last executing test programs: 4.727769674s ago: executing program 3 (id=405): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "2d9421fe8a4c9563", "cf6ff9ff337ed301000100c747fbbfc1", "dbdc27ff", "16de86d67a8426bd"}, 0x28) recvfrom(r0, &(0x7f0000002800)=""/4071, 0xfffffffffffffdab, 0x17, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0) recvmmsg(r0, &(0x7f0000008bc0)=[{{0x0, 0x0, 0x0}, 0x7fffffff}], 0x1, 0x10002, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f00000000c0)=0x8, 0x4) 3.763899264s ago: executing program 3 (id=420): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000580)="1fe8d6ab2b3b49", 0x7}], 0x1}}], 0x1, 0x0) 3.668201608s ago: executing program 3 (id=423): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000140)={0x11, @empty, 0xce20, 0x0, 'lc\x00', 0x2a, 0x401, 0x65}, 0x2c) 3.549040106s ago: executing program 3 (id=426): syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0xd9, 0x6, 0x0, @private=0xa210104, @local, {[@generic={0x88, 0x7, "04030e5c61"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x80}}}}}}, 0x0) 3.451634299s ago: executing program 3 (id=429): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x5, 0x1, 0xb}]}, &(0x7f0000000040)='GPL\x00'}, 0x94) clock_gettime(0x0, &(0x7f0000000000)) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000280)=0xc9, 0x4) readv(r1, &(0x7f0000000200)=[{&(0x7f0000001b80)=""/4096, 0x1000}], 0x1) sendmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES64=0x0], 0x80}}, 0x0) r2 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg(r5, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007000000925c9885fdb7f9fc5a2b3fd8de7cd7331a984e37747c3d3f6f086e6d0f68387d7739718ecfd79786e5fce277c58a3ff7f699de62b2a50f1a71c380ebb15f99858cc86045f5709929197c5728e865add3793ca27c70b34f1345de90a5cd34b4e7f764a010a001e69797ead703711817b0cf2fb1c6473d1cdf9ef8fc2fd8636ae63073a29c90b5f89ca0d76bc42c1573962787c5cbf3ee2ce8d48a9fe9ae8e4b7dfd7dfa696c320d85114cab1ad7689da12c9b73f28e218a7acb5d57b70af3d2b6b95f0633b269b0e6d64a4e16a6b295c96bdf493711c2d6eed50906f92504314b12b4719c24ff9c27e0a71232b51316ae4b9c97f78b0e244d6b63591fccb765a9"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4d2f02, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0xfffffffffffffdd4, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r6, {0xd, 0x7}, {0xffff, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x5}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x40000002, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x7}, {0x7, 0xffffffffffffff5c}}}]}]}]}}]}, 0x54}}, 0x0) write(r2, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) getsockopt$netlink(r0, 0x10e, 0x9, &(0x7f00000000c0)=""/32, &(0x7f0000000100)=0x20) sendto(0xffffffffffffffff, &(0x7f0000000000)="0e2fc0d80521e58272d5086a22091a96be7adf40228ca05cc0be70287884894861dccabe826e2bd91b5d1b8b74ad122748625adf6eb89f10dc9a48bdb59a4839f538bae85e7a32359a5f52222a557375685897d6abcdc41e4be5d4fe188dfb7feae4eaf2367219e6283dad8a0326e68b3f163e43121f2a4551a630a18e085de5b1a1b4625925e0813eeb681efc58237c5d80fe0e836d96a0c25ddabc9b0a53f87af10ee5fd4431e1c329bf306f1b0589", 0xb0, 0x20000005, &(0x7f0000000140)=@isdn={0x22, 0xf, 0x6, 0x1, 0x4}, 0x80) 1.922805169s ago: executing program 0 (id=459): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2802, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000014}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000540)="18", 0x1}], 0x1}, 0x4) 1.6440835s ago: executing program 1 (id=463): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000001c0)={0xa, 0x4e20, 0x80000, @dev={0xfe, 0x80, '\x00', 0xa0}, 0xfffffffe}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@hopopts={{0x18}}], 0x18}, 0x40c0) 1.631823208s ago: executing program 0 (id=464): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$AUDIT_SET_FEATURE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x3fa, 0x200, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x84) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x38, r1, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xa}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x42}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x45d1}]}, 0x38}, 0x1, 0x0, 0x0, 0xa0}, 0x4800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000000200", 0x6) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000000080)={0xe}, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x0) r4 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r4, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) r5 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xc8, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0x6, 0x100, 0x19e, 0x0, 0x7ff, 0x200}}, {0x4}}]}]}, 0xc8}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0) socket(0x10, 0x3, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280), r8) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) write$bt_hci(r10, &(0x7f0000000280)=ANY=[@ANYBLOB="0000023f32"], 0x138) r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r8) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000380)) sendmsg$NFC_CMD_GET_DEVICE(r9, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000011c0)=ANY=[@ANYBLOB="0864222b7dc57643fa381781d4318d1c000000", @ANYRES16=r11, @ANYBLOB="00012abd7000ffdbdf250100000008000100", @ANYRESDEC=r4, @ANYBLOB="6f22781d6876d30195aae5fa9171d72f3be56a0706bc03bc0560d7a8a456176718402fa0f6aaef1ae9c52db2f6782e88"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8805) 1.614252525s ago: executing program 2 (id=465): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000002e00090027700000000000040000000c00180008ac0f000dac0f003e8bdffeeafc9273896e90a7e66de896256283"], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 1.496057084s ago: executing program 1 (id=466): unshare(0x22020600) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r0, 0x0, 0x25, 0x3b, @val=@iter={0x0}}, 0x20) 1.47765527s ago: executing program 2 (id=467): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, &(0x7f00000001c0), 0x37) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000013c0)=@mpls_getnetconf={0x14, 0x52, 0xd03, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000800}, 0x8014) 1.459288267s ago: executing program 0 (id=468): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035897b20a6c23f1fc4af2990c07f784b985a3de7740bd33848702930", 0x122}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de21450df098c113e1", 0x2c}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a22d20f77d9a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808cde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c48b3072092c4c3271361816bf21afb8473a064f1988536d4b5888807b3aaafaf5", 0x92}], 0x4}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa82752580b62b5f51800d10077f07319b6ffeff06e4dea184fd7a0a0", 0x14e}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3", 0xa0}, {&(0x7f0000001300)="e0cda6472d1ccfb4d1d46bf348a3b7ff9e5b6b3e30ef2266c86a085e37271763c50968fe2e2eb13b9472381bade936f9a85e26aac6ebd21115f086751d870434cf07dbd92e0ea2322f163473dad24cffe6d23ffa95b04a2653e8a7c9ab042ea1b0bf4bde850bc9f6147f1a48e86eec8223fd33fc83", 0x75}], 0x3}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000400)="42e013913edbeb683c44e18ae800a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287", 0x5a}], 0x1}}], 0x3, 0x46090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000008c0)="13731d09935c9813b65c821def024c1c9c666412bfdea3212c0acfcb713e27e33985ba00ce78d8a31376051ae377711658d06178ffaa21bcfc15e0620800000000000000726daa14de10dac21d85ffd9ce37f6179f457477c68b5170237a983cf6ee4d3d9ae6c3b8201dc382d328649d40bb6aa45ff5ebdf62432a8715da0f2cb6001cd307b51ac8ebec7dbe5af6e5683912bfd773123ac778c0ba0f951ff1054398a924775e3caaf3b39c0cd2f9d44a87467bfcb19d64d5ca0ca5363688b718aa20874cbdd2f82f2f0d5e4a532eb65faa27c930f0eea7b747328ca9adbd8aa975792d7f0000000000000091a6dc9f442ab7c7558a0b919d16b31990cf8749fbf82badb5e3642188a414c05bfa", 0x10d, 0x800, 0x0, 0x0) 1.395735446s ago: executing program 1 (id=469): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$ETHTOOL_MSG_EEE_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10}, 0x94) sendmsg$NFT_BATCH(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_DELTABLE={0x4c, 0x2, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSETELEM={0x354, 0xc, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x300, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x2ec, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xec}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x116f}, @NFTA_SET_ELEM_DATA={0x1ac, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xb1, 0x1, "950ca8a800c20b10fbc6cc002f2708e079576a8e6206c21a95b6624f07ecbc9aeb179dc2d41b12c0b303b56e71c4a50c44be40174d5a6e5c333a0b4e402b4685e939bf6b3dc02600e75d7d5bc7c64930ace6720f72a0585d4c99720a2bdad9007acbf42e94f61b458cfa35c134e83480ba2fc649d991c8640254bae6273e51bc3ae8c5724835df01b2e2a214e8536d9dd017e1b33fb7351f48a6cce2849b2e9a8db418b082efbee60d911eb17e"}, @NFTA_DATA_VALUE={0xf1, 0x1, "6e551079fd23b1cba3ddaea863db6c79fd55be53dbaa0a69062a45261c29ef0a654fbbc62592c05fd8a9cbc56cf2ec8c38c543b4f124754977e09966d9d5a53f15d6b9d14b4308a2f2092c16d5ddd1a1d7a39c53a0af43f8b348b6b8a9f5f31f8965122e26e6c38f151cf2d558b86ab82cc00ad3031cff2ad41bc265e69afe95291b421bda525e6b1e95d2ac0d7ddbfdf77a3f4372f08ca13a7e03c8ba2b969b14cc9d4006d299a8391df6926334c806f13d9b662327795f9c84d7c8d0b56ebbc928635f93ec0481fb3f5c24402a6605804427bc0f71fa992c1b95c2ba08db5288112c6bed62aa4bda1a5aa974"}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xea3}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x8f4f}, @NFTA_SET_ELEM_KEY_END={0xe4, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0xdf, 0x1, "109a4a61eab209372fd0b891e56237f6c70f4d281c1edd2904570b270f93bf024583fa65c19f350a4cd796351f24a9ca16973d6dfb7b3cb50833dc16ac45a4e4f3609bd4f250a97b11781ec77355e5cbe205354e445e6b7169dec3e62894f800d9eae322cc346aa3c4b795ff89763961e8ee738eb1b0e18857e474140ccbd219040f386008b0e6fb076ce0a1e3a7d449dc2d1e831fbcca5b1b0441411d5d718de6a20089372c1d6f5c7d5530b64566e93777b5e2a8abe26791acf6f333fb0ac0bcfbf46ee949cdac6fbfbc665c0c9ea7c2cd478d5868f5e40a0ccc"}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_ELEM_DATA={0x4}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}]}]}]}, @NFT_MSG_NEWSETELEM={0x248, 0xc, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x190, 0x3, 0x0, 0x1, [{0x174, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x549}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x148, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}, {0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_FLAGS={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tunnel={{0xb}, @void}}, {0x14, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x4}}}, {0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x14, 0x1, 0x0, 0x1, @immediate={{0xe}, @void}}, {0x34, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0xc, 0x1, 'cluster\x00'}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}, {0x1c, 0x1, 0x0, 0x1, @last={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x74, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x64, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x800}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x100000000}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x9}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_QUOTA_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_QUOTA_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_QUOTA_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x80000000}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x94}]}}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}]}, {0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @connlimit={{0xe}, @void}}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x98, 0x3, 0x0, 0x1, [{0x54, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x4}, @NFTA_SET_ELEM_TIMEOUT={0xc}, @NFTA_SET_ELEM_USERDATA={0x3e, 0x6, 0x1, 0x0, "8227da43a352b984e57322de5ba9909fcbb98387699e85028f2b28a084cbfcea37c54833c46621b25b5694d3c1cea01ce134bb1491bd0408b24a"}]}, {0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x100000000}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @dup={{0x8}, @void}}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_USERDATA={0x4}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x6}]}, {0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x4}]}, {0x4}]}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x102}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x200, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELOBJ={0x14, 0x14, 0xa, 0x301, 0x0, 0x0, {0x5, 0x0, 0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x6bc}, 0x1, 0x0, 0x0, 0x20008800}, 0x4004) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000993e0000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) ioctl$XFS_IOC_FSGROWFSDATA(r1, 0x4010586e, &(0x7f0000000040)={0xff, 0x8000}) syz_init_net_socket$bt_l2cap(0x1f, 0x6, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) recvmmsg(r2, &(0x7f0000005200)=[{{0x0, 0x0, 0x0}, 0x88b1}], 0x1, 0x40000120, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000200)=0x4, 0x4) write$bt_hci(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000044000000090a090400000000000000000700000308000a40000000000900020073797a31000000000900010073797a30000000000800054000000021080003400000000114000000110001"], 0x8c}, 0x1, 0x0, 0x0, 0x80}, 0x4080) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0xf0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) 1.368746331s ago: executing program 2 (id=470): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000500)=0x2) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x88001, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000500)=0x2) 1.322603263s ago: executing program 0 (id=471): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) ioctl$XFS_IOC_ERROR_INJECTION(r0, 0x40085874, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r2, 0x0, 0x0) sendmsg$GTP_CMD_DELPDP(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x40, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x17}}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_MS_ADDR6={0x14, 0xc, @loopback}]}, 0x40}, 0x1, 0x0, 0x0, 0x48884}, 0x80) recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffc88, 0x140, 0x0, 0x0) accept(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x0) 1.180519818s ago: executing program 2 (id=472): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x23, &(0x7f0000000040)=""/40, &(0x7f0000000080)=0x28) 1.097081984s ago: executing program 1 (id=474): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2802, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000014}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000540)="18", 0x1}], 0x1}, 0x4) 1.096806124s ago: executing program 2 (id=475): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "2d9421fe8a4c9563", "cf6ff9ff337ed301000100c747fbbfc1", "dbdc27ff", "16de86d67a8426bd"}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket(0x15, 0x3, 0x9) connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, 0x0, &(0x7f0000000640)) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x41100, 0x1c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "b7a41f2300", "d21b0e8a0e000000000000000600", "1d1cbe23", "ecba06893bcdc493"}, 0x28) listen(0xffffffffffffffff, 0x8) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x4}, 0x8) recvfrom(r0, &(0x7f0000002800)=""/4071, 0xfffffffffffffdab, 0x17, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0) r4 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$sock(r4, 0x0, 0x0, 0x24008000) recvmmsg(r0, &(0x7f0000008bc0)=[{{0x0, 0x0, &(0x7f0000002300), 0x0, &(0x7f0000001080)=""/27, 0x1b}, 0x3}, {{&(0x7f0000002380)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000002500)=[{&(0x7f0000002400)=""/73, 0x49}, {0x0}, {&(0x7f0000005800)=""/4096, 0x1000}, {0x0}], 0x4, &(0x7f0000002540)=""/251, 0xfb}, 0x7fffffff}, {{0x0, 0x0, 0x0}, 0x9}], 0x3, 0x10002, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f00000000c0)=0x8, 0x4) 1.093154663s ago: executing program 0 (id=484): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000380), 0x0) shutdown(r0, 0x2) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7}, 0x1c) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) unshare(0x6a040000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r2, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0xfffffdef}, 0x1, 0x0, 0x0, 0x800}, 0x10) sendmsg$GTP_CMD_DELPDP(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0x0, 0x2, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x48884}, 0x80) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x6}, &(0x7f0000000140)=0x8) pipe(0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, 0x15, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8800) 790.80171ms ago: executing program 4 (id=476): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xc, 0x6, &(0x7f00000006c0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @exit], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 660.078636ms ago: executing program 2 (id=477): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r0 = syz_open_procfs$namespace(0x0, 0x0) unshare(0x62040400) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) r5 = socket(0x2b, 0x80801, 0x1) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x10000, @empty}, 0x1c) shutdown(r5, 0x0) sendmsg$nl_route(r5, 0x0, 0x4004000) ioctl$sock_inet_SIOCGIFDSTADDR(r3, 0x8917, 0x0) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, &(0x7f0000000640)={{r1, &(0x7f0000000800)='f\xe2!}\xe5>\x91y\xbe\x90\x8bX\nN\x00\xbd\xc0\xda\vs\x06\x04\xda\xa8\x18\a\xa2e\xcc\x81/\x01\x8c\xca\xaa\xa5\xb4\x856\xf9Z\xb7\xaf\"\xbf\xe5b\x99\'{$\xdej\xf1\xab3\x9fM\x91\x9d\xd3\x8b71?