last executing test programs: 5.004844367s ago: executing program 2 (id=646): ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='hybla\x00', 0x6) listen(r1, 0x0) 4.855509626s ago: executing program 2 (id=649): io_setup(0x8, &(0x7f0000002740)=0x0) io_getevents(r0, 0x4, 0x4, &(0x7f0000000000)=[{}, {}, {}, {}], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_submit(r0, 0x1, &(0x7f0000000480)=[&(0x7f0000000880)={0x0, 0x0, 0x0, 0x7, 0x8, r1, 0x0, 0x0, 0x6}]) io_destroy(r0) r2 = socket$inet(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) 4.578827385s ago: executing program 0 (id=656): capset(&(0x7f0000000140)={0x20080522}, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, 0x5}) syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000002c0)={0x0, 0xffffffffffffffa3, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000000180)={r3}) 4.497038515s ago: executing program 2 (id=657): r0 = fsopen(&(0x7f0000000400)='qnx6\x00', 0x0) close(r0) 4.436224485s ago: executing program 2 (id=659): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x28, 0xfffbf00c}, {0x6, 0x0, 0x0, 0xfff}]}, 0x10) sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) 4.433110265s ago: executing program 0 (id=660): socket$isdn_base(0x22, 0x3, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(&(0x7f0000000540)=@nullb, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) r4 = socket$l2tp6(0xa, 0x2, 0x73) connect$l2tp6(r4, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 4.232351464s ago: executing program 2 (id=661): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket(0x10, 0x803, 0x0) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{0x0}, {&(0x7f00000001c0)=""/17, 0x11}], 0x2}}], 0x1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x1}, 0x8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000cc0)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x52, &(0x7f0000001fc0)={@local, @local, @val={@void}, {@ipv6={0x86dd, @dccp_packet={0x3, 0x6, "f8046a", 0x18, 0x21, 0xff, @mcast1, @private0, {[@fragment={0x21, 0x0, 0x1, 0x0, 0x0, 0xa, 0x67}], {{0x4e22, 0x4e21, 0x4, 0x1, 0x8, 0x0, 0x0, 0x6, 0x0, "7925d0", 0xb, "b4f128"}}}}}}}, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e04de220c"], 0x7) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0) 3.460427802s ago: executing program 4 (id=663): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x6, [@datasec={0x4, 0x0, 0x0, 0xf, 0x2, [], '\x00\x00'}, @datasec={0x7, 0x0, 0x0, 0xf, 0x2, [], '}p'}]}, {0x0, [0x5f, 0x2e, 0x0, 0x30]}}, 0x0, 0x3a, 0x0, 0x9, 0x84, 0x0, @void, @value}, 0x28) 3.332714751s ago: executing program 4 (id=667): r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x2}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r5, 0x201, 0x70bd27, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 3.289293951s ago: executing program 4 (id=669): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)={{0x12, 0x1, 0x0, 0xed, 0x3e, 0xc9, 0x8, 0xccd, 0xb3, 0x2dee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb0, 0x87, 0x1d}}]}}]}}, 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000140)={0x0, 0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.212983841s ago: executing program 3 (id=672): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000480), &(0x7f0000000140)=0x8) 3.04202775s ago: executing program 1 (id=676): r0 = socket$inet6(0xa, 0x802, 0x0) bind$inet6(r0, &(0x7f0000000640)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0xfffffffd, @loopback, 0x10}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000002900000037"], 0x18}}], 0x1, 0x0) 3.01647169s ago: executing program 1 (id=677): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00aa19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e468eea3fcfcf498278a315f5b87e1c26433a8acd715f5888b2007f00000000000000000100000000000000010015d60605000053350000000034a70c2ab40c7cf5691db43a5c00000000000000f030007ce2c6f800000000000000e75a89faff01218087560cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bef5d7d617da7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf050000008600a62e96b7cb8e52cbdc2ba9d580609e31c30879d6fce424c2208af6c3784a1975fa657de38a3a32e4fd67ce446adb431d07db79241aca1dd9ba02453bbb5ee8babe1745e645f091231b986e952afdac972f342c6f184777d05d988d6edc71df0100000013a38300cabf2b554380ad215c789bef4cc574109b8df8d9a9db669557b3809d8c396d2c0361629d1822f722ec23812770d72cd00100000078a75dea785be550dbb420287e0789b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b8a0ae6fb5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fc7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff25184d4e3c6f7f623559435b2c505fb711300000000040000000000000000000000000000e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7a49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd029406000000433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671a5767014b09ddbf69b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7b49991be06b950ccd48f4e49833f3c4a02bbd06c84680549f9eb16682ecb722e8ffaca907a3eaaebfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c52108d9c0d51dc30209872ec602af42eb29d54a37be0fdfdcd74c2d859a566ee5c30677173a2592a4617ae08bec07422d52d2ba7271550a5c20e3a8d1c8c8fd3025ff00607b2249ae9a18391e01b21b36169790b8e96f7955754b6b01a75165d3573d1dec5cf1b08b6115b43203a5654cce2277eb4c02ef4817b4cb989ac178895810eff7b697f2dc9b308aa2460e3cb85cdc4833571a62bf310700000000000000cc7f923284230ada8c756096a66119d4b6b2f159585c3cf8e7bfdd619e294b1d21cd491b8cfd4a253856e485fe29c6ad177a9fb078ca905782b9ed3c30675b89a784bb8031cac0de95178a5acff029a0f0fe972df22b20afe95fba722056f94ab15f1cf605c33df627311f1b614684d77549"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000001f80)=r0, 0x4) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x1f4, 0x5, 0x0, &(0x7f0000000100)="ffa294412f", 0x0, 0x5, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x2}, 0x50) 2.88484277s ago: executing program 1 (id=678): bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map=0x1, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) fsetxattr(r0, &(0x7f0000000180)=@random={'security.', '-!)%\xd1!\x8ay\x00'}, &(0x7f0000000200)='-/', 0x2, 0x2) 2.88450945s ago: executing program 0 (id=679): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000300)="cd", 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000000)=0x567, 0x4) 2.88430733s ago: executing program 1 (id=680): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x3d, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@nested={0x8, 0x145, 0x0, 0x1, [@nested={0x4, 0x8}]}]}, 0x1c}}, 0x4040040) 2.86320689s ago: executing program 0 (id=681): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05000000"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xffffffffffffbffc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f00000000c0)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 2.845826119s ago: executing program 1 (id=682): r0 = socket$kcm(0x29, 0x2, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000140)=""/81, 0x0) sendmmsg$inet(r0, &(0x7f0000006e80)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000001a40)="9a6acc", 0x3}], 0x1}}], 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x40000c0) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x1, 0x80482) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r4 = openat$cgroup_devices(r3, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000140)={'b', ' *:* ', 'm\x00'}, 0x8) write$cgroup_devices(r4, &(0x7f0000000240)={'c', ' *:* ', 'r\x00'}, 0x8) 2.612669299s ago: executing program 1 (id=683): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000180)={0x0, 0x0, {0x0, 0x1}}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r4, &(0x7f0000000080)=[{0x1e, 0x0, 0x0, 0xfd, @time, {}, {}, @result}], 0x1c) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000140)={0x5, 0x8b, 0x93, 0x84000, 0xffffffffffffffff}) close(r6) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00') exit(0x100000001) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r5, 0x1) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x502, 0x0) ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000080)=0x10) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000100)=0x80) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r8, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r10, 0x4}, &(0x7f00000000c0)=0xc) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000002240)=@assoc_value={r11, 0x3}, &(0x7f0000000080)=0x8) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x1400, 0x0, 0x0, 0x1, 0x0, @local, @broadcast}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0x3e) 1.856824016s ago: executing program 3 (id=684): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000180)={'ip_vti0\x00', 0x0, 0x7, 0x80, 0x1, 0x1ae5, {{0x9, 0x4, 0x2, 0x32, 0x24, 0x65, 0x0, 0xa9, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, {[@lsrr={0x83, 0xb, 0x38, [@local, @multicast2]}, @ra={0x94, 0x4}]}}}}}) openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() socket$inet6_udp(0xa, 0x2, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) recvmsg(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000240)=""/55, 0x37}], 0x1}, 0x141fd) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') fcntl$notify(r7, 0x402, 0x80000004) getdents64(r7, &(0x7f0000000200)=""/171, 0xab) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000280)={'tunl0\x00', r0, 0xf001, 0x700, 0x200, 0x0, {{0x8, 0x4, 0x0, 0x2, 0x20, 0x66, 0x0, 0x53, 0x29, 0x0, @private=0xa010100, @multicast2, {[@generic={0x86, 0x9, "05a01c768d7770"}]}}}}}) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r0, @fallback=0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r8, 0x2000000, 0x19, 0x0, &(0x7f0000000380)="0990ddc848000092733a80c6907c26f0e5ab52894ed7", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getpid() 1.773773906s ago: executing program 0 (id=685): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x74, 0x3a, 0x8d4, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$l2tp6(0xa, 0x2, 0x73) getpeername$l2tp6(r4, 0x0, 0x0) 1.720817976s ago: executing program 4 (id=686): openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100, 0x2, 0x2de}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xa0}}) io_uring_enter(r0, 0x2def, 0x0, 0xe, 0x0, 0x0) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x8000000000000001}, 0x0, &(0x7f0000000240)={0x1d, 0x2}, 0x0, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) 510.625272ms ago: executing program 2 (id=687): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) accept4$alg(r1, 0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4) 441.812022ms ago: executing program 3 (id=688): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x1) ioctl$SIOCAX25GETINFO(r0, 0x89ed, &(0x7f0000000300)) 336.967482ms ago: executing program 4 (id=689): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) 334.376912ms ago: executing program 3 (id=690): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0xf0, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@remote, @multicast1, 0x0, 0x0, 'macvlan0\x00', 'syzkaller0\x00'}, 0x6, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@ip={@local, @dev, 0x0, 0x0, 'veth0_to_team\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)={0x10, 0x11, 0x1}, 0x10}], 0x1}, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000040)=0xe, 0x36) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000180)=0x40000000, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 288.954802ms ago: executing program 4 (id=691): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000300)) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000380)={0x0, 0xfffffffffffffc3f, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={r7, 0xe, 0x7f, 0x0, 0x0, [0x0], [0x0, 0x29, 0x2], [], [0x0, 0x0, 0xfffffffffffffffd]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x83ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@mpls_getroute={0x24, 0x1a, 0x801, 0x70bd29, 0x0, {0x1c, 0x14}, [@RTA_OIF={0x8}]}, 0x24}}, 0x0) 58.904211ms ago: executing program 3 (id=692): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b) writev(r0, &(0x7f0000000680)=[{0x0}, {&(0x7f00000013c0)="413067419e063ca66909f2760ff13f2c64fcdc86750c114a5af37084c3d0a5bcb8b6841f21862b46b345427318f71bfe3ed6a45aa497dbc2af1466cd05a50028e3513d4c9e18d5cc2987974729d676f51a2d8775bf8d9e52a19b3c7ccbc6add204fe05174b9114c76713500a70a3eac9cdbf523358a96b8f5c0e4be10c883fba970f92afb63606b99c5ee64c7fd2a3b4ad731a9b828283c3c2ed2d2ae0d121e03d835d584973cd785337ae88e25047fd1e72d31623f8d5d2bc71d199fecee76e6b86822cfb201efbedab3a8f26151bb8de710c079bbf3b1284d8c5515a785dfc9f82224018c7d586d6ec9986e2764928e7fcea4b43bac95c61fe87ad36f8a70f7fb20b5266b7c8cacb9192b1ee91a12778fc2528dc43607bdf65ad54afe79e9b9df1ee9b81134420bb24158d684a7e50c8e53617e69f8dc71992bba12d7003358d01c32634bf01801745a206031ed497c6cba928a8f14f8419604e45feffa1b574b2e7b57fc8bafac6b7b2b7189ea130b5d4149b32838436aef80b6e61bb59dabf2a67f0cf3edfe586e638e5af55d44566f95490f5686cbe32aa3e06b66f53ae28ff2c797c3e67e7392ae63a0ff55ed4fd0d2c1306be30699f4cab7fa5b2e8e6fd7405736a2b39650a23936730b2185785cd1f7dc1603d49b7283923ec4056d17ef74c90f5ce118b2ee26de22ebfc6f6fedc59670455d0231b294f4099fbe71bb7a00dc4507ed1231a392dba919f8133b9a9b91effd252773cf677955433a8540bfaf5e2439ec947dd3cccc177898200bd6e26f838f2c45a1e10cdbe70df0f042ed58cd1cc493b3db7b85ed20910e8c9fe0e69f51c063cc60f54a22c257e1a15c72d0c482ee497b8", 0x268}], 0x2) 300.09µs ago: executing program 0 (id=693): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="500100001a000100000000000200000002001c1f0000c808ffffffea080006000700000008000400", @ANYRES32=r0, @ANYBLOB="06001c004e21000008000100ac1414", @ANYRES16], 0x150}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4040084) 0s ago: executing program 3 (id=694): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10) kernel console output (not intermixed with test programs): evice loop1): map_mft_record(): Failed with error code 5. [ 69.060410][ T4296] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 69.401249][ T4312] loop0: detected capacity change from 0 to 4096 [ 69.583009][ T4312] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 69.655105][ T2057] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.657318][ T2057] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.527368][ T4327] loop4: detected capacity change from 0 to 512 [ 70.605013][ T4327] EXT2-fs (loop4): warning: mounting ext3 filesystem as ext2 [ 70.689455][ T4329] loop3: detected capacity change from 0 to 256 [ 70.773327][ T4329] FAT-fs (loop3): Unrecognized mount option "short name=winnt" or missing value [ 70.795755][ T4316] loop2: detected capacity change from 0 to 32768 [ 70.834893][ T4316] XFS: ikeep mount option is deprecated. [ 70.836426][ T4316] XFS: noikeep mount option is deprecated. [ 70.847626][ T4333] loop0: detected capacity change from 0 to 8192 [ 70.854622][ T4314] loop1: detected capacity change from 0 to 32768 [ 70.866155][ T4316] XFS (loop2): Mounting V5 Filesystem [ 70.939445][ T4316] XFS (loop2): Ending clean mount [ 70.948240][ T4316] XFS (loop2): Quotacheck needed: Please wait. [ 71.041289][ T4314] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 71.043482][ T4314] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 71.047182][ T4333] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 71.049642][ T4333] REISERFS (device loop0): using ordered data mode [ 71.054902][ T4316] XFS (loop2): Quotacheck: Done. [ 71.061065][ T4333] reiserfs: using flush barriers [ 71.071495][ T4333] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 71.556342][ T4333] REISERFS (device loop0): checking transaction log (loop0) [ 71.597139][ T4333] REISERFS (device loop0): Using r5 hash to sort names [ 71.610310][ T4314] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 71.632720][ T4078] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 71.634720][ T4078] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 71.669837][ T4316] XFS (loop2): User initiated shutdown received. [ 71.691080][ T4316] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0xe0/0x15c (fs/xfs/xfs_fsops.c:491). Shutting down filesystem. [ 71.713756][ T4333] reiserfs: enabling write barrier flush mode [ 