last executing test programs: 21.337267877s ago: executing program 0 (id=648): pwritev(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x14) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x400000) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f0000000b40)={'ip_vti0\x00', 0x0, 0x7, 0x40, 0x3, 0x4, {{0x47, 0x4, 0x1, 0x9, 0x11c, 0x65, 0x0, 0xfe, 0x2f, 0x0, @remote, @broadcast, {[@timestamp_addr={0x44, 0x44, 0xce, 0x1, 0x2, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x77}, {@multicast1, 0x800}, {@loopback, 0xfffffff9}, {@broadcast, 0x4e4}, {@multicast2, 0x4}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@rand_addr=0x64010101, 0x40}]}, @rr={0x7, 0x7, 0x94, [@private=0xa010101]}, @timestamp_prespec={0x44, 0x4c, 0xe3, 0x3, 0x9, [{@broadcast, 0x8}, {@multicast2, 0x7}, {@loopback, 0x8}, {@loopback, 0x8}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x1ff}, {@multicast2, 0xb90}, {@local, 0xffffffff}, {@remote, 0x9}, {@private=0xa010100, 0xffffff7f}]}, @timestamp_addr={0x44, 0x54, 0x49, 0x1, 0x9, [{@local, 0x4}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x188e26a7}, {@remote, 0x200}, {@dev={0xac, 0x14, 0x14, 0x2c}, 0x1}, {@remote, 0x77f5}, {@remote, 0x3}, {@multicast1, 0x1000}, {@broadcast, 0x6}, {@dev={0xac, 0x14, 0x14, 0x2d}, 0x2c0}, {@empty, 0x6}]}, @cipso={0x86, 0x1b, 0x1, [{0x7, 0x10, "bbdc31d4ecad8bf0b3dcffd5faac"}, {0x7, 0x5, "85f44a"}]}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', r3, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket(0x10, 0x803, 0x0) prlimit64(0x0, 0x8, &(0x7f0000000000)={0x9, 0x5}, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000080000000000000000850000009c0002009500000000000000"], &(0x7f0000000040)='GPL\x00'}, 0x94) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x2) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_IMPORTANCE(r6, 0x10f, 0x7f, &(0x7f0000000440)=0x2, 0x4) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) accept4(r7, 0x0, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) 19.331204109s ago: executing program 0 (id=653): socket(0x10, 0x803, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioprio_set$uid(0x3, 0x0, 0x4004) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x800000, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000340)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r6, r5, 0x1, 0x0, @val=@netfilter={0x2, 0x0, 0x8000}}, 0x40) r7 = socket(0x840000000002, 0x3, 0xf8) connect$inet(r7, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r7, &(0x7f0000005240), 0x4000095, 0x0) 18.300851121s ago: executing program 1 (id=655): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x40000, 0x19) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0, 0x0], 0x2}) ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x4b66, &(0x7f0000000040)) 15.784052874s ago: executing program 2 (id=659): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000004c0), 0xf02, 0xf0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000140)='net/rpc\x00') getdents(r6, &(0x7f0000001200)=""/198, 0xc6) write$cgroup_subtree(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="2d6e65745f70721f"], 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r6, 0x58, &(0x7f0000000240)}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r7, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000380)='./file0\x00', &(0x7f0000000340)=[0x7], 0x0, 0x0, 0x1}}, 0x40) r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r8, &(0x7f0000000580)='1\x00', 0x2) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000086d040ec20000000000010902"], 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x9) write$sysctl(r8, &(0x7f0000000000)='2\x00', 0x2) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x400200, 0x0) 11.948899133s ago: executing program 0 (id=661): syz_usb_connect(0x2, 0x59, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ec1392106d04d308280b011a03010902470001000000000904690000"], 0x0) 11.690447853s ago: executing program 1 (id=662): syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x2) syz_open_dev$loop(&(0x7f0000000080), 0x522, 0x42200) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000006c0)=ANY=[], 0xff2e) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000200)={0x0, 0x2, 0x7c, 0xfffffffa, 0xc6, "84b53f5dc1d996e6e7d479db86fe609ea2029b", 0x80, 0x2}) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000100)={0x3, 0x2, 0xae2e, 0x5, 0x15, "1e138cc9534fc777"}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000001100)=ANY=[@ANYBLOB="03000000"]) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, 0x0) pread64(r2, &(0x7f0000001600)=""/4103, 0x1007, 0x9b) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x0) sendmsg$inet6(r3, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000002000015290000f8cea1bd6c2b00000000000007120000000000"], 0x30}, 0x0) dup(0xffffffffffffffff) r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000000)=0x1) ppoll(&(0x7f0000000180)=[{r4, 0x1}], 0x1, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x5c, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0x6}, @ETHTOOL_A_COALESCE_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040884}, 0x4000000) 9.227720008s ago: executing program 1 (id=663): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) socket$qrtr(0x2a, 0x2, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) mknodat(r1, 0x0, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file1\x00', 0x1c0) keyctl$dh_compute(0x17, &(0x7f0000000800)={r0, r0, r0}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}}) unlink(0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000400)={0x54, 0x3, 0x9, 0x8, 0x2, 0x8e}) getsockopt$sock_buf(r2, 0x1, 0x1a, 0x0, 0x0) 9.169042911s ago: executing program 3 (id=664): pwritev(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x14) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x400000) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f0000000b40)={'ip_vti0\x00', 0x0, 0x7, 0x40, 0x3, 0x4, {{0x47, 0x4, 0x1, 0x9, 0x11c, 0x65, 0x0, 0xfe, 0x2f, 0x0, @remote, @broadcast, {[@timestamp_addr={0x44, 0x44, 0xce, 0x1, 0x2, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x77}, {@multicast1, 0x800}, {@loopback, 0xfffffff9}, {@broadcast, 0x4e4}, {@multicast2, 0x4}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@rand_addr=0x64010101, 0x40}]}, @rr={0x7, 0x7, 0x94, [@private=0xa010101]}, @timestamp_prespec={0x44, 0x4c, 0xe3, 0x3, 0x9, [{@broadcast, 0x8}, {@multicast2, 0x7}, {@loopback, 0x8}, {@loopback, 0x8}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x1ff}, {@multicast2, 0xb90}, {@local, 0xffffffff}, {@remote, 0x9}, {@private=0xa010100, 0xffffff7f}]}, @timestamp_addr={0x44, 0x54, 0x49, 0x1, 0x9, [{@local, 0x4}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x188e26a7}, {@remote, 0x200}, {@dev={0xac, 0x14, 0x14, 0x2c}, 0x1}, {@remote, 0x77f5}, {@remote, 0x3}, {@multicast1, 0x1000}, {@broadcast, 0x6}, {@dev={0xac, 0x14, 0x14, 0x2d}, 0x2c0}, {@empty, 0x6}]}, @cipso={0x86, 0x1b, 0x1, [{0x7, 0x10, "bbdc31d4ecad8bf0b3dcffd5faac"}, {0x7, 0x5, "85f44a"}]}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', r3, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket(0x10, 0x803, 0x0) prlimit64(0x0, 0x8, &(0x7f0000000000)={0x9, 0x5}, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000080000000000000000850000009c0002009500000000000000"], &(0x7f0000000040)='GPL\x00'}, 0x94) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x2) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_IMPORTANCE(r6, 0x10f, 0x7f, &(0x7f0000000440)=0x2, 0x4) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) accept4(r7, 0x0, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) 9.119740641s ago: executing program 2 (id=665): r0 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) socket$tipc(0x1e, 0x2, 0x0) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) pipe(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r2, &(0x7f000001b3c0)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.events\x00', 0x275a, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000240)={@my=0x1, 0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2) ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f041}) 9.008672527s ago: executing program 1 (id=666): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xffff, 0x0, "4ae23ae17df2e98c0000000000000009bad88f", 0x6}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00') getdents64(r4, &(0x7f0000000a00)=""/4096, 0x1000) 8.409563674s ago: executing program 4 (id=667): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_open_dev$sg(0x0, 0x0, 0x38dd80) r0 = socket$inet6(0xa, 0xa, 0x400000) bind$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94) mknodat$loop(0xffffffffffffff9c, 0x0, 0x4, 0x1) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000140) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080) ioctl$BTRFS_IOC_ADD_DEV(r1, 0x5000940a, &(0x7f0000000c40)={{r1}, "7e993200ef8379553285b7e4500b085f1c07ff028a7aa1da0423fb63b102ee0a9dd820a940fbfeab99825d47de1228420d1a4ffb6807a5b3eace8382b8fc71bd4406f193b39a9e9ae85cd7c755d86b542e290e0c8cf4a2abcd058c84e7eaf4895edc63660385ccf82052ab44b883d796c437e4d8c9bab43c8d4aeeb73d3f287af918347652a2d63e76da11d5cc6d04869c091cb4d86f4b96b13903429e4207e59ad16f532c94fa1da8b4e081be6d7d30e5d40d9bcbc96acb8d32b90b23e1540fa8e56947a9369da8f6cf23152e9950fde6859ae73306ad3bb7ea0d508a5c481a914e2d17670f8b31c395201a7fdeb9410a3fbc6687fd069dc11255dc0968458933dc93ef6f27499de78f4fc4f2f25ba9ada5d4929c2c5eba5d21232119ffbc879f58598c211fcecd36722469b3a55a3ab28a242cb2545fa7a7441ca89f88cb43284b7b77b9f46c72e230f15a58b37edcf5cfe8a3bf9b7b2af96c0067efd14d663a4663051900d92d9045e2f5c7e7259438917ad43a96615aa9e0c41275018006b6475ae6a8029ad7b8e14b6d644fbd1039343d4d05d9e8a182fb8648ac164d6d4185c768b18092f947dc8506fb9ccf4f3c2c1396b5464ab19771e1f63f6c0eaf0c1181596d95ff3843583728288671375688803d656bea8f2a53cf93691ca2f31e012779ef6b7df159f4fd870d9259164c4367c19bc2338d42c17e6443476ef87798ee27c86d8d2cd5672e5b49a11c8a4e484f3887b180c848871ffaec3e0f09445070fc2a2363e4000e37bbcff42041fbc504fc3fc65ea6ba88d1955a8f57dd1d84fc52da5be59494308098a50c523a245de95f7828102eb49e8ba2392947fc7528cfd72638f1adb0b1505173f731696d3949ee80badbde508ba994f7b6f1c36d583abacf3842fadc0727a2259e448d200643c3ed4db584a53c630469d50c01162ac7f1e7a373d0fd5ac3dc20186a7c964f91535d542c5fffd3606df0f0252e2c9f93161c813e6a0442b69a791603d2e7f0ea4a1321d28d82320f746751006b4f8bfed3e03ba9616a3b289b006ea23ffd3ab5ffe83b022e2b5d369cca1578f3e8bc96945696e0dc4123423cd2c07754cd8533b9f032391b5e8e72513d9eb1c46fb88ff86f245a77986c9c4e933d3cf68fdf38a403d75e1bcf0d5ec217180eb28f28dc6b0bcbf8223cdaa3507413d1621ddaeb844fe0f8a7a6ea0d8901ea958516b74c5987c2c5f8be03637d9495d3f4a24aba6c0484f34fcfd4d269502f7fd0c2c7c66a0e4e88125075f45c3951f1a34d9184ec0f2fe0e93ff9b0c72bf1e16cd99c7dfcb85ac098b49697bcb7e7b202d1fece868d63ce6d3cfec1b3ae6e7ea5c2f955ab543681bca5e1c9285516855ebfa774cdad7ddbe84ac8552b9cfa1dba1942d6924caef88a6ece9f74c425623aa08dd804acc8dc2c5cf183d4b24edbe4c4c5a367807a34490ab16332389965b51ffb534cdaa148774d231981a9e17084664edea04fef6a7c7395b79bd7afd5074df0f6f56459b484ca68ff066a36305bf7b658271080c9b70fcd946c54702e5bf5f7ea782d3f583be3ba3fe697e20c49fa0b01b3f1dd0dce0fd445572b1d74e4cd65f0d30a088b0e7fddfd50bca49f17451347e48f6769f35d078fa25e71717a96c6c405316cf5439a220a4fec902f0f2749e35f48f4c3751abf9255d47d2b05c9c3fcf625c88974374039d0e6ffe4282aa0d6f4bf7e107e1f8c4f35aadfd7ecde0ce8d5663015d2474e75c0df46d9f2b6f9614305ef78b8f0726b7acae0883ec05c05c4df02329ec7d2d2094ad1277864677ec0a72098da8620cda4ec1dca7133561900bcacda331d6b1f54225ec79154b3116fce190c4cba04bd9398acb358745098f2c2217cedae830a1fecd81a25924cc3d6310dba1ec0f30400740d752d96adb6416212aef41446695e81cc6416178c8b410e0d1b9a5e26f712a70f36d9ce2dc5f2e62af86b5d812682f5dce2e49d5d5e5ff8657f247a1b2b918df99a2ef77eb74abced833800bcc9a7ba6d2300a37232d0d1298f311e3d727f63bdf24ce912cd3340419c695f2748933f690342bc161d83b8ebc047779bbecd66b9f48772e50dda79b2cde052f1f59f642ab09ab3a476f624ef4266483cabaf12d0ea26843be67172e6d9b7b2a03a976bab4c61da3e59bd1ea09be6355e8f8af0fcd4f87733ee0c23758dd4d848d37b126bc28d6b89016d373d698015e693746ba8bd8738c980bfedaa0256150f2f5a8eb667cd9b4be2e5a0bbacebbc4ef7cf454e12bbb26b506f9e0d3a171043c8b64f4ff13af33a1436bc975cb9a57878a2f8e68284116ad966e2578469bd78a8a0f318939d28acce14e151a76c01141dfe31cbe330d49352c2b9ace94a8c792296c8bd5592e450a5c8ca85a5920594291d18e9c819f88eea5f0f296472ec5d2409616f06ed57ebc6bf114d0fab3ea57f73b1b34ed0a7acea278c44f93f2475eb7b7105d13a9bb9ca9c42e2a52be7e2945411d6a5466178aaa7621932dd88528c974041df1270689a2e65365bf37644f50e1497b11625d6347e86a814d2276e2f758ad524fe994e27ae8a34f4ac60277d7e5aea57a099535e679e4d10b0ce8aa772ba449b74809a0c86ae6563f2c98089f93a16f4272aa010c2e8d25973bd8f5741a06cc77722312cf88f36e8c138dde8b5d419c025900c3ad0e397ca7924c4cd9b01c078d73723daa77fefa43f6d7b0c414da67008edc19e91365e3f55ef0b3409d74cf0767c976a83d074cba93e917a96a33debeb3f9a9108da797abad86ff3aaea7c00dfa683d0f96d2ac3c399e370cc199849d41b1cddace909b86c2d6427744f9498eb2e060ce28d0c68735b4f0678740c34c8b85304868ac51ba6e8b0894ec135d648b893487bd0f24b501bfad2ef54338ec9253e9cdb70029fbb1bbed8357817d96d2d425aed6a46ef8c6de53b952f7e5d97e4a628a1615815469e56c7e2a80b840b450f498256e1b358ed7a3ab943a56b1faf660b7f6c881c15920417f5a58778ce65835e2f6283b98ed24c19483e74653faa113d506d1d0bc0090c59fa2096a72bae9279720e4c17df60b8393843be47b0a0b7e2c7518245b94e9dd59af7b4740b54cfa63f4ce249fba3e7da7958e907a3e2cd0608910a8cdbed0747c9e69478de2553d14e9f373220325112ec916d00124a7fe9b350f293803c418363e4ac357181ea31bffd9076ba814a62593f32c46c7f80c8c68f7657f4ed7ee5ce36c99e18195d1bce0c2f57213b11cea138894ecfd7a3f357a5356537ae4004335f5b20e6b4ebfdad287fadde609a3189e9c7e8811a176ae631638613015960ad9b01b8f850af436a840784fc2832aad8b84d51e683f0b7ac9c89bf3cab79117afb23b7dc884a9571b6c87b925a88132c8c569e9da49902e5d77756e0fd01c2a31e6273ff8dd2c0c88462ca6be7878ab4e57837407e0df918bf1ffde66a072bf37cdf32c84bad3e912cb4750f39d7970fb1ebdb9eac64928f11a556078afb297be620612ad40ec5963f79cbc4b9d5bc1be3a6ba08ea6024b4e66ab056e5ffec14ac0a443835242669a2f43101fb4882d10955b52332207b671e3de666c5b55439a630a94104e904983a5a2095856814890c22b5ddb3ab66f64786ea30912ebcb91e3869f552a79c608268f9fe1b1e0c1dcca8303b039298e7b7e1ecdb42880f801d81b3168727faf7f299d6e26308d1d5bacfc9704b5435cd309fad6dadb2816c0d8f960a79cb6b889ee7d9da377d6865ad89ecdc1a242505735583975032bd8b4465c4cbdfff876c2bc603c4c53997f1227bf958a5b674212199a968c2af6a33bf69837c50c88f50f97378ea60a4c16e98e8ffe22f572daa1948ca071451cd3c9729b941220b93f512cb342853a44367ef4b5f0c3c125e33b34a39d5d112d0dcb28ad2689a64d23300fd49110e1e3730d3f3bae4f018eb78ebe8ad7f9ed1e379857d6109f3d95fc74a68388a4da02eac23aed38b0e0bf295a2c7360e9ccd31fa1e8401db3184f9052d7aa71c81a41a4e261e4ab4743b5aed5216e9353f9e81f1ca021ab126345296782d9b6d25a5e24fb3e2ee32974fed896e498ec46049d7089f58e8e3ce662342fd88c1e87f7c53baf65c5e6dae6c2310bd031e881b3bb1c7c1cd70a1c818d14d852134e43282bca7532de6dfe249e5b8d0b2da051d26e632f2db734a07e821f828a696d19b6d882380114f076c07742cd9b9af2364711ebc9150c4872cc4c8e37395db2490277d599335c75edb25f06b6c68ab3129154861ca634aeddffcdae2957db5215d5bc6b554e9ca5175947d9253fde4b4183a12b40f05bc06912eaa182d60f7e75735e09565611c0d6d8568716da06fc385771b14cc85d8a899d3a1310f6e8cefe359e915a1d88dec3b5639df6fded18c1c6eb8c7586a5780d89ba4fce28417e57ec2708b467f254dd2a19c70d35e93612279df887f5c23f21c9ce827e38edf132c74d3e42a54369b8e355c6bc9e7b852173c3671f26052b0154bcda579b60139a628597e70f109733361ff882f71fc766c4103da2806446d06dc40d752a7943e0deffba002bc4cbf9f3db65198d61343841dd996b3171cc9d2d88f1313b393e6a1cdd7cc467e2ddfab51ca3c39f62d2c564eb3c1bf5800a65d62921c326f2c716ac0076adcc4bbf0a3531efc7c3ee678d1c78f861fd8661a1905e57705cbe84559daa8aa9d0ee8eb5dbed9c361f7680c38247178be1fa23e19017a7b3ca2c8c268c9de0b602c9215baf807557b49435d01b4369b9f734028500e8939ddb9efe0aa549e8bbb134f4799c41390e49003b5b6623bf509a78918263169e6d90ce9e1015126033653e831fd0e328aef199c7ce15e6ff1692b2f6720873a8ae670043af6328a5d903d14c6ec6f3820bc63ec41d8281924808aa32fa886f778b6cadf221c4f91b6bc1638dbbdf365ae21e06bf488e4f79af9ea9f1b25c37fb3d959bf93c0d7d7cff31185ca36f6e94c16323baf2253959899b61ff5f77d9f505e6ddb5fae13f506eea637e3f0431b62ce0d74499751f3f945500ec2d8c44b47a2121081e559ea10976fdfd2228d31bf30b5ef4cb778963afb619514af26a14c593c1bf933b57e05ad857e7e63096ce6e3e7d3f2d8b02ba96eab19711195db9cd3316ba0b9c86a8b856ac5b5bdcea0dd37c26e081abc08ae917719e07543dc40f1dc775bea97f7a15725b5f69e8fa2d68648d06f581c66f3890ffc81059f3f41f97b0980d5cb7311c9f6176bbd5967aa68b7fd20a8affae3c8e7bdec62916c1aa4d3496a0348b460a4a6d775d044f7cbd74a2b029cfcd71013df095577a51b493d00f497695bc921ee2f862e50822f499b92acd6cff649c92f45c29a15039b6203186be2d77bd1058aa32a5356f706cec25be447a1b2ed1e0c33143dc0311b6d09634b823992f2f5b6920faeff8f16e31db656949fbeef9d27b338b2aab1a04472c49b91198f44ddb8284141667a63da4286697247e6773d5dae2cdce0f5259f5610593eb2df1b076d299bbdc4309257dbb9a93c68484f8963eb85debba245a5a81f08c7e2c267a5bd7962779f4f063d3859e8af7f5c0fb6c0fa64cef8180bde784f0b39383728c71f1b24b77a0cf5bb8a3cd80b350b6713850a1f6879479345645797a874473ab5f6172f56b1752151aba88900cd3f3ebd082dbffea63a2ad0d7c02c2d54c2000e64fb110663a9300a63da7cd5f5d94d324d1e96a6b58b0c15baa0cca3095953da06430baf0a4e2357c6ef5a44"}) syz_open_procfs$pagemap(0x0, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[]) 