last executing test programs: 3.179749008s ago: executing program 3 (id=718): r0 = socket$inet(0x2, 0x800, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000100)={@rand_addr=0x64010182, @loopback}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00'], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000001040)=@raw={'raw\x00', 0x8, 0x3, 0x500, 0x0, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x430, 0xffffffff, 0xffffffff, 0x430, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0xffffff00, 0xff, 0xff], [0xff000000, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1e8, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x4, 0x7a3, 0x6, 'snmp_trap\x00', {0x369bc443}}}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x23}, [0xffffff00, 0xffffffff, 0x0, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffffff, 0xff000000], 'dvmrp0\x00', 'bridge_slave_1\x00', {}, {0xff}, 0x2b, 0x2, 0x5, 0x5}, 0x0, 0x228, 0x248, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv4=@empty, [0xaaab4584fd44661c, 0xffffff00, 0x0, 0xffffff], @ipv6=@ipv4={'\x00', '\xff\xff', @multicast2}, [0xffffffff, 0xffffffff, 0xff000000, 0xffffffff], 0x4d4, 0x3506, 0xff, 0x1, 0x6, 0x9}, {@ipv4=@broadcast, [0xffffff00, 0x1fe, 0xffffff00, 0xff000000], @ipv4=@rand_addr=0x64010101, [0xff, 0x0, 0x0, 0xffffff00], 0x4d5, 0x3505, 0x32, 0x0, 0x4e8535f9bc1af85f, 0x10}, {@ipv6=@loopback, [0xff000000, 0x0, 0x0, 0xff000000], @ipv4=@private=0xa010102, [0xffffff00, 0xffffff00, 0xff, 0xff000000], 0x4d6, 0x0, 0x5c, 0x1, 0x12, 0x17}, {@ipv6=@remote, [0xff000000, 0xff000000, 0xffffffff, 0xff000000], @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, [0xff000000, 0xffffffff, 0xffffffff, 0xffffffff], 0x4d6, 0x3500, 0x5e, 0x1, 0x0, 0xf}], 0x5, 0x4}}, @inet=@rpfilter={{0x28}, {0x1c}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x576) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x1, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRESHEX], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$key(r3, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080) 2.769868955s ago: executing program 3 (id=722): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg', 0x3) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 1.755316367s ago: executing program 3 (id=726): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) write$tun(r0, &(0x7f0000000b40)=ANY=[@ANYBLOB="00008100ffffffffffffaaaaaaaaaa438100020008004500fdea4000e000032f90780a010101e00000018e01"], 0x32) 1.722350338s ago: executing program 1 (id=728): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newsa={0x13c, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3a}, {@in, 0x0, 0x33}, @in=@local, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x8000000, 0x200}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0x4c, 0x14, {{'md5\x00'}, 0x0, 0x18}}]}, 0x13c}}, 0x800) 1.621423562s ago: executing program 0 (id=729): add_key$fscrypt_v1(&(0x7f0000001000), &(0x7f0000000000)={'fscrypt:', @auto=[0x3a, 0x66, 0x63, 0x35, 0x66, 0x39, 0x62, 0x36, 0x31, 0x31, 0x61, 0x36, 0x62, 0x39, 0x32, 0x32]}, &(0x7f0000001080)={0x0, "ddbccf094c5457df7a3f7457a4e81d59f6bffca5bf7c026c91255969954a3cec19ae878c0ca3fce72e29df4e4dbd001eb127ffbed6cc47890c19c3edc50daa56", 0x26}, 0x48, 0xfffffffffffffffe) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)='\a', 0x1}], 0x1}, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r3, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x1500) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x710, 0x0, 0x410, 0x0, 0x2f8, 0x2f8, 0x640, 0x640, 0x640, 0x640, 0x640, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0x200, 0x228, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x8, 0x5, 0x3c, 0x97, 0x6, 0x401, 0x4, 0x120e, 0x18, 0x40}, {0x5}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@eui64={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x770) 1.604539403s ago: executing program 2 (id=730): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 1.595537593s ago: executing program 1 (id=731): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) utime(0x0, 0x0) 1.565651445s ago: executing program 0 (id=732): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r1, 0x1, 0x6, @broadcast}, 0x10) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x3, 0x0, 0x8, @local, @local, 0x1, 0x7, 0x202, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'syztnl1\x00', 0x0}) 1.44098947s ago: executing program 1 (id=733): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x700, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) writev(r5, 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 1.44075916s ago: executing program 3 (id=734): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000b00)=ANY=[@ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095db17d68c87111070c647c4c3471670337be3ac44b97071d962c82995e4c08173791af58cd289f6dccc29ca70cf9b53a06bb676caa615df7612a7ef028069060eae45f73ec0d2d454a902a1c3bc1fda9c0d9d6d9361f74206677aa767b581673b0309ddc7d676c53bd00d1d483d8b46f0c607fc8122736e74bd9dc9993fc3d17c9ae1b24832a7472eaa08db291ee0ea2b930aacf45ea0b7a43b6a6785b3c91a9510121189e2f9ae8375bd70286d0307fe2e1c9ccf4bafec124b1eae07bbc9e2251fe4e7f4871fa62142c082fb4923c4eb1457e54618e23731eea2e390430283da70cdb00cd9a5c6be927ebc8e5f101a1a5b722da68ac125c3f63964229e6fdc11f7e2fdba9bd79a4cd2"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r3}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) r5 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r5, &(0x7f0000000000), 0x10) close(r5) 1.4404713s ago: executing program 2 (id=735): creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x28001, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x69, 0xffffffffffffffff, {0x4}}, './file0\x00'}) 1.351313584s ago: executing program 3 (id=736): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) write(r0, &(0x7f0000000280)="e8bd8a4c56281ba2ba42cfa5b9fe5fc6dcde2ee431f5595ceadb9a2c95e57f15ee4a83f9e7d78ea996f78bd588bedcdbc730d6d15df6d2a26ca4e55e97ed0522a190ce241a37bad3317fba7e4be3dbbfec5e2f401b5658cc8fda", 0xffffffe5) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x1, 0xb, 0x9, 0x2, 0x4, "3bc9a3558fc50251a1a8a1000000ddff00", 0x3, 0xcb}) 1.320950925s ago: executing program 2 (id=737): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a01040000000c000000000a0000040900010073797a31eeffffff08000540000000020900020073797a310000000008000a"], 0xa4}}, 0x40) 1.21023884s ago: executing program 2 (id=738): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f00000005c0)="2fbe88dc57fe23cd694f1a15f7d58d62034f", 0x5c}, {&(0x7f0000000340)="2a62d479f5c585a775d72b92fb3e5647296c0bc4270a25d9ce4d5642d6a10c001e67f2adb64da2f38507542662ef56d8acb76836b9b62a7c6f2f216bd5506777860a0ae745af23366624477a0a13f49c08c83747c29fec51911e076c497560735f9e6c300c6f767184bcd6bb45419fa64d602e6b5cea5975996488"}], 0x94, 0x2) 1.20896581s ago: executing program 0 (id=739): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x10}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7fff}, 0x18) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) close(r2) 469.69474ms ago: executing program 2 (id=740): add_key$fscrypt_v1(&(0x7f0000001000), &(0x7f0000000000)={'fscrypt:', @auto=[0x3a, 0x66, 0x63, 0x35, 0x66, 0x39, 0x62, 0x36, 0x31, 0x31, 0x61, 0x36, 0x62, 0x39, 0x32, 0x32]}, &(0x7f0000001080)={0x0, "ddbccf094c5457df7a3f7457a4e81d59f6bffca5bf7c026c91255969954a3cec19ae878c0ca3fce72e29df4e4dbd001eb127ffbed6cc47890c19c3edc50daa56", 0x26}, 0x48, 0xfffffffffffffffe) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)='\a', 0x1}], 0x1}, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r3, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x1500) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x710, 0x0, 0x410, 0x0, 0x2f8, 0x2f8, 0x640, 0x640, 0x640, 0x640, 0x640, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0x200, 0x228, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x8, 0x5, 0x3c, 0x97, 0x6, 0x401, 0x4, 0x120e, 0x18, 0x40}, {0x5}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@eui64={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x770) 451.292691ms ago: executing program 0 (id=741): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x115}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0xfd, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000039000900000000000000000001000000040000000c0001800600000005470000080002"], 0x38}}, 0x0) 409.229983ms ago: executing program 1 (id=742): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000001a00)={0x268, 0x1, 0x5, 0x301, 0x0, 0x0, {0x2, 0x0, 0x4}, [{{0x254, 0x1, {{0x2, 0x4}, 0x1, 0x6, 0xaa, 0x6, 0x10, 'syz1\x00', "de0c2b758436f496b259d7c476c7e7cf53325477bafb3ed3a6a54d19f6040de5", "bc65f38604636398d4dbd3e7ac2e4a4f6e3d6baea02c54c6c2b0c9dc55378109", [{0x7, 0x9, {0x6111ccacc21301c2, 0x3ff}}, {0x5, 0x225d, {0x2, 0x3}}, {0x4, 0x1, {0x3, 0x7}}, {0x94, 0xffff, {0x1, 0x7}}, {0xc, 0x401, {0x3, 0x5}}, {0x6, 0xa59a, {0x1, 0x7}}, {0x0, 0x6, {0x2}}, {0x7, 0x1020, {0x0, 0x8000}}, {0x8, 0x4, {0x2, 0x2}}, {0x8001, 0x8, {0x2, 0xa}}, {0x8, 0x20, {0x0, 0x3e}}, {0x180, 0x10, {0x0, 0x494}}, {0x2, 0x5, {0x1, 0x3ff}}, {0xa3, 0x3ff, {0x2, 0x81}}, {0x80, 0xb, {0x0, 0x7ff}}, {0xfffe, 0x2, {0x3}}, {0x7, 0x0, {0x2, 0x9}}, {0x3, 0x3, {0x2, 0x171}}, {0x8, 0x0, {0x2, 0x5}}, {0xfffa, 0x800, {0x3, 0x932a}}, {0x2, 0x6, {0x3, 0x200}}, {0xe, 0x100, {0x0, 0x9}}, {0x7fff, 0xcf, {0x0, 0x9}}, {0x101, 0x7, {0x3, 0x80000001}}, {0x5, 0x3, {0x3, 0x4}}, {0x5, 0x81, {0x0, 0x5}}, {0x4, 0x8, {0x3, 0xffffffff}}, {0xf, 0x0, {0x0, 0x2}}, {0x0, 0xdb8, {0x0, 0xf9e}}, {0x1, 0x4, {0x3, 0xb56b}}, {0x3, 0xffff, {0x2, 0xffffd44b}}, {0x0, 0x9, {0x1, 0x1c79}}, {0x7, 0x4, {0x3, 0xf}}, {0x2, 0x1, {0x0, 0x4}}, {0x3, 0x3, {0x2}}, {0x5526, 0x7, {0x2, 0x5}}, {0xd90, 0x3a7, {0x3, 0xb38}}, {0x2, 0x800, {0x0, 0x7}}, {0x7, 0x80, {0x2, 0x9}}, {0x4, 0x5, {0x1, 0xfffffffb}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x51}, 0x80) 330.942516ms ago: executing program 3 (id=743): openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xb) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYRES16], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f600000085"], 0x0, 0x0, 0x0, 0x0, 0x20780, 0x40, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='rxrpc_call_reset\x00', r1, 0x0, 0x1}, 0x18) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000840)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x1}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x2, 0x1}, 0x10) sendmsg$tipc(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000090}, 0x95) r4 = dup3(r2, r3, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000faffffff840000002d00000095ef"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c00018006000180"], 0x38}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x4000000) socket$kcm(0x11, 0x200000000000002, 0x300) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000940)=ANY=[], 0x361, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x67, '\x00', 0x0, 0x2}, 0x94) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) 245.69085ms ago: executing program 1 (id=744): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000b00)=ANY=[@ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095db17d68c87111070c647c4c3471670337be3ac44b97071d962c82995e4c08173791af58cd289f6dccc29ca70cf9b53a06bb676caa615df7612a7ef028069060eae45f73ec0d2d454a902a1c3bc1fda9c0d9d6d9361f74206677aa767b581673b0309ddc7d676c53bd00d1d483d8b46f0c607fc8122736e74bd9dc9993fc3d17c9ae1b24832a7472eaa08db291ee0ea2b930aacf45ea0b7a43b6a6785b3c91a9510121189e2f9ae8375bd70286d0307fe2e1c9ccf4bafec124b1eae07bbc9e2251fe4e7f4871fa62142c082fb4923c4eb1457e54618e23731eea2e390430283da70cdb00cd9a5c6be927ebc8e5f101a1a5b722da68ac125c3f63964229e6fdc11f7e2fdba9bd79a4cd2"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r3}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) r5 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r5, &(0x7f0000000000), 0x10) close(r5) 211.035891ms ago: executing program 2 (id=745): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x401}, 0x11) socket$nl_route(0x10, 0x3, 0x0) close(r0) 193.569822ms ago: executing program 0 (id=746): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a01040000000c000000000a0000040900010073797a31eeffffff08000540000000020900020073797a310000000008000a"], 0xa4}}, 0x40) 192.999672ms ago: executing program 1 (id=747): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50) utime(0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @remote, 