\x8c\xf2\x83\xd0\x00BE87\xd8G\x00>~\xeb\xcc~\xd1Rh\x8b\xbfM\xe1\xe1\"\x81\x1c\xc3)\xba\xe8\xdb\xa9', 0x430202, 0x0, 0x4, 0x0, &(0x7f0000000140)=0x9e5}, 0x0, 0x0}) bind$alg(r6, 0x0, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), 0xffffffffffffffff) 659.849756ms ago: executing program 4 (id=478): socket$tipc(0x1e, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000007c0)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x7, 0x4, 0x3, 0x1b, 0x69, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}, {[@timestamp={0x44, 0x8, 0x3e, 0x0, 0x4, [0x1]}]}}, {0x4e24, 0x4e20, 0x4d, 0x0, @gue={{0x2, 0x1, 0x1, 0xf1, 0x100}, "99d2b3f612fe3648585c2d55b702bae255d6589c976dbddd08efde0baacc77e7cb3f8cb2024e9a5afbc8687073833fb90059c57769ab6862183d21d6df"}}}}, 0x77) 536.375665ms ago: executing program 1 (id=479): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002140)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, &(0x7f0000000000)=""/254, 0x26, 0xfe, 0x1}, 0x20) 435.857617ms ago: executing program 1 (id=480): r0 = socket(0x200000000000011, 0x2, 0xd) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x32, 0x0, 0x0) syz_emit_ethernet(0x86, &(0x7f0000000380)=ANY=[@ANYBLOB="0180c200000ebbbbbbbbbbbb080045000078000000020011"], 0x0) recvmmsg(r0, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/226, 0xe2}], 0x1}, 0x1c}], 0x1, 0x2, 0x0) 335.614529ms ago: executing program 4 (id=481): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000036000000180100006420002500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001800000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x14, 0x0, &(0x7f0000000140)="259a00f271a76d1708fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 303.353463ms ago: executing program 4 (id=482): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@multicast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x100, 0x0, 0x9, 0x1, 0x0, @initdev={0xac, 0x1e, 0x5, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x9, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x67, 0x0, @loopback, @loopback}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100fdffffff000000001d00000008000300", @ANYRES32=r2, @ANYBLOB="40002f800c00020000000000000000000800010000000000280003"], 0x5c}, 0x1, 0x0, 0x0, 0x4815}, 0x0) 241.117273ms ago: executing program 4 (id=483): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x44, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x0, 0x1, 0x53}, @void, @val={0xc, 0x99, {0xb609156, 0x70}}}}, [@NL80211_ATTR_IFNAME={0xffffffffffffffbc, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x8005, @loopback, 0xbffffffc}, 0x1c) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="44000000110029", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x44}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r5, 0x0, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c000200080001"], 0x3c}}, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000180)=r8, 0x4) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@newtfilter={0x24, 0x11, 0x1, 0x8070bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0x10, 0x10}, {0xfff1, 0x8}, {0x5, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48044}, 0x40000) 173.00015ms ago: executing program 3 (id=485): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0xe4, @fixed, 0x0, 0x1}, 0xe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) listen(r1, 0x40000000) r3 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@o_path={&(0x7f0000000140)='./file0\x00', 0x0, 0x10, r0}, 0x18) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000540)={@fallback=r0, 0x0, 0x0, 0x7cc, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f00000004c0)}, 0x40) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000000a80)={{r3, &(0x7f00000005c0)='veth1\x00', 0x1000, &(0x7f0000000600)={@align=0x6, {0x2, 0x7f, 0x1}}, 0x2, 0x0, &(0x7f0000000680)=0x4}, 0x3, &(0x7f0000000a00)=[{0x1, 0x10001, &(0x7f00000006c0)='lo\x00', &(0x7f0000000700)="68287a59f40320ad0546ca2c48982d07d79862c1bc37c89a282d6cf256fe78590129afc115f3d57e9cfc4e2e505bbe52345cd95e13c1e1a5c8bfaf04c21f890846aa7730c3483c27da7bcbb05caf451417b5003835a6e1d6a172b0be77e29c0178d1d6cacabf4fff852c71e28d331aa97b739fc683f5fe2cc722ef3cc73d894fc3b72833226beb1a05eb2dae4aa0450d00df36234bd90e4ff8e8988c91de240d6da3967b659ce90ba039961a", 0xac, 0x8}, {0x2, 0x3, &(0x7f00000007c0)='\x00', &(0x7f0000000800)="0f6f11ef704d53949f079ddae5b8e9745acf1674b6c3f91543f4e6a43dd188b341f5e7429bfe88c5d4424fc6126562f21ed047b81d41050dcd518c90f0dfb8c5950f67f6d1d75bcfd0425ed7e5af10009caa0252e9ce231ab60589339846a7306e778e4c024e8eeed25a7a8dfd01c36e512d2393581a50bd46c039a7f4e3b5976345b5bab59a042dc6d919ee333931caaa32c897e820bc5e579f7d044fce", 0x9e, 0x2}, {0x3, 0x8c, &(0x7f0000000900)='\'\x00', 0x0, 0x0, 0x10}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x4, 0x16, &(0x7f0000000ec0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfff}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@call={0x85, 0x0, 0x0, 0x78}, @jmp={0x5, 0x0, 0x2, 0x7, 0x0, 0x6, 0xffffffffffffffff}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x10}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x4}, @exit], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0xd5, &(0x7f0000000c00)=""/213, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x8, &(0x7f0000000d00)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000d40)={0x3, 0x3, 0x3, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000dc0), 0x10, 0xf}, 0x94) 171.86076ms ago: executing program 0 (id=486): socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/mnt\x00') connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r3, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r6, @ANYBLOB="40005200060010"], 0x24}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f00000002c0)=@netrom={'nr', 0x0}, 0x10) setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'team0\x00'}) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) accept$unix(r2, &(0x7f0000000180)=@abs, &(0x7f00000000c0)=0x6e) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 0s ago: executing program 4 (id=487): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x18}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0xb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x850}, 0x0) kernel console output (not intermixed with test programs): 1: link becomes ready [ 56.268217][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.279788][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.287355][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.294796][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.303400][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.314201][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.326575][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.337465][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.355941][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.366640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.374649][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.383697][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.429389][ T4185] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.438365][ T4185] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.447918][ T4185] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.457618][ T4185] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.467924][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.478505][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.487510][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.496758][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.509672][ T4196] device veth0_macvtap entered promiscuous mode [ 56.520686][ T4190] device veth0_macvtap entered promiscuous mode [ 56.533435][ T4190] device veth1_macvtap entered promiscuous mode [ 56.571648][ T4196] device veth1_macvtap entered promiscuous mode [ 56.615106][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.623601][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.635232][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.643216][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.654573][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 56.663468][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.682027][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.697212][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.707394][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.718358][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.731574][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.750730][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.764437][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.776929][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.787727][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.797917][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.809278][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.821401][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.829097][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.838192][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.847070][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.856051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.864655][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.873640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.882979][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.892763][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.900664][ T4184] device veth0_vlan entered promiscuous mode [ 56.918076][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.929806][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.940752][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.952202][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.964055][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.976669][ T4190] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.985610][ T4190] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.994293][ T4190] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.003337][ T4190] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.024165][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.033363][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.046664][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.057572][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.067421][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.080619][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.090471][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.100921][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.112848][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.124563][ T4184] device veth1_vlan entered promiscuous mode [ 57.147209][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.155669][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.164160][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.176017][ T4196] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.187680][ T4196] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.189718][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.201698][ T4196] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.205718][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.213944][ T4196] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.241526][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.250901][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.267053][ T4211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.275278][ T4211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.283220][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.352084][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.364331][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.373241][ T21] Bluetooth: hci4: command 0x040f tx timeout [ 57.379615][ T21] Bluetooth: hci0: command 0x040f tx timeout [ 57.385941][ T501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.393759][ T501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.403161][ T21] Bluetooth: hci2: command 0x040f tx timeout [ 57.409378][ T21] Bluetooth: hci3: command 0x040f tx timeout [ 57.415726][ T21] Bluetooth: hci1: command 0x040f tx timeout [ 57.419427][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.440938][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.469368][ T4184] device veth0_macvtap entered promiscuous mode [ 57.505549][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.514335][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.534427][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.562988][ T4184] device veth1_macvtap entered promiscuous mode [ 57.641718][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.642606][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.694745][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.696993][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.704573][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.737860][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.753709][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.767246][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.795911][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.809417][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.827819][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.835947][ T501] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.846234][ T501] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.869598][ T501] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.889284][ T501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.931539][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.945212][ T501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.961197][ T501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.964873][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.978538][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.989082][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.000380][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.011535][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.021592][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.039609][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.054536][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.062380][ T4229] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 58.075296][ T4184] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.096090][ T4184] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.106651][ T4184] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.115589][ T4184] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.134312][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.136468][ T4211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.152797][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.167607][ T4211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.174308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.185689][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.236372][ T4278] loop4: detected capacity change from 0 to 32768 [ 58.255054][ T501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.281620][ T4278] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.8 (4278) [ 58.288787][ T501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.315356][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.379252][ T4278] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 58.389540][ T4278] BTRFS info (device loop4): force clearing of disk cache [ 58.402470][ T501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.416855][ T4278] BTRFS info (device loop4): metadata ratio 0 [ 58.422965][ T4278] BTRFS info (device loop4): enabling ssd optimizations [ 58.430211][ T501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.430821][ T4278] BTRFS info (device loop4): using spread ssd allocation scheme [ 58.446612][ T4278] BTRFS info (device loop4): using free space tree [ 58.453134][ T4278] BTRFS info (device loop4): has skinny extents [ 58.474629][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.485864][ T4229] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.504210][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.519010][ T4280] loop3: detected capacity change from 0 to 2048 [ 58.526605][ T4229] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.542782][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.561267][ T501] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.601455][ T4229] usb 1-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 58.614500][ T4290] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 58.664538][ T4229] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.703606][ T26] audit: type=1800 audit(1773015349.371:2): pid=4280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 58.743536][ T4229] usb 1-1: config 0 descriptor?? [ 58.828088][ T4278] BTRFS info (device loop4): clearing free space tree [ 58.872050][ T4278] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.915487][ T4278] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.938677][ T4306] loop1: detected capacity change from 0 to 2048 [ 59.055812][ T4278] BTRFS info (device loop4): creating free space tree [ 59.077488][ T4310] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.106542][ T4278] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 59.138502][ T26] audit: type=1800 audit(1773015349.811:3): pid=4306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 59.154930][ T4278] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 59.239293][ T4229] hkems 0003:2006:0118.0001: item fetching failed at offset 5/7 [ 59.271693][ T4229] hkems 0003:2006:0118.0001: parse failed [ 59.301330][ T4229] hkems: probe of 0003:2006:0118.0001 failed with error -22 [ 59.445635][ T23] Bluetooth: hci1: command 0x0419 tx timeout [ 59.454921][ T23] Bluetooth: hci3: command 0x0419 tx timeout [ 59.473119][ T23] Bluetooth: hci2: command 0x0419 tx timeout [ 59.514904][ T23] Bluetooth: hci0: command 0x0419 tx timeout [ 59.515073][ T4274] udc-core: couldn't find an available UDC or it's busy [ 59.548354][ T23] Bluetooth: hci4: command 0x0419 tx timeout [ 59.592925][ T4274] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 59.750554][ T4274] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.758867][ T4274] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.803775][ T4274] device bridge0 entered promiscuous mode [ 60.061158][ T4308] loop2: detected capacity change from 0 to 32768 [ 60.105608][ T4308] ======================================================= [ 60.105608][ T4308] WARNING: The mand mount option has been deprecated and [ 60.105608][ T4308] and is ignored by this kernel. Remove the mand [ 60.105608][ T4308] option from the mount to silence this warning. [ 60.105608][ T4308] ======================================================= [ 60.450172][ T4308] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 60.698921][ T4317] ODEBUG: Out of memory. ODEBUG disabled [ 60.856289][ T4196] ocfs2: Unmounting device (7,2) on (node local) [ 60.908447][ T4234] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 60.924652][ T4318] loop0: detected capacity change from 0 to 32768 [ 61.100322][ T4230] usb 1-1: USB disconnect, device number 2 [ 61.334961][ T4234] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 61.355877][ T4234] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 61.371858][ T4234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.392074][ T4234] usb 5-1: config 0 descriptor?? [ 61.463600][ T4234] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 61.594805][ T4324] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 61.697214][ T4329] usb 5-1: USB disconnect, device number 2 [ 61.792856][ T4342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14'. [ 61.833835][ T4337] loop0: detected capacity change from 0 to 32768 [ 61.864137][ T4346] loop4: detected capacity change from 0 to 4096 [ 61.946825][ T4346] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 61.978680][ T4337] XFS (loop0): Mounting V5 Filesystem [ 61.985005][ T4324] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.014781][ T4324] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 62.024613][ T4324] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 62.034428][ T4346] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 62.092825][ T4324] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.108319][ T4346] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 62.134203][ T4353] sp0: Synchronizing with TNC [ 62.151550][ T4324] usb 3-1: config 0 descriptor?? [ 62.162861][ T4346] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 62.190738][ T4337] XFS (loop0): Ending clean mount [ 62.193706][ T4345] loop1: detected capacity change from 0 to 32768 [ 62.203265][ T4346] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 62.210420][ T4337] XFS (loop0): Quotacheck needed: Please wait. [ 62.218326][ T4346] ntfs: volume version 3.1. [ 62.233231][ T4346] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 62.246368][ T4346] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 62.259386][ T4346] ntfs: (device loop4): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 62.334631][ T4345] XFS (loop1): Mounting V5 Filesystem [ 62.355678][ T4337] XFS (loop0): Quotacheck: Done. [ 62.409523][ T4345] XFS (loop1): Ending clean mount [ 62.430506][ T4369] loop3: detected capacity change from 0 to 2048 [ 62.489940][ T4345] XFS (loop1): Quotacheck needed: Please wait. [ 62.565673][ T4345] XFS (loop1): Quotacheck: Done. [ 62.578952][ T4372] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.596498][ T4337] loop5: detected capacity change from 0 to 7 [ 62.678521][ T4337] Dev loop5: unable to read RDB block 7 [ 62.684677][ T4337] loop5: unable to read partition table [ 62.755512][ T4337] loop5: partition table beyond EOD, truncated [ 62.772741][ T4324] hkems 0003:2006:0118.0002: item fetching failed at offset 5/7 [ 62.781329][ T4324] hkems 0003:2006:0118.0002: parse failed [ 62.787785][ T4324] hkems: probe of 0003:2006:0118.0002 failed with error -22 [ 63.027274][ T4337] loop_reread_partitions: partition scan of loop5 (ўшЂЋxќ—Ÿбр– ) failed (rc=-5) [ 63.095864][ T4335] udc-core: couldn't find an available UDC or it's busy [ 63.141856][ T4377] Dev loop8: unable to read RDB block 7 [ 63.147544][ T4377] loop8: unable to read partition table [ 63.153289][ T4377] loop8: partition table beyond EOD, truncated [ 63.159648][ T4377] loop_reread_partitions: partition scan of loop8 (ўшЂЋxќ^>бр– ) failed (rc=-5) [ 63.230689][ T4335] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 63.247472][ T4377] syz.1.15 (4377) used greatest stack depth: 20120 bytes left [ 63.351921][ T4335] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.359330][ T4335] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.368996][ T4367] set_capacity_and_notify: 1 callbacks suppressed [ 63.369009][ T4367] loop4: detected capacity change from 0 to 32768 [ 63.381860][ T4184] XFS (loop1): Unmounting Filesystem [ 63.409373][ T4185] XFS (loop0): Unmounting Filesystem [ 63.419911][ T4335] device bridge0 entered promiscuous mode [ 63.721782][ T4367] XFS (loop4): Mounting V5 Filesystem [ 63.847383][ T4378] loop2: detected capacity change from 0 to 32768 [ 63.935857][ T4335] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11'. [ 63.995975][ T4367] XFS (loop4): Ending clean mount [ 64.152452][ T4378] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11'. [ 64.243741][ T4397] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 64.250532][ T4397] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 64.472394][ T4404] loop0: detected capacity change from 0 to 4096 [ 64.811116][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 64.823604][ T1109] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 64.827221][ T4397] vhci_hcd vhci_hcd.0: Device attached [ 64.857536][ T4404] __ntfs_error: 7 callbacks suppressed [ 64.857552][ T4404] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 64.875060][ T4404] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 64.889150][ T4404] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 64.900717][ T4404] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 64.913812][ T4404] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 64.919266][ T4186] XFS (loop4): Unmounting Filesystem [ 64.931754][ T4404] ntfs: volume version 3.1. [ 64.948316][ T4404] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 64.959467][ T4404] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 64.970801][ T4404] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 64.986204][ T4404] ntfs: (device loop0): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 64.996222][ T4404] ntfs: (device loop0): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 65.044023][ T4234] usb 3-1: USB disconnect, device number 2 [ 65.094943][ T4331] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 65.173166][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 65.173256][ T1109] usb 2-1: device descriptor read/64, error -71 [ 65.348032][ T4415] loop3: detected capacity change from 0 to 512 [ 65.466624][ T4418] capability: warning: `syz.4.24' uses 32-bit capabilities (legacy support in use) [ 65.476269][ T1109] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 65.528810][ T4415] EXT4-fs (loop3): Test dummy encryption mode enabled [ 65.585572][ T4427] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 65.603518][ T4415] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2807: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 65.652704][ T4415] EXT4-fs (loop3): 1 truncate cleaned up [ 65.671140][ T4415] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,nombcache,barrier,test_dummy_encryption,noauto_da_alloc,. Quota mode: none. [ 65.700111][ T1109] usb 2-1: device descriptor read/64, error -71 [ 65.772229][ T4415] FAULT_INJECTION: forcing a failure. [ 65.772229][ T4415] name failslab, interval 1, probability 0, space 0, times 1 [ 65.776673][ T4414] loop0: detected capacity change from 0 to 32768 [ 65.840809][ T4415] CPU: 1 PID: 4415 Comm: syz.3.28 Not tainted syzkaller #0 [ 65.844902][ T1109] usb usb2-port1: attempt power cycle [ 65.848034][ T4415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 65.848059][ T4415] Call Trace: [ 65.848067][ T4415] [ 65.848073][ T4415] dump_stack_lvl+0x188/0x250 [ 65.874337][ T4415] ? show_regs_print_info+0x20/0x20 [ 65.879551][ T4415] ? load_image+0x400/0x400 [ 65.884071][ T4415] ? __lock_acquire+0x7d10/0x7d10 [ 65.889258][ T4415] ? rcu_lock_acquire+0x30/0x30 [ 65.894118][ T4415] should_fail+0x38c/0x4c0 [ 65.898651][ T4415] should_failslab+0x5/0x20 [ 65.903171][ T4415] slab_pre_alloc_hook+0x51/0xc0 [ 65.908117][ T4415] ? security_file_alloc+0x30/0x110 [ 65.913329][ T4415] kmem_cache_alloc+0x3d/0x290 [ 65.918098][ T4415] ? rcu_is_watching+0x11/0xa0 [ 65.922878][ T4415] security_file_alloc+0x30/0x110 [ 65.927911][ T4415] __alloc_file+0xc2/0x240 [ 65.932338][ T4415] alloc_empty_file+0x90/0x180 [ 65.937115][ T4415] path_openat+0x10f/0x2fa0 [ 65.941643][ T4415] ? verify_lock_unused+0x140/0x140 [ 65.946851][ T4415] ? __kasan_slab_alloc+0xb3/0xd0 [ 65.951887][ T4415] ? __kasan_slab_alloc+0x9c/0xd0 [ 65.956923][ T4415] ? slab_post_alloc_hook+0x4c/0x380 [ 65.962217][ T4415] ? __x64_sys_openat+0x135/0x160 [ 65.967249][ T4415] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.973328][ T4415] ? do_filp_open+0x410/0x410 [ 65.978033][ T4415] do_filp_open+0x1e2/0x410 [ 65.982554][ T4415] ? vfs_tmpfile+0x300/0x300 [ 65.984254][ T4439] loop2: detected capacity change from 0 to 64 [ 65.987168][ T4415] ? _raw_spin_unlock+0x24/0x40 [ 65.987190][ T4415] ? alloc_fd+0x598/0x630 [ 65.987213][ T4415] do_sys_openat2+0x150/0x4b0 [ 65.987230][ T4415] ? __lock_acquire+0x7d10/0x7d10 [ 66.012268][ T4415] ? do_sys_open+0xe0/0xe0 [ 66.016684][ T4415] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 66.022655][ T4415] ? lock_chain_count+0x20/0x20 [ 66.027490][ T4415] ? vtime_user_exit+0x2c8/0x3e0 [ 66.032413][ T4415] __x64_sys_openat+0x135/0x160 [ 66.037250][ T4415] do_syscall_64+0x4c/0xa0 [ 66.041657][ T4415] ? clear_bhb_loop+0x30/0x80 [ 66.046327][ T4415] ? clear_bhb_loop+0x30/0x80 [ 66.051028][ T4415] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.056907][ T4415] RIP: 0033:0x7fa37a593799 [ 66.061318][ T4415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 66.081441][ T4415] RSP: 002b:00007fa3787ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 66.090025][ T4415] RAX: ffffffffffffffda RBX: 00007fa37a80cfa0 RCX: 00007fa37a593799 [ 66.097992][ T4415] RDX: 0000000000143042 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 66.105995][ T4415] RBP: 00007fa3787ed090 R08: 0000000000000000 R09: 0000000000000000 [ 66.113962][ T4415] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001 [ 66.121918][ T4415] R13: 00007fa37a80d038 R14: 00007fa37a80cfa0 R15: 00007ffc76212638 [ 66.129884][ T4415] [ 66.167281][ T4414] XFS (loop0): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 66.317908][ T4234] XFS (loop0): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 [ 66.331555][ T4234] XFS (loop0): Unmount and run xfs_repair [ 66.337465][ T4234] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 66.945085][ T4234] 00000000: 46 49 42 33 00 00 00 01 ff ff 01 ff ff ff ff ff FIB3............ [ 66.955473][ T4234] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 80 ................ [ 66.966235][ T4234] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 66.975129][ T4234] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 66.984061][ T4234] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 66.993022][ T4234] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 67.014793][ T1109] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 67.024174][ T4234] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 67.037921][ T4451] netlink: 12 bytes leftover after parsing attributes in process `syz.3.32'. [ 67.047787][ T4234] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 67.065674][ T4414] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74 [ 67.077414][ T4398] vhci_hcd: connection reset by peer [ 67.092162][ T4376] vhci_hcd: stop threads [ 67.102152][ T4414] XFS (loop0): Failed to initialize disk quotas. [ 67.113112][ T1109] usb 2-1: device descriptor read/8, error -71 [ 67.122456][ T4376] vhci_hcd: release socket [ 67.159209][ T4459] loop1: detected capacity change from 0 to 64 [ 67.174967][ T4376] vhci_hcd: disconnect device [ 67.211709][ T4185] XFS (loop0): Unmounting Filesystem [ 67.255734][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 67.267391][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 67.375233][ T4459] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 67.447812][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 67.473520][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 67.517840][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10!!! [ 67.780727][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 68.372296][ T4478] device syzkaller0 entered promiscuous mode [ 68.413366][ T4480] loop2: detected capacity change from 0 to 1024 [ 68.534779][ T4324] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 68.757968][ T4488] loop4: detected capacity change from 0 to 2048 [ 68.787780][ T4489] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.915126][ T4324] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 68.951569][ T4324] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 68.990451][ T4324] usb 1-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 69.009825][ T4324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.049436][ T4324] usb 1-1: config 0 descriptor?? [ 69.209384][ T4494] loop1: detected capacity change from 0 to 2048 [ 69.282028][ T4497] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 69.516496][ T4324] hkems 0003:2006:0118.0003: item fetching failed at offset 5/7 [ 69.538063][ T4324] hkems 0003:2006:0118.0003: parse failed [ 69.545305][ T4324] hkems: probe of 0003:2006:0118.0003 failed with error -22 [ 69.724215][ T4474] udc-core: couldn't find an available UDC or it's busy [ 69.758760][ T4474] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 69.981664][ T4499] loop2: detected capacity change from 0 to 32768 [ 70.173569][ T4499] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 70.298909][ T4196] ocfs2: Unmounting device (7,2) on (node local) [ 70.325048][ T4331] vhci_hcd: vhci_device speed not set [ 70.512522][ T4510] netlink: 8 bytes leftover after parsing attributes in process `syz.3.49'. [ 70.682831][ T4512] tipc: Enabling of bearer rejected, failed to enable media [ 70.718487][ T4474] loop0: detected capacity change from 0 to 32768 [ 70.804507][ T4474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.40'. [ 70.821431][ T4512] device syzkaller0 entered promiscuous mode [ 70.838266][ T4474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.40'. [ 70.907563][ T4503] loop1: detected capacity change from 0 to 32768 [ 70.946405][ T1109] usb 1-1: USB disconnect, device number 3 [ 71.024912][ T4234] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 71.039004][ T4503] XFS (loop1): Mounting V5 Filesystem [ 71.042194][ T4526] loop3: detected capacity change from 0 to 1024 [ 71.151670][ T4503] XFS (loop1): Ending clean mount [ 71.279567][ T4184] XFS (loop1): Unmounting Filesystem [ 71.289148][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.289264][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.405090][ T4234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.425918][ T4234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.442298][ T4234] usb 5-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 71.464909][ T4234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.501523][ T4234] usb 5-1: config 0 descriptor?? [ 71.718782][ T4545] loop3: detected capacity change from 0 to 2048 [ 71.788500][ T4547] loop0: detected capacity change from 0 to 512 [ 71.827477][ T4549] loop1: detected capacity change from 0 to 2048 [ 71.834556][ T4550] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.853288][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 71.853302][ T26] audit: type=1800 audit(1773015362.521:7): pid=4545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.62" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 71.886757][ T4547] EXT4-fs (loop0): Ignoring removed oldalloc option [ 71.910679][ T4547] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 71.937698][ T4547] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 71.955291][ T4551] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.978427][ T26] audit: type=1800 audit(1773015362.651:8): pid=4549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.59" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 72.006546][ T4234] hkems 0003:2006:0118.0004: item fetching failed at offset 5/7 [ 72.032093][ T4234] hkems 0003:2006:0118.0004: parse failed [ 72.046428][ T4234] hkems: probe of 0003:2006:0118.0004 failed with error -22 [ 72.056463][ T4547] EXT4-fs (loop0): 1 truncate cleaned up [ 72.058912][ T4540] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 72.102886][ T4547] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 72.218669][ T4196] ocfs2: Unmounting device (7,2) on (node local) [ 72.230117][ T4516] udc-core: couldn't find an available UDC or it's busy [ 72.274846][ T4516] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 72.311865][ T4516] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.319294][ T4516] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.431133][ T4516] device bridge0 entered promiscuous mode [ 72.997049][ T4568] device syzkaller0 entered promiscuous mode [ 73.379583][ T4516] netlink: 12 bytes leftover after parsing attributes in process `syz.4.51'. [ 73.380305][ T4583] netlink: 8 bytes leftover after parsing attributes in process `syz.3.72'. [ 73.515092][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 73.515858][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #100!!! [ 73.543875][ T4516] netlink: 12 bytes leftover after parsing attributes in process `syz.4.51'. [ 74.306260][ T21] usb 5-1: USB disconnect, device number 3 [ 74.467216][ T4575] set_capacity_and_notify: 3 callbacks suppressed [ 74.467230][ T4575] loop1: detected capacity change from 0 to 32768 [ 74.544947][ T4231] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 