [ 252.348748][ T8495] ======================================================= [ 252.757404][ T8493] binder: 8492:8493 got reply transaction with no transaction stack [ 252.759051][ T8493] binder: 8492:8493 transaction reply to 0:0 failed 62/29201/-71, size 0-0 line 3052 [ 252.764691][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 252.951279][ T8507] dccp_invalid_packet: P.Data Offset(224) too large [ 252.990417][ T8497] netlink: 60 bytes leftover after parsing attributes in process `syz.2.530'. [ 252.993269][ T8497] netlink: 60 bytes leftover after parsing attributes in process `syz.2.530'. [ 252.995641][ T8497] netlink: 60 bytes leftover after parsing attributes in process `syz.2.530'. [ 253.010594][ T8506] binder: tried to use weak ref as strong ref [ 253.011955][ T8506] binder: 8505:8506 Acquire 1 refcount change on invalid ref 0 ret -22 [ 253.031945][ T8506] binder: 8505:8506 got transaction to invalid handle, 1 [ 253.033711][ T8506] binder: 8506:8505 cannot find target node [ 253.622122][ T8506] binder: 8505:8506 transaction call to 0:0 failed 65/29201/-22, size 120-24 line 3151 [ 253.627298][ T6434] binder: undelivered TRANSACTION_ERROR: 29201 [ 253.926849][ T8525] syz.3.538: attempt to access beyond end of device [ 253.926849][ T8525] nbd3: rw=0, sector=2, nr_sectors = 1 limit=0 [ 253.929533][ T8525] hfs: can't find a HFS filesystem on dev nbd3 [ 254.015915][ T8525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.538'. [ 254.599391][ T8531] binder: 8530:8531 got reply transaction with no transaction stack [ 254.604641][ T8531] binder: 8530:8531 transaction reply to 0:0 failed 66/29201/-71, size 0-0 line 3052 [ 255.054602][ T8541] binder: tried to use weak ref as strong ref [ 255.057995][ T8541] binder: 8540:8541 Acquire 1 refcount change on invalid ref 0 ret -22 [ 255.096705][ T8541] binder: 8541:8540 cannot find target node [ 256.480957][ T8567] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 256.495806][ T8567] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 256.896550][ T8572] dccp_invalid_packet: P.Data Offset(224) too large [ 257.121935][ T8576] FAULT_INJECTION: forcing a failure. [ 257.121935][ T8576] name failslab, interval 1, probability 0, space 0, times 0 [ 257.124593][ T8576] CPU: 0 UID: 0 PID: 8576 Comm: syz.0.558 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 257.126595][ T8576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 257.128624][ T8576] Call trace: [ 257.129303][ T8576] show_stack+0x2c/0x3c (C) [ 257.130276][ T8576] dump_stack_lvl+0xe4/0x150 [ 257.131369][ T8576] dump_stack+0x1c/0x28 [ 257.132253][ T8576] should_fail_ex+0x3b0/0x50c [ 257.133275][ T8576] should_failslab+0xc8/0x130 [ 257.134362][ T8576] __kmalloc_cache_noprof+0x80/0x428 [ 257.135439][ T8576] io_arm_poll_handler+0x400/0xa34 [ 257.136515][ T8576] io_queue_async+0x94/0x3a8 [ 257.137417][ T8576] io_submit_sqes+0xb8c/0x19f0 [ 257.138436][ T8576] __arm64_sys_io_uring_enter+0x2f0/0x1468 [ 257.139601][ T8576] invoke_syscall+0x98/0x2b8 [ 257.140698][ T8576] el0_svc_common+0x130/0x23c [ 257.141698][ T8576] do_el0_svc+0x48/0x58 [ 257.142564][ T8576] el0_svc+0x54/0x168 [ 257.143393][ T8576] el0t_64_sync_handler+0x84/0x108 [ 257.144425][ T8576] el0t_64_sync+0x198/0x19c [ 258.339078][ T8591] netlink: 20 bytes leftover after parsing attributes in process `syz.3.563'. [ 259.303191][ T8601] netlink: 'syz.0.566': attribute type 8 has an invalid length. [ 260.256062][ T8611] tipc: Started in network mode [ 260.257164][ T8611] tipc: Node identity ac1414aa, cluster identity 4711 [ 260.259066][ T8611] tipc: Enabled bearer , priority 10 [ 260.262665][ T8611] tipc: Cannot configure node identity twice [ 260.477797][ T8626] FAULT_INJECTION: forcing a failure. [ 260.477797][ T8626] name failslab, interval 1, probability 0, space 0, times 0 [ 260.488117][ T8626] CPU: 1 UID: 0 PID: 8626 Comm: syz.3.574 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 260.490252][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 260.492328][ T8626] Call trace: [ 260.492932][ T8626] show_stack+0x2c/0x3c (C) [ 260.493893][ T8626] dump_stack_lvl+0xe4/0x150 [ 260.494796][ T8626] dump_stack+0x1c/0x28 [ 260.495581][ T8626] should_fail_ex+0x3b0/0x50c [ 260.496571][ T8626] should_failslab+0xc8/0x130 [ 260.497540][ T8626] kmem_cache_alloc_lru_noprof+0x88/0x414 [ 260.498713][ T8626] __d_alloc+0x40/0x658 [ 260.499690][ T8626] d_alloc_pseudo+0x30/0x16c [ 260.500631][ T8626] alloc_file_pseudo+0x110/0x25c [ 260.501668][ T8626] __shmem_file_setup+0x1f4/0x280 [ 260.502758][ T8626] shmem_file_setup+0x40/0x54 [ 260.503712][ T8626] __arm64_sys_memfd_create+0x464/0x864 [ 260.504930][ T8626] invoke_syscall+0x98/0x2b8 [ 260.505878][ T8626] el0_svc_common+0x130/0x23c [ 260.506806][ T8626] do_el0_svc+0x48/0x58 [ 260.507695][ T8626] el0_svc+0x54/0x168 [ 260.508568][ T8626] el0t_64_sync_handler+0x84/0x108 [ 260.509654][ T8626] el0t_64_sync+0x198/0x19c [ 260.539965][ T8628] ./file0: Can't lookup blockdev [ 261.698850][ T6550] tipc: Node number set to 2886997162 [ 265.590268][ T8704] 9pnet_fd: Insufficient options for proto=fd [ 265.643482][ T6429] Bluetooth: hci0: Unknown advertising packet type: 0x14 [ 265.643524][ T6429] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 265.644988][ T6429] Bluetooth: hci0: Unknown advertising packet type: 0x32 [ 265.648184][ T6429] Bluetooth: hci0: Malformed LE Event: 0x0d [ 266.580390][ T8682] Bluetooth: MGMT ver 1.23 [ 266.601734][ T8719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 266.622283][ T8719] tipc: Enabling of bearer rejected, already enabled [ 266.628503][ T8719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.401487][ T8762] netlink: 'syz.1.617': attribute type 11 has an invalid length. [ 269.233634][ T8783] fuse: Bad value for 'fd' [ 269.399824][ T8790] Driver unsupported XDP return value 0 on prog (id 46) dev N/A, expect packet loss! [ 269.593823][ T8793] overlayfs: failed to clone upperpath [ 270.486155][ T8798] FAULT_INJECTION: forcing a failure. [ 270.486155][ T8798] name failslab, interval 1, probability 0, space 0, times 0 [ 270.489012][ T8798] CPU: 1 UID: 0 PID: 8798 Comm: syz.4.628 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 270.491201][ T8798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 270.493242][ T8798] Call trace: [ 270.493952][ T8798] show_stack+0x2c/0x3c (C) [ 270.494841][ T8798] dump_stack_lvl+0xe4/0x150 [ 270.495847][ T8798] dump_stack+0x1c/0x28 [ 270.496739][ T8798] should_fail_ex+0x3b0/0x50c [ 270.497706][ T8798] should_failslab+0xc8/0x130 [ 270.498689][ T8798] kmem_cache_alloc_noprof+0x84/0x410 [ 270.499822][ T8798] alloc_empty_file+0xac/0x1d4 [ 270.500924][ T8798] alloc_file_pseudo+0x1a0/0x25c [ 270.501930][ T8798] __shmem_file_setup+0x1f4/0x280 [ 270.502986][ T8798] shmem_file_setup+0x40/0x54 [ 270.503977][ T8798] __arm64_sys_memfd_create+0x464/0x864 [ 270.505206][ T8798] invoke_syscall+0x98/0x2b8 [ 270.506226][ T8798] el0_svc_common+0x130/0x23c [ 270.507223][ T8798] do_el0_svc+0x48/0x58 [ 270.508110][ T8798] el0_svc+0x54/0x168 [ 270.508910][ T8798] el0t_64_sync_handler+0x84/0x108 [ 270.509931][ T8798] el0t_64_sync+0x198/0x19c [ 274.409470][ T8847] ./file0: Can't lookup blockdev [ 275.268029][ T8860] netlink: 'syz.0.645': attribute type 8 has an invalid length. [ 276.546435][ T8869] bond0: Error: Cannot enslave bond to itself. [ 276.911151][ T8895] netlink: 196 bytes leftover after parsing attributes in process `syz.1.653'. [ 277.520919][ T8901] FAULT_INJECTION: forcing a failure. [ 277.520919][ T8901] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.523706][ T8901] CPU: 0 UID: 0 PID: 8901 Comm: syz.3.654 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 277.525759][ T8901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 277.527805][ T8901] Call trace: [ 277.528485][ T8901] show_stack+0x2c/0x3c (C) [ 277.529423][ T8901] dump_stack_lvl+0xe4/0x150 [ 277.530367][ T8901] dump_stack+0x1c/0x28 [ 277.531353][ T8901] should_fail_ex+0x3b0/0x50c [ 277.532328][ T8901] should_fail+0x14/0x24 [ 277.533218][ T8901] should_fail_usercopy+0x20/0x30 [ 277.534313][ T8901] strncpy_from_user+0x44/0x310 [ 277.535297][ T8901] strncpy_from_bpfptr+0x48/0x74 [ 277.536329][ T8901] bpf_prog_load+0xa98/0x1a38 [ 277.537292][ T8901] __sys_bpf+0x2ac/0x5f0 [ 277.538221][ T8901] __arm64_sys_bpf+0x80/0x98 [ 277.539214][ T8901] invoke_syscall+0x98/0x2b8 [ 277.540153][ T8901] el0_svc_common+0x130/0x23c [ 277.541169][ T8901] do_el0_svc+0x48/0x58 [ 277.542055][ T8901] el0_svc+0x54/0x168 [ 277.542906][ T8901] el0t_64_sync_handler+0x84/0x108 [ 277.543939][ T8901] el0t_64_sync+0x198/0x19c [ 278.007059][ T8917] FAULT_INJECTION: forcing a failure. [ 278.007059][ T8917] name failslab, interval 1, probability 0, space 0, times 0 [ 278.009750][ T8917] CPU: 0 UID: 0 PID: 8917 Comm: syz.0.662 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 278.011761][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 278.013760][ T8917] Call trace: [ 278.014517][ T8917] show_stack+0x2c/0x3c (C) [ 278.015376][ T8917] dump_stack_lvl+0xe4/0x150 [ 278.016326][ T8917] dump_stack+0x1c/0x28 [ 278.017184][ T8917] should_fail_ex+0x3b0/0x50c [ 278.018114][ T8917] should_failslab+0xc8/0x130 [ 278.019035][ T8917] kmem_cache_alloc_noprof+0x84/0x410 [ 278.020198][ T8917] security_file_alloc+0x30/0x328 [ 278.021184][ T8917] init_file+0x90/0x264 [ 278.022141][ T8917] alloc_empty_file+0xc0/0x1d4 [ 278.023170][ T8917] alloc_file_pseudo+0x1a0/0x25c [ 278.024211][ T8917] __shmem_file_setup+0x1f4/0x280 [ 278.025320][ T8917] shmem_file_setup+0x40/0x54 [ 278.026307][ T8917] __arm64_sys_memfd_create+0x464/0x864 [ 278.027490][ T8917] invoke_syscall+0x98/0x2b8 [ 278.028435][ T8917] el0_svc_common+0x130/0x23c [ 278.029405][ T8917] do_el0_svc+0x48/0x58 [ 278.030317][ T8917] el0_svc+0x54/0x168 [ 278.031140][ T8917] el0t_64_sync_handler+0x84/0x108 [ 278.032272][ T8917] el0t_64_sync+0x198/0x19c [ 278.059482][ T8903] netlink: 4 bytes leftover after parsing attributes in process `syz.3.655'. [ 278.067996][ T8903] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 11823 - 0 [ 278.079678][ T8903] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 11823 - 0 [ 278.081542][ T8903] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 11823 - 0 [ 278.084013][ T8903] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 11823 - 0 [ 278.097745][ T8903] geneve2: entered promiscuous mode [ 278.099050][ T8903] geneve2: entered allmulticast mode [ 278.178137][ T8924] ieee802154 phy1 wpan1: encryption failed: -22 [ 279.338377][ T8923] binder_user_error: 4 callbacks suppressed [ 279.338392][ T8923] binder: 8921:8923 got reply transaction with no transaction stack [ 279.341553][ T8923] binder_debug: 5 callbacks suppressed [ 279.341564][ T8923] binder: 8921:8923 transaction reply to 0:0 failed 75/29201/-71, size 0-0 line 3052 [ 279.346580][ T25] binder: undelivered TRANSACTION_ERROR: 29201 [ 279.805728][ T30] audit: type=1326 audit(279.770:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.809919][ T30] audit: type=1326 audit(279.780:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=34 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.814155][ T30] audit: type=1326 audit(279.780:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.828596][ T30] audit: type=1326 audit(279.780:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.854213][ T30] audit: type=1326 audit(279.780:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.883985][ T30] audit: type=1326 audit(279.780:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=33 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.921479][ T30] audit: type=1326 audit(279.780:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.949116][ T30] audit: type=1326 audit(279.780:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=63 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 279.981234][ T30] audit: type=1326 audit(279.780:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 280.039295][ T30] audit: type=1326 audit(279.810:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8960 comm="syz.1.677" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x7ffc0000 [ 282.328339][ T8984] binder: 8983:8984 got reply transaction with no transaction stack [ 282.330058][ T8984] binder: 8983:8984 transaction reply to 0:0 failed 76/29201/-71, size 0-0 line 3052 [ 282.335311][ T8982] binder: 8981:8982 got reply transaction with no transaction stack [ 282.345408][ T8982] binder: 8981:8982 transaction reply to 0:0 failed 77/29201/-71, size 0-0 line 3052 [ 282.360507][ T6434] binder: undelivered TRANSACTION_ERROR: 29201 [ 286.400603][ T9037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 286.411936][ T9030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 287.001522][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 287.009100][ T9042] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 287.010444][ T9042] dvmrp1: linktype set to 1 [ 287.229094][ T9040] binder: 9039:9040 got reply transaction with no transaction stack [ 287.231988][ T9040] binder: 9039:9040 transaction reply to 0:0 failed 78/29201/-71, size 0-0 line 3052 [ 288.356772][ T9061] netlink: 28 bytes leftover after parsing attributes in process `syz.4.706'. [ 288.730795][ T9075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.745406][ T9075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.236149][ T30] audit: type=1326 audit(297.640:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9178 comm="syz.3.742" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8f59a28 code=0x0 [ 298.421028][ T9200] ./file0: Can't lookup blockdev [ 300.286696][ T9226] 9pnet_fd: Insufficient options for proto=fd [ 300.531873][ T9237] xt_hashlimit: size too large, truncated to 1048576 [ 301.771095][ T9254] serio: Serial port ptm0 [ 302.685720][ T9270] overlayfs: failed to clone upperpath [ 302.721984][ T9269] netlink: 'syz.4.768': attribute type 9 has an invalid length. [ 302.731711][ T9269] bond_slave_0: entered promiscuous mode [ 302.733071][ T9269] bond_slave_1: entered promiscuous mode [ 302.734877][ T9269] macvlan2: entered promiscuous mode [ 302.751661][ T9269] bond0: entered promiscuous mode [ 302.753977][ T9269] macvlan2: entered allmulticast mode [ 303.246098][ T9267] 9pnet_fd: Insufficient options for proto=fd [ 303.248172][ T9269] bond0: entered allmulticast mode [ 303.249525][ T9269] bond_slave_0: entered allmulticast mode [ 303.619459][ T9269] bond_slave_1: entered allmulticast mode [ 303.621499][ T9269] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 304.492139][ T9294] netlink: 'syz.2.776': attribute type 3 has an invalid length. [ 304.493795][ T9294] netlink: 'syz.2.776': attribute type 1 has an invalid length. [ 304.495325][ T9294] netlink: 'syz.2.776': attribute type 1 has an invalid length. [ 305.634873][ T9312] Injecting memory failure for pfn 0x133ac9 at process virtual address 0x20ffe000 [ 306.236539][ T9312] Memory failure: 0x133ac9: recovery action for clean LRU page: Recovered [ 306.238713][ T9312] Injecting memory failure for pfn 0x13281b at process virtual address 0x20fff000 [ 306.376094][ T9312] Memory failure: 0x13281b: recovery action for clean LRU page: Recovered [ 307.365208][ T9333] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 309.804413][ T9360] ./file0: Can't lookup blockdev [ 311.065930][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 311.668131][ T9377] netlink: 'syz.1.799': attribute type 8 has an invalid length. [ 315.226572][ T6429] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 315.620427][ T9406] binder: 9405:9406 got reply transaction with no transaction stack [ 315.622060][ T9406] binder: 9405:9406 transaction reply to 0:0 failed 79/29201/-71, size 0-0 line 3052 [ 315.624952][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 317.286047][ T9459] dccp_invalid_packet: invalid packet type [ 320.028430][ T9495] netlink: 'syz.0.836': attribute type 1 has an invalid length. [ 320.030044][ T9495] netlink: 20 bytes leftover after parsing attributes in process `syz.0.836'. [ 320.082360][ T9490] netlink: 148 bytes leftover after parsing attributes in process `syz.0.836'. [ 320.107301][ T9490] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 321.246206][ T9507] ipt_ECN: cannot use operation on non-tcp rule [ 322.122813][ T9507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.840'. [ 322.218329][ T9524] dccp_invalid_packet: invalid packet type [ 323.181010][ T9533] vxcan1: tx address claim with dlc 1 [ 324.689707][ T30] audit: type=1326 audit(324.670:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9562 comm="syz.4.859" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 325.234948][ T9570] binder: tried to use weak ref as strong ref [ 325.237231][ T9570] binder: 9569:9570 Acquire 1 refcount change on invalid ref 0 ret -22 [ 325.268111][ T9570] binder: 9569:9570 got transaction to invalid handle, 1 [ 325.269594][ T9570] binder: 9570:9569 cannot find target node [ 325.271013][ T9570] binder: 9569:9570 transaction call to 0:0 failed 82/29201/-22, size 120-24 line 3151 [ 325.313873][ T9572] dccp_invalid_packet: invalid packet type [ 325.943833][ T6434] binder: undelivered TRANSACTION_ERROR: 29201 [ 327.665628][ T9612] dccp_invalid_packet: P.Data Offset(224) too large [ 327.936678][ T9615] binder: tried to use weak ref as strong ref [ 327.939272][ T9615] binder: 9614:9615 Acquire 1 refcount change on invalid ref 0 ret -22 [ 327.996186][ T9615] binder: 9614:9615 got transaction to invalid handle, 1 [ 327.997723][ T9615] binder: 9615:9614 cannot find target node [ 327.999117][ T9615] binder: 9614:9615 transaction call to 0:0 failed 85/29201/-22, size 120-24 line 3151 [ 328.008516][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 328.186260][ T9620] overlayfs: failed to resolve './file0': -2 [ 328.384612][ T9627] dccp_invalid_packet: P.Data Offset(224) too large [ 328.457447][ T9635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 328.471011][ T9635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 330.284349][ T9652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.286700][ T9652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.301473][ T9658] binder: tried to use weak ref as strong ref [ 330.302977][ T9658] binder: 9657:9658 Acquire 1 refcount change on invalid ref 0 ret -22 [ 330.316537][ T9658] binder: 9657:9658 got transaction to invalid handle, 1 [ 330.318029][ T9658] binder: 9658:9657 cannot find target node [ 330.319501][ T9658] binder: 9657:9658 transaction call to 0:0 failed 88/29201/-22, size 120-24 line 3151 [ 330.324505][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 330.657418][ T9672] dccp_invalid_packet: P.Data Offset(224) too large [ 331.126612][ T9690] binder: tried to use weak ref as strong ref [ 331.128051][ T9690] binder: 9689:9690 Acquire 1 refcount change on invalid ref 0 ret -22 [ 331.141994][ T9690] binder: 9689:9690 got transaction to invalid handle, 1 [ 331.144450][ T9690] binder: 9690:9689 cannot find target node [ 331.146910][ T9690] binder: 9689:9690 transaction call to 0:0 failed 91/29201/-22, size 120-24 line 3151 [ 331.151244][ T6550] binder: undelivered TRANSACTION_ERROR: 29201 [ 331.184682][ T9693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.201171][ T9693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.551910][ T9697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.902'. [ 331.628723][ T9699] 9pnet_fd: Insufficient options for proto=fd [ 332.878312][ T9722] dccp_invalid_packet: P.Data Offset(224) too large [ 333.512987][ T30] audit: type=1326 audit(333.480:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9729 comm="syz.0.916" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8959a28 code=0x0 [ 334.211257][ T9749] binder: tried to use weak ref as strong ref [ 334.212722][ T9749] binder: 9748:9749 Acquire 1 refcount change on invalid ref 0 ret -22 [ 334.264168][ T9749] binder: 9748:9749 got transaction to invalid handle, 1 [ 334.270455][ T9749] binder: 9749:9748 cannot find target node [ 334.271675][ T9749] binder: 9748:9749 transaction call to 0:0 failed 94/29201/-22, size 120-24 line 3151 [ 334.286559][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 334.830936][ T9772] x_tables: duplicate underflow at hook 1 [ 334.962646][ T9776] dccp_invalid_packet: P.Data Offset(224) too large [ 334.995205][ T9717] netlink: 40 bytes leftover after parsing attributes in process `syz.2.911'. [ 335.163964][ T9786] netlink: 12 bytes leftover after parsing attributes in process `syz.3.934'. [ 335.411880][ T9789] binder: tried to use weak ref as strong ref [ 335.415402][ T9789] binder: 9788:9789 Acquire 1 refcount change on invalid ref 0 ret -22 [ 335.484377][ T9789] binder: 9788:9789 got transaction to invalid handle, 1 [ 335.491448][ T9789] binder: 9789:9788 cannot find target node [ 335.493827][ T9789] binder: 9788:9789 transaction call to 0:0 failed 98/29201/-22, size 120-24 line 3151 [ 335.508840][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 336.815715][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 337.206310][ T9828] binder: tried to use weak ref as strong ref [ 337.207642][ T9828] binder: 9827:9828 Acquire 1 refcount change on invalid ref 0 ret -22 [ 337.240141][ T9828] binder: 9827:9828 got transaction to invalid handle, 1 [ 337.241665][ T9828] binder: 9828:9827 cannot find target node [ 337.242824][ T9828] binder: 9827:9828 transaction call to 0:0 failed 101/29201/-22, size 120-24 line 3151 [ 337.256542][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 337.323306][ T9838] netlink: 'syz.4.952': attribute type 8 has an invalid length. [ 339.943875][ T9870] binder: tried to use weak ref as strong ref [ 339.945117][ T9870] binder: 9869:9870 Acquire 1 refcount change on invalid ref 0 ret -22 [ 340.001722][ T9870] binder: 9869:9870 got transaction to invalid handle, 1 [ 340.003247][ T9870] binder: 9870:9869 cannot find target node [ 340.004447][ T9870] binder: 9869:9870 transaction call to 0:0 failed 104/29201/-22, size 120-24 line 3151 [ 340.020771][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 341.372564][ T9885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.967'. [ 342.001375][ T9893] binder: 9891:9893 got reply transaction with no transaction stack [ 342.003020][ T9893] binder: 9891:9893 transaction reply to 0:0 failed 105/29201/-71, size 0-0 line 3052 [ 342.143264][ T9900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 342.154417][ T9900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 342.206080][ T9898] binder: 9897:9898 got transaction to invalid handle, 1 [ 342.207740][ T9898] binder: 9898:9897 cannot find target node [ 342.208984][ T9898] binder: 9897:9898 transaction call to 0:0 failed 108/29201/-22, size 120-24 line 3151 [ 342.218186][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 342.246361][ T9905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.971'. [ 342.248141][ T9905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.971'. [ 342.254466][ T9905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.971'. [ 342.262776][ T9905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.971'. [ 342.772392][ T9916] netlink: 48 bytes leftover after parsing attributes in process `syz.0.978'. [ 343.033390][ T9922] netlink: 104 bytes leftover after parsing attributes in process `syz.0.979'. [ 343.059865][ T9924] binder: 9923:9924 ioctl c0306201 0 returned -14 [ 343.064339][ T9924] binder: 9923:9924 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 343.075001][ T9924] binder: 9924 RLIMIT_NICE not set [ 343.081670][ T9924] binder: 9923:9924 ioctl c0306201 20000240 returned -11 [ 343.112595][ T9922] sp0: Synchronizing with TNC [ 343.431519][ T9938] binder: tried to use weak ref as strong ref [ 343.432832][ T9938] binder: 9937:9938 Acquire 1 refcount change on invalid ref 0 ret -22 [ 343.477625][ T9938] binder: 9937:9938 got transaction to invalid handle, 1 [ 343.481350][ T9938] binder: 9938:9937 cannot find target node [ 343.483618][ T9938] binder: 9937:9938 transaction call to 0:0 failed 111/29201/-22, size 120-24 line 3151 [ 343.496617][ T6500] binder: undelivered TRANSACTION_ERROR: 29201 [ 344.600682][ T9952] binder: 9951:9952 ioctl c0306201 0 returned -14 [ 344.602247][ T9952] binder: 9951:9952 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 344.604887][ T9952] binder: 9952 RLIMIT_NICE not set [ 344.605907][ T9952] binder: 9951:9952 ioctl c0306201 20000240 returned -11 [ 344.746559][ T9958] netlink: 12 bytes leftover after parsing attributes in process `syz.4.994'. [ 344.940995][ T9965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.997'. [ 345.597937][ T9970] binder: tried to use weak ref as strong ref [ 345.640515][ T9970] binder: 9970:9966 cannot find target node [ 345.641904][ T9970] binder: 9966:9970 transaction call to 0:0 failed 114/29201/-22, size 120-24 line 3151 [ 345.699092][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 345.854463][ T9983] binder: 9982:9983 ioctl c0306201 0 returned -14 [ 345.866564][ T9983] binder: 9982:9983 ioctl c0306201 20000240 returned -11 [ 345.915704][ T9986] netlink: 'syz.0.1004': attribute type 8 has an invalid length. [ 347.126653][T10016] netlink: 'syz.4.1002': attribute type 10 has an invalid length. [ 348.363180][ T30] audit: type=1326 audit(348.340:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10031 comm="syz.4.1021" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 349.018186][T10045] input: syz0 as /devices/virtual/input/input3 [ 351.000436][T10067] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 351.004156][T10067] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 351.997048][ T30] audit: type=1326 audit(351.380:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10078 comm="syz.3.1036" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8f59a28 code=0x0 [ 352.762741][T10094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 353.040540][ T30] audit: type=1326 audit(352.960:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.3.1039" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8f59a28 