0x7}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xd}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000880)={r4, @in6={{0x2, 0x4e1e, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x24}}, 0x1}}, 0x4}, &(0x7f0000000300)=0x90) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)={0x44, 0x33, 0x100, 0x70bd26, 0x25dfdbfb, "", [@nested={0x32, 0x149, 0x0, 0x1, [@generic="a6351f7a2da1202628c49a8918fd37745b3b1470a5100e936f821ada5d0eeb8aa6ea44004e699e817483c3fd1542"]}]}, 0x44}], 0x1}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000280)='G', 0x1}], 0x1, 0x0, 0x0, 0x11000000}, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000540)) ptrace$cont(0x20, r5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r6}, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd2d, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x3000000, 0x40000000}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8000, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x800000, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x470a, 0x0, 0x8000000}, {}, {0x2, 0x0, 0x0, 0x0, 0x6, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x1, 0x0, 0xfff}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x8}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x20000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x60569add}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0xffffffff, 0x9}, {0x0, 0x0, 0x0, 0x0, 0xfffff800}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0xfffffffd}, {}, {0x0, 0x9, 0x0, 0xffffffff, 0x0, 0x2}, {}, {0x80}, {0x80}, {0x0, 0x0, 0x0, 0x5, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x2, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x8, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x8510}, {0xffff}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x9}, {0x0, 0xfffffffc, 0x200}, {0x0, 0x0, 0x0, 0x200}, {}, {0x4}, {}, {0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x3}, {0x0, 0x0, 0x0, 0x4, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x7}, {0x0, 0xb}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, {0x0, 0x0, 0x0, 0xec33, 0x0, 0x4}, {}, {0xb, 0x0, 0x0, 0x0, 0x0, 0xfe1}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x40}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {0x0, 0x8, 0x0, 0x0, 0xfffffffe}, {0x0, 0x2, 0x2000000, 0x2, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0xe9d, 0x58a}, {0x2}, {0x2, 0x9, 0x20000000}, {0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0xe600, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x7, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0xfffffffb, 0x0, 0x0, 0x0, 0x8000}, {0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x2d, 0x0, 0x10000}, {0x0, 0x0, 0x8000}, {0x0, 0x8000}, {0x0, 0x0, 0x10000}, {0x0, 0x80000000, 0x0, 0x7fff800, 0x4}, {0x0, 0x3}, {0xffffffff, 0x0, 0x0, 0x0, 0xd}], [{}, {}, {0x0, 0x1}, {0x1}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5, 0x1}, {}, {0x4}, {0x3}, {}, {}, {}, {}, {}, {0x0, 0xd2567cebc94f9b4}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {}, {0x5, 0x1}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 0s ago: executing program 0 (id=748): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="0303000000000000000006000000080003"], 0x1c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts. [ 58.774068][ T5774] cgroup: Unknown subsys name 'net' [ 58.909632][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 60.318848][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.431807][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.440448][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.448854][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.464191][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.471748][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.488224][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.494463][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.496869][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.510448][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.518153][ T5787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.525434][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.529010][ T5795] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.541939][ T5795] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.550752][ T5795] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.558369][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.562688][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.566796][ T5795] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.581220][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.588668][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.596094][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.599141][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.611073][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.613310][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.618753][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.034131][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 63.079702][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 63.194417][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.202572][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.211027][ T5785] bridge_slave_0: entered allmulticast mode [ 63.217954][ T5785] bridge_slave_0: entered promiscuous mode [ 63.226615][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 63.237091][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.244255][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.251435][ T5785] bridge_slave_1: entered allmulticast mode [ 63.258624][ T5785] bridge_slave_1: entered promiscuous mode [ 63.351357][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.368995][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.378495][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.385849][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.394574][ T5788] bridge_slave_0: entered allmulticast mode [ 63.401650][ T5788] bridge_slave_0: entered promiscuous mode [ 63.430435][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.437910][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.446562][ T5788] bridge_slave_1: entered allmulticast mode [ 63.453844][ T5788] bridge_slave_1: entered promiscuous mode [ 63.474185][ T5785] team0: Port device team_slave_0 added [ 63.510957][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 63.522713][ T5785] team0: Port device team_slave_1 added [ 63.539998][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.547465][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.555923][ T5784] bridge_slave_0: entered allmulticast mode [ 63.562653][ T5784] bridge_slave_0: entered promiscuous mode [ 63.598903][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.606237][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.613954][ T5784] bridge_slave_1: entered allmulticast mode [ 63.620608][ T5784] bridge_slave_1: entered promiscuous mode [ 63.629071][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.641132][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.666287][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.673607][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.699819][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.735906][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.744440][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.771198][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.830524][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.844239][ T5788] team0: Port device team_slave_0 added [ 63.852302][ T5788] team0: Port device team_slave_1 added [ 63.870726][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.900968][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.908646][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.916416][ T5790] bridge_slave_0: entered allmulticast mode [ 63.923247][ T5790] bridge_slave_0: entered promiscuous mode [ 63.969128][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.976294][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.983949][ T5790] bridge_slave_1: entered allmulticast mode [ 63.990622][ T5790] bridge_slave_1: entered promiscuous mode [ 64.019793][ T5785] hsr_slave_0: entered promiscuous mode [ 64.026835][ T5785] hsr_slave_1: entered promiscuous mode [ 64.034923][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.041879][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.068007][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.081503][ T5784] team0: Port device team_slave_0 added [ 64.091090][ T5784] team0: Port device team_slave_1 added [ 64.109224][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.116505][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.142446][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.186478][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.198257][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.223112][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.230090][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.257110][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.299770][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.306924][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.333147][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.388459][ T5788] hsr_slave_0: entered promiscuous mode [ 64.395370][ T5788] hsr_slave_1: entered promiscuous mode [ 64.401407][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.409421][ T5788] Cannot create hsr debugfs directory [ 64.419125][ T5790] team0: Port device team_slave_0 added [ 64.431180][ T5790] team0: Port device team_slave_1 added [ 64.501974][ T5784] hsr_slave_0: entered promiscuous mode [ 64.508655][ T5784] hsr_slave_1: entered promiscuous mode [ 64.516266][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.525274][ T5784] Cannot create hsr debugfs directory [ 64.549527][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.556792][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.582960][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.595702][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.602664][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.629013][ T51] Bluetooth: hci0: command tx timeout [ 64.634881][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.703232][ T5792] Bluetooth: hci2: command tx timeout [ 64.703248][ T5800] Bluetooth: hci3: command tx timeout [ 64.709743][ T51] Bluetooth: hci1: command tx timeout [ 64.799381][ T5790] hsr_slave_0: entered promiscuous mode [ 64.806005][ T5790] hsr_slave_1: entered promiscuous mode [ 64.812142][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.819946][ T5790] Cannot create hsr debugfs directory [ 64.960188][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.995354][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.005438][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.039457][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.114236][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.124870][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.157362][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.177317][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.229709][ T5784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.241895][ T5784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.264706][ T5784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.275859][ T5784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.398327][ T5790] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.411746][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.431834][ T5790] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.449224][ T5790] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.459999][ T5790] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 65.497044][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.510162][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.517511][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.558191][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.565458][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.623692][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.662237][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.679565][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.695835][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.703006][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.745356][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.775642][ T3500] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.782822][ T3500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.796469][ T3500] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.803675][ T3500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.851421][ T3500] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.858608][ T3500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.912772][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.986333][ T5784] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.013245][ T5784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.034120][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.095775][ T3435] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.102978][ T3435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.122707][ T3435] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.129919][ T3435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.198060][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.325518][ T5785] veth0_vlan: entered promiscuous mode [ 66.361495][ T5785] veth1_vlan: entered promiscuous mode [ 66.373579][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.496945][ T5785] veth0_macvtap: entered promiscuous mode [ 66.510742][ T5785] veth1_macvtap: entered promiscuous mode [ 66.548765][ T5788] veth0_vlan: entered promiscuous mode [ 66.565134][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.580721][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.602495][ T5788] veth1_vlan: entered promiscuous mode [ 66.631316][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.658604][ T5785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.668125][ T5785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.680220][ T5785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.689401][ T5785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.703455][ T51] Bluetooth: hci0: command tx timeout [ 66.744531][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.761182][ T5788] veth0_macvtap: entered promiscuous mode [ 66.771875][ T5784] veth0_vlan: entered promiscuous mode [ 66.783665][ T51] Bluetooth: hci2: command tx timeout [ 66.783829][ T5792] Bluetooth: hci1: command tx timeout [ 66.789083][ T5800] Bluetooth: hci3: command tx timeout [ 66.838943][ T5784] veth1_vlan: entered promiscuous mode [ 66.858597][ T5788] veth1_macvtap: entered promiscuous mode [ 66.883451][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.894228][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.909652][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.946420][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.957403][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.970795][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.003516][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.004137][ T3435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.012241][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.027150][ T3435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.040767][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.049806][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.091041][ T5790] veth0_vlan: entered promiscuous mode [ 67.129186][ T5790] veth1_vlan: entered promiscuous mode [ 67.148840][ T5784] veth0_macvtap: entered promiscuous mode [ 67.159293][ T5784] veth1_macvtap: entered promiscuous mode [ 67.172390][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.185851][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.220375][ T3500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.242724][ T3500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.277671][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.288355][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.302939][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.314929][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.326132][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.355744][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.367293][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.381151][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.398032][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.424723][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.442705][ T5873] syz.0.1[5873]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.444058][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.468677][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.477949][ T5790] veth0_macvtap: entered promiscuous mode [ 67.490168][ T5784] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.501564][ T5784] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.502470][ T5873] loop0: detected capacity change from 0 to 1764 [ 67.517186][ T5784] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.543923][ T5784] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.591391][ T5790] veth1_macvtap: entered promiscuous mode [ 67.690667][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.710292][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.721196][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.736572][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.748186][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.760081][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.775703][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.942108][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.976100][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.283181][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 68.488139][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.795395][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.000142][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.701350][ T5875] sched: RT throttling activated [ 69.720591][ T51] Bluetooth: hci0: command tx timeout [ 69.726627][ T51] Bluetooth: hci2: command tx timeout [ 69.732074][ T51] Bluetooth: hci3: command tx timeout [ 70.024199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.126555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.307535][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 70.638530][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.702743][ T5800] Bluetooth: hci1: command tx timeout [ 70.791239][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 70.895575][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.933399][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.954945][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.980577][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.995407][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.023631][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.256924][ T5790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.276537][ T5790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.292789][ T5790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.466960][ T5790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.493078][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 71.524716][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.531430][ T51] CPU: 1 PID: 51 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 71.538829][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 71.549079][ T51] Workqueue: hci2 hci_rx_work [ 71.553808][ T51] Call Trace: [ 71.557096][ T51] [ 71.560041][ T51] dump_stack_lvl+0x16c/0x230 [ 71.564737][ T51] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 71.570389][ T51] ? show_regs_print_info+0x20/0x20 [ 71.575606][ T51] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 71.581277][ T51] sysfs_create_dir_ns+0x256/0x280 [ 71.586426][ T51] ? sysfs_warn_dup+0xa0/0xa0 [ 71.591139][ T51] ? do_raw_spin_unlock+0x121/0x230 [ 71.596554][ T51] kobject_add_internal+0x6b8/0xc70 [ 71.601796][ T51] kobject_add+0x156/0x220 [ 71.606254][ T51] ? kobject_init+0x1e0/0x1e0 [ 71.610959][ T51] ? _raw_spin_unlock+0x3a/0x40 [ 71.615820][ T51] ? get_device_parent+0x366/0x390 [ 71.621025][ T51] device_add+0x408/0xc20 [ 71.625356][ T51] hci_conn_add_sysfs+0xd5/0x1e0 [ 71.630296][ T51] le_conn_complete_evt+0xf36/0x1500 [ 71.635590][ T51] ? hci_event_packet+0x4a7/0x1210 [ 71.640706][ T51] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 71.646943][ T51] ? __copy_skb_header+0xa7/0x550 [ 71.651969][ T51] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 71.657602][ T51] ? skb_pull_data+0xfb/0x200 [ 71.662274][ T51] hci_le_conn_complete_evt+0x187/0x440 [ 71.667916][ T51] ? hci_remote_host_features_evt+0x160/0x160 [ 71.673978][ T51] hci_event_packet+0x795/0x1210 [ 71.678923][ T51] ? bis_list+0x290/0x290 [ 71.683256][ T51] ? lockdep_hardirqs_on+0x98/0x150 [ 71.688468][ T51] ? hci_send_to_monitor+0xd7/0x4f0 [ 71.693666][ T51] hci_rx_work+0x43a/0xd80 [ 71.698088][ T51] ? process_scheduled_works+0x957/0x15b0 [ 71.703801][ T51] process_scheduled_works+0xa45/0x15b0 [ 71.709386][ T51] ? assign_work+0x400/0x400 [ 71.713989][ T51] ? assign_work+0x39e/0x400 [ 71.718577][ T51] worker_thread+0xa55/0xfc0 [ 71.723183][ T51] kthread+0x2fa/0x390 [ 71.727239][ T51] ? pr_cont_work+0x560/0x560 [ 71.731919][ T51] ? kthread_blkcg+0xd0/0xd0 [ 71.736501][ T51] ret_from_fork+0x48/0x80 [ 71.740923][ T51] ? kthread_blkcg+0xd0/0xd0 [ 71.745511][ T51] ret_from_fork_asm+0x11/0x20 [ 71.750288][ T51] [ 71.755519][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.756400][ T51] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 71.779773][ T51] Bluetooth: hci2: failed to register connection device [ 71.784855][ T3435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.883923][ T3435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.035466][ T5894] loop0: detected capacity change from 0 to 512 [ 72.067790][ T5894] ext4: Unknown parameter 'noacl' [ 72.075635][ T5898] loop1: detected capacity change from 0 to 512 [ 72.090671][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.117719][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.284151][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.300423][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.322205][ T5898] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #15: comm syz.1.9: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 72.343648][ T5898] EXT4-fs error (device loop1): ext4_quota_enable:7127: comm syz.1.9: Bad quota inode: 15, type: 2 [ 72.356705][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.364971][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.377678][ T5898] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix. [ 72.491122][ T5898] EXT4-fs (loop1): mount failed [ 72.703453][ T5800] Bluetooth: hci2: command tx timeout [ 72.709206][ T5800] Bluetooth: hci0: command tx timeout [ 72.784113][ T51] Bluetooth: hci1: command tx timeout [ 72.803854][ T5800] Bluetooth: hci3: command tx timeout [ 73.227799][ T5911] loop0: detected capacity change from 0 to 512 [ 73.231816][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 73.245126][ T51] CPU: 1 PID: 51 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 73.252561][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 73.262650][ T51] Workqueue: hci3 hci_rx_work [ 73.267358][ T51] Call Trace: [ 73.270634][ T51] [ 73.273561][ T51] dump_stack_lvl+0x16c/0x230 [ 73.278246][ T51] ? show_regs_print_info+0x20/0x20 [ 73.283467][ T51] ? load_image+0x3b0/0x3b0 [ 73.287978][ T51] sysfs_create_dir_ns+0x256/0x280 [ 73.293095][ T51] ? hci_rx_work+0x43a/0xd80 [ 73.297767][ T51] ? sysfs_warn_dup+0xa0/0xa0 [ 73.302466][ T51] ? do_raw_spin_unlock+0x121/0x230 [ 73.307672][ T51] kobject_add_internal+0x6b8/0xc70 [ 73.312878][ T51] kobject_add+0x156/0x220 [ 73.317291][ T51] ? __rwlock_init+0x150/0x150 [ 73.322056][ T51] ? kobject_init+0x1e0/0x1e0 [ 73.326814][ T51] ? _raw_spin_unlock+0x28/0x40 [ 73.331660][ T51] ? get_device_parent+0x366/0x390 [ 73.336776][ T51] device_add+0x408/0xc20 [ 73.341117][ T51] hci_conn_add_sysfs+0xd5/0x1e0 [ 73.346074][ T51] le_conn_complete_evt+0xf36/0x1500 [ 73.351356][ T51] ? hci_event_packet+0x4a7/0x1210 [ 73.356468][ T51] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 73.362709][ T51] ? __copy_skb_header+0xa7/0x550 [ 73.367738][ T51] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 73.373372][ T51] ? skb_pull_data+0xfb/0x200 [ 73.378072][ T51] hci_le_conn_complete_evt+0x187/0x440 [ 73.383640][ T51] ? hci_remote_host_features_evt+0x160/0x160 [ 73.389735][ T51] hci_event_packet+0x795/0x1210 [ 73.394703][ T51] ? bis_list+0x290/0x290 [ 73.399055][ T51] ? lockdep_hardirqs_on+0x98/0x150 [ 73.404340][ T51] ? hci_send_to_monitor+0xd7/0x4f0 [ 73.409541][ T51] hci_rx_work+0x43a/0xd80 [ 73.413964][ T51] ? process_scheduled_works+0x957/0x15b0 [ 73.419683][ T51] process_scheduled_works+0xa45/0x15b0 [ 73.425245][ T51] ? assign_work+0x400/0x400 [ 73.429863][ T51] ? assign_work+0x39e/0x400 [ 73.434452][ T51] worker_thread+0xa55/0xfc0 [ 73.439107][ T51] kthread+0x2fa/0x390 [ 73.443165][ T51] ? pr_cont_work+0x560/0x560 [ 73.447861][ T51] ? kthread_blkcg+0xd0/0xd0 [ 73.452552][ T51] ret_from_fork+0x48/0x80 [ 73.456984][ T51] ? kthread_blkcg+0xd0/0xd0 [ 73.461588][ T51] ret_from_fork_asm+0x11/0x20 [ 73.466367][ T51] [ 73.476421][ T51] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 73.478227][ T5911] ext4: Unknown parameter 'noacl' [ 73.490641][ T51] Bluetooth: hci3: failed to register connection device [ 73.566662][ T5789] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 73.821674][ T5919] loop1: detected capacity change from 0 to 512 [ 74.107375][ T5919] EXT4-fs (loop1): too many log groups per flexible block group [ 74.170521][ T5924] syz.3.14[5924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.170651][ T5924] syz.3.14[5924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.182336][ T5919] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 74.267096][ T5919] EXT4-fs (loop1): mount failed [ 74.461707][ T5928] loop2: detected capacity change from 0 to 4096 [ 74.539081][ T5928] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.692708][ T5928] Quota error (device loop2): do_check_range: Getting block 1024 out of range 0-5 [ 75.393584][ T27] audit: type=1326 audit(1764247934.900:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 75.484154][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.490281][ T27] audit: type=1326 audit(1764247934.930:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 75.515900][ T27] audit: type=1326 audit(1764247934.950:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 75.621867][ T51] Bluetooth: hci3: command tx timeout [ 75.718425][ T27] audit: type=1326 audit(1764247934.950:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 75.790438][ T27] audit: type=1326 audit(1764247934.950:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 75.851931][ T5947] loop3: detected capacity change from 0 to 512 [ 75.861439][ T27] audit: type=1326 audit(1764247934.950:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 75.938718][ T27] audit: type=1326 audit(1764247934.950:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 75.946514][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 75.969820][ T27] audit: type=1326 audit(1764247934.950:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 76.055232][ T27] audit: type=1326 audit(1764247934.950:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 76.070674][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.152158][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.181807][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.203366][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.210839][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.252710][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.268726][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.330542][ T5953] loop1: detected capacity change from 0 to 128 [ 76.338997][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.350067][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.379738][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.411567][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.441518][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.454046][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.485716][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.502797][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.525975][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.558637][ T8] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 76.588792][ T8] hid-generic 0003:0004:0000.0001: hidraw0: USB HID v0.02 Device [syz0] on syz1 [ 76.627085][ T3435] kworker/u4:9: attempt to access beyond end of device [ 76.627085][ T3435] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 76.861346][ T5962] fido_id[5962]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 76.935188][ T5968] veth0: entered promiscuous mode [ 76.993206][ T5968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28'. [ 77.538513][ T5979] hub 2-0:1.0: USB hub found [ 77.546565][ T5979] hub 2-0:1.0: 1 port detected [ 77.905515][ T5800] Bluetooth: hci2: command 0x0406 tx timeout [ 78.411421][ T5989] syz.3.39 uses obsolete (PF_INET,SOCK_PACKET) [ 78.428287][ T5987] pim6reg: entered allmulticast mode [ 78.577611][ T5987] team0: entered allmulticast mode [ 78.582803][ T5987] team_slave_0: entered allmulticast mode [ 78.594994][ T5987] team_slave_1: entered allmulticast mode [ 78.606602][ T5992] team0: left allmulticast mode [ 78.611722][ T5992] team_slave_0: left allmulticast mode [ 78.617387][ T5992] team_slave_1: left allmulticast mode [ 78.632656][ T5992] pim6reg: left allmulticast mode [ 78.995825][ T6008] IPv6: NLM_F_CREATE should be specified when creating new route [ 79.014617][ T6010] loop2: detected capacity change from 0 to 2048 [ 80.304514][ T6043] sd 0:0:1:0: device reset [ 80.490172][ T6052] netlink: 'syz.1.66': attribute type 1 has an invalid length. [ 80.513114][ T6052] netlink: 224 bytes leftover after parsing attributes in process `syz.1.66'. [ 80.605521][ T27] kauditd_printk_skb: 39 callbacks suppressed [ 80.605535][ T27] audit: type=1326 audit(1764247940.120:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 80.674751][ T6058] mmap: syz.2.69 (6058) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 80.697622][ T27] audit: type=1326 audit(1764247940.120:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 80.768303][ T27] audit: type=1326 audit(1764247940.120:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 80.817421][ T6063] pimreg: entered allmulticast mode [ 80.841238][ T6063] pimreg: left allmulticast mode [ 80.859534][ T27] audit: type=1326 audit(1764247940.130:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 80.892080][ T27] audit: type=1326 audit(1764247940.140:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 80.922407][ T6067] tmpfs: Bad value for 'mpol' [ 80.939398][ T27] audit: type=1326 audit(1764247940.140:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 80.967538][ T27] audit: type=1326 audit(1764247940.140:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 81.052540][ T27] audit: type=1326 audit(1764247940.140:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.3.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 81.758154][ T788] cfg80211: failed to load regulatory.db [ 82.016883][ T27] audit: type=1326 audit(1764247941.520:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 82.088745][ T27] audit: type=1326 audit(1764247941.520:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 82.090103][ T6110] veth2: entered promiscuous mode [ 82.158993][ T6110] veth2: entered allmulticast mode [ 82.402542][ T6117] loop0: detected capacity change from 0 to 512 [ 82.461234][ T6121] xt_HMARK: spi-set and port-set can't be combined [ 82.528481][ T6117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.559437][ T6130] syz.2.100[6130] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.559563][ T6130] syz.2.100[6130] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.643277][ T6117] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.814025][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.021584][ T5161] udevd[5161]: worker [5789] terminated by signal 33 (Unknown signal 33) [ 83.048383][ T5161] udevd[5161]: worker [5789] failed while handling '/devices/virtual/block/loop0' [ 83.333783][ T6158] Zero length message leads to an empty skb [ 84.374675][ T6175] netlink: 92 bytes leftover after parsing attributes in process `syz.3.119'. [ 84.394132][ T6175] netlink: 24 bytes leftover after parsing attributes in process `syz.3.119'. [ 84.814342][ T6194] capability: warning: `syz.1.127' uses 32-bit capabilities (legacy support in use) [ 84.844585][ T6195] hub 2-0:1.0: USB hub found [ 84.855436][ T6195] hub 2-0:1.0: 1 port detected [ 87.651363][ T6229] loop3: detected capacity change from 0 to 1024 [ 87.731449][ T6229] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.934099][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.311883][ T6246] loop3: detected capacity change from 0 to 1024 [ 88.371632][ T6250] loop1: detected capacity change from 0 to 164 [ 88.379650][ T6250] ======================================================= [ 88.379650][ T6250] WARNING: The mand mount option has been deprecated and [ 88.379650][ T6250] and is ignored by this kernel. Remove the mand [ 88.379650][ T6250] option from the mount to silence this warning. [ 88.379650][ T6250] ======================================================= [ 88.381128][ T6246] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.546246][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.907244][ T6259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.152'. [ 88.939511][ T6259] netlink: 312 bytes leftover after parsing attributes in process `syz.3.152'. [ 88.966877][ T6259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.152'. [ 89.010830][ T6264] loop3: detected capacity change from 0 to 512 [ 89.057254][ T6264] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.152: inode has both inline data and extents flags [ 89.089739][ T6264] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.152: couldn't read orphan inode 15 (err -117) [ 89.108232][ T6264] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.617958][ T6282] loop2: detected capacity change from 0 to 512 [ 89.729161][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.114043][ T6298] syz.1.163[6298] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.114293][ T6298] syz.1.163[6298] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.241614][ T27] kauditd_printk_skb: 76 callbacks suppressed [ 90.241628][ T27] audit: type=1326 audit(1764247949.750:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 90.348043][ T27] audit: type=1326 audit(1764247949.810:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 90.373785][ T6306] program syz.1.166 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.402451][ T27] audit: type=1326 audit(1764247949.810:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 90.431602][ T27] audit: type=1326 audit(1764247949.810:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 90.462968][ T27] audit: type=1326 audit(1764247949.820:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 90.630538][ T27] audit: type=1326 audit(1764247950.140:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6312 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 90.668204][ T6315] vlan2: entered promiscuous mode [ 90.692823][ T6315] bridge0: entered promiscuous mode [ 90.733506][ T27] audit: type=1326 audit(1764247950.140:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6312 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 90.801108][ T27] audit: type=1326 audit(1764247950.160:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6312 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 90.840032][ T6317] xt_connbytes: Forcing CT accounting to be enabled [ 90.858618][ T6317] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not filter [ 90.867370][ T27] audit: type=1326 audit(1764247950.190:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6312 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 90.926649][ T27] audit: type=1326 audit(1764247950.200:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6312 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 91.060160][ T6328] tipc: Started in network mode [ 91.083260][ T6328] tipc: Node identity ac14140f, cluster identity 4711 [ 91.094018][ T6328] tipc: New replicast peer: 255.255.255.255 [ 91.101043][ T6328] tipc: Enabled bearer , priority 10 [ 91.187878][ T6330] netlink: 160 bytes leftover after parsing attributes in process `syz.1.177'. [ 91.909828][ T6354] loop3: detected capacity