last executing test programs: 17.821970957s ago: executing program 1 (id=17): syz_usb_connect(0x5, 0x24, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)="f2435f0100088000000000950800", 0xe, 0x1, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x40000005, 0x5) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB="1400350064756d6d7930"], 0x3c}, 0x1, 0x0, 0x0, 0x8080}, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 14.711332197s ago: executing program 1 (id=23): prctl$PR_MCE_KILL(0x4e, 0x1, 0x1000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) gettid() syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000500)='./file0\x00', 0x1000000, &(0x7f00000018c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c756e695f786c6174653d312c636865636b3d7374726963742c646f733178666c6f7070792c757466383d312c757466383d312c757466383d302c696f636861727365743d6370313235de26302c696f636861727365743d69736f383835392d342c696f636861727365743d64656661756c742c73686f72746e616d653d6d69786564", @ANYRES16=0x0], 0xfe, 0x1b2, &(0x7f0000000580)="$eJzs289qE1EUB+CT2Na0LpKFK3Ex4MZVaPoEBqkgBgQlCwVBsQ1IRwIWArow2bnwIfRx3OqTuCwiXEmmf5Iai5Q2A+n3bXKYub9w7pDkMIF5efvt3k5/v/ei9y1qlUpU76UUB5VoRDWOjAIAWCYHKcWXiEjXR7H+NdKvVCi7LwDg8ozn/8/xwD+c/yY/ACy/p8+eP2p3OttPsqwWkX8adAfd4rU43+7Fm8hjNzajHr8j0rGifvCws72ZTTTicz48zA8H3Wuz+VbUozE/3yry2Wx+NTam81tRj5vz81tz82tx985Uvhn1+PE6+pHHToyzJ/mPrSy7/7hzKn9jsg4AAACWQTM7Nvf+vdn81/ki36789/8Dp+6vV+LWSrl7B4Crav/9h71Xeb77bqHF2tSRiBidsfj7RtHo4jrMzhk/uqSLvpgXV6zHxb/zapS/r+Up+tXzx1NKw/Hn8+zFtYiYFOX9JgGLcfLtnzlcL60hAAAAAAAAAAAAAADgL4t4dKnsPQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw9fwJAAD//xQYkLQ=") 8.60273851s ago: executing program 1 (id=40): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x70bd25, 0xfffffe00, {0x0, 0x0, 0x0, r5, {0x5}, {0xffff}, {0xc, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xe, [0x50, 0x5, 0x0, 0xf, 0x13, 0x2, 0x4, 0x1e, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x83, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x7, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={0x0}, 0x1, 0x0, 0x0, 0x4010}, 0x8000) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0xfff0) 8.512842244s ago: executing program 2 (id=41): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000400100004112200a4e2000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x100, 0x50, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 8.047404695s ago: executing program 4 (id=42): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100), 0x0, 0x1, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x14) 7.801448284s ago: executing program 3 (id=43): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000540)={0x6, 0x10000006, 0x2, 0x87, 0xffffffff, 0x40}) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd29, 0x25dfdbf8, {{}, {@val={0x8, 0x1, 0x4f}, @val={0x8}, @void}}}, 0x51}, 0x1, 0x0, 0x0, 0x44040}, 0x2400c004) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40088a01, &(0x7f0000000000)=0x100) 7.530310265s ago: executing program 0 (id=44): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffff9, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffe}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x74, 0x2c, 0xf3f, 0x70bd2b, 0x25dfdbbd, {0x0, 0x0, 0x0, r2, {0xd, 0xc}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_route={{0xa}, {0x44, 0x2, [@TCA_ROUTE4_POLICE={0x40, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x8001, 0xffffffffffffffff, 0x8, 0x7, 0xfffffffe, {0x81, 0x0, 0x100, 0x943, 0x3}, {0x9, 0x1, 0x2, 0x4, 0xe80, 0x9}, 0x1, 0x0, 0xff}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20041090}, 0x4880) 6.958912258s ago: executing program 2 (id=45): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 6.958635414s ago: executing program 4 (id=46): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880088f74803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) 6.718465275s ago: executing program 3 (id=47): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) fstatfs(r0, &(0x7f0000000140)=""/32) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES32=r2], 0x1c}}, 0x4008054) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@data_err_ignore}, {@dioread_nolock}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@grpid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x3c}}, {@min_batch_time={'min_batch_time', 0x3d, 0x3}}]}, 0x1, 0x47a, &(0x7f00000006c0)="$eJzs28uPFMUfAPBv9z6AH4/lh/gAUVeJyUbjLrugcvCi0cQYjCZ6wOM6O5ANA2vY1QgSWYzxZGJI9Ew8Gv0LvBkTo55MuHryZEiIcgE8remebpgdZni4M8yy8/kkPVPVXT1VNdWP6qqZAPrWaPaSRGyKiN8jYqQeXZ5gtP525dKpytVLpypJLC299VeSp7t86VSlTFrut7GIjKUR6adJkcly8ydOHpmu1arHi/jEwtH3JuZPnHzmg6PTh6uHq8em9u/ft3fy+eemnu1IPbN6Xd758dyuHa++c/b1ysGz7/7yXVbeTcX2xnp0ymhW8b+Xcs3bnux0Zj22uSGcDPawINyRgYjImmsoP/9HYiCuN95IvPJJTwsHdFV2b1rXfvPiErCGJdHrEgC9Ud7os+ffcrlLXY9V4eKL9QegrN5XiqW+ZTDSIs1Q0/NtJ41GxMHFf85lS3RpHAIAoNHnla8ODEfER1e/fS3re4xERDke9ED++kf+uqWYQ9kaEf+PiG0RcV9EbI+I+4u0D0bEQyssz439n/TCCj/yprL+3wvF3Nby/l/Z+4utA0Vsc17/oeTQbK26J9bl38lYDK3L4pM3yeOHl89/0W5bY/8vW7L8y75gUY4Lg00DdDPTC9N5p7QDLp6J2DnYqv7JtZmAJCJ2RMTOO/voLWVg9qlvdrVL1Lr+l8/dVg4dmGda+jqr3mJW/8Voqn8paZyfnL1hfnJifdSqeybqR0Urv/722Zvt8r91+3fXxWr9vaH9m5NsTRrna+c7m/9/PP7T4eTtfJ55uFj34fTCwvHJiOHkQB5ftn7q+r5lvEyfHf9ju1uf/9uKfbL6PxwR2UH8SEQ8GhGPFWV/PCKeiIjdN6njzy/duv6R9qj9z0TMtLz+XTv+m9r/zgMDR376vl3+t9f++/LQWLEmv/7dQqviZJeL5gKu5LsDAACAe0Wa/wY+ScevhdN0fLz+G/7t8b+0Nje/8PShufePzcT5LfXxz7Qc6RopxkNrs7XqZLJYfGJ9fHSqGCsux0v3FuPGXw5syOPjlbnaTI/rDv1uY5vzP/PnQK9LB3TZhpZrp4bvekGAHmieR0+XR0+/ES4GsFb5vzb0r/L8b/O83/g/GGCNcf+H/tXq/D/dFDcXAGuT+z/0L+c/9Kn0xxXs7KkA7nXu/9CXVvK//i4G1q+OYvQmsFobJQ9ElIF0VZRHoEuBXl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOuPfAAAA//+Pc+dq") 6.143012558s ago: executing program 0 (id=48): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000a80)={0x20, r1, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0x810) 5.981682631s ago: executing program 4 (id=49): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x21c91c, &(0x7f0000000440)={[{@dioread_nolock}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@resgid}, {@norecovery}, {@quota}, {@auto_da_alloc}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x1}}, {@resgid, 