code=0x0 [ 353.500964][T10094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 353.936986][ T30] audit: type=1326 audit(353.920:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.4.1042" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 354.486743][T10114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.641616][T10120] sctp: [Deprecated]: syz.1.1044 (pid 10120) Use of struct sctp_assoc_value in delayed_ack socket option. [ 354.641616][T10120] Use struct sctp_sack_info instead [ 354.646584][T10120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.705650][ T30] audit: type=1326 audit(355.680:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10129 comm="syz.4.1049" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 357.395191][T10143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1053'. [ 357.398146][T10143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1053'. [ 357.417538][T10143] geneve2: entered promiscuous mode [ 357.418740][T10143] geneve2: entered allmulticast mode [ 357.593957][T10161] binder_user_error: 4 callbacks suppressed [ 357.593973][T10161] binder: tried to use weak ref as strong ref [ 357.596835][T10161] binder: 10160:10161 Acquire 1 refcount change on invalid ref 0 ret -22 [ 357.628006][T10161] binder: 10160:10161 got transaction to invalid handle, 1 [ 357.629608][T10161] binder: 10161:10160 cannot find target node [ 357.630908][T10161] binder: 10160:10161 transaction call to 0:0 failed 117/29201/-22, size 120-24 line 3151 [ 357.651568][ T6434] binder: undelivered TRANSACTION_ERROR: 29201 [ 358.326494][T10175] dccp_invalid_packet: invalid packet type [ 359.072077][ T30] audit: type=1326 audit(358.460:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10171 comm="syz.4.1061" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 359.793508][T10192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1068'. [ 359.800080][T10192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1068'. [ 359.804672][T10192] : renamed from hsr_slave_0 (while UP) [ 360.169950][ T30] audit: type=1326 audit(360.110:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10215 comm="syz.1.1077" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x0 [ 361.351765][T10230] ./file0: Can't lookup blockdev [ 361.489934][T10238] binder: tried to use weak ref as strong ref [ 361.491322][T10238] binder: 10229:10238 Acquire 1 refcount change on invalid ref 0 ret -22 [ 361.503830][T10238] binder: 10229:10238 got transaction to invalid handle, 1 [ 361.505438][T10238] binder: 10238:10229 cannot find target node [ 361.507570][T10238] binder: 10229:10238 transaction call to 0:0 failed 120/29201/-22, size 120-24 line 3151 [ 361.512359][ T25] binder: undelivered TRANSACTION_ERROR: 29201 [ 363.576549][ T30] audit: type=1326 audit(363.500:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10258 comm="syz.3.1091" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8f59a28 code=0x0 [ 365.090441][T10287] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1098'. [ 365.092396][T10287] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1098'. [ 367.067040][ T6429] Bluetooth: hci2: command 0x0406 tx timeout [ 367.396061][T10330] binder: 10328:10330 got transaction to invalid handle, 1 [ 367.397828][T10330] binder: 10330:10328 cannot find target node [ 367.399027][T10330] binder: 10328:10330 transaction call to 0:0 failed 123/29201/-22, size 120-24 line 3151 [ 367.415713][ T6434] binder: undelivered TRANSACTION_ERROR: 29201 [ 367.520213][T10335] overlayfs: failed to clone upperpath [ 367.520398][T10299] netlink: 'syz.1.1101': attribute type 29 has an invalid length. [ 367.523117][T10299] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1101'. [ 367.526584][T10299] netlink: 'syz.1.1101': attribute type 29 has an invalid length. [ 367.528125][T10299] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1101'. [ 367.739474][T10342] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1114'. [ 367.761315][T10344] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1115'. [ 367.967006][T10344] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 368.872835][T10357] overlayfs: failed to clone upperpath [ 368.904160][T10363] netlink: 'syz.0.1121': attribute type 8 has an invalid length. [ 368.951142][T10365] binder: tried to use weak ref as strong ref [ 368.952489][T10365] binder: 10364:10365 Acquire 1 refcount change on invalid ref 0 ret -22 [ 368.990271][T10365] binder: 10364:10365 got transaction to invalid handle, 1 [ 368.992294][T10365] binder: 10365:10364 cannot find target node [ 368.993609][T10365] binder: 10364:10365 transaction call to 0:0 failed 126/29201/-22, size 120-24 line 3151 [ 368.999005][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 369.287030][T10373] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1126'. [ 369.416574][T10381] tmpfs: Bad value for 'mpol' [ 369.490529][T10386] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.505233][T10386] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.666245][T10392] binder: tried to use weak ref as strong ref [ 369.667523][T10392] binder: 10391:10392 Acquire 1 refcount change on invalid ref 0 ret -22 [ 369.715157][T10392] binder: 10391:10392 got transaction to invalid handle, 1 [ 369.722060][T10392] binder: 10392:10391 cannot find target node [ 369.723435][T10392] binder: 10391:10392 transaction call to 0:0 failed 129/29201/-22, size 120-24 line 3151 [ 369.734895][ T6434] binder: undelivered TRANSACTION_ERROR: 29201 [ 370.874597][T10422] dccp_invalid_packet: invalid packet type [ 371.735934][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 371.864680][T10431] binder: tried to use weak ref as strong ref [ 372.528039][T10431] binder: 10430:10431 Acquire 1 refcount change on invalid ref 0 ret -22 [ 372.545258][ T30] audit: type=1326 audit(371.930:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10427 comm="syz.4.1146" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 372.553240][T10431] binder: 10430:10431 got transaction to invalid handle, 1 [ 372.554859][T10431] binder: 10431:10430 cannot find target node [ 372.557281][T10431] binder: 10430:10431 transaction call to 0:0 failed 132/29201/-22, size 120-24 line 3151 [ 372.579009][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 375.049083][T10475] FAULT_INJECTION: forcing a failure. [ 375.049083][T10475] name failslab, interval 1, probability 0, space 0, times 0 [ 375.054458][T10476] binder: tried to use weak ref as strong ref [ 375.059031][T10475] CPU: 0 UID: 0 PID: 10475 Comm: syz.1.1160 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 375.061018][T10475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 375.063106][T10475] Call trace: [ 375.063838][T10475] show_stack+0x2c/0x3c (C) [ 375.064839][T10475] dump_stack_lvl+0xe4/0x150 [ 375.065812][T10475] dump_stack+0x1c/0x28 [ 375.066751][T10475] should_fail_ex+0x3b0/0x50c [ 375.067745][T10475] should_failslab+0xc8/0x130 [ 375.068822][T10475] __kmalloc_noprof+0xf4/0x54c [ 375.070032][T10475] tomoyo_realpath_from_path+0xc8/0x4cc [ 375.071270][T10475] tomoyo_path_number_perm+0x1ec/0x6a8 [ 375.072357][T10475] tomoyo_file_ioctl+0x2c/0x3c [ 375.073378][T10475] security_file_ioctl+0xe8/0x2f0 [ 375.074388][T10475] __arm64_sys_ioctl+0xa8/0x1cc [ 375.075363][T10475] invoke_syscall+0x98/0x2b8 [ 375.076368][T10475] el0_svc_common+0x130/0x23c [ 375.077298][T10475] do_el0_svc+0x48/0x58 [ 375.078167][T10475] el0_svc+0x54/0x168 [ 375.079068][T10475] el0t_64_sync_handler+0x84/0x108 [ 375.080252][T10475] el0t_64_sync+0x198/0x19c [ 375.774523][T10476] binder: 10474:10476 Acquire 1 refcount change on invalid ref 0 ret -22 [ 375.777136][T10475] ERROR: Out of memory at tomoyo_realpath_from_path. [ 375.778647][T10475] binder: 10471:10475 got reply transaction with no transaction stack [ 375.780310][T10475] binder: 10471:10475 transaction reply to 0:0 failed 135/29201/-71, size 0-0 line 3052 [ 375.787335][T10475] binder: 10471:10475 ioctl c0306201 0 returned -14 [ 375.794157][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 375.810907][T10476] binder: 10474:10476 got transaction to invalid handle, 1 [ 375.812465][T10476] binder: 10476:10474 cannot find target node [ 375.823943][T10476] binder: 10474:10476 transaction call to 0:0 failed 136/29201/-22, size 120-24 line 3151 [ 375.860964][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 378.859907][ T30] audit: type=1326 audit(378.820:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10484 comm="syz.2.1165" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d559a28 code=0x0 [ 381.256165][T10532] binder: tried to use weak ref as strong ref [ 381.257491][T10532] binder: 10531:10532 Acquire 1 refcount change on invalid ref 0 ret -22 [ 381.269157][T10532] binder: 10531:10532 got transaction to invalid handle, 1 [ 381.270728][T10532] binder: 10532:10531 cannot find target node [ 381.272078][T10532] binder: 10531:10532 transaction call to 0:0 failed 139/29201/-22, size 120-24 line 3151 [ 381.285182][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 381.301820][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.303519][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.305033][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.310351][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.312032][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.395633][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.397197][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.398765][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.400205][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.401817][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.403295][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.404803][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.409858][T10536] netlink: 'syz.4.1176': attribute type 3 has an invalid length. [ 381.414179][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.545459][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.547571][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 381.549222][ T8] hid-generic 0000:0000:0000.0001: item fetching failed at offset 28/32 [ 381.551157][ T8] hid-generic 0000:0000:0000.0001: probe with driver hid-generic failed with error -22 [ 382.225751][T10539] Bluetooth: MGMT ver 1.23 [ 382.377998][T10539] binder: 10538:10539 BC_INCREFS_DONE u0000000000000003 no match [ 382.379711][T10539] binder: 10538:10539 ioctl c0306201 20000480 returned -14 [ 384.960559][T10566] binder: tried to use weak ref as strong ref [ 384.962210][T10566] binder: 10565:10566 Acquire 1 refcount change on invalid ref 0 ret -22 [ 384.975093][T10566] binder: 10565:10566 got transaction to invalid handle, 1 [ 384.977107][T10566] binder: 10566:10565 cannot find target node [ 384.977173][T10568] batman_adv: batadv0: Interface deactivated: wlan0 [ 384.978602][T10566] binder: 10565:10566 transaction call to 0:0 failed 142/29201/-22, size 120-24 line 3151 [ 384.987420][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 385.081332][ T30] audit: type=1326 audit(385.060:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10570 comm="syz.2.1187" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d559a28 code=0x0 [ 386.909086][T10568] batman_adv: batadv0: Removing interface: wlan0 [ 388.245749][T10598] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1193'. [ 390.236757][T10629] FAULT_INJECTION: forcing a failure. [ 390.236757][T10629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 390.239533][T10629] CPU: 1 UID: 0 PID: 10629 Comm: syz.4.1204 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 390.239593][ T30] audit: type=1326 audit(389.610:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10620 comm="syz.0.1202" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8959a28 code=0x0 [ 390.241724][T10629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 390.247973][T10629] Call trace: [ 390.248657][T10629] show_stack+0x2c/0x3c (C) [ 390.249616][T10629] dump_stack_lvl+0xe4/0x150 [ 390.250604][T10629] dump_stack+0x1c/0x28 [ 390.251474][T10629] should_fail_ex+0x3b0/0x50c [ 390.252411][T10629] should_fail+0x14/0x24 [ 390.253342][T10629] should_fail_usercopy+0x20/0x30 [ 390.254402][T10629] sctp_setsockopt+0xd4/0xfdc [ 390.255380][T10629] sock_common_setsockopt+0xb0/0xcc [ 390.256450][T10629] do_sock_setsockopt+0x2a0/0x4e0 [ 390.257549][T10629] __arm64_sys_setsockopt+0x170/0x1e0 [ 390.258790][T10629] invoke_syscall+0x98/0x2b8 [ 390.259731][T10629] el0_svc_common+0x130/0x23c [ 390.260714][T10629] do_el0_svc+0x48/0x58 [ 390.261675][T10629] el0_svc+0x54/0x168 [ 390.262551][T10629] el0t_64_sync_handler+0x84/0x108 [ 390.263568][T10629] el0t_64_sync+0x198/0x19c [ 390.413014][T10632] overlayfs: failed to clone upperpath [ 390.992657][T10634] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1205'. [ 393.283342][T10661] binder: tried to use weak ref as strong ref [ 393.284570][T10661] binder: 10660:10661 Acquire 1 refcount change on invalid ref 0 ret -22 [ 393.366938][T10661] binder: 