7.90562167s ago: executing program 0 (id=668): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f00"], 0x15) r3 = dup(r2) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_INIT(r3, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8004000, 0x7, 0x8, 0x8000, 0x4, 0x0, 0x0, 0x10, 0x5}}, 0x50) write$FUSE_GETXATTR(r3, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) sendmsg$key(0xffffffffffffffff, 0x0, 0x4004) 7.787980026s ago: executing program 3 (id=669): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)=0x2) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/185, 0xb9}], 0x1) pwrite64(r0, 0x0, 0x0, 0x0) 6.969108091s ago: executing program 1 (id=670): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000f80), 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2b, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x24, 0x10, 0x1, 0x4000000, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0x3}}}, 0x24}}, 0x0) writev(r0, &(0x7f0000001100)=[{&(0x7f0000000fc0)="263d49597ef510fb5583ba5b3d264d22", 0x10}], 0x1) 6.86897367s ago: executing program 2 (id=671): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000010380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000003000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021d88400000c0a01010000000000000000070000000900020073797a31000000003400038030000080080003400000000224000b80100001800c000100636f756e74657200100001800c000100636f756e746572000900010073797a"], 0x855c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 6.860029703s ago: executing program 4 (id=672): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(r3, 0x0, 0x0) write$FUSE_DIRENTPLUS(r3, 0x0, 0xb0) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f0000000180)=0x8, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r7, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10) bind$xdp(r4, &(0x7f0000000240)={0x2c, 0x1, r6, 0x0, r7}, 0x60) 6.534153859s ago: executing program 2 (id=673): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000007c0)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@my=0x0, 0xffffbfff}, @my=0x1, 0x9, 0x2000000, 0x6449, 0xfffffffffffffffd, 0x8, 0xfffffffd, 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCXONC(r3, 0x540a, 0x2) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000440)="9eb3caff6b2cd4b37632192f2e2c4831fc3e0764e7d99bb1a5347b2d87c9fe00f9cc53fe495c75360fc227a8b441cf968f8346f0b34122cf682cb599ac544ddd04124c977ea856b20ea019bd32f68f95a3b523d31b62b1651e0ee2208e9c1448a54d3fc5cc3bb83315b2b51e5b35f677c6c95cd762939bd59d01399c49eb5ec5787d9060d7178c377a8f488f5b2de2eb45e5ee3574a3c7475b854a98d1065070", 0xa0}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e000000c4000000010000000500000040040000", @ANYRES16=r0, @ANYBLOB="9f000000000100"/20, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB="0100000003000000040000000500"/28], 0x50) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000080)={0x0, 'ipvlan1\x00', {0x2}}) setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) sendmmsg$inet(r2, 0x0, 0x0, 0x20008000) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000019080)='./file0\x00', 0x0, 0x23010, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)={[&(0x7f0000000100)=' \x01\x1b\x06\xf1wt\xf6\xd2\xdc\x1c\xa4\xe3Is\x9ee\xb9(\xf5\xec\xc7\xe11\xd2\x7fs\xbe:\xa5\xd1\xb5\xc5\xf4\xb9\xdf\xee\x06\xef\x06a\xcd\xe0\x88\x99']}, 0x0) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x4e24, 0x0, @mcast2, 0x40}, 0x1c) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201fb0000000008530846010000000000010902"], 0x0) 6.405297297s ago: executing program 3 (id=674): syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x2) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x4800, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000006c0)=ANY=[], 0xff2e) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000200)={0x0, 0x2, 0x7c, 0xfffffffa, 0xc6, "84b53f5dc1d996e6e7d479db86fe609ea2029b", 0x80, 0x2}) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000100)={0x3, 0x2, 0xae2e, 0x5, 0x15, "1e138cc9534fc777"}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000001100)=ANY=[@ANYBLOB="03000000"]) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, 0x0) pread64(r2, &(0x7f0000001600)=""/4103, 0x1007, 0x9b) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x0) sendmsg$inet6(r3, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000002000015290000f8cea1bd6c2b00000000000007120000000000"], 0x30}, 0x0) dup(0xffffffffffffffff) r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000000)=0x1) ppoll(&(0x7f0000000180)=[{r4, 0x1}], 0x1, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x5c, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0x6}, @ETHTOOL_A_COALESCE_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040884}, 0x4000000) 5.542257137s ago: executing program 4 (id=675): openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000540)={'ipvlan0\x00', {0x2, 0x0, @private}}) quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0xffffffffffffff7f, 0x5b81, 0xc0, 0x2, 0x9, 0x9, 0x0, 0x0, 0x101}) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r5 = dup(r4) ioctl$BLKRRPART(r5, 0x125f, 0x0) 5.346735553s ago: executing program 0 (id=676): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x240400c6) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x65) connect$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x5, @remote, 0xfffffffb, 0x2}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) 3.754386628s ago: executing program 4 (id=677): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000ec4f95"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x7) 2.975241506s ago: executing program 3 (id=678): socket(0x2, 0x80805, 0x0) socket(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x40, r4, 0x709, 0x0, 0x3, {0x2e}, [{@pci={{0x8}, {0x11}}, {0xd}}]}, 0x40}}, 0x0) 2.836348996s ago: executing program 4 (id=679): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) epoll_create1(0x0) bpf$BPF_PROG_ATTACH(0x9, 0x0, 0x14) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x54) mount$overlay(0x0, &(0x7f0000000440)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0) splice(r2, 0x0, r3, 0x0, 0x10000000000019, 0x0) open(&(0x7f0000000300)='./bus\x00', 0x14103e, 0x18a) 2.814242808s ago: executing program 0 (id=680): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040100010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x4, "741cb976"}]}}, 0x0}, 0x0) 2.60087392s ago: executing program 2 (id=681): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) bind$l2tp6(0xffffffffffffffff, 0x0, 0x0) connect$l2tp6(0xffffffffffffffff, 0x0, 0x0) r1 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) write$UHID_INPUT(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000500000001"]) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="2800000011146ff9"], 0x28}}, 0x800) 1.822903646s ago: executing program 3 (id=682): r0 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) socket$tipc(0x1e, 0x2, 0x0) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) pipe(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r2, &(0x7f000001b3c0)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.events\x00', 0x275a, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000240)={@my=0x1, 0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2) ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f041}) 1.497027097s ago: executing program 4 (id=683): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r2}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 330.235991ms ago: executing program 2 (id=684): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = creat(&(0x7f0000000440)='./bus\x00', 0x14) open_by_handle_at(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="17000000fb"], 0x830200) mkdir(0x0, 0x0) r1 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) pread64(r1, &(0x7f0000000200)=""/56, 0x38, 0x100000000) r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x101000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './cgroup/../file0\x00'}, 0x6e) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x22, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000005c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x800) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r4, 0x40505331, &(0x7f0000000100)={{0x3, 0x8}, {0xe, 0xfc}, 0x7, 0x1, 0x9c}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) creat(&(0x7f0000000580)='./file1\x00', 0x0) fanotify_init(0xf00, 0x1) fallocate(r5, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r5, 0x0) 222.442223ms ago: executing program 3 (id=685): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b", 0x3a}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db1", 0xa4}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b55669170d96224c8fd12762ad7f2a635040cde08fb0cdfb05e646af483235ca7dab9e450a5b31688495fd42debc2814a67681106e47a6e9982aa87da6fdf5e6019ef4d4242508350aa8f1f9db96dd4d463809c82", 0x118}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f", 0x1b5}], 0x1}}], 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 0s ago: executing program 1 (id=686): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e08003950"], 0x15) r3 = dup(r2) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_INIT(r3, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8004000, 0x7, 0x8, 0x8000, 0x4, 0x0, 0x0, 0x10, 0x5}}, 0x50) write$FUSE_GETXATTR(r3, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) sendmsg$key(0xffffffffffffffff, 0x0, 0x4004) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.7' (ED25519) to the list of known hosts. [ 80.085237][ T5833] cgroup: Unknown subsys name 'net' [ 80.242204][ T5833] cgroup: Unknown subsys name 'cpuset' [ 80.251463][ T5833] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.936773][ T5833] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.683938][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.692211][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.709485][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.717319][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.726772][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.736198][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.747729][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.757719][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.774422][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.783320][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.799489][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.809815][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.835212][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.842740][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.853134][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.859865][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.868895][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.881681][ T5166] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.884021][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.889824][ T5166] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.904848][ T5166] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.904876][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.936433][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.945196][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.953708][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.653252][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 85.821454][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 85.855167][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 85.899464][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 86.026766][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.034125][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.041770][ T5854] bridge_slave_0: entered allmulticast mode [ 86.049774][ T5854] bridge_slave_0: entered promiscuous mode [ 86.058537][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.066223][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.073554][ T5854] bridge_slave_1: entered allmulticast mode [ 86.082047][ T5854] bridge_slave_1: entered promiscuous mode [ 86.089730][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 86.201590][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.225729][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.233467][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.240940][ T5847] bridge_slave_0: entered allmulticast mode [ 86.248214][ T5847] bridge_slave_0: entered promiscuous mode [ 86.280101][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.295513][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.302897][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.310879][ T5847] bridge_slave_1: entered allmulticast mode [ 86.318339][ T5847] bridge_slave_1: entered promiscuous mode [ 86.405670][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.413374][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.422020][ T5851] bridge_slave_0: entered allmulticast mode [ 86.429996][ T5851] bridge_slave_0: entered promiscuous mode [ 86.490936][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.498155][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.506057][ T5851] bridge_slave_1: entered allmulticast mode [ 86.514730][ T5851] bridge_slave_1: entered promiscuous mode [ 86.524767][ T5854] team0: Port device team_slave_0 added [ 86.531550][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.538870][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.546136][ T5843] bridge_slave_0: entered allmulticast mode [ 86.553402][ T5843] bridge_slave_0: entered promiscuous mode [ 86.564376][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.578042][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.609114][ T5854] team0: Port device team_slave_1 added [ 86.615091][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.622784][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.630026][ T5843] bridge_slave_1: entered allmulticast mode [ 86.637447][ T5843] bridge_slave_1: entered promiscuous mode [ 86.732684][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.757734][ T5847] team0: Port device team_slave_0 added [ 86.778605][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.805320][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.817662][ T5847] team0: Port device team_slave_1 added [ 86.829669][ T5846] Bluetooth: hci0: command tx timeout [ 86.844147][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.851464][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.859544][ T5855] bridge_slave_0: entered allmulticast mode [ 86.866830][ T5855] bridge_slave_0: entered promiscuous mode [ 86.876645][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.887105][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.894553][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.921777][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.935738][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.942963][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.969156][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.989144][ T5846] Bluetooth: hci2: command tx timeout [ 87.007845][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.015629][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.023279][ T5855] bridge_slave_1: entered allmulticast mode [ 87.031325][ T5855] bridge_slave_1: entered promiscuous mode [ 87.069205][ T5853] Bluetooth: hci3: command tx timeout [ 87.075163][ T5859] Bluetooth: hci1: command tx timeout [ 87.078483][ T5846] Bluetooth: hci4: command tx timeout [ 87.122251][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.134389][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.165519][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.303402][ T5854] hsr_slave_0: entered promiscuous mode [ 87.311902][ T5854] hsr_slave_1: entered promiscuous mode [ 87.325232][ T5843] team0: Port device team_slave_0 added [ 87.336439][ T5843] team0: Port device team_slave_1 added [ 87.344485][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.352237][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.379320][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.394608][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.407362][ T5851] team0: Port device team_slave_0 added [ 87.470690][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.498933][ T5851] team0: Port device team_slave_1 added [ 87.584846][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.594439][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.627111][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.652388][ T5855] team0: Port device team_slave_0 added [ 87.691917][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.699583][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.727375][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.748005][ T5855] team0: Port device team_slave_1 added [ 87.754726][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.762492][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.788777][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.802580][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.809951][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.836613][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.927178][ T5847] hsr_slave_0: entered promiscuous mode [ 87.933659][ T5847] hsr_slave_1: entered promiscuous mode [ 87.940220][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 87.946005][ T5847] Cannot create hsr debugfs directory [ 87.981659][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.988914][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.015826][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.087474][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.094856][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.126143][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.180850][ T5843] hsr_slave_0: entered promiscuous mode [ 88.187786][ T5843] hsr_slave_1: entered promiscuous mode [ 88.195361][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 88.205152][ T5843] Cannot create hsr debugfs directory [ 88.290126][ T5851] hsr_slave_0: entered promiscuous mode [ 88.296510][ T5851] hsr_slave_1: entered promiscuous mode [ 88.303167][ T5851] debugfs: 'hsr0' already exists in 'hsr' [ 88.309223][ T5851] Cannot create hsr debugfs directory [ 88.420800][ T5855] hsr_slave_0: entered promiscuous mode [ 88.427097][ T5855] hsr_slave_1: entered promiscuous mode [ 88.434150][ T5855] debugfs: 'hsr0' already exists in 'hsr' [ 88.440307][ T5855] Cannot create hsr debugfs directory [ 88.666878][ T5854] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.681672][ T5854] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.733154][ T5854] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.783712][ T5854] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.908673][ T5859] Bluetooth: hci0: command tx timeout [ 89.032370][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.047675][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.061906][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.069658][ T5859] Bluetooth: hci2: command tx timeout [ 89.101033][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.149681][ T5846] Bluetooth: hci3: command tx timeout [ 89.155172][ T5846] Bluetooth: hci4: command tx timeout [ 89.160827][ T5859] Bluetooth: hci1: command tx timeout [ 89.201825][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.215250][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.236921][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.250777][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.377433][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.403610][ T5851] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.455514][ T5851] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.467612][ T5851] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.501369][ T5851] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.533637][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.583436][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.590752][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.613285][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.626207][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.644535][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.674681][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.687030][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.715624][ T1044] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.722940][ T1044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.763718][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.807309][ T1044] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.814466][ T1044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.844294][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.862349][ T1044] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.870158][ T1044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.951452][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.035097][ T4838] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.042362][ T4838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.101896][ T4838] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.109253][ T4838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.222242][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.355559][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.391761][ T4838] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.399093][ T4838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.446543][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.477295][ T4838] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.485088][ T4838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.556029][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.576935][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.617238][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.624731][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.645598][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.666370][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.674169][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.793104][ T5851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.887087][ T5854] veth0_vlan: entered promiscuous mode [ 90.989797][ T5846] Bluetooth: hci0: command tx timeout [ 90.996772][ T5847] veth0_vlan: entered promiscuous mode [ 91.011477][ T5854] veth1_vlan: entered promiscuous mode [ 91.035860][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.077183][ T5847] veth1_vlan: entered promiscuous mode [ 91.155426][ T5846] Bluetooth: hci2: command tx timeout [ 91.234719][ T5846] Bluetooth: hci4: command tx timeout [ 91.243421][ T5846] Bluetooth: hci3: command tx timeout [ 91.249273][ T5859] Bluetooth: hci1: command tx timeout [ 91.302804][ T5854] veth0_macvtap: entered promiscuous mode [ 91.365701][ T5854] veth1_macvtap: entered promiscuous mode [ 91.392249][ T5847] veth0_macvtap: entered promiscuous mode [ 91.412859][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.423494][ T5847] veth1_macvtap: entered promiscuous mode [ 91.445915][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.473960][ T5843] veth0_vlan: entered promiscuous mode [ 91.498138][ T5843] veth1_vlan: entered promiscuous mode [ 91.511862][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.547585][ T1144] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.567259][ T1144] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.591553][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.603918][ T1144] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.615719][ T1144] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.640042][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.675099][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.726226][ T1144] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.782874][ T1144] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.796795][ T1144] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.835980][ T1144] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.891663][ T5843] veth0_macvtap: entered promiscuous mode [ 91.965004][ T5843] veth1_macvtap: entered promiscuous mode [ 91.983698][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.995585][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.018033][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.052929][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.141331][ T5855] veth0_vlan: entered promiscuous mode [ 92.164834][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.189896][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.194955][ T982] cfg80211: failed to load regulatory.db [ 92.216253][ T1044] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.225551][ T1044] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.250585][ T5855] veth1_vlan: entered promiscuous mode [ 92.265203][ T1044] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.275579][ T1044] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.310093][ T5851] veth0_vlan: entered promiscuous mode [ 92.316402][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.344032][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.386649][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.455323][ T5851] veth1_vlan: entered promiscuous mode [ 92.466293][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.477561][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.654021][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.665353][ T5855] veth0_macvtap: entered promiscuous mode [ 92.678513][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.758917][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.838323][ T5855] veth1_macvtap: entered promiscuous mode [ 92.956619][ T4838] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.960145][ T5851] veth0_macvtap: entered promiscuous mode [ 92.970922][ T4838] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.066498][ T5974] ptrace attach of "./syz-executor exec"[5847] was attempted by "./syz-executor exec"[5974] [ 93.092898][ T5846] Bluetooth: hci0: command tx timeout [ 93.229300][ T5846] Bluetooth: hci2: command tx timeout [ 93.309134][ T5846] Bluetooth: hci4: command tx timeout [ 93.314947][ T5846] Bluetooth: hci3: command tx timeout [ 93.320575][ T5846] Bluetooth: hci1: command tx timeout [ 93.485299][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.486971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.545887][ T5851] veth1_macvtap: entered promiscuous mode [ 93.623645][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.749467][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.811577][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.892433][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.928444][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 93.940100][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.968545][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 94.173394][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.329736][ T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.378547][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 94.529690][ T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.549093][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.600491][ T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.661111][ T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.734057][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.804556][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.808506][ T5986] No buffer was provided with the request [ 94.815551][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.171711][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.208525][ T5988] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.299740][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.530730][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.578469][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.611773][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.637952][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.791700][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.813257][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.895877][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.950521][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.477910][ T6006] Bluetooth: MGMT ver 1.23 [ 99.008524][ T6024] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[6024] [ 99.066201][ T6010] overlayfs: failed to resolve './file1': -2 [ 99.279016][ T6030] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.487305][ T5856] libceph: connect (1)[c::]:6789 error -101 [ 99.538034][ T6029] ceph: No mds server is up or the cluster is laggy [ 100.148557][ T5856] libceph: mon0 (1)[c::]:6789 connect error [ 100.267456][ T6038] netlink: 12 bytes leftover after parsing attributes in process `syz.2.23'. [ 100.393757][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 100.820185][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 100.863363][ T6044] netlink: 156 bytes leftover after parsing attributes in process `syz.2.23'. [ 100.915166][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 101.465094][ T6038] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 101.499825][ T6049] tipc: Started in network mode [ 101.505110][ T6049] tipc: Node identity ac14140f, cluster identity 4711 [ 101.520112][ T6049] tipc: New replicast peer: 255.255.255.255 [ 101.528273][ T6049] tipc: Enabled bearer , priority 10 [ 101.534873][ T6048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.24'. [ 101.984824][ T6038] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 103.147212][ T6041] tipc: Node number set to 2886997007 [ 103.577150][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 103.608179][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 104.171619][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 104.182465][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 104.377793][ T6038] dummy0 speed is unknown, defaulting to 1000 [ 104.918037][ T6067] netlink: 'syz.0.30': attribute type 12 has an invalid length. [ 104.927683][ T6067] netlink: 'syz.0.30': attribute type 29 has an invalid length. [ 104.935580][ T6067] netlink: 148 bytes leftover after parsing attributes in process `syz.0.30'. [ 104.944512][ T6067] netlink: 59 bytes leftover after parsing attributes in process `syz.0.30'. [ 104.953638][ T6067] Zero length message leads to an empty skb [ 110.611539][ T6095] tty tty2: ldisc open failed (-12), clearing slot 1 [ 110.713448][ T6093] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6093] [ 111.829113][ T5903] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 112.710428][ T9] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 112.939408][ T5903] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 112.963683][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.986891][ T5903] usb 3-1: Product: syz [ 112.997089][ T5903] usb 3-1: Manufacturer: syz [ 113.250924][ T9] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 113.278826][ T5903] usb 3-1: SerialNumber: syz [ 113.284652][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.432313][ T6117] netlink: 'syz.0.42': attribute type 12 has an invalid length. [ 113.436930][ T5903] usb 3-1: config 0 descriptor?? [ 113.445857][ T6117] netlink: 'syz.0.42': attribute type 29 has an invalid length. [ 113.453596][ T6117] netlink: 148 bytes leftover after parsing attributes in process `syz.0.42'. [ 113.463017][ T6117] netlink: 59 bytes leftover after parsing attributes in process `syz.0.42'. [ 113.488771][ T9] usb 5-1: config 0 descriptor?? [ 113.708194][ T6041] usb 3-1: USB disconnect, device number 2 [ 113.873786][ T6124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.44'. [ 113.897959][ T6121] nvme_fabrics: missing parameter 'transport=%s' [ 113.905126][ T6121] nvme_fabrics: missing parameter 'nqn=%s' [ 113.906945][ T6124] siw: device registration error -23 [ 113.934833][ T6124] netlink: 156 bytes leftover after parsing attributes in process `syz.1.44'. [ 115.150255][ T6132] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 115.150255][ T6132] program syz.0.46 not setting count and/or reply_len properly [ 115.579875][ T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 115.621730][ T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 115.669202][ T9] asix 5-1:0.0: probe with driver asix failed with error -71 [ 115.823893][ T9] usb 5-1: USB disconnect, device number 2 [ 117.015683][ T6150] netlink: 'syz.3.53': attribute type 12 has an invalid length. [ 117.023480][ T6150] netlink: 'syz.3.53': attribute type 29 has an invalid length. [ 117.031628][ T6150] netlink: 148 bytes leftover after parsing attributes in process `syz.3.53'. [ 117.041050][ T6150] netlink: 59 bytes leftover after parsing attributes in process `syz.3.53'. [ 117.882089][ T6159] ceph: No mds server is up or the cluster is laggy [ 117.916107][ T6041] libceph: connect (1)[c::]:6789 error -101 [ 117.951685][ T6041] libceph: mon0 (1)[c::]:6789 connect error [ 120.493902][ T6183] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 120.493902][ T6183] program syz.1.61 not setting count and/or reply_len properly [ 121.953421][ T6186] netlink: 500 bytes leftover after parsing attributes in process `syz.3.62'. [ 