74.570162][ T4575] XFS (loop1): Mounting V5 Filesystem [ 74.659165][ T4575] XFS (loop1): Ending clean mount [ 74.740248][ T4184] XFS (loop1): Unmounting Filesystem [ 74.746867][ T4589] loop3: detected capacity change from 0 to 32768 [ 74.825411][ T4589] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 74.883911][ T4589] (syz.3.74,4589,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 74.913778][ T4331] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 74.935173][ T4231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.994824][ T4231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.030108][ T4231] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 75.055229][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 75.063732][ T4604] loop4: detected capacity change from 0 to 2048 [ 75.069286][ T4231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.119244][ T4231] usb 3-1: config 0 descriptor?? [ 75.201057][ T4609] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 75.213564][ T26] audit: type=1800 audit(1773015365.881:9): pid=4604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.77" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 75.280197][ T4331] usb 1-1: too many configurations: 129, using maximum allowed: 8 [ 75.320026][ T4615] loop3: detected capacity change from 0 to 1024 [ 75.359520][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 75.359553][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 75.434994][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 75.435027][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 75.514851][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 75.533112][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 75.586779][ T4231] hkems 0003:2006:0118.0005: item fetching failed at offset 5/7 [ 75.605324][ T4231] hkems 0003:2006:0118.0005: parse failed [ 75.611094][ T4231] hkems: probe of 0003:2006:0118.0005 failed with error -22 [ 75.634962][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 75.670231][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 75.789308][ T4587] udc-core: couldn't find an available UDC or it's busy [ 75.796490][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 75.906414][ T4587] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 75.908677][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 75.929276][ T4624] device syzkaller0 entered promiscuous mode [ 76.201926][ T4231] usb 3-1: USB disconnect, device number 3 [ 76.243781][ T4633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.85'. [ 76.253033][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 76.264378][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 76.356904][ T4635] loop4: detected capacity change from 0 to 2048 [ 76.384832][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 76.402409][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 76.406603][ T13] cfg80211: failed to load regulatory.db [ 76.454026][ T4638] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.490067][ T26] audit: type=1800 audit(1773015367.161:10): pid=4635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.84" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 76.545094][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 76.559137][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 76.754912][ T4331] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 76.768091][ T4331] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 76.796766][ T4331] usb 1-1: Product: syz [ 76.801001][ T4331] usb 1-1: Manufacturer: syz [ 76.823687][ T4331] usb 1-1: SerialNumber: syz [ 76.843873][ T4331] usb 1-1: config 0 descriptor?? [ 76.877208][ T4637] loop3: detected capacity change from 0 to 32768 [ 76.915522][ T4331] hub 1-1:0.0: Invalid hub with more than one config or interface [ 76.933670][ T4331] hub: probe of 1-1:0.0 failed with error -22 [ 76.959836][ T4331] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 77.074264][ T4637] XFS (loop3): Mounting V5 Filesystem [ 77.167209][ T4637] XFS (loop3): Ending clean mount [ 77.436690][ T13] usb 1-1: USB disconnect, device number 4 [ 77.464291][ T4190] XFS (loop3): Unmounting Filesystem [ 77.682160][ T4641] loop2: detected capacity change from 0 to 40427 [ 77.790852][ T4641] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1ffff [ 77.835381][ T4641] F2FS-fs (loop2): invalid crc value [ 77.872063][ T4641] F2FS-fs (loop2): Found nat_bits in checkpoint [ 78.059779][ T4664] loop3: detected capacity change from 0 to 64 [ 78.068303][ T4656] loop4: detected capacity change from 0 to 32768 [ 78.081580][ T4641] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 78.092510][ T4663] loop0: detected capacity change from 0 to 1024 [ 78.140564][ T4664] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 78.143835][ T4656] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 78.197197][ T4656] (syz.4.90,4656,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 78.352086][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 78.407760][ T4658] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.92 (4658) [ 78.536223][ T4658] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 78.583023][ T4658] BTRFS info (device loop1): force clearing of disk cache [ 78.600772][ T4658] BTRFS info (device loop1): metadata ratio 0 [ 78.620052][ T4658] BTRFS info (device loop1): enabling ssd optimizations [ 78.663574][ T4658] BTRFS info (device loop1): using spread ssd allocation scheme [ 78.711461][ T4658] BTRFS info (device loop1): using free space tree [ 78.722824][ T4674] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.748584][ T4658] BTRFS info (device loop1): has skinny extents [ 78.756825][ T26] audit: type=1800 audit(1773015369.431:11): pid=4672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.95" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 79.112496][ T4658] BTRFS info (device loop1): clearing free space tree [ 79.124972][ T4658] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 79.142972][ T4690] device syzkaller0 entered promiscuous mode [ 79.162489][ T4658] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 79.184772][ T4331] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 79.235801][ T4658] BTRFS info (device loop1): creating free space tree [ 79.267981][ T4658] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 79.311293][ T4658] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 79.513449][ T4703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.99'. [ 80.374877][ T4331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.394752][ T4331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.414793][ T4331] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 80.443022][ T4716] set_capacity_and_notify: 2 callbacks suppressed [ 80.443037][ T4716] loop3: detected capacity change from 0 to 2048 [ 80.456365][ T4331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.468851][ T4331] usb 3-1: config 0 descriptor?? [ 80.611874][ T4722] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 80.633675][ T26] audit: type=1800 audit(1773015371.301:12): pid=4716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.101" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 80.802453][ T4324] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 80.947086][ T4331] hkems 0003:2006:0118.0006: item fetching failed at offset 5/7 [ 80.956115][ T4331] hkems 0003:2006:0118.0006: parse failed [ 80.961884][ T4331] hkems: probe of 0003:2006:0118.0006 failed with error -22 [ 81.115228][ T4324] usb 5-1: too many configurations: 129, using maximum allowed: 8 [ 81.139241][ T4720] loop0: detected capacity change from 0 to 32768 [ 81.148841][ T4688] udc-core: couldn't find an available UDC or it's busy [ 81.194960][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 81.204985][ T4688] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 81.223912][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 81.243420][ T4733] loop1: detected capacity change from 0 to 1024 [ 81.324976][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 81.331862][ T4720] XFS (loop0): Mounting V5 Filesystem [ 81.340346][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 81.444906][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 81.464769][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 81.493074][ T4720] XFS (loop0): Ending clean mount [ 81.565072][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 81.587601][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 81.646309][ T4185] XFS (loop0): Unmounting Filesystem [ 81.705068][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 81.725010][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 81.799144][ T4740] loop3: detected capacity change from 0 to 32768 [ 81.850655][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 81.889426][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 81.943549][ T4740] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 81.995467][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 82.036820][ T4688] loop2: detected capacity change from 0 to 32768 [ 82.055189][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 82.089115][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 82.149076][ T4688] netlink: 12 bytes leftover after parsing attributes in process `syz.2.96'. [ 82.184861][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 82.224060][ T4324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64 [ 82.236685][ T4688] netlink: 12 bytes leftover after parsing attributes in process `syz.2.96'. [ 82.292253][ T4750] loop3: detected capacity change from 0 to 2048 [ 82.305564][ T4235] usb 3-1: USB disconnect, device number 4 [ 82.349737][ T4746] loop1: detected capacity change from 0 to 40427 [ 82.361244][ T4746] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff [ 82.362784][ T4755] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 82.412076][ T26] audit: type=1800 audit(1773015373.081:13): pid=4750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.109" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 82.434026][ T4324] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 82.455934][ T4324] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 82.461597][ T4746] F2FS-fs (loop1): invalid crc value [ 82.472035][ T4324] usb 5-1: Product: syz [ 82.476437][ T4324] usb 5-1: Manufacturer: syz [ 82.481484][ T4324] usb 5-1: SerialNumber: syz [ 82.499519][ T4324] usb 5-1: config 0 descriptor?? [ 82.521520][ T4746] F2FS-fs (loop1): Found nat_bits in checkpoint [ 82.527343][ T4757] device syzkaller0 entered promiscuous mode [ 82.535533][ T4324] hub 5-1:0.0: Invalid hub with more than one config or interface [ 82.543378][ T4324] hub: probe of 5-1:0.0 failed with error -22 [ 82.556135][ T4324] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input6 [ 82.695076][ T4746] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 82.767626][ T4763] loop0: detected capacity change from 0 to 64 [ 82.838776][ T4763] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 82.963269][ T4324] usb 5-1: USB disconnect, device number 4 [ 83.297366][ T4769] netlink: 8 bytes leftover after parsing attributes in process `syz.3.114'. [ 84.229969][ T4778] loop3: detected capacity change from 0 to 2048 [ 84.299380][ T4782] loop4: detected capacity change from 0 to 1024 [ 84.364870][ T4783] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 84.375090][ T26] audit: type=1800 audit(1773015375.051:14): pid=4778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.117" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 84.665681][ T4780] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 84.782165][ T4196] ocfs2: Unmounting device (7,2) on (node local) [ 84.940543][ T4772] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.115 (4772) [ 85.028223][ T4772] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 85.045698][ T4772] BTRFS info (device loop1): force clearing of disk cache [ 85.052879][ T4772] BTRFS info (device loop1): metadata ratio 0 [ 85.080377][ T4772] BTRFS info (device loop1): enabling ssd optimizations [ 85.104339][ T4772] BTRFS info (device loop1): using spread ssd allocation scheme [ 85.127133][ T4772] BTRFS info (device loop1): using free space tree [ 85.138272][ T4772] BTRFS info (device loop1): has skinny extents [ 85.312771][ T4808] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 85.323505][ T26] audit: type=1800 audit(1773015375.991:15): pid=4798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.124" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 85.354095][ T4797] device syzkaller0 entered promiscuous mode [ 85.554426][ T4772] BTRFS info (device loop1): clearing free space tree [ 85.592386][ T4772] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 85.638005][ T4772] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 85.664893][ T4235] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 85.680463][ T4772] BTRFS info (device loop1): creating free space tree [ 85.680765][ T4793] set_capacity_and_notify: 3 callbacks suppressed [ 85.680777][ T4793] loop0: detected capacity change from 0 to 32768 [ 85.720319][ T4772] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 85.792001][ T4793] XFS (loop0): Mounting V5 Filesystem [ 85.831600][ T4793] XFS (loop0): Ending clean mount [ 85.853516][ T4772] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 85.910671][ T4185] XFS (loop0): Unmounting Filesystem [ 86.104309][ T4235] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.124614][ T4235] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.138495][ T4235] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 86.153764][ T4235] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.170072][ T4235] usb 4-1: config 0 descriptor?? [ 86.509570][ T4843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.127'. [ 86.885824][ T4807] udc-core: couldn't find an available UDC or it's busy [ 86.937484][ T4807] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 87.194982][ T4807] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.202453][ T4807] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.248404][ T4846] loop0: detected capacity change from 0 to 1024 [ 87.254297][ T4235] hkems 0003:2006:0118.0007: item fetching failed at offset 5/7 [ 87.264407][ T4235] hkems 0003:2006:0118.0007: parse failed [ 87.270585][ T4235] hkems: probe of 0003:2006:0118.0007 failed with error -22 [ 87.325150][ T4807] device bridge0 entered promiscuous mode [ 87.372625][ T4836] loop2: detected capacity change from 0 to 40427 [ 87.436907][ T4836] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1ffff [ 87.503418][ T4836] F2FS-fs (loop2): invalid crc value [ 87.557381][ T4836] F2FS-fs (loop2): Found nat_bits in checkpoint [ 87.741010][ T4836] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 87.966254][ T4847] loop3: detected capacity change from 0 to 32768 [ 87.999861][ T4849] loop4: detected capacity change from 0 to 32768 [ 88.069054][ T4866] loop0: detected capacity change from 0 to 2048 [ 88.099213][ T4868] loop1: detected capacity change from 0 to 64 [ 88.133213][ T4807] netlink: 12 bytes leftover after parsing attributes in process `syz.3.123'. [ 88.160198][ T4807] netlink: 12 bytes leftover after parsing attributes in process `syz.3.123'. [ 88.180433][ T4868] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 88.214019][ T4849] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 88.270160][ T4873] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 88.345305][ T26] audit: type=1800 audit(1773015379.021:16): pid=4866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.133" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 88.348887][ T4863] usb 4-1: USB disconnect, device number 2 [ 88.495798][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 88.756441][ T4879] device syzkaller0 entered promiscuous mode [ 89.022456][ T4886] netlink: 8 bytes leftover after parsing attributes in process `syz.0.140'. [ 89.291691][ T4881] loop2: detected capacity change from 0 to 32768 [ 89.879816][ T4881] XFS (loop2): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 90.060013][ T4895] loop3: detected capacity change from 0 to 2048 [ 90.087057][ T4324] XFS (loop2): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 [ 90.163725][ T4904] loop0: detected capacity change from 0 to 1024 [ 90.174157][ T4324] XFS (loop2): Unmount and run xfs_repair [ 90.190397][ T4324] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 90.198311][ T4324] 00000000: 46 49 42 33 00 00 00 01 ff ff 01 ff ff ff ff ff FIB3............ [ 90.207893][ T4324] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 80 ................ [ 90.216919][ T4324] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 90.225460][ T4907] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 90.226194][ T4324] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 90.258746][ T4324] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 90.267936][ T4324] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 90.277186][ T26] audit: type=1800 audit(1773015380.951:17): pid=4895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.138" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 90.279276][ T4324] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 90.297484][ C0] vkms_vblank_simulate: vblank timer overrun [ 90.404928][ T4324] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 90.444798][ T4881] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74 [ 90.502051][ T4881] XFS (loop2): Failed to initialize disk quotas. [ 90.619464][ T4884] XFS (loop4): Mounting V5 Filesystem [ 90.699192][ T4196] XFS (loop2): Unmounting Filesystem [ 90.804961][ T4884] XFS (loop4): Ending clean mount [ 90.934320][ T4186] XFS (loop4): Unmounting Filesystem [ 90.981039][ T4909] set_capacity_and_notify: 1 callbacks suppressed [ 90.981054][ T4909] loop1: detected capacity change from 0 to 32768 [ 91.111891][ T4909] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.144 (4909) [ 91.153729][ T4909] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 91.211880][ T4909] BTRFS info (device loop1): force clearing of disk cache [ 91.228394][ T4909] BTRFS info (device loop1): metadata ratio 0 [ 91.272203][ T4909] BTRFS info (device loop1): enabling ssd optimizations [ 91.288926][ T4909] BTRFS info (device loop1): using spread ssd allocation scheme [ 91.369424][ T4909] BTRFS info (device loop1): using free space tree [ 91.382743][ T4909] BTRFS info (device loop1): has skinny extents [ 91.389406][ T4863] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 91.401608][ T4936] loop2: detected capacity change from 0 to 512 [ 91.440702][ T4933] device syzkaller0 entered promiscuous mode [ 91.440797][ T4936] EXT4-fs (loop2): Ignoring removed oldalloc option [ 91.482874][ T4936] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 91.509483][ T4936] EXT4-fs (loop2): 1 truncate cleaned up [ 91.533977][ T4936] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 91.618030][ T4909] BTRFS info (device loop1): clearing free space tree [ 91.634653][ T4961] loop4: detected capacity change from 0 to 2048 [ 91.645267][ T4909] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 91.657825][ T4909] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 91.703183][ T4963] loop3: detected capacity change from 0 to 64 [ 91.732334][ T4909] BTRFS info (device loop1): creating free space tree [ 91.740128][ T4909] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 91.753123][ T4909] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 91.774750][ T4963] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 91.809545][ T4964] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 91.820619][ T4863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.852785][ T4863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.862192][ T26] audit: type=1800 audit(1773015382.531:18): pid=4961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.151" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 91.894288][ T4863] usb 1-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 91.945144][ T4863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.989941][ T4863] usb 1-1: config 0 descriptor?? [ 92.504327][ T4863] hkems 0003:2006:0118.0008: item fetching failed at offset 5/7 [ 92.513930][ T4968] fuse: Bad value for 'fd' [ 92.525400][ T4968] netlink: 8 bytes leftover after parsing attributes in process `syz.4.153'. [ 92.533119][ T4863] hkems 0003:2006:0118.0008: parse failed [ 92.550630][ T4863] hkems: probe of 0003:2006:0118.0008 failed with error -22 [ 92.708288][ T4930] udc-core: couldn't find an available UDC or it's busy [ 92.741736][ T4930] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 93.932668][ T4980] loop1: detected capacity change from 0 to 1024 [ 94.360911][ T4991] loop2: detected capacity change from 0 to 2048 [ 94.369082][ T4860] usb 1-1: USB disconnect, device number 5 [ 94.437129][ T4993] device syzkaller0 entered promiscuous mode [ 94.454425][ T4976] loop4: detected capacity change from 0 to 32768 [ 94.512145][ T4999] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.531923][ T26] audit: type=1800 audit(1773015385.201:19): pid=4991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.161" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 94.543800][ T4998] loop0: detected capacity change from 0 to 2048 [ 94.602743][ T5001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.165'. [ 94.740378][ T5007] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.773443][ T26] audit: type=1800 audit(1773015385.441:20): pid=4998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.164" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 94.820421][ T4976] XFS (loop4): Mounting V5 Filesystem [ 94.851089][ T5015] loop3: detected capacity change from 0 to 64 [ 94.996133][ T4976] XFS (loop4): Ending clean mount [ 95.732123][ T5015] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 95.853461][ T4186] XFS (loop4): Unmounting Filesystem [ 95.968384][ T5023] loop2: detected capacity change from 0 to 512 [ 96.055134][ T5023] EXT4-fs (loop2): Ignoring removed oldalloc option [ 96.055235][ T5023] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 96.132346][ T5023] EXT4-fs (loop2): 1 truncate cleaned up [ 96.138255][ T5023] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 96.323246][ T5034] loop3: detected capacity change from 0 to 1024 [ 96.530842][ T5021] loop1: detected capacity change from 0 to 32768 [ 96.638400][ T5043] device syzkaller0 entered promiscuous mode [ 96.644968][ T4858] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 96.652896][ T5021] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.168 (5021) [ 96.713956][ T5021] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 96.736424][ T5021] BTRFS info (device loop1): force clearing of disk cache [ 96.758343][ T5021] BTRFS info (device loop1): metadata ratio 0 [ 96.768465][ T5021] BTRFS info (device loop1): enabling ssd optimizations [ 96.780747][ T5021] BTRFS info (device loop1): using spread ssd allocation scheme [ 96.789131][ T5021] BTRFS info (device loop1): using free space tree [ 96.796174][ T5021] BTRFS info (device loop1): has skinny extents [ 96.980957][ T5060] loop3: detected capacity change from 0 to 2048 [ 97.142269][ T5021] BTRFS info (device loop1): clearing free space tree [ 97.201430][ T5021] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.252834][ T5071] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 97.440408][ T26] audit: type=1800 audit(1773015388.111:21): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.179" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 97.494045][ T5021] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 97.721461][ T5021] BTRFS info (device loop1): creating free space tree [ 97.797751][ T5021] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.809617][ T4858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.825375][ T4858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.835307][ T4858] usb 1-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 97.844352][ T4858] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.859670][ T4858] usb 1-1: config 0 descriptor?? [ 97.875512][ T5021] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.328935][ T5079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.181'. [ 98.376817][ T4858] hkems 0003:2006:0118.0009: item fetching failed at offset 5/7 [ 98.402318][ T4858] hkems 0003:2006:0118.0009: parse failed [ 98.428241][ T4858] hkems: probe of 0003:2006:0118.0009 failed with error -22 [ 98.585451][ T5036] udc-core: couldn't find an available UDC or it's busy [ 98.633223][ T5036] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 98.665256][ T5083] loop3: detected capacity change from 0 to 64 [ 98.701043][ T5075] loop4: detected capacity change from 0 to 32768 [ 98.769394][ T5083] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 98.868653][ T5075] XFS (loop4): Mounting V5 Filesystem [ 99.105058][ T5095] loop2: detected capacity change from 0 to 2048 [ 99.184402][ T5098] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 99.193441][ T26] audit: type=1800 audit(1773015389.871:22): pid=5095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.184" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 99.266494][ T5036] loop0: detected capacity change from 0 to 32768 [ 99.307723][ T5075] XFS (loop4): Ending clean mount [ 99.428848][ T4186] XFS (loop4): Unmounting Filesystem [ 99.437328][ T5036] netlink: 12 bytes leftover after parsing attributes in process `syz.0.175'. [ 99.456236][ T5036] netlink: 12 bytes leftover after parsing attributes in process `syz.0.175'. [ 99.644075][ T4858] usb 1-1: USB disconnect, device number 6 [ 99.723157][ T5097] loop3: detected capacity change from 0 to 32768 [ 99.787499][ T5102] device syzkaller0 entered promiscuous mode [ 99.946954][ T5097] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 99.978264][ T5112] loop4: detected capacity change from 0 to 1024 [ 100.001947][ T5097] (syz.3.186,5097,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 100.142712][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 100.217151][ T5117] loop1: detected capacity change from 0 to 512 [ 100.269745][ T5117] EXT4-fs (loop1): Ignoring removed oldalloc option [ 100.294874][ T5117] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 100.351606][ T5117] EXT4-fs (loop1): 1 truncate cleaned up [ 100.384276][ T5124] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 100.395567][ T5117] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 100.401903][ T26] audit: type=1800 audit(1773015391.071:23): pid=5119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.193" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 100.467091][ T5126] netlink: 8 bytes leftover after parsing attributes in process `syz.3.195'. [ 100.702438][ T5131] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 101.104770][ T5139] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 101.115479][ T26] audit: type=1800 audit(1773015391.781:24): pid=5138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.199" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 101.713478][ T5134] set_capacity_and_notify: 3 callbacks suppressed [ 101.713492][ T5134] loop2: detected capacity change from 0 to 32768 [ 101.765637][ T5136] loop0: detected capacity change from 0 to 32768 [ 101.787443][ T5146] device syzkaller0 entered promiscuous mode [ 101.827405][ T5136] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.198 (5136) [ 101.901928][ T5134] XFS (loop2): Mounting V5 Filesystem [ 101.907756][ T5144] loop3: detected capacity change from 0 to 32768 [ 101.968225][ T5134] XFS (loop2): Ending clean mount [ 101.984754][ T5136] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 101.994343][ T5136] BTRFS info (device loop0): force clearing of disk cache [ 102.002877][ T5136] BTRFS info (device loop0): metadata ratio 0 [ 102.018059][ T5136] BTRFS info (device loop0): enabling ssd optimizations [ 102.028651][ T5136] BTRFS info (device loop0): using spread ssd allocation scheme [ 102.040967][ T5136] BTRFS info (device loop0): using free space tree [ 102.048038][ T5136] BTRFS info (device loop0): has skinny extents [ 102.054533][ T4196] XFS (loop2): Unmounting Filesystem [ 102.079195][ T5144] XFS (loop3): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 102.324276][ T4233] XFS (loop3): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 [ 102.389888][ T4233] XFS (loop3): Unmount and run xfs_repair [ 102.404785][ T4233] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 102.420783][ T4233] 00000000: 46 49 42 33 00 00 00 01 ff ff 01 ff ff ff ff ff FIB3............ [ 102.429920][ T4233] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 80 ................ [ 102.438869][ T4233] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 102.448208][ T4233] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 102.485308][ T5181] loop2: detected capacity change from 0 to 1024 [ 102.492130][ T4233] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 102.554318][ T4233] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 102.583750][ T5136] BTRFS info (device loop0): clearing free space tree [ 102.608833][ T5136] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 102.628933][ T4233] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 102.634370][ T5163] loop4: detected capacity change from 0 to 32768 [ 102.653576][ T5136] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.672957][ T4233] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 102.674905][ T1109] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 102.704184][ T5163] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 102.705930][ T5144] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74 [ 102.744009][ T5163] (syz.4.204,5163,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 102.748998][ T5136] BTRFS info (device loop0): creating free space tree [ 102.785203][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 102.793963][ T5144] XFS (loop3): Failed to initialize disk quotas. [ 102.975510][ T5136] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 103.014864][ T5136] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 103.026226][ T4190] XFS (loop3): Unmounting Filesystem [ 103.153080][ T1109] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.175303][ T1109] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.214971][ T1109] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 103.224043][ T1109] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.255671][ T1109] usb 2-1: config 0 descriptor?? [ 103.292431][ T5202] fuse: Bad value for 'fd' [ 103.408665][ T5204] loop2: detected capacity change from 0 to 2048 [ 103.485906][ T5205] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.506535][ T26] audit: type=1800 audit(1773015394.171:25): pid=5204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.211" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 103.631926][ T5208] loop3: detected capacity change from 0 to 64 [ 103.729048][ T5208] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 103.739570][ T1109] hkems 0003:2006:0118.000A: item fetching failed at offset 5/7 [ 103.798042][ T5210] loop4: detected capacity change from 0 to 2048 [ 103.811566][ T1109] hkems 0003:2006:0118.000A: parse failed [ 103.840632][ T1109] hkems: probe of 0003:2006:0118.000A failed with error -22 [ 103.916432][ T5214] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.933020][ T26] audit: type=1800 audit(1773015394.601:26): pid=5210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.212" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 103.941633][ T5182] udc-core: couldn't find an available UDC or it's busy [ 103.975018][ T5182] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 104.041307][ T5182] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.048898][ T5182] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.110017][ T5182] device bridge0 entered promiscuous mode [ 104.354118][ T5218] device syzkaller0 entered promiscuous mode [ 104.554832][ T5230] loop2: detected capacity change from 0 to 512 [ 104.625022][ T5230] EXT4-fs (loop2): Ignoring removed oldalloc option [ 104.636304][ T5230] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 104.760120][ T5230] EXT4-fs (loop2): 1 truncate cleaned up [ 104.779812][ T5217] loop1: detected capacity change from 0 to 32768 [ 104.784927][ T5230] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 104.890500][ T5217] netlink: 12 bytes leftover after parsing attributes in process `syz.1.205'. [ 104.949509][ T5182] netlink: 12 bytes leftover after parsing attributes in process `syz.1.205'. [ 105.037485][ T5224] usb 2-1: USB disconnect, device number 6 [ 105.140557][ T5243] fuse: Bad value for 'fd' [ 105.631828][ T5233] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 105.704551][ T5233] (syz.4.218,5233,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 105.817633][ T5253] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 105.840574][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 105.853716][ T5239] XFS (loop0): Mounting V5 Filesystem [ 105.950506][ T5262] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 105.962499][ T5262] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 105.977226][ T5262] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 105.989035][ T5262] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 106.002489][ T5262] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 106.016301][ T5262] ntfs: volume version 3.1. [ 106.031412][ T5239] XFS (loop0): Ending clean mount [ 106.060920][ T5262] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 106.164966][ T5262] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 106.187145][ T5262] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 106.249719][ T5268] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 106.320158][ T5262] FAULT_INJECTION: forcing a failure. [ 106.320158][ T5262] name failslab, interval 1, probability 0, space 0, times 0 [ 106.338007][ T4185] XFS (loop0): Unmounting Filesystem [ 106.427215][ T5262] CPU: 0 PID: 5262 Comm: syz.2.226 Not tainted syzkaller #0 [ 106.434551][ T5262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 106.444608][ T5262] Call Trace: [ 106.447889][ T5262] [ 106.450816][ T5262] dump_stack_lvl+0x188/0x250 [ 106.455503][ T5262] ? show_regs_print_info+0x20/0x20 [ 106.460708][ T5262] ? load_image+0x400/0x400 [ 106.465215][ T5262] ? __lock_acquire+0x7d10/0x7d10 [ 106.470246][ T5262] ? __context_tracking_exit+0x4c/0x80 [ 106.475717][ T5262] should_fail+0x38c/0x4c0 [ 106.480140][ T5262] should_failslab+0x5/0x20 [ 106.484646][ T5262] slab_pre_alloc_hook+0x51/0xc0 [ 106.489609][ T5262] ? getname_flags+0xb5/0x500 [ 106.494299][ T5262] kmem_cache_alloc+0x3d/0x290 [ 106.499081][ T5262] getname_flags+0xb5/0x500 [ 106.503593][ T5262] __x64_sys_mkdirat+0x78/0x90 [ 106.508466][ T5262] do_syscall_64+0x4c/0xa0 [ 106.512886][ T5262] ? clear_bhb_loop+0x30/0x80 [ 106.517567][ T5262] ? clear_bhb_loop+0x30/0x80 [ 106.522248][ T5262] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 106.528144][ T5262] RIP: 0033:0x7f2f59837607 [ 106.532561][ T5262] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.552170][ T5262] RSP: 002b:00007f2f57a91e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 106.560592][ T5262] RAX: ffffffffffffffda RBX: 00007f2f57a91ee0 RCX: 00007f2f59837607 [ 106.568572][ T5262] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c [ 106.576555][ T5262] RBP: 0000200000000140 R08: 00002000000000c0 R09: 0000000000000000 [ 106.584532][ T5262] R10: 0000200000000140 R11: 0000000000000246 R12: 0000200000000040 [ 106.592512][ T5262] R13: 00007f2f57a91ea0 R14: 0000000000000000 R15: 0000000000000000 [ 106.600508][ T5262] [ 106.603572][ C0] vkms_vblank_simulate: vblank timer overrun [ 106.927046][ T5278] set_capacity_and_notify: 6 callbacks suppressed [ 106.927070][ T5278] loop3: detected capacity change from 0 to 2048 [ 106.957448][ T5280] fuse: Bad value for 'fd' [ 107.090273][ T5283] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 