last executing test programs: 20.147799874s ago: executing program 3 (id=66): creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f00000003c0)='./file0\x00', 0x36) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0, 0x800) 19.87118951s ago: executing program 3 (id=68): socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000}, 0x50) creat(&(0x7f00000000c0)='./file0\x00', 0xce) socket$nl_netfilter(0x10, 0x3, 0xc) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) write$P9_RLERRORu(r1, &(0x7f00000023c0)=ANY=[@ANYBLOB='S\x00\x00\x00\a\x00\x00F\x00', @ANYRESHEX=r0], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}}) 19.440464065s ago: executing program 3 (id=73): openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) 19.148545886s ago: executing program 3 (id=75): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) epoll_create1(0x80000) socket(0x2c, 0x3, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$packet(0x11, 0x2, 0x300) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00e611ed6229b237ad2a184a94283e2b34c24caf7280c18475708140abe763dfb52cdb0ba0cdc8c572346d0a832984b36248c4fa844eda0af4b1652605421a7821dcfde12aa77458d811a84538a156b05b0ec3eaf24a90ceb5b7463d9fd38b49d41fbfa868653605702abe43d9c2c30aed4da0b8cc18c6b369f086a965442c1217f19a67a534064b7236a6660000000000"], 0x1, 0x17b, &(0x7f0000000300)="$eJzs28tO4nAUx/FfoVyGuTHDXJLJLGY1mc1QwAR1h49CoBJiUSJuICbqe7hx58PJwp0rMZS2SmWFtEX5fjacHydND4s/nBAQgI3V0B8ZMpSdht/54lnJSHokADGZeI/3EwCbJ32X9AQAkjHek/qSbm5PW0pn/bXgp19M+w2/n8o92x/GF9Iv0+sbeb0L7xdX0l//eqOw8PpC0H+/sP9PRe/+H/RRn/RZRX3RV5W8fju4/scLtyEAADaDoXI4zz2R0n7XsStBzri5qoI5y1k314L+LG8FOefmcuvIaUf4KgAsI6Xy9dMcPv/p0Pk3vfMP4PUbDEcHTcexj2Mq/O8HYr3pagqdr8UYKykyWosxKBYUptZijITfmABEzjrp9a3BcPS/22t27I59WK/V67uVne2q5S7+1vz6D+ANefzQT3oSAAAAAAAAAAAAAACwrG/6nvQIAAAAAGIS2b+IDEmX4pfFAAAAAAAAAAAAAAAAAABE4CEAAP//gNgaag==") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000001100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c}) 17.197919623s ago: executing program 3 (id=78): r0 = socket(0x10, 0x80002, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000040)={0x0, 0x3, 0xff, 0x9}) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005400e5012abd7000ffffffff07000000", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r2, @ANYBLOB="01830300ff"], 0x38}, 0x1, 0x0, 0x0, 0x400a840}, 0x24008c84) 16.476372213s ago: executing program 3 (id=83): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000002680)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000002"], 0x48) 15.782629313s ago: executing program 32 (id=83): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000002680)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000002"], 0x48) 9.312615748s ago: executing program 4 (id=116): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x400000000000000, 0x0, &(0x7f00000000c0)={0x0, 0xa8}}, 0x0) socket$inet(0x2, 0x2, 0x1) sendmsg$key(0xffffffffffffffff, 0x0, 0x40) getrandom(0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) dup(0xffffffffffffffff) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000040), 0x12) 9.07861536s ago: executing program 4 (id=117): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 8.14303404s ago: executing program 4 (id=119): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000380)={@val={0x1c, 0x800}, @val={0x1, 0x3, 0x0, 0x14, 0x14, 0x1}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x68, 0x0, 0x0, 0x84, 0x0, @rand_addr=0x64010101, @local}, {{0x200, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x0, 0x1000, 0x0, 0x1c, {[@mptcp=@syn={0x1e, 0x6, 0x4, 0x1, 0x24, 0x1, 0x4}]}}}}}}, 0x42) 6.16026446s ago: executing program 4 (id=127): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) fsmount(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r4, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@delchain={0x34, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r7, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 6.020210943s ago: executing program 2 (id=129): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) unshare(0x46010000) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001", 0x3, 0xfffffffffffffffd) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000000), 0x1, 0x61f, &(0x7f0000001680)="$eJzs3d9rHNUeAPDv7CZp0ubetJfL5TbciwEfWpCmSS1WfbGtD/ahYME+iPjQ0CQ1dPuDJgVbC23BBwUFEV+L9MV/wHfpu28iqG8+C1WkoqAlKzM7m26S2SZNu7tJ5/OB3Z05MzvnfPfkZM7M7NkJoLTG0qdKxO6IxVNJxEjLsuFoLBzL17v367XT6SOJev2NX5JI8rTm+ov56470KYkYjIhvjkb8q7o63/krV89O1eoN1yP2L5y7uH/+ytV9c+emzsycmTk/eeDFg4cmXpo8OPlE4tyRvx47/vr/Pn7/nRdmv63tS+JwnOx/bzpWxLEB9aQgcSzGYjEPsTW9LyIOpRMFn8tWs64QtnW+HGxMNf977I+I/8RIVLO5hpGY+6inhQM6ql6NqAMllWj/UFLNfkDz2H59x8EnO9wr6Z67RxoHQKvj72ucG4nB7Nho+72k5ciocW5j5xPIP83j/rXRW+kjlp2H+GOpdvqeQD7t3LgZEf8tij/JyrYzizSNvxKVlvclETEREQN5+V7dQNat22p6zPMwj16IR4i/tR7Sz+Jw/pqmH91g/mMr5rsdPwDldOdIviPP9sYP9n9p36PZ/4mC/s9wwb5rI3q9/2vf/2vu7wezc+SVFf2wtM9yoniT/SsTfvzw2Kft8m/t/92/lmTlaPYFu+HuzYjRFfF/kHX0kqX6TwrqP13l1OH15fHadz8fa7dsefyjt7odf/12xJ7C458HvdJ06iHXJ/fPztVmJhrPhXl89fXbX7TLv9fxp/W/vU38LfVfWfm+9DO5uM48vjxx+9xAm2XDa8Zf+WkgaRxvNrfx7tTCwqXJiIHkeL5KS/qBh5eluU5zG2n8e58tbv/L/v5vLt/OUOsBzBouvnn2XrtlG6n/lovJi/V1lqGdNP7ptet/VftP0z5ZZx6/v3X5/+2WFcQfkcc/9DiBAQAAAAAAQAlVsmuwSWV8abpSGR9vjJf9d2yv1C7MLzw3e+Hy+emIvdn3IfsrzSvdI435JJ2fzL8P25w/sGL++YjYFRGfVYey+fHTF2rTvQ4eAAAAAAAAAAAAAAAAAAAANokd+fj/5n2qf6s2xv8DJdHJG8wBm5v2D+WVtf9Vt3gCysD+H8pL+4fy0v6hvLR/KC/tH8pL+4fy0v6hvLR/AAAAAHgq7Xrmzg9JRNx4eSh7pAbyZdWelgzotP6CtPr1HhQE6Dr7eCivpUv/hv9D6RT1/1f5M/9xwM4XB+iBpCgx6xzUH9747xS+EwAAAAAAAAAAAADogD2724//X9fYAGDLMuwPyusxxv/76QDY4vz0P5SXY3xgrVH8g+0WGP8PAAAAAAAAAAAAAF0znD2Syng+Fng4KpXx8Yh/RMTO6E9m52ozExHxz4j4vtq/LZ2f7HWhAQAAAAAAAAAAAAAAAAAA4Ckzf+Xq2alabeZS68Rfq1Ke7onmXVC7kNcr8YjviqT7H8tQRPS8Ujo20deSkkTcSGt+UxTs0nxsjmJkEz3+xwQAAAAAAAAAAAAAAAAAACXUMva42OjnXS4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTfg/v/d26i1zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvT3wEAAP//PflCHg==") 4.278918135s ago: executing program 1 (id=131): r0 = socket$netlink(0x10, 0x3, 0xf) r1 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000008000000e27f000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000074c0)={0x0, 0x0, &(0x7f0000007480)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000080a0103f60c774fa3e31fb30200000a14000000000a010200000000000000000a00001714000000110001"], 0x50}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x12000, 0x4) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x40, r6, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pimreg\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}}, 0x24048801) sendmsg$SMC_PNETID_DEL(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r6, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) r8 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_INITMSG(r8, 0x84, 0x2, &(0x7f0000000280)={0xf8, 0x8000, 0x101, 0x8}, 0x8) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000040)) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 4.269150544s ago: executing program 4 (id=132): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="c00000001900674c0000000000000000ff010000000000000000000000000001e00000010000000000000000000000004e210000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0], 0xc0}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004000) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="b80000001900674c000000000000000000000000000000000000000000000000e000000200000000000000000000000000000000000000000a"], 0xb8}}, 0x0) 4.079018846s ago: executing program 2 (id=133): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000002680)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32], 0x48) 3.996611973s ago: executing program 1 (id=134): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r1 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f00000001c0)=0x0) dup(r2) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0}) io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0) close_range(r0, r1, 0x0) 3.919094486s ago: executing program 0 (id=135): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000b95"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000380)={{}, 0x0, &(0x7f0000000340)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x4, 0x7, 0x7ffc1ff3}]}) mlockall(0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = getpid() r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) lseek(r3, 0x0, 0x1) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) quotactl_fd$Q_GETFMT(r1, 0xffffffff80000401, r5, &(0x7f0000000080)) setns(0xffffffffffffffff, 0x24020000) syz_clone3(&(0x7f0000000000)={0x13824400, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r2], 0x1}, 0x58) 3.907705171s ago: executing program 1 (id=136): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000001340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffa]}, 0x8, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000080)=""/125, 0x7d}], 0x2}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 3.848748127s ago: executing program 4 (id=137): openat$nvram(0xffffffffffffff9c, &(0x7f0000001740), 0x8c200, 0x0) socket$can_raw(0x1d, 0x3, 0x1) io_uring_setup(0x4663, 0x0) kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) socket$inet6(0xa, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'vlan0\x00'}) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000280)={@dev}, 0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c) r5 = open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21) pwritev2(r5, &(0x7f0000000240), 0x0, 0x7abff, 0x0, 0x3) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 3.687958991s ago: executing program 0 (id=138): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000600000000000000008500000007000000c5000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x18) socket$nl_route(0x10, 0x3, 0x0) memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x7e31, 0x80, 0x1, 0x1af}, 0x0, 0x0) open(&(0x7f0000000180)='.