122.921639][ T6178] syz.0.60 (6178) used greatest stack depth: 18024 bytes left [ 122.945827][ T6201] capability: warning: `syz.4.66' uses 32-bit capabilities (legacy support in use) [ 124.577130][ T6218] loop1: detected capacity change from 0 to 2048 [ 125.545620][ T6218] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.857276][ T30] audit: type=1800 audit(1752719892.000:2): pid=6218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.73" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 126.286850][ T6242] netlink: 12 bytes leftover after parsing attributes in process `syz.4.78'. [ 126.580752][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.280390][ T6247] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 127.614768][ T6254] netlink: 500 bytes leftover after parsing attributes in process `syz.0.82'. [ 132.418742][ T6286] loop4: detected capacity change from 0 to 2048 [ 132.591072][ T6287] tipc: Started in network mode [ 132.596127][ T6287] tipc: Node identity ac14140f, cluster identity 4711 [ 132.604667][ T6287] tipc: New replicast peer: 255.255.255.255 [ 132.612750][ T6287] tipc: Enabled bearer , priority 10 [ 132.622325][ T6287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.92'. [ 134.263136][ T1213] tipc: Node number set to 2886997007 [ 134.286989][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.294355][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.421598][ T6286] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.570995][ T30] audit: type=1800 audit(1752719900.720:3): pid=6286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.91" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 134.910628][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.756148][ T6317] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 144.266139][ T6351] nvme_fabrics: missing parameter 'transport=%s' [ 144.290626][ T6351] nvme_fabrics: missing parameter 'nqn=%s' [ 144.455681][ T6355] netlink: 500 bytes leftover after parsing attributes in process `syz.1.111'. [ 145.714694][ T6366] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 145.727343][ T6364] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.488638][ T6390] hugetlbfs: syz.1.124 (6390): Using mlock ulimits for SHM_HUGETLB is obsolete [ 148.136339][ T24] libceph: connect (1)[c::]:6789 error -101 [ 148.175269][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 148.212908][ T6392] ceph: No mds server is up or the cluster is laggy [ 151.281808][ T6413] ptrace attach of "./syz-executor exec"[5855] was attempted by "./syz-executor exec"[6413] [ 153.170737][ T6431] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0) [ 153.412509][ T6432] syz.3.135 uses obsolete (PF_INET,SOCK_PACKET) [ 154.564602][ T6442] loop1: detected capacity change from 0 to 1024 [ 155.022341][ T6439] Falling back ldisc for ttyS3. [ 155.196371][ T30] audit: type=1800 audit(1752719921.170:4): pid=6442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.136" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 155.284541][ T49] hfsplus: b-tree write err: -5, ino 4 [ 155.645826][ T6451] mmap: syz.0.137 (6451) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 155.661145][ T6451] netlink: 8 bytes leftover after parsing attributes in process `syz.0.137'. [ 158.784308][ T6477] netlink: 16 bytes leftover after parsing attributes in process `syz.1.148'. [ 159.176695][ T6481] netlink: 12 bytes leftover after parsing attributes in process `syz.0.149'. [ 159.310215][ T5944] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 159.350064][ T6481] siw: device registration error -23 [ 159.429939][ T6481] netlink: 156 bytes leftover after parsing attributes in process `syz.0.149'. [ 159.681522][ T6481] loop0: detected capacity change from 0 to 32768 [ 159.718293][ T6481] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 159.726775][ T6481] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 159.752324][ T6481] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 159.766892][ T6481] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 159.776163][ T6481] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 159.785362][ T6481] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 159.793704][ T6481] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 159.804910][ T6481] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 159.814765][ T6481] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 159.821824][ T6481] gfs2: fsid=syz:syz.0: File system withdrawn [ 159.827976][ T6481] CPU: 1 UID: 0 PID: 6481 Comm: syz.0.149 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 159.827992][ T6481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.827998][ T6481] Call Trace: [ 159.828003][ T6481] [ 159.828007][ T6481] dump_stack_lvl+0x189/0x250 [ 159.828027][ T6481] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.828041][ T6481] ? __pfx__printk+0x10/0x10 [ 159.828057][ T6481] ? kobject_uevent_env+0x36b/0x8c0 [ 159.828079][ T6481] gfs2_withdraw+0x111e/0x14f0 [ 159.828103][ T6481] ? __pfx_gfs2_withdraw+0x10/0x10 [ 159.828117][ T6481] ? queue_delayed_work_on+0x1f7/0x280 [ 159.828136][ T6481] ? gfs2_consist_inode_i+0xf5/0x110 [ 159.828152][ T6481] inode_go_instantiate+0xd42/0x1150 [ 159.828171][ T6481] ? __pfx_inode_go_instantiate+0x10/0x10 [ 159.828185][ T6481] ? gfs2_glock_nq+0x10bb/0x1900 [ 159.828203][ T6481] gfs2_instantiate+0x168/0x220 [ 159.828217][ T6481] gfs2_glock_wait+0x1d4/0x2a0 [ 159.828233][ T6481] init_journal+0xc71/0x2260 [ 159.828254][ T6481] ? init_inodes+0xdb/0x320 [ 159.828270][ T6481] ? __pfx_init_journal+0x10/0x10 [ 159.828284][ T6481] ? vsnprintf+0xe11/0xf00 [ 159.828301][ T6481] ? snprintf+0xda/0x120 [ 159.828313][ T6481] ? init_inodes+0xdb/0x320 [ 159.828333][ T6481] ? __pfx_snprintf+0x10/0x10 [ 159.828351][ T6481] ? gfs2_glock_nq_num+0x13d/0x170 [ 159.828376][ T6481] init_inodes+0xdb/0x320 [ 159.828401][ T6481] gfs2_fill_super+0x1923/0x20d0 [ 159.828441][ T6481] ? __pfx_gfs2_fill_super+0x10/0x10 [ 159.828457][ T6481] ? init_locking+0xb8/0x210 [ 159.828468][ T6481] ? sb_set_blocksize+0x104/0x180 [ 159.828485][ T6481] ? setup_bdev_super+0x4c1/0x5b0 [ 159.828501][ T6481] get_tree_bdev_flags+0x40e/0x4d0 [ 159.828516][ T6481] ? __pfx_gfs2_fill_super+0x10/0x10 [ 159.828529][ T6481] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 159.828545][ T6481] ? rcu_is_watching+0x15/0xb0 [ 159.828560][ T6481] gfs2_get_tree+0x51/0x1e0 [ 159.828576][ T6481] vfs_get_tree+0x8f/0x2b0 [ 159.828591][ T6481] do_new_mount+0x2a2/0x9e0 [ 159.828609][ T6481] ? ns_capable+0x8a/0xf0 [ 159.828619][ T6481] ? __pfx_do_new_mount+0x10/0x10 [ 159.828633][ T6481] ? path_mount+0x61c/0xfe0 [ 159.828647][ T6481] ? user_path_at+0x44/0x60 [ 159.828667][ T6481] __se_sys_mount+0x317/0x410 [ 159.828688][ T6481] ? __pfx___se_sys_mount+0x10/0x10 [ 159.828707][ T6481] ? do_syscall_64+0xbe/0x3b0 [ 159.828720][ T6481] ? __x64_sys_mount+0x20/0xc0 [ 159.828737][ T6481] do_syscall_64+0xfa/0x3b0 [ 159.828749][ T6481] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.828762][ T6481] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.828772][ T6481] ? clear_bhb_loop+0x60/0xb0 [ 159.828785][ T6481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.828796][ T6481] RIP: 0033:0x7fda0fb900ca [ 159.828808][ T6481] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.828817][ T6481] RSP: 002b:00007fda109f4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 159.828830][ T6481] RAX: ffffffffffffffda RBX: 00007fda109f4ef0 RCX: 00007fda0fb900ca [ 159.828838][ T6481] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007fda109f4eb0 [ 159.828845][ T6481] RBP: 0000200000000400 R08: 00007fda109f4ef0 R09: 0000000001000004 [ 159.828853][ T6481] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 159.828860][ T6481] R13: 00007fda109f4eb0 R14: 00000000000126de R15: 0000200000000440 [ 159.828878][ T6481] [ 160.167312][ T6481] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 160.270009][ T5944] usb 2-1: Using ep0 maxpacket: 8 [ 160.366465][ T5944] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 160.597406][ T5944] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 160.643810][ T5944] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 160.829602][ T5944] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 161.529460][ T5944] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 161.539028][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.855718][ T5944] usb 2-1: GET_CAPABILITIES returned 0 [ 161.875980][ T5944] usbtmc 2-1:16.0: can't read capabilities [ 161.945999][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.152'. [ 162.436614][ T5944] usb 2-1: USB disconnect, device number 2 [ 164.914053][ T6519] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6519] [ 165.433270][ T6521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.162'. [ 165.537912][ T6522] siw: device registration error -23 [ 165.595331][ T6521] netlink: 156 bytes leftover after parsing attributes in process `syz.1.162'. [ 165.850000][ T6521] loop1: detected capacity change from 0 to 32768 [ 165.906476][ T6521] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 165.914709][ T6521] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 165.925129][ T6521] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 165.939970][ T6521] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 165.949222][ T6521] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 165.959886][ T6521] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 165.968170][ T6521] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 165.979094][ T6521] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 165.988177][ T6521] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 165.995064][ T6521] gfs2: fsid=syz:syz.0: File system withdrawn [ 166.001316][ T6521] CPU: 0 UID: 0 PID: 6521 Comm: syz.1.162 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 166.001334][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.001342][ T6521] Call Trace: [ 166.001351][ T6521] [ 166.001356][ T6521] dump_stack_lvl+0x189/0x250 [ 166.001377][ T6521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.001391][ T6521] ? __pfx__printk+0x10/0x10 [ 166.001407][ T6521] ? kobject_uevent_env+0x36b/0x8c0 [ 166.001433][ T6521] gfs2_withdraw+0x111e/0x14f0 [ 166.001457][ T6521] ? __pfx_gfs2_withdraw+0x10/0x10 [ 166.001471][ T6521] ? queue_delayed_work_on+0x1f7/0x280 [ 166.001490][ T6521] ? gfs2_consist_inode_i+0xf5/0x110 [ 166.001506][ T6521] inode_go_instantiate+0xd42/0x1150 [ 166.001526][ T6521] ? __pfx_inode_go_instantiate+0x10/0x10 [ 166.001541][ T6521] ? gfs2_glock_nq+0x10bb/0x1900 [ 166.001560][ T6521] gfs2_instantiate+0x168/0x220 [ 166.001575][ T6521] gfs2_glock_wait+0x1d4/0x2a0 [ 166.001591][ T6521] init_journal+0xc71/0x2260 [ 166.001611][ T6521] ? init_inodes+0xdb/0x320 [ 166.001627][ T6521] ? __pfx_init_journal+0x10/0x10 [ 166.001640][ T6521] ? vsnprintf+0xe11/0xf00 [ 166.001658][ T6521] ? snprintf+0xda/0x120 [ 166.001669][ T6521] ? init_inodes+0xdb/0x320 [ 166.001682][ T6521] ? __pfx_snprintf+0x10/0x10 [ 166.001693][ T6521] ? gfs2_glock_nq_num+0x13d/0x170 [ 166.001710][ T6521] init_inodes+0xdb/0x320 [ 166.001725][ T6521] gfs2_fill_super+0x1923/0x20d0 [ 166.001749][ T6521] ? __pfx_gfs2_fill_super+0x10/0x10 [ 166.001764][ T6521] ? init_locking+0xb8/0x210 [ 166.001775][ T6521] ? sb_set_blocksize+0x104/0x180 [ 166.001791][ T6521] ? setup_bdev_super+0x4c1/0x5b0 [ 166.001808][ T6521] get_tree_bdev_flags+0x40e/0x4d0 [ 166.001822][ T6521] ? __pfx_gfs2_fill_super+0x10/0x10 [ 166.001835][ T6521] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 166.001850][ T6521] ? rcu_is_watching+0x15/0xb0 [ 166.001866][ T6521] gfs2_get_tree+0x51/0x1e0 [ 166.001881][ T6521] vfs_get_tree+0x8f/0x2b0 [ 166.001897][ T6521] do_new_mount+0x2a2/0x9e0 [ 166.001914][ T6521] ? ns_capable+0x8a/0xf0 [ 166.001925][ T6521] ? __pfx_do_new_mount+0x10/0x10 [ 166.001939][ T6521] ? path_mount+0x61c/0xfe0 [ 166.001953][ T6521] ? user_path_at+0x44/0x60 [ 166.001971][ T6521] __se_sys_mount+0x317/0x410 [ 166.001991][ T6521] ? __pfx___se_sys_mount+0x10/0x10 [ 166.002010][ T6521] ? do_syscall_64+0xbe/0x3b0 [ 166.002022][ T6521] ? __x64_sys_mount+0x20/0xc0 [ 166.002039][ T6521] do_syscall_64+0xfa/0x3b0 [ 166.002051][ T6521] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.002064][ T6521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.002075][ T6521] ? clear_bhb_loop+0x60/0xb0 [ 166.002088][ T6521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.002099][ T6521] RIP: 0033:0x7f61353900ca [ 166.002110][ T6521] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.002119][ T6521] RSP: 002b:00007f61351f6e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 166.002133][ T6521] RAX: ffffffffffffffda RBX: 00007f61351f6ef0 RCX: 00007f61353900ca [ 166.002140][ T6521] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f61351f6eb0 [ 166.002148][ T6521] RBP: 0000200000000400 R08: 00007f61351f6ef0 R09: 0000000001000004 [ 166.002155][ T6521] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 166.002162][ T6521] R13: 00007f61351f6eb0 R14: 00000000000126de R15: 0000200000000440 [ 166.002180][ T6521] [ 166.002191][ T6521] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 167.349865][ T6535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.165'. [ 170.439324][ T6554] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 170.451254][ T6554] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 171.562074][ T6562] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 172.754733][ T6562] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 172.860287][ T6568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.175'. [ 172.903258][ T6568] siw: device registration error -23 [ 173.031830][ T6568] netlink: 156 bytes leftover after parsing attributes in process `syz.3.175'. [ 173.294277][ T6568] loop3: detected capacity change from 0 to 32768 [ 173.342159][ T6568] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 173.350642][ T6568] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 173.362721][ T6568] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 173.376922][ T6568] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 173.386391][ T6568] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 173.395627][ T6568] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 173.403575][ T6568] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 173.414273][ T6568] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 173.423213][ T6568] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 173.429819][ T6568] gfs2: fsid=syz:syz.0: File system withdrawn [ 173.436820][ T6568] CPU: 0 UID: 0 PID: 6568 Comm: syz.3.175 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 173.436839][ T6568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.436845][ T6568] Call Trace: [ 173.436851][ T6568] [ 173.436856][ T6568] dump_stack_lvl+0x189/0x250 [ 173.436876][ T6568] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.436889][ T6568] ? __pfx__printk+0x10/0x10 [ 173.436905][ T6568] ? kobject_uevent_env+0x36b/0x8c0 [ 173.436928][ T6568] gfs2_withdraw+0x111e/0x14f0 [ 173.436952][ T6568] ? __pfx_gfs2_withdraw+0x10/0x10 [ 173.436966][ T6568] ? queue_delayed_work_on+0x1f7/0x280 [ 173.436985][ T6568] ? gfs2_consist_inode_i+0xf5/0x110 [ 173.437001][ T6568] inode_go_instantiate+0xd42/0x1150 [ 173.437021][ T6568] ? __pfx_inode_go_instantiate+0x10/0x10 [ 173.437035][ T6568] ? gfs2_glock_nq+0x10bb/0x1900 [ 173.437054][ T6568] gfs2_instantiate+0x168/0x220 [ 173.437069][ T6568] gfs2_glock_wait+0x1d4/0x2a0 [ 173.437084][ T6568] init_journal+0xc71/0x2260 [ 173.437105][ T6568] ? init_inodes+0xdb/0x320 [ 173.437121][ T6568] ? __pfx_init_journal+0x10/0x10 [ 173.437134][ T6568] ? vsnprintf+0xe11/0xf00 [ 173.437151][ T6568] ? snprintf+0xda/0x120 [ 173.437163][ T6568] ? init_inodes+0xdb/0x320 [ 173.437176][ T6568] ? __pfx_snprintf+0x10/0x10 [ 173.437187][ T6568] ? gfs2_glock_nq_num+0x13d/0x170 [ 173.437203][ T6568] init_inodes+0xdb/0x320 [ 173.437218][ T6568] gfs2_fill_super+0x1923/0x20d0 [ 173.437240][ T6568] ? __pfx_gfs2_fill_super+0x10/0x10 [ 173.437256][ T6568] ? init_locking+0xb8/0x210 [ 173.437275][ T6568] ? sb_set_blocksize+0x104/0x180 [ 173.437290][ T6568] ? setup_bdev_super+0x4c1/0x5b0 [ 173.437307][ T6568] get_tree_bdev_flags+0x40e/0x4d0 [ 173.437320][ T6568] ? __pfx_gfs2_fill_super+0x10/0x10 [ 173.437334][ T6568] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 173.437349][ T6568] ? rcu_is_watching+0x15/0xb0 [ 173.437365][ T6568] gfs2_get_tree+0x51/0x1e0 [ 173.437380][ T6568] vfs_get_tree+0x8f/0x2b0 [ 173.437397][ T6568] do_new_mount+0x2a2/0x9e0 [ 173.437414][ T6568] ? ns_capable+0x8a/0xf0 [ 173.437426][ T6568] ? __pfx_do_new_mount+0x10/0x10 [ 173.437441][ T6568] ? path_mount+0x61c/0xfe0 [ 173.437455][ T6568] ? user_path_at+0x44/0x60 [ 173.437473][ T6568] __se_sys_mount+0x317/0x410 [ 173.437492][ T6568] ? __pfx___se_sys_mount+0x10/0x10 [ 173.437510][ T6568] ? do_syscall_64+0xbe/0x3b0 [ 173.437526][ T6568] ? __x64_sys_mount+0x20/0xc0 [ 173.437542][ T6568] do_syscall_64+0xfa/0x3b0 [ 173.437554][ T6568] ? lockdep_hardirqs_on+0x9c/0x150 [ 173.437566][ T6568] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.437577][ T6568] ? clear_bhb_loop+0x60/0xb0 [ 173.437590][ T6568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.437600][ T6568] RIP: 0033:0x7ff40ad900ca [ 173.437613][ T6568] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.437621][ T6568] RSP: 002b:00007ff40bbdce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 173.437635][ T6568] RAX: ffffffffffffffda RBX: 00007ff40bbdcef0 RCX: 00007ff40ad900ca [ 173.437643][ T6568] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007ff40bbdceb0 [ 173.437650][ T6568] RBP: 0000200000000400 R08: 00007ff40bbdcef0 R09: 0000000001000004 [ 173.437658][ T6568] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 173.437665][ T6568] R13: 00007ff40bbdceb0 R14: 00000000000126de R15: 0000200000000440 [ 173.437682][ T6568] [ 173.437725][ T6568] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 174.129569][ T6576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.176'. [ 176.338561][ T979] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 177.562595][ T5859] Bluetooth: hci0: adv larger than maximum supported [ 177.562769][ T5859] Bluetooth: hci0: Malformed LE Event: 0x0d [ 177.709987][ T979] usb 1-1: unable to get BOS descriptor or descriptor too short [ 177.720102][ T979] usb 1-1: too many configurations: 127, using maximum allowed: 8 [ 177.729962][ T979] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 177.740443][ T979] usb 1-1: can't read configurations, error -71 [ 178.068640][ T6605] binder_alloc: 6601: binder_alloc_buf, no vma [ 181.946608][ T5944] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 182.543968][ T5944] usb 3-1: Using ep0 maxpacket: 16 [ 183.350466][ T5944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.455924][ T5944] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 183.734258][ T5944] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.854341][ T5944] usb 3-1: config 0 descriptor?? [ 184.827117][ T5944] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 185.175842][ T6041] usb 3-1: USB disconnect, device number 3 [ 190.028437][ T5859] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 194.599292][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.605925][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.081191][ T6758] netlink: 12 bytes leftover after parsing attributes in process `syz.3.225'. [ 195.128583][ T6758] siw: device registration error -23 [ 195.157142][ T6758] netlink: 156 bytes leftover after parsing attributes in process `syz.3.225'. [ 195.442715][ T6758] loop3: detected capacity change from 0 to 32768 [ 195.498069][ T6758] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 195.506794][ T6758] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 195.547577][ T6758] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 195.565513][ T6758] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 195.575075][ T6758] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 195.584403][ T6758] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 195.592952][ T6758] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 195.603689][ T6758] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 195.613030][ T6758] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 195.620315][ T6758] gfs2: fsid=syz:syz.0: File system withdrawn [ 195.626483][ T6758] CPU: 1 UID: 0 PID: 6758 Comm: syz.3.225 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 195.626501][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.626508][ T6758] Call Trace: [ 195.626513][ T6758] [ 195.626518][ T6758] dump_stack_lvl+0x189/0x250 [ 195.626538][ T6758] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.626552][ T6758] ? __pfx__printk+0x10/0x10 [ 195.626567][ T6758] ? kobject_uevent_env+0x36b/0x8c0 [ 195.626590][ T6758] gfs2_withdraw+0x111e/0x14f0 [ 195.626615][ T6758] ? __pfx_gfs2_withdraw+0x10/0x10 [ 195.626628][ T6758] ? queue_delayed_work_on+0x1f7/0x280 [ 195.626648][ T6758] ? gfs2_consist_inode_i+0xf5/0x110 [ 195.626664][ T6758] inode_go_instantiate+0xd42/0x1150 [ 195.626685][ T6758] ? __pfx_inode_go_instantiate+0x10/0x10 [ 195.626699][ T6758] ? gfs2_glock_nq+0x10bb/0x1900 [ 195.626718][ T6758] gfs2_instantiate+0x168/0x220 [ 195.626733][ T6758] gfs2_glock_wait+0x1d4/0x2a0 [ 195.626749][ T6758] init_journal+0xc71/0x2260 [ 195.626771][ T6758] ? init_inodes+0xdb/0x320 [ 195.626788][ T6758] ? __pfx_init_journal+0x10/0x10 [ 195.626801][ T6758] ? vsnprintf+0xe11/0xf00 [ 195.626818][ T6758] ? snprintf+0xda/0x120 [ 195.626830][ T6758] ? init_inodes+0xdb/0x320 [ 195.626842][ T6758] ? __pfx_snprintf+0x10/0x10 [ 195.626854][ T6758] ? gfs2_glock_nq_num+0x13d/0x170 [ 195.626870][ T6758] init_inodes+0xdb/0x320 [ 195.626884][ T6758] gfs2_fill_super+0x1923/0x20d0 [ 195.626908][ T6758] ? __pfx_gfs2_fill_super+0x10/0x10 [ 195.626923][ T6758] ? init_locking+0xb8/0x210 [ 195.626935][ T6758] ? sb_set_blocksize+0x104/0x180 [ 195.626950][ T6758] ? setup_bdev_super+0x4c1/0x5b0 [ 195.626966][ T6758] get_tree_bdev_flags+0x40e/0x4d0 [ 195.626980][ T6758] ? __pfx_gfs2_fill_super+0x10/0x10 [ 195.626999][ T6758] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 195.627015][ T6758] ? rcu_is_watching+0x15/0xb0 [ 195.627030][ T6758] gfs2_get_tree+0x51/0x1e0 [ 195.627045][ T6758] vfs_get_tree+0x8f/0x2b0 [ 195.627060][ T6758] do_new_mount+0x2a2/0x9e0 [ 195.627078][ T6758] ? ns_capable+0x8a/0xf0 [ 195.627089][ T6758] ? __pfx_do_new_mount+0x10/0x10 [ 195.627103][ T6758] ? path_mount+0x61c/0xfe0 [ 195.627116][ T6758] ? user_path_at+0x44/0x60 [ 195.627134][ T6758] __se_sys_mount+0x317/0x410 [ 195.627153][ T6758] ? __pfx___se_sys_mount+0x10/0x10 [ 195.627174][ T6758] ? do_syscall_64+0xbe/0x3b0 [ 195.627186][ T6758] ? __x64_sys_mount+0x20/0xc0 [ 195.627202][ T6758] do_syscall_64+0xfa/0x3b0 [ 195.627214][ T6758] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.627227][ T6758] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.627238][ T6758] ? clear_bhb_loop+0x60/0xb0 [ 195.627266][ T6758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.627278][ T6758] RIP: 0033:0x7ff40ad900ca [ 195.627289][ T6758] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.627299][ T6758] RSP: 002b:00007ff40bbdce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 195.627313][ T6758] RAX: ffffffffffffffda RBX: 00007ff40bbdcef0 RCX: 00007ff40ad900ca [ 195.627321][ T6758] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007ff40bbdceb0 [ 195.627329][ T6758] RBP: 0000200000000400 R08: 00007ff40bbdcef0 R09: 0000000001000004 [ 195.627336][ T6758] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 195.627343][ T6758] R13: 00007ff40bbdceb0 R14: 00000000000126de R15: 0000200000000440 [ 195.627361][ T6758] [ 195.627374][ T6758] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 198.030497][ T6762] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 198.030497][ T6762] program syz.1.226 not setting count and/or reply_len properly [ 200.406911][ T6781] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 200.891739][ T6787] netlink: 4 bytes leftover after parsing attributes in process `syz.2.231'. [ 201.153269][ T6041] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 201.479324][ T6041] usb 3-1: Using ep0 maxpacket: 16 [ 201.635625][ T6041] usb 3-1: config 0 has no interfaces? [ 201.809849][ T6041] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 201.819389][ T6041] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 201.828131][ T6041] usb 3-1: Manufacturer: syz [ 202.004615][ T6041] usb 3-1: config 0 descriptor?? [ 202.820210][ T9] usb 3-1: USB disconnect, device number 4 [ 205.222023][ T6821] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 205.222023][ T6821] program syz.2.241 not setting count and/or reply_len properly [ 206.961941][ T5846] Bluetooth: hci0: command 0x0406 tx timeout [ 207.528704][ T6827] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 208.647251][ T6845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 209.384713][ T6845] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.668610][ T5856] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 210.988438][ T5856] usb 5-1: Using ep0 maxpacket: 16 [ 211.046640][ T5856] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 211.067735][ T5856] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 211.090655][ T5856] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 211.104608][ T5856] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.194226][ T5856] usb 5-1: Product: syz [ 211.207237][ T5856] usb 5-1: Manufacturer: syz [ 211.229757][ T5856] usb 5-1: SerialNumber: syz [ 211.797012][ T5856] usb 5-1: cannot find UAC_HEADER [ 212.109679][ T5846] Bluetooth: hci4: command 0x0406 tx timeout [ 212.120521][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 212.128067][ T5852] Bluetooth: hci3: command 0x0406 tx timeout [ 212.134339][ T5859] Bluetooth: hci2: command 0x0406 tx timeout [ 212.165344][ T5856] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 212.197679][ T5856] usb 5-1: USB disconnect, device number 3 [ 212.282259][ T5917] udevd[5917]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 213.191879][ T6874] netlink: 36 bytes leftover after parsing attributes in process `syz.3.255'. [ 213.224359][ T6874] netlink: 12 bytes leftover after parsing attributes in process `syz.3.255'. [ 221.233599][ T6938] sp0: Synchronizing with TNC [ 223.515216][ T6960] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 223.515216][ T6960] program syz.0.279 not setting count and/or reply_len properly [ 224.865937][ T6970] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[6970] [ 229.901682][ T7004] ptrace attach of "./syz-executor exec"[5855] was attempted by "./syz-executor exec"[7004] [ 232.648592][ T1144] Bluetooth: hci5: Frame reassembly failed (-84) [ 233.864089][ T30] audit: type=1800 audit(1752720000.010:5): pid=7035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.300" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 234.468530][ T43] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 234.659585][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 234.678527][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 234.686141][ T5166] Bluetooth: hci5: command 0x1003 tx timeout [ 235.287219][ T7049] netlink: 68 bytes leftover after parsing attributes in process `syz.4.305'. [ 235.518864][ T43] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.543918][ T43] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 235.987138][ T43] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 236.043234][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.079978][ T43] usb 2-1: Product: syz [ 236.095938][ T43] usb 2-1: Manufacturer: syz [ 236.232637][ T43] usb 2-1: SerialNumber: syz [ 237.973576][ T43] usb 2-1: cannot find UAC_HEADER [ 238.140542][ T43] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 238.385519][ T43] usb 2-1: USB disconnect, device number 3 [ 238.970595][ T7074] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 239.574385][ T30] audit: type=1800 audit(1752720005.650:6): pid=7078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.313" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 240.233582][ T5917] udevd[5917]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 240.994190][ T6008] Bluetooth: hci5: Frame reassembly failed (-84) [ 241.008418][ T6008] Bluetooth: hci5: Frame reassembly failed (-84) [ 241.820648][ T7113] netlink: 68 bytes leftover after parsing attributes in process `syz.0.318'. [ 243.068708][ T5166] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 247.046248][ T30] audit: type=1800 audit(1752720013.190:7): pid=7138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.326" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 249.419623][ T6041] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 249.909454][ T6041] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 249.922605][ T6041] usb 4-1: config 0 has no interface number 0 [ 250.013245][ T6041] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.476382][ T6041] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.487633][ T6041] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 250.635914][ T6041] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.764026][ T6041] usb 4-1: config 0 descriptor?? [ 252.236189][ T6041] uclogic 0003:256C:006D.0002: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.3-1/input1 [ 252.464945][ T6041] usb 4-1: USB disconnect, device number 2 [ 253.843946][ T7202] netlink: 24 bytes leftover after parsing attributes in process `syz.1.339'. [ 254.186728][ T7213] tipc: Enabling of bearer rejected, already enabled [ 254.197382][ T7213] netlink: 12 bytes leftover after parsing attributes in process `syz.3.342'. [ 256.047009][ T7190] fido_id[7190]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 256.308540][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.315035][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.566083][ T7211] nvme_fabrics: missing parameter 'transport=%s' [ 257.404766][ T7211] nvme_fabrics: missing parameter 'nqn=%s' [ 258.799674][ T7230] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 258.799674][ T7230] program syz.0.347 not setting count and/or reply_len properly [ 262.441919][ T7254] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 263.066493][ T5856] libceph: connect (1)[c::]:6789 error -101 [ 263.083488][ T5856] libceph: mon0 (1)[c::]:6789 connect error [ 263.095754][ T7252] ceph: No mds server is up or the cluster is laggy [ 263.499898][ T7271] tipc: Enabling of bearer rejected, already enabled [ 263.509016][ T7271] netlink: 12 bytes leftover after parsing attributes in process `syz.4.357'. [ 266.480653][ T7270] nvme_fabrics: missing parameter 'transport=%s' [ 266.487089][ T7270] nvme_fabrics: missing parameter 'nqn=%s' [ 270.067380][ T7307] loop0: detected capacity change from 0 to 2048 [ 270.159619][ T7307] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 270.289881][ T7322] netlink: 24 bytes leftover after parsing attributes in process `syz.1.369'. [ 270.323642][ T7321] program syz.4.373 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 270.333212][ T30] audit: type=1800 audit(1752720036.450:8): pid=7307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.368" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 271.464117][ T7328] tipc: Enabling of bearer rejected, already enabled [ 271.476050][ T7328] netlink: 12 bytes leftover after parsing attributes in process `syz.3.375'. [ 273.569601][ T7327] nvme_fabrics: missing parameter 'transport=%s' [ 273.576055][ T7327] nvme_fabrics: missing parameter 'nqn=%s' [ 273.611243][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.695197][ T7341] netlink: 12 bytes leftover after parsing attributes in process `syz.0.376'. [ 275.844425][ T7341] siw: device registration error -23 [ 276.273484][ T7341] loop0: detected capacity change from 0 to 32768 [ 276.330380][ T7341] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 276.338802][ T7341] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 276.354039][ T7341] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 276.368990][ T7341] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 276.378624][ T7341] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 276.387686][ T7341] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 276.395719][ T7341] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 276.407011][ T7341] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 276.415955][ T7341] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 276.422710][ T7341] gfs2: fsid=syz:syz.0: File system withdrawn [ 276.429393][ T7341] CPU: 1 UID: 0 PID: 7341 Comm: syz.0.376 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 276.429410][ T7341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 276.429417][ T7341] Call Trace: [ 276.429422][ T7341] [ 276.429428][ T7341] dump_stack_lvl+0x189/0x250 [ 276.429448][ T7341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.429462][ T7341] ? __pfx__printk+0x10/0x10 [ 276.429477][ T7341] ? kobject_uevent_env+0x36b/0x8c0 [ 276.429501][ T7341] gfs2_withdraw+0x111e/0x14f0 [ 276.429526][ T7341] ? __pfx_gfs2_withdraw+0x10/0x10 [ 276.429540][ T7341] ? queue_delayed_work_on+0x1f7/0x280 [ 276.429559][ T7341] ? gfs2_consist_inode_i+0xf5/0x110 [ 276.429575][ T7341] inode_go_instantiate+0xd42/0x1150 [ 276.429595][ T7341] ? __pfx_inode_go_instantiate+0x10/0x10 [ 276.429610][ T7341] ? gfs2_glock_nq+0x10bb/0x1900 [ 276.429629][ T7341] gfs2_instantiate+0x168/0x220 [ 276.429645][ T7341] gfs2_glock_wait+0x1d4/0x2a0 [ 276.429660][ T7341] init_journal+0xc71/0x2260 [ 276.429681][ T7341] ? init_inodes+0xdb/0x320 [ 