71.722792][ T4316] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 71.753814][ T4333] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 71.783082][ T4316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.789328][ T4329] loop3: detected capacity change from 0 to 8192 [ 71.797910][ T4078] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 163ms [ 71.806836][ T4078] gfs2: fsid=syz:syz.0: jid=0: Done [ 71.809116][ T4314] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 71.844388][ T4316] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.887906][ T4329] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 71.890371][ T4329] REISERFS (device loop3): using ordered data mode [ 71.892175][ T4329] reiserfs: using flush barriers [ 71.896516][ T4329] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 71.916168][ T4329] REISERFS (device loop3): checking transaction log (loop3) [ 71.968054][ T4024] XFS (loop2): Unmounting Filesystem [ 71.991013][ T4329] REISERFS (device loop3): Using r5 hash to sort names [ 72.042586][ T4329] reiserfs: enabling write barrier flush mode [ 72.073183][ T4329] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 72.373851][ T4366] loop0: detected capacity change from 0 to 512 [ 72.413435][ T4366] EXT4-fs (loop0): Invalid journal IO priority (must be 0-7) [ 72.434307][ T4370] loop2: detected capacity change from 0 to 8 [ 72.576070][ T4371] loop3: detected capacity change from 0 to 4096 [ 72.665650][ T4371] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 72.782950][ T4373] loop0: detected capacity change from 0 to 64 [ 72.982501][ T4373] hfs: unable to parse mount options [ 73.403392][ T4370] SQUASHFS error: Failed to read block 0x6e6: -5 [ 73.405136][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.406946][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.408773][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.454958][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.456749][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.458551][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.460399][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.500797][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.502772][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.541301][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.543211][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.545066][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.546937][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.548756][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.550573][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.565442][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.567368][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.569422][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.570289][ T4377] loop0: detected capacity change from 0 to 64 [ 73.573012][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.589607][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.592480][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.594366][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.596177][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.598116][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.605356][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.607498][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.609408][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.630302][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.632542][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.634334][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.634849][ T4360] loop4: detected capacity change from 0 to 32768 [ 73.638413][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.642831][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.648036][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.661491][ T4381] loop3: detected capacity change from 0 to 512 [ 73.665202][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.672712][ T4381] EXT2-fs (loop3): warning: mounting ext3 filesystem as ext2 [ 73.700413][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.706035][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.708143][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.711318][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.713177][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.714970][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.717349][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.719177][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.722253][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.724160][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.725972][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.727769][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.729466][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.732029][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.733785][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.735658][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.737355][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.739170][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.742289][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.744147][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.745900][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.747749][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.749520][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.751946][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.753850][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.755714][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.757430][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.759331][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.761954][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.763763][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.765717][ T4370] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 73.767556][ T4370] SQUASHFS error: read_indexes: reading block [6e4:0] [ 73.814633][ T4360] XFS (loop4): Mounting V5 Filesystem [ 73.843034][ T4388] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 73.930377][ T4360] XFS (loop4): Ending clean mount [ 73.966168][ T4360] XFS (loop4): Quotacheck needed: Please wait. [ 74.004020][ T4360] XFS (loop4): Quotacheck: Done. [ 74.043411][ T4395] loop1: detected capacity change from 0 to 8192 [ 74.065486][ T4360] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 74.110811][ T4395] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 74.113213][ T4395] REISERFS (device loop1): using ordered data mode [ 74.118568][ T4030] XFS (loop4): Unmounting Filesystem [ 74.124932][ T4395] reiserfs: using flush barriers [ 74.129908][ T4395] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.170566][ T4406] FAULT_INJECTION: forcing a failure. [ 74.170566][ T4406] name failslab, interval 1, probability 0, space 0, times 1 [ 74.181056][ T4395] REISERFS (device loop1): checking transaction log (loop1) [ 74.190052][ T4404] netlink: 20 bytes leftover after parsing attributes in process `syz.0.63'. [ 74.217795][ T4406] CPU: 0 PID: 4406 Comm: syz.2.65 Not tainted 5.15.175-syzkaller #0 [ 74.220022][ T4406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 74.222624][ T4406] Call trace: [ 74.223494][ T4406] dump_backtrace+0x0/0x530 [ 74.224688][ T4406] show_stack+0x2c/0x3c [ 74.225777][ T4406] dump_stack_lvl+0x108/0x170 [ 74.226997][ T4406] dump_stack+0x1c/0x58 [ 74.228075][ T4406] should_fail+0x3b8/0x514 [ 74.229274][ T4406] __should_failslab+0xbc/0x110 [ 74.230585][ T4406] should_failslab+0x10/0x28 [ 74.231761][ T4406] slab_pre_alloc_hook+0x64/0xe8 [ 74.232816][ T4406] kmem_cache_alloc_trace+0x9c/0x47c [ 74.233991][ T4406] nfnetlink_rcv+0xbf0/0x1dfc [ 74.235096][ T4406] netlink_unicast+0x664/0x938 [ 74.236323][ T4406] netlink_sendmsg+0x844/0xb38 [ 74.237498][ T4406] ____sys_sendmsg+0x584/0x870 [ 74.238834][ T4406] ___sys_sendmsg+0x214/0x294 [ 74.240041][ T4406] __arm64_sys_sendmsg+0x1ac/0x25c [ 74.241248][ T4406] invoke_syscall+0x98/0x2b8 [ 74.242445][ T4406] el0_svc_common+0x138/0x258 [ 74.243675][ T4406] do_el0_svc+0x58/0x14c [ 74.244810][ T4406] el0_svc+0x7c/0x1f0 [ 74.245807][ T4406] el0t_64_sync_handler+0x84/0xe4 [ 74.247052][ T4406] el0t_64_sync+0x1a0/0x1a4 [ 74.313289][ T4399] loop3: detected capacity change from 0 to 32768 [ 74.360231][ T4399] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.61 (4399) [ 74.427801][ T4395] REISERFS (device loop1): Using tea hash to sort names [ 74.430177][ T4395] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 74.459743][ T4399] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 74.467445][ T4399] BTRFS info (device loop3): using free space tree [ 74.473537][ T4399] BTRFS info (device loop3): has skinny extents [ 74.503328][ T4414] loop2: detected capacity change from 0 to 512 [ 74.556109][ T4414] EXT4-fs (loop2): Invalid journal IO priority (must be 0-7) [ 74.782873][ T7] cfg80211: failed to load regulatory.db [ 74.962854][ T4432] loop2: detected capacity change from 0 to 64 [ 75.147559][ T4430] bridge0: port 3(syz_tun) entered blocking state [ 75.191438][ T4432] hfs: unable to parse mount options [ 75.640312][ T4430] bridge0: port 3(syz_tun) entered disabled state [ 75.689798][ T4430] device syz_tun entered promiscuous mode [ 75.692458][ T4430] bridge0: port 3(syz_tun) entered blocking state [ 75.694400][ T4430] bridge0: port 3(syz_tun) entered forwarding state [ 75.754814][ T4399] BTRFS info (device loop3): enabling ssd optimizations [ 75.851673][ T4439] loop4: detected capacity change from 0 to 256 [ 75.927959][ T4439] tipc: Enabling of bearer rejected, failed to enable media [ 75.977138][ T4441] loop0: detected capacity change from 0 to 4096 [ 75.996324][ T4445] netlink: 28 bytes leftover after parsing attributes in process `syz.4.69'. [ 76.046641][ T4441] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 76.408106][ T4448] loop4: detected capacity change from 0 to 256 [ 76.458824][ T4452] loop0: detected capacity change from 0 to 512 [ 76.461639][ T4448] exfat: Bad value for 'allow_utime' [ 76.514149][ T4452] EXT2-fs (loop0): warning: mounting ext3 filesystem as ext2 [ 76.640561][ T4437] loop2: detected capacity change from 0 to 32768 [ 76.676563][ T4437] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.67 (4437) [ 76.733122][ T4437] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 76.735495][ T4437] BTRFS info (device loop2): using free space tree [ 76.737343][ T4437] BTRFS info (device loop2): has skinny extents [ 76.820174][ T4462] vhci_hcd: default hub control req: ff03 v0010 i0005 l5 [ 76.869059][ T4462] loop4: detected capacity change from 0 to 256 [ 76.946733][ T4465] FAULT_INJECTION: forcing a failure. [ 76.946733][ T4465] name failslab, interval 1, probability 0, space 0, times 0 [ 76.950356][ T4465] CPU: 0 PID: 4465 Comm: syz.0.74 Not tainted 5.15.175-syzkaller #0 [ 76.952437][ T4465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 76.954999][ T4465] Call trace: [ 76.955861][ T4465] dump_backtrace+0x0/0x530 [ 76.956982][ T4465] show_stack+0x2c/0x3c [ 76.958042][ T4465] dump_stack_lvl+0x108/0x170 [ 76.959329][ T4465] dump_stack+0x1c/0x58 [ 76.960422][ T4465] should_fail+0x3b8/0x514 [ 76.961560][ T4465] __should_failslab+0xbc/0x110 [ 76.962817][ T4465] should_failslab+0x10/0x28 [ 76.963982][ T4465] slab_pre_alloc_hook+0x64/0xe8 [ 76.965263][ T4465] kmem_cache_alloc+0x98/0x45c [ 76.966483][ T4465] xas_create+0x504/0x1354 [ 76.967637][ T4465] xas_create_range+0x1a0/0x6d0 [ 76.968891][ T4465] shmem_add_to_page_cache+0x9f0/0x16a0 [ 76.970325][ T4465] shmem_getpage_gfp+0x1398/0x20e4 [ 76.971768][ T4465] shmem_write_begin+0xe0/0x29c [ 76.973030][ T4465] generic_perform_write+0x24c/0x520 [ 76.974345][ T4465] __generic_file_write_iter+0x230/0x454 [ 76.975786][ T4465] generic_file_write_iter+0xb4/0x1b8 [ 76.977087][ T4465] vfs_write+0x884/0xb44 [ 76.978220][ T4465] ksys_write+0x15c/0x26c [ 76.979331][ T4465] __arm64_sys_write+0x7c/0x90 [ 76.980602][ T4465] invoke_syscall+0x98/0x2b8 [ 76.981863][ T4465] el0_svc_common+0x138/0x258 [ 76.983112][ T4465] do_el0_svc+0x58/0x14c [ 76.984247][ T4465] el0_svc+0x7c/0x1f0 [ 76.985316][ T4465] el0t_64_sync_handler+0x84/0xe4 [ 76.986599][ T4465] el0t_64_sync+0x1a0/0x1a4 [ 77.041471][ T4437] BTRFS info (device loop2): enabling ssd optimizations [ 77.071937][ T4437] Timeout policy `syz1' can only be used by L3 protocol number 0 [ 77.125246][ T4465] loop0: detected capacity change from 0 to 8192 [ 77.176824][ T4450] loop3: detected capacity change from 0 to 32768 [ 77.215342][ T4465] REISERFS warning (device loop0): super-6505 reiserfs_getopt: head of option "acl" is only correct [ 77.215342][ T4465] [ 77.257376][ T4018] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop2 scanned by udevd (4018) [ 77.630202][ T4497] FAULT_INJECTION: forcing a failure. [ 77.630202][ T4497] name failslab, interval 1, probability 0, space 0, times 0 [ 77.655521][ T4495] loop0: detected capacity change from 0 to 256 [ 77.664584][ T4497] CPU: 1 PID: 4497 Comm: syz.1.82 Not tainted 5.15.175-syzkaller #0 [ 77.666669][ T4497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 77.669168][ T4497] Call trace: [ 77.670061][ T4497] dump_backtrace+0x0/0x530 [ 77.671176][ T4497] show_stack+0x2c/0x3c [ 77.672195][ T4497] dump_stack_lvl+0x108/0x170 [ 77.673405][ T4497] dump_stack+0x1c/0x58 [ 77.674416][ T4497] should_fail+0x3b8/0x514 [ 77.675559][ T4497] __should_failslab+0xbc/0x110 [ 77.676753][ T4497] should_failslab+0x10/0x28 [ 77.677975][ T4497] slab_pre_alloc_hook+0x64/0xe8 [ 77.679355][ T4497] kmem_cache_alloc_node+0x9c/0x49c [ 77.680563][ T4497] __alloc_skb+0x174/0x584 [ 77.681711][ T4497] netlink_sendmsg+0x644/0xb38 [ 77.683012][ T4497] ____sys_sendmsg+0x584/0x870 [ 77.684255][ T4497] ___sys_sendmsg+0x214/0x294 [ 77.685533][ T4497] __arm64_sys_sendmsg+0x1ac/0x25c [ 77.686872][ T4497] invoke_syscall+0x98/0x2b8 [ 77.688122][ T4497] el0_svc_common+0x138/0x258 [ 77.689328][ T4497] do_el0_svc+0x58/0x14c [ 77.690405][ T4497] el0_svc+0x7c/0x1f0 [ 77.691361][ T4497] el0t_64_sync_handler+0x84/0xe4 [ 77.692681][ T4497] el0t_64_sync+0x1a0/0x1a4 [ 77.693866][ C1] vkms_vblank_simulate: vblank timer overrun [ 77.805903][ T4499] loop2: detected capacity change from 0 to 64 [ 77.981602][ T4499] hfs: unable to parse mount options [ 78.497042][ T4495] tipc: Enabling of bearer rejected, failed to enable media [ 78.587956][ T4516] netlink: 28 bytes leftover after parsing attributes in process `syz.0.81'. [ 78.660560][ T4515] loop4: detected capacity change from 0 to 4096 [ 78.718565][ T4520] loop2: detected capacity change from 0 to 128 [ 78.726961][ T4525] FAULT_INJECTION: forcing a failure. [ 78.726961][ T4525] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 78.730630][ T4525] CPU: 1 PID: 4525 Comm: syz.0.90 Not tainted 5.15.175-syzkaller #0 [ 78.732794][ T4525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 78.735403][ T4525] Call trace: [ 78.736200][ T4525] dump_backtrace+0x0/0x530 [ 78.737277][ T4525] show_stack+0x2c/0x3c [ 78.738301][ T4525] dump_stack_lvl+0x108/0x170 [ 78.739455][ T4525] dump_stack+0x1c/0x58 [ 78.740465][ T4525] should_fail+0x3b8/0x514 [ 78.741754][ T4525] should_fail_usercopy+0x20/0x30 [ 78.743000][ T4525] copy_from_bpfptr+0x78/0x20c [ 78.744174][ T4525] __sys_bpf+0x1b8/0x610 [ 78.745256][ T4525] __arm64_sys_bpf+0x80/0x98 [ 78.746395][ T4525] invoke_syscall+0x98/0x2b8 [ 78.747616][ T4525] el0_svc_common+0x138/0x258 [ 78.748808][ T4525] do_el0_svc+0x58/0x14c [ 78.749853][ T4525] el0_svc+0x7c/0x1f0 [ 78.750882][ T4525] el0t_64_sync_handler+0x84/0xe4 [ 78.752172][ T4525] el0t_64_sync+0x1a0/0x1a4 [ 78.753380][ C1] vkms_vblank_simulate: vblank timer overrun [ 78.765560][ T4520] befs: (loop2): No write support. Marking filesystem read-only [ 78.773302][ T4520] befs: (loop2): invalid magic header [ 78.822448][ T4521] loop1: detected capacity change from 0 to 4096 [ 78.912664][ T4514] sctp: failed to load transform for md5: -2 [ 78.927602][ T4520] netlink: 15 bytes leftover after parsing attributes in process `syz.2.89'. [ 79.038956][ T4520] loop2: detected capacity change from 0 to 2048 [ 79.038992][ T4530] loop0: detected capacity change from 0 to 8192 [ 79.077658][ T4538] loop4: detected capacity change from 0 to 4096 [ 79.100170][ T4530] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 79.102910][ T4530] REISERFS (device loop0): using ordered data mode [ 79.103089][ T4520] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 79.105471][ T4530] reiserfs: using flush barriers [ 79.116565][ T4530] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 79.121032][ T4530] REISERFS (device loop0): checking transaction log (loop0) [ 79.134681][ T4538] __ntfs_error: 6 callbacks suppressed [ 79.134695][ T4538] ntfs: (device loop4): parse_ntfs_boot_sector(): Mft record size (32768) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 79.161799][ T4541] loop1: detected capacity change from 0 to 4096 [ 79.165363][ T4538] ntfs: (device loop4): ntfs_fill_super(): Unsupported NTFS filesystem. [ 79.203162][ T4541] ntfs: (device loop1): parse_ntfs_boot_sector(): Mft record size (32768) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 79.208361][ T4541] ntfs: (device loop1): ntfs_fill_super(): Unsupported NTFS filesystem. [ 79.233148][ T4530] REISERFS (device loop0): Using tea hash to sort names [ 79.235311][ T4530] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 79.243788][ T4520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.89'. [ 79.248477][ T4530] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 79.375575][ T4545] loop4: detected capacity change from 0 to 256 [ 79.459125][ T4545] tipc: Started in network mode [ 79.460391][ T4545] tipc: Node identity faa8a36e8454, cluster identity 4711 [ 79.471626][ T4545] tipc: Enabled bearer , priority 0 [ 79.543943][ T4553] netlink: 28 bytes leftover after parsing attributes in process `syz.4.97'. [ 79.544365][ T4545] device syzkaller0 entered promiscuous mode [ 79.596483][ T4555] loop3: detected capacity change from 0 to 256 [ 79.660620][ T4561] loop0: detected capacity change from 0 to 512 [ 79.672842][ T4544] tipc: Resetting bearer [ 79.689203][ T4561] EXT4-fs (loop0): Invalid journal IO priority (must be 0-7) [ 79.736414][ T4544] tipc: Disabling bearer [ 79.738844][ T4559] loop1: detected capacity change from 0 to 4096 [ 79.751483][ T4562] tipc: Enabled bearer , priority 0 [ 79.778009][ T4555] device syzkaller0 entered promiscuous mode [ 79.813211][ T4559] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 79.819362][ T4555] netlink: 28 bytes leftover after parsing attributes in process `syz.3.100'. [ 79.993635][ T4554] tipc: Resetting bearer [ 80.132780][ T4564] loop0: detected capacity change from 0 to 64 [ 80.863398][ T4564] hfs: unable to parse mount options [ 80.871673][ T25] tipc: Node number set to 885131762 [ 80.885289][ T4554] tipc: Disabling bearer [ 80.896992][ T4543] loop2: detected capacity change from 0 to 32768 [ 80.925961][ T4543] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 80.928257][ T4543] BTRFS info (device loop2): setting nodatacow, compression disabled [ 80.930377][ T4543] BTRFS info (device loop2): turning on flush-on-commit [ 80.961884][ T4543] BTRFS info (device loop2): enabling auto defrag [ 80.963672][ T4543] BTRFS info (device loop2): max_inline at 0 [ 80.965131][ T4543] BTRFS info (device loop2): using free space tree [ 80.966867][ T4543] BTRFS info (device loop2): has skinny extents [ 80.992967][ T4567] loop4: detected capacity change from 0 to 2048 [ 81.014106][ T4567] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 81.398675][ T4598] loop3: detected capacity change from 0 to 512 [ 81.425891][ T4543] BTRFS info (device loop2): enabling ssd optimizations [ 81.466643][ T4598] EXT2-fs (loop3): warning: mounting ext3 filesystem as ext2 [ 81.546433][ T4601] loop4: detected capacity change from 0 to 512 [ 81.567939][ T4603] loop1: detected capacity change from 0 to 8192 [ 81.571326][ T4601] EXT2-fs (loop4): warning: mounting ext3 filesystem as ext2 [ 81.684056][ T4603] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 81.687403][ T4603] REISERFS (device loop1): using ordered data mode [ 81.689114][ T4603] reiserfs: using flush barriers [ 81.708683][ T4603] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 81.713701][ T4603] REISERFS (device loop1): checking transaction log (loop1) [ 81.726133][ T4603] REISERFS (device loop1): Using rupasov hash to sort names [ 81.728041][ T4603] REISERFS (device loop1): using 3.5.x disk format [ 81.729754][ T4603] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 81.740766][ T4603] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 81.743854][ T4603] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 81.746661][ T4603] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 81.765170][ T4603] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 81.767189][ T4609] FAULT_INJECTION: forcing a failure. [ 81.767189][ T4609] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 81.768990][ T4603] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 81.774248][ T4603] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 81.888013][ T4609] CPU: 1 PID: 4609 Comm: syz.4.111 Not tainted 5.15.175-syzkaller #0 [ 81.890113][ T4609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 81.892752][ T4609] Call trace: [ 81.893616][ T4609] dump_backtrace+0x0/0x530 [ 81.894748][ T4609] show_stack+0x2c/0x3c [ 81.895860][ T4609] dump_stack_lvl+0x108/0x170 [ 81.897044][ T4609] dump_stack+0x1c/0x58 [ 81.898115][ T4609] should_fail+0x3b8/0x514 [ 81.899277][ T4609] should_fail_alloc_page+0x74/0xa8 [ 81.900614][ T4609] prepare_alloc_pages+0x160/0x460 [ 81.901841][ T4609] __alloc_pages+0x138/0x674 [ 81.903039][ T4609] alloc_pages_vma+0x294/0x7c0 [ 81.904209][ T4609] alloc_zeroed_user_highpage_movable+0x9c/0xd8 [ 81.905836][ T4609] handle_mm_fault+0x1ee8/0x33a8 [ 81.907085][ T4609] do_page_fault+0x700/0xb60 [ 81.908321][ T4609] do_translation_fault+0xe8/0x138 [ 81.909693][ T4609] do_mem_abort+0x70/0x1d8 [ 81.910848][ T4609] el0_da+0x94/0x20c [ 81.911810][ T4609] el0t_64_sync_handler+0xc0/0xe4 [ 81.913140][ T4609] el0t_64_sync+0x1a0/0x1a4 [ 82.024770][ T4609] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 82.888589][ T4614] netlink: 96 bytes leftover after parsing attributes in process `syz.2.113'. [ 82.893593][ T4614] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge_slave_0 [ 82.907260][ T4609] loop4: detected capacity change from 0 to 4096 [ 82.936100][ T4582] loop0: detected capacity change from 0 to 40427 [ 82.956336][ T4609] ntfs: (device loop4): parse_ntfs_boot_sector(): Mft record size (8192) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 82.960408][ T4609] ntfs: (device loop4): ntfs_fill_super(): Unsupported NTFS filesystem. [ 82.988058][ T4582] F2FS-fs (loop0): invalid crc value [ 83.048078][ T4582] F2FS-fs (loop0): Found nat_bits in checkpoint [ 83.087515][ T4582] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 83.159763][ T4582] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 83.170428][ T4582] attempt to access beyond end of device [ 83.170428][ T4582] loop0: rw=2049, want=45104, limit=40427 [ 83.206857][ T4622] loop4: detected capacity change from 0 to 256 [ 83.352557][ T4622] tipc: Enabled bearer , priority 0 [ 83.428419][ T4623] netlink: 28 bytes leftover after parsing attributes in process `syz.4.114'. [ 83.455566][ T4622] device syzkaller0 entered promiscuous mode [ 83.487720][ T4614] loop2: detected capacity change from 0 to 32768 [ 83.518196][ T4621] tipc: Resetting bearer [ 83.583714][ T4614] (syz.2.113,4614,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 83.630337][ T4621] tipc: Disabling bearer [ 83.657594][ T4616] loop3: detected capacity change from 0 to 32768 [ 83.695832][ T4616] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.112 (4616) [ 83.743751][ T4629] loop1: detected capacity change from 0 to 512 [ 83.749811][ T4616] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 83.758700][ T4616] BTRFS info (device loop3): using free space tree [ 83.760349][ T4616] BTRFS info (device loop3): has skinny extents [ 83.770494][ T4629] EXT4-fs (loop1): Invalid journal IO priority (must be 0-7) [ 83.795978][ T4636] FAULT_INJECTION: forcing a failure. [ 83.795978][ T4636] name failslab, interval 1, probability 0, space 0, times 0 [ 83.799601][ T4636] CPU: 0 PID: 4636 Comm: syz.0.116 Not tainted 5.15.175-syzkaller #0 [ 83.801568][ T4636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 83.804084][ T4636] Call trace: [ 83.804932][ T4636] dump_backtrace+0x0/0x530 [ 83.806060][ T4636] show_stack+0x2c/0x3c [ 83.806977][ T4636] dump_stack_lvl+0x108/0x170 [ 83.808103][ T4636] dump_stack+0x1c/0x58 [ 83.809237][ T4636] should_fail+0x3b8/0x514 [ 83.810333][ T4636] __should_failslab+0xbc/0x110 [ 83.811462][ T4636] should_failslab+0x10/0x28 [ 83.812630][ T4636] slab_pre_alloc_hook+0x64/0xe8 [ 83.813921][ T4636] kmem_cache_alloc+0x98/0x45c [ 83.815117][ T4636] security_file_alloc+0x30/0x124 [ 83.816268][ T4636] __alloc_file+0xb0/0x240 [ 83.817420][ T4636] alloc_empty_file+0xa8/0x198 [ 83.818610][ T4636] alloc_file+0x64/0x494 [ 83.819669][ T4636] alloc_file_pseudo+0x1e0/0x278 [ 83.820946][ T4636] __shmem_file_setup+0x19c/0x26c [ 83.822215][ T4636] shmem_file_setup+0x40/0x54 [ 83.823458][ T4636] __arm64_sys_memfd_create+0x374/0x610 [ 83.824851][ T4636] invoke_syscall+0x98/0x2b8 [ 83.826009][ T4636] el0_svc_common+0x138/0x258 [ 83.827205][ T4636] do_el0_svc+0x58/0x14c [ 83.828277][ T4636] el0_svc+0x7c/0x1f0 [ 83.829357][ T4636] el0t_64_sync_handler+0x84/0xe4 [ 83.830618][ T4636] el0t_64_sync+0x1a0/0x1a4 [ 83.846872][ T4637] loop4: detected capacity change from 0 to 2048 [ 83.898169][ T4637] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 84.100194][ T4652] loop0: detected capacity change from 0 to 512 [ 84.187607][ T4654] loop1: detected capacity change from 0 to 64 [ 84.391758][ T4654] hfs: unable to parse mount options [ 84.964913][ T4652] EXT2-fs (loop0): warning: mounting ext3 filesystem as ext2 [ 85.030800][ T4616] BTRFS info (device loop3): enabling ssd optimizations [ 85.147027][ T4639] loop2: detected capacity change from 0 to 32768 [ 85.176301][ T4667] BTRFS info (device loop3): balance: start -d -m -s [ 85.180885][ T9] BTRFS info (device loop3): space_info 5 has 397312 free, is not full [ 85.183278][ T9] BTRFS info (device loop3): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1171456, readonly=1638400 zone_unusable=0 [ 85.186954][ T9] BTRFS info (device loop3): global_block_rsv: size 851968 reserved 851968 [ 85.189379][ T9] BTRFS info (device loop3): trans_block_rsv: size 327680 reserved 282624 [ 85.191700][ T9] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0 [ 85.193610][ T9] BTRFS info (device loop3): delayed_block_rsv: size 32768 reserved 32768 [ 85.195826][ T9] BTRFS info (device loop3): delayed_refs_rsv: size 262144 reserved 0 [ 85.237864][ T9] BTRFS info (device loop3): space_info 5 has 397312 free, is not full [ 85.240254][ T9] BTRFS info (device loop3): space_info total=3276800, used=61440, pinned=0, reserved=16384, may_use=1163264, readonly=1638400 zone_unusable=0 [ 85.244138][ T9] BTRFS info (device loop3): global_block_rsv: size 851968 reserved 847872 [ 85.246545][ T9] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0 [ 85.248704][ T9] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0 [ 85.250599][ T9] BTRFS info (device loop3): delayed_block_rsv: size 131072 reserved 131072 [ 85.253162][ T9] BTRFS info (device loop3): delayed_refs_rsv: size 524288 reserved 184320 [ 85.272669][ T4667] BTRFS info (device loop3): relocating block group 6881280 flags data|metadata [ 85.285024][ T4639] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz.2.120 (4639) [ 85.399203][ T4667] BTRFS info (device loop3): relocating block group 5242880 flags data|metadata [ 85.422034][ T4675] loop0: detected capacity change from 0 to 256 [ 85.461731][ T4667] BTRFS info (device loop3): balance: canceled [ 85.491641][ T4675] FAT-fs (loop0): Unrecognized mount option "short name=winnt" or missing value [ 85.691968][ T4684] FAULT_INJECTION: forcing a failure. [ 85.691968][ T4684] name failslab, interval 1, probability 0, space 0, times 0 [ 85.695355][ T4684] CPU: 1 PID: 4684 Comm: syz.2.129 Not tainted 5.15.175-syzkaller #0 [ 85.697400][ T4684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 85.700030][ T4684] Call trace: [ 85.700891][ T4684] dump_backtrace+0x0/0x530 [ 85.701972][ T4684] show_stack+0x2c/0x3c [ 85.703014][ T4684] dump_stack_lvl+0x108/0x170 [ 85.704279][ T4684] dump_stack+0x1c/0x58 [ 85.705394][ T4684] should_fail+0x3b8/0x514 [ 85.706530][ T4684] __should_failslab+0xbc/0x110 [ 85.707694][ T4684] should_failslab+0x10/0x28 [ 85.708876][ T4684] slab_pre_alloc_hook+0x64/0xe8 [ 85.710099][ T4684] __kmalloc+0xc0/0x4c8 [ 85.711205][ T4684] tomoyo_encode+0x270/0x4b0 [ 85.712419][ T4684] tomoyo_realpath_from_path+0x4b4/0x508 [ 85.713888][ T4684] tomoyo_path_number_perm+0x1f8/0x6b0 [ 85.715313][ T4684] tomoyo_file_ioctl+0x2c/0x3c [ 85.716536][ T4684] security_file_ioctl+0x80/0xbc [ 85.717818][ T4684] __arm64_sys_ioctl+0xa8/0x1c8 [ 85.719015][ T4684] invoke_syscall+0x98/0x2b8 [ 85.720115][ T4684] el0_svc_common+0x138/0x258 [ 85.721248][ T4684] do_el0_svc+0x58/0x14c [ 85.722296][ T4684] el0_svc+0x7c/0x1f0 [ 85.723384][ T4684] el0t_64_sync_handler+0x84/0xe4 [ 85.724604][ T4684] el0t_64_sync+0x1a0/0x1a4 [ 85.725862][ C1] vkms_vblank_simulate: vblank timer overrun [ 85.784103][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.831228][ T4684] ERROR: Out of memory at tomoyo_realpath_from_path. [ 85.864647][ T4686] tipc: Enabled bearer , priority 0 [ 85.915485][ T4686] device syzkaller0 entered promiscuous mode [ 85.952056][ T4686] netlink: 28 bytes leftover after parsing attributes in process `syz.3.128'. [ 85.976788][ T4685] tipc: Resetting bearer [ 86.010627][ T4691] loop2: detected capacity change from 0 to 2048 [ 86.053138][ T4685] tipc: Disabling bearer [ 86.106171][ T4691] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 86.219774][ T4680] loop1: detected capacity change from 0 to 40427 [ 86.317779][ T4678] loop4: detected capacity change from 0 to 32768 [ 86.445762][ T4688] loop0: detected capacity change from 0 to 32768 [ 86.457221][ T4680] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 86.459203][ T4680] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 86.561829][ T4697] loop3: detected capacity change from 0 to 64 [ 86.683235][ T4697] hfs: unable to parse mount options [ 87.231223][ T4688] (syz.0.131,4688,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 87.243514][ T4680] F2FS-fs (loop1): invalid crc value [ 87.257350][ T4688] (syz.0.131,4688,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 87.272268][ T4680] F2FS-fs (loop1): Found nat_bits in checkpoint [ 87.338038][ T4701] loop2: detected capacity change from 0 to 1024 [ 87.351765][ T4688] JBD2: Ignoring recovery information on journal [ 87.354070][ T4680] F2FS-fs (loop1): Start checkpoint disabled! [ 87.383690][ T4704] device sit0 entered promiscuous mode [ 87.388905][ T4704] netlink: 'syz.3.136': attribute type 1 has an invalid length. [ 87.395402][ T4701] hfsplus: invalid uid specified [ 87.396854][ T4701] hfsplus: unable to parse mount options [ 87.410048][ T4680] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 87.412880][ T4680] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 87.441252][ T4688] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 87.538391][ T4708] overlayfs: unrecognized mount option "/" or missing value [ 87.560003][ T4138] attempt to access beyond end of device [ 87.560003][ T4138] loop1: rw=2049, want=40992, limit=40427 [ 87.601408][ T4713] device veth0_to_batadv entered promiscuous mode [ 87.604252][ T4712] FAULT_INJECTION: forcing a failure. [ 87.604252][ T4712] name failslab, interval 1, probability 0, space 0, times 0 [ 87.618196][ T4712] CPU: 0 PID: 4712 Comm: syz.2.139 Not tainted 5.15.175-syzkaller #0 [ 87.620386][ T4712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 87.623061][ T4712] Call trace: [ 87.623886][ T4712] dump_backtrace+0x0/0x530 [ 87.624985][ T4712] show_stack+0x2c/0x3c [ 87.626042][ T4712] dump_stack_lvl+0x108/0x170 [ 87.627274][ T4712] dump_stack+0x1c/0x58 [ 87.628357][ T4712] should_fail+0x3b8/0x514 [ 87.629508][ T4712] __should_failslab+0xbc/0x110 [ 87.630824][ T4712] should_failslab+0x10/0x28 [ 87.632038][ T4712] slab_pre_alloc_hook+0x64/0xe8 [ 87.633319][ T4712] __kmalloc+0xc0/0x4c8 [ 87.634403][ T4712] alloc_pipe_info+0x210/0x518 [ 87.635541][ T4712] splice_direct_to_actor+0x818/0x9a0 [ 87.637002][ T4712] do_splice_direct+0x1f4/0x334 [ 87.638192][ T4712] do_sendfile+0x4c0/0xcb0 [ 87.639342][ T4712] __arm64_sys_sendfile64+0x160/0x408 [ 87.640828][ T4712] invoke_syscall+0x98/0x2b8 [ 87.642035][ T4712] el0_svc_common+0x138/0x258 [ 87.643181][ T4712] do_el0_svc+0x58/0x14c [ 87.644294][ T4712] el0_svc+0x7c/0x1f0 [ 87.645336][ T4712] el0t_64_sync_handler+0x84/0xe4 [ 87.646605][ T4712] el0t_64_sync+0x1a0/0x1a4 [ 87.655313][ T4708] loop4: detected capacity change from 0 to 256 [ 87.668395][ T4713] A link change request failed with some changes committed already. Interface veth0_to_batadv may have been left with an inconsistent configuration, please check. [ 87.671900][ T4708] exfat: Unknown parameter '(' [ 87.747381][ T4029] ocfs2: Unmounting device (7,0) on (node local) [ 87.818723][ T4721] loop2: detected capacity change from 0 to 256 [ 87.856249][ T4721] tipc: Started in network mode [ 87.857554][ T4721] tipc: Node identity 7a63d900d7ae, cluster identity 4711 [ 87.859367][ T4721] tipc: Enabled bearer , priority 0 [ 87.864444][ T4719] loop3: detected capacity change from 0 to 8192 [ 87.929373][ T4722] netlink: 28 bytes leftover after parsing attributes in process `syz.2.143'. [ 87.945415][ T4721] device syzkaller0 entered promiscuous mode [ 87.982095][ T4719] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 87.984627][ T4719] REISERFS (device loop3): using ordered data mode [ 87.986303][ T4719] reiserfs: using flush barriers [ 88.008688][ T4719] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 88.019905][ T4720] tipc: Resetting bearer [ 88.023343][ T4719] REISERFS (device loop3): checking transaction log (loop3) [ 88.062965][ T4719] REISERFS (device loop3): Using rupasov hash to sort names [ 88.064918][ T4719] REISERFS (device loop3): using 3.5.x disk format [ 88.066636][ T4719] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 88.069346][ T4719] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 88.088210][ T4719] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 88.127258][ T4719] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 88.148613][ T4716] loop1: detected capacity change from 0 to 32768 [ 88.162505][ T4720] tipc: Disabling bearer [ 88.199485][ T4716] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 88.302568][ T4025] ocfs2: Unmounting device (7,1) on (node local) [ 88.392597][ T4729] loop2: detected capacity change from 0 to 256 [ 88.412836][ T4731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.429493][ T4731] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.473999][ T4729] tipc: Enabling of bearer rejected, failed to enable media [ 88.543510][ T4738] netlink: 28 bytes leftover after parsing attributes in process `syz.2.146'. [ 88.550796][ T4736] loop3: detected capacity change from 0 to 256 [ 88.584373][ T4735] loop1: detected capacity change from 0 to 2048 [ 88.600351][ T4735] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 88.842364][ T4725] loop0: detected capacity change from 0 to 32768 [ 89.561592][ T4725] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.140 (4725) [ 89.648457][ T4725] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 89.653729][ T4725] BTRFS info (device loop0): setting nodatacow, compression disabled [ 89.655740][ T4725] BTRFS info (device loop0): turning on flush-on-commit [ 89.657460][ T4725] BTRFS info (device loop0): enabling auto defrag [ 89.659134][ T4725] BTRFS info (device loop0): max_inline at 0 [ 89.672110][ T4750] FAULT_INJECTION: forcing a failure. [ 89.672110][ T4750] name failslab, interval 1, probability 0, space 0, times 0 [ 89.675395][ T4750] CPU: 1 PID: 4750 Comm: syz.2.151 Not tainted 5.15.175-syzkaller #0 [ 89.677584][ T4750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 89.680120][ T4750] Call trace: [ 89.680977][ T4750] dump_backtrace+0x0/0x530 [ 89.682167][ T4750] show_stack+0x2c/0x3c [ 89.683270][ T4750] dump_stack_lvl+0x108/0x170 [ 89.684427][ T4750] dump_stack+0x1c/0x58 [ 89.685551][ T4750] should_fail+0x3b8/0x514 [ 89.686653][ T4750] __should_failslab+0xbc/0x110 [ 89.687836][ T4750] should_failslab+0x10/0x28 [ 89.688978][ T4750] slab_pre_alloc_hook+0x64/0xe8 [ 89.690329][ T4750] kmem_cache_alloc+0x98/0x45c [ 89.691506][ T4750] security_file_alloc+0x30/0x124 [ 89.692829][ T4750] __alloc_file+0xb0/0x240 [ 89.693946][ T4750] alloc_empty_file+0xa8/0x198 [ 89.695264][ T4750] alloc_file+0x64/0x494 [ 89.696326][ T4750] alloc_file_pseudo+0x1e0/0x278 [ 89.697568][ T4750] __shmem_file_setup+0x19c/0x26c [ 89.698939][ T4750] shmem_file_setup+0x40/0x54 [ 89.700145][ T4750] __arm64_sys_memfd_create+0x374/0x610 [ 89.701511][ T4750] invoke_syscall+0x98/0x2b8 [ 89.702663][ T4750] el0_svc_common+0x138/0x258 [ 89.703826][ T4750] do_el0_svc+0x58/0x14c [ 89.704937][ T4750] el0_svc+0x7c/0x1f0 [ 89.705983][ T4750] el0t_64_sync_handler+0x84/0xe4 [ 89.707311][ T4750] el0t_64_sync+0x1a0/0x1a4 [ 89.708578][ C1] vkms_vblank_simulate: vblank timer overrun [ 89.716095][ T4725] BTRFS info (device loop0): using free space tree [ 89.717842][ T4725] BTRFS info (device loop0): has skinny extents [ 89.750204][ T4754] loop3: detected capacity change from 0 to 64 [ 89.771264][ T4754] hfs: unable to parse mount options [ 89.788914][ T4748] loop1: detected capacity change from 0 to 8192 [ 89.797454][ T4748] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 89.799977][ T4748] REISERFS (device loop1): using ordered data mode [ 89.802728][ T4748] reiserfs: using flush barriers [ 89.811125][ T4748] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 89.815678][ T4748] REISERFS (device loop1): checking transaction log (loop1) [ 89.832998][ T4748] REISERFS (device loop1): Using r5 hash to sort names [ 89.835079][ T4748] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 89.878495][ T4765] loop2: detected capacity change from 0 to 512 [ 89.914346][ T4765] EXT2-fs (loop2): warning: mounting ext3 filesystem as ext2 [ 89.916342][ T4765] EXT2-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 90.074607][ T4725] BTRFS info (device loop0): enabling ssd optimizations [ 90.102439][ T4773] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 90.105462][ T4773] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 90.192568][ T4782] FAULT_INJECTION: forcing a failure. [ 90.192568][ T4782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.196180][ T4782] CPU: 1 PID: 4782 Comm: syz.2.156 Not tainted 5.15.175-syzkaller #0 [ 90.198336][ T4782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 90.200932][ T4782] Call trace: [ 90.201745][ T4782] dump_backtrace+0x0/0x530 [ 90.202901][ T4782] show_stack+0x2c/0x3c [ 90.203979][ T4782] dump_stack_lvl+0x108/0x170 [ 90.205217][ T4782] dump_stack+0x1c/0x58 [ 90.206346][ T4782] should_fail+0x3b8/0x514 [ 90.207442][ T4782] should_fail_usercopy+0x20/0x30 [ 90.208806][ T4782] copy_page_from_iter_atomic+0x3c8/0xffc [ 90.210313][ T4782] generic_perform_write+0x2d0/0x520 [ 90.211634][ T4782] __generic_file_write_iter+0x230/0x454 [ 90.213074][ T4782] generic_file_write_iter+0xb4/0x1b8 [ 90.214441][ T4782] vfs_write+0x884/0xb44 [ 90.215599][ T4782] ksys_write+0x15c/0x26c [ 90.216779][ T4782] __arm64_sys_write+0x7c/0x90 [ 90.217993][ T4782] invoke_syscall+0x98/0x2b8 [ 90.219173][ T4782] el0_svc_common+0x138/0x258 [ 90.220429][ T4782] do_el0_svc+0x58/0x14c [ 90.221477][ T4782] el0_svc+0x7c/0x1f0 [ 90.222462][ T4782] el0t_64_sync_handler+0x84/0xe4 [ 90.223800][ T4782] el0t_64_sync+0x1a0/0x1a4 [ 90.225020][ C1] vkms_vblank_simulate: vblank timer overrun [ 90.295511][ T4782] loop2: detected capacity change from 0 to 8192 [ 90.329684][ T4781] loop1: detected capacity change from 0 to 8192 [ 90.371302][ T4782] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 90.373977][ T4782] REISERFS (device loop2): using ordered data mode [ 90.375649][ T4782] reiserfs: using flush barriers [ 90.383933][ T4782] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.385624][ T4781] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 90.388268][ T4782] REISERFS (device loop2): checking transaction log (loop2) [ 90.390293][ T4781] REISERFS (device loop1): using ordered data mode [ 90.399477][ T4781] reiserfs: using flush barriers [ 90.403847][ T4782] REISERFS (device loop2): Using r5 hash to sort names [ 90.410222][ T4782] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 90.414214][ T4781] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.423550][ T4782] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 90.434848][ T4781] REISERFS (device loop1): checking transaction log (loop1) [ 90.437672][ T4790] tipc: Started in network mode [ 90.438905][ T4790] tipc: Node identity 9e22bad9ddae, cluster identity 4711 [ 90.444577][ T4790] tipc: Enabled bearer , priority 0 [ 90.463896][ T4781] REISERFS (device loop1): Using rupasov hash to sort names [ 90.465873][ T4781] REISERFS (device loop1): using 3.5.x disk format [ 90.467632][ T4781] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 90.479769][ T4790] device syzkaller0 entered promiscuous mode [ 90.485678][ T4781] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 90.486973][ T4790] netlink: 28 bytes leftover after parsing attributes in process `syz.0.157'. [ 90.488436][ T4781] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 90.539301][ T4781] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 90.544789][ T4789] tipc: Resetting bearer [ 90.559003][ T4793] loop3: detected capacity change from 0 to 2048 [ 90.598928][ T4789] tipc: Disabling bearer [ 90.628055][ T4793] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 90.845929][ T4795] loop0: detected capacity change from 0 to 8192 [ 90.882951][ T4799] FAULT_INJECTION: forcing a failure. [ 90.882951][ T4799] name failslab, interval 1, probability 0, space 0, times 0 [ 90.886342][ T4799] CPU: 1 PID: 4799 Comm: syz.2.159 Not tainted 5.15.175-syzkaller #0 [ 90.888304][ T4799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 90.890956][ T4799] Call trace: [ 90.891785][ T4799] dump_backtrace+0x0/0x530 [ 90.892910][ T4799] show_stack+0x2c/0x3c [ 90.894032][ T4799] dump_stack_lvl+0x108/0x170 [ 90.895144][ T4799] dump_stack+0x1c/0x58 [ 90.896202][ T4799] should_fail+0x3b8/0x514 [ 90.897391][ T4799] __should_failslab+0xbc/0x110 [ 90.898627][ T4799] should_failslab+0x10/0x28 [ 90.899872][ T4799] slab_pre_alloc_hook+0x64/0xe8 [ 90.901211][ T4799] kmem_cache_alloc+0x98/0x45c [ 90.902503][ T4799] security_inode_alloc+0x30/0x124 [ 90.903883][ T4799] inode_init_always+0x690/0xb14 [ 90.905176][ T4799] new_inode_pseudo+0x7c/0x200 [ 90.906452][ T4799] new_inode+0x38/0x174 [ 90.907401][ T4799] shmem_get_inode+0x31c/0xa04 [ 90.908732][ T4799] __shmem_file_setup+0xf8/0x26c [ 90.909985][ T4799] shmem_file_setup+0x40/0x54 [ 90.911247][ T4799] __arm64_sys_memfd_create+0x374/0x610 [ 90.912878][ T4799] invoke_syscall+0x98/0x2b8 [ 90.914059][ T4799] el0_svc_common+0x138/0x258 [ 90.915320][ T4799] do_el0_svc+0x58/0x14c [ 90.916407][ T4799] el0_svc+0x7c/0x1f0 [ 90.917478][ T4799] el0t_64_sync_handler+0x84/0xe4 [ 90.918761][ T4799] el0t_64_sync+0x1a0/0x1a4 [ 90.920066][ C1] vkms_vblank_simulate: vblank timer overrun [ 90.922136][ T4795] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 90.924662][ T4795] REISERFS (device loop0): using ordered data mode [ 90.926228][ T4795] reiserfs: using flush barriers [ 90.947546][ T4795] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.967896][ T4795] REISERFS (device loop0): checking transaction log (loop0) [ 90.999705][ T4795] REISERFS (device loop0): Using r5 hash to sort names [ 91.006906][ T4795] reiserfs: enabling write barrier flush mode [ 91.035071][ T4795] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 91.109101][ T4806] netlink: 'syz.2.162': attribute type 1 has an invalid length. [ 91.638756][ T227] block nbd2: Attempted send on invalid socket [ 91.641361][ T227] blk_update_request: I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 91.651240][ T4808] EXT4-fs (nbd2): unable to read superblock [ 92.125454][ T4817] loop4: detected capacity change from 0 to 512 [ 92.153809][ T4817] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 92.171439][ T4817] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 92.175084][ T4817] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 3)! [ 92.177690][ T4817] EXT4-fs (loop4): group descriptors corrupted! [ 92.220544][ T4820] loop0: detected capacity change from 0 to 1024 [ 92.220882][ T4813] mmap: syz.2.165 (4813): VmData 37625856 exceed data ulimit 5. Update limits or use boot option ignore_rlimit_data. [ 92.268646][ T4820] hfsplus: invalid uid specified [ 92.270084][ T4820] hfsplus: unable to parse mount options [ 92.350977][ T4824] loop4: detected capacity change from 0 to 512 [ 92.403275][ T4824] EXT4-fs (loop4): Invalid journal IO priority (must be 0-7) [ 92.452841][ T4828] loop0: detected capacity change from 0 to 256 [ 92.787304][ T4830] loop4: detected capacity change from 0 to 64 [ 93.151467][ T4830] hfs: unable to parse mount options [ 93.548846][ T4828] tipc: Enabled bearer , priority 0 [ 93.625046][ T4822] loop1: detected capacity change from 0 to 32768 [ 93.630818][ T4822] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.168 (4822) [ 93.637339][ T4822] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 93.639614][ T4822] BTRFS info (device loop1): setting nodatacow, compression disabled [ 93.647656][ T4822] BTRFS info (device loop1): turning on flush-on-commit [ 93.649717][ T4822] BTRFS info (device loop1): enabling auto defrag [ 93.655264][ T4822] BTRFS info (device loop1): max_inline at 0 [ 93.657053][ T4822] BTRFS info (device loop1): using free space tree [ 93.658822][ T4822] BTRFS info (device loop1): has skinny extents [ 93.668412][ T4826] loop2: detected capacity change from 0 to 8192 [ 93.679630][ T4831] netlink: 28 bytes leftover after parsing attributes in process `syz.0.171'. [ 93.717996][ T4826] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 93.720448][ T4826] REISERFS (device loop2): using ordered data mode [ 93.724596][ T4826] reiserfs: using flush barriers [ 93.740816][ T4826] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 93.745102][ T4826] REISERFS (device loop2): checking transaction log (loop2) [ 93.761746][ T4826] REISERFS (device loop2): Using rupasov hash to sort names [ 93.763797][ T4826] REISERFS (device loop2): using 3.5.x disk format [ 93.765775][ T4826] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 93.801514][ T4828] device syzkaller0 entered promiscuous mode [ 93.803663][ T4826] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 93.806477][ T4826] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 93.809017][ T4826] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 93.809230][ T4833] loop4: detected capacity change from 0 to 8192 [ 93.831113][ T4827] tipc: Resetting bearer [ 93.876471][ T4833] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 93.879169][ T4833] REISERFS (device loop4): using ordered data mode [ 93.886191][ T4833] reiserfs: using flush barriers [ 93.909092][ T4833] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 93.919536][ T4833] REISERFS (device loop4): checking transaction log (loop4) [ 93.930296][ T4827] tipc: Disabling bearer [ 93.949159][ T4833] REISERFS (device loop4): Using r5 hash to sort names [ 93.956336][ T4833] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 93.959958][ T4833] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 93.999853][ T4822] BTRFS info (device loop1): enabling ssd optimizations [ 94.160282][ T4860] FAULT_INJECTION: forcing a failure. [ 94.160282][ T4860] name failslab, interval 1, probability 0, space 0, times 0 [ 94.249209][ T4860] CPU: 0 PID: 4860 Comm: syz.0.176 Not tainted 5.15.175-syzkaller #0 [ 94.251421][ T4860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 94.254036][ T4860] Call trace: [ 94.254912][ T4860] dump_backtrace+0x0/0x530 [ 94.256129][ T4860] show_stack+0x2c/0x3c [ 94.257254][ T4860] dump_stack_lvl+0x108/0x170 [ 