last executing test programs: 1.686393608s ago: executing program 0 (id=481): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x2c, r1, 0x101, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @NL80211_ATTR_KEYS={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044014}, 0x48000) 1.635519146s ago: executing program 0 (id=483): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x3a}, {}, {0x0, 0xfffffffffffffffc, 0x0, 0x400}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x0, 0x6c}, 0x2, @in6=@remote, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 858.893204ms ago: executing program 4 (id=531): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 767.775389ms ago: executing program 0 (id=534): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x380000, @rand_addr=' \x01\x00'}, 0x1c) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r2, 0x29, 0xb, 0x0, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(&(0x7f0000000540), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000740)={0x0, 0xc40, "693219c9ce2d58cf7d4972ee681893ac1d1db99601e1b24391ccb162a0858d58548b9401c3257b8c84c603cef6978bf8ba9c475ea51d564a45e88d607782ffd0574073183b638eb55a6198edf12319dcbcf9856741ee13469584bfd5ba7f57b1e63f46e62db5ef2ddb9434052b4a4984d7193fe6eecf97539d2fdb2f1ca982100b9993d0420fe81bcfaedd7cf2c7b9bafea2cad8cc2788cda202675cc5235105aed165bdb3888452c23ff635221df3fee5debca923843ff6a5c354d388baf74cac1945be087999064d1ab6a77d56e96af66ecc6478b6d00290bb6f21e0b4db7d5b88b1eb9c7f144f1638ac9ea4e7bbf271b00ed8ebd54055eac9ab97342410bda34157dd1ad69911d6a3e461ba61763896614eec306f47e1b0dcf8d494e6b73d99a4ad852385151c0441d5dabab11740cda28c0e5c0e340dc42a669d255adce344bc502cba67898e050700db1639e0511aca2e09088faf4420bdf487fc43c0ff0c3aaaa3cf9d93818fe8a93faf652bca986674424f038e1972df01811a16ea81e81752960fdac57a97ac464ebc1fc03a79650addd8381c8de9e4bbd6f8de780fa824ac1a9ebe44bba3226dfba3c4f041b1339cc6d73de15228892a00a651a3732da6adaae1a1ac74c4432c6f7b9ee8abf785b6e6292ec7b8095a0038c8108c02cbfd5f583497b76df50a586d5d8da9f56299dfc4f260e457a76e121677fab17154a0251fbf9ff8240d164ec6dc9a24d43b1f87e32e0b43113cc625df2abe803ff870c29b625e2a8ce344c143b5efefa84ae18e0dfc80fd7b604f2e018e0d5eb71b54b32d96137bdf27cda36d9dee6400f980819ea957085090e74e8be64a1549833493fd36605e2d8e93ab5ca08fefdd1cc5d1ab8581e0244d414b4ac43cbe7f552c673868cb9012e075adf819a60fa41e3076f7b465250a62250dbed0bcf0187aec7e454067ee77ee81d1acfa12ba34082d8cee08b205d93f62f8277afa76d780f719c97cc76bbce75d8e554bf0d57b8c6d8c9b7a79f54aa39f734918feaef4458b56f8f611499766e6d7f3ff81ca8ba595d52c80bc65596f5d671d91af9357c6c757924c77b2a7969da335336bf89750104a48a4fe969de762ead681d4e6d0ed80dd905cc712902cf26ea336142976adc5d43a523360bb485266a1f7916c4b30fbcc2a8d10d014b40cedd3e949ffd067292c9f02d66866a9d365d891aeab0741505d9c754369def3744809ec5c82ababd120c36d7d420e0a8667404257cd8982ca4bf4309b9de565231c06fcdc7d8b22e13bc3479cd8543d4713d252f68a53616e5c305f3df32a12630123f8b10d0be3a9f586d4f0ab0e34e208cef0ba11c76fb2d05b8b9b3394c2e9a1a88da6c40f3ef53a69cd0ae0de9ce8dea96c3572bd93df049c763ff48df7eaed2f68d938275a4f682f31129e327b22bdd0d1779172b051b074eac477087bdc590ae282f0448a638e2fcf2ec9db30c19e4986d7df263dfdba2bea51725ae114d165756a80dd56a46706be24801beb2c2a36b3c316f4730d1d09d209a056c6a0c0c32ea086cfe40fbfbf8a72677782c62365cd9bbb53708c49eb3efafb757cf79a4172b583e626c8348ca7b854a5a4195472c86c9c7b1c6d6d8322980a2552cbca1d2f3200176b10d847752e16fe359424aa135b9398e0d60fd2d6c37b0022e1b4b1c1b6f683d4e30d0688678e841260eee76d0dfa913f76a72ce7321d39a2e03fa95ee0972e8c405e56dd6cc081d60d3365e44b261a3ba52da2345e1dc1544ae1f8507bda90ed09d6b8019c4a57b204a8beec59f2b314d895a8961f8a8db44dceb7e28cac9a9f3c3fb826ef9eb76a7404d4055859703ba42d0af63beab038bf16e93a5c526b94ca9935a4df9c15f9545de963235ec568ac9d5d1808bbe701c21f2ab87e4ebc8a493a9dc538630fb42dbd5173c1f84d963ca20c363c19fe1425fc57d1c6320c63bbd5eee9d598e3d766ce1b165885706604589153ba49809712bd8a86f1e24a40f0a8bfb683535277b86cc1ae9c7d3013373a65584542cb0a22670ef4132bfbc20c7511a93f2924d387b945606cbe37d4317f8249f14582f95a6ada43f0b9a5625f3a14a9294127c0092082002b6919f8d8358ef17a5226a4f214304262d749fc7769753e0db25a08671c33efdacf3bff4a3a35f6f5c75cbab327a06ffa64d55c0a5f6998422ebf70bc1bbf72f3531c4d7098cb54598460a10c1c917ac9679766750dfb15d71987991768831fac1ae64b98660f75986c9300e784c6c29c4bb915d1dcce70b63a3609bf93f1a14af0fe0e3abd24623d40deec0e38a0d3630583b0256b723a00184abfb36f832eb0ec700a1ee6bf3f5c2f79f7a9cc43869636db15ce0a17b5d4d534adc249704e9de656575df97ac856da19f2387c9a62346b6240d3f7c4d7bfbcc4912e8835a9af669c880bf8b40ca4b5a51c6ec92bfae352e40008be273a9e97ea9b4dcd3246df6bd513cfe35cacb44e93f38a2750b40042d429d020abbd087987bac99d278bd5fab71f0b4a4038b90dd53bbc19dde9e55ea31e0c51c29d8479d9bda89a95ae6a8ba34b0336469cb67bd09faf65799f0922e05cabc6753814db5a6ed57201dda1e3a33d9418425933986dd17a0fb8fff93d08ef215168abbfef1e97a8a6701fb44f6091aa7972edfb44ef84d876757d4ee4903b4df3e31400f4ab53f0e23df82dd44128de3062ad25b15009d69daadf811c813aa3548b9fdc7229ce55923067e55c9e88b22b221f71bbd7f7cdec01ef9c59709f92fbbfb22b668e46b089ef5c5b81029ee2df2e01f1bed1ea8e8559fbdbbcca575efae289a4888d0cea8ae0838054b9e8599912e1831f2efc59d85323292aacc6bb8f99dfff06c64c5f4bd5ed3131560c633678f0ffd384aa22d7913bb6d1bcc4941df37f61dee15df402794aa81d33d59d8e9bb3e20673332782de866710ee038518e070ddde3cdac03166a509231bb8923ab7f08a3a804d8205b463b5eae01ba709564f0c8ea0d5eeadff93cf343d522a57475e721ba9d2bf49166a8389ac6af11412b41bbab4ab9f97e969d06a3201d319483d986195b76f825d0760c53bb736d94639c7ac4a677259bc57f967671aa1b2c9240b6f7211521b55ccb29e727064819cd95aa8c5968abe8e4cdf9b68ab5cb65dfdf30a539d7f505d5362de32270a54192e193b7d855a11b30ae84cc6e93e1d393eb91e8036d92e1076ba5c6987f3704fe6b6b8cdf146ca27f1097f8109c03658f0ba19f9fec8faae0a5994722903280e37adc464b232578140a1525ac8bc4929983407fb4f2620fd5d9c8c1e3b94c5c9394acca2c10159c9bef23d23bee6e2c494be71d1c60111e567e7dd4decd83df8bf6911f54aeaaa908a5d6d09eb66e741105ce1ca5defcc97e4f2735349a4ecf4ccd84cd9526d55f880f527d5b0a137b1c830ec5a63111937f28bb1c7ddc849515c18f3cf6a2a7060feeb0403cfcf783379d1357dc5772b59b6940157896b0a5e88142a071bb8c33b0a1c122f1de9d66e971d492c9d0dff3cdd3070d6b69f3fca5ef19f5d437fbc498b28a30711586c023edf6a44532204f035276986693dc9bc16b0e3ecd5c90995f5d359e41cb3168fc0a18eaf9bdd48b9c34b7a1e130580e983574860aa88b857098c5c335508312afff57faff3378c535cfc6caab8c29ed3ce20c213e5d906a47db1567577d5a6a64d5979c9fb99547df3e89e04df4d80c1c49b85bd3112d7ff17993eeab122512ef792edbb18227be6475b1a319e085967a2ef3e3ebf5f691640022548f1d83fa0d7d24b8000d54bdc6091e42b5ac881a78fa66cc61a9478be4016a6695a188039db9799415270ded315e8cb20aad826c73f08720a6c7376be28ebd25481e0b368d1a4befdc765ce2dbf94c87d2031fc8b8a51d1f5cb35f6690d476272aacfe77d63bf8757cdc6dcc4aa51635b3deb9ea6c9eb2ad2b6addf5bea9c8e84281c07edc88522f53ff11fd6479345c9489d4fefe9686725395a6c94995fb3257aca637ddd8eaae5dffbe60cb9e8bf843daa2260433a73050904eb963ba8c356e8d5fcdd8ceca0f8ec13ea7d5ed91bdd69e7248c5d05276b10c5c04687726aa8c416a5717cde9483862cc0e259ab0c67eed93089dcbcf7a0ee70a3bc8799b6e3eee732f19ca9ea8e65df5dc6b3cc2061ddb6a179eba4740c815a9f0ace9db5a2113c8d1666007833c82c79e0a61e639242971040a3ed8de32bfd00683182f2b6869219362421d2d0fa380b5bb19b3e1bf86ed57f401d7d106a1c5d4f23e669791e58e3c4bb76ab3407e46ce9f4be0f403af4214495578ff2813d27dbafaf55322bb51e1778fe69f04ae20795f0ebf418ef327b8f01f28d3ead022c29f25ac362b21f0be70c33940433399649c40a3669c5ba95c16e7cecee659c4472355defd1"}, &(0x7f0000000040)=0xc48) bpf$BPF_PROG_ATTACH(0x9, 0x0, 0x11) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000440)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0xb, 0x3, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @multicast2}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0xb00, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}}, 0x24}}, 0x0) 767.072266ms ago: executing program 3 (id=537): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x201, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x10) 766.911098ms ago: executing program 1 (id=538): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000480)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="000101000040000000", 0x9}], 0x1}, 0x48005) readv(r1, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/20, 0x14}], 0x1) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r0, 0x0) 656.766089ms ago: executing program 3 (id=540): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x3, 0x3}}}}}}, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x4, 0x0, 0xa5, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "2e9ac3141e3119dbaa0da1c0de650d2c58c7fb784fa78778424d9787ec3247f9", "e2578872b3526d4763206d7b175ceefb3bcb8b8ae05bfc5c29f7037d6f4f2157b86bc12365c9863b1c8df27c8be7d029", "eeebec25f3cac2dc00211d7beb8b9ebb46f04ba506f3f359e2d2584e", {"da68c3436d070f636a930a7e6a8a3670", "5e92cc95040e8b2e6cd241bf274cd0b6"}}}}}}}, 0x0) 602.59025ms ago: executing program 4 (id=541): socketpair(0x26, 0x800, 0x9, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, 0x0, 0x1c0) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000c00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x200080c0}, 0x40) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8c0}, 0x4040) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000e80)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002f40), r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f00000034c0)={0x0, 0x0, &(0x7f0000003480)={&(0x7f0000003140)={0x38, r3, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x200}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x38}, 0x1, 0x0, 0x0, 0x54}, 0x10) 602.431284ms ago: executing program 3 (id=542): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {}, 0xff}, 0x18) 602.123816ms ago: executing program 1 (id=543): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x8002, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x3}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80002, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0x2, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7f, 0x0, 0x5, 0x1, 0x9}, 0xb, 0x1, 0x80008, 0x5, 0x8, 0x2, 0x9, 0x1f, 0x9, 0x1, {0xffff1c72, 0x3, 0x1000, 0x102, 0x2, 0x5}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c060}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 586.158268ms ago: executing program 3 (id=544): socket$isdn(0x22, 0x3, 0x11) close(0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @local, {[], @echo_request={0x2}}}}}}, 0x0) 579.517851ms ago: executing program 4 (id=545): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="110a27bd7000fddbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0c00238005000f00b0"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0xc8) 522.031098ms ago: executing program 4 (id=546): sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000811) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b00)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xfff4, 0xfff3}}}, 0x24}}, 0x40000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=@newtfilter={0x4c, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x0, 0xf}, {}, {0xfff2, 0xfff2}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x5c3}, @TCA_FW_INDEV={0x14, 0x3, 'dvmrp1\x00'}]}}]}, 0x4c}}, 0x4008041) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 521.596117ms ago: executing program 3 (id=547): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'veth0_to_team\x00', 0x400}) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0x3) 486.795019ms ago: executing program 4 (id=550): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010006000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0xc4) 484.980491ms ago: executing program 2 (id=552): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x49920d862a921d1b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) 428.631549ms ago: executing program 0 (id=553): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$unix(0x1, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="b4000000", @ANYRES16=r1, @ANYBLOB="05043fbd7000fddbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="9800028040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000e00040062726f616463617374"], 0xb4}, 0x1, 0x0, 0x0, 0x20000401}, 0x44084) 428.13022ms ago: executing program 1 (id=554): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000200)=ANY=[@ANYRES32=r0]) 427.909967ms ago: executing program 3 (id=555): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in=@empty, 0x4e21, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {}, {0x0, 0x9}}, {{@in=@broadcast, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) 427.596987ms ago: executing program 2 (id=556): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000540), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01400000000200000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff07000700263a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) 427.33254ms ago: executing program 0 (id=557): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket$netlink(0x10, 0x3, 0xb) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x38, 0x0, 0x800, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffffffc, 0x16}}}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "7ebbd42c12015269c4650bcc33"}]}, 0x38}, 0x1, 0x0, 0x0, 0x14}, 0x40000) 170.97748ms ago: executing program 1 (id=558): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f0000000140)='\x00\x003', 0x3}], 0x2}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 170.807116ms ago: executing program 2 (id=559): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)={0x38, r1, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x1c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x9416}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5}, @NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x7d6}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4080}, 0x0) 170.533201ms ago: executing program 1 (id=560): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 170.182957ms ago: executing program 2 (id=561): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}}], {0x14}}, 0x68}}, 0x0) 170.03854ms ago: executing program 2 (id=562): getsockname$netlink(0xffffffffffffffff, 0x0, &(0x7f0000000040)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) shutdown(r0, 0x1) 134.603954ms ago: executing program 1 (id=563): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'netdevsim0\x00', 0x0}) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r0, r2, 0x25, 0x4}, 0x14) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r3, 0xffffffffffffffff, 0x4, r0}, 0x10) 681.788µs ago: executing program 0 (id=564): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x38, r2, 0x5, 0x4000, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @crypto_settings=[@NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x1}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0xc, 0x49, [0xfac0d, 0xfac01]}]]}, 0x38}}, 0x0) 310.658µs ago: executing program 2 (id=565): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xffe0}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x12000000}]}}]}, 0x3c}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 4 (id=566): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804) kernel console output (not intermixed with test programs): ): going read-write [ 35.886032][ T6729] bcachefs (loop0): marking superblocks [ 35.887734][ T6553] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 35.892193][ T6729] bcachefs (loop0): initializing freespace [ 35.894761][ T6738] loop1: detected capacity change from 0 to 32768 [ 35.897535][ T6738] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.17 (6738) [ 35.898338][ T6729] bcachefs (loop0): done initializing freespace [ 35.915041][ T6729] bcachefs (loop0): reading snapshots table [ 35.916225][ T6729] bcachefs (loop0): reading snapshots done [ 35.934253][ T6126] Bluetooth: hci2: command tx timeout [ 35.936458][ T6738] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 35.936528][ T6738] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 35.936569][ T6738] BTRFS info (device loop1): using free-space-tree [ 35.957317][ T6729] bcachefs (loop0): done starting filesystem [ 36.014842][ T6557] Bluetooth: hci1: command tx timeout [ 36.014898][ T6557] Bluetooth: hci3: command tx timeout [ 36.365631][ T6786] loop2: detected capacity change from 0 to 2048 [ 36.390699][ T6786] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=4096, location=4096 [ 36.390745][ T6786] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 36.395689][ T6786] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 36.395718][ T6786] UDF-fs: Scanning with blocksize 512 failed [ 36.408211][ T6784] nbd0: detected capacity change from 0 to 127 [ 36.414185][ T6786] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 36.414218][ T6786] UDF-fs: Scanning with blocksize 1024 failed [ 36.439390][ T6786] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 36.439425][ T6786] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 36.439451][ T6786] UDF-fs: Scanning with blocksize 2048 failed [ 36.440271][ T6786] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 36.453827][ T6786] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 36.453846][ T6786] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 36.453863][ T6786] UDF-fs: Scanning with blocksize 4096 failed [ 36.453874][ T6786] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1) [ 36.968712][ T6563] Bluetooth: hci0: command tx timeout [ 36.968794][ T6557] Bluetooth: hci4: command tx timeout [ 37.026517][ T6797] loop4: detected capacity change from 0 to 32768 [ 37.247693][ T6786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19'. [ 37.248267][ T6557] Bluetooth: hci4: unexpected cc 0x0c5b length: 5 > 1 [ 37.261457][ T6549] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 37.327188][ T6797] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io [ 37.327213][ T6797] allowing incompatible features above 0.0: (unknown version) [ 37.327228][ T6797] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 37.327241][ T6797] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 37.327289][ T6797] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 37.327352][ T6797] bcachefs (loop4): Version upgrade required: [ 37.327352][ T6797] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 37.327352][ T6797] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 37.327352][ T6797] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 37.349383][ T6797] bcachefs (loop4): dropping and reconstructing all alloc info [ 37.356152][ T6551] bcachefs (loop0): shutting down [ 37.357141][ T6551] bcachefs (loop0): going read-only [ 37.358264][ T6551] bcachefs (loop0): finished waiting for writes to stop [ 37.359837][ T6797] bcachefs (loop4): accounting_read... [ 37.360501][ T6126] block nbd0: Receive control failed (result -104) [ 37.379810][ T6797] done [ 37.379852][ T6797] bcachefs (loop4): alloc_read... done [ 37.381772][ T6797] bcachefs (loop4): snapshots_read... [ 37.383574][ T6551] bcachefs (loop0): flushing journal and stopping allocators, journal seq 10 [ 37.383643][ T6797] done [ 37.383675][ T6797] bcachefs (loop4): check_allocations... done [ 37.398020][ T6797] bcachefs (loop4): going read-write [ 37.409100][ T6797] bcachefs (loop4): done starting filesystem [ 37.411042][ T6551] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12 [ 37.415592][ T6551] bcachefs (loop0): clean shutdown complete, journal seq 13 [ 37.419267][ T6551] bcachefs (loop0): marking filesystem clean [ 37.535289][ T6796] loop3: detected capacity change from 0 to 32768 [ 37.596858][ T6816] loop2: detected capacity change from 0 to 32768 [ 37.598357][ T6816] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.24 (6816) [ 37.605379][ T6816] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 37.607510][ T6816] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 37.609396][ T6816] BTRFS info (device loop2): disk space caching is enabled [ 37.610905][ T6816] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 37.635138][ T6551] bcachefs (loop0): shutdown complete [ 37.638407][ T6796] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,background_target=invalid device 79,nojournal_transaction_names [ 37.638448][ T6796] allowing incompatible features above 0.0: (unknown version) [ 37.638454][ T6796] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 37.638464][ T6796] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 