276.429696][ T7341] ? __pfx_init_journal+0x10/0x10 [ 276.429710][ T7341] ? vsnprintf+0xe11/0xf00 [ 276.429727][ T7341] ? snprintf+0xda/0x120 [ 276.429739][ T7341] ? init_inodes+0xdb/0x320 [ 276.429751][ T7341] ? __pfx_snprintf+0x10/0x10 [ 276.429763][ T7341] ? gfs2_glock_nq_num+0x13d/0x170 [ 276.429779][ T7341] init_inodes+0xdb/0x320 [ 276.429794][ T7341] gfs2_fill_super+0x1923/0x20d0 [ 276.429818][ T7341] ? __pfx_gfs2_fill_super+0x10/0x10 [ 276.429839][ T7341] ? init_locking+0xb8/0x210 [ 276.429851][ T7341] ? sb_set_blocksize+0x104/0x180 [ 276.429866][ T7341] ? setup_bdev_super+0x4c1/0x5b0 [ 276.429882][ T7341] get_tree_bdev_flags+0x40e/0x4d0 [ 276.429896][ T7341] ? __pfx_gfs2_fill_super+0x10/0x10 [ 276.429909][ T7341] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 276.429926][ T7341] ? rcu_is_watching+0x15/0xb0 [ 276.429941][ T7341] gfs2_get_tree+0x51/0x1e0 [ 276.429957][ T7341] vfs_get_tree+0x8f/0x2b0 [ 276.429973][ T7341] do_new_mount+0x2a2/0x9e0 [ 276.429991][ T7341] ? ns_capable+0x8a/0xf0 [ 276.430002][ T7341] ? __pfx_do_new_mount+0x10/0x10 [ 276.430016][ T7341] ? path_mount+0x61c/0xfe0 [ 276.430030][ T7341] ? user_path_at+0x44/0x60 [ 276.430049][ T7341] __se_sys_mount+0x317/0x410 [ 276.430087][ T7341] ? __pfx___se_sys_mount+0x10/0x10 [ 276.430113][ T7341] ? do_syscall_64+0xbe/0x3b0 [ 276.430125][ T7341] ? __x64_sys_mount+0x20/0xc0 [ 276.430142][ T7341] do_syscall_64+0xfa/0x3b0 [ 276.430156][ T7341] ? lockdep_hardirqs_on+0x9c/0x150 [ 276.430169][ T7341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.430180][ T7341] ? clear_bhb_loop+0x60/0xb0 [ 276.430194][ T7341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.430205][ T7341] RIP: 0033:0x7fda0fb900ca [ 276.430216][ T7341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.430225][ T7341] RSP: 002b:00007fda109f4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 276.430238][ T7341] RAX: ffffffffffffffda RBX: 00007fda109f4ef0 RCX: 00007fda0fb900ca [ 276.430246][ T7341] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007fda109f4eb0 [ 276.430254][ T7341] RBP: 0000200000000400 R08: 00007fda109f4ef0 R09: 0000000001000004 [ 276.430261][ T7341] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 276.430268][ T7341] R13: 00007fda109f4eb0 R14: 00000000000126de R15: 0000200000000440 [ 276.430287][ T7341] [ 276.430331][ T7341] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 278.310252][ T7366] loop2: detected capacity change from 0 to 2048 [ 278.460012][ T7366] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 278.559659][ T30] audit: type=1800 audit(1752720044.700:9): pid=7366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.386" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 278.956446][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 281.289027][ T7393] tipc: Started in network mode [ 281.294096][ T7393] tipc: Node identity ac14140f, cluster identity 4711 [ 281.304468][ T7393] tipc: New replicast peer: 255.255.255.255 [ 281.313184][ T7393] tipc: Enabled bearer , priority 10 [ 281.326609][ T7393] netlink: 12 bytes leftover after parsing attributes in process `syz.2.390'. [ 282.415266][ T9] tipc: Node number set to 2886997007 [ 283.264458][ T7395] nvme_fabrics: missing parameter 'transport=%s' [ 283.373342][ T7402] netlink: 'syz.4.397': attribute type 12 has an invalid length. [ 283.410034][ T7402] netlink: 'syz.4.397': attribute type 29 has an invalid length. [ 283.526962][ T7395] nvme_fabrics: missing parameter 'nqn=%s' [ 283.568416][ T7402] netlink: 148 bytes leftover after parsing attributes in process `syz.4.397'. [ 283.859341][ T7413] netlink: 68 bytes leftover after parsing attributes in process `syz.2.399'. [ 283.986147][ T7414] netlink: 24 bytes leftover after parsing attributes in process `syz.3.400'. [ 284.043256][ T7416] loop4: detected capacity change from 0 to 2048 [ 284.137721][ T7416] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 284.464725][ T30] audit: type=1800 audit(1752720050.610:10): pid=7416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.401" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 285.908183][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.403981][ T7445] netlink: 'syz.0.408': attribute type 12 has an invalid length. [ 287.411884][ T7445] netlink: 'syz.0.408': attribute type 29 has an invalid length. [ 287.419756][ T7445] netlink: 148 bytes leftover after parsing attributes in process `syz.0.408'. [ 287.429757][ T7445] netlink: 59 bytes leftover after parsing attributes in process `syz.0.408'. [ 288.220195][ T7447] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22) [ 288.483277][ T7451] tipc: Started in network mode [ 288.488572][ T7451] tipc: Node identity ac14140f, cluster identity 4711 [ 288.497251][ T7451] tipc: New replicast peer: 255.255.255.255 [ 288.505061][ T7451] tipc: Enabled bearer , priority 10 [ 288.515829][ T7451] netlink: 12 bytes leftover after parsing attributes in process `syz.0.410'. [ 288.548038][ T7447] evm: overlay not supported [ 289.506754][ T7452] nvme_fabrics: missing parameter 'transport=%s' [ 289.640158][ T9] tipc: Node number set to 2886997007 [ 289.660128][ T7452] nvme_fabrics: missing parameter 'nqn=%s' [ 290.141028][ T7460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.412'. [ 290.927023][ T7463] netlink: 68 bytes leftover after parsing attributes in process `syz.0.413'. [ 293.198594][ T5856] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 293.368405][ T5856] usb 2-1: Using ep0 maxpacket: 32 [ 293.390760][ T5856] usb 2-1: config 0 has no interfaces? [ 293.396416][ T5856] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 293.419640][ T5856] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.446792][ T5856] usb 2-1: config 0 descriptor?? [ 293.520690][ T7482] mkiss: ax0: crc mode is auto. [ 293.673281][ T9] usb 2-1: USB disconnect, device number 4 [ 294.391873][ T7491] netlink: 'syz.3.420': attribute type 12 has an invalid length. [ 294.400020][ T7491] netlink: 'syz.3.420': attribute type 29 has an invalid length. [ 294.407766][ T7491] netlink: 148 bytes leftover after parsing attributes in process `syz.3.420'. [ 294.416952][ T7491] netlink: 59 bytes leftover after parsing attributes in process `syz.3.420'. [ 295.915312][ T7502] tipc: Enabling of bearer rejected, already enabled [ 295.926382][ T7502] netlink: 12 bytes leftover after parsing attributes in process `syz.3.423'. [ 297.715496][ T7505] nvme_fabrics: missing parameter 'transport=%s' [ 298.234798][ T7510] warning: `syz.1.424' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 298.678587][ T7505] nvme_fabrics: missing parameter 'nqn=%s' [ 298.718467][ T30] audit: type=1326 audit(1752720064.750:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.1.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613538e929 code=0x7fc00000 [ 298.741046][ T7504] netlink: 68 bytes leftover after parsing attributes in process `syz.4.425'. [ 299.034931][ T7514] loop2: detected capacity change from 0 to 2048 [ 299.171463][ T7514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.579972][ T7522] vivid-002: disconnect [ 300.251528][ T30] audit: type=1800 audit(1752720066.330:12): pid=7514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.426" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 300.582728][ T7534] netlink: 24 bytes leftover after parsing attributes in process `syz.4.430'. [ 300.654591][ T7513] vivid-002: reconnect [ 300.738896][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 301.017520][ T6011] udevd[6011]: Failed to create symlink /run/udev/watch/489: File exists [ 305.027165][ T7552] mkiss: ax0: crc mode is auto. [ 308.352718][ T7572] nvme_fabrics: missing parameter 'transport=%s' [ 308.363025][ T7572] nvme_fabrics: missing parameter 'nqn=%s' [ 309.458830][ T7581] loop2: detected capacity change from 0 to 2048 [ 309.599434][ T7581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 310.868065][ T7597] netlink: 500 bytes leftover after parsing attributes in process `syz.1.443'. [ 311.264574][ T30] audit: type=1800 audit(1752720077.410:13): pid=7581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.442" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 312.863621][ T7601] netlink: 24 bytes leftover after parsing attributes in process `syz.3.446'. [ 312.973638][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.662430][ T7622] mkiss: ax0: crc mode is auto. [ 314.853117][ T7625] ceph: No mds server is up or the cluster is laggy [ 315.001809][ T7640] tipc: Started in network mode [ 315.006948][ T7640] tipc: Node identity ac14140f, cluster identity 4711 [ 315.015095][ T7640] tipc: New replicast peer: 255.255.255.255 [ 315.026327][ T7640] tipc: Enabled bearer , priority 10 [ 315.038683][ T7640] netlink: 12 bytes leftover after parsing attributes in process `syz.1.457'. [ 315.194571][ T43] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 316.348188][ T7646] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 316.478417][ T5856] tipc: Node number set to 2886997007 [ 316.851936][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 317.072524][ T7642] nvme_fabrics: missing parameter 'transport=%s' [ 317.081579][ T43] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 317.090171][ T43] usb 5-1: config 0 has no interface number 0 [ 317.199800][ T43] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 317.250548][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.308121][ T7642] nvme_fabrics: missing parameter 'nqn=%s' [ 318.089112][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.095654][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.328360][ T43] usb 5-1: Product: syz [ 318.332589][ T43] usb 5-1: Manufacturer: syz [ 318.337199][ T43] usb 5-1: SerialNumber: syz [ 318.669819][ T7662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.459'. [ 319.067414][ T43] usb 5-1: config 0 descriptor?? [ 320.956932][ T43] usb 5-1: can't set config #0, error -71 [ 320.976544][ T43] usb 5-1: USB disconnect, device number 4 [ 321.223344][ T7673] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[7673] [ 321.404301][ T7672] netlink: 24 bytes leftover after parsing attributes in process `syz.2.463'. [ 321.752197][ T7670] loop0: detected capacity change from 0 to 2048 [ 322.327980][ T7670] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 322.453857][ T30] audit: type=1800 audit(1752720088.530:14): pid=7670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.462" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 322.751880][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.870896][ T7690] mkiss: ax0: crc mode is auto. [ 324.084432][ T7697] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 324.519080][ T7709] netlink: 24 bytes leftover after parsing attributes in process `syz.3.473'. [ 325.021799][ T7696] ceph: No mds server is up or the cluster is laggy [ 326.447365][ T7721] tipc: Enabling of bearer rejected, already enabled [ 326.457209][ T7721] netlink: 12 bytes leftover after parsing attributes in process `syz.2.475'. [ 328.672794][ T7721] nvme_fabrics: missing parameter 'transport=%s' [ 328.682056][ T7721] nvme_fabrics: missing parameter 'nqn=%s' [ 329.509210][ T5856] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 329.712610][ T5856] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 330.167706][ T5856] usb 1-1: config 0 interface 0 has no altsetting 0 [ 330.177951][ T5856] usb 1-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00 [ 330.201833][ T5856] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.243553][ T5856] usb 1-1: config 0 descriptor?? [ 330.747345][ T5856] stadia 0003:18D1:9400.0003: item fetching failed at offset 3/5 [ 330.770944][ T5856] stadia 0003:18D1:9400.0003: parse failed [ 331.500894][ T5856] stadia 0003:18D1:9400.0003: probe with driver stadia failed with error -22 [ 331.516666][ T5856] usb 1-1: USB disconnect, device number 4 [ 331.746234][ T7750] mkiss: ax0: crc mode is auto. [ 334.170852][ T7767] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22) [ 335.305442][ T7779] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 335.305442][ T7779] program syz.0.492 not setting count and/or reply_len properly [ 336.778507][ T5166] Bluetooth: hci4: command 0x0406 tx timeout [ 336.809384][ T43] libceph: connect (1)[c::]:6789 error -101 [ 336.819622][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 336.911762][ T7786] ptrace attach of "./syz-executor exec"[5847] was attempted by "./syz-executor exec"[7786] [ 336.952866][ T7786] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 336.961108][ T7786] overlayfs: failed to set xattr on upper [ 336.968705][ T7786] overlayfs: ...falling back to redirect_dir=nofollow. [ 336.978864][ T7786] overlayfs: ...falling back to index=off. [ 336.984965][ T7786] overlayfs: ...falling back to uuid=null. [ 336.991188][ T7786] overlayfs: maximum fs stacking depth exceeded [ 337.415610][ T43] libceph: connect (1)[c::]:6789 error -101 [ 337.453194][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 337.542916][ T7776] ceph: No mds server is up or the cluster is laggy [ 339.304709][ T7796] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 339.866322][ T979] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 340.292672][ T979] usb 4-1: device descriptor read/64, error -71 [ 340.579801][ T979] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 341.534916][ T979] usb 4-1: device descriptor read/64, error -71 [ 341.659859][ T979] usb usb4-port1: attempt power cycle [ 341.945895][ T7825] netlink: 'syz.1.502': attribute type 12 has an invalid length. [ 341.954906][ T7825] netlink: 'syz.1.502': attribute type 29 has an invalid length. [ 341.963066][ T7825] netlink: 148 bytes leftover after parsing attributes in process `syz.1.502'. [ 341.972533][ T7825] netlink: 59 bytes leftover after parsing attributes in process `syz.1.502'. [ 342.048641][ T979] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 342.732925][ T7832] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 342.732925][ T7832] program syz.2.504 not setting count and/or reply_len properly [ 344.499657][ T979] usb 4-1: device descriptor read/8, error -71 [ 345.039107][ T7838] overlayfs: failed to resolve './file0': -2 [ 345.999030][ T5903] libceph: connect (1)[c::]:6789 error -101 [ 346.005098][ T5903] libceph: mon0 (1)[c::]:6789 connect error [ 346.020325][ T7847] input: syz1 as /devices/virtual/input/input6 [ 346.123357][ T7843] ceph: No mds server is up or the cluster is laggy [ 350.440478][ T7893] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 350.440478][ T7893] program syz.2.519 not setting count and/or reply_len properly [ 351.997799][ T7902] ceph: No mds server is up or the cluster is laggy [ 353.405618][ T7922] netlink: 'syz.1.530': attribute type 12 has an invalid length. [ 353.413774][ T7922] netlink: 'syz.1.530': attribute type 29 has an invalid length. [ 353.422698][ T7922] netlink: 148 bytes leftover after parsing attributes in process `syz.1.530'. [ 353.431895][ T7922] netlink: 59 bytes leftover after parsing attributes in process `syz.1.530'. [ 354.258562][ T7926] fuse: Bad value for 'fd' [ 355.387057][ T7937] netlink: 500 bytes leftover after parsing attributes in process `syz.4.535'. [ 357.110881][ T1213] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 357.279402][ T1213] usb 1-1: device descriptor read/64, error -71 [ 357.561308][ T1213] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 357.728744][ T1213] usb 1-1: device descriptor read/64, error -71 [ 358.072278][ T1213] usb usb1-port1: attempt power cycle [ 358.206417][ T7960] sctp: [Deprecated]: syz.3.542 (pid 7960) Use of int in max_burst socket option deprecated. [ 358.206417][ T7960] Use struct sctp_assoc_value instead [ 358.495514][ T1213] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 358.738616][ T1213] usb 1-1: device descriptor read/8, error -71 [ 359.229998][ T1213] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 359.358405][ T1213] usb 1-1: device descriptor read/8, error -71 [ 359.475777][ T1213] usb usb1-port1: unable to enumerate USB device [ 362.187037][ T8000] vivid-008: disconnect [ 362.589193][ T7996] vivid-008: reconnect [ 362.963363][ T8007] netlink: 4 bytes leftover after parsing attributes in process `syz.4.557'. [ 363.255228][ T5903] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 363.279740][ T43] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 363.408388][ T5903] usb 4-1: Using ep0 maxpacket: 8 [ 363.415817][ T5903] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 363.437359][ T5903] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 363.450135][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 363.457972][ T5903] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 363.466639][ T43] usb 5-1: config 0 has no interfaces? [ 363.478203][ T5903] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 363.491862][ T43] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 