94.258421][ T4860] dump_stack+0x1c/0x58 [ 94.259476][ T4860] should_fail+0x3b8/0x514 [ 94.260651][ T4860] __should_failslab+0xbc/0x110 [ 94.261820][ T4860] should_failslab+0x10/0x28 [ 94.262928][ T4860] slab_pre_alloc_hook+0x64/0xe8 [ 94.264158][ T4860] kmem_cache_alloc_node+0x9c/0x49c [ 94.265305][ T4860] __alloc_skb+0x174/0x584 [ 94.266372][ T4860] netlink_sendmsg+0x644/0xb38 [ 94.267581][ T4860] ____sys_sendmsg+0x584/0x870 [ 94.268770][ T4860] ___sys_sendmsg+0x214/0x294 [ 94.269908][ T4860] __arm64_sys_sendmsg+0x1ac/0x25c [ 94.271232][ T4860] invoke_syscall+0x98/0x2b8 [ 94.272371][ T4860] el0_svc_common+0x138/0x258 [ 94.273512][ T4860] do_el0_svc+0x58/0x14c [ 94.274586][ T4860] el0_svc+0x7c/0x1f0 [ 94.275662][ T4860] el0t_64_sync_handler+0x84/0xe4 [ 94.277005][ T4860] el0t_64_sync+0x1a0/0x1a4 [ 94.278192][ C0] vkms_vblank_simulate: vblank timer overrun [ 94.440773][ T4868] loop0: detected capacity change from 0 to 256 [ 94.564084][ T4868] tipc: Enabled bearer , priority 0 [ 94.574897][ T4862] loop2: detected capacity change from 0 to 8192 [ 94.604025][ T4862] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 94.606689][ T4862] REISERFS (device loop2): using ordered data mode [ 94.608284][ T4862] reiserfs: using flush barriers [ 94.623231][ T4868] device syzkaller0 entered promiscuous mode [ 94.687843][ T4868] netlink: 28 bytes leftover after parsing attributes in process `syz.0.179'. [ 94.690461][ T4862] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 94.726053][ T4862] REISERFS (device loop2): checking transaction log (loop2) [ 94.766653][ T4862] REISERFS (device loop2): Using r5 hash to sort names [ 94.774154][ T4862] reiserfs: enabling write barrier flush mode [ 94.798322][ T4862] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 94.891233][ T4867] tipc: Resetting bearer [ 94.977021][ T4867] tipc: Disabling bearer [ 95.208978][ T4864] loop4: detected capacity change from 0 to 32768 [ 95.238215][ T4885] loop3: detected capacity change from 0 to 2048 [ 95.249567][ T4870] loop1: detected capacity change from 0 to 32768 [ 95.253784][ T4889] loop2: detected capacity change from 0 to 64 [ 95.286971][ T4864] XFS (loop4): Mounting V5 Filesystem [ 95.289376][ T4870] (syz.1.178,4870,0):ocfs2_get_clusters:606 ERROR: status = -34 [ 95.298978][ T4885] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 95.307313][ T4870] (syz.1.178,4870,0):ocfs2_extent_map_get_blocks:671 ERROR: status = -34 [ 95.309547][ T4870] (syz.1.178,4870,0):ocfs2_map_slot_buffers:378 ERROR: status = -34 [ 95.313115][ T4889] MINIX-fs: file system does not have enough zmap blocks allocated. Refusing to mount. [ 95.315972][ T4889] MINIX-fs: bad superblock or unable to read bitmaps [ 95.392279][ T4887] loop0: detected capacity change from 0 to 4096 [ 95.394031][ T4870] (syz.1.178,4870,1):ocfs2_init_slot_info:426 ERROR: status = -34 [ 95.396012][ T4870] (syz.1.178,4870,1):ocfs2_initialize_super:2302 ERROR: status = -34 [ 95.398069][ T4870] (syz.1.178,4870,1):ocfs2_fill_super:1177 ERROR: status = -34 [ 95.506270][ T4887] ntfs: (device loop0): parse_ntfs_boot_sector(): Mft record size (32768) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 95.510197][ T4887] ntfs: (device loop0): ntfs_fill_super(): Unsupported NTFS filesystem. [ 95.516152][ T4864] XFS (loop4): Ending clean mount [ 95.521445][ T4864] XFS (loop4): Quotacheck needed: Please wait. [ 95.629825][ T4864] XFS (loop4): Quotacheck: Done. [ 95.638727][ T4900] loop2: detected capacity change from 0 to 256 [ 95.716240][ T4900] tipc: Enabled bearer , priority 0 [ 95.793560][ T4905] netlink: 28 bytes leftover after parsing attributes in process `syz.2.187'. [ 95.829864][ T4030] XFS (loop4): Unmounting Filesystem [ 95.847541][ T4900] device syzkaller0 entered promiscuous mode [ 95.889016][ T4899] tipc: Resetting bearer [ 95.991699][ T4899] tipc: Disabling bearer [ 96.190380][ T4908] loop1: detected capacity change from 0 to 8192 [ 96.269611][ T4908] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 96.272039][ T4908] REISERFS (device loop1): using ordered data mode [ 96.273688][ T4908] reiserfs: using flush barriers [ 96.295641][ T4908] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.300115][ T4908] REISERFS (device loop1): checking transaction log (loop1) [ 96.345083][ T4908] REISERFS (device loop1): Using r5 hash to sort names [ 96.376828][ T4908] reiserfs: enabling write barrier flush mode [ 96.406949][ T4908] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 96.466051][ T4904] loop0: detected capacity change from 0 to 32768 [ 96.474691][ T4916] bridge_slave_0: default FDB implementation only supports local addresses [ 96.527906][ T4910] loop2: detected capacity change from 0 to 8192 [ 96.589761][ T4904] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.188 (4904) [ 96.594253][ T4918] loop4: detected capacity change from 0 to 8192 [ 96.609620][ T4910] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 96.612564][ T4910] REISERFS (device loop2): using ordered data mode [ 96.615217][ T4910] reiserfs: using flush barriers [ 96.617431][ T4910] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.626797][ T4910] REISERFS (device loop2): checking transaction log (loop2) [ 96.630483][ T4910] REISERFS (device loop2): Using r5 hash to sort names [ 96.634647][ T4910] reiserfs: enabling write barrier flush mode [ 96.639033][ T4910] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 96.656513][ T4904] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 96.658802][ T4904] BTRFS info (device loop0): setting nodatacow, compression disabled [ 96.671744][ T4904] BTRFS info (device loop0): turning on flush-on-commit [ 96.673490][ T4904] BTRFS info (device loop0): enabling auto defrag [ 96.675004][ T4904] BTRFS info (device loop0): max_inline at 0 [ 96.676355][ T4904] BTRFS info (device loop0): using free space tree [ 96.694203][ T4918] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 96.696550][ T4918] REISERFS (device loop4): using ordered data mode [ 96.698281][ T4918] reiserfs: using flush barriers [ 96.701365][ T4918] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.705810][ T4904] BTRFS info (device loop0): has skinny extents [ 96.730273][ T4918] REISERFS (device loop4): checking transaction log (loop4) [ 96.734829][ T4918] REISERFS (device loop4): Using r5 hash to sort names [ 96.741029][ T4923] loop1: detected capacity change from 0 to 256 [ 96.760100][ T4918] reiserfs: enabling write barrier flush mode [ 96.818497][ T4918] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 96.847578][ T4923] tipc: Started in network mode [ 96.848910][ T4923] tipc: Node identity 5e08a56651f1, cluster identity 4711 [ 96.888651][ T4923] tipc: Enabled bearer , priority 0 [ 97.005508][ T4904] BTRFS info (device loop0): enabling ssd optimizations [ 97.012761][ T4939] netlink: 28 bytes leftover after parsing attributes in process `syz.1.193'. [ 97.065787][ T4923] device syzkaller0 entered promiscuous mode [ 97.113151][ T4946] loop2: detected capacity change from 0 to 1024 [ 97.121074][ T4921] tipc: Resetting bearer [ 97.160915][ T4946] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 97.262823][ T4921] tipc: Disabling bearer [ 97.296860][ T4954] loop3: detected capacity change from 0 to 1024 [ 97.299388][ T4946] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,noquota,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 97.344486][ T4961] FAULT_INJECTION: forcing a failure. [ 97.344486][ T4961] name failslab, interval 1, probability 0, space 0, times 0 [ 97.347843][ T4961] CPU: 0 PID: 4961 Comm: syz.0.199 Not tainted 5.15.175-syzkaller #0 [ 97.349821][ T4961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 97.352659][ T4961] Call trace: [ 97.353460][ T4961] dump_backtrace+0x0/0x530 [ 97.354630][ T4961] show_stack+0x2c/0x3c [ 97.355531][ T4961] dump_stack_lvl+0x108/0x170 [ 97.356831][ T4961] dump_stack+0x1c/0x58 [ 97.357918][ T4961] should_fail+0x3b8/0x514 [ 97.359057][ T4961] __should_failslab+0xbc/0x110 [ 97.360306][ T4961] should_failslab+0x10/0x28 [ 97.361515][ T4961] slab_pre_alloc_hook+0x64/0xe8 [ 97.362816][ T4961] __kmalloc_node+0xbc/0x5b8 [ 97.364023][ T4961] __vmalloc_node_range+0x2d0/0x8e4 [ 97.365625][ T4961] vzalloc+0x128/0x19c [ 97.366677][ T4961] bpf_check+0x18c/0xd2e8 [ 97.367776][ T4961] bpf_prog_load+0xe5c/0x15c8 [ 97.368972][ T4961] __sys_bpf+0x2e8/0x610 [ 97.369994][ T4961] __arm64_sys_bpf+0x80/0x98 [ 97.371138][ T4961] invoke_syscall+0x98/0x2b8 [ 97.372296][ T4961] el0_svc_common+0x138/0x258 [ 97.373433][ T4961] do_el0_svc+0x58/0x14c [ 97.374541][ T4961] el0_svc+0x7c/0x1f0 [ 97.375598][ T4961] el0t_64_sync_handler+0x84/0xe4 [ 97.376889][ T4961] el0t_64_sync+0x1a0/0x1a4 [ 97.378125][ C0] vkms_vblank_simulate: vblank timer overrun [ 97.401580][ T4954] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.438903][ T4954] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,prjquota,jqfmt=vfsold,data_err=ignore,noquota,dioread_nolock,init_itable=0x00000000000085c5,nojournal_checksum,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 97.603564][ T4968] loop0: detected capacity change from 0 to 256 [ 97.609611][ T4973] loop1: detected capacity change from 0 to 4096 [ 97.660184][ T4972] loop4: detected capacity change from 0 to 8192 [ 97.699153][ T4973] ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 97.707872][ T4973] ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 97.725348][ T4968] tipc: Enabled bearer , priority 0 [ 97.729693][ T4973] ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume. [ 97.736753][ T4972] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 97.739228][ T4972] REISERFS (device loop4): using ordered data mode [ 97.741545][ T4972] reiserfs: using flush barriers [ 97.746986][ T4972] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.758965][ T4972] REISERFS (device loop4): checking transaction log (loop4) [ 97.759828][ T4968] device syzkaller0 entered promiscuous mode [ 97.774500][ T4968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.201'. [ 97.908903][ T4972] REISERFS (device loop4): Using r5 hash to sort names [ 97.915014][ T4967] tipc: Resetting bearer [ 97.917200][ T4972] REISERFS (device loop4): using 3.5.x disk format [ 97.919198][ T4972] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 98.075192][ T4967] tipc: Disabling bearer [ 98.136361][ T4994] loop3: detected capacity change from 0 to 256 [ 98.203603][ T4994] tipc: Enabled bearer , priority 0 [ 98.277307][ T4994] device syzkaller0 entered promiscuous mode [ 98.288515][ T4995] loop1: detected capacity change from 0 to 8192 [ 98.298694][ T4994] netlink: 28 bytes leftover after parsing attributes in process `syz.3.211'. [ 98.304584][ T4995] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 98.307088][ T4995] REISERFS (device loop1): using ordered data mode [ 98.308677][ T4995] reiserfs: using flush barriers [ 98.317196][ T4995] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.322307][ T4995] REISERFS (device loop1): checking transaction log (loop1) [ 98.326933][ T4995] REISERFS (device loop1): Using rupasov hash to sort names [ 98.329064][ T4995] REISERFS (device loop1): using 3.5.x disk format [ 98.338095][ T4997] loop4: detected capacity change from 0 to 2048 [ 98.367740][ T4995] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 98.383301][ T4999] loop0: detected capacity change from 0 to 8192 [ 98.385635][ T4997] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 98.389802][ T4995] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 98.392801][ T4995] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 98.395630][ T4995] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 98.560546][ T4992] loop2: detected capacity change from 0 to 32768 [ 98.587595][ T4999] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 98.602941][ T4999] REISERFS (device loop0): using ordered data mode [ 98.605708][ T4999] reiserfs: using flush barriers [ 98.607948][ T4992] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.210 (4992) [ 98.613519][ T4999] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.618862][ T4993] tipc: Resetting bearer [ 98.620040][ T4999] REISERFS (device loop0): checking transaction log (loop0) [ 98.630235][ T4999] REISERFS (device loop0): Using r5 hash to sort names [ 98.635409][ T4999] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 98.681100][ T4992] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 98.683429][ T4992] BTRFS info (device loop2): setting nodatacow, compression disabled [ 98.685421][ T4992] BTRFS info (device loop2): turning on flush-on-commit [ 98.687115][ T4992] BTRFS info (device loop2): enabling auto defrag [ 98.688774][ T4992] BTRFS info (device loop2): max_inline at 0 [ 98.690235][ T4992] BTRFS info (device loop2): using free space tree [ 98.713282][ T4993] tipc: Disabling bearer [ 98.717908][ T4992] BTRFS info (device loop2): has skinny extents [ 99.238698][ T9] Bluetooth: hci5: Frame reassembly failed (-84) [ 99.250130][ T4992] BTRFS info (device loop2): enabling ssd optimizations [ 99.472853][ T5026] loop3: detected capacity change from 0 to 8192 [ 99.481092][ T5026] REISERFS warning (device loop3): super-6504 reiserfs_getopt: the option "grpjquota" requires an argument [ 99.481092][ T5026] [ 99.544744][ T5035] loop0: detected capacity change from 0 to 8192 [ 99.558211][ T5040] loop1: detected capacity change from 0 to 512 [ 99.565757][ T5040] EXT4-fs (loop1): Invalid journal IO priority (must be 0-7) [ 99.658137][ T5035] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 99.660470][ T5035] REISERFS (device loop0): using ordered data mode [ 99.662915][ T5035] reiserfs: using flush barriers [ 99.667945][ T5035] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 99.687039][ T5035] REISERFS (device loop0): checking transaction log (loop0) [ 99.697024][ T5035] REISERFS (device loop0): Using r5 hash to sort names [ 99.699089][ T5035] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 99.891320][ T5045] loop1: detected capacity change from 0 to 64 [ 99.952048][ T5045] hfs: unable to parse mount options [ 100.780307][ T5050] loop4: detected capacity change from 0 to 256 [ 100.884652][ T5054] loop0: detected capacity change from 0 to 128 [ 100.888686][ T5052] loop1: detected capacity change from 0 to 8192 [ 100.902607][ T5050] tipc: Enabled bearer , priority 0 [ 100.937421][ T5052] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 100.939971][ T5052] REISERFS (device loop1): using ordered data mode [ 100.941689][ T5054] befs: (loop0): No write support. Marking filesystem read-only [ 100.944203][ T5052] reiserfs: using flush barriers [ 100.944440][ T5054] befs: (loop0): invalid magic header [ 100.951171][ T5052] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.955480][ T5052] REISERFS (device loop1): checking transaction log (loop1) [ 100.975995][ T5050] device syzkaller0 entered promiscuous mode [ 100.978773][ T5052] REISERFS (device loop1): Using rupasov hash to sort names [ 100.988492][ T5052] REISERFS (device loop1): using 3.5.x disk format [ 100.990337][ T5052] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 100.993617][ T5052] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 100.996599][ T5052] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 100.999801][ T5052] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 101.009703][ T5050] netlink: 28 bytes leftover after parsing attributes in process `syz.4.223'. [ 101.018242][ T5049] tipc: Resetting bearer [ 101.054562][ T5049] tipc: Disabling bearer [ 101.250918][ T4187] Bluetooth: hci5: command 0x1003 tx timeout [ 101.252841][ T4026] Bluetooth: hci5: sending frame failed (-49) [ 101.265423][ T5046] loop2: detected capacity change from 0 to 32768 [ 101.332587][ T5063] tipc: Cannot configure node identity twice [ 101.438294][ T5063] loop1: detected capacity change from 0 to 4096 [ 101.454131][ T5064] loop4: detected capacity change from 0 to 4096 [ 101.486936][ T5064] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 101.507562][ T5064] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 101.527421][ T5064] FAULT_INJECTION: forcing a failure. [ 101.527421][ T5064] name failslab, interval 1, probability 0, space 0, times 0 [ 101.533214][ T5063] ntfs: (device loop1): parse_options(): Unrecognized mount option 8. [ 101.535745][ T5064] CPU: 0 PID: 5064 Comm: syz.4.228 Not tainted 5.15.175-syzkaller #0 [ 101.537918][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 101.540465][ T5064] Call trace: [ 101.541335][ T5064] dump_backtrace+0x0/0x530 [ 101.542433][ T5064] show_stack+0x2c/0x3c [ 101.543449][ T5064] dump_stack_lvl+0x108/0x170 [ 101.544556][ T5064] dump_stack+0x1c/0x58 [ 101.545575][ T5064] should_fail+0x3b8/0x514 [ 101.546706][ T5064] __should_failslab+0xbc/0x110 [ 101.548006][ T5064] should_failslab+0x10/0x28 [ 101.549182][ T5064] slab_pre_alloc_hook+0x64/0xe8 [ 101.550430][ T5064] kmem_cache_alloc+0x98/0x45c [ 101.551672][ T5064] mempool_alloc_slab+0x58/0x74 [ 101.552889][ T5064] mempool_alloc+0x144/0x480 [ 101.554073][ T5064] bio_alloc_bioset+0x120/0x784 [ 101.555377][ T5064] submit_bh_wbc+0x18c/0x610 [ 101.556554][ T5064] ll_rw_block+0x1f0/0x35c [ 101.557715][ T5064] __block_write_begin_int+0xb44/0x1608 [ 101.559180][ T5064] block_write_begin+0x60/0xdc [ 101.560410][ T5064] ntfs_write_begin+0xc0/0x19c [ 101.561691][ T5064] generic_perform_write+0x24c/0x520 [ 101.563031][ T5064] __generic_file_write_iter+0x230/0x454 [ 101.564390][ T5064] ntfs_file_write_iter+0x40c/0x49c [ 101.565726][ T5064] do_iter_readv_writev+0x420/0x5f8 [ 101.567120][ T5064] do_iter_write+0x1b8/0x66c [ 101.568269][ T5064] vfs_iter_write+0x88/0xac [ 101.569430][ T5064] iter_file_splice_write+0x618/0xc48 [ 101.570911][ T5064] direct_splice_actor+0xe4/0x1c0 [ 101.572298][ T5064] splice_direct_to_actor+0x408/0x9a0 [ 101.573595][ T5064] do_splice_direct+0x1f4/0x334 [ 101.574862][ T5064] do_sendfile+0x4c0/0xcb0 [ 101.575908][ T5064] __arm64_sys_sendfile64+0x264/0x408 [ 101.577294][ T5064] invoke_syscall+0x98/0x2b8 [ 101.578445][ T5064] el0_svc_common+0x138/0x258 [ 101.579692][ T5064] do_el0_svc+0x58/0x14c [ 101.580833][ T5064] el0_svc+0x7c/0x1f0 [ 101.581874][ T5064] el0t_64_sync_handler+0x84/0xe4 [ 101.583117][ T5064] el0t_64_sync+0x1a0/0x1a4 [ 101.584377][ C0] vkms_vblank_simulate: vblank timer overrun [ 101.688131][ T5058] loop0: detected capacity change from 0 to 32768 [ 101.795994][ T5058] JBD2: Ignoring recovery information on journal [ 101.858514][ T5070] loop4: detected capacity change from 0 to 8192 [ 101.878222][ T5058] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 101.879839][ T5073] loop1: detected capacity change from 0 to 8192 [ 101.888202][ T5058] (syz.0.225,5058,0):ocfs2_reflink_ioctl:4461 ERROR: status = -14 [ 101.917993][ T5070] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 101.920374][ T5070] REISERFS (device loop4): using ordered data mode [ 101.927518][ T5070] reiserfs: using flush barriers [ 101.929821][ T5070] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.943925][ T5073] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 101.945301][ T5070] REISERFS (device loop4): checking transaction log (loop4) [ 101.946271][ T5073] REISERFS (device loop1): using ordered data mode [ 101.949689][ T5073] reiserfs: using flush barriers [ 101.959604][ T5070] REISERFS (device loop4): Using r5 hash to sort names [ 101.973218][ T5073] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.973432][ T5070] reiserfs: enabling write barrier flush mode [ 101.977507][ T5073] REISERFS (device loop1): checking transaction log (loop1) [ 101.988906][ T4029] ocfs2: Unmounting device (7,0) on (node local) [ 101.994205][ T5070] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 102.053657][ T5068] loop2: detected capacity change from 0 to 32768 [ 102.073195][ T5068] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.230 (5068) [ 102.104999][ T5079] loop0: detected capacity change from 0 to 2048 [ 102.113467][ T5068] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 102.122736][ T5068] BTRFS info (device loop2): setting nodatacow, compression disabled [ 102.124858][ T5068] BTRFS info (device loop2): turning on flush-on-commit [ 102.149455][ T5079] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 102.153146][ T5068] BTRFS info (device loop2): enabling auto defrag [ 102.166566][ T5068] BTRFS info (device loop2): max_inline at 0 [ 102.175764][ T5068] BTRFS info (device loop2): using free space tree [ 102.181108][ T5068] BTRFS info (device loop2): has skinny extents [ 102.249090][ T5073] REISERFS (device loop1): Using rupasov hash to sort names [ 102.256952][ T5073] REISERFS warning (device loop1): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 102.274028][ T5073] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 102.326996][ T26] audit: type=1326 audit(102.270:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5072 comm="syz.1.232" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb78c3b68 code=0x0 [ 103.162911][ T26] audit: type=1326 audit(103.110:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5072 comm="syz.1.232" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb78c3b68 code=0x0 [ 103.170986][ T5068] BTRFS info (device loop2): enabling ssd optimizations [ 103.274508][ T5107] udc-core: couldn't find an available UDC or it's busy [ 103.283711][ T5107] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 103.313486][ T5110] FAULT_INJECTION: forcing a failure. [ 103.313486][ T5110] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 103.317144][ T5110] CPU: 0 PID: 5110 Comm: syz.0.235 Not tainted 5.15.175-syzkaller #0 [ 103.319262][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 103.321887][ T5110] Call trace: [ 103.322746][ T5110] dump_backtrace+0x0/0x530 [ 103.323944][ T5110] show_stack+0x2c/0x3c [ 103.325032][ T5110] dump_stack_lvl+0x108/0x170 [ 103.326190][ T5110] dump_stack+0x1c/0x58 [ 103.327258][ T5110] should_fail+0x3b8/0x514 [ 103.328467][ T5110] should_fail_usercopy+0x20/0x30 [ 103.329656][ T5111] loop4: detected capacity change from 0 to 128 [ 103.329842][ T5110] simple_read_from_buffer+0xd8/0x26c [ 103.332793][ T5110] proc_fail_nth_read+0x1a0/0x248 [ 103.334143][ T5110] vfs_read+0x278/0xb18 [ 103.335232][ T5110] ksys_read+0x15c/0x26c [ 103.336282][ T5110] __arm64_sys_read+0x7c/0x90 [ 103.337505][ T5110] invoke_syscall+0x98/0x2b8 [ 103.338666][ T5110] el0_svc_common+0x138/0x258 [ 103.339868][ T5110] do_el0_svc+0x58/0x14c [ 103.340958][ T5110] el0_svc+0x7c/0x1f0 [ 103.342055][ T5110] el0t_64_sync_handler+0x84/0xe4 [ 103.343405][ T5110] el0t_64_sync+0x1a0/0x1a4 [ 103.344946][ T1536] Bluetooth: hci5: command 0x1001 tx timeout [ 103.346596][ T4026] Bluetooth: hci5: sending frame failed (-49) [ 103.396609][ T5111] befs: (loop4): No write support. Marking filesystem read-only [ 103.423493][ T5113] loop0: detected capacity change from 0 to 128 [ 103.428734][ T5111] befs: (loop4): invalid magic header [ 103.469209][ T5113] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 103.539635][ T5115] loop4: detected capacity change from 0 to 256 [ 103.558433][ T5115] tipc: Enabled bearer , priority 0 [ 103.609804][ T5115] device syzkaller0 entered promiscuous mode [ 103.619963][ T5115] netlink: 28 bytes leftover after parsing attributes in process `syz.4.239'. [ 103.659249][ T5119] loop0: detected capacity change from 0 to 256 [ 103.687420][ T5123] loop2: detected capacity change from 0 to 256 [ 103.699150][ T5114] tipc: Resetting bearer [ 103.734023][ T5114] tipc: Disabling bearer [ 103.762041][ T5123] tipc: Enabled bearer , priority 0 [ 103.780161][ T5123] device syzkaller0 entered promiscuous mode [ 103.801378][ T5119] tipc: Enabled bearer , priority 0 [ 103.813060][ T5123] netlink: 28 bytes leftover after parsing attributes in process `syz.2.237'. [ 103.839941][ T5119] device syzkaller0 entered promiscuous mode [ 103.850021][ T5122] tipc: Resetting bearer [ 103.896966][ T5122] tipc: Disabling bearer [ 103.915357][ T5119] netlink: 28 bytes leftover after parsing attributes in process `syz.0.241'. [ 103.980208][ T5129] loop4: detected capacity change from 0 to 512 [ 103.999508][ T5118] tipc: Resetting bearer [ 104.040496][ T5118] tipc: Disabling bearer [ 104.065676][ T5134] loop2: detected capacity change from 0 to 128 [ 104.081092][ T5129] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.244: couldn't read orphan inode 16 (err -116) [ 104.085080][ T5129] EXT4-fs (loop4): Remounting filesystem read-only [ 104.086731][ T5129] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,nodioread_nolock,resuid=0x0000000000000000,norecovery,resuid=0x0000000000000000,nogrpid,. Quota mode: writeback. [ 104.108732][ T5134] hpfs: Bad magic ... probably not HPFS [ 104.236192][ T5128] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2932: inode #15: comm syz.4.244: corrupted xattr block 19 [ 104.276991][ T5128] EXT4-fs (loop4): Remounting filesystem read-only [ 104.284500][ T5128] EXT4-fs warning (device loop4): ext4_evict_inode:302: xattr delete (err -117) [ 104.299569][ T5145] loop0: detected capacity change from 0 to 2048 [ 104.359239][ T5145] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 104.503204][ T5148] loop2: detected capacity change from 0 to 32768 [ 104.560365][ T5148] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.247 (5148) [ 105.395673][ T5153] loop4: detected capacity change from 0 to 4096 [ 105.403044][ T5148] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 105.405421][ T5148] BTRFS info (device loop2): setting nodatacow, compression disabled [ 105.407470][ T5148] BTRFS info (device loop2): turning on flush-on-commit [ 105.409204][ T5148] BTRFS info (device loop2): enabling auto defrag [ 105.411764][ T4482] Bluetooth: hci5: command 0x1009 tx timeout [ 105.415122][ T5148] BTRFS info (device loop2): max_inline at 0 [ 105.416792][ T5148] BTRFS info (device loop2): using free space tree [ 105.418451][ T5148] BTRFS info (device loop2): has skinny extents [ 105.504983][ T5153] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 105.508057][ T5148] BTRFS info (device loop2): enabling ssd optimizations [ 105.580391][ T5153] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 105.799722][ T5179] loop0: detected capacity change from 0 to 8192 [ 105.867975][ T5181] loop1: detected capacity change from 0 to 512 [ 105.874270][ T5179] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 105.876657][ T5179] REISERFS (device loop0): using ordered data mode [ 105.878450][ T5179] reiserfs: using flush barriers [ 105.884666][ T5179] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 105.889062][ T5179] REISERFS (device loop0): checking transaction log (loop0) [ 105.894760][ T5179] REISERFS (device loop0): Using rupasov hash to sort names [ 105.896683][ T5179] REISERFS (device loop0): using 3.5.x disk format [ 105.898344][ T5179] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 105.903382][ T5181] EXT4-fs (loop1): Invalid journal IO priority (must be 0-7) [ 105.906746][ T5179] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 105.912010][ T5179] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 105.914931][ T5179] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 105.919785][ T5184] loop2: detected capacity change from 0 to 256 [ 106.028754][ T5184] tipc: Enabled bearer , priority 0 [ 106.100217][ T5184] device syzkaller0 entered promiscuous mode [ 106.114057][ T5186] loop4: detected capacity change from 0 to 2048 [ 106.129303][ T5190] FAULT_INJECTION: forcing a failure. [ 106.129303][ T5190] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 106.142071][ T5184] netlink: 28 bytes leftover after parsing attributes in process `syz.2.254'. [ 106.149117][ T5190] CPU: 1 PID: 5190 Comm: syz.0.256 Not tainted 5.15.175-syzkaller #0 [ 106.151295][ T5190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 106.153867][ T5190] Call trace: [ 106.154721][ T5190] dump_backtrace+0x0/0x530 [ 106.155900][ T5190] show_stack+0x2c/0x3c [ 106.156949][ T5190] dump_stack_lvl+0x108/0x170 [ 106.158045][ T5190] dump_stack+0x1c/0x58 [ 106.159163][ T5190] should_fail+0x3b8/0x514 [ 106.160303][ T5190] should_fail_alloc_page+0x74/0xa8 [ 106.161683][ T5190] prepare_alloc_pages+0x160/0x460 [ 106.163027][ T5190] __alloc_pages+0x138/0x674 [ 106.164195][ T5190] alloc_pages_vma+0x294/0x7c0 [ 106.165351][ T5190] alloc_zeroed_user_highpage_movable+0x9c/0xd8 [ 106.167022][ T5190] handle_mm_fault+0x1ee8/0x33a8 [ 106.168347][ T5190] do_page_fault+0x700/0xb60 [ 106.169533][ T5190] do_translation_fault+0xe8/0x138 [ 106.170877][ T5190] do_mem_abort+0x70/0x1d8 [ 106.172047][ T5190] el0_da+0x94/0x20c [ 106.173111][ T5190] el0t_64_sync_handler+0xc0/0xe4 [ 106.174372][ T5190] el0t_64_sync+0x1a0/0x1a4 [ 106.245652][ T5191] loop1: detected capacity change from 0 to 64 [ 106.426292][ T5190] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 106.991748][ T5191] hfs: unable to parse mount options [ 107.013767][ T5183] tipc: Resetting bearer [ 107.045335][ T5183] tipc: Disabling bearer [ 107.051579][ T5186] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 107.079950][ T5190] loop0: detected capacity change from 0 to 4096 [ 107.136440][ T5190] ntfs: (device loop0): parse_ntfs_boot_sector(): Mft record size (8388608) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 107.143965][ T5190] ntfs: (device loop0): ntfs_fill_super(): Unsupported NTFS filesystem. [ 107.803637][ T5194] loop1: detected capacity change from 0 to 4096 [ 107.867301][ T5194] ntfs: (device loop1): parse_ntfs_boot_sector(): Mft record size (8388608) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 107.871487][ T5194] ntfs: (device loop1): ntfs_fill_super(): Unsupported NTFS filesystem. [ 107.912232][ T5201] netlink: 'syz.0.259': attribute type 29 has an invalid length. [ 107.914678][ T5201] netlink: 'syz.0.259': attribute type 29 has an invalid length. [ 107.955877][ T5201] netlink: 'syz.0.259': attribute type 29 has an invalid length. [ 108.206099][ T5208] loop4: detected capacity change from 0 to 2048 [ 108.212802][ T5202] loop2: detected capacity change from 0 to 8192 [ 108.222704][ T5202] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 108.225045][ T5202] REISERFS (device loop2): using ordered data mode [ 108.247135][ T5202] reiserfs: using flush barriers [ 108.249967][ T5206] loop0: detected capacity change from 0 to 8192 [ 108.260627][ T5202] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 108.267805][ T5202] REISERFS (device loop2): checking transaction log (loop2) [ 108.275664][ T5208] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 108.302806][ T5202] REISERFS (device loop2): Using r5 hash to sort names [ 108.310291][ T5206] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 108.322369][ T5202] reiserfs: enabling write barrier flush mode [ 108.326770][ T5202] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 108.395786][ T5206] REISERFS (device loop0): using ordered data mode [ 108.397660][ T5206] reiserfs: using flush barriers [ 108.411159][ T5206] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 108.415543][ T5206] REISERFS (device loop0): checking transaction log (loop0) [ 108.438886][ T5206] REISERFS (device loop0): Using r5 hash to sort names [ 108.447292][ T5206] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 108.470912][ T5206] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 108.475659][ T5211] loop1: detected capacity change from 0 to 8192 [ 108.504152][ T5211] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 109.231659][ T5211] REISERFS (device loop1): using ordered data mode [ 109.233398][ T5211] reiserfs: using flush barriers [ 109.280787][ T5211] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 109.293217][ T5211] REISERFS (device loop1): checking transaction log (loop1) [ 109.306671][ T5211] REISERFS (device loop1): Using r5 hash to sort names [ 109.308691][ T5211] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 109.338674][ T5211] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 109.457245][ T5218] FAULT_INJECTION: forcing a failure. [ 109.457245][ T5218] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.464888][ T5218] CPU: 1 PID: 5218 Comm: syz.3.268 Not tainted 5.15.175-syzkaller #0 [ 109.467042][ T5218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 109.469532][ T5218] Call trace: [ 109.470439][ T5218] dump_backtrace+0x0/0x530 [ 109.471568][ T5218] show_stack+0x2c/0x3c [ 109.472635][ T5218] dump_stack_lvl+0x108/0x170 [ 