37.638486][ T6796] bcachefs (loop3): initializing new filesystem [ 37.639975][ T6796] bcachefs (loop3): going read-write [ 37.651355][ T6816] BTRFS info (device loop2): rebuilding free space tree [ 37.671793][ T6796] bcachefs (loop3): marking superblocks [ 37.673307][ T6796] bcachefs (loop3): initializing freespace [ 37.681168][ T6816] BTRFS info (device loop2): disabling free space tree [ 37.681197][ T6816] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 37.681206][ T6816] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 37.684803][ T6796] bcachefs (loop3): done initializing freespace [ 37.685696][ T6796] bcachefs (loop3): reading snapshots table [ 37.685715][ T6796] bcachefs (loop3): reading snapshots done [ 37.710089][ T6796] bcachefs (loop3): done starting filesystem [ 37.759319][ T6550] bcachefs (loop4): shutting down [ 37.759347][ T6550] bcachefs (loop4): going read-only [ 37.759375][ T6550] bcachefs (loop4): finished waiting for writes to stop [ 37.908318][ T6550] bcachefs (loop4): flushing journal and stopping allocators, journal seq 10 [ 37.924131][ T6550] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 10 [ 38.001331][ T6550] bcachefs (loop4): unclean shutdown complete, journal seq 11 [ 38.005982][ T6550] bcachefs (loop4): done going read-only, filesystem not clean [ 38.010239][ T6849] BTRFS info (device loop2): balance: start -f -sprofiles=data|system|metadata|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0x200000000000000,usage=72057594037927940,usage=4..16777216,devid=0 [ 38.010364][ T6849] BTRFS info (device loop2): balance: ended with status: 0 [ 38.024318][ T6557] Bluetooth: hci2: command tx timeout [ 38.029643][ T6851] bcachefs (loop3): requested incompat feature 1.16: reflink_p_may_update_opts currently not enabled, allowed up to 1.16: reflink_p_may_update_opts [ 38.029643][ T6851] set version_upgrade=incompat to enable [ 38.043185][ T6550] bcachefs (loop4): shutdown complete [ 38.078771][ T6849] Zero length message leads to an empty skb [ 38.094493][ T6126] Bluetooth: hci3: command tx timeout [ 38.094688][ T6126] Bluetooth: hci1: command tx timeout [ 38.129389][ T6553] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 38.283070][ T6873] loop0: detected capacity change from 0 to 128 [ 38.340670][ T6552] bcachefs (loop3): shutting down [ 38.340695][ T6552] bcachefs (loop3): going read-only [ 38.340925][ T6552] bcachefs (loop3): finished waiting for writes to stop [ 38.374776][ T6552] bcachefs (loop3): flushing journal and stopping allocators, journal seq 7 [ 38.388112][ T6874] syz.0.28 uses obsolete (PF_INET,SOCK_PACKET) [ 38.389045][ T6874] loop0: detected capacity change from 0 to 64 [ 38.392724][ T6874] bfs: Unknown parameter '' [ 38.400542][ T6552] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 8 [ 38.402652][ T6552] bcachefs (loop3): clean shutdown complete, journal seq 9 [ 38.403094][ T6552] bcachefs (loop3): marking filesystem clean [ 38.456188][ T6872] loop4: detected capacity change from 0 to 32768 [ 38.462477][ T6872] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.26 (6872) [ 38.471126][ T6552] bcachefs (loop3): shutdown complete [ 38.475828][ T6872] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 38.475913][ T6872] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 38.475942][ T6872] BTRFS info (device loop4): using free-space-tree [ 38.526005][ T6883] loop1: detected capacity change from 0 to 4096 [ 38.529836][ T6883] ntfs3: Unknown parameter 'able' [ 38.893891][ T6550] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 38.980467][ T6554] Bluetooth: hci0: command tx timeout [ 39.153553][ T6867] loop2: detected capacity change from 0 to 131072 [ 39.161628][ T6867] F2FS-fs (loop2): Test dummy encryption mode enabled [ 39.192979][ T6867] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 39.197259][ T6867] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 39.318659][ T6916] loop0: detected capacity change from 0 to 128 [ 39.320652][ T6916] hpfs: Unknown parameter 'FC HID v0.00 Device [syz1] on syz0 [ 43.861042][ T7096] loop0: detected capacity change from 0 to 32768 [ 43.861603][ T7096] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.60 (7096) [ 43.874530][ T7096] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 43.874583][ T7096] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 43.874601][ T7096] BTRFS info (device loop0): disk space caching is enabled [ 43.874608][ T7096] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 43.888035][ T7111] bpf setsockopt: ignoring program buffer with optlen=65458 (max_optlen=4096) [ 43.968778][ T7124] loop1: detected capacity change from 0 to 2048 [ 43.975922][ T7124] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 43.978387][ T7096] BTRFS info (device loop0): rebuilding free space tree [ 44.000482][ T7123] loop2: detected capacity change from 0 to 4096 [ 44.004981][ T7123] ntfs3: Unknown parameter 'able' [ 44.051707][ T7096] BTRFS info (device loop0): disabling free space tree [ 44.052056][ T7096] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 44.052084][ T7096] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 44.085796][ T1039] kworker/u8:6: attempt to access beyond end of device [ 44.085796][ T1039] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 44.086166][ T1039] CPU: 0 UID: 0 PID: 1039 Comm: kworker/u8:6 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 44.086176][ T1039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 44.086180][ T1039] Workqueue: writeback wb_workfn (flush-7:3) [ 44.086198][ T1039] Call trace: [ 44.086200][ T1039] show_stack+0x2c/0x3c (C) [ 44.086210][ T1039] __dump_stack+0x30/0x40 [ 44.086215][ T1039] dump_stack_lvl+0xd8/0x12c [ 44.086220][ T1039] dump_stack+0x1c/0x28 [ 44.086225][ T1039] f2fs_handle_critical_error+0x34c/0x4b8 [ 44.086232][ T1039] f2fs_stop_checkpoint+0x5c/0x70 [ 44.086240][ T1039] f2fs_write_end_io+0x768/0xa70 [ 44.086246][ T1039] bio_endio+0x804/0x840 [ 44.086252][ T1039] submit_bio_noacct+0x158/0x176c [ 44.086258][ T1039] submit_bio+0x3b4/0x550 [ 44.086262][ T1039] f2fs_submit_write_bio+0x13c/0x324 [ 44.086268][ T1039] __submit_merged_bio+0x254/0x704 [ 44.086273][ T1039] __submit_merged_write_cond+0x23c/0x4ac [ 44.086279][ T1039] f2fs_write_data_pages+0x1d28/0x2634 [ 44.086285][ T1039] do_writepages+0x270/0x468 [ 44.086293][ T1039] __writeback_single_inode+0x15c/0x13e8 [ 44.086299][ T1039] writeback_sb_inodes+0x55c/0xe40 [ 44.086306][ T1039] wb_writeback+0x3cc/0xd70 [ 44.086312][ T1039] wb_workfn+0x338/0xdc0 [ 44.086317][ T1039] process_one_work+0x7e8/0x155c [ 44.086323][ T1039] worker_thread+0x958/0xed8 [ 44.086328][ T1039] kthread+0x5fc/0x75c [ 44.086334][ T1039] ret_from_fork+0x10/0x20 [ 44.086341][ T1039] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 44.089020][ T7096] BTRFS info (device loop0): balance: start -d -m [ 44.333858][ T7127] loop2: detected capacity change from 0 to 256 [ 44.338866][ T7096] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 44.403298][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.403368][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.403411][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.403440][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.403468][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.403494][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.403520][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.403547][ T7130] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 44.407514][ T7127] FAT-fs (loop2): bogus sectors per cluster 0 [ 44.407546][ T7127] FAT-fs (loop2): Can't find a valid FAT filesystem [ 44.451877][ T7096] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 44.471512][ T7096] BTRFS info (device loop0): balance: canceled [ 44.789161][ T6551] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 44.982428][ T7143] loop1: detected capacity change from 0 to 4096 [ 45.013420][ T7143] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 45.025869][ T7143] ntfs3(loop1): Failed to load $Extend (-22). [ 45.025900][ T7143] ntfs3(loop1): Failed to initialize $Extend. [ 45.367065][ T7139] loop3: detected capacity change from 0 to 32768 [ 45.375817][ T7139] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.64 (7139) [ 45.378261][ T7147] loop2: detected capacity change from 0 to 32768 [ 45.384383][ T7147] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.69 (7147) [ 45.395647][ T7139] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 45.395721][ T7139] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 45.395770][ T7139] BTRFS info (device loop3): using free-space-tree [ 45.400830][ T7147] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 45.402834][ T7147] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 45.416049][ T7147] BTRFS info (device loop2): disk space caching is enabled [ 45.416100][ T7147] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 45.486295][ T7147] BTRFS info (device loop2): rebuilding free space tree [ 45.512561][ T7146] loop0: detected capacity change from 0 to 40427 [ 45.517226][ T7146] F2FS-fs (loop0): build fault injection rate: 771 [ 45.519338][ T7146] F2FS-fs (loop0): invalid crc value [ 45.548369][ T7147] BTRFS info (device loop2): disabling free space tree [ 45.551693][ T7147] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 45.556984][ T7147] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 45.572112][ T7146] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 45.580472][ T7146] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 45.620278][ T6553] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 45.632516][ T6552] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 45.771275][ T7196] netlink: 'syz.3.72': attribute type 1 has an invalid length. [ 45.835248][ T7197] netlink: 228 bytes leftover after parsing attributes in process `syz.4.73'. [ 46.080045][ T7197] loop4: detected capacity change from 0 to 32768 [ 46.086224][ T7197] (syz.4.73,7197,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options [ 46.090908][ T7197] (syz.4.73,7197,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 46.179364][ T7146] syz.0.66: attempt to access beyond end