change from 0 to 164 [ 92.017184][ T5797] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 92.217198][ T8] tipc: Node number set to 2886997007 [ 92.242423][ T6364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.192'. [ 92.316759][ T6364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.192'. [ 92.888411][ T6386] netlink: 444 bytes leftover after parsing attributes in process `syz.3.203'. [ 92.901052][ T6386] netlink: 4 bytes leftover after parsing attributes in process `syz.3.203'. [ 93.908608][ T6423] loop1: detected capacity change from 0 to 164 [ 93.992286][ T6423] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 94.040594][ T6423] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 94.099904][ T6423] Symlink component flag not implemented [ 94.123593][ T6428] loop2: detected capacity change from 0 to 128 [ 94.139113][ T6423] Symlink component flag not implemented [ 94.162267][ T6423] Symlink component flag not implemented (7) [ 94.202194][ T6423] Symlink component flag not implemented (116) [ 95.176493][ T6465] syz.2.231[6465] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.176618][ T6465] syz.2.231[6465] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.220897][ T6465] netlink: 12 bytes leftover after parsing attributes in process `syz.2.231'. [ 95.277276][ T6469] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 95.313196][ T6469] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 95.451618][ T6474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.236'. [ 95.659496][ T6479] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.800861][ T6479] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.957127][ T6479] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.020072][ T6500] loop3: detected capacity change from 0 to 128 [ 96.043702][ T6479] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.056387][ T27] kauditd_printk_skb: 130 callbacks suppressed [ 96.056400][ T27] audit: type=1326 audit(1764247955.570:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.108198][ T27] audit: type=1326 audit(1764247955.570:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.139451][ T27] audit: type=1326 audit(1764247955.570:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.175786][ T27] audit: type=1326 audit(1764247955.570:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd71258f783 code=0x7ffc0000 [ 96.207413][ T27] audit: type=1326 audit(1764247955.570:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd71258f783 code=0x7ffc0000 [ 96.237286][ T27] audit: type=1326 audit(1764247955.570:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.251343][ T6479] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.294072][ T6479] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.295456][ T27] audit: type=1326 audit(1764247955.570:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.315008][ T6500] netlink: 'syz.3.247': attribute type 6 has an invalid length. [ 96.330579][ T27] audit: type=1326 audit(1764247955.570:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.352166][ T6479] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.361443][ T27] audit: type=1326 audit(1764247955.570:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.401833][ T27] audit: type=1326 audit(1764247955.570:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6499 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 96.406718][ T6479] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.445161][ T6509] program syz.0.250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 96.491332][ T6511] process 'syz.2.251' launched '/dev/fd/4' with NULL argv: empty string added [ 96.677658][ T6519] loop1: detected capacity change from 0 to 764 [ 96.726609][ T5827] IPVS: starting estimator thread 0... [ 96.740451][ T6519] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 96.785611][ T6524] ip6t_srh: unknown srh match flags 4000 [ 96.833284][ T6523] IPVS: using max 20 ests per chain, 48000 per kthread [ 96.930369][ T6524] loop2: detected capacity change from 0 to 8192 [ 96.952722][ T6528] loop1: detected capacity change from 0 to 512 [ 96.975089][ T6524] loop2: p1 p2 p3 p4 [ 96.975089][ T6524] p1: [ 96.991124][ T6524] loop2: p1 size 196608 extends beyond EOD, truncated [ 97.013467][ T6524] loop2: p2 start 164919041 is beyond EOD, truncated [ 97.030184][ T6528] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.030480][ T6524] loop2: p3 size 66846464 extends beyond EOD, truncated [ 97.054298][ T6528] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.074363][ T6524] loop2: p4 size 37048832 extends beyond EOD, truncated [ 97.082584][ T6524] loop2: p5 size 196608 extends beyond EOD, truncated [ 97.374590][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.491205][ T6541] netlink: 32 bytes leftover after parsing attributes in process `syz.2.264'. [ 97.669783][ T6547] loop3: detected capacity change from 0 to 512 [ 97.691442][ T6547] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 97.709293][ T6547] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.732588][ T6547] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 97.758370][ T6547] EXT4-fs (loop3): 1 truncate cleaned up [ 97.765925][ T6547] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.996824][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.138711][ T6569] syz.3.273[6569] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.138832][ T6569] syz.3.273[6569] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 99.592341][ T6596] loop3: detected capacity change from 0 to 512 [ 100.039897][ T6604] ref_ctr increment failed for inode: 0x182 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88802e234c00 [ 100.357927][ T6621] loop2: detected capacity change from 0 to 2048 [ 100.399748][ T6621] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.414330][ T6621] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.430713][ T6628] tipc: Started in network mode [ 100.448358][ T6628] tipc: Node identity ac14140f, cluster identity 4711 [ 100.476433][ T6621] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.301: bg 0: block 345: padding at end of block bitmap is not set [ 100.496420][ T6628] tipc: New replicast peer: 255.255.255.255 [ 100.510273][ T6628] tipc: Enabled bearer , priority 10 [ 100.523538][ T6621] EXT4-fs (loop2): Remounting filesystem read-only [ 100.530332][ T6630] netlink: 32 bytes leftover after parsing attributes in process `syz.0.303'. [ 100.563827][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.991644][ T6652] loop3: detected capacity change from 0 to 256 [ 100.999912][ T6652] FAT-fs (loop3): bogus number of FAT sectors [ 101.007589][ T6652] FAT-fs (loop3): Can't find a valid FAT filesystem [ 101.553763][ T23] tipc: Node number set to 2886997007 [ 102.540968][ T6677] sctp: failed to load transform for md5: -2 [ 102.869174][ T27] kauditd_printk_skb: 218 callbacks suppressed [ 102.869189][ T27] audit: type=1326 audit(1764247962.380:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 102.950404][ T27] audit: type=1326 audit(1764247962.380:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.000988][ T27] audit: type=1326 audit(1764247962.380:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.054494][ T27] audit: type=1326 audit(1764247962.380:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.132958][ T27] audit: type=1326 audit(1764247962.380:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.202320][ T27] audit: type=1326 audit(1764247962.380:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.253422][ T27] audit: type=1326 audit(1764247962.380:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.294414][ T27] audit: type=1326 audit(1764247962.380:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.348313][ T27] audit: type=1326 audit(1764247962.380:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.410528][ T27] audit: type=1326 audit(1764247962.380:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.2.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c8d8f749 code=0x7ffc0000 [ 103.877491][ T6719] loop1: detected capacity change from 0 to 1024 [ 103.895214][ T6719] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 103.932148][ T6719] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.961059][ T6719] EXT4-fs error (device loop1): ext4_xattr_inode_iget:444: inode #11: comm syz.1.335: missing EA_INODE flag [ 104.047755][ T6719] EXT4-fs (loop1): Remounting filesystem read-only [ 104.388784][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.730340][ T6741] netlink: 'syz.1.346': attribute type 5 has an invalid length. [ 105.072234][ T6759] loop1: detected capacity change from 0 to 1024 [ 105.093683][ T6759] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 105.235754][ T6766] random: crng reseeded on system resumption [ 105.248782][ T6764] loop2: detected capacity change from 0 to 1024 [ 105.271397][ T6764] EXT4-fs: Ignoring removed nobh option [ 105.286618][ T6764] EXT4-fs: Ignoring removed orlov option [ 105.302621][ T6764] EXT4-fs: Ignoring removed i_version option [ 105.311111][ T6764] journal_path: Lookup failure for './file1' [ 105.324197][ T6764] EXT4-fs: error: could not find journal device path [ 107.306572][ T6788] loop3: detected capacity change from 0 to 512 [ 107.373549][ T6788] EXT4-fs (loop3): 1 orphan inode deleted [ 107.380672][ T6788] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.409591][ T6788] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.462831][ T6788] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz.3.365: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 257, max 0(0), depth 0(0) [ 107.585737][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.859794][ T6807] IPv6: NLM_F_CREATE should be specified when creating new route [ 108.340461][ T6822] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 108.672777][ T27] kauditd_printk_skb: 28 callbacks suppressed [ 108.672791][ T27] audit: type=1326 audit(1764247968.180:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6830 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 108.742464][ T27] audit: type=1326 audit(1764247968.180:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6830 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 108.793134][ T27] audit: type=1326 audit(1764247968.180:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6830 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 108.833062][ T27] audit: type=1326 audit(1764247968.180:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6830 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 108.883017][ T27] audit: type=1326 audit(1764247968.200:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6830 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 109.024360][ T27] audit: type=1326 audit(1764247968.540:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6844 comm="syz.3.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 109.080471][ T6847] xt_hashlimit: size too large, truncated to 1048576 [ 109.092175][ T27] audit: type=1326 audit(1764247968.570:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6844 comm="syz.3.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 109.163066][ T27] audit: type=1326 audit(1764247968.570:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6844 comm="syz.3.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 109.229724][ T27] audit: type=1326 audit(1764247968.570:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6844 comm="syz.3.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 109.313019][ T27] audit: type=1326 audit(1764247968.570:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6844 comm="syz.3.