109.473795][ T5218] dump_stack+0x1c/0x58 [ 109.474896][ T5218] should_fail+0x3b8/0x514 [ 109.476006][ T5218] should_fail_usercopy+0x20/0x30 [ 109.477227][ T5218] __arm64_sys_mount+0x1ec/0x5e0 [ 109.478483][ T5218] invoke_syscall+0x98/0x2b8 [ 109.479657][ T5218] el0_svc_common+0x138/0x258 [ 109.480682][ T5218] do_el0_svc+0x58/0x14c [ 109.481611][ T5218] el0_svc+0x7c/0x1f0 [ 109.482632][ T5218] el0t_64_sync_handler+0x84/0xe4 [ 109.482767][ T5219] loop4: detected capacity change from 0 to 256 [ 109.483836][ T5218] el0t_64_sync+0x1a0/0x1a4 [ 109.556612][ T5219] tipc: Enabled bearer , priority 0 [ 109.621460][ T5219] device syzkaller0 entered promiscuous mode [ 109.656051][ T5219] netlink: 28 bytes leftover after parsing attributes in process `syz.4.267'. [ 109.726622][ T5217] tipc: Resetting bearer [ 109.816035][ T5217] tipc: Disabling bearer [ 109.935222][ T5238] loop2: detected capacity change from 0 to 1024 [ 110.001702][ T5221] loop0: detected capacity change from 0 to 32768 [ 110.007041][ T5221] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.265 (5221) [ 110.032961][ T5221] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 110.039829][ T5221] BTRFS info (device loop0): setting nodatacow, compression disabled [ 110.049010][ T5221] BTRFS info (device loop0): turning on flush-on-commit [ 110.058810][ T5221] BTRFS info (device loop0): enabling auto defrag [ 110.065092][ T5221] BTRFS info (device loop0): max_inline at 0 [ 110.069488][ T5238] hfsplus: xattr searching failed [ 110.072376][ T5221] BTRFS info (device loop0): using free space tree [ 110.078732][ T5221] BTRFS info (device loop0): has skinny extents [ 110.097408][ T5250] loop4: detected capacity change from 0 to 128 [ 110.204122][ T5250] befs: (loop4): No write support. Marking filesystem read-only [ 110.417026][ T5311] loop3: detected capacity change from 0 to 4096 [ 110.590678][ T5250] befs: (loop4): invalid magic header [ 110.593653][ T5250] netlink: 15 bytes leftover after parsing attributes in process `syz.4.274'. [ 110.603017][ T5311] ntfs: (device loop3): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 110.605351][ T5311] ntfs: (device loop3): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 110.622862][ T9] hfsplus: b-tree write err: -5, ino 4 [ 110.664178][ T5311] ntfs: (device loop3): ntfs_fill_super(): Not an NTFS volume. [ 110.803746][ T5250] loop4: detected capacity change from 0 to 2048 [ 110.873193][ T5250] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.876258][ T5221] BTRFS info (device loop0): enabling ssd optimizations [ 111.092750][ T5354] loop2: detected capacity change from 0 to 64 [ 111.137762][ T5352] loop1: detected capacity change from 0 to 2048 [ 111.189088][ T5352] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 111.412573][ T5356] tipc: Enabled bearer , priority 0 [ 111.444433][ T5356] device syzkaller0 entered promiscuous mode [ 111.452054][ T5356] netlink: 28 bytes leftover after parsing attributes in process `syz.4.282'. [ 111.779969][ T5367] loop0: detected capacity change from 0 to 64 [ 112.061724][ T5367] hfs: unable to parse mount options [ 112.418743][ T5371] loop2: detected capacity change from 0 to 1024 [ 112.469371][ T5355] tipc: Resetting bearer [ 112.548824][ T5355] tipc: Disabling bearer [ 112.555693][ T5349] loop3: detected capacity change from 0 to 32768 [ 112.595323][ T5349] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.277 (5349) [ 112.642106][ T5349] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 112.644475][ T5349] BTRFS info (device loop3): using free space tree [ 112.645963][ T5381] netlink: 44 bytes leftover after parsing attributes in process `syz.0.287'. [ 112.646346][ T5349] BTRFS info (device loop3): has skinny extents [ 112.675663][ T5381] netlink: 'syz.0.287': attribute type 1 has an invalid length. [ 112.725014][ T5381] netlink: 'syz.0.287': attribute type 10 has an invalid length. [ 112.778923][ T5381] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.781250][ T5381] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.892778][ T5403] loop4: detected capacity change from 0 to 164 [ 112.935146][ T5381] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.937065][ T5381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.940377][ T5381] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.942362][ T5381] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.983512][ T5381] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 113.049164][ T5349] BTRFS info (device loop3): enabling ssd optimizations [ 113.720795][ T4187] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 113.805626][ T5383] loop2: detected capacity change from 0 to 32768 [ 113.960014][ T5411] loop4: detected capacity change from 0 to 32768 [ 114.250019][ T5383] XFS (loop2): Mounting V5 Filesystem [ 114.263680][ T5411] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.291 (5411) [ 114.390179][ T5383] XFS (loop2): Ending clean mount [ 114.478666][ T4486] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x54/0x434, xfs_rmapbt block 0x14 [ 114.482545][ T4486] XFS (loop2): Unmount and run xfs_repair [ 114.484021][ T4486] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 114.485860][ T4486] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 114.508209][ T4486] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80 ..P............. [ 114.519733][ T4486] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 114.533245][ T4486] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 114.540936][ T4486] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 114.543475][ T4486] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 114.545823][ T4486] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 114.576589][ T5411] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 114.582860][ T5411] BTRFS info (device loop4): setting nodatacow, compression disabled [ 114.587464][ T5411] BTRFS info (device loop4): turning on flush-on-commit [ 114.590981][ T5411] BTRFS info (device loop4): enabling auto defrag [ 114.592792][ T5411] BTRFS info (device loop4): max_inline at 0 [ 114.594356][ T5411] BTRFS info (device loop4): using free space tree [ 114.595984][ T5411] BTRFS info (device loop4): has skinny extents [ 114.603193][ T4486] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 114.610390][ T5383] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1f4/0x2f8" at daddr 0x14 len 4 error 74 [ 114.637361][ T5383] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x164c/0x1f34 (fs/xfs/libxfs/xfs_defer.c:504). Shutting down filesystem. [ 114.642987][ T5383] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 114.788605][ T4024] XFS (loop2): Unmounting Filesystem [ 114.870605][ T5411] BTRFS info (device loop4): enabling ssd optimizations [ 114.931548][ T4187] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x81 has invalid maxpacket 1023, setting to 8 [ 114.934702][ T4187] usb 1-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 114.937885][ T4187] usb 1-1: config 1 interface 0 has no altsetting 0 [ 115.114473][ T4187] usb 1-1: New USB device found, idVendor=2087, idProduct=0a01, bcdDevice= 0.40 [ 115.117004][ T4187] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.119022][ T4187] usb 1-1: Product: ࠉ [ 115.120074][ T4187] usb 1-1: Manufacturer: Ќ [ 115.138737][ T4187] usb 1-1: SerialNumber: 鴙ጣ쇹Დ鐼}缫윭먰涧倂莌钷嬪㲩⟌﫟熃跡듗﹅ޯﴰ랆昺魥蠳䋟縒毁⥵퀝↴턏￙땊貙⑅ᆓ툖集웇ে쎆⏬蔭鴶雀䷟䴡뙖ꋁଘ⨌윍᳾䆬맜贰噈뜜첱韞詣탞㓑 [ 115.206126][ T5409] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 115.395721][ T5456] loop2: detected capacity change from 0 to 128 [ 115.419285][ T5459] loop4: detected capacity change from 0 to 512 [ 115.425138][ T5409] udc-core: couldn't find an available UDC or it's busy [ 115.426938][ T5409] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 115.438931][ T5456] befs: (loop2): No write support. Marking filesystem read-only [ 115.445066][ T5460] loop3: detected capacity change from 0 to 512 [ 115.447078][ T5456] befs: (loop2): invalid magic header [ 115.463576][ T5459] EXT4-fs (loop4): Invalid journal IO priority (must be 0-7) [ 115.474713][ T5460] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 115.494287][ T5460] EXT4-fs (loop3): 1 truncate cleaned up [ 115.495905][ T5460] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,,errors=continue. Quota mode: none. [ 115.521720][ T5460] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2219: inode #12: comm syz.3.297: corrupted in-inode xattr [ 115.530050][ T5456] netlink: 15 bytes leftover after parsing attributes in process `syz.2.293'. [ 115.567347][ T5456] loop2: detected capacity change from 0 to 2048 [ 115.581283][ T4187] usbhid 1-1:1.0: can't add hid device: -22 [ 115.583135][ T4187] usbhid: probe of 1-1:1.0 failed with error -22 [ 115.597081][ T4187] usb 1-1: USB disconnect, device number 2 [ 115.619768][ T5456] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 115.736962][ T5466] loop3: detected capacity change from 0 to 256 [ 115.880498][ T5470] loop4: detected capacity change from 0 to 64 [ 116.171876][ T5470] hfs: unable to parse mount options [ 116.554132][ T5469] loop2: detected capacity change from 0 to 256 [ 116.594316][ T5466] tipc: Enabled bearer , priority 0 [ 116.655283][ T5466] device syzkaller0 entered promiscuous mode [ 116.674059][ T5469] tipc: Enabled bearer , priority 0 [ 116.714368][ T5469] device syzkaller0 entered promiscuous mode [ 116.716930][ T5466] netlink: 28 bytes leftover after parsing attributes in process `syz.3.299'. [ 116.756239][ T5469] netlink: 28 bytes leftover after parsing attributes in process `syz.2.300'. [ 116.777309][ T5479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.302'. [ 116.795567][ T5468] tipc: Resetting bearer [ 116.825329][ T5477] loop0: detected capacity change from 0 to 1024 [ 116.869797][ T5468] tipc: Disabling bearer [ 116.881707][ T5465] tipc: Resetting bearer [ 116.929349][ T5465] tipc: Disabling bearer [ 117.338613][ T5489] loop0: detected capacity change from 0 to 8192 [ 117.396276][ T5476] loop4: detected capacity change from 0 to 32768 [ 117.440962][ T5489] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 117.443450][ T5489] REISERFS (device loop0): using ordered data mode [ 117.445168][ T5489] reiserfs: using flush barriers [ 117.455288][ T5483] loop2: detected capacity change from 0 to 32768 [ 117.457031][ T5489] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 117.467420][ T5489] REISERFS (device loop0): checking transaction log (loop0) [ 117.476740][ T5489] REISERFS (device loop0): Using rupasov hash to sort names [ 117.478957][ T5489] REISERFS (device loop0): using 3.5.x disk format [ 117.481167][ T5489] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 117.484590][ T5489] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 117.488029][ T5489] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 117.491371][ T5489] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 117.659104][ T5476] XFS (loop4): Mounting V5 Filesystem [ 117.676808][ T5483] XFS (loop2): Mounting V5 Filesystem [ 117.757681][ T5507] FAULT_INJECTION: forcing a failure. [ 117.757681][ T5507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.761280][ T5507] CPU: 1 PID: 5507 Comm: syz.1.308 Not tainted 5.15.175-syzkaller #0 [ 117.763331][ T5507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 117.765965][ T5507] Call trace: [ 117.766804][ T5507] dump_backtrace+0x0/0x530 [ 117.767998][ T5507] show_stack+0x2c/0x3c [ 117.769007][ T5507] dump_stack_lvl+0x108/0x170 [ 117.770195][ T5507] dump_stack+0x1c/0x58 [ 117.771362][ T5507] should_fail+0x3b8/0x514 [ 117.772534][ T5507] should_fail_usercopy+0x20/0x30 [ 117.773871][ T5507] simple_read_from_buffer+0xd8/0x26c [ 117.775294][ T5507] proc_fail_nth_read+0x1a0/0x248 [ 117.776574][ T5507] vfs_read+0x278/0xb18 [ 117.777713][ T5507] ksys_read+0x15c/0x26c [ 117.778756][ T5507] __arm64_sys_read+0x7c/0x90 [ 117.780026][ T5507] invoke_syscall+0x98/0x2b8 [ 117.781211][ T5507] el0_svc_common+0x138/0x258 [ 117.782447][ T5507] do_el0_svc+0x58/0x14c [ 117.783628][ T5507] el0_svc+0x7c/0x1f0 [ 117.784709][ T5507] el0t_64_sync_handler+0x84/0xe4 [ 117.785944][ T5507] el0t_64_sync+0x1a0/0x1a4 [ 117.787120][ C1] vkms_vblank_simulate: vblank timer overrun [ 118.021815][ T5483] XFS (loop2): Ending clean mount [ 118.082642][ T5476] XFS (loop4): Ending clean mount [ 118.085665][ T5476] XFS (loop4): Quotacheck needed: Please wait. [ 118.124637][ T5512] loop0: detected capacity change from 0 to 512 [ 118.127091][ T5476] XFS (loop4): Quotacheck: Done. [ 118.142708][ T4024] XFS (loop2): Unmounting Filesystem [ 118.184555][ T5512] EXT2-fs (loop0): warning: mounting ext3 filesystem as ext2 [ 118.249024][ T5487] loop3: detected capacity change from 0 to 40427 [ 118.437857][ T5487] F2FS-fs (loop3): invalid crc value [ 119.783169][ T4030] XFS (loop4): Unmounting Filesystem [ 119.788972][ T5487] F2FS-fs (loop3): Found nat_bits in checkpoint [ 119.878098][ T5487] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0 [ 119.940010][ T5487] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 120.028088][ T5487] attempt to access beyond end of device [ 120.028088][ T5487] loop3: rw=2049, want=53336, limit=40427 [ 120.127231][ T5527] loop1: detected capacity change from 0 to 2048 [ 120.129825][ T4038] attempt to access beyond end of device [ 120.129825][ T4038] loop3: rw=2049, want=45104, limit=40427 [ 120.187082][ T4038] attempt to access beyond end of device [ 120.187082][ T4038] loop3: rw=2051, want=45064, limit=40427 [ 120.200741][ T5527] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 120.209008][ T4038] attempt to access beyond end of device [ 120.209008][ T4038] loop3: rw=2051, want=131072, limit=40427 [ 120.215732][ T4038] attempt to access beyond end of device [ 120.215732][ T4038] loop3: rw=2051, want=53248, limit=40427 [ 120.239997][ T4038] F2FS-fs (loop3): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 120.240047][ T4038] F2FS-fs (loop3): Issue discard(6667, 6667, 9717) failed, ret: -5 [ 120.249854][ T4038] F2FS-fs (loop3): Issue discard(5638, 5638, 1018) failed, ret: -5 [ 121.797612][ T5536] loop2: detected capacity change from 0 to 164 [ 122.057029][ T5539] loop4: detected capacity change from 0 to 8192 [ 122.136932][ T5529] loop0: detected capacity change from 0 to 32768 [ 122.153793][ T5539] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 122.156434][ T5539] REISERFS (device loop4): using ordered data mode [ 122.158022][ T5539] reiserfs: using flush barriers [ 122.172107][ T5546] loop3: detected capacity change from 0 to 2048 [ 122.174071][ T5539] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 122.179061][ T5539] REISERFS (device loop4): checking transaction log (loop4) [ 122.188064][ T5539] REISERFS (device loop4): Using r5 hash to sort names [ 122.203245][ T5546] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 122.261718][ T5539] reiserfs: enabling write barrier flush mode [ 122.310142][ T5539] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 123.731167][ T5581] udc-core: couldn't find an available UDC or it's busy [ 123.733093][ T5581] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 123.932605][ T5593] udc-core: couldn't find an available UDC or it's busy [ 123.934574][ T5593] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 124.698689][ T7] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 124.738077][ T5607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.343'. [ 124.748348][ T5607] netlink: 12 bytes leftover after parsing attributes in process `syz.2.343'. [ 124.754429][ T5608] udc-core: couldn't find an available UDC or it's busy [ 124.758038][ T5608] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 124.764237][ T5607] netlink: 20 bytes leftover after parsing attributes in process `syz.2.343'. [ 124.766498][ T5607] netlink: 20 bytes leftover after parsing attributes in process `syz.2.343'. [ 125.210075][ T5617] udc-core: couldn't find an available UDC or it's busy [ 125.213125][ T5617] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 125.482012][ T5619] udc-core: couldn't find an available UDC or it's busy [ 125.483928][ T5619] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 126.660982][ T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 