10660:10661 got transaction to invalid handle, 1 [ 393.378062][T10661] binder: 10661:10660 cannot find target node [ 393.379464][T10661] binder: 10660:10661 transaction call to 0:0 failed 145/29201/-22, size 120-24 line 3151 [ 393.396642][ T6475] binder: undelivered TRANSACTION_ERROR: 29201 [ 394.935461][ T30] audit: type=1326 audit(394.310:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10670 comm="syz.1.1215" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x0 [ 397.924309][T10738] binder: tried to use weak ref as strong ref [ 397.925719][T10738] binder: 10737:10738 Acquire 1 refcount change on invalid ref 0 ret -22 [ 397.938156][T10738] binder: 10737:10738 got transaction to invalid handle, 1 [ 397.939853][T10738] binder: 10738:10737 cannot find target node [ 397.941041][T10738] binder: 10737:10738 transaction call to 0:0 failed 148/29201/-22, size 120-24 line 3151 [ 397.945161][ T25] binder: undelivered TRANSACTION_ERROR: 29201 [ 400.773131][T10764] input: syz1 as /devices/virtual/input/input5 [ 401.091737][T10780] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1246'. [ 401.451396][T10788] overlayfs: failed to clone upperpath [ 402.984470][T10792] FAULT_INJECTION: forcing a failure. [ 402.984470][T10792] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 402.987406][T10792] CPU: 1 UID: 0 PID: 10792 Comm: syz.3.1251 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 402.989523][T10792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 402.991428][T10792] Call trace: [ 402.992215][T10792] show_stack+0x2c/0x3c (C) [ 402.993087][T10792] dump_stack_lvl+0xe4/0x150 [ 402.994119][T10792] dump_stack+0x1c/0x28 [ 402.994993][T10792] should_fail_ex+0x3b0/0x50c [ 402.995978][T10792] should_fail+0x14/0x24 [ 402.996848][T10792] should_fail_usercopy+0x20/0x30 [ 402.997934][T10792] _copy_from_iter+0x1a0/0x16fc [ 402.998964][T10792] copy_page_from_iter+0x17c/0x234 [ 403.000129][T10792] tun_get_user+0x2f14/0x4608 [ 403.001108][T10792] tun_chr_write_iter+0xfc/0x204 [ 403.002132][T10792] vfs_write+0x920/0xcf4 [ 403.003008][T10792] ksys_write+0x15c/0x26c [ 403.003961][T10792] __arm64_sys_write+0x7c/0x90 [ 403.005080][T10792] invoke_syscall+0x98/0x2b8 [ 403.006121][T10792] el0_svc_common+0x130/0x23c [ 403.007107][T10792] do_el0_svc+0x48/0x58 [ 403.007923][T10792] el0_svc+0x54/0x168 [ 403.008709][T10792] el0t_64_sync_handler+0x84/0x108 [ 403.009950][T10792] el0t_64_sync+0x198/0x19c [ 403.264615][T10802] ./file0: Can't lookup blockdev [ 407.367441][T10833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1260'. [ 407.369420][T10833] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1260'. [ 407.371157][T10833] netlink: 'syz.3.1260': attribute type 15 has an invalid length. [ 407.489012][T10839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1260'. [ 407.787478][T10837] netlink: 'syz.4.1262': attribute type 2 has an invalid length. [ 408.055719][T10829] netlink: 'syz.1.1259': attribute type 11 has an invalid length. [ 408.063674][T10829] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1259'. [ 408.319474][T10852] binder: tried to use weak ref as strong ref [ 408.320833][T10852] binder: 10849:10852 Acquire 1 refcount change on invalid ref 0 ret -22 [ 409.190414][T10852] binder: 10849:10852 got transaction to invalid handle, 1 [ 409.192038][T10852] binder: 10852:10849 cannot find target node [ 409.193441][T10852] binder: 10849:10852 transaction call to 0:0 failed 151/29201/-22, size 120-24 line 3151 [ 409.350590][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 410.401991][T10867] overlayfs: failed to clone upperpath [ 412.274691][T10905] overlayfs: failed to clone upperpath [ 412.898295][T10911] netlink: 'syz.2.1287': attribute type 3 has an invalid length. [ 415.992704][T10959] ./file0: Can't lookup blockdev [ 416.129691][T10961] overlayfs: failed to resolve './file2': -2 [ 417.533729][T10960] input: syz0 as /devices/virtual/input/input6 [ 418.358065][T10973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 418.368910][T10973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.018683][T10991] netlink: 'syz.1.1306': attribute type 2 has an invalid length. [ 419.198541][T10999] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1308'. [ 419.438191][T11003] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1311'. [ 419.644223][T11008] netlink: 'syz.0.1312': attribute type 1 has an invalid length. [ 419.646007][T11008] netlink: 127868 bytes leftover after parsing attributes in process `syz.0.1312'. [ 419.845950][T11013] dccp_invalid_packet: P.Data Offset(224) too large [ 420.566073][T11021] dccp_invalid_packet: invalid packet type [ 420.703114][T11025] ./file0: Can't lookup blockdev [ 422.498186][T11042] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 422.503821][T11042] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1321'. [ 422.979887][T11051] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1323'. [ 425.298089][T11066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 425.323673][T11066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 426.318322][T11074] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 426.601590][T11084] dccp_invalid_packet: invalid packet type [ 429.814696][T11121] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1337'. [ 430.676876][T11133] process 'syz.1.1344' launched '/dev/fd/8' with NULL argv: empty string added [ 431.105919][ T30] audit: type=1326 audit(431.060:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11131 comm="syz.0.1347" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8959a28 code=0x0 [ 431.471652][T11149] nfs: Unknown parameter 'ntext' [ 431.580077][T11158] netlink: 'syz.1.1355': attribute type 8 has an invalid length. [ 431.684853][T11159] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1356'. [ 431.709289][T11164] netlink: 'syz.4.1358': attribute type 3 has an invalid length. [ 433.138074][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 434.186495][T11177] overlayfs: failed to resolve './file0': -2 [ 434.379769][ T6429] block nbd0: Receive control failed (result -32) [ 434.387565][T11177] block nbd0: shutting down sockets [ 436.370922][T11218] netlink: 'syz.0.1373': attribute type 8 has an invalid length. [ 438.133732][T11233] mmap: syz.4.1376 (11233) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 438.937066][T11279] tmpfs: Bad value for 'mpol' [ 439.006677][T11278] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.167028][T11335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1409'. [ 442.194226][T11335] netlink: 'syz.1.1409': attribute type 1 has an invalid length. [ 442.483073][T11348] tipc: Enabling of bearer rejected, failed to enable media [ 445.882024][T11396] MPI: mpi too large (187712 bits) [ 445.979928][T11402] overlayfs: missing 'lowerdir' [ 446.506478][T11403] nfs: Unknown parameter '+^{' [ 446.654693][T11413] netlink: 'syz.2.1434': attribute type 3 has an invalid length. [ 448.198817][T11441] input input8: cannot allocate more than FF_MAX_EFFECTS effects [ 448.805388][T11450] 9pnet_fd: Insufficient options for proto=fd [ 453.492518][ T30] audit: type=1326 audit(453.220:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8959a28 code=0x7fc00000 [ 455.016893][T11526] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 455.337511][T11545] overlayfs: missing 'lowerdir' [ 455.923057][T11540] overlayfs: fs on './file0/../file0' does not support file handles, falling back to index=off,nfs_export=off. [ 455.925873][T11540] overlayfs: fs on './file0/../file0' does not support file handles, falling back to xino=off. [ 458.037469][T11578] ./file0: Can't lookup blockdev [ 458.993948][T11586] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1481'. [ 459.136728][T11593] mkiss: ax0: crc mode is auto. [ 459.217035][T11602] ./file0: Can't lookup blockdev [ 460.825460][T11630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.398000][T11630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.509667][T11640] ./file0: Can't lookup blockdev [ 462.411755][T11659] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1504'. [ 463.619575][T11680] overlayfs: missing 'lowerdir' [ 464.336282][T11685] overlayfs: missing 'lowerdir' [ 466.582654][T11711] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1515'. [ 466.595386][T11710] netlink: 'syz.4.1517': attribute type 3 has an invalid length. [ 469.127448][T11748] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1529'. [ 469.304042][T11754] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1532'. [ 471.088863][T11775] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1536'. [ 471.098810][T11775] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1536'. [ 471.158650][T11771] syz_tun: entered promiscuous mode [ 471.196126][T11771] batadv_slave_0: entered promiscuous mode [ 471.450279][T11771] hsr1: entered allmulticast mode [ 471.479976][T11771] syz_tun: entered allmulticast mode [ 471.521438][T11771] batadv_slave_0: entered allmulticast mode [ 471.790525][T11778] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1538'. [ 472.091704][T11792] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1543'. [ 473.727071][T11818] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 473.728833][T11818] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 473.731146][T11818] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 474.685146][T11817] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1552'. [ 474.781924][T11781] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1539'. [ 474.903286][T11828] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1556'. [ 476.279062][T11855] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 476.281035][T11855] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 476.283507][T11855] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 479.288320][T11913] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 479.290302][T11913] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 479.292878][T11913] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 479.845796][T11921] IPVS: Unknown mcast interface: pimreg1 [ 479.869280][T11916] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1582'. [ 479.871020][T11916] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1582'. [ 481.599912][T11964] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 481.602096][T11964] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 481.604729][T11964] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 482.322443][T11969] ./file0: Can't lookup blockdev [ 483.873067][T11983] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1604'. [ 484.173307][T11989] ./file0: Can't lookup blockdev [ 485.178818][T12013] binder: 12012:12013 got reply transaction with no transaction stack [ 485.180598][T12013] binder: 12012:12013 transaction reply to 0:0 failed 152/29201/-71, size 0-0 line 3052 [ 485.393916][T12020] overlayfs: missing 'lowerdir' [ 486.282736][T12024] Soft offlining pfn 0x1a90ac at process virtual address 0x20ffd000 [ 486.299658][T12013] binder: 12012:12013 ioctl c0306201 0 returned -14 [ 486.399533][T12024] Memory failure: 0x1a90ac: unhandlable page. [ 486.460569][ T6550] binder: undelivered TRANSACTION_ERROR: 29201 [ 488.423874][T12060] ./file0: Can't lookup blockdev [ 488.429003][ T30] audit: type=1326 audit(488.410:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12061 comm="syz.1.1626" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x0 [ 488.885229][T12072] overlayfs: missing 'lowerdir' [ 492.212785][T12107] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1638'. [ 492.290153][ T5996] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 492.294933][ T5996] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 492.465816][T12111] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 493.067120][T12124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 493.222974][T12131] FAULT_INJECTION: forcing a failure. [ 493.222974][T12131] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 493.233772][T12131] CPU: 0 UID: 0 PID: 12131 Comm: syz.4.1645 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 493.235853][T12131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 493.237808][T12131] Call trace: [ 493.238472][T12131] show_stack+0x2c/0x3c (C) [ 493.239444][T12131] dump_stack_lvl+0xe4/0x150 [ 493.240432][T12131] dump_stack+0x1c/0x28 [ 493.241235][T12131] should_fail_ex+0x3b0/0x50c [ 493.242235][T12131] should_fail+0x14/0x24 [ 493.243106][T12131] should_fail_usercopy+0x20/0x30 [ 493.244127][T12131] get_timespec64+0xa4/0x2d4 [ 493.245166][T12131] __arm64_sys_ppoll+0x144/0x358 [ 493.246261][T12131] invoke_syscall+0x98/0x2b8 [ 493.247264][T12131] el0_svc_common+0x130/0x23c [ 493.248237][T12131] do_el0_svc+0x48/0x58 [ 493.249150][T12131] el0_svc+0x54/0x168 [ 493.250015][T12131] el0t_64_sync_handler+0x84/0x108 [ 493.251031][T12131] el0t_64_sync+0x198/0x19c [ 494.700366][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 495.525140][T12183] netlink: 'syz.3.1661': attribute