0x32}]}, 0x1, 0x519, &(0x7f00000014c0)="$eJzs3V1PZGcdAPD/GZgtLCA0elGbtDZuDRDdAcRuiRe1Jkavmqj1viIMhDAwBIZ2IVVp/AAmxlgTr3rljYkfwMTsRzAmm+i9UeNLdFcvNtHdMefMy7LsmQV2ZxiE3y85nOc85zn8n/9M5pnzljMBXFqvRMS1iHhQr9enI2K8WV9oTnHQmNJ2d++8v5ROSdTrb/8jiUgadWmzqUP/c6S52VBEfPNrEd9JHo+7s7e/vliplLebyzO1ja2Znb3962sbi6vl1fLm/PzcjYXXF15bmO1KnqMR8cZX/vyTH/78q2/8+nPv/eGdv059L2nWRzzMo9saqRez16JlMCK2exGsTwazDAEA+H/Q2s//dERMx3gMZHtzAAAAwEVS/9Jo/DeJqJ/I0MmaAQAAAOdKIbsHNimUmvcBjMZLH5ZKjXt4PxFXC5XqTu2zK9XdzeXGvbITUSysrFXKs817hSeimKTLc1m5vRwR9w4vl+cj4vmI+PH4cLZcWqpWlvt98gMAAAAuiZEjx///frzJf/rRLwAAAKDLJvrdAQAAAKDnHP8DAADAxef4HwAAAC60r7/1VjrVW79/vfzu3u569d3ry+Wd9dLG7lJpqbq9VVqtVlezZ/ZtHPf/KtXq1hdic/fmTK38t7FGXXV3s/bO2iM/gQ0AAACcoec/dev3SUQcfHE4m1JX+t0p4EwMnqbxn3rXD+DsDfS7A0DfnOr7H7hQiv3uANB3yTHrhz76bv6K3/SiNwAAQC9MfjL/+v/AsecGDgpn1EWgR5z/g8vL9X+4vE57/d/+AlwcxRgIB/JwubUfATr8aP1Ic97x4R0nvv5frz9VxwAAgK4ZzaakUIrIzgOMRqFQKkWMZccExWRlrVKejYiPRcTvxovPpctz2ZZJJMfdNAwAAAAAAAAAAAAAAAAAAAAAAAAAZOr1JOqnsHCq1gAAAMB5EFH4S5I9zT9icvzV0aPnB64k98azeUS897O3P7y5WKttz6X1/2zX137arP98P85gAAAAAEe1jtOz+XC/ewMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADARXP3zvtLreks4/79yxExkRd/MIay+VAUI+Lqv5IYPLRdEhEDXYh/8EFEvJAXP0m7FRPNXuTFH+5z/JEuxIfL7FY6/ryZ9/krxCvZPP/zdyMboZ5d5/Gv0B7/BnLip3Vj7dKTvXj7lzMd438Q8eJg/vjTip/E2KPxDxrjz7UT5vjtb+3vd1pX/yhiMvf7J2m3SUsztY2tmZ29/etrG4ur5dXy5vz83I2F1xdeW5idWVmrlJt/c2P86KVfPXhS/lc7xJ9o558//r56wvzv37555+ONYrG9efIw/tS1/Pf/hQ7xC813/TPNcrp+slU+aJQPe/kXv325VX4zJ//lo/lPx5H3Pz//qRPmP/2NH/zxhE0BgDOws7e/vliplLcvdeGZXo10t+hcZPFMhSu9yiJ9Xc9DgnmF7z/t5unub4dVA51XnavC0DFtIp7r68gEAAB02+PHwAAAAAAAAAAAAAAAAAAAAMBZ6/GTxu6nheKRmAfZ3248PR8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoHv+FwAA//9xi8yk") mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x820f8, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) 4.879829165s ago: executing program 2 (id=50): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000009c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c0005000000000000000000050037000000000008000200", @ANYRES32=r4, @ANYBLOB="0600060003000000060004"], 0x50}, 0x4, 0x700000000000000, 0x0, 0x50}, 0x0) socket(0x40000000015, 0x5, 0x0) r5 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r5, 0x0, 0x40080b4) sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000480)={0x20, r2, 0x10, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}]}, 0x20}}, 0x20000040) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r8, &(0x7f00000003c0)={0x0, 0xfffffffffffffd90, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r9, 0x701, 0x74bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r9, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8040}, 0x24000084) sendmsg$ETHTOOL_MSG_RINGS_GET(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000600)={0x2c, r7, 0x1, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x90) r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) r11 