363.491892][ T43] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 363.491911][ T43] usb 5-1: Manufacturer: syz [ 363.520897][ T43] usb 5-1: config 0 descriptor?? [ 363.521212][ T5903] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 363.535020][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.773954][ T5903] usb 4-1: GET_CAPABILITIES returned 0 [ 363.841402][ T9] usb 5-1: USB disconnect, device number 5 [ 363.849578][ T5903] usbtmc 4-1:16.0: can't read capabilities [ 364.763040][ T9] usb 4-1: USB disconnect, device number 7 [ 365.990287][ T8027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.561'. [ 366.823104][ T8032] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[8032] [ 370.539712][ T8057] netlink: 32 bytes leftover after parsing attributes in process `syz.0.570'. [ 371.133252][ T8057] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 371.856565][ T8079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.574'. [ 372.141130][ T8071] block nbd4: shutting down sockets [ 374.823219][ T8102] loop1: detected capacity change from 0 to 2048 [ 374.916451][ T8102] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 375.189563][ T30] audit: type=1800 audit(1752720141.330:15): pid=8102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.584" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 376.263500][ T5854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.483352][ T8116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.587'. [ 376.832565][ T8116] loop2: detected capacity change from 0 to 32768 [ 376.895841][ T8116] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 376.904931][ T8116] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 376.942412][ T8116] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 376.956946][ T8116] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 376.966358][ T8116] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 376.975991][ T8116] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 376.984136][ T8116] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 376.994694][ T8116] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 377.005331][ T8116] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 377.012010][ T8116] gfs2: fsid=syz:syz.0: File system withdrawn [ 377.018136][ T8116] CPU: 1 UID: 0 PID: 8116 Comm: syz.2.587 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 377.018155][ T8116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 377.018162][ T8116] Call Trace: [ 377.018170][ T8116] [ 377.018176][ T8116] dump_stack_lvl+0x189/0x250 [ 377.018196][ T8116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 377.018209][ T8116] ? __pfx__printk+0x10/0x10 [ 377.018225][ T8116] ? kobject_uevent_env+0x36b/0x8c0 [ 377.018261][ T8116] gfs2_withdraw+0x111e/0x14f0 [ 377.018299][ T8116] ? __pfx_gfs2_withdraw+0x10/0x10 [ 377.018323][ T8116] ? queue_delayed_work_on+0x1f7/0x280 [ 377.018352][ T8116] ? gfs2_consist_inode_i+0xf5/0x110 [ 377.018378][ T8116] inode_go_instantiate+0xd42/0x1150 [ 377.018399][ T8116] ? __pfx_inode_go_instantiate+0x10/0x10 [ 377.018414][ T8116] ? gfs2_glock_nq+0x10bb/0x1900 [ 377.018433][ T8116] gfs2_instantiate+0x168/0x220 [ 377.018449][ T8116] gfs2_glock_wait+0x1d4/0x2a0 [ 377.018466][ T8116] init_journal+0xc71/0x2260 [ 377.018487][ T8116] ? init_inodes+0xdb/0x320 [ 377.018505][ T8116] ? __pfx_init_journal+0x10/0x10 [ 377.018518][ T8116] ? vsnprintf+0xe11/0xf00 [ 377.018536][ T8116] ? snprintf+0xda/0x120 [ 377.018548][ T8116] ? init_inodes+0xdb/0x320 [ 377.018561][ T8116] ? __pfx_snprintf+0x10/0x10 [ 377.018573][ T8116] ? gfs2_glock_nq_num+0x13d/0x170 [ 377.018589][ T8116] init_inodes+0xdb/0x320 [ 377.018604][ T8116] gfs2_fill_super+0x1923/0x20d0 [ 377.018628][ T8116] ? __pfx_gfs2_fill_super+0x10/0x10 [ 377.018644][ T8116] ? init_locking+0xb8/0x210 [ 377.018656][ T8116] ? sb_set_blocksize+0x104/0x180 [ 377.018672][ T8116] ? setup_bdev_super+0x4c1/0x5b0 [ 377.018688][ T8116] get_tree_bdev_flags+0x40e/0x4d0 [ 377.018703][ T8116] ? __pfx_gfs2_fill_super+0x10/0x10 [ 377.018716][ T8116] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 377.018732][ T8116] ? rcu_is_watching+0x15/0xb0 [ 377.018747][ T8116] gfs2_get_tree+0x51/0x1e0 [ 377.018763][ T8116] vfs_get_tree+0x8f/0x2b0 [ 377.018780][ T8116] do_new_mount+0x2a2/0x9e0 [ 377.018798][ T8116] ? ns_capable+0x8a/0xf0 [ 377.018808][ T8116] ? __pfx_do_new_mount+0x10/0x10 [ 377.018823][ T8116] ? path_mount+0x61c/0xfe0 [ 377.018837][ T8116] ? user_path_at+0x44/0x60 [ 377.018855][ T8116] __se_sys_mount+0x317/0x410 [ 377.018875][ T8116] ? __pfx___se_sys_mount+0x10/0x10 [ 377.018894][ T8116] ? do_syscall_64+0xbe/0x3b0 [ 377.018907][ T8116] ? __x64_sys_mount+0x20/0xc0 [ 377.018924][ T8116] do_syscall_64+0xfa/0x3b0 [ 377.018936][ T8116] ? lockdep_hardirqs_on+0x9c/0x150 [ 377.018949][ T8116] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.018960][ T8116] ? clear_bhb_loop+0x60/0xb0 [ 377.018973][ T8116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.018984][ T8116] RIP: 0033:0x7fe42cb900ca [ 377.018998][ T8116] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.019007][ T8116] RSP: 002b:00007fe42dad2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 377.019020][ T8116] RAX: ffffffffffffffda RBX: 00007fe42dad2ef0 RCX: 00007fe42cb900ca [ 377.019028][ T8116] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007fe42dad2eb0 [ 377.019035][ T8116] RBP: 0000200000000400 R08: 00007fe42dad2ef0 R09: 0000000001000004 [ 377.019043][ T8116] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 377.019049][ T8116] R13: 00007fe42dad2eb0 R14: 00000000000126de R15: 0000200000000440 [ 377.019093][ T8116] [ 377.357422][ T8116] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 378.923852][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.930348][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.282744][ T8142] Cannot find del_set index 4 as target [ 379.426178][ T8145] 9pnet_virtio: no channels available for device syz [ 382.657835][ T8172] netlink: 12 bytes leftover after parsing attributes in process `syz.3.601'. [ 382.711915][ T8172] siw: device registration error -23 [ 383.004617][ T8172] loop3: detected capacity change from 0 to 32768 [ 383.059725][ T8172] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 383.059752][ T8172] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 383.071954][ T8172] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 383.071980][ T8172] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 383.071999][ T8172] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 383.072034][ T8172] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 383.072048][ T8172] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 383.075465][ T8172] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 383.075479][ T8172] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 383.075712][ T8172] gfs2: fsid=syz:syz.0: File system withdrawn [ 383.075724][ T8172] CPU: 1 UID: 0 PID: 8172 Comm: syz.3.601 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 383.075739][ T8172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 383.075746][ T8172] Call Trace: [ 383.075751][ T8172] [ 383.075756][ T8172] dump_stack_lvl+0x189/0x250 [ 383.075775][ T8172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.075788][ T8172] ? __pfx__printk+0x10/0x10 [ 383.075804][ T8172] ? kobject_uevent_env+0x36b/0x8c0 [ 383.075827][ T8172] gfs2_withdraw+0x111e/0x14f0 [ 383.075851][ T8172] ? __pfx_gfs2_withdraw+0x10/0x10 [ 383.075864][ T8172] ? queue_delayed_work_on+0x1f7/0x280 [ 383.075883][ T8172] ? gfs2_consist_inode_i+0xf5/0x110 [ 383.075898][ T8172] inode_go_instantiate+0xd42/0x1150 [ 383.075916][ T8172] ? __pfx_inode_go_instantiate+0x10/0x10 [ 383.075931][ T8172] ? gfs2_glock_nq+0x10bb/0x1900 [ 383.075956][ T8172] gfs2_instantiate+0x168/0x220 [ 383.075971][ T8172] gfs2_glock_wait+0x1d4/0x2a0 [ 383.075987][ T8172] init_journal+0xc71/0x2260 [ 383.076008][ T8172] ? init_inodes+0xdb/0x320 [ 383.076024][ T8172] ? __pfx_init_journal+0x10/0x10 [ 383.076038][ T8172] ? vsnprintf+0xe11/0xf00 [ 383.076055][ T8172] ? snprintf+0xda/0x120 [ 383.076067][ T8172] ? init_inodes+0xdb/0x320 [ 383.076079][ T8172] ? __pfx_snprintf+0x10/0x10 [ 383.076091][ T8172] ? gfs2_glock_nq_num+0x13d/0x170 [ 383.076108][ T8172] init_inodes+0xdb/0x320 [ 383.076122][ T8172] gfs2_fill_super+0x1923/0x20d0 [ 383.076145][ T8172] ? __pfx_gfs2_fill_super+0x10/0x10 [ 383.076161][ T8172] ? init_locking+0xb8/0x210 [ 383.076173][ T8172] ? sb_set_blocksize+0x104/0x180 [ 383.076190][ T8172] ? setup_bdev_super+0x4c1/0x5b0 [ 383.076209][ T8172] get_tree_bdev_flags+0x40e/0x4d0 [ 383.076222][ T8172] ? __pfx_gfs2_fill_super+0x10/0x10 [ 383.076235][ T8172] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 383.076251][ T8172] ? rcu_is_watching+0x15/0xb0 [ 383.076266][ T8172] gfs2_get_tree+0x51/0x1e0 [ 383.076281][ T8172] vfs_get_tree+0x8f/0x2b0 [ 383.076297][ T8172] do_new_mount+0x2a2/0x9e0 [ 383.076314][ T8172] ? ns_capable+0x8a/0xf0 [ 383.076324][ T8172] ? __pfx_do_new_mount+0x10/0x10 [ 383.076338][ T8172] ? path_mount+0x61c/0xfe0 [ 383.076352][ T8172] ? user_path_at+0x44/0x60 [ 383.076370][ T8172] __se_sys_mount+0x317/0x410 [ 383.076388][ T8172] ? __pfx___se_sys_mount+0x10/0x10 [ 383.076407][ T8172] ? do_syscall_64+0xbe/0x3b0 [ 383.076419][ T8172] ? __x64_sys_mount+0x20/0xc0 [ 383.076436][ T8172] do_syscall_64+0xfa/0x3b0 [ 383.076447][ T8172] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.076460][ T8172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.076470][ T8172] ? clear_bhb_loop+0x60/0xb0 [ 383.076484][ T8172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.076494][ T8172] RIP: 0033:0x7ff40ad900ca [ 383.076506][ T8172] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.076515][ T8172] RSP: 002b:00007ff40bbdce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 383.076529][ T8172] RAX: ffffffffffffffda RBX: 00007ff40bbdcef0 RCX: 00007ff40ad900ca [ 383.076537][ T8172] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007ff40bbdceb0 [ 383.076544][ T8172] RBP: 0000200000000400 R08: 00007ff40bbdcef0 R09: 0000000001000004 [ 383.076551][ T8172] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 383.076558][ T8172] R13: 00007ff40bbdceb0 R14: 00000000000126de R15: 0000200000000440 [ 383.076575][ T8172] [ 383.076585][ T8172] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 383.644499][ T8183] netlink: 8 bytes leftover after parsing attributes in process `syz.3.603'. [ 385.636924][ T8206] loop0: detected capacity change from 0 to 2048 [ 385.676962][ T8206] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 385.716372][ T30] audit: type=1800 audit(1752720151.860:16): pid=8206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.612" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 386.165214][ T8213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.613'. [ 386.727955][ T8213] siw: device registration error -23 [ 386.851818][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 387.127316][ T8213] loop1: detected capacity change from 0 to 32768 [ 387.196608][ T8213] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 387.205470][ T8213] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 387.236043][ T8213] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 0 19, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 403 [ 387.251336][ T8213] gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:aqobnN t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 387.261424][ T8213] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320 [ 387.270596][ T8213] gfs2: fsid=syz:syz.0: I: n:0/19 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 387.278548][ T8213] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 387.289893][ T8213] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 387.298702][ T8213] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 387.305284][ T8213] gfs2: fsid=syz:syz.0: File system withdrawn [ 387.311385][ T8213] CPU: 1 UID: 0 PID: 8213 Comm: syz.1.613 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 387.311402][ T8213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 387.311408][ T8213] Call Trace: [ 387.311413][ T8213] [ 387.311419][ T8213] dump_stack_lvl+0x189/0x250 [ 387.311438][ T8213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 387.311452][ T8213] ? __pfx__printk+0x10/0x10 [ 387.311467][ T8213] ? kobject_uevent_env+0x36b/0x8c0 [ 387.311491][ T8213] gfs2_withdraw+0x111e/0x14f0 [ 387.311515][ T8213] ? __pfx_gfs2_withdraw+0x10/0x10 [ 387.311528][ T8213] ? queue_delayed_work_on+0x1f7/0x280 [ 387.311548][ T8213] ? gfs2_consist_inode_i+0xf5/0x110 [ 387.311564][ T8213] inode_go_instantiate+0xd42/0x1150 [ 387.311583][ T8213] ? __pfx_inode_go_instantiate+0x10/0x10 [ 387.311597][ T8213] ? gfs2_glock_nq+0x10bb/0x1900 [ 387.311615][ T8213] gfs2_instantiate+0x168/0x220 [ 387.311630][ T8213] gfs2_glock_wait+0x1d4/0x2a0 [ 387.311645][ T8213] init_journal+0xc71/0x2260 [ 387.311666][ T8213] ? init_inodes+0xdb/0x320 [ 387.311682][ T8213] ? __pfx_init_journal+0x10/0x10 [ 387.311695][ T8213] ? vsnprintf+0xe11/0xf00 [ 387.311713][ T8213] ? snprintf+0xda/0x120 [ 387.311725][ T8213] ? init_inodes+0xdb/0x320 [ 387.311738][ T8213] ? __pfx_snprintf+0x10/0x10 [ 387.311750][ T8213] ? gfs2_glock_nq_num+0x13d/0x170 [ 387.311766][ T8213] init_inodes+0xdb/0x320 [ 387.311781][ T8213] gfs2_fill_super+0x1923/0x20d0 [ 387.311805][ T8213] ? __pfx_gfs2_fill_super+0x10/0x10 [ 387.311820][ T8213] ? init_locking+0xb8/0x210 [ 387.311832][ T8213] ? sb_set_blocksize+0x104/0x180 [ 387.311847][ T8213] ? setup_bdev_super+0x4c1/0x5b0 [ 387.311863][ T8213] get_tree_bdev_flags+0x40e/0x4d0 [ 387.311877][ T8213] ? __pfx_gfs2_fill_super+0x10/0x10 [ 387.311891][ T8213] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 387.311908][ T8213] ? rcu_is_watching+0x15/0xb0 [ 387.311923][ T8213] gfs2_get_tree+0x51/0x1e0 [ 387.311938][ T8213] vfs_get_tree+0x8f/0x2b0 [ 387.311954][ T8213] do_new_mount+0x2a2/0x9e0 [ 387.311971][ T8213] ? ns_capable+0x8a/0xf0 [ 387.311981][ T8213] ? __pfx_do_new_mount+0x10/0x10 [ 387.311997][ T8213] ? path_mount+0x61c/0xfe0 [ 387.312010][ T8213] ? user_path_at+0x44/0x60 [ 387.312028][ T8213] __se_sys_mount+0x317/0x410 [ 387.312048][ T8213] ? __pfx___se_sys_mount+0x10/0x10 [ 387.312067][ T8213] ? do_syscall_64+0xbe/0x3b0 [ 387.312079][ T8213] ? __x64_sys_mount+0x20/0xc0 [ 387.312096][ T8213] do_syscall_64+0xfa/0x3b0 [ 387.312108][ T8213] ? lockdep_hardirqs_on+0x9c/0x150 [ 387.312121][ T8213] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.312132][ T8213] ? clear_bhb_loop+0x60/0xb0 [ 387.312145][ T8213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.312155][ T8213] RIP: 0033:0x7f61353900ca [ 387.312167][ T8213] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.312176][ T8213] RSP: 002b:00007f61351f6e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 387.312190][ T8213] RAX: ffffffffffffffda RBX: 00007f61351f6ef0 RCX: 00007f61353900ca [ 387.312198][ T8213] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f61351f6eb0 [ 387.312205][ T8213] RBP: 0000200000000400 R08: 00007f61351f6ef0 R09: 0000000001000004 [ 387.312213][ T8213] R10: 0000000001000004 R11: 0000000000000246 R12: 0000200000012500 [ 387.312228][ T8213] R13: 00007f61351f6eb0 R14: 00000000000126de R15: 0000200000000440 [ 387.312246][ T8213] [ 387.312296][ T8213] gfs2: fsid=syz:syz.0: can't acquire journal inode glock: -5 [ 388.268962][ T979] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 388.433034][ T979] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 388.444492][ T979] usb 2-1: config 0 has no interfaces? [ 388.457379][ T979] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 388.510962][ T979] usb 2-1: New USB device strings: Mfr=1, Product=26, SerialNumber=3 [ 388.563862][ T979] usb 2-1: Product: syz [ 388.584310][ T979] usb 2-1: Manufacturer: syz [ 388.621877][ T979] usb 2-1: SerialNumber: syz [ 388.664570][ T979] usb 2-1: config 0 descriptor?? [ 389.326485][ T979] usb 2-1: USB disconnect, device number 5 [ 389.906956][ T8243] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 389.906956][ T8243] program syz.4.621 not setting count and/or reply_len properly [ 395.056862][ T8262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.629'. [ 395.760847][ T8283] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 395.760847][ T8283] program syz.1.634 not setting count and/or reply_len properly [ 400.518827][ T8302] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 400.518827][ T8302] program syz.3.638 not setting count and/or reply_len properly [ 404.638676][ T8324] netlink: 8 bytes leftover after parsing attributes in process `syz.1.643'. [ 407.016233][ T8344] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 407.756811][ T30] audit: type=1326 audit(1752720173.900:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8347 comm="syz.2.