type 8 has an invalid length. [ 497.540643][T12222] binder: 12220:12222 got reply transaction with no transaction stack [ 497.542737][T12222] binder: 12220:12222 transaction reply to 0:0 failed 153/29201/-71, size 0-0 line 3052 [ 497.553292][T12222] binder: 12220:12222 ioctl c0306201 0 returned -14 [ 497.555001][T12222] binder: 12220:12222 ioctl f503 0 returned -22 [ 497.561629][T11523] binder: undelivered TRANSACTION_ERROR: 29201 [ 497.615490][T12224] input input10: cannot allocate more than FF_MAX_EFFECTS effects [ 497.631285][T12224] 9pnet_fd: Insufficient options for proto=fd [ 497.772682][T12235] binder: 12234:12235 got transaction to invalid handle, 1 [ 497.774255][T12235] binder: 12235:12234 cannot find target node [ 497.775440][T12235] binder: 12234:12235 transaction call to 0:0 failed 154/29201/-22, size 0-0 line 3151 [ 498.740375][T11523] binder: undelivered TRANSACTION_ERROR: 29201 [ 499.578689][T12273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1696'. [ 499.580570][T12273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1696'. [ 499.584170][T12273] geneve2: entered promiscuous mode [ 499.585318][T12273] geneve2: entered allmulticast mode [ 499.748532][T12282] netlink: 'syz.3.1700': attribute type 3 has an invalid length. [ 499.750058][T12282] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1700'. [ 499.987086][T12289] netlink: 432 bytes leftover after parsing attributes in process `syz.0.1703'. [ 501.119990][T12312] overlayfs: missing 'workdir' [ 501.735813][T11523] IPVS: starting estimator thread 0... [ 501.820129][ C1] dccp_invalid_packet: invalid packet type [ 501.953205][T12316] IPVS: using max 34 ests per chain, 81600 per kthread [ 503.889897][ T30] audit: type=1326 audit(503.870:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12357 comm="syz.4.1724" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 503.970696][T12362] overlayfs: missing 'workdir' [ 504.450768][ T30] audit: type=1326 audit(504.430:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12357 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x7fc00000 [ 504.523914][T12368] dccp_invalid_packet: invalid packet type [ 507.131872][T12414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1736'. [ 507.551014][T12420] input input11: cannot allocate more than FF_MAX_EFFECTS effects [ 507.785060][T12422] 9pnet_fd: Insufficient options for proto=fd [ 508.576787][T12400] overlayfs: failed to resolve './file0/../file0': -2 [ 508.689374][T12434] dccp_invalid_packet: invalid packet type [ 509.488058][ T30] audit: type=1326 audit(509.470:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12441 comm="syz.3.1747" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8f59a28 code=0x0 [ 512.537998][T12480] overlayfs: missing 'lowerdir' [ 518.587150][T12548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1774'. [ 518.887120][T12559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1779'. [ 521.855701][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1792'. [ 523.169839][T12614] input input12: cannot allocate more than FF_MAX_EFFECTS effects [ 523.174089][T12614] 9pnet_fd: Insufficient options for proto=fd [ 523.266261][T12616] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1794'. [ 523.545016][T12618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 523.837479][T12607] block nbd4: NBD_DISCONNECT [ 523.982891][T12626] netlink: 'syz.2.1799': attribute type 3 has an invalid length. [ 524.090734][T12630] ./file0: Can't lookup blockdev [ 524.611469][T12640] fuse: Bad value for 'fd' [ 525.619535][T12649] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 525.620897][T12649] dvmrp1: linktype set to 1 [ 525.622521][T12649] dvmrp1: tun_chr_ioctl cmd 1074812117 [ 525.625478][T12649] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1807'. [ 527.170307][T12668] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1810'. [ 527.260261][T12672] input input13: cannot allocate more than FF_MAX_EFFECTS effects [ 528.196650][T12680] 9pnet_fd: Insufficient options for proto=fd [ 530.645993][T12708] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1820'. [ 531.497175][T12717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1826'. [ 532.109269][T12720] netlink: 'syz.1.1829': attribute type 1 has an invalid length. [ 532.115676][T12720] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1829'. [ 533.469566][T12729] binder: 12728:12729 ioctl c0306201 20000080 returned -14 [ 533.511830][T12729] binder: BINDER_SET_CONTEXT_MGR already set [ 533.513262][T12729] binder: 12728:12729 ioctl 4018620d 20000040 returned -16 [ 533.516592][T12729] binder: 12728:12729 got transaction to invalid handle, 1 [ 533.518051][T12729] binder: 12729:12728 cannot find target node [ 533.519249][T12729] binder: 12728:12729 transaction call to 0:0 failed 157/29201/-22, size 0-0 line 3151 [ 533.595644][T12733] binder: 12728:12733 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 533.598334][T12733] binder: 12733 RLIMIT_NICE not set [ 534.166643][T11523] binder: undelivered TRANSACTION_ERROR: 29201 [ 534.282367][T12741] input input14: cannot allocate more than FF_MAX_EFFECTS effects [ 534.286648][T12741] 9pnet_fd: Insufficient options for proto=fd [ 535.151128][T12760] FAULT_INJECTION: forcing a failure. [ 535.151128][T12760] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 535.154077][T12760] CPU: 0 UID: 0 PID: 12760 Comm: syz.4.1841 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 535.156168][T12760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 535.158207][T12760] Call trace: [ 535.158846][T12760] show_stack+0x2c/0x3c (C) [ 535.159774][T12760] dump_stack_lvl+0xe4/0x150 [ 535.160804][T12760] dump_stack+0x1c/0x28 [ 535.161674][T12760] should_fail_ex+0x3b0/0x50c [ 535.162629][T12760] should_fail+0x14/0x24 [ 535.163500][T12760] should_fail_usercopy+0x20/0x30 [ 535.164561][T12760] move_addr_to_kernel+0xa0/0x26c [ 535.165525][T12760] __sys_sendto+0x204/0x4d8 [ 535.166465][T12760] __arm64_sys_sendto+0xd8/0xf8 [ 535.167432][T12760] invoke_syscall+0x98/0x2b8 [ 535.168340][T12760] el0_svc_common+0x130/0x23c [ 535.169263][T12760] do_el0_svc+0x48/0x58 [ 535.170080][T12760] el0_svc+0x54/0x168 [ 535.170872][T12760] el0t_64_sync_handler+0x84/0x108 [ 535.171861][T12760] el0t_64_sync+0x198/0x19c [ 535.401208][T12762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1838'. [ 537.797488][T12790] devpts: called with bogus options [ 537.851786][T12819] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.854992][T12817] IPVS: set_ctl: invalid protocol: 12 224.0.0.1:20000 [ 537.862614][ T6429] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 537.868027][T12819] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.934161][T12821] netlink: 'syz.2.1860': attribute type 3 has an invalid length. [ 538.616385][T12816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1856'. [ 539.162093][T12841] binder: 12840:12841 ioctl c00c6211 0 returned -14 [ 540.167393][T12841] overlayfs: failed to resolve './file0/../file0': -2 [ 541.745754][T12884] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1873'. [ 542.531900][T12895] 9pnet: p9_errstr2errno: server reported unknown error N [ 542.756068][T12888] autofs: Bad value for 'fd' [ 543.225110][T12841] syz.0.1864 (12841): drop_caches: 2 [ 543.888692][T12900] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1879'. [ 544.094867][T12900] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 544.122554][T12900] 9pnet_fd: Insufficient options for proto=fd [ 544.469899][T12934] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1887'. [ 544.987055][T12937] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1888'. [ 545.275859][T12956] input: syz0 as /devices/virtual/input/input15 [ 546.952287][T12980] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1902'. [ 547.497730][T12986] netlink: 'syz.3.1905': attribute type 7 has an invalid length. [ 548.670510][T12999] netlink: 'syz.3.1909': attribute type 8 has an invalid length. [ 550.358379][T13027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1918'. [ 550.386328][T13034] syz.1.1921 uses old SIOCAX25GETINFO [ 550.427063][T13034] netlink: 'syz.1.1921': attribute type 2 has an invalid length. [ 550.428857][T13034] netlink: 'syz.1.1921': attribute type 1 has an invalid length. [ 550.430509][T13034] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1921'. [ 551.456403][T13065] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1930'. [ 551.906283][T13090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1936'. [ 554.156023][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1948'. [ 555.356337][T13136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1952'. [ 555.885877][ T30] audit: type=1326 audit(555.860:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13131 comm="syz.3.1953" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8f59a28 code=0x0 [ 556.017813][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 556.312388][T13149] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1958'. [ 556.314476][T13149] FAULT_INJECTION: forcing a failure. [ 556.314476][T13149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 556.317878][T13149] CPU: 0 UID: 0 PID: 13149 Comm: syz.0.1958 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 556.319950][T13149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 556.322285][T13149] Call trace: [ 556.322973][T13149] show_stack+0x2c/0x3c (C) [ 556.323914][T13149] dump_stack_lvl+0xe4/0x150 [ 556.324913][T13149] dump_stack+0x1c/0x28 [ 556.325729][T13149] should_fail_ex+0x3b0/0x50c [ 556.326765][T13149] should_fail+0x14/0x24 [ 556.327662][T13149] should_fail_usercopy+0x20/0x30 [ 556.328661][T13149] simple_read_from_buffer+0xd4/0x248 [ 556.329793][T13149] proc_fail_nth_read+0x134/0x1a0 [ 556.330883][T13149] vfs_read+0x22c/0x970 [ 556.331858][T13149] ksys_read+0x15c/0x26c [ 556.332768][T13149] __arm64_sys_read+0x7c/0x90 [ 556.333872][T13149] invoke_syscall+0x98/0x2b8 [ 556.334803][T13149] el0_svc_common+0x130/0x23c [ 556.335764][T13149] do_el0_svc+0x48/0x58 [ 556.336662][T13149] el0_svc+0x54/0x168 [ 556.337450][T13149] el0t_64_sync_handler+0x84/0x108 [ 556.338614][T13149] el0t_64_sync+0x198/0x19c [ 556.820673][T13162] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1961'. [ 556.832653][T13164] binder: 13163:13164 got reply transaction with no transaction stack [ 556.834598][T13164] binder: 13163:13164 transaction reply to 0:0 failed 159/29201/-71, size 0-0 line 3052 [ 556.840243][T13164] binder: 13163:13164 ioctl c0306201 0 returned -14 [ 556.850044][T11729] binder: undelivered TRANSACTION_ERROR: 29201 [ 556.868002][T13162] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1961'. [ 557.184497][T13174] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1964'. [ 557.811650][T13178] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1968'. [ 558.270075][T13189] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1972'. [ 559.582550][T13208] RDS: rds_bind could not find a transport for ::ff9d:0:0:0:1, load rds_tcp or rds_rdma? [ 559.705759][T13212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1978'. [ 561.247237][T13245] fuse: Bad value for 'user_id' [ 561.248313][T13245] fuse: Bad value for 'user_id' [ 561.603841][T13208] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.642612][T13208] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 11823 - 0 [ 561.987306][T13208] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.990862][T13208] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 11823 - 0 [ 562.896766][T13208] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.898947][T13208] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 11823 - 0 [ 563.098034][T13208] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.100244][T13208] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 11823 - 0 [ 563.736367][T13208] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 11823 - 0 [ 563.738464][T13208] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 563.742963][T13208] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 11823 - 0 [ 563.744849][T13208] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 563.749062][T13208] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 11823 - 0 [ 563.750867][T13208] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 563.755034][T13208] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 11823 - 0 [ 563.769992][T13208] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 563.886378][T13296] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2009'. [ 564.527836][T13320] netlink: 'syz.2.2018': attribute type 4 has an invalid length. [ 564.530752][T13320] netlink: 3581 bytes leftover after parsing attributes in process `syz.2.2018'. [ 565.705063][T13347] input input17: cannot allocate more than FF_MAX_EFFECTS effects [ 565.858880][T13350] 9pnet_fd: Insufficient options for proto=fd [ 566.806564][T13360] netlink: 'syz.0.2031': attribute type 3 has an invalid length. [ 566.972561][ T30] audit: type=1400 