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71258f749 code=0x7ffc0000 [ 109.908217][ T6879] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 110.402627][ T6896] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 110.409442][ T6896] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 110.425143][ T6896] vhci_hcd vhci_hcd.0: Device attached [ 110.454660][ T6897] vhci_hcd: connection closed [ 110.463064][ T3446] vhci_hcd: stop threads [ 110.464824][ T6900] netlink: 28 bytes leftover after parsing attributes in process `syz.1.410'. [ 110.468681][ T3446] vhci_hcd: release socket [ 110.473089][ T6900] netlink: 108 bytes leftover after parsing attributes in process `syz.1.410'. [ 110.475469][ T6900] netlink: 28 bytes leftover after parsing attributes in process `syz.1.410'. [ 110.502977][ T3446] vhci_hcd: disconnect device [ 110.520383][ T6900] netlink: 108 bytes leftover after parsing attributes in process `syz.1.410'. [ 110.529713][ T6900] netlink: 84 bytes leftover after parsing attributes in process `syz.1.410'. [ 110.736234][ T6907] netlink: 152 bytes leftover after parsing attributes in process `syz.3.413'. [ 110.887911][ T6913] veth0: entered promiscuous mode [ 110.967002][ T6912] veth0: left promiscuous mode [ 111.224429][ T6922] netlink: 20 bytes leftover after parsing attributes in process `syz.0.420'. [ 112.585625][ T6942] loop3: detected capacity change from 0 to 1024 [ 113.270582][ T6942] EXT4-fs: Ignoring removed nobh option [ 113.288548][ T6942] EXT4-fs: Ignoring removed bh option [ 113.305078][ T6942] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 113.369227][ T6942] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.407134][ T6971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.440'. [ 113.477185][ T6971] 8021q: adding VLAN 0 to HW filter on device bond1 [ 113.538856][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.541484][ T6973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.615267][ T6973] bond1: (slave bond0): Enslaving as an active interface with an up link [ 113.837506][ T6971] bond1 (unregistering): (slave bond0): Releasing backup interface [ 113.857389][ T6971] bond1 (unregistering): Released all slaves [ 113.906239][ T6987] loop3: detected capacity change from 0 to 2048 [ 113.930780][ T6987] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 114.153098][ T6995] netlink: 124 bytes leftover after parsing attributes in process `syz.2.449'. [ 114.173232][ T6995] netlink: 16 bytes leftover after parsing attributes in process `syz.2.449'. [ 114.194271][ T27] kauditd_printk_skb: 48 callbacks suppressed [ 114.194284][ T27] audit: type=1326 audit(1764247973.710:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.249309][ T27] audit: type=1326 audit(1764247973.710:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.318064][ T27] audit: type=1326 audit(1764247973.710:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.369266][ T27] audit: type=1326 audit(1764247973.710:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.427726][ T27] audit: type=1326 audit(1764247973.710:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.488186][ T27] audit: type=1326 audit(1764247973.720:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.561886][ T27] audit: type=1326 audit(1764247973.720:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.648725][ T27] audit: type=1326 audit(1764247973.720:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.705507][ T27] audit: type=1326 audit(1764247973.720:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.775980][ T27] audit: type=1326 audit(1764247973.720:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6990 comm="syz.0.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 114.843183][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 114.991840][ T7015] netlink: 'syz.1.457': attribute type 13 has an invalid length. [ 115.550359][ T7015] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.559443][ T7015] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.059317][ T7015] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.099825][ T7015] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.326052][ T7015] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.335246][ T7015] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.343905][ T7015] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.352375][ T7015] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.426512][ T7034] netlink: 12 bytes leftover after parsing attributes in process `syz.2.466'. [ 116.715701][ T7081] loop1: detected capacity change from 0 to 512 [ 116.731107][ T7081] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.800763][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.146565][ T7094] loop3: detected capacity change from 0 to 1024 [ 117.251807][ T7094] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 117.407864][ T7094] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.526627][ T7094] EXT4-fs error (device loop3): ext4_xattr_inode_iget:444: inode #11: comm syz.3.480: missing EA_INODE flag [ 117.547488][ T7094] EXT4-fs (loop3): Remounting filesystem read-only [ 117.556397][ T7094] EXT4-fs warning (device loop3): ext4_xattr_inode_dec_ref_all:1243: inode #18: comm syz.3.480: ea_inode dec ref err=-5 [ 117.569516][ T7094] EXT4-fs warning (device loop3): ext4_evict_inode:272: xattr delete (err -5) [ 118.905432][ T7115] syz.1.490[7115] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.911105][ T7115] syz.1.490[7115] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.924230][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.065186][ T7121] capability: warning: `syz.1.493' uses deprecated v2 capabilities in a way that may be insecure [ 119.187374][ T7182] bridge0: port 3(macsec1) entered blocking state [ 119.194962][ T7182] bridge0: port 3(macsec1) entered disabled state [ 119.201881][ T7182] macsec1: entered allmulticast mode [ 119.211509][ T7182] bridge0: entered allmulticast mode [ 119.233637][ T7182] macsec1: left allmulticast mode [ 119.239369][ T7182] bridge0: left allmulticast mode [ 120.045853][ T7193] 9pnet_fd: Insufficient options for proto=fd [ 120.144549][ T7197] bridge_slave_0: left allmulticast mode [ 120.163541][ T7197] bridge_slave_0: left promiscuous mode [ 120.169425][ T7197] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.190258][ T7202] loop3: detected capacity change from 0 to 136 [ 120.207616][ T7197] bridge_slave_1: left allmulticast mode [ 120.217074][ T7197] bridge_slave_1: left promiscuous mode [ 120.222943][ T7197] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.240067][ T7058] IPVS: starting estimator thread 0... [ 120.281646][ T7197] bond0: (slave bond_slave_0): Releasing backup interface [ 120.318641][ T7197] bond0: (slave bond_slave_1): Releasing backup interface [ 120.333141][ T7205] IPVS: using max 22 ests per chain, 52800 per kthread [ 120.376734][ T7197] team0: Port device team_slave_0 removed [ 120.383829][ T5800] Bluetooth: hci4: command 0x1003 tx timeout [ 120.391114][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 120.420879][ T7197] team0: Port device team_slave_1 removed [ 120.430007][ T7197] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.437694][ T7197] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.456092][ T7197] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.469169][ T7197] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.569518][ T7202] team0: Mode changed to "loadbalance" [ 120.697385][ T7215] loop1: detected capacity change from 0 to 512 [ 120.710789][ T7215] EXT4-fs: inline encryption not supported [ 120.732658][ T7215] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 120.750944][ T7215] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.096144][ T7230] syz.2.509[7230] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.096268][ T7230] syz.2.509[7230] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.140488][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 121.205340][ T7232] netlink: 24 bytes leftover after parsing attributes in process `syz.0.511'. [ 121.235825][ T7220] lo speed is unknown, defaulting to 1000 [ 121.246328][ T7232] IPVS: Error connecting to the multicast addr [ 121.266403][ T7220] lo speed is unknown, defaulting to 1000 [ 121.281642][ T7220] lo speed is unknown, defaulting to 1000 [ 121.308912][ T7220] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 121.381004][ T7220] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 121.426139][ T7220] lo speed is unknown, defaulting to 1000 [ 121.452329][ T7220] lo speed is unknown, defaulting to 1000 [ 121.455637][ T7220] lo speed is unknown, defaulting to 1000 [ 121.457061][ T7220] lo speed is unknown, defaulting to 1000 [ 121.459724][ T7220] lo speed is unknown, defaulting to 1000 [ 121.535817][ T27] kauditd_printk_skb: 91 callbacks suppressed [ 121.535830][ T27] audit: type=1326 audit(1764247981.050:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.592414][ T27] audit: type=1326 audit(1764247981.050:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.623742][ T7252] loop3: detected capacity change from 0 to 1024 [ 121.630997][ T7252] EXT4-fs: Ignoring removed bh option [ 121.637789][ T7252] EXT4-fs: inline encryption not supported [ 121.644079][ T27] audit: type=1326 audit(1764247981.090:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.667414][ T7252] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 121.678264][ T27] audit: type=1326 audit(1764247981.090:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.701438][ T27] audit: type=1326 audit(1764247981.090:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.709803][ T7252] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 121.763313][ T27] audit: type=1326 audit(1764247981.090:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.820021][ T27] audit: type=1326 audit(1764247981.090:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.828338][ T7257] loop1: detected capacity change from 0 to 8192 [ 121.859895][ T7252] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 2: comm syz.3.517: lblock 2 mapped to illegal pblock 2 (length 1) [ 121.901254][ T27] audit: type=1326 audit(1764247981.090:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.931878][ T27] audit: type=1326 audit(1764247981.090:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7249 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 121.945809][ T7252] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 121.982346][ T7252] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 48: comm syz.3.517: lblock 0 mapped to illegal pblock 48 (length 1) [ 122.007394][ T7252] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.517: Failed to acquire dquot type 0 [ 122.022490][ T7252] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 122.047805][ T7252] EXT4-fs error (device loop3): ext4_evict_inode:252: inode #11: comm syz.3.517: mark_inode_dirty error [ 122.109887][ T7252] EXT4-fs warning (device loop3): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 122.143388][ T7252] EXT4-fs (loop3): 1 orphan inode deleted [ 122.167667][ T1138] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 122.184655][ T7252] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.529409][ T7269] lo speed is unknown, defaulting to 1000 [ 122.838964][ T1138] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u4:6: Failed to release dquot type 0 [ 122.865577][ T7265] lo speed is unknown, defaulting to 1000 [ 122.923034][ T7268] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 122.933332][ T7268] FAT-fs (loop1): Filesystem has been set read-only [ 122.952601][ T7264] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 123.196615][ T7252] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 123.265274][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.265534][ T5856] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 123.454115][ T5856] usb 2-1: device descriptor read/64, error -71 [ 123.507121][ T7283] loop2: detected capacity change from 0 to 128 [ 123.627286][ T7283] syz.2.526: attempt to access beyond end of device [ 123.627286][ T7283] loop2: rw=2049, sector=185, nr_sectors = 856 limit=128 [ 123.723988][ T5856] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 123.741453][ T7173] kworker/u4:63: attempt to access beyond end of device [ 123.741453][ T7173] loop2: rw=1, sector=145, nr_sectors = 40 limit=128 [ 123.879301][ T7299] loop2: detected capacity change from 0 to 512 [ 123.903575][ T5856] usb 2-1: device descriptor read/64, error -71 [ 123.929145][ T7299] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.992515][ T7299] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.027389][ T5856] usb usb2-port1: attempt power cycle [ 124.078736][ T7299] lo speed is unknown, defaulting to 1000 [ 124.117475][ T7310] netlink: 76 bytes leftover after parsing attributes in process `syz.3.538'. [ 124.388573][ T7308] syz.2.533 (7308) used greatest stack depth: 20976 bytes left [ 124.422734][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.463119][ T5856] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 124.517365][ T5856] usb 2-1: device descriptor read/8, error -71 [ 124.611127][ T7335] netlink: 60 bytes leftover after parsing attributes in process `syz.3.547'. [ 124.631391][ T7332] lo speed is unknown, defaulting to 1000 [ 124.717469][ T7339] netlink: 32 bytes leftover after parsing attributes in process `syz.3.550'. [ 124.793054][ T5856] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 124.835239][ T7344] syz.0.551[7344] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.835363][ T7344] syz.0.551[7344] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.864539][ T7346] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.552' sets config #1 [ 125.033286][ T5856] usb 2-1: device not accepting address 5, error -71 [ 125.040313][ T5856] usb usb2-port1: unable to enumerate USB device [ 125.145851][ T7359] loop2: detected capacity change from 0 to 512 [ 125.167634][ T7361] pim6reg: entered allmulticast mode [ 125.193155][ T7361] pim6reg: left allmulticast mode [ 125.245496][ T7359] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.262221][ T7359] ext4 filesystem being mounted at /138/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 125.274694][ T7363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.561'. [ 125.302632][ T7363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.561'. [ 125.337487][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.659380][ T7384] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.957537][ T7392] netlink: 36 bytes leftover after parsing attributes in process `syz.2.572'. [ 127.052300][ T7420] loop3: detected capacity change from 0 to 512 [ 127.077761][ T7420] EXT4-fs: Ignoring removed nobh option [ 127.191674][ T7420] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.583: corrupted inode contents [ 127.209106][ T7420] EXT4-fs (loop3): Remounting filesystem read-only [ 127.228098][ T7420] EXT4-fs (loop3): 1 truncate cleaned up [ 127.384192][ T7420] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.421731][ T7420] ext4 filesystem being mounted at /147/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.434528][ T7171] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 127.503261][ T7171] __quota_error: 148 callbacks suppressed [ 127.503277][ T7171] Quota error (device loop3): write_blk: dquota write failed [ 127.528995][ T7171] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 127.915259][ T7171] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 128.162179][ T7171] Quota error (device loop3): write_blk: dquota write failed [ 128.190323][ T7171] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 128.245595][ T7171] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 128.279725][ T7171] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 128.304937][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.321480][ T7171] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 128.490574][ T7441] program syz.0.590 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 128.552725][ T7443] loop3: detected capacity change from 0 to 2048 [ 128.605313][ T7443] loop3: p1 < > p4 [ 128.612809][ T7443] loop3: p4 size 8388608 extends beyond EOD, truncated [ 128.614072][ T7447] netlink: 124 bytes leftover after parsing attributes in process `syz.1.593'. [ 128.629048][ T7447] netlink: 16 bytes leftover after parsing attributes in process `syz.1.593'. [ 128.706024][ T27] audit: type=1326 audit(1764247988.220:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.1.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 128.737207][ T27] audit: type=1326 audit(1764247988.220:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.1.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 128.760500][ T27] audit: type=1326 audit(1764247988.220:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.1.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 128.817444][ T27] audit: type=1326 audit(1764247988.220:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 129.371012][ T7458] loop1: detected capacity change from 0 to 1024 [ 129.372026][ T7475] $Hÿ: renamed from bond0 (while UP) [ 129.389976][ T7458] EXT4-fs: Ignoring removed nobh option [ 129.396905][ T7458] EXT4-fs: Ignoring removed bh option [ 129.403033][ T7458] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 129.403106][ T7475] $Hÿ: entered promiscuous mode [ 129.436708][ T7458] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.592150][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.610217][ T7479] netlink: 12 bytes leftover after parsing attributes in process `syz.3.607'. [ 129.766543][ T7485] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 129.842621][ T7487] bridge0: entered promiscuous mode [ 129.865048][ T7487] bridge0: port 3(macsec1) entered blocking state [ 129.873195][ T7487] bridge0: port 3(macsec1) entered disabled state [ 129.889738][ T7487] macsec1: entered allmulticast mode [ 129.903709][ T7487] bridge0: entered allmulticast mode [ 129.913779][ T7487] macsec1: left allmulticast mode [ 129.918853][ T7487] bridge0: left allmulticast mode [ 129.936899][ T7487] bridge0: left promiscuous mode [ 130.061700][ T7495] IPv6: Can't replace route, no match found [ 130.350310][ T7508] program syz.1.618 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.112244][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.632'. [ 131.467185][ T7551] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 131.771004][ T7559] veth0: entered promiscuous mode [ 131.900868][ T7558] veth0: left promiscuous mode [ 132.210759][ T7580] loop3: detected capacity change from 0 to 512 [ 132.376825][ T7581] loop1: detected capacity change from 0 to 1024 [ 132.477929][ T7581] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 132.497571][ T7580] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 132.544858][ T7581] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.752485][ T7581] EXT4-fs error (device loop1): ext4_xattr_inode_iget:444: inode #11: comm syz.1.643: missing EA_INODE flag [ 132.769348][ T7581] EXT4-fs (loop1): Remounting filesystem read-only [ 132.777925][ T7581] EXT4-fs warning (device loop1): ext4_xattr_inode_dec_ref_all:1243: inode #18: comm syz.1.643: ea_inode dec ref err=-5 [ 132.790970][ T7581] EXT4-fs warning (device loop1): ext4_evict_inode:272: xattr delete (err -5) [ 133.342839][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.349569][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.421536][ T7580] EXT4-fs (loop3): 1 truncate cleaned up [ 133.441506][ T7580] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.282736][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.322804][ T7587] loop2: detected capacity change from 0 to 1024 [ 134.330271][ T7587] EXT4-fs: Ignoring removed nobh option [ 134.344277][ T7587] EXT4-fs: Ignoring removed bh option [ 134.353783][ T7587] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 134.379017][ T7597] lo speed is unknown, defaulting to 1000 [ 134.398541][ T7587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.421563][ T27] kauditd_printk_skb: 54 callbacks suppressed [ 134.421576][ T27] audit: type=1800 audit(1764247993.930:914): pid=7587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.650" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 134.504375][ T7604] IPv6: NLM_F_CREATE should be specified when creating new route [ 134.847190][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.069179][ T27] audit: type=1326 audit(1764247994.580:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7617 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 135.141175][ T27] audit: type=1326 audit(1764247994.580:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7617 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 135.187559][ T27] audit: type=1326 audit(1764247994.600:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7617 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 135.241020][ T27] audit: type=1326 audit(1764247994.600:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7617 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730f58f749 code=0x7ffc0000 [ 135.321571][ T7625] lo speed is unknown, defaulting to 1000 [ 135.402550][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.557577][ T7632] veth0: entered promiscuous mode [ 135.572795][ T7631] veth0: left promiscuous mode [ 136.058317][ T7634] loop2: detected capacity change from 0 to 1024 [ 136.094016][ T7634] EXT4-fs: Ignoring removed nobh option [ 136.104148][ T7634] EXT4-fs: Ignoring removed bh option [ 136.128054][ T7634] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 136.180368][ T7634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.541983][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.680677][ T7658] veth0: entered promiscuous mode [ 136.684188][ T7657] veth0: left promiscuous mode [ 137.511878][ T7680] veth0: entered promiscuous mode [ 137.524624][ T7679] veth0: left promiscuous mode [ 137.767738][ T27] audit: type=1326 audit(1764247997.280:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7688 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 137.816949][ T27] audit: type=1326 audit(1764247997.310:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7688 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 137.871519][ T27] audit: type=1326 audit(1764247997.310:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7688 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 137.880145][ T7676] loop3: detected capacity change from 0 to 1024 [ 137.913102][ T27] audit: type=1326 audit(1764247997.310:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7688 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 137.926463][ T7676] EXT4-fs: Ignoring removed nobh option [ 137.949863][ T7676] EXT4-fs: Ignoring removed bh option [ 137.957626][ T27] audit: type=1326 audit(1764247997.310:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7688 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e9678f749 code=0x7ffc0000 [ 137.980327][ T7676] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 138.021144][ T7676] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.384420][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.822418][ T7724] loop3: detected capacity change from 0 to 1024 [ 138.855060][ T7720] Falling back ldisc for ttyS3. [ 138.855796][ T7724] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 138.914155][ T7724] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.950391][ T7730] netlink: 'syz.0.706': attribute type 5 has an invalid length. [ 138.988024][ T7730] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.997315][ T7730] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.006163][ T7730] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.014941][ T7730] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.025856][ T7730] batman_adv: batadv0: Adding interface: vxlan0 [ 139.032142][ T7730] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.049385][ T7724] EXT4-fs error (device loop3): ext4_xattr_inode_iget:444: inode #11: comm syz.3.704: missing EA_INODE flag [ 139.058114][ T7730] batman_adv: batadv0: Interface activated: vxlan0 [ 139.088933][ T7724] EXT4-fs (loop3): Remounting filesystem read-only [ 139.108567][ T7734] loop1: detected capacity change from 0 to 512 [ 139.111163][ T7724] EXT4-fs warning (device loop3): ext4_xattr_inode_dec_ref_all:1243: inode #18: comm syz.3.704: ea_inode dec ref err=-5 [ 139.132752][ T7734] EXT4-fs: Ignoring removed i_version option [ 139.139106][ T7734] EXT4-fs: Ignoring removed bh option [ 139.139892][ T7724] EXT4-fs warning (device loop3): ext4_evict_inode:272: xattr delete (err -5) [ 139.200503][ T7734] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.248531][ T7734] ext4 filesystem being mounted at /146/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 139.275795][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.363611][ T7740] loop2: detected capacity change from 0 to 1024 [ 139.370999][ T7740] EXT4-fs: Ignoring removed nobh option [ 139.377311][ T7740] EXT4-fs: Ignoring removed bh option [ 139.395726][ T7740] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 139.454938][ T7740] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.561912][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.648195][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.913855][ T7767] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 141.247054][ T7787] $Hÿ: renamed from bond0 [ 141.271687][ T7787] $Hÿ: entered promiscuous