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r11, 0x0, 0x0, 0x0, 0x0, 0x0) r12 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_opts(r12, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmsg$inet(r12, &(0x7f0000000400)={&(0x7f0000000080)={0x2, 0x4e1d, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x60000000}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r12, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000240)=0x8) writev(r10, &(0x7f00000004c0)=[{&(0x7f0000000180)="812e", 0x2}], 0x1) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f0000000640)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x68, r9, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}]}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x6}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x10}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}]}]}, 0x68}}, 0x20040804) 4.844859986s ago: executing program 0 (id=51): r0 = socket$inet6(0xa, 0x3, 0x6) sendto$inet6(r0, 0x0, 0x8f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xaec}, 0x1c) 4.613191632s ago: executing program 1 (id=52): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1018e58, &(0x7f00000005c0)={[{@nodioread_nolock}, {@noblock_validity}, {@data_err_ignore}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@nodiscard}, {@stripe={'stripe', 0x3d, 0x4}}, {@noauto_da_alloc}]}, 0x6, 0x61f, &(0x7f0000000b00)="$eJzs3c9rXNUeAPDvncmkSZv30j4ej9fyHi/wFi1I00wtVt3Y1oVdFCzYhYiLhiapodMfNCmYWGgKLhQURNyKdOM/4F66dyeCunMtVJGKikpH7syddDKZSdIkM9Pmfj5wM/ece2fO+c6dM/fce3PmBpBbY+mfQsT+iAfnk4jRpmUjUV84lq13/6ebF9IpiWr1lR+TSLK8xvpJ9rgnSwxFxJenIv5RXF3u3MLipclKte5WxJH5y9eOzC0sHp69PHlx+uL0lfLRZ48dn3iufKy8LXHuyR5Pn3n5P++//cYzM19VDidxIs6V3pqKlji2y1iMxYMsxOb8gYg4ns60eV+eNDsghFwrZp/HUkT8K0ajWEvVjcbse32tHNBV1WJEFcipRPuHnGr0AxrH9hs7Dj7X5V5J79w7WT8AWh3/QP3cSAzVjo1230+ajowGauc29m5D+WkZf9488HE6xYrzEL8ub52BbSink6XbEfHvdvEntbrtrUWaxl9YUY8kIiYiYjCr34tbqEPSNN+N8zBr2Wz8hYg4kT2m+ac2Wf5YS7rX8QOQT3dPZjvypTT1cP+X9j0a/Z9Y1f+pXxtq3XdtRr/3f537f439/VDtHHmhpR+W9lnOtn/JUmvGd++e/rBT+c39v3RKy2/0BXvh3u2IAy3xv5MGm/V/0viTNts/XeX8iY2V8dLXP5zutKzf8VfvRBxse/zzsFeazrVenxzOlpWPlY/MzFamJ+p/25bx+Revf9qp/H7Hn27/3R3ib9r+hdbnpe/JtQ2W8dnZO5c7LRtZN/7C94NJ/XhzMMt5c3J+/no5YjA5k61Sv5BVyz+6dl0a6zReI43/0P/bt/8Vn//bK19nuPGVuQHXXr10v9OyzWz/povJD6obrEMnafxT62//Ve0/zftgOXVrzTJ+ee3GfzstWyv+4S3GBgAAAAAAAHlTqF2DTQrjy/OFwvh4fbzsP2N3oXJ1bv6pmas3rkxFHKr9P2Sp0LjSPVpPJ2m6nP0/bCN9tCX9dETsi4iPisO19PiFq5WpfgcPAAAAAAAAAAAAAAAAAAAAj4k92fj/xn2qfy7Wx/8DOdHNG8wBjzftH/Kr1v5X3eIJyAP7f8gv7R/yS/uH/NL+Ib+0f8gv7R/yS/uH/NL+AQAAAGBH2ve/u98mEbH0/HBtSg1my4wIgp2t1O8KAH1T7HcFgL5ZvvSvsw+5s6H+/+/ZjwN2vzpAHyTtMmudg+rajf9u22cCAAAAAAAAAAAAAF1wcH/78f+JscGw4xn2B/m1hfH/fjoAnnB++h/yyzE+sN4o/qFOC4z/BwAAAAAAAAAAAICeGalNSWE8Gws8EoXC+HjE3yJib5SSmdnK9ERE/D0ivimWdqXpcr8rDQAAAAAAAAAAAAAAAAAAADvM3MLipclKZfp688wfq3J29kzjLqg9KOuFeMRnRdL7t2U4IpZzShGPWufuzezKPrZbeZ2BuYXF5LdqTRKxFI9PgFuKa5tn1v3qGOzqFxMAAAAAAAAAAAAAAAAAAORQ09jj9g580uMaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvPbz/f/dm+h0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBk+isAAP//GjM9YA==") sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x84) r0 = open(&(0x7f0000001b80)='.