107.210231][ T5272] loop4: detected capacity change from 0 to 32768 [ 107.258663][ T5285] device syzkaller0 entered promiscuous mode [ 107.294847][ T5224] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 107.319826][ T5272] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.225 (5272) [ 107.394222][ T5272] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 107.434914][ T5272] BTRFS info (device loop4): force clearing of disk cache [ 107.442433][ T5272] BTRFS info (device loop4): metadata ratio 0 [ 107.488800][ T5291] loop0: detected capacity change from 0 to 512 [ 107.496149][ T5272] BTRFS info (device loop4): enabling ssd optimizations [ 107.503107][ T5272] BTRFS info (device loop4): using spread ssd allocation scheme [ 107.543369][ T5272] BTRFS info (device loop4): using free space tree [ 107.565024][ T5291] EXT4-fs (loop0): Ignoring removed oldalloc option [ 107.585184][ T5291] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 107.602577][ T5272] BTRFS info (device loop4): has skinny extents [ 107.661617][ T5291] EXT4-fs (loop0): 1 truncate cleaned up [ 107.664973][ T5224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.698859][ T5291] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 107.702253][ T5287] loop2: detected capacity change from 0 to 32768 [ 107.739135][ T5224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.759327][ T5224] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 107.777846][ T5224] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.796668][ T5224] usb 2-1: config 0 descriptor?? [ 107.885770][ T5287] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 107.905638][ T5309] loop3: detected capacity change from 0 to 64 [ 107.936541][ T5287] (syz.2.235,5287,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 107.975226][ T5309] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 108.068741][ T5272] BTRFS info (device loop4): clearing free space tree [ 108.111155][ T5272] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 108.136524][ T5272] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 108.168276][ T4196] ocfs2: Unmounting device (7,2) on (node local) [ 108.221508][ T5272] BTRFS info (device loop4): creating free space tree [ 108.276456][ T5224] hkems 0003:2006:0118.000B: item fetching failed at offset 5/7 [ 108.276483][ T5272] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 108.325502][ T5224] hkems 0003:2006:0118.000B: parse failed [ 108.331885][ T5224] hkems: probe of 0003:2006:0118.000B failed with error -22 [ 108.345141][ T5272] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 108.380590][ T5321] loop3: detected capacity change from 0 to 1024 [ 108.479450][ T5282] udc-core: couldn't find an available UDC or it's busy [ 108.524876][ T5282] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 108.931148][ T5331] loop0: detected capacity change from 0 to 2048 [ 108.994868][ T5334] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 109.003615][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 109.003629][ T26] audit: type=1800 audit(1773015399.671:29): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.241" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 109.031734][ C0] vkms_vblank_simulate: vblank timer overrun [ 109.456016][ T5333] loop3: detected capacity change from 0 to 32768 [ 109.541829][ T5342] device syzkaller0 entered promiscuous mode [ 109.628833][ T5282] loop1: detected capacity change from 0 to 32768 [ 109.712201][ T5333] XFS (loop3): Mounting V5 Filesystem [ 109.789188][ T5333] XFS (loop3): Ending clean mount [ 109.841011][ T5352] netlink: 12 bytes leftover after parsing attributes in process `syz.1.234'. [ 109.878643][ T5353] loop0: detected capacity change from 0 to 64 [ 109.938318][ T5353] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 109.968462][ T5282] netlink: 12 bytes leftover after parsing attributes in process `syz.1.234'. [ 109.981170][ T5355] fuse: Bad value for 'fd' [ 109.996979][ T5355] netlink: 8 bytes leftover after parsing attributes in process `syz.4.245'. [ 110.030715][ T4190] XFS (loop3): Unmounting Filesystem [ 110.107824][ T4724] usb 2-1: USB disconnect, device number 7 [ 110.177190][ T5360] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.215301][ T26] audit: type=1800 audit(1773015400.891:30): pid=5357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.249" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 110.292210][ T5359] EXT4-fs (loop2): Ignoring removed oldalloc option [ 110.310343][ T5359] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 110.396522][ T5359] EXT4-fs (loop2): 1 truncate cleaned up [ 110.438951][ T5359] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 111.135268][ T5377] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.543142][ T5368] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 111.658299][ T5368] (syz.3.250,5368,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 111.979010][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 112.273031][ T5398] fuse: Bad value for 'fd' [ 112.319350][ T5392] set_capacity_and_notify: 5 callbacks suppressed [ 112.319365][ T5392] loop2: detected capacity change from 0 to 32768 [ 112.419445][ T5392] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.258 (5392) [ 112.509502][ T5392] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 112.518915][ T5401] device syzkaller0 entered promiscuous mode [ 112.527442][ T5405] loop0: detected capacity change from 0 to 1024 [ 112.534591][ T5392] BTRFS info (device loop2): force clearing of disk cache [ 112.564820][ T5392] BTRFS info (device loop2): metadata ratio 0 [ 112.582596][ T5392] BTRFS info (device loop2): enabling ssd optimizations [ 112.613696][ T5392] BTRFS info (device loop2): using spread ssd allocation scheme [ 112.637094][ T5392] BTRFS info (device loop2): using free space tree [ 112.655149][ T5394] loop4: detected capacity change from 0 to 32768 [ 112.661642][ T5392] BTRFS info (device loop2): has skinny extents [ 112.682309][ T5224] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 112.750578][ T5394] XFS (loop4): Mounting V5 Filesystem [ 112.894978][ T5394] XFS (loop4): Ending clean mount [ 113.027454][ T4186] XFS (loop4): Unmounting Filesystem [ 113.057010][ T5430] loop3: detected capacity change from 0 to 2048 [ 113.114890][ T5224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.130529][ T5224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.140929][ T5224] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 113.144472][ T5392] BTRFS info (device loop2): clearing free space tree [ 113.150781][ T5224] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.167799][ T5224] usb 2-1: config 0 descriptor?? [ 113.186001][ T5447] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 113.255085][ T5392] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.290162][ T5392] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 113.380091][ T5392] BTRFS info (device loop2): creating free space tree [ 113.388732][ T5392] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.398616][ T5392] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 113.636586][ T5224] hkems 0003:2006:0118.000C: item fetching failed at offset 5/7 [ 113.644659][ T5224] hkems 0003:2006:0118.000C: parse failed [ 113.684875][ T5224] hkems: probe of 0003:2006:0118.000C failed with error -22 [ 113.809602][ T5455] loop4: detected capacity change from 0 to 512 [ 113.848504][ T5402] udc-core: couldn't find an available UDC or it's busy [ 113.865162][ T5402] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 113.902529][ T5455] EXT4-fs (loop4): Ignoring removed oldalloc option [ 113.926173][ T5455] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 113.970702][ T5455] EXT4-fs (loop4): 1 truncate cleaned up [ 113.984799][ T5455] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 114.160540][ T5459] fuse: Bad value for 'fd' [ 114.333781][ T5461] loop0: detected capacity change from 0 to 4096 [ 114.352557][ T5453] loop3: detected capacity change from 0 to 32768 [ 114.396817][ T5461] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 114.482210][ T5453] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 114.529247][ T5461] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 114.563705][ T5453] (syz.3.273,5453,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 114.567642][ T5461] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 114.593730][ T5461] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 114.607378][ T5461] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 114.635858][ T5461] ntfs: volume version 3.1. [ 114.682020][ T5461] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 114.735223][ T5461] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 114.782584][ T5461] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 114.837698][ T5402] loop1: detected capacity change from 0 to 32768 [ 114.845140][ T5461] ntfs: (device loop0): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 114.872629][ T5461] ntfs: (device loop0): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 114.912134][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 114.945718][ T5466] tipc: Started in network mode [ 114.971707][ T5466] tipc: Node identity 0efea7a2c31c, cluster identity 4711 [ 115.012673][ T5466] tipc: Enabled bearer , priority 0 [ 115.032648][ T5402] netlink: 12 bytes leftover after parsing attributes in process `syz.1.264'. [ 115.142792][ T5470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.264'. [ 115.230040][ T5465] tipc: Disabling bearer [ 115.342634][ T13] usb 2-1: USB disconnect, device number 8 [ 115.431806][ T5478] loop3: detected capacity change from 0 to 2048 [ 115.502494][ T5482] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 115.976313][ T5489] loop2: detected capacity change from 0 to 2048 [ 116.313921][ T5495] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 116.596626][ T5498] fuse: Bad value for 'fd' [ 116.608904][ T5479] XFS (loop0): Mounting V5 Filesystem [ 116.848293][ T5479] XFS (loop0): Ending clean mount [ 116.901651][ T4185] XFS (loop0): Unmounting Filesystem [ 117.334932][ T5524] set_capacity_and_notify: 2 callbacks suppressed [ 117.334948][ T5524] loop1: detected capacity change from 0 to 512 [ 117.406393][ T5524] EXT4-fs (loop1): Ignoring removed oldalloc option [ 117.442846][ T5524] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 117.485540][ T5503] loop3: detected capacity change from 0 to 32768 [ 117.493503][ T5509] loop2: detected capacity change from 0 to 32768 [ 117.508874][ T5524] EXT4-fs (loop1): 1 truncate cleaned up [ 117.514549][ T5524] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 117.556437][ T5527] tipc: Started in network mode [ 117.561340][ T5527] tipc: Node identity 82aec28720a9, cluster identity 4711 [ 117.578851][ T5527] tipc: Enabled bearer , priority 0 [ 117.601167][ T5509] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 117.611369][ T5503] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.287 (5503) [ 117.655728][ T5525] tipc: Disabling bearer [ 117.711985][ T5509] (syz.2.288,5509,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 117.754417][ T5503] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 117.792252][ T5503] BTRFS info (device loop3): force clearing of disk cache [ 117.836591][ T5503] BTRFS info (device loop3): metadata ratio 0 [ 117.842711][ T5503] BTRFS info (device loop3): enabling ssd optimizations [ 117.912524][ T5503] BTRFS info (device loop3): using spread ssd allocation scheme [ 117.927348][ T4196] ocfs2: Unmounting device (7,2) on (node local) [ 117.957333][ T5503] BTRFS info (device loop3): using free space tree [ 117.963988][ T5503] BTRFS info (device loop3): has skinny extents [ 118.042087][ T5534] loop0: detected capacity change from 0 to 2048 [ 118.065206][ T5522] loop4: detected capacity change from 0 to 32768 [ 118.139181][ T5539] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 118.246022][ T5522] XFS (loop4): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 118.347133][ T4862] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 [ 118.401700][ T5503] BTRFS info (device loop3): clearing free space tree [ 118.408779][ T4862] XFS (loop4): Unmount and run xfs_repair [ 118.415952][ T5503] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 118.454761][ T4725] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 118.467669][ T4862] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 118.474963][ T5503] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.512063][ T5503] BTRFS info (device loop3): creating free space tree [ 118.516093][ T4862] 00000000: 46 49 42 33 00 00 00 01 ff ff 01 ff ff ff ff ff FIB3............ [ 118.530627][ T5503] BTRFS info (device loop3): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 118.558520][ T4862] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 80 ................ [ 118.569518][ T4862] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 118.579540][ T4862] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 118.586896][ T5503] BTRFS info (device loop3): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.597020][ T4862] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 118.622135][ T4862] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 118.670320][ T4862] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 118.683671][ T4862] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 118.702067][ T5522] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74 [ 118.723756][ T5522] XFS (loop4): Failed to initialize disk quotas. [ 118.814911][ T4725] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.856321][ T4725] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.868175][ T4186] XFS (loop4): Unmounting Filesystem [ 118.892821][ T4725] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 118.930197][ T4725] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.987287][ T5568] loop1: detected capacity change from 0 to 4096 [ 119.022907][ T4725] usb 3-1: config 0 descriptor?? [ 119.057927][ T5568] ntfs3: Unknown parameter 'џџџџ' [ 119.516685][ T4725] hkems 0003:2006:0118.000D: item fetching failed at offset 5/7 [ 119.524620][ T4725] hkems 0003:2006:0118.000D: parse failed [ 119.551316][ T4725] hkems: probe of 0003:2006:0118.000D failed with error -22 [ 119.553035][ T5579] loop1: detected capacity change from 0 to 1024 [ 119.718866][ T5544] udc-core: couldn't find an available UDC or it's busy [ 119.754873][ T5544] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 120.294128][ T5572] loop0: detected capacity change from 0 to 32768 [ 120.352839][ T5586] tipc: Started in network mode [ 120.357918][ T5586] tipc: Node identity b6850569ef65, cluster identity 4711 [ 120.370989][ T5586] tipc: Enabled bearer , priority 0 [ 120.440725][ T5585] tipc: Disabling bearer [ 120.471002][ T5593] fuse: Bad value for 'fd' [ 120.511312][ T5572] XFS (loop0): Mounting V5 Filesystem [ 120.584489][ T5602] loop1: detected capacity change from 0 to 512 [ 120.616324][ T5602] EXT4-fs (loop1): Ignoring removed oldalloc option [ 120.686200][ T5572] XFS (loop0): Ending clean mount [ 120.711296][ T5602] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 120.782953][ T5602] EXT4-fs (loop1): 1 truncate cleaned up [ 120.804899][ T5602] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 120.873368][ T5544] loop2: detected capacity change from 0 to 32768 [ 120.884547][ T4185] XFS (loop0): Unmounting Filesystem [ 121.033396][ T5544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.297'. [ 121.104209][ T5544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.297'. [ 121.224565][ T4729] usb 3-1: USB disconnect, device number 5 [ 121.243895][ T5588] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 121.347318][ T5588] (syz.4.307,5588,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 121.439942][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 121.507576][ T5612] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 121.595076][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 121.595090][ T26] audit: type=1800 audit(1773015412.271:33): pid=5609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.311" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 121.611000][ T5604] XFS (loop3): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 121.713698][ T4262] XFS (loop3): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 [ 121.777047][ T4262] XFS (loop3): Unmount and run xfs_repair [ 121.841064][ T4262] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 121.879094][ T4262] 00000000: 46 49 42 33 00 00 00 01 ff ff 01 ff ff ff ff ff FIB3............ [ 121.899003][ T4262] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 80 ................ [ 121.921909][ T4262] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 121.955577][ T4262] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 121.964464][ T4262] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 121.990358][ T4262] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 122.003911][ T4262] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 122.016309][ T4262] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 122.030681][ T5604] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74 [ 122.054641][ T5604] XFS (loop3): Failed to initialize disk quotas. [ 122.122635][ T5621] ntfs3: Unknown parameter 'џџџџ' [ 122.263935][ T4190] XFS (loop3): Unmounting Filesystem [ 122.347804][ T5631] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 122.371481][ T26] audit: type=1800 audit(1773015413.041:34): pid=5626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.313" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 122.409333][ T5630] set_capacity_and_notify: 5 callbacks suppressed [ 122.409348][ T5630] loop1: detected capacity change from 0 to 2048 [ 122.418452][ T5628] loop4: detected capacity change from 0 to 2048 [ 122.528014][ T5633] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 122.560040][ T26] audit: type=1800 audit(1773015413.231:35): pid=5628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.315" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 122.634984][ T5634] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 122.693140][ T26] audit: type=1800 audit(1773015413.341:36): pid=5630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.316" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 122.775285][ T5637] fuse: Bad value for 'fd' [ 123.875932][ T5647] tipc: Started in network mode [ 123.880860][ T5647] tipc: Node identity ae19e6bcf3d, cluster identity 4711 [ 123.925041][ T5647] tipc: Enabled bearer , priority 0 [ 124.060340][ T5642] loop0: detected capacity change from 0 to 32768 [ 124.141526][ T5648] device syzkaller0 entered promiscuous mode [ 124.169611][ T5642] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 124.200270][ T5646] tipc: Resetting bearer [ 124.350187][ T4185] ocfs2: Unmounting device (7,0) on (node local) [ 124.430005][ T5646] tipc: Disabling bearer [ 124.903676][ T4262] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 125.051310][ T5652] loop1: detected capacity change from 0 to 32768 [ 125.817386][ T5652] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 125.829378][ T5654] loop4: detected capacity change from 0 to 32768 [ 125.895055][ T4262] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.926226][ T5652] (syz.1.322,5652,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 125.959376][ T5663] loop0: detected capacity change from 0 to 4096 [ 125.978955][ T5673] loop2: detected capacity change from 0 to 512 [ 125.995956][ T4262] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.025338][ T5663] ntfs3: Unknown parameter 'џџџџ' [ 126.028780][ T4262] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 126.040837][ T4262] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.071619][ T5673] EXT4-fs (loop2): Ignoring removed oldalloc option [ 126.073279][ T4262] usb 4-1: config 0 descriptor?? [ 126.097637][ T5673] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 126.114865][ T5654] XFS (loop4): Mounting V5 Filesystem [ 126.118829][ T4184] ocfs2: Unmounting device (7,1) on (node local) [ 126.145950][ T5676] fuse: Bad value for 'fd' [ 126.223984][ T5673] EXT4-fs (loop2): 1 truncate cleaned up [ 126.256207][ T5673] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,oldalloc,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 126.273505][ T5654] XFS (loop4): Ending clean mount [ 126.441137][ T5684] loop1: detected capacity change from 0 to 2048 [ 126.524510][ T5686] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 126.576545][ T4262] hkems 0003:2006:0118.000E: item fetching failed at offset 5/7 [ 126.588993][ T26] audit: type=1800 audit(1773015417.261:37): pid=5684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.328" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 126.602210][ T4262] hkems 0003:2006:0118.000E: parse failed [ 126.637970][ T5688] loop0: detected capacity change from 0 to 2048 [ 126.658993][ T4262] hkems: probe of 0003:2006:0118.000E failed with error -22 [ 126.707496][ T5690] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 126.731927][ T26] audit: type=1800 audit(1773015417.401:38): pid=5688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.331" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 126.773747][ T4186] XFS (loop4): Unmounting Filesystem [ 126.817714][ T5656] udc-core: couldn't find an available UDC or it's busy [ 126.850936][ T5656] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 127.578288][ T5656] loop3: detected capacity change from 0 to 32768 [ 127.632140][ T5656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.324'. [ 127.666559][ T5656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.324'. [ 127.737301][ T5695] loop1: detected capacity change from 0 to 2048 [ 127.774624][ T4262] usb 4-1: USB disconnect, device number 3 [ 127.823756][ T5697] loop4: detected capacity change from 0 to 2048 [ 127.845928][ T5699] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 127.864124][ T26] audit: type=1800 audit(1773015418.531:39): pid=5695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.342" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 127.884205][ T5700] loop0: detected capacity change from 0 to 2048 [ 127.943408][ T5702] loop2: detected capacity change from 0 to 2048 [ 128.003277][ T5704] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.025682][ T5705] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.028314][ T26] audit: type=1800 audit(1773015418.701:40): pid=5700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.332" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 128.132630][ T26] audit: type=1800 audit(1773015418.751:41): pid=5697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.343" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 128.193851][ T5708] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.237978][ T26] audit: type=1800 audit(1773015418.891:42): pid=5702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.333" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 128.861276][ T5712] tipc: Enabled bearer , priority 0 [ 128.915342][ T5712] device syzkaller0 entered promiscuous mode [ 128.987131][ T5711] tipc: Resetting bearer [ 129.130681][ T5711] tipc: Disabling bearer [ 130.428849][ T5728] loop3: detected capacity change from 0 to 2048 [ 130.496215][ T5730] loop4: detected capacity change from 0 to 2048 [ 130.571343][ T5731] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 130.595031][ T26] audit: type=1800 audit(1773015421.271:43): pid=5728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.339" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 130.658350][ T5732] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 131.011196][ T5738] loop2: detected capacity change from 0 to 2048 [ 131.062511][ T5723] loop1: detected capacity change from 0 to 32768 [ 131.145260][ T5723] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 131.150976][ T5726] loop0: detected capacity change from 0 to 32768 [ 131.172631][ T5740] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 131.208412][ T5726] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.335 (5726) [ 131.249978][ T26] audit: type=1800 audit(1773015421.921:44): pid=5738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.344" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 131.355558][ T5726] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 131.419216][ T4184] ocfs2: Unmounting device (7,1) on (node local) [ 131.425879][ T5726] BTRFS info (device loop0): force clearing of disk cache [ 131.433098][ T5726] BTRFS info (device loop0): metadata ratio 0 [ 131.494087][ T5726] BTRFS info (device loop0): enabling ssd optimizations [ 131.559510][ T5726] BTRFS info (device loop0): using spread ssd allocation scheme [ 131.615037][ T5748] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 131.632783][ T5726] BTRFS info (device loop0): using free space tree [ 131.651910][ T26] audit: type=1800 audit(1773015422.321:45): pid=5745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.346" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 131.655938][ T5726] BTRFS info (device loop0): has skinny extents [ 132.258029][ T5726] BTRFS info (device loop0): clearing free space tree [ 132.281046][ T5726] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 132.328281][ T5726] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 132.409694][ T5777] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 132.439817][ T26] audit: type=1800 audit(1773015423.111:46): pid=5770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.347" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 132.500930][ T5726] BTRFS info (device loop0): creating free space tree [ 132.531221][ T5726] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 132.564764][ T5726] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 132.714423][ T5780] tipc: Enabled bearer , priority 0 [ 132.736539][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.743402][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.875486][ T5781] device syzkaller0 entered promiscuous mode [ 132.969662][ T5779] tipc: Resetting bearer [ 133.072025][ T5779] tipc: Disabling bearer [ 133.298112][ T5763] set_capacity_and_notify: 2 callbacks suppressed [ 133.298375][ T5763] loop1: detected capacity change from 0 to 32768 [ 133.372345][ T5789] loop2: detected capacity change from 0 to 64 [ 133.450820][ T5789] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 133.561395][ T5763] XFS (loop1): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 133.883579][ T5785] loop4: detected capacity change from 0 to 32768 [ 133.896524][ T4232] XFS (loop1): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 [ 133.906331][ T5800] loop2: detected capacity change from 0 to 2048 [ 133.914386][ T4232] XFS (loop1): Unmount and run xfs_repair [ 133.920513][ T4232] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 133.928115][ T4232] 00000000: 46 49 42 33 00 00 00 01 ff ff 01 ff ff ff ff ff FIB3............ [ 133.937769][ T4232] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 80 ................ [ 133.946944][ T4232] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 133.958257][ T5785] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz.4.350 (5785) [ 133.975793][ T4232] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 133.984902][ T4232] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 133.993758][ T4232] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 134.002804][ T4232] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 134.012154][ T4232] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 134.021179][ T5763] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74 [ 134.038812][ T5763] XFS (loop1): Failed to initialize disk quotas. [ 134.144786][ T5806] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.187035][ T4177] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by udevd (4177) [ 134.201330][ T4184] XFS (loop1): Unmounting Filesystem [ 134.252241][ T26] audit: type=1800 audit(1773015424.921:47): pid=5800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.353" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 134.886221][ T5808] loop0: detected capacity change from 0 to 64 [ 135.076028][ T5804] loop3: detected capacity change from 0 to 32768 [ 135.096542][ T5812] loop1: detected capacity change from 0 to 2048 [ 135.174806][ T5785] loop4: detected capacity change from 0 to 32768 [ 135.268250][ T5817] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 135.270249][ T5804] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 135.335291][ T26] audit: type=1800 audit(1773015426.011:48): pid=5812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.357" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 135.386593][ T5785] XFS (loop4): Mounting V5 Filesystem [ 135.486539][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 135.511529][ T5785] XFS (loop4): Ending clean mount [ 135.593352][ T5785] XFS (loop4): Quotacheck needed: Please wait. [ 135.682543][ T5785] XFS (loop4): Quotacheck: Done. [ 135.717725][ T5785] XFS (loop4): Unmounting Filesystem [ 135.810527][ T5837] tipc: Enabled bearer , priority 0 [ 135.859108][ T5832] loop3: detected capacity change from 0 to 4096 [ 135.920021][ T5832] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 135.962518][ T5832] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 136.022348][ T5832] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 136.025108][ T4726] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 136.038563][ T5837] device syzkaller0 entered promiscuous mode [ 136.063511][ T5832] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 136.094521][ T5832] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 136.125359][ T5836] tipc: Resetting bearer [ 136.136994][ T5832] ntfs: volume version 3.1. [ 136.144191][ T5832] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 136.155604][ T5832] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 136.186032][ T5836] tipc: Disabling bearer [ 136.331280][ T5840] loop1: detected capacity change from 0 to 2048 [ 136.490190][ T5843] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 136.654991][ T4726] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.673302][ T4726] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.053307][ T4726] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 137.091947][ T4726] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.116811][ T4726] usb 3-1: config 0 descriptor?? [ 137.586637][ T4726] hkems 0003:2006:0118.000F: item fetching failed at offset 5/7 [ 137.594646][ T4726] hkems 0003:2006:0118.000F: parse failed [ 137.637917][ T5850] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff [ 137.666185][ T4726] hkems: probe of 0003:2006:0118.000F failed with error -22 [ 137.673950][ T5850] F2FS-fs (loop3): invalid crc value [ 137.703912][ T5850] F2FS-fs (loop3): Found nat_bits in checkpoint [ 137.705421][ T5846] XFS (loop0): Mounting V5 Filesystem [ 137.804000][ T5835] udc-core: couldn't find an available UDC or it's busy [ 137.811257][ T5846] XFS (loop0): Ending clean mount [ 137.827940][ T5835] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 137.837973][ T5846] XFS (loop0): Quotacheck needed: Please wait. [ 137.899875][ T5846] XFS (loop0): Quotacheck: Done. [ 137.958254][ T5850] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 138.406950][ T5877] set_capacity_and_notify: 3 callbacks suppressed [ 138.406990][ T5877] loop8: detected capacity change from 0 to 7 [ 138.509247][ T5877] Dev loop8: unable to read RDB block 7 [ 138.514911][ T5877] loop8: unable to read partition table [ 138.520649][ T5877] loop8: partition table beyond EOD, truncated [ 138.526935][ T5877] loop_reread_partitions: partition scan of loop8 (ўшЂЋxќ^>бр– ) failed (rc=-5) [ 138.576330][ T5853] XFS (loop4): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 138.701098][ T4262] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x10 [ 138.734797][ T4262] XFS (loop4): Unmount and run xfs_repair [ 138.818675][ T4262] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 138.830506][ T4262] 00000000: 46 49 42 33 00 00 00 01 ff ff 01 ff ff ff ff ff FIB3............ [ 138.842437][ T4262] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 80 ................ [ 138.852143][ T4262] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 138.885126][ T4262] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 138.904762][ T4262] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 138.913933][ T4262] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 138.933992][ T4185] XFS (loop0): Unmounting Filesystem [ 138.976376][ T4262] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 139.003756][ T5890] device syzkaller0 entered promiscuous mode [ 139.023587][ T4262] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 139.042417][ T5853] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 4 error 74 [ 139.064997][ T5853] XFS (loop4): Failed to initialize disk quotas. [ 139.172847][ T5227] usb 3-1: USB disconnect, device number 6 [ 139.179038][ T4186] XFS (loop4): Unmounting Filesystem [ 139.358199][ T5897] IPv6: addrconf: prefix option has invalid lifetime [ 139.379934][ T5899] device syzkaller0 entered promiscuous mode [ 139.398519][ T5899] syz.3.380 uses obsolete (PF_INET,SOCK_PACKET) [ 139.856591][ T5918] device syzkaller1 entered promiscuous mode [ 139.962768][ T5924] tipc: Enabled bearer , priority 0 [ 139.982248][ T5924] device syzkaller0 entered promiscuous mode [ 140.047407][ T5924] tipc: Resetting bearer [ 140.102771][ T5921] tipc: Resetting bearer [ 140.120602][ T5921] tipc: Disabling bearer [ 140.143069][ T5937] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 140.212435][ T5942] Zero length message leads to an empty skb [ 140.218682][ T5934] netlink: 40 bytes leftover after parsing attributes in process `syz.4.391'. [ 140.243184][ T5943] netlink: 14 bytes leftover after parsing attributes in process `syz.2.395'. [ 140.329878][ T5943] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.392489][ T5943] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.447999][ T5943] bond0 (unregistering): Released all slaves [ 140.859545][ T5968] netlink: 'syz.1.406': attribute type 3 has an invalid length. [ 140.887233][ T5967] netlink: 64 bytes leftover after parsing attributes in process `syz.4.404'. [ 140.940852][ T5967] device syzkaller1 entered promiscuous mode [ 140.959795][ T5967] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 140.947867][ T5941] infiniband syz0: set down [ 140.994499][ T5941] infiniband syz0: added bond_slave_0 [ 141.074570][ T5941] infiniband syz0: Couldn't open port 1 [ 141.158425][ T5941] RDS/IB: syz0: added [ 141.163800][ T5941] smc: adding ib device syz0 with port count 1 [ 141.170784][ T5941] smc: ib device syz0 port 1 has pnetid [ 141.588430][ T6006] netlink: 36 bytes leftover after parsing attributes in process `syz.1.417'. [ 142.131881][ T6030] tipc: Enabled bearer , priority 0 [ 142.161997][ T6034] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 142.172206][ T6030] device syzkaller0 entered promiscuous mode [ 142.246263][ T6030] tipc: Resetting bearer [ 142.297283][ T6029] tipc: Resetting bearer [ 142.311833][ T6029] tipc: Disabling bearer [ 142.357211][ T6043] device syzkaller0 entered promiscuous mode [ 142.620938][ T6056] device dummy0 entered promiscuous mode [ 142.641074][ T6056] device vlan2 entered promiscuous mode [ 142.787270][ T6063] netlink: 12 bytes leftover after parsing attributes in process `syz.0.441'. [ 143.101241][ T6079] device syzkaller0 entered promiscuous mode [ 143.124113][ T6076] tipc: Enabled bearer , priority 0 [ 143.196214][ T6084] device syzkaller0 entered promiscuous mode [ 143.285566][ T6076] tipc: Resetting bearer [ 143.319557][ T6075] tipc: Resetting bearer [ 143.346143][ T6075] tipc: Disabling bearer [ 143.511487][ T6097] netlink: 64 bytes leftover after parsing attributes in process `syz.2.456'. [ 143.576193][ T6097] device syzkaller1 entered promiscuous mode [ 143.596664][ T6097] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 143.746307][ T6108] device syzkaller0 entered promiscuous mode [ 144.289022][ T6132] nftables ruleset with unbound set [ 144.494524][ T6142] device ip6gretap0 entered promiscuous mode [ 144.503352][ T6142] device ip6gretap0 left promiscuous mode [ 144.669261][ T6146] device syzkaller0 entered promiscuous mode [ 144.750497][ T6148] crypto_alloc_aead failed rc=-4 [ 144.941255][ T6171] netlink: 64 bytes leftover after parsing attributes in process `syz.4.478'. [ 144.984625][ T6171] device syzkaller1 entered promiscuous mode [ 145.283287][ T6035] Set syz1 is full, maxelem 65536 reached [ 145.431738][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.483'. [ 145.486058][ T6185] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 145.568159][ T6193] [ 145.570517][ T6193] ====================================================== [ 145.577617][ T6193] WARNING: possible circular locking dependency detected [ 145.584641][ T6193] syzkaller #0 Not tainted [ 145.589058][ T6193] ------------------------------------------------------ [ 145.596068][ T6193] syz.0.486/6193 is trying to acquire lock: [ 145.601963][ T6193] ffff888020289120 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_device_event+0x217/0x4f0 [ 145.611376][ T6193] [ 145.611376][ T6193] but task is already holding lock: [ 145.618735][ T6193] ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 145.627024][ T6193] [ 145.627024][ T6193] which lock already depends on the new lock. [ 145.627024][ T6193] [ 145.637425][ T6193] [ 145.637425][ T6193] the existing dependency chain (in reverse order) is: [ 145.646433][ T6193] [ 145.646433][ T6193] -> #1 (rtnl_mutex){+.