mode [ 141.277423][ T7787] bond_slave_0: entered promiscuous mode [ 141.283489][ T7787] bond_slave_1: entered promiscuous mode [ 141.436184][ T7798] veth0: entered promiscuous mode [ 141.574528][ T7796] veth0: left promiscuous mode [ 141.930331][ T7813] hub 2-0:1.0: USB hub found [ 141.931972][ T7813] hub 2-0:1.0: 1 port detected [ 142.622723][ T7824] netlink: 12 bytes leftover after parsing attributes in process `syz.0.741'. [ 142.661307][ T7824] : entered promiscuous mode [ 142.854823][ T7831] loop3: detected capacity change from 0 to 1024 [ 142.896715][ T7831] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.928943][ T7826] ================================================================== [ 142.937051][ T7826] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 142.944808][ T7826] Read of size 18446744073709551588 at addr ffff88807600b840 by task syz.3.743/7826 [ 142.954188][ T7826] [ 142.956532][ T7826] CPU: 0 PID: 7826 Comm: syz.3.743 Not tainted syzkaller #0 [ 142.963824][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 142.973916][ T7826] Call Trace: [ 142.977205][ T7826] [ 142.980151][ T7826] dump_stack_lvl+0x16c/0x230 [ 142.984850][ T7826] ? read_lock_is_recursive+0x20/0x20 [ 142.990249][ T7826] ? show_regs_print_info+0x20/0x20 [ 142.995465][ T7826] ? load_image+0x3b0/0x3b0 [ 142.999983][ T7826] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 143.005366][ T7826] ? __virt_addr_valid+0x18c/0x540 [ 143.010469][ T7826] ? __virt_addr_valid+0x469/0x540 [ 143.015574][ T7826] print_report+0xac/0x220 [ 143.019984][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.025434][ T7826] kasan_report+0x117/0x150 [ 143.029939][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.035398][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.040885][ T7826] kasan_check_range+0x288/0x290 [ 143.045814][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.051269][ T7826] __asan_memmove+0x29/0x70 [ 143.055765][ T7826] ext4_xattr_set_entry+0x94b/0x1e90 [ 143.061057][ T7826] ext4_xattr_block_set+0xae3/0x32a0 [ 143.066333][ T7826] ? ext4_destroy_inode+0x200/0x200 [ 143.071521][ T7826] ? proc_nr_inodes+0x230/0x230 [ 143.076378][ T7826] ? do_raw_spin_unlock+0x121/0x230 [ 143.081600][ T7826] ? _raw_spin_unlock+0x28/0x40 [ 143.086451][ T7826] ? ext4_xattr_block_find+0x350/0x350 [ 143.091921][ T7826] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 143.097299][ T7826] ext4_xattr_set_handle+0xbff/0x1290 [ 143.102666][ T7826] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 143.108643][ T7826] ? __ext4_journal_start_sb+0x259/0x570 [ 143.114273][ T7826] ext4_xattr_set+0x22d/0x320 [ 143.118948][ T7826] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 143.124489][ T7826] ? evm_protected_xattr_common+0x170/0x190 [ 143.130377][ T7826] ? evm_protect_xattr+0x534/0x7a0 [ 143.135478][ T7826] ? ext4_xattr_security_get+0x40/0x40 [ 143.140944][ T7826] __vfs_setxattr+0x431/0x470 [ 143.145624][ T7826] __vfs_setxattr_noperm+0x12d/0x5e0 [ 143.150908][ T7826] vfs_setxattr+0x16c/0x2f0 [ 143.155404][ T7826] ? xattr_permission+0x470/0x470 [ 143.160416][ T7826] ? __mnt_want_write+0x223/0x2a0 [ 143.165442][ T7826] ? path_setxattr+0x314/0x550 [ 143.170215][ T7826] path_setxattr+0x362/0x550 [ 143.174825][ T7826] ? simple_xattrs_free+0x150/0x150 [ 143.180044][ T7826] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 143.186017][ T7826] ? lock_chain_count+0x20/0x20 [ 143.190877][ T7826] __x64_sys_setxattr+0xbb/0xd0 [ 143.195726][ T7826] do_syscall_64+0x55/0xb0 [ 143.200136][ T7826] ? clear_bhb_loop+0x40/0x90 [ 143.204829][ T7826] ? clear_bhb_loop+0x40/0x90 [ 143.209499][ T7826] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 143.215420][ T7826] RIP: 0033:0x7fd71258f749 [ 143.219858][ T7826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.239485][ T7826] RSP: 002b:00007fd71340f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 143.247927][ T7826] RAX: ffffffffffffffda RBX: 00007fd7127e5fa0 RCX: 00007fd71258f749 [ 143.255901][ T7826] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 143.263870][ T7826] RBP: 00007fd712613f91 R08: 0000000000000000 R09: 0000000000000000 [ 143.271843][ T7826] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 143.279813][ T7826] R13: 00007fd7127e6038 R14: 00007fd7127e5fa0 R15: 00007ffd3411ca58 [ 143.287781][ T7826] [ 143.290802][ T7826] [ 143.293127][ T7826] Allocated by task 7826: [ 143.297446][ T7826] kasan_set_track+0x4e/0x70 [ 143.302040][ T7826] __kasan_kmalloc+0x8f/0xa0 [ 143.306613][ T7826] __kmalloc_node_track_caller+0xb2/0x230 [ 143.312324][ T7826] kmemdup+0x2b/0x70 [ 143.316205][ T7826] ext4_xattr_block_set+0x9e5/0x32a0 [ 143.321479][ T7826] ext4_xattr_set_handle+0xbff/0x1290 [ 143.326838][ T7826] ext4_xattr_set+0x22d/0x320 [ 143.331504][ T7826] __vfs_setxattr+0x431/0x470 [ 143.336175][ T7826] __vfs_setxattr_noperm+0x12d/0x5e0 [ 143.341445][ T7826] vfs_setxattr+0x16c/0x2f0 [ 143.345942][ T7826] path_setxattr+0x362/0x550 [ 143.350531][ T7826] __x64_sys_setxattr+0xbb/0xd0 [ 143.355376][ T7826] do_syscall_64+0x55/0xb0 [ 143.359872][ T7826] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 143.365756][ T7826] [ 143.368082][ T7826] The buggy address belongs to the object at ffff88807600b800 [ 143.368082][ T7826] which belongs to the cache kmalloc-1k of size 1024 [ 143.382162][ T7826] The buggy address is located 64 bytes inside of [ 143.382162][ T7826] 1024-byte region [ffff88807600b800, ffff88807600bc00) [ 143.395425][ T7826] [ 143.397734][ T7826] The buggy address belongs to the physical page: [ 143.404138][ T7826] page:ffffea0001d80200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76008 [ 143.414277][ T7826] head:ffffea0001d80200 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 143.423194][ T7826] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 143.431597][ T7826] page_type: 0xffffffff() [ 143.435934][ T7826] raw: 00fff00000000840 ffff888017841dc0 0000000000000000 dead000000000001 [ 143.444499][ T7826] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 143.453064][ T7826] page dumped because: kasan: bad access detected [ 143.459483][ T7826] page_owner tracks the page as allocated [ 143.465192][ T7826] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 11, tgid 11 (kworker/u4:0), ts 100438280142, free_ts 99612756743 [ 143.485579][ T7826] post_alloc_hook+0x1cd/0x210 [ 143.490337][ T7826] get_page_from_freelist+0x195c/0x19f0 [ 143.495878][ T7826] __alloc_pages+0x1e3/0x460 [ 143.500457][ T7826] alloc_slab_page+0x5d/0x170 [ 143.505134][ T7826] new_slab+0x87/0x2e0 [ 143.509217][ T7826] ___slab_alloc+0xc6d/0x1300 [ 143.513912][ T7826] __kmem_cache_alloc_node+0x1a2/0x260 [ 143.519384][ T7826] __kmalloc+0xa4/0x240 [ 143.523545][ T7826] ieee802_11_parse_elems_full+0xb9/0x2080 [ 143.529340][ T7826] ieee80211_inform_bss+0x107/0x1060 [ 143.534610][ T7826] rdev_inform_bss+0x106/0x410 [ 143.539362][ T7826] cfg80211_inform_bss_frame_data+0xb33/0x12b0 [ 143.545515][ T7826] ieee80211_bss_info_update+0x70b/0x930 [ 143.551144][ T7826] ieee80211_ibss_rx_queued_mgmt+0x17c9/0x2ac0 [ 143.557306][ T7826] ieee80211_iface_work+0x717/0xc70 [ 143.562492][ T7826] cfg80211_wiphy_work+0x225/0x260 [ 143.567596][ T7826] page last free stack trace: [ 143.572252][ T7826] free_unref_page_prepare+0x7ce/0x8e0 [ 143.577702][ T7826] free_unref_page+0x32/0x2e0 [ 143.582370][ T7826] __unfreeze_partials+0x1cf/0x210 [ 143.587471][ T7826] put_cpu_partial+0x17c/0x250 [ 143.592234][ T7826] __slab_free+0x31d/0x410 [ 143.596656][ T7826] qlist_free_all+0x75/0xe0 [ 143.601156][ T7826] kasan_quarantine_reduce+0x143/0x160 [ 143.606609][ T7826] __kasan_slab_alloc+0x22/0x80 [ 143.611452][ T7826] slab_post_alloc_hook+0x6e/0x4d0 [ 143.616558][ T7826] __kmem_cache_alloc_node+0x13e/0x260 [ 143.622023][ T7826] __kmalloc+0xa4/0x240 [ 143.626181][ T7826] tomoyo_realpath_from_path+0xe3/0x5d0 [ 143.631726][ T7826] tomoyo_check_open_permission+0x1c3/0x3c0 [ 143.637625][ T7826] security_file_open+0x62/0xa0 [ 143.642463][ T7826] do_dentry_open+0x380/0x1500 [ 143.647209][ T7826] path_openat+0x274b/0x3190 [ 143.651789][ T7826] [ 143.654103][ T7826] Memory state around the buggy address: [ 143.659724][ T7826] ffff88807600b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 143.667776][ T7826] ffff88807600b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 143.675820][ T7826] >ffff88807600b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 143.683873][ T7826] ^ [ 143.690007][ T7826] ffff88807600b880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 143.698051][ T7826] ffff88807600b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 143.706094][ T7826] ================================================================== [ 143.744328][ T7826] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 143.751575][ T7826] CPU: 0 PID: 7826 Comm: syz.3.743 Not tainted syzkaller #0 [ 143.758873][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 143.768975][ T7826] Call Trace: [ 143.772277][ T7826] [ 143.775218][ T7826] dump_stack_lvl+0x16c/0x230 [ 143.779917][ T7826] ? show_regs_print_info+0x20/0x20 [ 143.785175][ T7826] ? load_image+0x3b0/0x3b0 [ 143.789678][ T7826] panic+0x2c0/0x710 [ 143.793572][ T7826] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 143.799729][ T7826] ? bpf_jit_dump+0xd0/0xd0 [ 143.804233][ T7826] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 143.810118][ T7826] ? _raw_spin_unlock+0x40/0x40 [ 143.814963][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.820415][ T7826] check_panic_on_warn+0x84/0xa0 [ 143.825342][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.830803][ T7826] end_report+0x6f/0x140 [ 143.835036][ T7826] kasan_report+0x128/0x150 [ 143.839526][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.845066][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.850533][ T7826] kasan_check_range+0x288/0x290 [ 143.855460][ T7826] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 143.860909][ T7826] __asan_memmove+0x29/0x70 [ 143.865402][ T7826] ext4_xattr_set_entry+0x94b/0x1e90 [ 143.870684][ T7826] ext4_xattr_block_set+0xae3/0x32a0 [ 143.875975][ T7826] ? ext4_destroy_inode+0x200/0x200 [ 143.881177][ T7826] ? proc_nr_inodes+0x230/0x230 [ 143.886105][ T7826] ? do_raw_spin_unlock+0x121/0x230 [ 143.891290][ T7826] ? _raw_spin_unlock+0x28/0x40 [ 143.896137][ T7826] ? ext4_xattr_block_find+0x350/0x350 [ 143.901673][ T7826] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 143.907061][ T7826] ext4_xattr_set_handle+0xbff/0x1290 [ 143.912430][ T7826] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 143.918519][ T7826] ? __ext4_journal_start_sb+0x259/0x570 [ 143.924141][ T7826] ext4_xattr_set+0x22d/0x320 [ 143.928833][ T7826] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 143.934383][ T7826] ? evm_protected_xattr_common+0x170/0x190 [ 143.940269][ T7826] ? evm_protect_xattr+0x534/0x7a0 [ 143.945368][ T7826] ? ext4_xattr_security_get+0x40/0x40 [ 143.950824][ T7826] __vfs_setxattr+0x431/0x470 [ 143.955492][ T7826] __vfs_setxattr_noperm+0x12d/0x5e0 [ 143.960779][ T7826] vfs_setxattr+0x16c/0x2f0 [ 143.965281][ T7826] ? xattr_permission+0x470/0x470 [ 143.970297][ T7826] ? __mnt_want_write+0x223/0x2a0 [ 143.975315][ T7826] ? path_setxattr+0x314/0x550 [ 143.980083][ T7826] path_setxattr+0x362/0x550 [ 143.984692][ T7826] ? simple_xattrs_free+0x150/0x150 [ 143.989890][ T7826] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 143.995858][ T7826] ? lock_chain_count+0x20/0x20 [ 144.000696][ T7826] __x64_sys_setxattr+0xbb/0xd0 [ 144.005533][ T7826] do_syscall_64+0x55/0xb0 [ 144.009937][ T7826] ? clear_bhb_loop+0x40/0x90 [ 144.014599][ T7826] ? clear_bhb_loop+0x40/0x90 [ 144.019259][ T7826] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 144.025138][ T7826] RIP: 0033:0x7fd71258f749 [ 144.029539][ T7826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.049130][ T7826] RSP: 002b:00007fd71340f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 144.057529][ T7826] RAX: ffffffffffffffda RBX: 00007fd7127e5fa0 RCX: 00007fd71258f749 [ 144.065496][ T7826] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 144.073458][ T7826] RBP: 00007fd712613f91 R08: 0000000000000000 R09: 0000000000000000 [ 144.081415][ T7826] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 144.089367][ T7826] R13: 00007fd7127e6038 R14: 00007fd7127e5fa0 R15: 00007ffd3411ca58 [ 144.097328][ T7826] [ 144.100556][ T7826] Kernel Offset: disabled [ 144.104865][ T7826] Rebooting in 86400 seconds..