\x00', 0x0, 0x81) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000240), 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0) 3.608567821s ago: executing program 2 (id=139): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000001340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffa]}, 0x8, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000080)=""/125, 0x7d}], 0x2}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r4, 0x0, 0x4}, 0x18) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) 2.826427544s ago: executing program 0 (id=140): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28) shutdown(r3, 0x1) sendfile(r3, 0xffffffffffffffff, 0x0, 0xffffffff004) close(r3) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) syz_open_dev$usbfs(0x0, 0x74, 0x101301) 2.424814105s ago: executing program 1 (id=141): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) fsmount(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r4, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@delchain={0x34, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r7, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 1.739212403s ago: executing program 0 (id=142): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) unshare(0x46010000) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001", 0x3, 0xfffffffffffffffd) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000000), 0x1, 0x61f, &(0x7f0000001680)="$eJzs3d9rHNUeAPDv7CZp0ubetJfL5TbciwEfWpCmSS1WfbGtD/ahYME+iPjQ0CQ1dPuDJgVbC23BBwUFEV+L9MV/wHfpu28iqG8+C1WkoqAlKzM7m26S2SZNu7tJ5/OB3Z05MzvnfPfkZM7M7NkJoLTG0qdKxO6IxVNJxEjLsuFoLBzL17v367XT6SOJev2NX5JI8rTm+ov56470KYkYjIhvjkb8q7o63/krV89O1eoN1yP2L5y7uH/+ytV9c+emzsycmTk/eeDFg4cmXpo8OPlE4tyRvx47/vr/Pn7/nRdmv63tS+JwnOx/bzpWxLEB9aQgcSzGYjEPsTW9LyIOpRMFn8tWs64QtnW+HGxMNf977I+I/8RIVLO5hpGY+6inhQM6ql6NqAMllWj/UFLNfkDz2H59x8EnO9wr6Z67RxoHQKvj72ucG4nB7Nho+72k5ciocW5j5xPIP83j/rXRW+kjlp2H+GOpdvqeQD7t3LgZEf8tij/JyrYzizSNvxKVlvclETEREQN5+V7dQNat22p6zPMwj16IR4i/tR7Sz+Jw/pqmH91g/mMr5rsdPwDldOdIviPP9sYP9n9p36PZ/4mC/s9wwb5rI3q9/2vf/2vu7wezc+SVFf2wtM9yoniT/SsTfvzw2Kft8m/t/92/lmTlaPYFu+HuzYjRFfF/kHX0kqX6TwrqP13l1OH15fHadz8fa7dsefyjt7odf/12xJ7C458HvdJ06iHXJ/fPztVmJhrPhXl89fXbX7TLv9fxp/W/vU38LfVfWfm+9DO5uM48vjxx+9xAm2XDa8Zf+WkgaRxvNrfx7tTCwqXJiIHkeL5KS/qBh5eluU5zG2n8e58tbv/L/v5vLt/OUOsBzBouvnn2XrtlG6n/lovJi/V1lqGdNP7ptet/VftP0z5ZZx6/v3X5/+2WFcQfkcc/9DiBAQAAAAAAQAlVsmuwSWV8abpSGR9vjJf9d2yv1C7MLzw3e+Hy+emIvdn3IfsrzSvdI435JJ2fzL8P25w/sGL++YjYFRGfVYey+fHTF2rTvQ4eAAAAAAAAAAAAAAAAAAAANokd+fj/5n2qf6s2xv8DJdHJG8wBm5v2D+WVtf9Vt3gCysD+H8pL+4fy0v6hvLR/KC/tH8pL+4fy0v6hvLR/AAAAAHgq7Xrmzg9JRNx4eSh7pAbyZdWelgzotP6CtPr1HhQE6Dr7eCivpUv/hv9D6RT1/1f5M/9xwM4XB+iBpCgx6xzUH9747xS+EwAAAAAAAAAAAADogD2724//X9fYAGDLMuwPyusxxv/76QDY4vz0P5SXY3xgrVH8g+0WGP8PAAAAAAAAAAAAAF0znD2Syng+Fng4KpXx8Yh/RMTO6E9m52ozExHxz4j4vtq/LZ2f7HWhAQAAAAAAAAAAAAAAAAAA4Ckzf+Xq2alabeZS68Rfq1Ke7onmXVC7kNcr8YjviqT7H8tQRPS8Ujo20deSkkTcSGt+UxTs0nxsjmJkEz3+xwQAAAAAAAAAAAAAAAAAACXUMva42OjnXS4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTfg/v/d26i1zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvT3wEAAP//PflCHg==") 1.651972684s ago: executing program 2 (id=143): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r0, 0x0, 0x200002e6) fcntl$setpipe(r0, 0x407, 0x7000000) fcntl$setpipe(r0, 0x407, 0x100000) 1.417865486s ago: executing program 2 (id=144): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 694.823912ms ago: executing program 1 (id=145): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r1 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f00000001c0)=0x0) dup(r2) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0}) io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0) close_range(r0, r1, 0x0) 475.559385ms ago: executing program 0 (id=146): r0 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000500)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000600)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x3, @loopback, 0x1}, {0xa, 0x0, 0x5, @mcast2}, r1}}, 0x48) 414.557763ms ago: executing program 2 (id=147): socket(0x2, 0x80805, 0x0) openat$userio(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x4b8, 0x30, 0x1, 0x2, 0x25dfdbfc, {}, [{0x4a4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x2, 0x0, 0x446, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, 0xfffffffd}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x434, 0x2, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xfffffffe, 0xfc000000, 0xf, 0x10001, 0x2, 0x2c00, 0x3, 0x3, 0x6, 0x1000, 0x1ff, 0x1ff, 0x8, 0x1, 0x7ff, 0x9, 0x6, 0x80000000, 0xfff, 0x3ff, 0x0, 0x80000000, 0x0, 0x0, 0x2, 0x3ce, 0x80000001, 0x4, 0x101, 0x0, 0x8, 0x0, 0x7, 0x9, 0x9, 0x8, 0x5, 0xf, 0x8, 0x7, 0x4, 0x5, 0x0, 0xfffffffe, 0x1250, 0x1ff000, 0x10, 0x4a, 0xff, 0x7, 0x80000001, 0xfffffffb, 0x623, 0x401, 0x6, 0x100, 0x80000001, 0x80000000, 0x7ff, 0x2, 0x1, 0x8, 0x0, 0x17, 0xe, 0x81, 0x7, 0x800, 0x1, 0x9, 0xe, 0x7fffffff, 0xe, 0xd97, 0xa, 0xfff, 0x0, 0x0, 0x17a3, 0x0, 0x5, 0x4, 0x2, 0x3, 0x0, 0x7fffffff, 0x1032, 0x2, 0x1ff, 0x4, 0xbfb, 0x2, 0x0, 0x6, 0x5, 0x7a7c081b, 0x7fff, 0x47, 0xfffffff9, 0x0, 0x7, 0xf, 0x30, 0x7fffffff, 0x40, 0x8, 0x1b0, 0x7, 0x4, 0x6f3, 0xdd27, 0x4ace, 0x2, 0x80000000, 0x3, 0x5, 0x4d0, 0x5, 0x4, 0x80000001, 0x6, 0x1, 0x0, 0x9, 0x1000, 0x68, 0x2, 0x4, 0x401, 0x0, 0x80, 0x5, 0x2, 0x3, 0x2, 0x401, 0x2, 0x8, 0x6, 0x2, 0xf, 0xcf, 0xffff, 0xc53, 0x8, 0x8001, 0x7, 0x10001, 0x6, 0x4, 0x708, 0x10001, 0x7f, 0x7, 0x6, 0x8, 0x7, 0x200000, 0x10, 0x213b, 0xa00, 0x5, 0x1, 0x3, 0xffffffff, 0x8, 0x4, 0xf4000, 0x9541, 0x6, 0xe, 0x3, 0x8, 0x8, 0x6, 0x6, 0x4, 0x3, 0x7, 0x80000001, 0xc, 0x1, 0xd06b, 0x4, 0x200, 0x101, 0x8, 0x8, 0x6, 0x3, 0x1, 0x2000000, 0x4f79, 0x8000, 0x8, 0x9, 0x96a3, 0x2, 0x800, 0xd, 0xffffffff, 0x7, 0x5, 0x5, 0x0, 0x4c, 0x9, 0xffff, 0x7, 0xfd, 0x7, 0x4, 0x0, 0x5, 0x89, 0x6, 0x0, 0xb149, 0x10, 0x10, 0x5, 0x1, 0x7fff, 0x0, 0x6, 0x4, 0xd9c9, 0x7, 0x9, 0x901, 0xf, 0x9, 0x5, 0x2, 0x3, 0xb, 0x7fffffff, 0x5, 0x5, 0x27a9, 0x6, 0x0, 0x8, 0x4, 0x9, 0xfffffff7, 0x8, 0x2, 0x40f, 0x9, 0x2, 0x4, 0x7, 0x2, 0x8]}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x4b8}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x500, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x16, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x41, 0x1ff) r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x200000000000000, 0x820b01) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000000)={0xc0000000}) close(0x3) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x2, 0x0, 0x0) mount$9p_rdma(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[]) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) 318.911923ms ago: executing program 1 (id=148): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000002680)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) 0s ago: executing program 0 (id=149): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000001340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffa]}, 0x8, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000080)=""/125, 0x7d}], 0x2}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r4, 0x0, 0x4}, 0x18) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. [ 66.460943][ T5821] cgroup: Unknown subsys name 'net' [ 66.595107][ T5821] cgroup: Unknown subsys name 'cpuset' [ 66.603931][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.973332][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.528167][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.543008][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.562304][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.570064][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.583878][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.591725][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.597841][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.602470][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.620546][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.628882][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.636953][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.644013][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.644014][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.657380][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.665391][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.666869][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.673296][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.680519][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.690048][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.701231][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.702484][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.715927][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.723635][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.731076][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.741977][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.243076][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 71.297842][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.304324][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.480033][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 71.569305][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 71.590164][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 71.602238][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.609442][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.617258][ T5841] bridge_slave_0: entered allmulticast mode [ 71.625266][ T5841] bridge_slave_0: entered promiscuous mode [ 71.633040][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 71.666863][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.674121][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.681224][ T5841] bridge_slave_1: entered allmulticast mode [ 71.688406][ T5841] bridge_slave_1: entered promiscuous mode [ 71.829440][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.842580][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.862474][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.869855][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.877545][ T5834] bridge_slave_0: entered allmulticast mode [ 71.884532][ T5834] bridge_slave_0: entered promiscuous mode [ 71.938486][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.945719][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.953369][ T5834] bridge_slave_1: entered allmulticast mode [ 71.960247][ T5834] bridge_slave_1: entered promiscuous mode [ 72.008532][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.016056][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.024143][ T5831] bridge_slave_0: entered allmulticast mode [ 