+.}-{3:3}: [ 145.653656][ T6193] __mutex_lock_common+0x1e3/0x2400 [ 145.659385][ T6193] mutex_lock_nested+0x17/0x20 [ 145.664681][ T6193] ax25_setsockopt+0x859/0xa60 [ 145.669968][ T6193] __sys_setsockopt+0x2bf/0x3d0 [ 145.675350][ T6193] __x64_sys_setsockopt+0xb1/0xc0 [ 145.680905][ T6193] do_syscall_64+0x4c/0xa0 [ 145.685838][ T6193] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 145.692262][ T6193] [ 145.692262][ T6193] -> #0 (sk_lock-AF_AX25){+.+.}-{0:0}: [ 145.699909][ T6193] __lock_acquire+0x2c42/0x7d10 [ 145.705270][ T6193] lock_acquire+0x19e/0x400 [ 145.710294][ T6193] lock_sock_nested+0x44/0x100 [ 145.715564][ T6193] ax25_device_event+0x217/0x4f0 [ 145.721009][ T6193] raw_notifier_call_chain+0xcb/0x160 [ 145.726886][ T6193] __dev_notify_flags+0x158/0x300 [ 145.732414][ T6193] dev_change_flags+0xe3/0x1a0 [ 145.737679][ T6193] dev_ifsioc+0x130/0xd50 [ 145.742514][ T6193] dev_ioctl+0x545/0xe30 [ 145.747268][ T6193] sock_do_ioctl+0x245/0x320 [ 145.752360][ T6193] sock_ioctl+0x4d2/0x710 [ 145.757196][ T6193] __se_sys_ioctl+0xfa/0x170 [ 145.762290][ T6193] do_syscall_64+0x4c/0xa0 [ 145.767291][ T6193] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 145.773689][ T6193] [ 145.773689][ T6193] other info that might help us debug this: [ 145.773689][ T6193] [ 145.783898][ T6193] Possible unsafe locking scenario: [ 145.783898][ T6193] [ 145.791328][ T6193] CPU0 CPU1 [ 145.796673][ T6193] ---- ---- [ 145.802024][ T6193] lock(rtnl_mutex); [ 145.805996][ T6193] lock(sk_lock-AF_AX25); [ 145.812907][ T6193] lock(rtnl_mutex); [ 145.819388][ T6193] lock(sk_lock-AF_AX25); [ 145.823781][ T6193] [ 145.823781][ T6193] *** DEADLOCK *** [ 145.823781][ T6193] [ 145.831907][ T6193] 1 lock held by syz.0.486/6193: [ 145.836830][ T6193] #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 145.845512][ T6193] [ 145.845512][ T6193] stack backtrace: [ 145.851400][ T6193] CPU: 0 PID: 6193 Comm: syz.0.486 Not tainted syzkaller #0 [ 145.858753][ T6193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 145.868808][ T6193] Call Trace: [ 145.872096][ T6193] [ 145.875024][ T6193] dump_stack_lvl+0x188/0x250 [ 145.879686][ T6193] ? load_image+0x400/0x400 [ 145.884170][ T6193] ? show_regs_print_info+0x20/0x20 [ 145.889361][ T6193] ? print_circular_bug+0x12b/0x1a0 [ 145.894552][ T6193] check_noncircular+0x296/0x330 [ 145.899477][ T6193] ? stack_trace_snprint+0xf0/0xf0 [ 145.904573][ T6193] ? add_chain_block+0x940/0x940 [ 145.909492][ T6193] ? lockdep_lock+0xf1/0x1f0 [ 145.914085][ T6193] ? mark_lock+0x94/0x320 [ 145.918402][ T6193] __lock_acquire+0x2c42/0x7d10 [ 145.923242][ T6193] ? mark_lock+0x94/0x320 [ 145.927555][ T6193] ? verify_lock_unused+0x140/0x140 [ 145.932737][ T6193] ? verify_lock_unused+0x140/0x140 [ 145.937911][ T6193] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 145.943878][ T6193] ? lockdep_hardirqs_on_prepare+0x770/0x770 [ 145.949837][ T6193] ? mark_lock+0x94/0x320 [ 145.954142][ T6193] lock_acquire+0x19e/0x400 [ 145.958625][ T6193] ? ax25_device_event+0x217/0x4f0 [ 145.963719][ T6193] ? lock_chain_count+0x20/0x20 [ 145.968552][ T6193] ? read_lock_is_recursive+0x10/0x10 [ 145.973917][ T6193] ? __local_bh_enable_ip+0x136/0x1c0 [ 145.979265][ T6193] ? lockdep_hardirqs_on+0x94/0x140 [ 145.984449][ T6193] ? __local_bh_enable_ip+0x136/0x1c0 [ 145.989885][ T6193] ? _local_bh_enable+0xa0/0xa0 [ 145.994715][ T6193] lock_sock_nested+0x44/0x100 [ 145.999455][ T6193] ? ax25_device_event+0x217/0x4f0 [ 146.004558][ T6193] ax25_device_event+0x217/0x4f0 [ 146.009736][ T6193] raw_notifier_call_chain+0xcb/0x160 [ 146.015087][ T6193] __dev_notify_flags+0x158/0x300 [ 146.020092][ T6193] ? __dev_change_flags+0x6a0/0x6a0 [ 146.025267][ T6193] ? __dev_change_flags+0x4d0/0x6a0 [ 146.030445][ T6193] ? dev_get_flags+0x1c0/0x1c0 [ 146.035185][ T6193] ? __mutex_lock_common+0x465/0x2400 [ 146.040538][ T6193] dev_change_flags+0xe3/0x1a0 [ 146.045285][ T6193] dev_ifsioc+0x130/0xd50 [ 146.049600][ T6193] ? dev_ioctl+0xe30/0xe30 [ 146.053988][ T6193] ? apparmor_capable+0x12c/0x190 [ 146.058995][ T6193] ? full_name_hash+0x8e/0xe0 [ 146.063679][ T6193] dev_ioctl+0x545/0xe30 [ 146.067899][ T6193] ? _copy_from_user+0x111/0x170 [ 146.072820][ T6193] sock_do_ioctl+0x245/0x320 [ 146.077389][ T6193] ? sock_show_fdinfo+0xb0/0xb0 [ 146.082225][ T6193] sock_ioctl+0x4d2/0x710 [ 146.086547][ T6193] ? sock_poll+0x410/0x410 [ 146.090945][ T6193] ? bpf_lsm_file_ioctl+0x5/0x10 [ 146.095875][ T6193] ? security_file_ioctl+0x7c/0xa0 [ 146.100965][ T6193] ? sock_poll+0x410/0x410 [ 146.105357][ T6193] __se_sys_ioctl+0xfa/0x170 [ 146.109923][ T6193] do_syscall_64+0x4c/0xa0 [ 146.114316][ T6193] ? clear_bhb_loop+0x30/0x80 [ 146.118967][ T6193] ? clear_bhb_loop+0x30/0x80 [ 146.123622][ T6193] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 146.129501][ T6193] RIP: 0033:0x7f69c40b3799 [ 146.133945][ T6193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.153700][ T6193] RSP: 002b:00007f69c22ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.162094][ T6193] RAX: ffffffffffffffda RBX: 00007f69c432d090 RCX: 00007f69c40b3799 [ 146.170044][ T6193] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000005 [ 146.177996][ T6193] RBP: 00007f69c4149bd9 R08: 0000000000000000 R09: 0000000000000000 [ 146.185946][ T6193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.193895][ T6193] R13: 00007f69c432d128 R14: 00007f69c432d090 R15: 00007ffcbad5d7e8 [ 146.201859][ T6193] [ 146.214590][ T6193] ================================================================== [ 146.222673][ T6193] BUG: KASAN: use-after-free in ax25_dev_device_down+0x35e/0x520 [ 146.230401][ T6193] Write of size 4 at addr ffff88805eb70db8 by task syz.0.486/6193 [ 146.238207][ T6193] [ 146.240543][ T6193] CPU: 0 PID: 6193 Comm: syz.0.486 Not tainted syzkaller #0 [ 146.247831][ T6193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.257893][ T6193] Call Trace: [ 146.261177][ T6193] [ 146.264113][ T6193] dump_stack_lvl+0x188/0x250 [ 146.268800][ T6193] ? show_regs_print_info+0x20/0x20 [ 146.274022][ T6193] ? _printk+0xda/0x130 [ 146.278176][ T6193] ? ax25_dev_device_down+0x35e/0x520 [ 146.283555][ T6193] ? load_image+0x400/0x400 [ 146.288041][ T6193] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 146.293482][ T6193] print_address_description+0x60/0x2d0 [ 146.299011][ T6193] ? ax25_dev_device_down+0x35e/0x520 [ 146.304367][ T6193] kasan_report+0xdf/0x130 [ 146.308763][ T6193] ? ax25_dev_device_down+0x35e/0x520 [ 146.314114][ T6193] kasan_check_range+0x235/0x290 [ 146.319035][ T6193] ax25_dev_device_down+0x35e/0x520 [ 146.324225][ T6193] ax25_device_event+0x4b4/0x4f0 [ 146.329148][ T6193] raw_notifier_call_chain+0xcb/0x160 [ 146.334504][ T6193] __dev_notify_flags+0x158/0x300 [ 146.339512][ T6193] ? __dev_change_flags+0x6a0/0x6a0 [ 146.344689][ T6193] ? __dev_change_flags+0x4d0/0x6a0 [ 146.349881][ T6193] ? dev_get_flags+0x1c0/0x1c0 [ 146.354629][ T6193] ? __mutex_lock_common+0x465/0x2400 [ 146.359999][ T6193] dev_change_flags+0xe3/0x1a0 [ 146.364747][ T6193] dev_ifsioc+0x130/0xd50 [ 146.369073][ T6193] ? dev_ioctl+0xe30/0xe30 [ 146.373469][ T6193] ? apparmor_capable+0x12c/0x190 [ 146.378474][ T6193] ? full_name_hash+0x8e/0xe0 [ 146.383143][ T6193] dev_ioctl+0x545/0xe30 [ 146.387369][ T6193] ? _copy_from_user+0x111/0x170 [ 146.392286][ T6193] sock_do_ioctl+0x245/0x320 [ 146.396857][ T6193] ? sock_show_fdinfo+0xb0/0xb0 [ 146.401691][ T6193] sock_ioctl+0x4d2/0x710 [ 146.406005][ T6193] ? sock_poll+0x410/0x410 [ 146.410423][ T6193] ? bpf_lsm_file_ioctl+0x5/0x10 [ 146.415342][ T6193] ? security_file_ioctl+0x7c/0xa0 [ 146.420432][ T6193] ? sock_poll+0x410/0x410 [ 146.424836][ T6193] __se_sys_ioctl+0xfa/0x170 [ 146.429429][ T6193] do_syscall_64+0x4c/0xa0 [ 146.433847][ T6193] ? clear_bhb_loop+0x30/0x80 [ 146.438543][ T6193] ? clear_bhb_loop+0x30/0x80 [ 146.443199][ T6193] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 146.449069][ T6193] RIP: 0033:0x7f69c40b3799 [ 146.453470][ T6193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.473076][ T6193] RSP: 002b:00007f69c22ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.481490][ T6193] RAX: ffffffffffffffda RBX: 00007f69c432d090 RCX: 00007f69c40b3799 [ 146.489450][ T6193] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000005 [ 146.497417][ T6193] RBP: 00007f69c4149bd9 R08: 0000000000000000 R09: 0000000000000000 [ 146.505386][ T6193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.513365][ T6193] R13: 00007f69c432d128 R14: 00007f69c432d090 R15: 00007ffcbad5d7e8 [ 146.521331][ T6193] [ 146.524345][ T6193] [ 146.526659][ T6193] Allocated by task 6185: [ 146.530978][ T6193] __kasan_kmalloc+0xb5/0xf0 [ 146.535571][ T6193] ax25_dev_device_up+0x50/0x580 [ 146.540502][ T6193] ax25_device_event+0x483/0x4f0 [ 146.545429][ T6193] raw_notifier_call_chain+0xcb/0x160 [ 146.550803][ T6193] __dev_notify_flags+0x194/0x300 [ 146.555810][ T6193] dev_change_flags+0xe3/0x1a0 [ 146.560553][ T6193] dev_ifsioc+0x130/0xd50 [ 146.564863][ T6193] dev_ioctl+0x545/0xe30 [ 146.569104][ T6193] sock_do_ioctl+0x245/0x320 [ 146.573672][ T6193] sock_ioctl+0x4d2/0x710 [ 146.577983][ T6193] __se_sys_ioctl+0xfa/0x170 [ 146.582564][ T6193] do_syscall_64+0x4c/0xa0 [ 146.586969][ T6193] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 146.592849][ T6193] [ 146.595158][ T6193] Freed by task 6193: [ 146.599109][ T6193] kasan_set_track+0x4b/0x70 [ 146.603678][ T6193] kasan_set_free_info+0x1f/0x40 [ 146.608596][ T6193] ____kasan_slab_free+0xd5/0x110 [ 146.613608][ T6193] slab_free_freelist_hook+0xea/0x170 [ 146.618965][ T6193] kfree+0xef/0x2a0 [ 146.622760][ T6193] ax25_dev_device_down+0x1c0/0x520 [ 146.627939][ T6193] ax25_device_event+0x4b4/0x4f0 [ 146.632870][ T6193] raw_notifier_call_chain+0xcb/0x160 [ 146.638230][ T6193] __dev_notify_flags+0x158/0x300 [ 146.643249][ T6193] dev_change_flags+0xe3/0x1a0 [ 146.647995][ T6193] dev_ifsioc+0x130/0xd50 [ 146.652307][ T6193] dev_ioctl+0x545/0xe30 [ 146.656631][ T6193] sock_do_ioctl+0x245/0x320 [ 146.661204][ T6193] sock_ioctl+0x4d2/0x710 [ 146.665515][ T6193] __se_sys_ioctl+0xfa/0x170 [ 146.670100][ T6193] do_syscall_64+0x4c/0xa0 [ 146.674501][ T6193] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 146.680377][ T6193] [ 146.682765][ T6193] The buggy address belongs to the object at ffff88805eb70d00 [ 146.682765][ T6193] which belongs to the cache kmalloc-192 of size 192 [ 146.696795][ T6193] The buggy address is located 184 bytes inside of [ 146.696795][ T6193] 192-byte region [ffff88805eb70d00, ffff88805eb70dc0) [ 146.710053][ T6193] The buggy address belongs to the page: [ 146.715688][ T6193] page:ffffea00017adc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805eb70b00 pfn:0x5eb70 [ 146.727124][ T6193] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 146.734697][ T6193] raw: 00fff00000000200 ffffea00007ffcc0 0000000a00000007 ffff888016c41a00 [ 146.743283][ T6193] raw: ffff88805eb70b00 000000008010000f 00000001ffffffff 0000000000000000 [ 146.751849][ T6193] page dumped because: kasan: bad access detected [ 146.758249][ T6193] page_owner tracks the page as allocated [ 146.763941][ T6193] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4184, ts 58586461610, free_ts 12087771305 [ 146.779893][ T6193] get_page_from_freelist+0x1bbd/0x1ca0 [ 146.785437][ T6193] __alloc_pages+0x1ee/0x480 [ 146.790043][ T6193] new_slab+0xb6/0x4b0 [ 146.794111][ T6193] ___slab_alloc+0x80a/0xdd0 [ 146.798675][ T6193] __kmalloc_node+0x200/0x3b0 [ 146.803385][ T6193] memcg_alloc_page_obj_cgroups+0x81/0x120 [ 146.809172][ T6193] new_slab+0x100/0x4b0 [ 146.813310][ T6193] ___slab_alloc+0x80a/0xdd0 [ 146.817897][ T6193] kmem_cache_alloc+0x195/0x290 [ 146.822727][ T6193] __d_alloc+0x2a/0x6f0 [ 146.826959][ T6193] d_alloc+0x4a/0x250 [ 146.830920][ T6193] lookup_one_qstr_excl+0xc6/0x240 [ 146.836179][ T6193] filename_create+0x23a/0x470 [ 146.840939][ T6193] do_mkdirat+0xa5/0x5b0 [ 146.845169][ T6193] __x64_sys_mkdirat+0x85/0x90 [ 146.849947][ T6193] do_syscall_64+0x4c/0xa0 [ 146.854383][ T6193] page last free stack trace: [ 146.859034][ T6193] free_unref_page_prepare+0x637/0x6c0 [ 146.864478][ T6193] free_unref_page+0x8f/0x2a0 [ 146.869140][ T6193] free_contig_range+0x96/0xf0 [ 146.873905][ T6193] destroy_args+0xf0/0xa00 [ 146.878319][ T6193] debug_vm_pgtable+0x321/0x380 [ 146.883282][ T6193] do_one_initcall+0x272/0x730 [ 146.888238][ T6193] do_initcall_level+0x137/0x1f0 [ 146.893162][ T6193] do_initcalls+0x4b/0x90 [ 146.897479][ T6193] kernel_init_freeable+0x3e9/0x570 [ 146.902777][ T6193] kernel_init+0x19/0x1b0 [ 146.907106][ T6193] ret_from_fork+0x1f/0x30 [ 146.911510][ T6193] [ 146.913816][ T6193] Memory state around the buggy address: [ 146.919429][ T6193] ffff88805eb70c80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 146.927469][ T6193] ffff88805eb70d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.935529][ T6193] >ffff88805eb70d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 146.943573][ T6193] ^ [ 146.949447][ T6193] ffff88805eb70e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.957490][ T6193] ffff88805eb70e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 146.965538][ T6193] ================================================================== [ 146.983633][ T6193] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 146.990864][ T6193] CPU: 0 PID: 6193 Comm: syz.0.486 Tainted: G B syzkaller #0 [ 146.999538][ T6193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 147.009583][ T6193] Call Trace: [ 147.012858][ T6193] [ 147.015784][ T6193] dump_stack_lvl+0x188/0x250 [ 147.020475][ T6193] ? show_regs_print_info+0x20/0x20 [ 147.025682][ T6193] ? load_image+0x400/0x400 [ 147.030189][ T6193] panic+0x2e5/0x810 [ 147.034075][ T6193] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 147.040216][ T6193] ? bpf_jit_dump+0xd0/0xd0 [ 147.044717][ T6193] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 147.050702][ T6193] ? _raw_spin_unlock+0x40/0x40 [ 147.055661][ T6193] ? ax25_dev_device_down+0x35e/0x520 [ 147.061025][ T6193] check_panic_on_warn+0x80/0xa0 [ 147.065949][ T6193] ? ax25_dev_device_down+0x35e/0x520 [ 147.071308][ T6193] end_report+0x6d/0xf0 [ 147.075454][ T6193] kasan_report+0x102/0x130 [ 147.079956][ T6193] ? ax25_dev_device_down+0x35e/0x520 [ 147.085380][ T6193] kasan_check_range+0x235/0x290 [ 147.090326][ T6193] ax25_dev_device_down+0x35e/0x520 [ 147.095515][ T6193] ax25_device_event+0x4b4/0x4f0 [ 147.100445][ T6193] raw_notifier_call_chain+0xcb/0x160 [ 147.105806][ T6193] __dev_notify_flags+0x158/0x300 [ 147.110839][ T6193] ? __dev_change_flags+0x6a0/0x6a0 [ 147.116021][ T6193] ? __dev_change_flags+0x4d0/0x6a0 [ 147.121206][ T6193] ? dev_get_flags+0x1c0/0x1c0 [ 147.125955][ T6193] ? __mutex_lock_common+0x465/0x2400 [ 147.131314][ T6193] dev_change_flags+0xe3/0x1a0 [ 147.136063][ T6193] dev_ifsioc+0x130/0xd50 [ 147.140376][ T6193] ? dev_ioctl+0xe30/0xe30 [ 147.144786][ T6193] ? apparmor_capable+0x12c/0x190 [ 147.149805][ T6193] ? full_name_hash+0x8e/0xe0 [ 147.154469][ T6193] dev_ioctl+0x545/0xe30 [ 147.158696][ T6193] ? _copy_from_user+0x111/0x170 [ 147.163617][ T6193] sock_do_ioctl+0x245/0x320 [ 147.168189][ T6193] ? sock_show_fdinfo+0xb0/0xb0 [ 147.173026][ T6193] sock_ioctl+0x4d2/0x710 [ 147.177335][ T6193] ? sock_poll+0x410/0x410 [ 147.181742][ T6193] ? bpf_lsm_file_ioctl+0x5/0x10 [ 147.186662][ T6193] ? security_file_ioctl+0x7c/0xa0 [ 147.191757][ T6193] ? sock_poll+0x410/0x410 [ 147.196156][ T6193] __se_sys_ioctl+0xfa/0x170 [ 147.200729][ T6193] do_syscall_64+0x4c/0xa0 [ 147.205126][ T6193] ? clear_bhb_loop+0x30/0x80 [ 147.209792][ T6193] ? clear_bhb_loop+0x30/0x80 [ 147.214450][ T6193] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 147.220327][ T6193] RIP: 0033:0x7f69c40b3799 [ 147.224727][ T6193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.244318][ T6193] RSP: 002b:00007f69c22ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 147.252720][ T6193] RAX: ffffffffffffffda RBX: 00007f69c432d090 RCX: 00007f69c40b3799 [ 147.260674][ T6193] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000005 [ 147.268627][ T6193] RBP: 00007f69c4149bd9 R08: 0000000000000000 R09: 0000000000000000 [ 147.276577][ T6193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.284530][ T6193] R13: 00007f69c432d128 R14: 00007f69c432d090 R15: 00007ffcbad5d7e8 [ 147.292490][ T6193] [ 147.295981][ T6193] Kernel Offset: disabled [ 147.300292][ T6193] Rebooting in 86400 seconds..