audit(566.950:36): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=13359 comm="syz.0.2031" path="/dev/audio1" dev="devtmpfs" ino=875 [ 567.122116][T13362] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2032'. [ 570.236056][T13395] befs: (nbd0): No write support. Marking filesystem read-only [ 570.240038][T13395] syz.0.2042: attempt to access beyond end of device [ 570.240038][T13395] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 570.242805][T13395] befs: (nbd0): unable to read superblock [ 570.329266][T13403] netlink: 'syz.2.2046': attribute type 3 has an invalid length. [ 572.012357][T13412] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2049'. [ 572.177829][T13428] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2056'. [ 573.141013][T13438] ./file0: Can't lookup blockdev [ 574.262159][T13460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2060'. [ 582.956185][T13550] ./file0: Can't lookup blockdev [ 584.216527][T13567] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2089'. [ 584.904189][T13591] mkiss: ax0: crc mode is auto. [ 585.026220][T13602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.036367][T13602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.090871][T13604] binder: 13603:13604 ioctl c0306201 20000640 returned -14 [ 585.104176][T13604] binder: 13603:13604 ioctl c0306201 0 returned -14 [ 586.135026][T13624] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2105'. [ 586.662971][T13630] netlink: 'syz.4.2109': attribute type 3 has an invalid length. [ 586.733964][T13636] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2112'. [ 586.738200][T13636] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2112'. [ 586.876614][T13639] FAULT_INJECTION: forcing a failure. [ 586.876614][T13639] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 586.879299][T13639] CPU: 1 UID: 0 PID: 13639 Comm: syz.1.2113 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 586.881414][T13639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 586.883546][T13639] Call trace: [ 586.884212][T13639] show_stack+0x2c/0x3c (C) [ 586.885203][T13639] dump_stack_lvl+0xe4/0x150 [ 586.886094][T13639] dump_stack+0x1c/0x28 [ 586.886900][T13639] should_fail_ex+0x3b0/0x50c [ 586.887819][T13639] should_fail+0x14/0x24 [ 586.888702][T13639] should_fail_usercopy+0x20/0x30 [ 586.889652][T13639] copy_msghdr_from_user+0xb8/0x59c [ 586.890727][T13639] __sys_sendmsg+0x1d8/0x304 [ 586.891728][T13639] __arm64_sys_sendmsg+0x80/0x94 [ 586.892754][T13639] invoke_syscall+0x98/0x2b8 [ 586.893737][T13639] el0_svc_common+0x130/0x23c [ 586.894617][T13639] do_el0_svc+0x48/0x58 [ 586.895409][T13639] el0_svc+0x54/0x168 [ 586.896265][T13639] el0t_64_sync_handler+0x84/0x108 [ 586.897363][T13639] el0t_64_sync+0x198/0x19c [ 588.685494][T13651] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2116'. [ 588.737146][T13654] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 588.764403][T13656] ./file0: Can't lookup blockdev [ 589.859625][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 589.869720][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 589.873884][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 589.884739][T13673] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 589.902982][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 589.913420][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 589.923218][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 589.940601][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 589.947857][T13673] ip6gretap0 speed is unknown, defaulting to 1000 [ 590.579035][T13693] ip6gretap0 speed is unknown, defaulting to 1000 [ 592.653048][T13710] ip6gretap0 speed is unknown, defaulting to 1000 [ 593.544952][T13735] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 593.697988][T13738] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 594.577087][T13745] netlink: 'syz.2.2140': attribute type 21 has an invalid length. [ 594.666361][T13748] ./file0: Can't lookup blockdev [ 595.002464][T13758] smb3: Unexpected value for 'acl' [ 596.372596][T13779] binder: 13777:13779 ioctl c0306201 0 returned -14 [ 597.194420][T13766] ip6gretap0 speed is unknown, defaulting to 1000 [ 597.308228][T13793] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2156'. [ 597.310159][T13793] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2156'. [ 597.535226][T13799] smb3: Unexpected value for 'acl' [ 598.172150][T13803] ip6gretap0 speed is unknown, defaulting to 1000 [ 600.595180][T13830] ./file0: Can't lookup blockdev [ 600.930132][T13834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2167'. [ 602.656126][T13853] input input18: cannot allocate more than FF_MAX_EFFECTS effects [ 602.660066][T13853] 9pnet_fd: Insufficient options for proto=fd [ 602.740507][T13854] overlayfs: failed to clone upperpath [ 603.502956][T13858] smb3: Unexpected value for 'acl' [ 603.948182][T13871] ip6gretap0 speed is unknown, defaulting to 1000 [ 604.710460][T13894] ./file0: Can't lookup blockdev [ 605.045980][T13896] ip6gretap0 speed is unknown, defaulting to 1000 [ 605.488885][T13904] af_packet: tpacket_rcv: packet too big, clamped from 112 to 4294967272. macoff=96 [ 605.912458][T13913] input input19: cannot allocate more than FF_MAX_EFFECTS effects [ 605.944988][T13913] 9pnet_fd: Insufficient options for proto=fd [ 617.460883][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 621.566332][T13941] FAULT_INJECTION: forcing a failure. [ 621.566332][T13941] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 621.568979][T13941] CPU: 0 UID: 0 PID: 13941 Comm: syz.4.2197 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 621.571099][T13941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 621.573119][T13941] Call trace: [ 621.573828][T13941] show_stack+0x2c/0x3c (C) [ 621.574695][T13941] dump_stack_lvl+0xe4/0x150 [ 621.575633][T13941] dump_stack+0x1c/0x28 [ 621.576545][T13941] should_fail_ex+0x3b0/0x50c [ 621.577524][T13941] should_fail+0x14/0x24 [ 621.578380][T13941] should_fail_usercopy+0x20/0x30 [ 621.579406][T13941] get_timespec64+0xa4/0x2d4 [ 621.580272][T13941] __arm64_sys_ppoll+0x144/0x358 [ 621.581212][T13941] invoke_syscall+0x98/0x2b8 [ 621.582219][T13941] el0_svc_common+0x130/0x23c [ 621.583217][T13941] do_el0_svc+0x48/0x58 [ 621.584069][T13941] el0_svc+0x54/0x168 [ 621.584888][T13941] el0t_64_sync_handler+0x84/0x108 [ 621.585952][T13941] el0t_64_sync+0x198/0x19c [ 622.886315][T13961] input input20: cannot allocate more than FF_MAX_EFFECTS effects [ 622.947382][T13961] 9pnet_fd: Insufficient options for proto=fd [ 624.703095][T13983] netlink: 'syz.3.2211': attribute type 29 has an invalid length. [ 624.899069][T13985] netlink: 'syz.3.2211': attribute type 29 has an invalid length. [ 625.029516][T13983] binder: 13982:13983 got reply transaction with no transaction stack [ 625.033897][T13987] netlink: 'syz.4.2212': attribute type 10 has an invalid length. [ 625.037217][T13983] binder: 13982:13983 transaction reply to 0:0 failed 160/29201/-71, size 0-0 line 3052 [ 625.042842][T13983] binder: 13982:13983 ioctl c0306201 0 returned -14 [ 625.044912][ T6470] binder: undelivered TRANSACTION_ERROR: 29201 [ 625.087485][T13987] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.089327][T13987] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.124163][T13987] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.125811][T13987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.128465][T13987] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.130008][T13987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.184291][T13987] bridge0: entered promiscuous mode [ 625.185556][T13987] bridge0: entered allmulticast mode [ 625.191746][T13987] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 625.324265][T13992] udevd[13992]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 626.377936][T14010] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2218'. [ 626.633651][T14020] input input21: cannot allocate more than FF_MAX_EFFECTS effects [ 626.647230][T14020] 9pnet_fd: Insufficient options for proto=fd [ 626.992211][T13987] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2212'. [ 627.190364][T14022] loop1: detected capacity change from 0 to 32768 [ 627.256979][T14022] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 627.282352][T14022] XFS (loop1): Internal error !uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid) at line 254 of file fs/xfs/xfs_log_recover.c. Caller xlog_header_check_mount+0xb0/0xf8 [ 627.295084][T14022] CPU: 1 UID: 0 PID: 14022 Comm: syz.1.2223 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 627.297250][T14022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 627.299256][T14022] Call trace: [ 627.299918][T14022] show_stack+0x2c/0x3c (C) [ 627.300909][T14022] dump_stack_lvl+0xe4/0x150 [ 627.301897][T14022] dump_stack+0x1c/0x28 [ 627.302771][T14022] xfs_corruption_error+0x13c/0x198 [ 627.303804][T14022] xlog_header_check_mount+0xe8/0xf8 [ 627.304864][T14022] xlog_find_verify_log_record+0x380/0x54c [ 627.306113][T14022] xlog_find_zeroed+0x470/0x558 [ 627.307135][T14022] xlog_find_head+0x120/0x8c4 [ 627.308093][T14022] xlog_find_tail+0x144/0xa90 [ 627.309042][T14022] xlog_recover+0xd4/0x4b4 [ 627.309981][T14022] xfs_log_mount+0x208/0x39c [ 627.310942][T14022] xfs_mountfs+0xb68/0x1ba8 [ 627.312000][T14022] xfs_fs_fill_super+0xf68/0x11c0 [ 627.312952][T14022] get_tree_bdev_flags+0x38c/0x494 [ 627.314063][T14022] get_tree_bdev+0x2c/0x3c [ 627.314966][T14022] xfs_fs_get_tree+0x28/0x38 [ 627.315953][T14022] vfs_get_tree+0x90/0x28c [ 627.316848][T14022] do_new_mount+0x278/0x900 [ 627.317723][T14022] path_mount+0x590/0xe04 [ 627.318677][T14022] __arm64_sys_mount+0x4d4/0x5ac [ 627.319789][T14022] invoke_syscall+0x98/0x2b8 [ 627.320671][T14022] el0_svc_common+0x130/0x23c [ 627.321590][T14022] do_el0_svc+0x48/0x58 [ 627.322405][T14022] el0_svc+0x54/0x168 [ 627.323172][T14022] el0t_64_sync_handler+0x84/0x108 [ 627.324175][T14022] el0t_64_sync+0x198/0x19c [ 627.326255][T14022] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 627.327832][T14022] XFS (loop1): log has mismatched uuid - can't recover [ 627.329455][T14022] XFS (loop1): empty log check failed [ 627.330563][T14022] XFS (loop1): log mount/recovery failed: error -117 [ 627.341362][T14022] XFS (loop1): log mount failed [ 632.322790][T14046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2227'. [ 632.365737][T14051] ip6gretap0 speed is unknown, defaulting to 1000 [ 633.257434][T14064] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2232'. [ 634.173600][T14077] ip6gretap0 speed is unknown, defaulting to 1000 [ 634.209566][T14077] loop1: detected capacity change from 0 to 256 [ 634.213616][T14077] exFAT-fs (loop1): Invalid exboot-signature(sector = 2): 0x1119abd0 [ 634.215981][T14077] exFAT-fs (loop1): Invalid exboot-signature(sector = 5): 0x1119abd0 [ 634.217856][T14077] exFAT-fs (loop1): Invalid exboot-signature(sector = 6): 0x00000000 [ 634.219659][T14077] exFAT-fs (loop1): Invalid exboot-signature(sector = 7): 0x00000000 [ 634.221583][T14077] exFAT-fs (loop1): Invalid exboot-signature(sector = 8): 0x00000000 [ 634.223758][T14077] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e) [ 634.225770][T14077] exFAT-fs (loop1): invalid boot region [ 634.226854][T14077] exFAT-fs (loop1): failed to recognize exfat type [ 634.244604][T14079] input input22: cannot allocate more than FF_MAX_EFFECTS effects [ 634.316917][T14076] 9pnet_fd: Insufficient options for proto=fd [ 634.585678][ T30] audit: type=1326 audit(634.540:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14083 comm="syz.2.2237" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d559a28 code=0x0 [ 635.166781][T14089] loop1: detected capacity change from 0 to 32768 [ 635.188796][T14089] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2239 (14089) [ 635.347057][T14089] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 635.355750][T14089] BTRFS info (device loop1): using crc32c (crc32c-arm64) checksum algorithm [ 635.357678][T14089] BTRFS info (device loop1): disk space caching is enabled [ 635.359336][T14089] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 635.789538][T14107] ip6gretap0 speed is unknown, defaulting to 1000 [ 636.178617][T14117] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2245'. [ 636.709852][T14121] ip6gretap0 speed is unknown, defaulting to 1000 [ 637.673510][T14131] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 637.707946][T14089] BTRFS error (device loop1): open_ctree failed [ 637.782601][T14144] input input24: cannot allocate more than FF_MAX_EFFECTS effects [ 637.796779][T14144] 9pnet_fd: Insufficient options for proto=fd [ 637.966326][ T30] audit: type=1326 audit(637.950:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14150 comm="syz.0.2253" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8959a28 code=0x0 [ 638.014969][T14149] loop1: detected capacity change from 0 to 4096 [ 638.143942][T14164] loop1: detected capacity change from 0 to 64 [ 