72.031029][ T5831] bridge_slave_0: entered promiscuous mode [ 72.065790][ T5841] team0: Port device team_slave_0 added [ 72.098443][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.105656][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.113477][ T5831] bridge_slave_1: entered allmulticast mode [ 72.120384][ T5831] bridge_slave_1: entered promiscuous mode [ 72.140075][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.147396][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.154676][ T5835] bridge_slave_0: entered allmulticast mode [ 72.161585][ T5835] bridge_slave_0: entered promiscuous mode [ 72.170162][ T5841] team0: Port device team_slave_1 added [ 72.178318][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.185469][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.192884][ T5833] bridge_slave_0: entered allmulticast mode [ 72.199824][ T5833] bridge_slave_0: entered promiscuous mode [ 72.240036][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.253644][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.263213][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.270296][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.277931][ T5835] bridge_slave_1: entered allmulticast mode [ 72.285884][ T5835] bridge_slave_1: entered promiscuous mode [ 72.316426][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.323898][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.331009][ T5833] bridge_slave_1: entered allmulticast mode [ 72.338651][ T5833] bridge_slave_1: entered promiscuous mode [ 72.347945][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.360663][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.394835][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.401778][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.429721][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.442488][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.449430][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.475833][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.562372][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.587902][ T5831] team0: Port device team_slave_0 added [ 72.595696][ T5834] team0: Port device team_slave_0 added [ 72.605336][ T5831] team0: Port device team_slave_1 added [ 72.613525][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.626247][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.637850][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.648760][ T5834] team0: Port device team_slave_1 added [ 72.733243][ T51] Bluetooth: hci0: command tx timeout [ 72.733248][ T5848] Bluetooth: hci4: command tx timeout [ 72.760447][ T5835] team0: Port device team_slave_0 added [ 72.796752][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.803839][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.829864][ T5848] Bluetooth: hci3: command tx timeout [ 72.830130][ T5848] Bluetooth: hci2: command tx timeout [ 72.830241][ T5848] Bluetooth: hci1: command tx timeout [ 72.847222][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.865048][ T5841] hsr_slave_0: entered promiscuous mode [ 72.871363][ T5841] hsr_slave_1: entered promiscuous mode [ 72.879435][ T5835] team0: Port device team_slave_1 added [ 72.898001][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.905546][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.931600][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.944519][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.951453][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.977705][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.991461][ T5833] team0: Port device team_slave_0 added [ 72.998032][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.005334][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.031379][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.060729][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.068023][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.094300][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.115861][ T5833] team0: Port device team_slave_1 added [ 73.126624][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.134140][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.160194][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.285402][ T5831] hsr_slave_0: entered promiscuous mode [ 73.291623][ T5831] hsr_slave_1: entered promiscuous mode [ 73.298283][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 73.305235][ T5831] Cannot create hsr debugfs directory [ 73.334267][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.341364][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.367896][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.385959][ T5834] hsr_slave_0: entered promiscuous mode [ 73.393236][ T5834] hsr_slave_1: entered promiscuous mode [ 73.399291][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 73.405140][ T5834] Cannot create hsr debugfs directory [ 73.430794][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.438170][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.464494][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.555528][ T5835] hsr_slave_0: entered promiscuous mode [ 73.561740][ T5835] hsr_slave_1: entered promiscuous mode [ 73.568154][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 73.573913][ T5835] Cannot create hsr debugfs directory [ 73.690073][ T5833] hsr_slave_0: entered promiscuous mode [ 73.697042][ T5833] hsr_slave_1: entered promiscuous mode [ 73.703265][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 73.708984][ T5833] Cannot create hsr debugfs directory [ 74.121727][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.133475][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.158143][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.183540][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.246719][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 74.258160][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 74.267993][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 74.281238][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.351339][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 74.396911][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 74.408234][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 74.419317][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.468130][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 74.481674][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 74.525587][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.532955][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 74.563605][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 74.650742][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.665982][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.687519][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.714420][ T3426] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.721643][ T3426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.733052][ T3426] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.740183][ T3426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.751108][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.761960][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 74.797502][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.813468][ T5847] Bluetooth: hci4: command tx timeout [ 74.818896][ T5847] Bluetooth: hci0: command tx timeout [ 74.864009][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.878407][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.885650][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.895127][ T5847] Bluetooth: hci1: command tx timeout [ 74.902838][ T5847] Bluetooth: hci2: command tx timeout [ 74.908301][ T5847] Bluetooth: hci3: command tx timeout [ 74.949453][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.956626][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.037772][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.061372][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.099854][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.176619][ T1309] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.183801][ T1309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.197098][ T1309] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.204270][ T1309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.240894][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.280484][ T3426] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.287713][ T3426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.330751][ T3426] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.338043][ T3426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.387106][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.398847][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.475208][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.508126][ T1309] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.515282][ T1309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.596588][ T3426] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.603782][ T3426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.649966][ T5841] veth0_vlan: entered promiscuous mode [ 75.730339][ T5841] veth1_vlan: entered promiscuous mode [ 75.835888][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.898848][ T5841] veth0_macvtap: entered promiscuous mode [ 75.941859][ T5841] veth1_macvtap: entered promiscuous mode [ 75.999275][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.071628][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.086223][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.121655][ T5831] veth0_vlan: entered promiscuous mode [ 76.138087][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.190049][ T3995] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.199872][ T3995] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.230394][ T3995] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.239922][ T3995] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.259457][ T5831] veth1_vlan: entered promiscuous mode [ 76.268875][ T5834] veth0_vlan: entered promiscuous mode [ 76.315881][ T5835] veth0_vlan: entered promiscuous mode [ 76.329454][ T5834] veth1_vlan: entered promiscuous mode [ 