of device [ 46.179364][ T7146] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 46.230391][ T6551] syz-executor: attempt to access beyond end of device [ 46.230391][ T6551] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 46.233571][ T6551] CPU: 0 UID: 0 PID: 6551 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 46.233589][ T6551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 46.233595][ T6551] Call trace: [ 46.233599][ T6551] show_stack+0x2c/0x3c (C) [ 46.233616][ T6551] __dump_stack+0x30/0x40 [ 46.233627][ T6551] dump_stack_lvl+0xd8/0x12c [ 46.233634][ T6551] dump_stack+0x1c/0x28 [ 46.233640][ T6551] f2fs_handle_critical_error+0x34c/0x4b8 [ 46.233649][ T6551] f2fs_stop_checkpoint+0x5c/0x70 [ 46.233656][ T6551] f2fs_write_end_io+0x768/0xa70 [ 46.233663][ T6551] bio_endio+0x804/0x840 [ 46.233669][ T6551] submit_bio_noacct+0x158/0x176c [ 46.233675][ T6551] submit_bio+0x3b4/0x550 [ 46.233679][ T6551] f2fs_submit_write_bio+0x13c/0x324 [ 46.233685][ T6551] __submit_merged_bio+0x254/0x704 [ 46.233691][ T6551] __submit_merged_write_cond+0x23c/0x4ac [ 46.233697][ T6551] f2fs_write_data_pages+0x1d28/0x2634 [ 46.233703][ T6551] do_writepages+0x270/0x468 [ 46.233711][ T6551] filemap_fdatawrite+0x14c/0x1f4 [ 46.233718][ T6551] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 46.233723][ T6551] f2fs_write_checkpoint+0x690/0x16a0 [ 46.233728][ T6551] kill_f2fs_super+0x21c/0x584 [ 46.233734][ T6551] deactivate_locked_super+0xc4/0x12c [ 46.233742][ T6551] deactivate_super+0xe0/0x100 [ 46.233748][ T6551] cleanup_mnt+0x31c/0x3ac [ 46.233754][ T6551] __cleanup_mnt+0x20/0x30 [ 46.233758][ T6551] task_work_run+0x1dc/0x260 [ 46.233765][ T6551] get_signal+0x112c/0x12f8 [ 46.233772][ T6551] do_signal+0x274/0x4434 [ 46.233777][ T6551] do_notify_resume+0xb0/0x1f4 [ 46.233783][ T6551] el0_svc+0xb8/0x180 [ 46.233790][ T6551] el0t_64_sync_handler+0x84/0x12c [ 46.233796][ T6551] el0t_64_sync+0x198/0x19c [ 46.254315][ T6551] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 46.374516][ T7208] loop2: detected capacity change from 0 to 40427 [ 46.379132][ T7208] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 46.380585][ T7208] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 46.392951][ T7208] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 46.516726][ T7216] loop3: detected capacity change from 0 to 1764 [ 46.518534][ T7216] iso9660: Unknown parameter 'checicu' [ 46.699580][ T7216] loop3: detected capacity change from 0 to 512 [ 46.704565][ T7216] EXT4-fs: inline encryption not supported [ 46.704712][ T7216] EXT4-fs: Ignoring removed mblk_io_submit option [ 46.725384][ T7216] EXT4-fs (loop3): Test dummy encryption mode enabled [ 46.742968][ T7216] EXT4-fs (loop3): orphan cleanup on readonly fs [ 46.744971][ T7216] EXT4-fs error (device loop3): ext4_orphan_get:1392: comm syz.3.78: inode #13: comm syz.3.78: iget: illegal inode # [ 46.745442][ T7216] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.78: couldn't read orphan inode 13 (err -117) [ 46.746176][ T7216] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 46.752432][ T7211] EXT4-fs: inline encryption not supported [ 46.752444][ T7211] EXT4-fs: Ignoring removed mblk_io_submit option [ 46.765195][ T7208] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 46.765231][ T7208] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 46.779515][ T7220] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 46.779532][ T7220] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 46.779958][ T7220] vhci_hcd vhci_hcd.0: Device attached [ 46.784123][ T7221] usbip_core: unknown command [ 46.784138][ T7221] vhci_hcd: unknown pdu 234881024 [ 46.784150][ T7221] usbip_core: unknown command [ 46.791059][ T1039] vhci_hcd: stop threads [ 46.791428][ T1039] vhci_hcd: release socket [ 46.791508][ T1039] vhci_hcd: disconnect device [ 46.795846][ T7211] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 46.804845][ T7211] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.78: Abort forced by user [ 46.808755][ T7211] EXT4-fs (loop3): Remounting filesystem read-only [ 46.808795][ T7211] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 46.886792][ T7209] loop1: detected capacity change from 0 to 32768 [ 46.888419][ T7209] bcachefs: bch2_fs_parse_param() Error parsing option gc_reserve_bytes: option_value [ 46.917264][ T7226] loop0: detected capacity change from 0 to 4096 [ 46.922495][ T7226] ntfs3: Unknown parameter 'able' [ 46.999348][ T6552] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.130152][ T7233] loop0: detected capacity change from 0 to 256 [ 47.277937][ T7233] FAT-fs (loop0): bogus sectors per cluster 0 [ 47.277983][ T7233] FAT-fs (loop0): Can't find a valid FAT filesystem [ 47.409639][ T7234] IPv6: NLM_F_REPLACE set, but no existing node found! [ 47.412365][ T7236] loop2: detected capacity change from 0 to 32768 [ 47.455790][ T7236] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 47.461124][ T7229] loop1: detected capacity change from 0 to 32768 [ 47.465647][ T7229] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 47.492600][ T7229] XFS (loop1): Ending clean mount [ 47.501037][ T7236] XFS (loop2): Ending clean mount [ 47.513044][ T7229] XFS (loop1): Quotacheck needed: Please wait. [ 47.541695][ T7229] XFS (loop1): Quotacheck: Done. [ 47.567334][ T7254] loop3: detected capacity change from 0 to 32768 [ 47.568690][ T7254] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.84 (7254) [ 47.573162][ T6553] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 47.579261][ T7254] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 47.579326][ T7254] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 47.579368][ T7254] BTRFS info (device loop3): using free-space-tree [ 47.706939][ T6549] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 47.774958][ T7279] loop2: detected capacity change from 0 to 512 [ 47.776414][ T7279] EXT4-fs: Ignoring removed oldalloc option [ 47.777839][ T7279] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 47.780286][ T7279] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 47.798234][ T7279] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 47.798755][ T6552] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 47.805209][ T7279] EXT4-fs (loop2): 1 truncate cleaned up [ 47.805679][ T7279] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.861461][ T7279] netlink: 12 bytes leftover after parsing attributes in process `syz.2.86'. [ 47.862909][ T7279] netlink: 28 bytes leftover after parsing attributes in process `syz.2.86'. [ 47.864325][ T7279] netlink: 12 bytes leftover after parsing attributes in process `syz.2.86'. [ 47.866905][ T7279] netlink: 28 bytes leftover after parsing attributes in process `syz.2.86'. [ 47.868290][ T7279] netlink: 'syz.2.86': attribute type 6 has an invalid length. [ 47.893368][ T7286] net_ratelimit: 46 callbacks suppressed [ 47.893399][ T7286] netlink: zone id is out of range [ 47.893437][ T7286] netlink: zone id is out of range [ 47.905477][ T7286] netlink: zone id is out of range [ 47.905500][ T7286] netlink: zone id is out of range [ 47.905830][ T7286] netlink: set zone limit has 8 unknown bytes [ 48.059141][ T7297] netlink: 228 bytes leftover after parsing attributes in process `syz.3.90'. [ 48.470615][ T7268] loop4: detected capacity change from 0 to 131072 [ 48.476715][ T7268] F2FS-fs (loop4): Test dummy encryption mode enabled [ 48.478739][ T7268] F2FS-fs (loop4): invalid crc value [ 48.510595][ T7268] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 48.512613][ T7268] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 48.522048][ T7268] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 48.607433][ T7295] loop0: detected capacity change from 0 to 32768 [ 48.607803][ T7295] XFS: noikeep mount option is deprecated. [ 48.615521][ T6553] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.623573][ T7295] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 48.667338][ T7295] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 48.683039][ T7295] XFS (loop0): Starting recovery (logdev: internal) [ 48.707684][ T7295] XFS (loop0): Ending recovery (logdev: internal) [ 48.753087][ T7315] loop2: detected capacity change from 0 to 4096 [ 48.784318][ T7315] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 48.784373][ T7315] ntfs3(loop2): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only. [ 48.784847][ T7315] ntfs3(loop2): Failed to load $LogFile (-22). [ 48.841903][ T7319] loop3: detected capacity change from 0 to 256 [ 48.844162][ T7315] loop2: detected capacity change from 0 to 164 [ 48.869314][ T7319] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 48.879299][ T7319] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 48.893259][ T7315] Unsupported NM flag settings (240) [ 48.924493][ T6553] Unsupported NM flag settings (240) [ 48.924782][ T6553] Unsupported NM flag settings (240) [ 48.924907][ T6553] Unsupported NM flag settings (240) [ 48.947983][ T7321] loop1: detected capacity change from 0 to 4096 [ 48.950382][ T6553] Unsupported NM flag settings (240) [ 48.950493][ T6553] Unsupported NM flag settings (240) [ 48.950579][ T6553] Unsupported NM flag settings (240) [ 48.968134][ T7321] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 49.008626][ T7321] ntfs3(loop1): Failed to load $Extend (-22). [ 49.008656][ T7321] ntfs3(loop1): Failed to initialize $Extend. [ 49.078479][ T7319] overlay: Unknown parameter '/' [ 49.376590][ T7323] loop4: detected capacity change from 0 to 32768 [ 49.493601][ T7334] loop3: detected capacity change from 0 to 32768 [ 49.496116][ T7295] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x320/0x44c, xfs_bnobt block 0x8 [ 49.496159][ T7295] XFS (loop0): Unmount and run xfs_repair [ 49.502151][ T7295] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x7bc/0xb94 [ 49.502205][ T7295] CPU: 0 UID: 0 PID: 7295 Comm: syz.0.92 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 49.502217][ T7295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 49.502223][ T7295] Call trace: [ 49.502227][ T7295] show_stack+0x2c/0x3c (C) [ 49.502240][ T7295] __dump_stack+0x30/0x40 [ 49.502247][ T7295] dump_stack_lvl+0xd8/0x12c [ 49.502254][ T7295] dump_stack+0x1c/0x28 [ 49.502260][ T7295] xfs_corruption_error+0x12c/0x188 [ 49.502267][ T7295] xfs_alloc_fixup_trees+0x7f4/0xb94 [ 49.502277][ T7295] xfs_alloc_cur_finish+0xc0/0x4d8 [ 49.502287][ T7295] xfs_alloc_ag_vextent_near+0xb98/0x1114 [ 49.502296][ T7295] xfs_alloc_vextent_iterate_ags+0x61c/0x9d4 [ 49.502306][ T7295] xfs_alloc_vextent_start_ag+0x2ec/0x78c [ 49.502315][ T7295] xfs_bmapi_allocate+0x12c0/0x2500 [ 49.502324][ T7295] xfs_bmapi_convert_delalloc+0x658/0x124c [ 49.502332][ T7295] xfs_writeback_range+0x4d8/0xe30 [ 49.502341][ T7295] iomap_writeback_folio+0xee4/0x1c74 [ 49.502351][ T7295] iomap_writepages+0x128/0x25c [ 49.502359][ T7295] xfs_vm_writepages+0x21c/0x29c [ 49.502367][ T7295] do_writepages+0x270/0x468 [ 49.502377][ T7295] filemap_write_and_wait_range+0x1b4/0x2a8 [ 49.502387][ T7295] xfs_reflink_unshare+0x1d8/0x654 [ 49.502398][ T7295] __xfs_file_fallocate+0x8c0/0x11e4 [ 49.502405][ T7295] xfs_file_fallocate+0x228/0x2f4 [ 49.502412][ T7295] vfs_fallocate+0x52c/0x668 [ 49.502419][ T7295] __arm64_sys_fallocate+0xbc/0x10c [ 49.502426][ T7295] invoke_syscall+0x98/0x2b8 [ 49.502432][ T7295] el0_svc_common+0x130/0x23c [ 49.502438][ T7295] do_el0_svc+0x48/0x58 [ 49.502444][ T7295] el0_svc+0x58/0x180 [ 49.502452][ T7295] el0t_64_sync_handler+0x84/0x12c [ 49.502459][ T7295] el0t_64_sync+0x198/0x19c [ 49.502467][ T7295] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 49.502565][ T7295] XFS (loop0): page discard on page 00000000f04a8497, inode 0x1146, pos 0. [ 49.503685][ T7323] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 49.503693][ T7323] allowing incompatible features above 0.0: (unknown version) [ 49.503697][ T7323] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 49.503706][ T7323] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 49.503755][ T7323] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 49.503807][ T7323] bcachefs (loop4): Version upgrade required: [ 49.503807][ T7323] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 49.503807][ T7323] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 49.503807][ T7323] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 49.504269][ T7295] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x7bc/0xb94 [ 49.504297][ T7295] CPU: 0 UID: 0 PID: 7295 Comm: syz.0.92 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 49.504307][ T7295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 49.504313][ T7295] Call trace: [ 49.504316][ T7295] show_stack+0x2c/0x3c (C) [ 49.504325][ T7295] __dump_stack+0x30/0x40 [ 49.504334][ T7295] dump_stack_lvl+0xd8/0x12c [ 49.504340][ T7295] dump_stack+0x1c/0x28 [ 49.504346][ T7295] xfs_corruption_error+0x12c/0x188 [ 49.504353][ T7295] xfs_alloc_fixup_trees+0x7f4/0xb94 [ 49.504363][ T7295] xfs_alloc_cur_finish+0xc0/0x4d8 [ 49.504372][ T7295] xfs_alloc_ag_vextent_near+0xb98/0x1114 [ 49.504382][ T7295] xfs_alloc_vextent_iterate_ags+0x61c/0x9d4 [ 49.504391][ T7295] xfs_alloc_vextent_start_ag+0x2ec/0x78c [ 49.504401][ T7295] xfs_bmapi_allocate+0x12c0/0x2500 [ 49.504409][ T7295] xfs_bmapi_convert_delalloc+0x658/0x124c [ 49.504418][ T7295] xfs_writeback_range+0x4d8/0xe30 [ 49.504426][ T7295] iomap_writeback_folio+0xee4/0x1c74 [ 49.504435][ T7295] iomap_writepages+0x128/0x25c [ 49.504443][ T7295] xfs_vm_writepages+0x21c/0x29c [ 49.504451][ T7295] do_writepages+0x270/0x468 [ 49.504460][ T7295] filemap_write_and_wait_range+0x1b4/0x2a8 [ 49.504470][ T7295] xfs_reflink_unshare+0x1d8/0x654 [ 49.504481][ T7295] __xfs_file_fallocate+0x8c0/0x11e4 [ 49.504488][ T7295] xfs_file_fallocate+0x228/0x2f4 [ 49.504495][ T7295] vfs_fallocate+0x52c/0x668 [ 49.504502][ T7295] __arm64_sys_fallocate+0xbc/0x10c [ 49.504509][ T7295] invoke_syscall+0x98/0x2b8 [ 49.504515][ T7295] el0_svc_common+0x130/0x23c [ 49.504521][ T7295] do_el0_svc+0x48/0x58 [ 49.504526][ T7295] el0_svc+0x58/0x180 [ 49.504534][ T7295] el0t_64_sync_handler+0x84/0x12c [ 49.504541][ T7295] el0t_64_sync+0x198/0x19c [ 49.504548][ T7295] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 49.504584][ T7295] XFS (loop0): page discard on page 000000001e77fd0a, inode 0x1146, pos 8192. [ 49.504720][ T7334] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.101 (7334) [ 49.533295][ T7334] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 49.533345][ T7334] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 49.533369][ T7334] BTRFS info (device loop3): using free-space-tree [ 49.538044][ T7323] bcachefs (loop4): invalid bkey in btree_node btree=alloc level=0: u64s 11 type alloc_v4 0:0:4143972352 len 0 ver 0: [ 49.538052][ T7323] gen 0 oldest_gen 0 data_type sb [ 49.538056][ T7323] journal_seq_nonempty 1 [ 49.538059][ T7323] journal_seq_empty 1769481 [ 49.538062][ T7323] need_discard 1 [ 49.538065][ T7323] need_inc_gen 1 [ 49.538068][ T7323] dirty_sectors 256 [ 49.538071][ T7323] stripe_sectors 32 [ 49.538074][ T7323] cached_sectors 0 [ 49.538077][ T7323] stripe 0 [ 49.538080][ T7323] stripe_redundancy 0 [ 49.538083][ T7323] io_time[READ] 1 [ 49.538086][ T7323] io_time[WRITE] 1 [ 49.538088][ T7323] fragmentation 0 [ 49.538091][ T7323] bp_start 6 [ 49.538094][ T7323] [ 49.538097][ T7323] nonzero snapshot, deleting [ 49.541669][ T7323] bcachefs (loop4): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 49.545461][ T7323] bcachefs (loop4): check_topology... done [ 49.546285][ T7323] bcachefs (loop4): accounting_read... [ 49.546661][ T6551] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 49.548411][ T6551] XFS (loop0): Uncorrected metadata errors detected; please run xfs_repair. [ 49.579827][ T7323] done [ 49.579838][ T7323] bcachefs (loop4): alloc_read... done [ 49.580116][ T7323] bcachefs (loop4): snapshots_read... done [ 49.580366][ T7323] bcachefs (loop4): check_allocations... [ 49.580767][ T7323] bcachefs (loop4): bucket 0:34 data type user ptr gen 0 missing in alloc btree [ 49.580772][ T7323] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, fixing [ 49.580959][ T7323] bcachefs (loop4): bucket 0:27 data type btree ptr gen 0 missing in alloc btree [ 49.580963][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing [ 49.581706][ T7323] bcachefs (loop4): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 49.581712][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 49.582668][ T7323] bcachefs (loop4): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 49.582674][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 49.582785][ T7323] bcachefs (loop4): bucket 0:31 data type btree ptr gen 0 missing in alloc btree [ 49.582789][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0, fixing [ 49.583213][ T7323] bcachefs (loop4): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 49.583218][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 49.597134][ T7330] loop2: detected capacity change from 0 to 32768 [ 49.597772][ T7323] bcachefs (loop4): bucket 0:32 data type btree ptr gen 0 missing in alloc btree [ 49.597779][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 49.597933][ T7323] bcachefs (loop4): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 49.597938][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 49.598354][ T7323] bcachefs (loop4): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 49.598359][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 49.598889][ T7323] bcachefs (loop4): bucket 0:37 data type btree ptr gen 0 missing in alloc btree [ 49.598897][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 49.599040][ T7323] bcachefs (loop4): bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 49.599044][ T7323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 49.599049][ T7323] Ratelimiting new instances of previous error [ 49.602800][ T7330] BTRFS info: device /dev/loop2 (7:2) using temp-fsid 0db546fc-0c27-430f-94d3-53aae19296f1 [ 49.602824][ T7330] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.100 (7330) [ 49.608229][ T7330] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 49.608278][ T7330] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 49.608303][ T7330] BTRFS info (device loop2): using free-space-tree [ 49.609243][ T7323] done [ 49.609864][ T7323] bcachefs (loop4): going read-write [ 49.611318][ T7323] bcachefs (loop4): journal_replay... done [ 49.648682][ T7323] bcachefs (loop4): check_alloc_info... [ 49.649182][ T7323] bcachefs (loop4): hole in alloc btree missing in freespace btree [ 49.649189][ T7323] device 0 buckets 26-27, fixing [ 49.651892][ T7323] done [ 49.652508][ T7323] bcachefs (loop4): check_lrus... done [ 49.652817][ T7323] bcachefs (loop4): check_btree_backpointers... done [ 49.653172][ T7323] bcachefs (loop4): check_backpointers_to_extents... done [ 49.656326][ T7323] bcachefs (loop4): check_extents_to_backpointers... [ 49.656626][ T7323] bcachefs (loop4): scanning for missing backpointers in 5/128 buckets [ 49.657619][ T7323] done [ 49.658233][ T7323] bcachefs (loop4): check_alloc_to_lru_refs... done [ 49.658928][ T7323] bcachefs (loop4): bucket_gens_init... done [ 49.668398][ T7323] bcachefs (loop4): check_snapshot_trees... done [ 49.668655][ T7323] bcachefs (loop4): check_snapshots... [ 49.668868][ T7323] bcachefs (loop4): snapshot points to missing/incorrect tree: [ 49.668875][ T7323] u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: subvol parent 0 children 0 0 subvol 1 tree 0, fixing [ 49.672417][ T7323] done [ 49.672674][ T7323] bcachefs (loop4): check_subvols... done [ 49.683037][ T7323] bcachefs (loop4): check_subvol_children... [ 49.686434][ T7350] bcachefs (loop4): Detected missing backpointers in bucket 34, now have 1/128 with missing [ 49.686443][ T7350] running recovery pass check_extents_to_backpointers (17), currently at check_subvol_children (25) [ 49.692516][ T7323] done [ 49.692852][ T7323] bcachefs (loop4): check_extents_to_backpointers... [ 49.693140][ T7323] bcachefs (loop4): scanning for missing backpointers in 2/128 buckets [ 49.697131][ T7323] done [ 49.698188][ T7323] bcachefs (loop4): delete_dead_snapshots... done [ 49.698733][ T7323] bcachefs (loop4): check_inodes... done [ 49.699458][ T7323] bcachefs (loop4): check_extents... done [ 49.699938][ T7323] bcachefs (loop4): check_indirect_extents... done [ 49.700168][ T7323] bcachefs (loop4): check_dirents... [ 49.700509][ T7323] bcachefs (loop4): inode 536870913:4294967295 type reg has multiple links but i_nlink 0 [ 49.700514][ T7323] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg [ 49.700518][ T7323] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing [ 49.701462][ T7323] done [ 49.701695][ T7323] bcachefs (loop4): check_xattrs... done [ 49.702481][ T7323] bcachefs (loop4): check_root... done [ 49.703858][ T7323] bcachefs (loop4): check_unreachable_inodes... done [ 49.706339][ T7323] bcachefs (loop4): check_subvolume_structure... done [ 49.706560][ T7323] bcachefs (loop4): check_directory_structure... done [ 49.706779][ T7323] bcachefs (loop4): check_nlinks... done [ 49.707185][ T7323] bcachefs (loop4): check_rebalance_work... done [ 49.708053][ T7323] bcachefs (loop4): resume_logged_ops... done [ 49.715318][ T7323] bcachefs (loop4): delete_dead_inodes... done [ 49.717477][ T7323] bcachefs (loop4): set_fs_needs_rebalance... done [ 49.779187][ T7323] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean [ 49.779254][ T7323] bcachefs (loop4): check_alloc_info... done [ 49.790165][ T7323] bcachefs (loop4): check_lrus... done [ 49.792174][ T7323] bcachefs (loop4): check_btree_backpointers... done [ 49.793681][ T7323] bcachefs (loop4): check_backpointers_to_extents... done [ 49.801459][ T7323] bcachefs (loop4): check_extents_to_backpointers... done [ 49.802216][ T7323] bcachefs (loop4): check_alloc_to_lru_refs... done [ 49.807351][ T7323] bcachefs (loop4): bucket_gens_init... done [ 49.808164][ T7323] bcachefs (loop4): check_snapshot_trees... done [ 49.808852][ T7323] bcachefs (loop4): check_snapshots... done [ 49.810512][ T7323] bcachefs (loop4): check_subvols... done [ 49.815106][ T7323] bcachefs (loop4): check_subvol_children... done [ 49.815711][ T7323] bcachefs (loop4): delete_dead_snapshots... done [ 49.819260][ T7323] bcachefs (loop4): check_inodes... done [ 49.820202][ T7323] bcachefs (loop4): check_extents... done [ 49.820672][ T7323] bcachefs (loop4): check_indirect_extents... done [ 49.820929][ T7323] bcachefs (loop4): check_dirents... done [ 49.821370][ T7323] bcachefs (loop4): check_xattrs... done [ 49.821618][ T7323] bcachefs (loop4): check_root... done [ 49.821847][ T7323] bcachefs (loop4): check_unreachable_inodes... done [ 49.822103][ T7323] bcachefs (loop4): check_subvolume_structure... done [ 49.822327][ T7323] bcachefs (loop4): check_directory_structure... done [ 49.822546][ T7323] bcachefs (loop4): check_nlinks... done [ 49.822862][ T7323] bcachefs (loop4): check_rebalance_work... done [ 49.823126][ T7323] bcachefs (loop4): resume_logged_ops... done [ 49.823349][ T7323] bcachefs (loop4): delete_dead_inodes... done [ 49.832140][ T7323] bcachefs (loop4): set_fs_needs_rebalance... done [ 49.926067][ T7323] bcachefs (loop4): done starting filesystem [ 50.022482][ T6552] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 50.026613][ T6553] BTRFS info (device loop2): last unmount of filesystem 0db546fc-0c27-430f-94d3-53aae19296f1 [ 50.038248][ T7373] loop1: detected capacity change from 0 to 32768 [ 50.061257][ T6550] bcachefs (loop4): shutting down [ 50.061283][ T6550] bcachefs (loop4): going read-only [ 50.061308][ T6550] bcachefs (loop4): finished waiting for writes to stop [ 50.083290][ T6550] bcachefs (loop4): flushing journal and stopping allocators, journal seq 31 [ 50.100218][ T6550] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 32 [ 50.102830][ T6550] bcachefs (loop4): clean shutdown complete, journal seq 33 [ 50.114453][ T6550] bcachefs (loop4): marking filesystem clean [ 50.189453][ T6550] bcachefs (loop4): shutdown complete [ 50.206125][ T7396] ./file0: Can't open blockdev [ 50.239809][ T7373] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 50.250008][ T7396] ./file0: Can't open blockdev [ 50.338370][ T7415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.113'. [ 50.345080][ T7416] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_hsr, syncid = 4, id = 0 [ 50.497317][ T7407] loop2: detected capacity change from 0 to 32808 [ 50.504956][ T7419] loop3: detected capacity change from 0 to 4096 [ 50.531220][ T7419] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 50.541108][ T7413] loop0: detected capacity change from 0 to 65536 [ 50.546041][ T7419] ntfs3(loop3): Failed to load $Extend (-22). [ 50.546070][ T7419] ntfs3(loop3): Failed to initialize $Extend. [ 50.629902][ T7413] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 50.650180][ T7413] XFS (loop0): Ending clean mount [ 50.654297][ T7413] XFS (loop0): Quotacheck needed: Please wait. [ 50.895664][ T7413] XFS (loop0): Quotacheck: Done. [ 50.927739][ T7425] loop2: detected capacity change from 0 to 32768 [ 50.942785][ T7425] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.115 (7425) [ 50.947357][ T6551] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 50.953437][ T7425] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 50.955380][ T7425] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 50.956837][ T7425] BTRFS info (device loop2): using free-space-tree [ 50.980230][ T6549] ocfs2: Unmounting device (7,1) on (node local) [ 51.146951][ T7451] loop1: detected capacity change from 0 to 1024 [ 51.161530][ T7451] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.190956][ T6553] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 51.240648][ T7449] loop0: detected capacity change from 0 to 32768 [ 51.267451][ T7449] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.116 (7449) [ 51.273386][ T7449] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 51.273442][ T7449] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 51.273463][ T7449] BTRFS info (device loop0): using free-space-tree [ 51.281732][ T6549] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.377407][ T7469] loop1: detected capacity change from 0 to 4096 [ 51.377748][ T7469] ntfs3: Unknown parameter 'di' [ 51.401846][ T7469] loop1: detected capacity change from 0 to 4096 [ 51.402116][ T7469] ntfs3: Unknown parameter 'di' [ 51.432327][ T7469] loop1: detected capacity change from 0 to 4096 [ 51.432608][ T7469] ntfs3: Unknown parameter 'di' [ 51.444295][ T7469] loop1: detected capacity change from 0 to 4096 [ 51.450886][ T7469] ntfs3: Unknown parameter 'di' [ 51.524313][ T7485] loop3: detected capacity change from 0 to 128 [ 51.526441][ T7485] hpfs: Unknown parameter 'FCwC" -8/' [ 63.083266][ T8159] loop4: detected capacity change from 0 to 32768 [ 63.140828][ T8159] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 63.221092][ T8168] netlink: 228 bytes leftover after parsing attributes in process `syz.2.215'. [ 63.477208][ T8168] loop2: detected capacity change from 0 to 32768 [ 63.485488][ T8159] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.492574][ T8168] (syz.2.215,8168,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options [ 63.498158][ T8168] (syz.2.215,8168,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 63.560663][ T6550] ocfs2: Unmounting device (7,4) on (node local) [ 63.571891][ T8173] loop0: detected capacity change from 0 to 4096 [ 63.602866][ T8173] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 63.622857][ T8173] ntfs3(loop0): Failed to load $Extend (-22). [ 63.622894][ T8173] ntfs3(loop0): Failed to initialize $Extend. [ 63.649029][ T8165] loop1: detected capacity change from 0 to 32768 [ 63.650618][ T8165] ocfs2: Unknown parameter '00000000000000000000' [ 63.707235][ T8175] loop4: detected capacity change from 0 to 4096 [ 64.080440][ T8194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.222'. [ 64.292025][ T8215] tipc: Started in network mode [ 64.293247][ T8215] tipc: Node identity ac14140f, cluster identity 4711 [ 64.299190][ T8215] tipc: New replicast peer: 255.255.255.255 [ 64.299339][ T8215] tipc: Enabled bearer , priority 10 [ 64.449836][ T8196] loop3: detected capacity change from 0 to 40427 [ 64.452058][ T8196] F2FS-fs (loop3): build fault injection rate: 4 [ 64.453176][ T8196] F2FS-fs (loop3): build fault injection type: 0xd [ 64.480002][ T8196] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x148/0x4a8 [ 64.480307][ T8196] F2FS-fs (loop3): invalid crc value [ 64.480322][ T8196] F2FS-fs (loop3): inject kmalloc in f2fs_kmalloc of f2fs_fill_super+0x39a0/0x5bb8 [ 64.480336][ T8196] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-12) [ 64.496593][ T2414] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.496654][ T2414] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.496955][ T1822] cfg80211: failed to load regulatory.db [ 64.550008][ T8242] netlink: 4 bytes leftover after parsing attributes in process `syz.4.248'. [ 64.610290][ T8251] netlink: 24 bytes leftover after parsing attributes in process `syz.4.252'. [ 64.723043][ T8269] netlink: 28 bytes leftover after parsing attributes in process `syz.0.263'. [ 64.782499][ T8280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.265'. [ 64.829627][ T8267] netlink: 'syz.3.259': attribute type 16 has an invalid length. [ 64.829655][ T8267] netlink: 'syz.3.259': attribute type 17 has an invalid length. [ 64.874629][ T8267] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 64.877931][ T8290] netlink: 'syz.0.269': attribute type 4 has an invalid length. [ 64.889678][ T8290] netlink: 'syz.0.269': attribute type 4 has an invalid length. [ 64.912312][ T8292] syz_tun: entered allmulticast mode [ 64.917193][ T8291] syz_tun: left allmulticast mode [ 65.002138][ T8308] tipc: Started in network mode [ 65.002171][ T8308] tipc: Node identity d20feef036a5, cluster identity 4711 [ 65.002250][ T8308] tipc: Enabled bearer , priority 0 [ 65.002591][ T8308] syzkaller0: entered promiscuous mode [ 65.002601][ T8308] syzkaller0: entered allmulticast mode [ 65.007966][ T8308] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 65.015864][ T8308] tipc: Resetting bearer [ 65.019328][ T8307] tipc: Resetting bearer [ 65.023743][ T8307] tipc: Disabling bearer [ 65.072627][ T8316] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 65.098765][ T8320] netlink: 'syz.0.284': attribute type 1 has an invalid length. [ 65.134767][ T8325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.286'. [ 65.134793][ T8325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.286'. [ 65.135090][ T8325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.286'. [ 65.306978][ T6609] tipc: Node number set to 2886997007 [ 65.308953][ T8338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 65.405841][ T8359] netlink: 'syz.3.304': attribute type 1 has an invalid length. [ 65.425383][ T8359] 8021q: adding VLAN 0 to HW filter on device bond1 [ 65.459226][ T8359] bond1: (slave wlan0): Enslaving as an active interface with a down link [ 65.465753][ T8359] vlan2: entered allmulticast mode [ 65.465781][ T8359] veth1: entered allmulticast mode [ 65.466082][ T8359] veth1: entered promiscuous mode [ 65.466313][ T8359] veth1: left promiscuous mode [ 65.467472][ T8359] bond1: (slave vlan2): making interface the new active one [ 65.467542][ T8359] bond1: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 65.467597][ T8359] veth1: entered promiscuous mode [ 65.467879][ T8359] vlan2: entered promiscuous mode [ 65.468094][ T8359] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 66.267846][ T8478] __nla_validate_parse: 7 callbacks suppressed [ 66.269491][ T8478] netlink: 16 bytes leftover after parsing attributes in process `syz.1.352'. [ 66.292559][ T8480] tipc: Enabled bearer , priority 0 [ 66.292867][ T8480] syzkaller0: entered promiscuous mode [ 66.292878][ T8480] syzkaller0: entered allmulticast mode [ 66.294208][ T8480] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 66.301455][ T8482] batman_adv: batadv0: Adding interface: dummy0 [ 66.301477][ T8482] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.301757][ T8482] batman_adv: batadv0: Interface activated: dummy0 [ 66.313211][ T8482] batadv0: mtu less than device minimum [ 66.315845][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.317269][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.318533][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.319788][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.321047][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.322301][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.323564][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.324835][ T8482] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 66.340642][ T8480] tipc: Resetting bearer [ 66.341746][ T8479] tipc: Resetting bearer [ 66.347759][ T8479] tipc: Disabling bearer [ 66.495437][ T8502] team0: Device vti0 is of different type [ 66.501991][ T8504] netlink: 64 bytes leftover after parsing attributes in process `syz.3.365'. [ 66.506273][ T8504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.365'. [ 66.610268][ T8523] netlink: 8 bytes leftover after parsing attributes in process `syz.1.369'. [ 66.803366][ T8552] netlink: 36 bytes leftover after parsing attributes in process `syz.0.378'. [ 66.942218][ T8574] netlink: 'syz.1.389': attribute type 29 has an invalid length. [ 66.945262][ T8574] netlink: 'syz.1.389': attribute type 29 has an invalid length. [ 67.016441][ T8590] netlink: 16 bytes leftover after parsing attributes in process `syz.2.395'. [ 67.016475][ T8590] netlink: 16 bytes leftover after parsing attributes in process `syz.2.395'. [ 67.154623][ T8613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.407'. [ 67.178437][ T8617] netlink: 8 bytes leftover after parsing attributes in process `syz.0.408'. [ 67.178498][ T8617] bridge_slave_1: left allmulticast mode [ 67.178509][ T8617] bridge_slave_1: left promiscuous mode [ 67.178602][ T8617] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.183831][ T8617] bridge_slave_0: left allmulticast mode [ 67.191388][ T8617] bridge_slave_0: left promiscuous mode [ 67.192668][ T8617] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.271056][ T8629] netlink: 256 bytes leftover after parsing attributes in process `syz.4.415'. [ 67.396412][ T8633] tipc: Started in network mode [ 67.396467][ T8633] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 67.397400][ T8633] tipc: Enabled bearer , priority 10 [ 67.425246][ T8641] vxcan1: tx address claim with different name [ 67.449483][ T8643] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 67.710082][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 30 seconds [ 67.710139][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 30 seconds [ 67.710154][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 30 seconds [ 67.710164][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 30 seconds [ 67.728478][ T6609] IPVS: starting estimator thread 0... [ 67.825041][ T8674] IPVS: using max 68 ests per chain, 163200 per kthread [ 67.938146][ T8710] vxcan1: tx address claim with dlc 0 [ 68.210980][ T8756] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ULvyآDUDw}z [ 68.260488][ T8763] tipc: Started in network mode [ 68.261351][ T8763] tipc: Node identity a2fad8e223e5, cluster identity 4711 [ 68.262661][ T8763] tipc: Enabled bearer , priority 0 [ 68.268364][ T8763] syzkaller0: entered promiscuous mode [ 68.269347][ T8763] syzkaller0: entered allmulticast mode [ 68.290731][ T8763] tipc: Resetting bearer [ 68.294722][ T8762] tipc: Resetting bearer [ 68.307204][ T8762] tipc: Disabling bearer [ 68.515973][ T6613] tipc: Node number set to 4269801494 [ 69.221213][ T8921] bridge_slave_0: left allmulticast mode [ 69.221248][ T8921] bridge_slave_0: left promiscuous mode [ 69.221348][ T8921] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.280946][ T8921] bridge_slave_1: left allmulticast mode [ 69.280975][ T8921] bridge_slave_1: left promiscuous mode [ 69.281051][ T8921] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.291118][ T8921] bond0: (slave bond_slave_0): Releasing backup interface [ 69.317759][ T8921] bond0: (slave bond_slave_1): Releasing backup interface [ 69.337023][ T8921] team0: Port device team_slave_0 removed [ 69.339883][ T8921] team0: Port device team_slave_1 removed [ 69.341307][ T8921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.342637][ T8921] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.345726][ T8921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.347131][ T8921] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.437712][ T8950] tipc: Started in network mode [ 69.437749][ T8950] tipc: Node identity c69612bdfca1, cluster identity 4711 [ 69.437796][ T8950] tipc: Enabled bearer , priority 0 [ 69.438221][ T8950] syzkaller0: entered promiscuous mode [ 69.438232][ T8950] syzkaller0: entered allmulticast mode [ 69.459083][ T8950] tipc: Resetting bearer [ 69.462317][ T8948] tipc: Resetting bearer [ 69.488066][ T8948] tipc: Disabling bearer [ 69.579583][ T8972] team0: No ports can be present during mode change [ 69.679522][ T31] audit: type=1400 audit(69.640:2): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8974 comm="syz.3.555" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.691113][ T8976] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.817879][ T8976] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.848405][ T31] audit: type=1400 audit(69.820:3): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8978 comm="syz.0.557" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.849119][ T31] audit: type=1400 audit(69.820:4): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=6221 comm="dhcpcd" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.849312][ T31] audit: type=1400 audit(69.820:5): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=6221 comm="dhcpcd" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.849731][ T31] audit: type=1400 audit(69.820:6): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8978 comm="syz.0.557" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.849749][ T31] audit: type=1400 audit(69.820:7): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8978 comm="syz.0.557" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.850470][ T31] audit: type=1400 audit(69.820:8): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=6553 comm="syz-executor" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.883537][ T31] audit: type=1400 audit(69.850:9): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8996 comm="syz-executor" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.885757][ T31] audit: type=1400 audit(69.860:10): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8978 comm="syz.0.557" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.885785][ T31] audit: type=1400 audit(69.860:11): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=8978 comm="syz.0.557" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 69.929122][ T8976] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.083747][ T8976] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.100957][ T12] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.101071][ T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.101094][ T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.101107][ T12] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.275441][ T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.281373][ T6695] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.291757][ T6695] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.291825][ T6695] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.718124][ T6126] Bluetooth: hci3: link tx timeout [ 75.718241][ T6126] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 75.965391][ T6557] Bluetooth: hci3: link tx timeout [ 75.965419][ T6557] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 76.186297][ T6557] Bluetooth: hci3: link tx timeout [ 76.187663][ T6557] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 76.554118][ T5474] vlan2: left promiscuous mode [ 76.611137][ T31] kauditd_printk_skb: 13 callbacks suppressed [ 76.611165][ T31] audit: type=1400 audit(76.580:25): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 76.894920][ T31] audit: type=1400 audit(76.870:26): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 77.774185][ T6557] Bluetooth: hci3: command 0x0406 tx timeout [ 83.527463][ T31] audit: type=1400 audit(83.500:27): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 84.335175][ T31] audit: type=1400 audit(84.310:28): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 