638.237101][T14167] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 638.269005][T14164] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2258'. [ 639.520030][T14201] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 640.202112][ T30] audit: type=1326 audit(640.180:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14204 comm="syz.0.2272" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8959a28 code=0x0 [ 641.528702][T14218] loop1: detected capacity change from 0 to 64 [ 641.632238][T14222] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2276'. [ 641.736020][T14218] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2275'. [ 642.566104][T14236] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 642.629167][ T30] audit: type=1326 audit(642.610:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14240 comm="syz.2.2284" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d559a28 code=0x0 [ 642.640327][T14242] loop1: detected capacity change from 0 to 256 [ 642.667595][T14242] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 642.671473][T14242] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 642.673464][T14242] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 642.675112][T14242] UDF-fs: Scanning with blocksize 512 failed [ 642.682710][T14242] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 642.690943][T14242] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 642.776494][T14247] smb3: Unexpected value for 'acl' [ 642.934857][T14255] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2290'. [ 642.937180][T14255] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2290'. [ 643.067417][T14259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 643.080780][T14259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 643.649819][T14267] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2292'. [ 644.358688][T14272] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 644.410105][ T30] audit: type=1326 audit(644.390:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14275 comm="syz.2.2297" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d559a28 code=0x0 [ 644.561055][T14287] binder: 14285:14287 ioctl c0306201 0 returned -14 [ 644.706892][T14299] input input25: cannot allocate more than FF_MAX_EFFECTS effects [ 644.721213][T14299] 9pnet_fd: Insufficient options for proto=fd [ 645.073104][T14304] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 647.033160][T14319] IPVS: set_ctl: invalid protocol: 136 100.1.1.1:20000 [ 647.572868][T14320] loop1: detected capacity change from 0 to 1024 [ 647.583369][T14320] hfsplus: invalid btree flag [ 647.584657][T14320] hfsplus: failed to load extents file [ 647.994797][T14344] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 648.382122][T14354] loop1: detected capacity change from 0 to 2048 [ 649.692384][T14371] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2326'. [ 650.783987][T14376] input input26: cannot allocate more than FF_MAX_EFFECTS effects [ 650.794238][T14377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2327'. [ 650.802616][T14376] 9pnet_fd: Insufficient options for proto=fd [ 651.205722][T14391] vlan2: entered promiscuous mode [ 651.221814][T14390] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 651.606535][T14402] netlink: 'syz.0.2336': attribute type 8 has an invalid length. [ 652.484853][T14413] netlink: 'syz.2.2339': attribute type 39 has an invalid length. [ 653.085658][T14417] loop1: detected capacity change from 0 to 256 [ 653.117863][T14417] exFAT-fs (loop1): Invalid exboot-signature(sector = 2): 0x1119abd0 [ 653.125326][T14417] exFAT-fs (loop1): Invalid exboot-signature(sector = 5): 0x1119abd0 [ 653.128356][T14417] exFAT-fs (loop1): Invalid exboot-signature(sector = 6): 0x00000000 [ 653.130779][T14417] exFAT-fs (loop1): Invalid exboot-signature(sector = 7): 0x00000000 [ 653.133612][T14417] exFAT-fs (loop1): Invalid exboot-signature(sector = 8): 0x00000000 [ 653.138197][T14417] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e) [ 653.140263][T14417] exFAT-fs (loop1): invalid boot region [ 653.141381][T14417] exFAT-fs (loop1): failed to recognize exfat type [ 653.202945][T14421] netlink: 'syz.3.2341': attribute type 3 has an invalid length. [ 653.205787][T14409] loop1: detected capacity change from 0 to 4096 [ 653.207547][T14409] nilfs2: Unknown parameter '@' [ 653.501532][T14423] FAULT_INJECTION: forcing a failure. [ 653.501532][T14423] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 653.504371][T14423] CPU: 0 UID: 0 PID: 14423 Comm: syz.4.2342 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 653.506710][T14423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 653.508719][T14423] Call trace: [ 653.509456][T14423] show_stack+0x2c/0x3c (C) [ 653.510446][T14423] dump_stack_lvl+0xe4/0x150 [ 653.511391][T14423] dump_stack+0x1c/0x28 [ 653.512259][T14423] should_fail_ex+0x3b0/0x50c [ 653.513225][T14423] should_fail+0x14/0x24 [ 653.514107][T14423] should_fail_usercopy+0x20/0x30 [ 653.515170][T14423] do_sys_poll+0x224/0x10e8 [ 653.516008][T14423] __arm64_sys_ppoll+0x2c4/0x358 [ 653.517166][T14423] invoke_syscall+0x98/0x2b8 [ 653.518132][T14423] el0_svc_common+0x130/0x23c [ 653.519093][T14423] do_el0_svc+0x48/0x58 [ 653.519985][T14423] el0_svc+0x54/0x168 [ 653.520828][T14423] el0t_64_sync_handler+0x84/0x108 [ 653.521917][T14423] el0t_64_sync+0x198/0x19c [ 653.704686][T14416] ip6gretap0 speed is unknown, defaulting to 1000 [ 653.847239][T14430] bridge2: entered promiscuous mode [ 653.852742][T14430] bridge2: entered allmulticast mode [ 654.602577][T14443] ip6gretap0 speed is unknown, defaulting to 1000 [ 654.831599][ T30] audit: type=1326 audit(654.810:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14450 comm="syz.0.2350" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa8959a28 code=0x0 [ 655.032162][T14448] loop1: detected capacity change from 0 to 32768 [ 655.848309][T14461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2353'. [ 655.916322][T14448] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 655.991925][T14448] XFS (loop1): Ending clean mount [ 656.070128][T14481] netlink: 'syz.0.2360': attribute type 29 has an invalid length. [ 656.072858][T14481] netlink: 'syz.0.2360': attribute type 29 has an invalid length. [ 656.136135][ T6427] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 656.261117][ T30] audit: type=1326 audit(656.240:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14496 comm="syz.1.2369" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb59a28 code=0x0 [ 656.367453][T14502] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2366'. [ 656.579490][T14507] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2368'. [ 657.282463][T14510] loop1: detected capacity change from 0 to 8192 [ 658.361845][T14539] loop1: detected capacity change from 0 to 4096 [ 658.372151][T14539] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 658.500154][ T30] audit: type=1326 audit(658.480:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14544 comm="syz.4.2383" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e359a28 code=0x0 [ 658.818181][T14552] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2384'. [ 659.649288][T14564] loop1: detected capacity change from 0 to 512 [ 659.707897][T14562] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2388'. [ 659.749476][T14564] EXT4-fs (loop1): Test dummy encryption mode enabled [ 659.750854][T14564] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 659.753525][T14564] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 659.809592][T14564] EXT4-fs error (device loop1): ext4_orphan_get:1415: comm syz.1.2389: bad orphan inode 131083 [ 659.822316][T14564] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 659.858158][T14564] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 659.871646][T14574] dccp_invalid_packet: P.Data Offset(224) too large [ 660.053535][T14579] FAULT_INJECTION: forcing a failure. [ 660.053535][T14579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 660.056548][T14579] CPU: 1 UID: 0 PID: 14579 Comm: syz.0.2390 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 660.058659][T14579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 660.060777][T14579] Call trace: [ 660.061455][T14579] show_stack+0x2c/0x3c (C) [ 660.062358][T14579] dump_stack_lvl+0xe4/0x150 [ 660.063199][T14579] dump_stack+0x1c/0x28 [ 660.064068][T14579] should_fail_ex+0x3b0/0x50c [ 660.065088][T14579] should_fail+0x14/0x24 [ 660.066008][T14579] should_fail_usercopy+0x20/0x30 [ 660.067071][T14579] copy_msghdr_from_user+0xb8/0x59c [ 660.068187][T14579] __sys_sendmmsg+0x2c4/0x76c [ 660.069087][T14579] __arm64_sys_sendmmsg+0xa0/0xbc [ 660.070161][T14579] invoke_syscall+0x98/0x2b8 [ 660.071081][T14579] el0_svc_common+0x130/0x23c [ 660.072058][T14579] do_el0_svc+0x48/0x58 [ 660.072949][T14579] el0_svc+0x54/0x168 [ 660.073719][T14579] el0t_64_sync_handler+0x84/0x108 [ 660.074677][T14579] el0t_64_sync+0x198/0x19c [ 660.115552][ T6427] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 661.203360][ T30] audit: type=1326 audit(661.180:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14601 comm="syz.2.2399" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d559a28 code=0x0 [ 662.287077][T14604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2398'. [ 662.382527][T14608] ip6gretap0 speed is unknown, defaulting to 1000 [ 663.150586][T14616] loop1: detected capacity change from 0 to 8 [ 663.171193][T14616] SQUASHFS error: lzo decompression failed, data probably corrupt [ 663.173146][T14616] SQUASHFS error: Failed to read block 0x0: -5 [ 663.177182][T14616] SQUASHFS error: lzo decompression failed, data probably corrupt [ 663.178793][T14616] SQUASHFS error: Failed to read block 0x0: -5 [ 663.194869][T14616] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2402'. [ 663.497641][T14600] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 663.499566][T14600] overlayfs: missing 'lowerdir' [ 663.952340][T14636] netlink: 'syz.3.2409': attribute type 1 has an invalid length. [ 664.033807][T14623] loop1: detected capacity change from 0 to 32768 [ 664.049171][T14636] 8021q: adding VLAN 0 to HW filter on device bond2 [ 664.076432][T14623] JBD2: Ignoring recovery information on journal [ 664.153629][T14623] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 664.479832][T14649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2411'. [ 664.892095][T14665] dccp_invalid_packet: invalid packet type [ 665.949198][T14674] ip6gretap0 speed is unknown, defaulting to 1000 [ 666.339903][ T6427] ocfs2: Unmounting device (7,1) on (node local) [ 667.089768][T14705] netlink: 'syz.2.2431': attribute type 8 has an invalid length. [ 667.158790][T14696] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2428'. [ 667.160654][T14696] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2428'. [ 667.406824][T14716] loop1: detected capacity change from 0 to 256 [ 667.417009][T14708] ip6gretap0 speed is unknown, defaulting to 1000 [ 667.451293][T14716] exFAT-fs (loop1): Invalid exboot-signature(sector = 2): 0x1119abd0 [ 667.453572][T14716] exFAT-fs (loop1): Invalid exboot-signature(sector = 5): 0x1119abd0 [ 667.457065][T14716] exFAT-fs (loop1): Invalid exboot-signature(sector = 6): 0x00000000 [ 667.459104][T14716] exFAT-fs (loop1): Invalid exboot-signature(sector = 7): 0x00000000 [ 667.464034][T14716] exFAT-fs (loop1): Invalid exboot-signature(sector = 8): 0x00000000 [ 667.495054][T14716] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e) [ 667.497494][T14716] exFAT-fs (loop1): invalid boot region [ 667.498625][T14716] exFAT-fs (loop1): failed to recognize exfat type [ 667.535691][T14708] loop1: detected capacity change from 0 to 4096 [ 667.560771][T14708] NILFS (loop1): invalid segment: Checksum error in segment payload [ 667.562724][T14708] NILFS (loop1): trying rollback from an earlier position [ 667.621001][T14708] NILFS (loop1): recovery complete [ 667.712504][T14732] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 668.696004][T14752] binder: 14750:14752 ioctl c0306201 0 returned -14 [ 669.522075][T14787] ./file0: Can't lookup blockdev [ 669.923885][T14793] loop1: detected capacity change from 0 to 2048 [ 669.929685][T14793] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 669.943044][T14794] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 670.062884][T14798] netlink: 'syz.1.2463': attribute type 3 has an invalid length. [ 671.720962][ T30] audit: type=1326 audit(671.690:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14815 comm="syz.2.2470" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8d559a28 code=0x0 [ 671.865034][T14814] loop1: detected capacity change from 0 to 8192 [ 671.913410][T14819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2468'. [ 672.056633][T14824] dccp_invalid_packet: invalid packet type [ 673.071135][T14847] netlink: 'syz.1.2479': attribute type 3 has an invalid length. [ 674.557276][T14856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2477'. [ 