76.351611][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.376609][ T5835] veth1_vlan: entered promiscuous mode [ 76.435617][ T5831] veth0_macvtap: entered promiscuous mode [ 76.485770][ T5831] veth1_macvtap: entered promiscuous mode [ 76.560191][ T1309] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.583831][ T1309] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.595931][ T5834] veth0_macvtap: entered promiscuous mode [ 76.618079][ T5835] veth0_macvtap: entered promiscuous mode [ 76.627537][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.686327][ T5834] veth1_macvtap: entered promiscuous mode [ 76.698487][ T5835] veth1_macvtap: entered promiscuous mode [ 76.718270][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.788567][ T1309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.797336][ T1309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.826816][ T64] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.849710][ T64] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.893053][ T5847] Bluetooth: hci0: command tx timeout [ 76.894167][ T51] Bluetooth: hci4: command tx timeout [ 76.913144][ T64] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.951566][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.974807][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.975609][ T51] Bluetooth: hci3: command tx timeout [ 76.982052][ T5847] Bluetooth: hci1: command tx timeout [ 76.987488][ T51] Bluetooth: hci2: command tx timeout [ 77.015183][ T64] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.040180][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 77.077920][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.091558][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.158844][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.184269][ T64] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.193252][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.213355][ T64] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.230281][ T5957] loop0: detected capacity change from 0 to 128 [ 77.285623][ T64] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.295497][ T64] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.305420][ T64] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.340637][ T64] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.356691][ T64] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.388558][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.397978][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.413370][ T64] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.464600][ T5833] veth0_vlan: entered promiscuous mode [ 77.541957][ T5833] veth1_vlan: entered promiscuous mode [ 77.575560][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.597711][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.680794][ T5963] loop0: detected capacity change from 0 to 512 [ 77.708022][ T5963] EXT4-fs: Ignoring removed mblk_io_submit option [ 77.725188][ T5833] veth0_macvtap: entered promiscuous mode [ 77.735582][ T5963] EXT4-fs: Ignoring removed bh option [ 77.772086][ T5963] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 77.790494][ T3508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.800966][ T5833] veth1_macvtap: entered promiscuous mode [ 77.820113][ T5963] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 77.836517][ T3508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.856919][ T3508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.879116][ T3508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.905046][ T5963] EXT4-fs (loop0): 1 truncate cleaned up [ 77.952765][ T5963] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.015745][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.032084][ T30] audit: type=1800 audit(1751522313.494:2): pid=5963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 78.053660][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.104802][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.300725][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.367757][ T30] audit: type=1326 audit(1751522313.834:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.393539][ T30] audit: type=1326 audit(1751522313.834:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.396271][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.439185][ T3995] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.480692][ T3995] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.521452][ T5974] loop3: detected capacity change from 0 to 2048 [ 78.522676][ T30] audit: type=1326 audit(1751522313.834:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.533022][ T3995] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.551781][ T30] audit: type=1326 audit(1751522313.844:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.584634][ T30] audit: type=1326 audit(1751522313.844:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.606942][ T30] audit: type=1326 audit(1751522313.844:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.628818][ T30] audit: type=1326 audit(1751522313.844:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.685198][ T30] audit: type=1326 audit(1751522313.844:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.709809][ T5978] loop0: detected capacity change from 0 to 512 [ 78.742943][ T30] audit: type=1326 audit(1751522313.874:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3e7f8e929 code=0x7ffc0000 [ 78.749972][ T5974] EXT4-fs (loop3): failed to initialize system zone (-117) [ 78.779836][ T5978] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.9: bg 0: block 16: invalid block bitmap [ 78.801919][ T5974] EXT4-fs (loop3): mount failed [ 78.822325][ T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.880035][ T5978] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 78.919422][ T5978] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.9: invalid indirect mapped block 5 (level 0) [ 78.974117][ T5847] Bluetooth: hci0: command tx timeout [ 78.979543][ T5847] Bluetooth: hci4: command tx timeout [ 79.002476][ T5978] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.9: invalid indirect mapped block 4294967295 (level 1) [ 79.055181][ T5847] Bluetooth: hci1: command tx timeout [ 79.056764][ T5848] Bluetooth: hci2: command tx timeout [ 79.061916][ T5847] Bluetooth: hci3: command tx timeout [ 79.105176][ T5978] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.9: invalid indirect mapped block 4294967295 (level 2) [ 79.177468][ T5988] loop3: detected capacity change from 0 to 512 [ 79.177539][ T5978] EXT4-fs (loop0): 1 truncate cleaned up [ 79.199468][ T5988] EXT4-fs: Ignoring removed nomblk_io_submit option [ 79.223374][ T5988] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 79.239300][ T5978] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.276333][ T5988] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 79.330808][ T5988] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 79.361535][ T5994] hub 9-0:1.0: USB hub found [ 79.362599][ T5988] EXT4-fs (loop3): 1 truncate cleaned up [ 79.397709][ T5988] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.398695][ T5994] hub 9-0:1.0: 1 port detected [ 79.420370][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.517785][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.548061][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.661267][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.708482][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.820626][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.021075][ T6003] loop1: detected capacity change from 0 to 128 [ 81.480969][ T6018] loop3: detected capacity change from 0 to 40427 [ 81.502956][ T6018] F2FS-fs (loop3): build fault injection rate: 16 [ 81.509584][ T6018] F2FS-fs (loop3): build fault injection type: 0x143 [ 81.521238][ T6018] F2FS-fs (loop3): invalid crc value [ 81.535595][ T9] cfg80211: failed to load regulatory.db [ 81.541775][ T6018] F2FS-fs (loop3): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x461d/0x6ed0 [ 81.551322][ T6018] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-12) [ 81.841081][ T6018] netlink: 48 bytes leftover after parsing attributes in process `syz.3.20'. [ 81.874820][ T6043] loop2: detected capacity change from 0 to 128 [ 81.918766][ T6041] loop3: detected capacity change from 0 to 1024 [ 81.927581][ T6041] ======================================================= [ 81.927581][ T6041] WARNING: The mand mount option has been deprecated and [ 81.927581][ T6041] and is ignored by this kernel. Remove the mand [ 81.927581][ T6041] option from the mount to silence this warning. [ 81.927581][ T6041] ======================================================= [ 81.957293][ T6043] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 81.999198][ T6041] hfsplus: bad catalog entry type [ 82.033451][ T6043] ext4 filesystem being mounted at /5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 82.239577][ T5831] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 82.263407][ T1309] hfsplus: b-tree write err: -5, ino 4 [ 82.403037][ T6054] loop2: detected capacity change from 0 to 128 [ 82.533565][ T6056] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.804677][ T6064] loop4: detected capacity change from 0 to 512 [ 82.812506][ T6064] EXT4-fs: Ignoring removed nomblk_io_submit option [ 83.139605][ T6064] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 83.602783][ T6064] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 83.744520][ T6064] EXT4-fs (loop4): 1 truncate cleaned up [ 83.753520][ T6064] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.831333][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 83.831347][ T30] audit: type=1326 audit(1751522319.304:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 83.845972][ T6078] loop2: detected capacity change from 0 to 128 [ 83.956363][ T6078] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 84.020846][ T6078] FAT-fs (loop2): Filesystem has been set read-only [ 84.047640][ T30] audit: type=1326 audit(1751522319.304:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 84.056503][ T6078] syz.2.38: attempt to access beyond end of device [ 84.056503][ T6078] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 84.070553][ T30] audit: type=1326 