97.347544][ T31] audit: type=1400 audit(97.320:29): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 97.776004][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 60 seconds [ 97.777976][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 60 seconds [ 97.778018][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 60 seconds [ 97.778037][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 60 seconds [ 99.055193][ T31] audit: type=1400 audit(99.030:30): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 99.509688][ T6166] udevd[6166]: worker [6740] /devices/virtual/block/nbd0 is taking a long time [ 124.995415][ T31] audit: type=1400 audit(124.970:31): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 125.944731][ T2414] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.944773][ T2414] ieee802154 phy1 wpan1: encryption failed: -22 [ 127.855129][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 90 seconds [ 127.855172][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 90 seconds [ 127.855189][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 90 seconds [ 127.855204][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 90 seconds [ 127.865912][ T31] audit: type=1400 audit(127.840:32): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=6155 comm="klogd" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 131.404803][ T6126] Bluetooth: hci3: link tx timeout [ 131.404833][ T6126] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 133.454062][ T6557] Bluetooth: hci3: command 0x0406 tx timeout [ 153.615718][ T6557] Bluetooth: hci0: command 0x0406 tx timeout [ 153.626056][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 153.626103][ T6567] Bluetooth: hci1: command 0x0406 tx timeout [ 153.626140][ T6557] Bluetooth: hci2: command 0x0406 tx timeout [ 157.945957][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 120 seconds [ 157.945996][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 120 seconds [ 157.946011][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 120 seconds [ 157.946021][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 120 seconds [ 180.291546][ T31] audit: type=1400 audit(180.260:33): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 187.375919][ T2414] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.376898][ T2414] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.377231][ T31] audit: type=1400 audit(187.350:34): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=2414 comm="aoe_tx0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 188.015102][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 150 seconds [ 188.015150][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 150 seconds [ 188.015179][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 150 seconds [ 188.015193][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 150 seconds [ 218.114264][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 180 seconds [ 218.114302][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 180 seconds [ 218.114319][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 180 seconds [ 218.114333][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 180 seconds [ 219.970992][ T6166] udevd[6166]: worker [6740] /devices/virtual/block/nbd0 timeout; kill it [ 219.973250][ T6166] udevd[6166]: seq 14011 '/devices/virtual/block/nbd0' killed [ 248.186187][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 210 seconds [ 248.186223][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 210 seconds [ 248.186233][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 210 seconds [ 248.186242][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 210 seconds [ 248.815494][ T2414] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.816151][ T2414] ieee802154 phy1 wpan1: encryption failed: -22 [ 278.268842][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 240 seconds [ 278.268877][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 240 seconds [ 278.268887][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 240 seconds [ 278.268896][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 240 seconds [ 290.884125][ T31] audit: type=1400 audit(290.860:35): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 305.135638][ T31] audit: type=1400 audit(305.110:36): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=15 comm="ksoftirqd/0" saddr=10.128.0.169 src=30028 daddr=10.128.0.145 dest=42160 netif=enp0s0 [ 308.335860][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 270 seconds [ 308.335906][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 270 seconds [ 308.335920][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 270 seconds [ 308.335930][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 270 seconds [ 310.255272][ T2414] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.255310][ T2414] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.063571][ T31] audit: type=1400 audit(327.030:37): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 327.279203][ T31] audit: type=1400 audit(327.250:38): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 327.495089][ T31] audit: type=1400 audit(327.470:39): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 327.939110][ T31] audit: type=1400 audit(327.910:40): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 328.803165][ T31] audit: type=1400 audit(328.770:41): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 330.535181][ T31] audit: type=1400 audit(330.510:42): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 334.147146][ T31] audit: type=1400 audit(334.120:43): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 338.414456][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 300 seconds [ 338.414498][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 300 seconds [ 338.414509][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 300 seconds [ 338.414519][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 300 seconds [ 341.059515][ T31] audit: type=1400 audit(341.030:44): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 354.883479][ T31] audit: type=1400 audit(354.850:45): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=40090 daddr=10.128.0.145 dest=22 netif=enp0s0 [ 368.495921][ T56] block nbd0: Possible stuck request 00000000e0be2bcd: control (read@0,1024B). Runtime 330 seconds [ 368.495958][ T56] block nbd0: Possible stuck request 0000000085fe5117: control (read@1024,1024B). Runtime 330 seconds [ 368.495969][ T56] block nbd0: Possible stuck request 000000005c9755d0: control (read@2048,1024B). Runtime 330 seconds [ 368.495978][ T56] block nbd0: Possible stuck request 000000007c541b5a: control (read@3072,1024B). Runtime 330 seconds [ 371.694827][ T2414] ieee802154 phy0 wpan0: encryption failed: -22 [ 371.694874][ T2414] ieee802154 phy1 wpan1: encryption failed: -22 [ 375.534230][ T3 ** replaying previous printk message ** [ 375.534230][ T32] INFO: task udevd:6740 blocked for more than 143 seconds. [ 375.534259][ T32] Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 [ 375.534265][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 375.534271][ T32] task:udevd state:D stack:0 pid:6740 tgid:6740 ppid:6166 task_flags:0x400140 flags:0x00800019 [ 375.534285][ T32] Call trace: [ 375.534289][ T32] __switch_to+0x418/0x87c (T) [ 375.534307][ T32] __schedule+0x13b0/0x2864 [ 375.534316][ T32] schedule+0xb4/0x230 [ 375.534323][ T32] io_schedule+0x84/0xf0 [ 375.534329][ T32] folio_wait_bit_common+0x56c/0x9e0 [ 375.534338][ T32] do_read_cache_folio+0x23c/0x5bc [ 375.534344][ T32] read_cache_folio+0x68/0x88 [ 375.534350][ T32] read_part_sector+0xcc/0x6fc [ 375.534357][ T32] adfspart_check_POWERTEC+0x90/0xd5c [ 375.534363][ T32] bdev_disk_changed+0x674/0x11fc [ 375.534369][ T32] blkdev_get_whole+0x2b0/0x4a4 [ 375.534375][ T32] bdev_open+0x3b0/0xc20 [ 375.534381][ T32] blkdev_open+0x300/0x440 [ 375.534387][ T32] do_dentry_open+0x7a4/0x10bc [ 375.534394][ T32] vfs_open+0x44/0x2d4 [ 375.534400][ T32] path_openat+0x2424/0x2c40 [ 375.534407][ T32] do_filp_open+0x18c/0x36c [ 375.534415][ T32] do_sys_openat2+0x11c/0x1b4 [ 375.534421][ T32] __arm64_sys_openat+0x120/0x158 [ 375.534427][ T32] invoke_syscall+0x98/0x2b8 [ 375.534434][ T32] el0_svc_common+0x130/0x23c [ 375.534439][ T32] do_el0_svc+0x48/0x58 [ 375.534445][ T32] el0_svc+0x58/0x180 [ 375.534451][ T32] el0t_64_sync_handler+0x84/0x12c [ 375.534458][ T32] el0t_64_sync+0x198/0x19c [ 375.534467][ T32] [ 375.534467][ T32] Showing all locks held in the system: [ 375.534472][ T32] 1 lock held by khungtaskd/32: [ 375.534476][ T32] #0: ffff80008f9a9060 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 375.534497][ T32] 2 locks held by pr/ttyAMA-1/43: [ 375.534506][ T32] 2 locks held by getty/6307: [ 375.534510][ T32] #0: ffff0000d6f920a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 375.534527][ T32] #1: ffff80009bbae2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfa4 [ 375.534548][ T32] 4 locks held by kworker/u8:9/6695: [ 375.534552][ T32] 1 lock held by udevd/6740: [ 375.534555][ T32] #0: ffff0000ca222358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 [ 375.534572][ T32] [ 375.534574][ T32] ============================================= [ 375.534574][ T32] [ 375.534578][ T32] Kernel panic - not syncing: hung_task: blocked tasks [ 375.568371][ T32] CPU: 1 UID: 0 PID: 32 Comm: khungtaskd Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 375.569877][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 375.571259][ T32] Call trace: [ 375.571715][ T32] show_stack+0x2c/0x3c (C) [ 375.572335][ T32] __dump_stack+0x30/0x40 [ 375.572932][ T32] dump_stack_lvl+0x30/0x12c [ 375.573561][ T32] dump_stack+0x1c/0x28 [ 375.574154][ T32] vpanic+0x280/0x780 [ 375.574717][ T32] vpanic+0x0/0x780 [ 375.575280][ T32] hung_task_panic+0x0/0x2c [ 375.575990][ T32] kthread+0x5fc/0x75c [ 375.576642][ T32] ret_from_fork+0x10/0x20 [ 375.577304][ T32] SMP: stopping secondary CPUs [ 375.578034][ T32] Kernel Offset: disabled [ 375.578738][ T32] CPU features: 0x40000,00007800,109c1141,5427fea7 [ 375.579700][ T32] Memory Limit: none [ 375.963511][ T32] Rebooting in 86400 seconds..