126.663534][ T7] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 126.665839][ T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 126.892917][ T5633] ODEBUG: Out of memory. ODEBUG disabled [ 126.989932][ T7] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 126.992639][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.010409][ T5640] udc-core: couldn't find an available UDC or it's busy [ 127.012597][ T7] usb 1-1: can't set config #1, error -71 [ 127.016518][ T7] usb 1-1: USB disconnect, device number 3 [ 127.018888][ T5640] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 127.039251][ T5639] udc-core: couldn't find an available UDC or it's busy [ 127.045306][ T5639] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 128.224761][ T7] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 129.710878][ T7] usb 1-1: unable to get BOS descriptor or descriptor too short [ 129.735388][ T5684] udc-core: couldn't find an available UDC or it's busy [ 129.737392][ T5684] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 131.103584][ T2057] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.105813][ T2057] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.436504][ T7] usb 1-1: unable to read config index 0 descriptor/all [ 131.438482][ T7] usb 1-1: can't read configurations, error -71 [ 131.451173][ T5697] device netdevsim0 entered promiscuous mode [ 131.458771][ T5697] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 133.648673][ T5735] udc-core: couldn't find an available UDC or it's busy [ 133.661345][ T5735] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 133.816752][ T7] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 134.720893][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.723762][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.726312][ T7] usb 1-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 134.741303][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.764676][ T7] usb 1-1: config 0 descriptor?? [ 136.592934][ T7] logitech-djreceiver 0003:046D:C534.0001: hidraw0: USB HID v0.00 Device [HID 046d:c534] on usb-dummy_hcd.0-1/input0 [ 136.704855][ T5776] trusted_key: encrypted_key: insufficient parameters specified [ 137.113298][ T5781] netlink: 16 bytes leftover after parsing attributes in process `syz.4.404'. [ 137.238378][ T7] usb 1-1: USB disconnect, device number 5 [ 137.456446][ T5788] kAFS: Can only specify source 'none' with -o dyn [ 139.376818][ T5817] capability: warning: `syz.1.420' uses deprecated v2 capabilities in a way that may be insecure [ 140.087091][ T5821] udc-core: couldn't find an available UDC or it's busy [ 140.088902][ T5821] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 140.660189][ T5834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.427'. [ 140.922961][ T5846] futex_wake_op: syz.0.429 tries to shift op by -1; fix this program [ 141.097596][ T5855] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20003 [ 141.242100][ T5860] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 142.068057][ T5871] udc-core: couldn't find an available UDC or it's busy [ 142.069698][ T5871] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 142.205517][ T4486] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 143.090847][ T4486] usb 1-1: Using ep0 maxpacket: 16 [ 143.211259][ T4486] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 143.214990][ T4486] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xD7, skipping [ 143.217713][ T4486] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 143.381509][ T4486] usb 1-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 143.383962][ T4486] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.385999][ T4486] usb 1-1: Product: syz [ 143.392024][ T4486] usb 1-1: Manufacturer: syz [ 143.393225][ T4486] usb 1-1: SerialNumber: syz [ 143.412929][ T4486] usb 1-1: config 0 descriptor?? [ 143.453443][ T4486] appledisplay 1-1:0.0: Could not find int-in endpoint [ 143.456482][ T4486] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 145.383915][ T5905] process 'syz.1.450' launched './file1' with NULL argv: empty string added [ 146.269858][ T4070] usb 1-1: USB disconnect, device number 6 [ 147.375875][ T5937] netlink: 20 bytes leftover after parsing attributes in process `syz.2.459'. [ 147.718062][ T5941] udc-core: couldn't find an available UDC or it's busy [ 147.719948][ T5941] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 147.760055][ T4037] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 147.763051][ T4037] CPU: 0 PID: 4037 Comm: kworker/u5:5 Not tainted 5.15.175-syzkaller #0 [ 147.765293][ T4037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 147.767921][ T4037] Workqueue: hci2 hci_rx_work [ 147.769137][ T4037] Call trace: [ 147.769947][ T4037] dump_backtrace+0x0/0x530 [ 147.771072][ T4037] show_stack+0x2c/0x3c [ 147.772126][ T4037] dump_stack_lvl+0x108/0x170 [ 147.773361][ T4037] dump_stack+0x1c/0x58 [ 147.774431][ T4037] sysfs_create_dir_ns+0x278/0x318 [ 147.775764][ T4037] kobject_add_internal+0x384/0x8f0 [ 147.777131][ T4037] kobject_add+0x14c/0x21c [ 147.778332][ T4037] device_add+0x400/0xef4 [ 147.779455][ T4037] hci_conn_add_sysfs+0xc4/0x1cc [ 147.780725][ T4037] le_conn_complete_evt+0x954/0x1228 [ 147.782112][ T4037] hci_le_meta_evt+0x234/0x31c0 [ 147.783401][ T4037] hci_event_packet+0xd34/0x12b4 [ 147.784635][ T4037] hci_rx_work+0x1d0/0x830 [ 147.785706][ T4037] process_one_work+0x790/0x11b8 [ 147.786816][ T4037] worker_thread+0x910/0x1034 [ 147.788054][ T4037] kthread+0x37c/0x45c [ 147.789085][ T4037] ret_from_fork+0x10/0x20 [ 147.792109][ T4037] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 147.795544][ T4037] Bluetooth: hci2: failed to register connection device [ 147.936712][ T5949] udc-core: couldn't find an available UDC or it's busy [ 147.945393][ T5949] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 149.448958][ T5965] gfs2: gfs2 mount does not exist [ 149.780793][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 149.990944][ T4446] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 150.420848][ T4446] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 150.425251][ T4446] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 150.611617][ T4446] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 150.616003][ T4446] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.755839][ T4446] usb 1-1: Product: syz [ 150.757004][ T4446] usb 1-1: Manufacturer: syz [ 150.758061][ T4446] usb 1-1: SerialNumber: syz [ 151.110908][ T4446] usb 1-1: 0:2 : does not exist [ 151.872468][ T4446] usb 1-1: USB disconnect, device number 7 [ 152.124003][ T4016] udevd[4016]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 153.086512][ T6030] netlink: 20 bytes leftover after parsing attributes in process `syz.3.498'. [ 153.327394][ T6045] udc-core: couldn't find an available UDC or it's busy [ 153.329354][ T6045] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 153.439199][ T6051] udc-core: couldn't find an available UDC or it's busy [ 153.465996][ T6051] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 153.537733][ T6056] udc-core: couldn't find an available UDC or it's busy [ 153.539489][ T6056] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 154.865509][ T6085] udc-core: couldn't find an available UDC or it's busy [ 154.867411][ T6085] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 154.878927][ T6088] device netdevsim0 entered promiscuous mode [ 156.231288][ T6108] loop2: detected capacity change from 0 to 7 [ 156.243611][ T6108] Dev loop2: unable to read RDB block 7 [ 156.245436][ T6108] loop2: AHDI p1 p2 [ 156.246539][ T6108] loop2: partition table partially beyond EOD, truncated [ 156.249047][ T6108] loop2: p1 start 693664321 is beyond EOD, truncated [ 156.260207][ T6110] binder: 6109:6110 BC_REQUEST_DEATH_NOTIFICATION death notification already set [ 156.269930][ T6101] device sit0 left promiscuous mode [ 156.538835][ T6101] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.925483][ T6101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.950377][ T6101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 158.324483][ T6101] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.326937][ T6101] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.329212][ T6101] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.331657][ T6101] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.370820][ T6101] device netdevsim0 left promiscuous mode [ 158.453030][ T4486] Bluetooth: hci4: command 0x0405 tx timeout [ 158.597757][ T6142] binder: 6141:6142 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 159.673616][ T6161] syz.1.545 (6161): drop_caches: 2 [ 159.864599][ T6166] netlink: 60 bytes leftover after parsing attributes in process `syz.1.550'. [ 159.867022][ T6166] netlink: 60 bytes leftover after parsing attributes in process `syz.1.550'. [ 159.869672][ T6163] netlink: 60 bytes leftover after parsing attributes in process `syz.1.550'. [ 160.124253][ T6172] hub 9-0:1.0: USB hub found [ 160.128152][ T6172] hub 9-0:1.0: 8 ports detected [ 160.777181][ T6177] udc-core: couldn't find an available UDC or it's busy [ 160.779129][ T6177] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 160.789129][ T6175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.553'. [ 160.793539][ T6181] udc-core: couldn't find an available UDC or it's busy [ 160.795378][ T6181] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 162.895185][ T4486] Bluetooth: hci5: command 0x1003 tx timeout [ 162.897009][ T4026] Bluetooth: hci5: sending frame failed (-49) [ 165.104389][ T4486] Bluetooth: hci5: command 0x1001 tx timeout [ 165.106136][ T4026] Bluetooth: hci5: sending frame failed (-49) [ 166.350761][ T6237] hub 9-0:1.0: USB hub found [ 166.352964][ T6237] hub 9-0:1.0: 8 ports detected [ 166.778935][ T6241] udc-core: couldn't find an available UDC or it's busy [ 166.830964][ T6241] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 167.330159][ T4073] Bluetooth: hci5: command 0x1009 tx timeout [ 167.549943][ T6258] udc-core: couldn't find an available UDC or it's busy [ 167.552231][ T6258] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 167.964851][ T6262] binder: 6261:6262 ioctl c018620c 200005c0 returned -1 [ 169.010784][ T4015] Bluetooth: hci3: command 0x0406 tx timeout [ 169.275853][ T6277] tipc: Enabled bearer , priority 10 [ 169.361123][ T4070] Bluetooth: hci0: command 0x0406 tx timeout [ 169.363506][ T4070] Bluetooth: hci2: command 0x0406 tx timeout [ 169.372402][ T4070] Bluetooth: hci1: command 0x0406 tx timeout [ 169.438653][ T4070] Bluetooth: hci4: command 0x0406 tx timeout [ 170.214977][ T6283] netlink: 8 bytes leftover after parsing attributes in process `syz.4.594'. [ 170.288128][ T6289] udc-core: couldn't find an available UDC or it's busy [ 170.289795][ T6289] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 170.300332][ T6290] udc-core: couldn't find an available UDC or it's busy [ 170.669055][ T6290] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 171.048077][ T4073] tipc: Node number set to 2915948800 [ 171.198026][ T6297] udc-core: couldn't find an available UDC or it's busy [ 171.200030][ T6297] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 172.318853][ T6314] udc-core: couldn't find an available UDC or it's busy [ 172.340407][ T6313] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 172.344888][ T6314] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 173.487581][ T6336] hub 9-0:1.0: USB hub found [ 173.488517][ T6336] hub 9-0:1.0: 8 ports detected [ 175.124997][ T6359] udc-core: couldn't find an available UDC or it's busy [ 175.127248][ T6359] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 175.510758][ T6364] udc-core: couldn't find an available UDC or it's busy [ 175.512732][ T6364] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 176.091830][ T6366] udc-core: couldn't find an available UDC or it's busy [ 176.093902][ T6366] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 176.310467][ T6380] udc-core: couldn't find an available UDC or it's busy [ 176.312753][ T6380] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 176.549993][ T6384] netlink: 12 bytes leftover after parsing attributes in process `syz.0.627'. [ 179.131037][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.2.638'. [ 179.133643][ T6409] netlink: 12 bytes leftover after parsing attributes in process `syz.2.638'. [ 182.275872][ T6448] udc-core: couldn't find an available UDC or it's busy [ 182.292375][ T6448] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 182.395535][ T6454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.654'. [ 182.840686][ T6469] trusted_key: encrypted_key: master key parameter '000000000000' is invalid [ 183.676007][ T6484] tipc: Cannot configure node identity twice [ 183.946165][ T6503] netlink: 60 bytes leftover after parsing attributes in process `syz.1.675'. [ 183.948851][ T6503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.675'. [ 184.013071][ T6488] udc-core: couldn't find an available UDC or it's busy [ 184.016022][ T6488] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 187.235605][ T6556] Architecture has no drm_cache.c support [ 187.238014][ T6556] ------------[ cut here ]------------ [ 187.239440][ T6556] WARNING: CPU: 0 PID: 6556 at drivers/gpu/drm/drm_cache.c:116 drm_clflush_pages+0x1c/0x2c [ 187.242072][ T6556] Modules linked in: [ 187.243035][ T6556] CPU: 0 PID: 6556 Comm: syz.4.691 Not tainted 5.15.175-syzkaller #0 [ 187.245147][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 187.247688][ T6556] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 187.249630][ T6556] pc : drm_clflush_pages+0x1c/0x2c [ 187.250925][ T6556] lr : drm_clflush_pages+0x1c/0x2c [ 187.252253][ T6556] sp : ffff8000212277f0 [ 187.253409][ T6556] x29: ffff8000212277f0 x28: 1fffe0001cec3084 x27: ffff0000e7618400 [ 187.255511][ T6556] x26: dfff800000000000 x25: 1fffe0001adbee47 x24: dfff800000000000 [ 187.257638][ T6556] x23: 000000000017c000 x22: ffff0000d6df7230 x21: ffff0000d3452000 [ 187.259594][ T6556] x20: ffff0000d6df7000 x19: ffff0000d6df7230 x18: 1fffe0003682eb8e [ 187.261715][ T6556] x17: 1fffe0003682eb8e x16: ffff800011b4eaf8 x15: ffff800014c0fac0 [ 187.263898][ T6556] x14: 1ffff0000296e06c x13: dfff800000000000 x12: 0000000000080000 [ 187.266012][ T6556] x11: 000000000007ffff x10: ffff800029902000 x9 : d379776d6d219600 [ 187.268066][ T6556] x8 : d379776d6d219600 x7 : 0000000000000000 x6 : 0000000000000000 [ 187.270056][ T6556] x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000aa1011c [ 187.272187][ T6556] x2 : ffff0001b4175d10 x1 : 0000000100000000 x0 : 0000000000000027 [ 187.274227][ T6556] Call trace: [ 187.274940][ T6556] drm_clflush_pages+0x1c/0x2c [ 187.276081][ T6556] vgem_prime_pin+0xd4/0x184 [ 187.277295][ T6556] drm_gem_pin+0x6c/0x8c [ 187.278394][ T6556] drm_gem_map_attach+0x40/0x50 [ 187.279607][ T6556] dma_buf_dynamic_attach+0x1b8/0x748 [ 187.280939][ T6556] dma_buf_attach+0x30/0x40 [ 187.282326][ T6556] drm_gem_prime_import_dev+0xf4/0x338 [ 187.283721][ T6556] drm_gem_prime_fd_to_handle+0x1ac/0x464 [ 187.285238][ T6556] drm_prime_fd_to_handle_ioctl+0x94/0xd0 [ 187.286707][ T6556] drm_ioctl_kernel+0x2cc/0x458 [ 187.288020][ T6556] drm_ioctl+0x5d0/0xa64 [ 187.289143][ T6556] __arm64_sys_ioctl+0x14c/0x1c8 [ 187.290413][ T6556] invoke_syscall+0x98/0x2b8 [ 187.291597][ T6556] el0_svc_common+0x138/0x258 [ 187.292762][ T6556] do_el0_svc+0x58/0x14c [ 187.293879][ T6556] el0_svc+0x7c/0x1f0 [ 187.294917][ T6556] el0t_64_sync_handler+0x84/0xe4 [ 187.296238][ T6556] el0t_64_sync+0x1a0/0x1a4 [ 187.297410][ T6556] irq event stamp: 28376 [ 187.298544][ T6556] hardirqs last enabled at (28375): [] finish_lock_switch+0xbc/0x1e8 [ 187.300999][ T6556] hardirqs last disabled at (28376): [] el1_dbg+0x24/0x80 [ 187.303334][ T6556] softirqs last enabled at (7602): [] handle_softirqs+0xb88/0xdbc [ 187.305887][ T6556] softirqs last disabled at (7581): [] __irq_exit_rcu+0x268/0x4d8 [ 187.308279][ T6556] ---[ end trace c14046767ea2ab77 ]--- [ 187.731091][ T6558] netlink: 20 bytes leftover after parsing attributes in process `syz.0.693'. [ 192.544109][ T2057] ieee802154 phy0 wpan0: encryption failed: -22