audit(1751522319.304:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 84.107787][ T30] audit: type=1326 audit(1751522319.304:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 84.130069][ T30] audit: type=1326 audit(1751522319.304:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 84.153132][ T30] audit: type=1326 audit(1751522319.304:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 84.182782][ T6078] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 84.196591][ T30] audit: type=1326 audit(1751522319.304:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 84.268109][ T6078] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 84.413828][ T6083] mmap: syz.1.37 (6083) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 84.538991][ T6078] syz.2.38: attempt to access beyond end of device [ 84.538991][ T6078] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 84.995143][ T30] audit: type=1326 audit(1751522319.304:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 85.087884][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.125824][ T6078] syz.2.38: attempt to access beyond end of device [ 85.125824][ T6078] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 85.140121][ T6078] syz.2.38: attempt to access beyond end of device [ 85.140121][ T6078] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 85.244457][ T30] audit: type=1326 audit(1751522319.304:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 85.278213][ T6078] syz.2.38: attempt to access beyond end of device [ 85.278213][ T6078] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 85.327122][ T30] audit: type=1326 audit(1751522319.304:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 85.491660][ T6087] loop4: detected capacity change from 0 to 1024 [ 86.443865][ T6096] 9pnet_fd: Insufficient options for proto=fd [ 86.614809][ T6098] Bluetooth: MGMT ver 1.23 [ 86.668011][ T6076] loop0: detected capacity change from 0 to 32768 [ 86.821588][ T6076] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/loop0": -EINTR [ 87.195072][ T6120] loop2: detected capacity change from 0 to 128 [ 87.272512][ T6121] hub 9-0:1.0: USB hub found [ 87.282851][ T6121] hub 9-0:1.0: 1 port detected [ 87.352609][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.669794][ T6127] 9pnet_fd: Insufficient options for proto=fd [ 89.402240][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 89.918691][ T6144] loop3: detected capacity change from 0 to 1024 [ 89.945958][ T6144] EXT4-fs: Ignoring removed nomblk_io_submit option [ 89.969685][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.041498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.072860][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.082646][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.091223][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.105211][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 90.105224][ T30] audit: type=1326 audit(1751522325.584:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.4.61" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4cbe78e929 code=0x0 [ 90.135964][ T6144] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.142681][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.267968][ T30] audit: type=1800 audit(1751522325.744:73): pid=6144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.58" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 90.371826][ T6158] loop1: detected capacity change from 0 to 512 [ 90.400880][ T6158] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.424049][ T6158] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 90.459398][ T6158] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 90.545040][ T6158] EXT4-fs (loop1): 1 truncate cleaned up [ 90.567736][ T6158] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.652649][ T6165] netlink: 32 bytes leftover after parsing attributes in process `syz.0.60'. [ 90.680463][ T6166] netlink: 32 bytes leftover after parsing attributes in process `syz.2.62'. [ 90.752119][ T30] audit: type=1326 audit(1751522326.224:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 90.786581][ T30] audit: type=1326 audit(1751522326.224:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 90.863703][ T30] audit: type=1326 audit(1751522326.254:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 90.913256][ T30] audit: type=1326 audit(1751522326.254:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 90.946067][ T30] audit: type=1326 audit(1751522326.254:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 90.969301][ T30] audit: type=1326 audit(1751522326.254:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 90.997353][ T30] audit: type=1326 audit(1751522326.254:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 91.004114][ T5835] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.062715][ T30] audit: type=1326 audit(1751522326.254:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.1.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75f3b8e929 code=0x7ffc0000 [ 91.206939][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.349515][ T6188] hub 9-0:1.0: USB hub found [ 91.380982][ T6190] 9pnet_fd: Insufficient options for proto=fd [ 91.407160][ T6188] hub 9-0:1.0: 1 port detected [ 91.562685][ T6193] loop4: detected capacity change from 0 to 128 [ 91.631822][ T6198] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000000a [ 91.666055][ T6193] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 91.716116][ T6193] FAT-fs (loop4): Filesystem has been set read-only [ 91.765113][ T6193] syz.4.67: attempt to access beyond end of device [ 91.765113][ T6193] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 91.832881][ T6193] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 91.840841][ T6193] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 91.877075][ T6193] syz.4.67: attempt to access beyond end of device [ 91.877075][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 91.891582][ T6193] syz.4.67: attempt to access beyond end of device [ 91.891582][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 91.972931][ T6193] syz.4.67: attempt to access beyond end of device [ 91.972931][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 91.976823][ T6201] bridge0: entered promiscuous mode [ 92.035464][ T6201] vlan2: entered promiscuous mode [ 92.052558][ T6193] syz.4.67: attempt to access beyond end of device [ 92.052558][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 92.114785][ T6193] syz.4.67: attempt to access beyond end of device [ 92.114785][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 92.168837][ T6193] syz.4.67: attempt to access beyond end of device [ 92.168837][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 92.202486][ T6193] syz.4.67: attempt to access beyond end of device [ 92.202486][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 92.223763][ T6193] syz.4.67: attempt to access beyond end of device [ 92.223763][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 92.267815][ T6193] syz.4.67: attempt to access beyond end of device [ 92.267815][ T6193] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 92.527749][ T6216] netlink: 'syz.2.72': attribute type 4 has an invalid length. [ 92.613032][ T6225] loop3: detected capacity change from 0 to 64 [ 92.857739][ T6225] overlayfs: upper fs needs to support d_type. [ 92.881529][ T6225] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 92.890504][ T6225] overlayfs: failed to set xattr on upper [ 92.896488][ T6225] overlayfs: ...falling back to redirect_dir=nofollow. [ 92.903480][ T6225] overlayfs: ...falling back to index=off. [ 92.909394][ T6225] overlayfs: ...falling back to uuid=null. [ 93.909447][ T6216] syz.2.72 (6216) used greatest stack depth: 19400 bytes left [ 94.182020][ T6231] loop4: detected capacity change from 0 to 1024 [ 94.228905][ T5834] VFS: Lookup of '.' in minix loop3 would have caused loop [ 94.232023][ T6231] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.274061][ T5834] VFS: Lookup of '.' in minix loop3 would have caused loop [ 94.405108][ T6231] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.916490][ T6251] hub 9-0:1.0: USB hub found [ 94.951272][ T6251] hub 9-0:1.0: 1 port detected [ 95.355571][ T3426] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.370792][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.606401][ T3426] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.092523][ T6268] loop2: detected capacity change from 0 to 1024 [ 97.269501][ T6268] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 97.338504][ T6268] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 97.348224][ T6268] EXT4-fs (loop2): orphan cleanup on readonly fs [ 97.371962][ T6268] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.86: bg 0: block 10: padding at end of block bitmap is not set [ 97.404477][ T6268] __quota_error: 44 callbacks suppressed [ 97.404510][ T6268] Quota error (device loop2): write_blk: dquota write failed [ 97.417785][ T6268] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 97.427668][ T6268] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 97.437661][ T6268] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.86: Failed to acquire dquot type 0 [ 97.451597][ T6268] Quota error (device loop2): write_blk: dquota write failed [ 97.459006][ T6268] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 97.468774][ T6268] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 97.478674][ T6268] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.86: Failed to acquire dquot type 0 [ 97.528725][ T6268] EXT4-fs error (device loop2): ext4_free_blocks:6587: comm syz.2.86: Freeing blocks not in datazone - block = 0, count = 4096 [ 97.551015][ T6268] Quota error (device loop2): write_blk: dquota write failed [ 97.562587][ T6268] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 97.571748][ T6268] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 97.582410][ T6268] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.86: Failed to acquire dquot type 0 [ 97.604420][ T6268] EXT4-fs (loop2): 1 orphan inode deleted [ 97.625710][ T6268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 97.700016][ T6276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.90'. [ 97.754214][ T3426] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.773312][ T6274] capability: warning: `syz.4.89' uses deprecated v2 capabilities in a way that may be insecure [ 97.894597][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.920541][ T6282] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000004 [ 98.131506][ T6286] serio: Serial port ptm1 [ 98.166862][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.181049][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 98.184219][ T6290] loop1: detected capacity change from 0 to 128 [ 98.198536][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.219725][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.230292][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.241732][ T3426] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.564254][ T30] audit: type=1326 audit(1751522334.044:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6294 comm="syz.2.