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cb8e929 code=0x7ffc0000 [ 407.830886][ T8352] netlink: 'syz.1.650': attribute type 12 has an invalid length. [ 407.838842][ T8352] netlink: 'syz.1.650': attribute type 29 has an invalid length. [ 407.846638][ T8352] netlink: 148 bytes leftover after parsing attributes in process `syz.1.650'. [ 407.856974][ T8352] netlink: 59 bytes leftover after parsing attributes in process `syz.1.650'. [ 408.505043][ T30] audit: type=1326 audit(1752720173.900:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8347 comm="syz.2.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cb8e929 code=0x7ffc0000 [ 408.527766][ T30] audit: type=1326 audit(1752720174.100:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8347 comm="syz.2.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fe42cb8e929 code=0x7ffc0000 [ 408.589100][ T30] audit: type=1326 audit(1752720174.100:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8347 comm="syz.2.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cb8e929 code=0x7ffc0000 [ 408.710138][ T30] audit: type=1326 audit(1752720174.100:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8347 comm="syz.2.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cb8e929 code=0x7ffc0000 [ 411.039003][ T8369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.651'. [ 414.958394][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 415.209052][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 415.222404][ T9] usb 3-1: config index 0 descriptor too short (expected 28277, got 36) [ 415.233723][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 415.245610][ T9] usb 3-1: config 0 has no interfaces? [ 415.258562][ T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 415.308904][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.339743][ T9] usb 3-1: config 0 descriptor?? [ 415.472210][ T1213] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 417.601691][ T1213] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 417.629381][ T1213] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 417.643207][ T43] usb 3-1: USB disconnect, device number 5 [ 417.679511][ T1213] usb 1-1: config 0 has no interface number 0 [ 417.719390][ T1213] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 417.729457][ T1213] usb 1-1: New USB device strings: Mfr=1, Product=26, SerialNumber=3 [ 417.737593][ T1213] usb 1-1: Product: syz [ 417.779605][ T1213] usb 1-1: Manufacturer: syz [ 417.784293][ T1213] usb 1-1: SerialNumber: syz [ 417.823263][ T1213] usb 1-1: config 0 descriptor?? [ 418.447566][ T979] usb 1-1: USB disconnect, device number 9 [ 418.555803][ T8403] vivid-004: disconnect [ 419.222813][ T8400] vivid-004: reconnect [ 419.338911][ T8410] 9pnet_virtio: no channels available for device syz [ 420.123170][ T8420] netlink: 33912 bytes leftover after parsing attributes in process `syz.2.671'. [ 421.333584][ T8435] 8021q: VLANs not supported on ipvlan1 [ 421.347476][ T8435] process 'syz.2.673' launched './file0' with NULL argv: empty string added [ 422.963366][ T979] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 423.279374][ T979] usb 3-1: Using ep0 maxpacket: 8 [ 423.362777][ T979] usb 3-1: config 0 has no interfaces? [ 423.707268][ T979] usb 3-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00 [ 423.754479][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.779053][ T979] usb 3-1: config 0 descriptor?? [ 423.947262][ T979] usb 3-1: can't set config #0, error -71 [ 423.960099][ T979] usb 3-1: USB disconnect, device number 6 [ 424.139699][ T8433] [U]  [ 425.291757][ T979] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 425.312897][ T8464] netlink: 24 bytes leftover after parsing attributes in process `syz.2.681'. [ 425.579195][ T979] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 425.600968][ T979] usb 1-1: config 0 has no interface number 0 [ 425.674393][ T979] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.779485][ T979] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.897683][ T979] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 425.945965][ T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.036493][ T8468] vivid-006: disconnect [ 426.451582][ T979] usb 1-1: config 0 descriptor?? [ 426.470967][ T8466] vivid-006: reconnect [ 426.696836][ T8474] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22) [ 426.764188][ T8476] ================================================================== [ 426.772322][ T8476] BUG: KASAN: slab-use-after-free in tcp_prune_ofo_queue+0x37e/0x6e0 [ 426.780436][ T8476] Read of size 4 at addr ffff888055746bd0 by task syz.3.685/8476 [ 426.788182][ T8476] [ 426.790531][ T8476] CPU: 0 UID: 0 PID: 8476 Comm: syz.3.685 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 426.790557][ T8476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 426.790569][ T8476] Call Trace: [ 426.790584][ T8476] [ 426.790594][ T8476] dump_stack_lvl+0x189/0x250 [ 426.790621][ T8476] ? __virt_addr_valid+0x1c8/0x5c0 [ 426.790645][ T8476] ? rcu_is_watching+0x15/0xb0 [ 426.790666][ T8476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 426.790686][ T8476] ? rcu_is_watching+0x15/0xb0 [ 426.790704][ T8476] ? lock_release+0x4b/0x3e0 [ 426.790730][ T8476] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 426.790752][ T8476] ? __virt_addr_valid+0x1c8/0x5c0 [ 426.790775][ T8476] ? __virt_addr_valid+0x4a5/0x5c0 [ 426.790798][ T8476] print_report+0xca/0x230 [ 426.790815][ T8476] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 426.790834][ T8476] kasan_report+0x118/0x150 [ 426.790859][ T8476] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 426.790884][ T8476] tcp_prune_ofo_queue+0x37e/0x6e0 [ 426.790911][ T8476] tcp_try_rmem_schedule+0xb6b/0x1830 [ 426.790937][ T8476] tcp_data_queue+0x2223/0x6380 [ 426.790967][ T8476] ? __pfx_tcp_data_queue+0x10/0x10 [ 426.790984][ T8476] ? __pfx_tcp_urg+0x10/0x10 [ 426.791002][ T8476] ? read_tsc+0x9/0x20 [ 426.791031][ T8476] tcp_rcv_established+0xf9e/0x1eb0 [ 426.791053][ T8476] ? rt_is_expired+0x1c/0x2d0 [ 426.791083][ T8476] ? __pfx_tcp_rcv_established+0x10/0x10 [ 426.791101][ T8476] ? rt_is_expired+0x1c/0x2d0 [ 426.791124][ T8476] ? rt_is_expired+0x1c/0x2d0 [ 426.791148][ T8476] ? rt_is_expired+0x250/0x2d0 [ 426.791171][ T8476] ? __pfx_ipv4_dst_check+0x10/0x10 [ 426.791197][ T8476] ? __pfx_ipv4_dst_check+0x10/0x10 [ 426.791223][ T8476] tcp_v4_do_rcv+0xa23/0xce0 [ 426.791250][ T8476] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 426.791270][ T8476] __release_sock+0x21c/0x350 [ 426.791292][ T8476] release_sock+0x5f/0x1f0 [ 426.791314][ T8476] tcp_sendmsg+0x39/0x50 [ 426.791333][ T8476] __sock_sendmsg+0x19c/0x270 [ 426.791354][ T8476] __sys_sendto+0x3bd/0x520 [ 426.791381][ T8476] ? __pfx___sys_sendto+0x10/0x10 [ 426.791403][ T8476] ? do_futex+0x333/0x420 [ 426.791439][ T8476] ? rcu_is_watching+0x15/0xb0 [ 426.791460][ T8476] __x64_sys_sendto+0xde/0x100 [ 426.791487][ T8476] do_syscall_64+0xfa/0x3b0 [ 426.791511][ T8476] ? lockdep_hardirqs_on+0x9c/0x150 [ 426.791533][ T8476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.791550][ T8476] ? clear_bhb_loop+0x60/0xb0 [ 426.791570][ T8476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.791598][ T8476] RIP: 0033:0x7ff40ad8e929 [ 426.791616][ T8476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.791632][ T8476] RSP: 002b:00007ff40bbdd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 426.791654][ T8476] RAX: ffffffffffffffda RBX: 00007ff40afb5fa0 RCX: 00007ff40ad8e929 [ 426.791668][ T8476] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003 [ 426.791680][ T8476] RBP: 00007ff40ae10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 426.791692][ T8476] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000 [ 426.791703][ T8476] R13: 0000000000000000 R14: 00007ff40afb5fa0 R15: 00007ffd44dea278 [ 426.791724][ T8476] [ 426.791731][ T8476] [ 427.110114][ T8476] Allocated by task 8476: [ 427.114455][ T8476] kasan_save_track+0x3e/0x80 [ 427.119224][ T8476] __kasan_slab_alloc+0x6c/0x80 [ 427.124079][ T8476] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 427.129973][ T8476] __alloc_skb+0x112/0x2d0 [ 427.134390][ T8476] tcp_stream_alloc_skb+0x3d/0x340 [ 427.139588][ T8476] tcp_write_xmit+0xeec/0x67f0 [ 427.144368][ T8476] __tcp_push_pending_frames+0x97/0x360 [ 427.149921][ T8476] tcp_sendmsg_locked+0x483c/0x56d0 [ 427.155115][ T8476] tcp_sendmsg+0x2f/0x50 [ 427.159370][ T8476] __sock_sendmsg+0x19c/0x270 [ 427.164081][ T8476] __sys_sendto+0x3bd/0x520 [ 427.168598][ T8476] __x64_sys_sendto+0xde/0x100 [ 427.173380][ T8476] do_syscall_64+0xfa/0x3b0 [ 427.177890][ T8476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.183778][ T8476] [ 427.186110][ T8476] Freed by task 8476: [ 427.190089][ T8476] kasan_save_track+0x3e/0x80 [ 427.194795][ T8476] kasan_save_free_info+0x46/0x50 [ 427.199910][ T8476] __kasan_slab_free+0x62/0x70 [ 427.204760][ T8476] kmem_cache_free+0x18f/0x400 [ 427.209528][ T8476] tcp_prune_ofo_queue+0x198/0x6e0 [ 427.214654][ T8476] tcp_try_rmem_schedule+0xb6b/0x1830 [ 427.220036][ T8476] tcp_data_queue+0x2223/0x6380 [ 427.224983][ T8476] tcp_rcv_established+0xf9e/0x1eb0 [ 427.230265][ T8476] tcp_v4_do_rcv+0xa23/0xce0 [ 427.234860][ T8476] __release_sock+0x21c/0x350 [ 427.239532][ T8476] release_sock+0x5f/0x1f0 [ 427.243946][ T8476] tcp_sendmsg+0x39/0x50 [ 427.248183][ T8476] __sock_sendmsg+0x19c/0x270 [ 427.252862][ T8476] __sys_sendto+0x3bd/0x520 [ 427.257361][ T8476] __x64_sys_sendto+0xde/0x100 [ 427.262124][ T8476] do_syscall_64+0xfa/0x3b0 [ 427.266639][ T8476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.272537][ T8476] [ 427.274878][ T8476] The buggy address belongs to the object at ffff888055746a00 [ 427.274878][ T8476] which belongs to the cache skbuff_fclone_cache of size 488 [ 427.289800][ T8476] The buggy address is located 464 bytes inside of [ 427.289800][ T8476] freed 488-byte region [ffff888055746a00, ffff888055746be8) [ 427.303602][ T8476] [ 427.305957][ T8476] The buggy address belongs to the physical page: [ 427.312370][ T8476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55746 [ 427.321135][ T8476] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 427.329726][ T8476] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 427.337356][ T8476] page_type: f5(slab) [ 427.341340][ T8476] raw: 00fff00000000040 ffff88801e2f9140 ffffea0000a22d80 0000000000000002 [ 427.349976][ T8476] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 427.358563][ T8476] head: 00fff00000000040 ffff88801e2f9140 ffffea0000a22d80 0000000000000002 [ 427.367231][ T8476] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 427.375906][ T8476] head: 00fff00000000001 ffffea000155d181 00000000ffffffff 00000000ffffffff [ 427.384576][ T8476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 427.393315][ T8476] page dumped because: kasan: bad access detected [ 427.399724][ T8476] page_owner tracks the page as allocated [ 427.405440][ T8476] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5833, tgid 5833 (syz-executor), ts 385947883131, free_ts 385934797981 [ 427.424977][ T8476] post_alloc_hook+0x240/0x2a0 [ 427.429839][ T8476] get_page_from_freelist+0x21e4/0x22c0 [ 427.435402][ T8476] __alloc_frozen_pages_noprof+0x181/0x370 [ 427.441212][ T8476] alloc_pages_mpol+0x232/0x4a0 [ 427.446063][ T8476] allocate_slab+0x8a/0x370 [ 427.450575][ T8476] ___slab_alloc+0xbeb/0x1410 [ 427.455253][ T8476] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 427.461148][ T8476] __alloc_skb+0x112/0x2d0 [ 427.465600][ T8476] tcp_stream_alloc_skb+0x3d/0x340 [ 427.470717][ T8476] tcp_write_xmit+0xeec/0x67f0 [ 427.475753][ T8476] __tcp_push_pending_frames+0x97/0x360 [ 427.481316][ T8476] tcp_rcv_established+0xf12/0x1eb0 [ 427.486604][ T8476] tcp_v4_do_rcv+0xa23/0xce0 [ 427.491200][ T8476] tcp_v4_rcv+0x2676/0x2f00 [ 427.495794][ T8476] ip_protocol_deliver_rcu+0x221/0x440 [ 427.501349][ T8476] ip_local_deliver_finish+0x3bb/0x6f0 [ 427.506900][ T8476] page last free pid 8185 tgid 8184 stack trace: [ 427.513318][ T8476] __free_frozen_pages+0xbc4/0xd30 [ 427.518439][ T8476] pagetable_dtor_free+0x2d2/0x3b0 [ 427.523826][ T8476] __mmdrop+0xb5/0x460 [ 427.527986][ T8476] exit_mm+0x1da/0x2c0 [ 427.532055][ T8476] do_exit+0x648/0x2300 [ 427.536396][ T8476] do_group_exit+0x21c/0x2d0 [ 427.541078][ T8476] get_signal+0x1286/0x1340 [ 427.545585][ T8476] arch_do_signal_or_restart+0x9a/0x750 [ 427.551221][ T8476] exit_to_user_mode_loop+0x75/0x110 [ 427.556509][ T8476] do_syscall_64+0x2bd/0x3b0 [ 427.561104][ T8476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.567518][ T8476] [ 427.569847][ T8476] Memory state around the buggy address: [ 427.575482][ T8476] ffff888055746a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 427.583719][ T8476] ffff888055746b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 427.591779][ T8476] >ffff888055746b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 427.600012][ T8476] ^ [ 427.606699][ T8476] ffff888055746c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 427.614779][ T8476] ffff888055746c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 427.622866][ T8476] ================================================================== [ 427.746712][ T8476] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 427.753976][ T8476] CPU: 1 UID: 0 PID: 8476 Comm: syz.3.685 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 427.765552][ T8476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 427.775643][ T8476] Call Trace: [ 427.778953][ T8476] [ 427.781918][ T8476] dump_stack_lvl+0x99/0x250 [ 427.786559][ T8476] ? __asan_memcpy+0x40/0x70 [ 427.791181][ T8476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 427.796412][ T8476] ? __pfx__printk+0x10/0x10 [ 427.801050][ T8476] vpanic+0x281/0x750 [ 427.805058][ T8476] ? preempt_schedule+0xae/0xc0 [ 427.809938][ T8476] ? __pfx_vpanic+0x10/0x10 [ 427.814462][ T8476] ? preempt_schedule_common+0x83/0xd0 [ 427.819958][ T8476] ? preempt_schedule+0xae/0xc0 [ 427.824839][ T8476] ? __pfx_preempt_schedule+0x10/0x10 [ 427.830323][ T8476] panic+0xb9/0xc0 [ 427.834089][ T8476] ? __pfx_panic+0x10/0x10 [ 427.838723][ T8476] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 427.844655][ T8476] ? is_module_address+0x17/0xf0 [ 427.849741][ T8476] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 427.855160][ T8476] check_panic_on_warn+0x89/0xb0 [ 427.860146][ T8476] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 427.865475][ T8476] end_report+0x78/0x160 [ 427.869771][ T8476] kasan_report+0x129/0x150 [ 427.874325][ T8476] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 427.879660][ T8476] tcp_prune_ofo_queue+0x37e/0x6e0 [ 427.884993][ T8476] tcp_try_rmem_schedule+0xb6b/0x1830 [ 427.890414][ T8476] tcp_data_queue+0x2223/0x6380 [ 427.895396][ T8476] ? __pfx_tcp_data_queue+0x10/0x10 [ 427.900630][ T8476] ? __pfx_tcp_urg+0x10/0x10 [ 427.905254][ T8476] ? read_tsc+0x9/0x20 [ 427.909879][ T8476] tcp_rcv_established+0xf9e/0x1eb0 [ 427.915112][ T8476] ? rt_is_expired+0x1c/0x2d0 [ 427.919812][ T8476] ? __pfx_tcp_rcv_established+0x10/0x10 [ 427.925453][ T8476] ? rt_is_expired+0x1c/0x2d0 [ 427.930132][ T8476] ? rt_is_expired+0x1c/0x2d0 [ 427.935053][ T8476] ? rt_is_expired+0x250/0x2d0 [ 427.939927][ T8476] ? __pfx_ipv4_dst_check+0x10/0x10 [ 427.945163][ T8476] ? __pfx_ipv4_dst_check+0x10/0x10 [ 427.950369][ T8476] tcp_v4_do_rcv+0xa23/0xce0 [ 427.955187][ T8476] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 427.960328][ T8476] __release_sock+0x21c/0x350 [ 427.965036][ T8476] release_sock+0x5f/0x1f0 [ 427.969462][ T8476] tcp_sendmsg+0x39/0x50 [ 427.973706][ T8476] __sock_sendmsg+0x19c/0x270 [ 427.978382][ T8476] __sys_sendto+0x3bd/0x520 [ 427.983007][ T8476] ? __pfx___sys_sendto+0x10/0x10 [ 427.988049][ T8476] ? do_futex+0x333/0x420 [ 427.992392][ T8476] ? rcu_is_watching+0x15/0xb0 [ 427.997271][ T8476] __x64_sys_sendto+0xde/0x100 [ 428.002060][ T8476] do_syscall_64+0xfa/0x3b0 [ 428.006569][ T8476] ? lockdep_hardirqs_on+0x9c/0x150 [ 428.011769][ T8476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.018104][ T8476] ? clear_bhb_loop+0x60/0xb0 [ 428.022798][ T8476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.028693][ T8476] RIP: 0033:0x7ff40ad8e929 [ 428.033191][ T8476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.052792][ T8476] RSP: 002b:00007ff40bbdd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 428.061213][ T8476] RAX: ffffffffffffffda RBX: 00007ff40afb5fa0 RCX: 00007ff40ad8e929 [ 428.069360][ T8476] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003 [ 428.077345][ T8476] RBP: 00007ff40ae10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 428.085317][ T8476] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000 [ 428.093398][ T8476] R13: 0000000000000000 R14: 00007ff40afb5fa0 R15: 00007ffd44dea278 [ 428.101549][ T8476] [ 428.104961][ T8476] Kernel Offset: disabled [ 428.109381][ T8476] Rebooting in 86400 seconds..