674.592903][T14858] ./file0: Can't lookup blockdev [ 675.146830][T14870] dccp_invalid_packet: P.Data Offset(224) too large [ 675.178636][T14872] input input27: cannot allocate more than FF_MAX_EFFECTS effects [ 675.184012][T14872] 9pnet_fd: Insufficient options for proto=fd [ 675.815025][T14881] ip6gretap0 speed is unknown, defaulting to 1000 [ 675.958098][T14882] loop1: detected capacity change from 0 to 256 [ 675.972913][T14882] exFAT-fs (loop1): Invalid exboot-signature(sector = 2): 0x1119abd0 [ 675.976204][T14882] exFAT-fs (loop1): Invalid exboot-signature(sector = 5): 0x1119abd0 [ 675.979275][T14882] exFAT-fs (loop1): Invalid exboot-signature(sector = 6): 0x00000000 [ 675.981657][T14882] exFAT-fs (loop1): Invalid exboot-signature(sector = 7): 0x00000000 [ 675.984679][T14882] exFAT-fs (loop1): Invalid exboot-signature(sector = 8): 0x00000000 [ 675.988946][T14882] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e) [ 675.991138][T14882] exFAT-fs (loop1): invalid boot region [ 675.992270][T14882] exFAT-fs (loop1): failed to recognize exfat type [ 676.182040][T14882] loop1: detected capacity change from 0 to 4096 [ 676.217168][T14882] NILFS (loop1): invalid segment: Checksum error in segment payload [ 676.218958][T14882] NILFS (loop1): trying rollback from an earlier position [ 676.230595][T14882] NILFS (loop1): recovery complete [ 676.246089][T14884] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 677.319844][T14896] netlink: 'syz.4.2494': attribute type 3 has an invalid length. [ 678.490452][T14892] ip6gretap0 speed is unknown, defaulting to 1000 [ 678.914918][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 679.727938][T14920] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2497'. [ 679.985243][T14935] ./file0: Can't lookup blockdev [ 680.031338][T14936] loop1: detected capacity change from 0 to 512 [ 680.125391][T14937] 9pnet_fd: Insufficient options for proto=fd [ 680.160375][T14945] loop1: detected capacity change from 0 to 16 [ 680.171654][T14945] erofs (device loop1): unsupported chunk format 7f00 of nid 36 [ 680.390693][T14953] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2510'. [ 680.529503][T14958] loop1: detected capacity change from 0 to 4096 [ 680.539915][T14958] ntfs3(loop1): Failed to load $Volume (-2). [ 680.761797][T14964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2513'. [ 680.833783][T14966] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 683.143299][T15013] dccp_invalid_packet: P.Data Offset(224) too large [ 683.270183][T15015] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2533'. [ 683.464113][T15028] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2536'. [ 683.690540][T15040] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2537'. [ 684.796651][T15053] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2540'. [ 686.665192][T15058] ip6gretap0 speed is unknown, defaulting to 1000 [ 686.887345][T15059] ip6gretap0 speed is unknown, defaulting to 1000 [ 688.261820][T15074] ip6gretap0 speed is unknown, defaulting to 1000 [ 691.390333][T15106] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2553'. [ 691.460025][T15111] loop1: detected capacity change from 0 to 256 [ 691.461718][T15111] exfat: Deprecated parameter 'utf8' [ 691.462911][T15111] exfat: Deprecated parameter 'utf8' [ 691.470639][T15111] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 691.681798][T15118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2555'. [ 691.789375][T15119] netlink: 'syz.1.2559': attribute type 3 has an invalid length. [ 692.017865][T15128] dccp_invalid_packet: invalid packet type [ 692.900105][T15146] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2568'. [ 692.902019][T15146] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2568'. [ 693.334587][T15158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2570'. [ 693.784649][T15179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2577'. [ 693.873119][T15185] netlink: 'syz.4.2583': attribute type 4 has an invalid length. [ 693.912215][T15185] netlink: 'syz.4.2583': attribute type 4 has an invalid length. [ 693.957006][T15198] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2586'. [ 693.961817][T15198] vlan2: entered promiscuous mode [ 693.965245][T15198] bridge0: entered promiscuous mode [ 693.966751][T15198] vlan2: entered allmulticast mode [ 693.968168][T15198] bridge0: entered allmulticast mode [ 694.110998][T15202] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.113062][T15202] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.569909][T15202] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.575080][T15202] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.925955][T15202] bond0: left allmulticast mode [ 694.933463][T15202] bond_slave_0: left allmulticast mode [ 694.934715][T15202] bond_slave_1: left allmulticast mode [ 694.936205][T15202] bridge0: left allmulticast mode [ 694.937298][T15202] bond0: left promiscuous mode [ 694.938332][T15202] bond_slave_0: left promiscuous mode [ 694.939469][T15202] bond_slave_1: left promiscuous mode [ 694.964428][T15202] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.966651][T15202] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.969742][T15202] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.972770][T15202] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.223499][T15248] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2600'. [ 695.235226][T15250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2601'. [ 695.304106][T15248] netlink: 'syz.2.2600': attribute type 39 has an invalid length. [ 695.310020][T15248] veth0_macvtap: left promiscuous mode [ 695.512817][T15275] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 695.515199][T15275] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 695.517291][T15275] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 695.519151][T15275] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 695.522244][T15275] vxlan0: entered promiscuous mode [ 695.523381][T15275] vxlan0: entered allmulticast mode [ 695.572924][T15277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2614'. [ 696.085761][ T6470] IPVS: starting estimator thread 0... [ 696.176068][T15318] IPVS: using max 34 ests per chain, 81600 per kthread [ 696.384839][T15339] netlink: 'syz.3.2642': attribute type 10 has an invalid length. [ 696.454767][T15339] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 697.117474][T15385] __nla_validate_parse: 5 callbacks suppressed [ 697.117493][T15385] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2657'. [ 697.268076][T15406] tipc: Enabling of bearer rejected, failed to enable media [ 697.339506][T15411] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 697.348884][T15411] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.375044][T15411] bridge0: left allmulticast mode [ 697.376368][T15411] bridge0: left promiscuous mode [ 697.596234][T15435] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2671'. [ 697.602194][T15436] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 697.696600][T15435] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2671'. [ 697.734087][T15454] netlink: 'syz.2.2677': attribute type 1 has an invalid length. [ 697.788784][T15461] netlink: 'syz.2.2679': attribute type 2 has an invalid length. [ 697.791971][T15461] netlink: 187320 bytes leftover after parsing attributes in process `syz.2.2679'. [ 698.007676][T15479] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2686'. [ 698.009716][T15479] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2686'. [ 698.895223][T15567] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2722'. [ 699.435156][T15619] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 699.449201][T15621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 699.457424][T15621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 699.543433][T15615] ip6gretap0 speed is unknown, defaulting to 1000 [ 699.573911][T15626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 699.577437][T15626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 699.586464][T15630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 699.588854][T15630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 699.896338][ T5996] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 700.075664][ T5996] usb 1-1: language id specifier not provided by device, defaulting to English [ 700.082565][ T5996] usb 1-1: New USB device found, idVendor=0ac8, idProduct=3410, bcdDevice=74.00 [ 700.084629][ T5996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.087770][ T5996] usb 1-1: Product: 柛豢念팣Ⰲ㸟齦꽹屩诲旚 [ 700.089280][ T5996] usb 1-1: SerialNumber: syz [ 700.095968][ T5996] usb 1-1: config 0 descriptor?? [ 700.152506][T15638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 700.158866][T15638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 700.178938][T15640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 700.180997][T15640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 700.323420][ T5996] usb 1-1: Found UVC 0.00 device 柛豢念팣Ⰲ㸟齦꽹屩诲旚 (0ac8:3410) [ 700.325726][ T5996] usb 1-1: No valid video chain found. [ 700.326815][ T5996] ------------[ cut here ]------------ [ 700.327794][ T5996] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ 700.327856][ T5996] WARNING: CPU: 1 PID: 5996 at kernel/locking/mutex.c:564 __mutex_lock_common+0x1bc4/0x28f4 [ 700.330924][ T5996] Modules linked in: [ 700.331718][ T5996] CPU: 1 UID: 0 PID: 5996 Comm: kworker/1:2 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 700.333783][ T5996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 700.335777][ T5996] Workqueue: usb_hub_wq hub_event [ 700.336793][ T5996] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 700.338308][ T5996] pc : __mutex_lock_common+0x1bc4/0x28f4 [ 700.339434][ T5996] lr : __mutex_lock_common+0x1bc0/0x28f4 [ 700.340517][ T5996] sp : ffff80009d7465e0 [ 700.341390][ T5996] x29: ffff80009d7467c0 x28: ffff80009d746740 x27: ffff700013ae8cdc [ 700.342917][ T5996] x26: 0000000000000000 x25: 0000000000000000 x24: 1ffff00012e9bf20 [ 700.344675][ T5996] x23: 0000000000000000 x22: ffff80009d7466e0 x21: ffff80009d746720 [ 700.346417][ T5996] x20: 0000000000000000 x19: ffff0000c6fba518 x18: 0000000000000008 [ 700.348016][ T5996] x17: 0000000000000000 x16: ffff80008b60ad1c x15: ffff700011f43bc0 [ 700.349683][ T5996] x14: 1ffff00011f43bc0 x13: 0000000000000004 x12: ffffffffffffffff [ 700.351392][ T5996] x11: 0000000000100000 x10: 0000800000000000 x9 : 92b59d24213ab900 [ 700.352939][ T5996] x8 : 92b59d24213ab900 x7 : 0000000000000001 x6 : 0000000000000001 [ 700.354621][ T5996] x5 : ffff80009d745d18 x4 : ffff80008fa90460 x3 : ffff8000804a1bf8 [ 700.356366][ T5996] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 700.358170][ T5996] Call trace: [ 700.358825][ T5996] __mutex_lock_common+0x1bc4/0x28f4 (P) [ 700.360019][ T5996] mutex_lock_nested+0x2c/0x38 [ 700.361001][ T5996] uvc_status_unregister+0x38/0xe8 [ 700.362134][ T5996] uvc_unregister_video+0x110/0x1c4 [ 700.363208][ T5996] uvc_probe+0x7098/0x7748 [ 700.364084][ T5996] usb_probe_interface+0x598/0xa40 [ 700.365133][ T5996] really_probe+0x38c/0x8fc [ 700.366053][ T5996] __driver_probe_device+0x194/0x374 [ 700.367246][ T5996] driver_probe_device+0x78/0x330 [ 700.368304][ T5996] __device_attach_driver+0x2a8/0x4f4 [ 700.369445][ T5996] bus_for_each_drv+0x228/0x2bc [ 700.370482][ T5996] __device_attach+0x2b4/0x434 [ 700.371542][ T5996] device_initial_probe+0x24/0x34 [ 700.372626][ T5996] bus_probe_device+0x178/0x240 [ 700.373652][ T5996] device_add+0x728/0xa6c [ 700.374612][ T5996] usb_set_configuration+0x15cc/0x1b38 [ 700.375831][ T5996] usb_generic_driver_probe+0x8c/0x148 [ 700.376990][ T5996] usb_probe_device+0x1a4/0x348 [ 700.378062][ T5996] really_probe+0x38c/0x8fc [ 700.379056][ T5996] __driver_probe_device+0x194/0x374 [ 700.380185][ T5996] driver_probe_device+0x78/0x330 [ 700.381224][ T5996] __device_attach_driver+0x2a8/0x4f4 [ 700.382358][ T5996] bus_for_each_drv+0x228/0x2bc [ 700.383344][ T5996] __device_attach+0x2b4/0x434 [ 700.384270][ T5996] device_initial_probe+0x24/0x34 [ 700.385285][ T5996] bus_probe_device+0x178/0x240 [ 700.386322][ T5996] device_add+0x728/0xa6c [ 700.387167][ T5996] usb_new_device+0x908/0x14ac [ 700.387943][ T5996] hub_event+0x2454/0x4280 [ 700.388660][ T5996] process_one_work+0x7a8/0x15cc [ 700.389666][ T5996] worker_thread+0x97c/0xeec [ 700.390601][ T5996] kthread+0x288/0x310 [ 700.391441][ T5996] ret_from_fork+0x10/0x20 [ 700.392432][ T5996] irq event stamp: 239227 [ 700.393272][ T5996] hardirqs last enabled at (239227): [] __console_unlock+0x70/0xc4 [ 700.395224][ T5996] hardirqs last disabled at (239226): [] __console_unlock+0x58/0xc4 [ 700.397175][ T5996] softirqs last enabled at (239216): [] handle_softirqs+0xb44/0xd34 [ 700.399153][ T5996] softirqs last disabled at (239193): [] __do_softirq+0x14/0x20 [ 700.400990][ T5996] ---[ end trace 0000000000000000 ]--- [ 700.405555][ T5996] usb 1-1: USB disconnect, device number 2