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 98.672534][ T6304] netlink: 'syz.1.100': attribute type 4 has an invalid length. [ 98.812857][ T6306] netlink: 'syz.4.102': attribute type 10 has an invalid length. [ 99.037508][ T6308] loop0: detected capacity change from 0 to 1024 [ 99.117403][ T6309] netlink: 'syz.4.102': attribute type 10 has an invalid length. [ 99.400650][ T6309] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 99.478580][ T6308] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 99.499744][ T6308] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 99.508062][ T6308] EXT4-fs (loop0): orphan cleanup on readonly fs [ 99.515255][ T6306] bond0: (slave dummy0): Releasing backup interface [ 99.527929][ T6308] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.101: bg 0: block 10: padding at end of block bitmap is not set [ 99.551191][ T6308] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.101: Failed to acquire dquot type 0 [ 99.585186][ T6308] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.101: Failed to acquire dquot type 0 [ 99.599654][ T6308] EXT4-fs error (device loop0): ext4_free_blocks:6587: comm syz.0.101: Freeing blocks not in datazone - block = 0, count = 4096 [ 99.604219][ T6306] team0: Port device dummy0 added [ 99.614933][ T6308] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.101: Failed to acquire dquot type 0 [ 99.629845][ T6308] EXT4-fs (loop0): 1 orphan inode deleted [ 99.643193][ T6308] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 99.685584][ T3426] bridge_slave_1: left allmulticast mode [ 99.717317][ T3426] bridge_slave_1: left promiscuous mode [ 99.738487][ T3426] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.979511][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.204388][ T6320] loop2: detected capacity change from 0 to 1024 [ 100.221454][ T6320] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 100.244531][ T3426] bridge_slave_0: left allmulticast mode [ 100.260793][ T6320] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 100.270493][ T6320] EXT4-fs (loop2): orphan cleanup on readonly fs [ 100.306596][ T6320] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.104: bg 0: block 10: padding at end of block bitmap is not set [ 100.324760][ T6320] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.104: Failed to acquire dquot type 0 [ 100.339975][ T6320] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.104: Failed to acquire dquot type 0 [ 100.352129][ T5847] Bluetooth: hci2: command tx timeout [ 100.363543][ T6320] EXT4-fs error (device loop2): ext4_free_blocks:6587: comm syz.2.104: Freeing blocks not in datazone - block = 0, count = 4096 [ 100.381856][ T6320] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.104: Failed to acquire dquot type 0 [ 100.394449][ T6320] EXT4-fs (loop2): 1 orphan inode deleted [ 100.475008][ T3426] bridge_slave_0: left promiscuous mode [ 100.484429][ T6320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 100.504763][ T3426] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.555383][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.107'. [ 100.580591][ T6327] loop0: detected capacity change from 0 to 128 [ 100.814069][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.161783][ T6344] netlink: 'syz.2.112': attribute type 4 has an invalid length. [ 101.727919][ T3426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.753506][ T3426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.774189][ T3426] bond0 (unregistering): Released all slaves [ 101.812130][ T6324] veth0_macvtap: left promiscuous mode [ 102.382955][ T6367] loop2: detected capacity change from 0 to 1024 [ 102.422289][ T5847] Bluetooth: hci2: command tx timeout [ 102.661864][ T6369] netlink: 'syz.4.117': attribute type 10 has an invalid length. [ 102.737897][ T6370] netlink: 'syz.4.117': attribute type 10 has an invalid length. [ 102.827718][ T6367] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 102.866384][ T6367] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 102.874901][ T6367] EXT4-fs (loop2): orphan cleanup on readonly fs [ 102.887555][ T6367] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.115: bg 0: block 10: padding at end of block bitmap is not set [ 102.906319][ T6367] __quota_error: 46 callbacks suppressed [ 102.906333][ T6367] Quota error (device loop2): write_blk: dquota write failed [ 102.920616][ T6367] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 102.930634][ T6367] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 102.940629][ T6367] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.115: Failed to acquire dquot type 0 [ 102.954945][ T6367] Quota error (device loop2): write_blk: dquota write failed [ 102.962924][ T6367] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 102.964050][ T6370] team0: Port device dummy0 removed [ 102.973785][ T6367] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 102.987902][ T6367] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.115: Failed to acquire dquot type 0 [ 103.001434][ T6367] EXT4-fs error (device loop2): ext4_free_blocks:6587: comm syz.2.115: Freeing blocks not in datazone - block = 0, count = 4096 [ 103.019274][ T6370] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 103.032869][ T6367] Quota error (device loop2): write_blk: dquota write failed [ 103.040268][ T6367] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 103.049487][ T6367] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 103.059492][ T6367] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.115: Failed to acquire dquot type 0 [ 103.072393][ T6367] EXT4-fs (loop2): 1 orphan inode deleted [ 103.087295][ T6367] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 103.150609][ T6373] netlink: 'syz.1.118': attribute type 10 has an invalid length. [ 103.198596][ T6375] syz.4.119 uses obsolete (PF_INET,SOCK_PACKET) [ 103.206168][ T6376] netlink: 'syz.1.118': attribute type 10 has an invalid length. [ 103.250365][ T6373] team0: Port device dummy0 added [ 103.327335][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.544246][ T6376] team0: Port device dummy0 removed [ 103.567536][ T6376] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 103.753790][ T6395] netlink: 8 bytes leftover after parsing attributes in process `syz.2.121'. [ 103.781880][ T3426] hsr_slave_0: left promiscuous mode [ 103.798005][ T3426] hsr_slave_1: left promiscuous mode [ 103.812992][ T3426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.830801][ T3426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.843829][ T3426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.851448][ T3426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.878000][ T3426] veth1_macvtap: left promiscuous mode [ 103.892582][ T3426] veth0_macvtap: left promiscuous mode [ 103.905428][ T3426] veth1_vlan: left promiscuous mode [ 103.928510][ T3426] veth0_vlan: left promiscuous mode [ 104.273856][ T6408] netlink: 'syz.2.125': attribute type 4 has an invalid length. [ 104.492425][ T5847] Bluetooth: hci2: command tx timeout [ 104.561562][ T6412] loop1: detected capacity change from 0 to 4096 [ 104.579032][ T6412] ntfs3: Unknown parameter '017777777777777777777770x0000000000000000' [ 104.656117][ T3426] team0 (unregistering): Port device team_slave_1 removed [ 104.701509][ T3426] team0 (unregistering): Port device team_slave_0 removed [ 105.025969][ T6287] chnl_net:caif_netlink_parms(): no params data found [ 105.131093][ T6415] netlink: 24 bytes leftover after parsing attributes in process `syz.4.127'. [ 105.157293][ T6412] warning: `syz.1.126' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 105.226466][ T30] audit: type=1326 audit(1751522340.704:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6417 comm="syz.2.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913d78e929 code=0x7ffc0000 [ 106.473495][ T6427] loop2: detected capacity change from 0 to 1024 [ 106.573210][ T5847] Bluetooth: hci2: command tx timeout [ 106.633643][ T6427] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 106.700758][ T6427] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 106.711056][ T6427] EXT4-fs (loop2): orphan cleanup on readonly fs [ 106.744691][ T6427] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.129: bg 0: block 10: padding at end of block bitmap is not set [ 106.764377][ T6427] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.129: Failed to acquire dquot type 0 [ 106.779510][ T6427] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.129: Failed to acquire dquot type 0 [ 106.792389][ T6427] EXT4-fs error (device loop2): ext4_free_blocks:6587: comm syz.2.129: Freeing blocks not in datazone - block = 0, count = 4096 [ 106.944295][ T6427] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.129: Failed to acquire dquot type 0 [ 106.957693][ T6427] EXT4-fs (loop2): 1 orphan inode deleted [ 106.980228][ T6427] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 107.257976][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.296409][ T6437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.132'. [ 107.427790][ T6287] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.469835][ T6287] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.500674][ T6287] bridge_slave_0: entered allmulticast mode [ 107.559637][ T6287] bridge_slave_0: entered promiscuous mode [ 107.595348][ T6287] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.632355][ T6287] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.682507][ T6287] bridge_slave_1: entered allmulticast mode [ 107.702342][ T6287] bridge_slave_1: entered promiscuous mode [ 107.818846][ T6456] netlink: 12 bytes leftover after parsing attributes in process `syz.0.138'. [ 107.919899][ T6456] vlan2: entered promiscuous mode [ 107.966407][ T6456] bond0: entered promiscuous mode [ 107.995772][ T6456] bond_slave_0: entered promiscuous mode [ 108.034760][ T6456] bond_slave_1: entered promiscuous mode [ 108.398100][ T6287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.664985][ T6287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.617126][ T6472] netlink: 24 bytes leftover after parsing attributes in process `syz.1.141'. [ 109.638255][ T6287] team0: Port device team_slave_0 added [ 109.978892][ T6287] team0: Port device team_slave_1 added [ 110.083375][ T6480] loop0: detected capacity change from 0 to 1024 [ 110.202210][ T6480] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 110.318038][ T6480] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 110.328959][ T6480] EXT4-fs (loop0): orphan cleanup on readonly fs [ 110.368167][ T6480] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.142: bg 0: block 10: padding at end of block bitmap is not set [ 110.389010][ T6480] __quota_error: 60 callbacks suppressed [ 110.389049][ T6480] Quota error (device loop0): write_blk: dquota write failed [ 110.403416][ T6480] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 110.413432][ T6480] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 110.423646][ T6480] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.142: Failed to acquire dquot type 0 [ 110.455874][ T6480] Quota error (device loop0): write_blk: dquota write failed [ 110.464233][ T6480] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 110.473628][ T6480] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 110.483509][ T6480] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.142: Failed to acquire dquot type 0 [ 110.500873][ T6480] EXT4-fs error (device loop0): ext4_free_blocks:6587: comm syz.0.142: Freeing blocks not in datazone - block = 0, count = 4096 [ 110.515068][ T6480] Quota error (device loop0): write_blk: dquota write failed [ 110.522478][ T6480] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 110.531620][ T6480] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 110.541548][ T6480] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.142: Failed to acquire dquot type 0 [ 110.563092][ T6480] EXT4-fs (loop0): 1 orphan inode deleted [ 110.583665][ T6480] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 110.672855][ T6483] serio: Serial port ptm0 [ 110.867387][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.117161][ T6287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.236506][ T6287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.459753][ T6287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.554994][ T6287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.562441][ T6287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.588439][ C0] ================================================================== [ 111.588452][ C0] BUG: KASAN: slab-out-of-bounds in __cpa_flush_tlb+0x17e/0x270 [ 111.588477][ C0] Read of size 8 at addr ffff88807df6d900 by task syz-executor/6287 [ 111.588489][ C0] [ 111.588501][ C0] CPU: 0 UID: 0 PID: 6287 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 111.588517][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.588531][ C0] Call Trace: [ 111.588537][ C0] [ 111.588542][ C0] dump_stack_lvl+0x189/0x250 [ 111.588561][ C0] ? __kasan_check_byte+0x12/0x40 [ 111.588581][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.588598][ C0] ? lock_release+0x4b/0x3e0 [ 111.588615][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 111.588627][ C0] print_report+0xd2/0x2b0 [ 111.588643][ C0] ? __cpa_flush_tlb+0x17e/0x270 [ 111.588658][ C0] kasan_report+0x118/0x150 [ 111.588670][ C0] ? __cpa_flush_tlb+0x17e/0x270 [ 111.588688][ C0] __cpa_flush_tlb+0x17e/0x270 [ 111.588706][ C0] ? __pfx___cpa_flush_tlb+0x10/0x10 [ 111.588723][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 111.588741][ C0] ? __pfx___cpa_flush_tlb+0x10/0x10 [ 111.588758][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 111.588773][ C0] sysvec_call_function_single+0x9e/0xc0 [ 111.588791][ C0] [ 111.588796][ C0] [ 111.588801][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 111.588815][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 111.588828][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24 [ 111.588839][ C0] RSP: 0018:ffffc900036c69a0 EFLAGS: 00000293 [ 111.588852][ C0] RAX: 1ffffffff1d36b7b RBX: ffffffff8e9b5bd8 RCX: ffff888025921e00 [ 111.588862][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.588870][ C0] RBP: ffffc900036c6af0 R08: ffffffff8fa17c37 R09: 1ffffffff1f42f86 [ 111.588879][ C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: dffffc0000000000 [ 111.588889][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b5b80 [ 111.588905][ C0] ? console_flush_all+0x13a/0xc40 [ 111.588918][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 111.588934][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 111.588948][ C0] console_unlock+0xc4/0x270 [ 111.588966][ C0] ? __pfx_console_unlock+0x10/0x10 [ 111.588984][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 111.588998][ C0] vprintk_emit+0x5b7/0x7a0 [ 111.589016][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 111.589032][ C0] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 111.589051][ C0] _printk+0xcf/0x120 [ 111.589066][ C0] ? __pfx__printk+0x10/0x10 [ 111.589080][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 111.589093][ C0] batadv_hardif_enable_interface+0x7b9/0xa30 [ 111.589118][ C0] batadv_meshif_slave_add+0x79/0x100 [ 111.589133][ C0] do_set_master+0x533/0x6d0 [ 111.589151][ C0] do_setlink+0xcf0/0x41c0 [ 111.589165][ C0] ? __kernel_text_address+0xd/0x40 [ 111.589185][ C0] ? arch_stack_walk+0xfc/0x150 [ 111.589204][ C0] ? __pfx_do_setlink+0x10/0x10 [ 111.589223][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.589239][ C0] ? __mutex_trylock_common+0x153/0x260 [ 111.589258][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 111.589276][ C0] ? rcu_is_watching+0x15/0xb0 [ 111.589293][ C0] ? trace_contention_end+0x39/0x120 [ 111.589310][ C0] ? __mutex_lock+0x330/0xe80 [ 111.589322][ C0] ? __pfx_aa_get_newest_label+0x10/0x10 [ 111.589338][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.589357][ C0] ? rtnl_newlink+0x8db/0x1c70 [ 111.589369][ C0] ? rcu_is_watching+0x15/0xb0 [ 111.589385][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 111.589400][ C0] ? ns_capable+0x8a/0xf0 [ 111.589415][ C0] ? rtnl_link_get_net_capable+0x16a/0x350 [ 111.589430][ C0] rtnl_newlink+0x160b/0x1c70 [ 111.589446][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 111.589461][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.589479][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.589499][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 111.589516][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 111.589530][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 111.589546][ C0] ? kernel_text_address+0xa5/0xe0 [ 111.589559][ C0] ? __kernel_text_address+0xd/0x40 [ 111.589572][ C0] ? unwind_get_return_address+0x4d/0x90 [ 111.589592][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.589613][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 111.589625][ C0] rtnetlink_rcv_msg+0x7cf/0xb70 [ 111.589638][ C0] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 111.589650][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 111.589667][ C0] netlink_rcv_skb+0x208/0x470 [ 111.589680][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 111.589693][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 111.589709][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.589720][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.589734][ C0] netlink_unicast+0x75b/0x8d0 [ 111.589755][ C0] netlink_sendmsg+0x805/0xb30 [ 111.589770][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.589784][ C0] ? aa_sock_msg_perm+0xf1/0x1d0 [ 111.589800][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 111.589814][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.589827][ C0] __sock_sendmsg+0x219/0x270 [ 111.589846][ C0] __sys_sendto+0x3bd/0x520 [ 111.589859][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 111.589877][ C0] ? fput_close_sync+0x119/0x200 [ 111.589897][ C0] ? rcu_is_watching+0x15/0xb0 [ 111.589914][ C0] __x64_sys_sendto+0xde/0x100 [ 111.589929][ C0] do_syscall_64+0xfa/0x3b0 [ 111.589942][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.589954][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 111.589966][ C0] ? clear_bhb_loop+0x60/0xb0 [ 111.589980][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.589992][ C0] RIP: 0033:0x7f92281907bc [ 111.590006][ C0] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 111.590016][ C0] RSP: 002b:00007ffce23d4c30 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 111.590030][ C0] RAX: ffffffffffffffda RBX: 00007f9228ee4620 RCX: 00007f92281907bc [ 111.590039][ C0] RDX: 0000000000000028 RSI: 00007f9228ee4670 RDI: 0000000000000003 [ 111.590047][ C0] RBP: 0000000000000000 R08: 00007ffce23d4c84 R09: 000000000000000c [ 111.590054][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 111.590062][ C0] R13: 0000000000000000 R14: 00007f9228ee4670 R15: 0000000000000000 [ 111.590075][ C0] [ 111.590079][ C0] [ 111.590083][ C0] Allocated by task 6449: [ 111.590090][ C0] kasan_save_track+0x3e/0x80 [ 111.590106][ C0] __kasan_slab_alloc+0x6c/0x80 [ 111.590122][ C0] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 111.590140][ C0] dup_task_struct+0x52/0x860 [ 111.590156][ C0] copy_process+0x54b/0x3c00 [ 111.590171][ C0] kernel_clone+0x21e/0x870 [ 111.590191][ C0] __se_sys_clone3+0x256/0x2d0 [ 111.590201][ C0] do_syscall_64+0xfa/0x3b0 [ 111.590212][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.590223][ C0] [ 111.590226][ C0] Last potentially related work creation: [ 111.590232][ C0] kasan_save_stack+0x3e/0x60 [ 111.590247][ C0] kasan_record_aux_stack+0xbd/0xd0 [ 111.590260][ C0] task_work_add+0xb1/0x420 [ 111.590271][ C0] sched_tick+0x31b/0x950 [ 111.590283][ C0] update_process_times+0x270/0x2f0 [ 111.590295][ C0] tick_nohz_handler+0x39a/0x520 [ 111.590312][ C0] __hrtimer_run_queues+0x4dd/0xc60 [ 111.590327][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 111.590341][ C0] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 111.590358][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 111.590375][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.590387][ C0] [ 111.590391][ C0] The buggy address belongs to the object at ffff88807df6bc00 [ 111.590391][ C0] which belongs to the cache task_struct of size 7424 [ 111.590402][ C0] The buggy address is located 0 bytes to the right of [ 111.590402][ C0] allocated 7424-byte region [ffff88807df6bc00, ffff88807df6d900) [ 111.590416][ C0] [ 111.590420][ C0] The buggy address belongs to the physical page: [ 111.590429][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7df68 [ 111.590442][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 111.590452][ C0] memcg:ffff88802897a101 [ 111.590458][ C0] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 111.590474][ C0] page_type: f5(slab) [ 111.590487][ C0] raw: 00fff00000000040 ffff88801bad4500 ffffea0000b49000 dead000000000003 [ 111.590499][ C0] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff88802897a101 [ 111.590511][ C0] head: 00fff00000000040 ffff88801bad4500 ffffea0000b49000 dead000000000003 [ 111.590522][ C0] head: 0000000000000000 0000000000040004 00000000f5000000 ffff88802897a101 [ 111.590533][ C0] head: 00fff00000000003 ffffea0001f7da01 00000000ffffffff 00000000ffffffff [ 111.590544][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 111.590551][ C0] page dumped because: kasan: bad access detected [ 111.590562][ C0] page_owner tracks the page as allocated [ 111.590567][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5197, tgid 5197 (S02sysctl), ts 22645919920, free_ts 20355030603 [ 111.590590][ C0] post_alloc_hook+0x240/0x2a0 [ 111.590608][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 111.590621][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 111.590634][ C0] alloc_pages_mpol+0x232/0x4a0 [ 111.590651][ C0] allocate_slab+0x8a/0x370 [ 111.590663][ C0] ___slab_alloc+0xbeb/0x1410 [ 111.590674][ C0] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 111.590691][ C0] dup_task_struct+0x52/0x860 [ 111.590706][ C0] copy_process+0x54b/0x3c00 [ 111.590721][ C0] kernel_clone+0x21e/0x870 [ 111.590737][ C0] __x64_sys_clone+0x18b/0x1e0 [ 111.590746][ C0] do_syscall_64+0xfa/0x3b0 [ 111.590757][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.590768][ C0] page last free pid 1 tgid 1 stack trace: [ 111.590775][ C0] __free_frozen_pages+0xb80/0xd80 [ 111.590786][ C0] free_contig_range+0x1bd/0x4a0 [ 111.590800][ C0] destroy_args+0x7e/0x5d0 [ 111.590812][ C0] debug_vm_pgtable+0x3fa/0x430 [ 111.590829][ C0] do_one_initcall+0x233/0x820 [ 111.590839][ C0] do_initcall_level+0x137/0x1f0 [ 111.590854][ C0] do_initcalls+0x69/0xd0 [ 111.590866][ C0] kernel_init_freeable+0x3d9/0x570 [ 111.590880][ C0] kernel_init+0x1d/0x1d0 [ 111.590893][ C0] ret_from_fork+0x3fc/0x770 [ 111.590907][ C0] ret_from_fork_asm+0x1a/0x30 [ 111.590918][ C0] [ 111.590922][ C0] Memory state around the buggy address: [ 111.590930][ C0] ffff88807df6d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 111.590939][ C0] ffff88807df6d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 111.590948][ C0] >ffff88807df6d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.590955][ C0] ^ [ 111.590961][ C0] ffff88807df6d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.590970][ C0] ffff88807df6da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.590977][ C0] ================================================================== [ 111.590988][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 111.590997][ C0] CPU: 0 UID: 0 PID: 6287 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 111.591013][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.591020][ C0] Call Trace: [ 111.591025][ C0] [ 111.591030][ C0] dump_stack_lvl+0x99/0x250 [ 111.591049][ C0] ? __asan_memcpy+0x40/0x70 [ 111.591064][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.591082][ C0] ? __pfx__printk+0x10/0x10 [ 111.591099][ C0] panic+0x2db/0x790 [ 111.591118][ C0] ? __pfx_panic+0x10/0x10 [ 111.591137][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 111.591150][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 111.591168][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 111.591192][ C0] ? __cpa_flush_tlb+0x17e/0x270 [ 111.591208][ C0] check_panic_on_warn+0x89/0xb0 [ 111.591222][ C0] ? __cpa_flush_tlb+0x17e/0x270 [ 111.591237][ C0] end_report+0x78/0x160 [ 111.591248][ C0] kasan_report+0x129/0x150 [ 111.591261][ C0] ? __cpa_flush_tlb+0x17e/0x270 [ 111.591280][ C0] __cpa_flush_tlb+0x17e/0x270 [ 111.591298][ C0] ? __pfx___cpa_flush_tlb+0x10/0x10 [ 111.591316][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 111.591333][ C0] ? __pfx___cpa_flush_tlb+0x10/0x10 [ 111.591351][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 111.591365][ C0] sysvec_call_function_single+0x9e/0xc0 [ 111.591383][ C0] [ 111.591388][ C0] [ 111.591393][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 111.591406][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 111.591418][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24 [ 111.591429][ C0] RSP: 0018:ffffc900036c69a0 EFLAGS: 00000293 [ 111.591441][ C0] RAX: 1ffffffff1d36b7b RBX: ffffffff8e9b5bd8 RCX: ffff888025921e00 [ 111.591451][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.591459][ C0] RBP: ffffc900036c6af0 R08: ffffffff8fa17c37 R09: 1ffffffff1f42f86 [ 111.591469][ C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: dffffc0000000000 [ 111.591478][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b5b80 [ 111.591494][ C0] ? console_flush_all+0x13a/0xc40 [ 111.591508][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 111.591523][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 111.591538][ C0] console_unlock+0xc4/0x270 [ 111.591556][ C0] ? __pfx_console_unlock+0x10/0x10 [ 111.591574][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 111.591589][ C0] vprintk_emit+0x5b7/0x7a0 [ 111.591607][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 111.591623][ C0] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 111.591642][ C0] _printk+0xcf/0x120 [ 111.591657][ C0] ? __pfx__printk+0x10/0x10 [ 111.591671][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 111.591685][ C0] batadv_hardif_enable_interface+0x7b9/0xa30 [ 111.591708][ C0] batadv_meshif_slave_add+0x79/0x100 [ 111.591723][ C0] do_set_master+0x533/0x6d0 [ 111.591740][ C0] do_setlink+0xcf0/0x41c0 [ 111.591754][ C0] ? __kernel_text_address+0xd/0x40 [ 111.591769][ C0] ? arch_stack_walk+0xfc/0x150 [ 111.591788][ C0] ? __pfx_do_setlink+0x10/0x10 [ 111.591807][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.591824][ C0] ? __mutex_trylock_common+0x153/0x260 [ 111.591843][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 111.591862][ C0] ? rcu_is_watching+0x15/0xb0 [ 111.591879][ C0] ? trace_contention_end+0x39/0x120 [ 111.591896][ C0] ? __mutex_lock+0x330/0xe80 [ 111.591909][ C0] ? __pfx_aa_get_newest_label+0x10/0x10 [ 111.591924][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.591944][ C0] ? rtnl_newlink+0x8db/0x1c70 [ 111.591956][ C0] ? rcu_is_watching+0x15/0xb0 [ 111.591973][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 111.591988][ C0] ? ns_capable+0x8a/0xf0 [ 111.592004][ C0] ? rtnl_link_get_net_capable+0x16a/0x350 [ 111.592019][ C0] rtnl_newlink+0x160b/0x1c70 [ 111.592036][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 111.592051][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.592069][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.592090][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 111.592107][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 111.592121][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 111.592138][ C0] ? kernel_text_address+0xa5/0xe0 [ 111.592151][ C0] ? __kernel_text_address+0xd/0x40 [ 111.592164][ C0] ? unwind_get_return_address+0x4d/0x90 [ 111.592193][ C0] ? __lock_acquire+0xab9/0xd20 [ 111.592220][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 111.592232][ C0] rtnetlink_rcv_msg+0x7cf/0xb70 [ 111.592246][ C0] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 111.592258][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 111.592276][ C0] netlink_rcv_skb+0x208/0x470 [ 111.592288][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 111.592301][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 111.592318][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.592330][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.592345][ C0] netlink_unicast+0x75b/0x8d0 [ 111.592367][ C0] netlink_sendmsg+0x805/0xb30 [ 111.592383][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.592397][ C0] ? aa_sock_msg_perm+0xf1/0x1d0 [ 111.592413][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 111.592428][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.592441][ C0] __sock_sendmsg+0x219/0x270 [ 111.592460][ C0] __sys_sendto+0x3bd/0x520 [ 111.592474][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 111.592492][ C0] ? fput_close_sync+0x119/0x200 [ 111.592512][ C0] ? rcu_is_watching+0x15/0xb0 [ 111.592529][ C0] __x64_sys_sendto+0xde/0x100 [ 111.592544][ C0] do_syscall_64+0xfa/0x3b0 [ 111.592557][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.592569][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 111.592582][ C0] ? clear_bhb_loop+0x60/0xb0 [ 111.592596][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.592609][ C0] RIP: 0033:0x7f92281907bc [ 111.592619][ C0] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 111.592630][ C0] RSP: 002b:00007ffce23d4c30 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 111.592643][ C0] RAX: ffffffffffffffda RBX: 00007f9228ee4620 RCX: 00007f92281907bc [ 111.592653][ C0] RDX: 0000000000000028 RSI: 00007f9228ee4670 RDI: 0000000000000003 [ 111.592661][ C0] RBP: 0000000000000000 R08: 00007ffce23d4c84 R09: 000000000000000c [ 111.592669][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 111.592677][ C0] R13: 0000000000000000 R14: 00007f9228ee4670 R15: 0000000000000000 [ 111.592690][ C0] [ 111.592924][ C0] Kernel Offset: disabled