\x00', 0x0, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000088) 4.578145392s ago: executing program 3 (id=53): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}, {0x18, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xdc}}, 0x0) 3.640382678s ago: executing program 4 (id=54): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) close_range(r0, 0xffffffffffffffff, 0x0) 3.52678866s ago: executing program 0 (id=55): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000002a00)={[{@noblock_validity}, {@resgid={'resgid', 0x3d, 0xee00}}, {@acl}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@nodiscard}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8WloIFETFI2nSBz1wAYHEAQQSHIo4BSetSt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPRenfTxLVDHk6c4s9H2nZmd92Z786OPTtjN4CuNZT+kUTsjohfI2Iwyy4/YSj76+bCbOWvhdlKErXaa38m9fNuLMxW8n9i8XW7sh21Wp7f0aTc+TcjxqvVyct5fmTm4jsj01euPnX+4vi5yXOTl8ZOnz5x/HDfqbGTbYkzjevGwfenDh148Y1rL1fOXHvrx6/T+u7OjxdxtNNQdnWberTdhXXYniXppNzBirAmabulzdVb7/+D0RMDi8cG44WPOlo5YFPVarVas8/n3FwN+A9LotM1ADqj+KBPn3+LbYuGHtvCH89mD0Bp3DfzLTtSjlJ+Tm/D82079UfEmbm/v0i32KR5CACApb5Nxz9PNhv/leKeJef9L19D2RsR/4+IfRFxV0Tsj4i7I+rn3hsR962x/MYVktvHP6Xr6wpsldLx3zP52tby8V8x+ou9PXluTz3+3uTs+erksfyaHI3eHWl+dNlLlvvu+V8+a9z3aT7NPrRk/JduafnFWDCvx/VywwTdxPjMeFuCT+P/MOJguVn8SRTLOElEHIiIg+ss4/zjXx1qdezf419BG9aZal9GPJa1/1w0xF9IWq5Pjj59auzkSH9UJ4+NFHfF7X76ef7VVuVvKP42SNt/Z9P7P4s/fUZM+iOmr1y9UF+vnV57GfO/fVxJWhzbv877vy95vZ7uy/e9Nz4zc3k0oi95Kc0OLNs/duu1Rb44P43/6JHm/X9f9nhWvxL3R0R6Ex+OiAci4sG87R6KiIcj4sgK8f/w3CNvtzrWuv1XmJVvozT+iRXaP33LS1O32n/tiZ4L33/Tqvzaqtr/RD11NN+zmve/1VZwI9cOAAAA7hSl+nfgk9LwYrpUGh7OvsO/P3aWqlPTM0+cnXr30kT2Xfm90VsqZroGl8yHjuZzw0V+rCF/PJ83/rxnoJ4frkxVJzodPHS5XS36f+r3nk7XDth0fq8F3Uv/h+6l/0P30v+he+n/0KX6mu/+YKvrAXTE2j//+zelHsDWM/6H7qX/Q/fS/6ErtfxtfGlDP/m/UxPl7VGNpomB7VGNIhGlbVGN9iVe+STrEtulPkWivOr/zGKdiR1ND3X6nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA9/gkAAP//Uo/mdg==") r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14020000", @ANYRES16, @ANYBLOB="01002bbd7000fbdbdf250100030008000100010000000c0004800500030080ff000008000200010000000400088008000100ffffffff24000c8004000b801c000b8018000900"], 0x214}, 0x1, 0x0, 0x0, 0x1}, 0x48084) 3.505905182s ago: executing program 3 (id=56): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(0xffffffffffffffff, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xffffff07, 0x11}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c) 3.356714083s ago: executing program 2 (id=57): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f2435f01000880", 0x7, 0x1, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x14) 2.55173154s ago: executing program 1 (id=58): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000540)={0x6, 0x10000006, 0x2, 0x87, 0xffffffff, 0x40}) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd29, 0x25dfdbf8, {{}, {@val={0x8, 0x1, 0x4f}, @val={0x8}, @void}}}, 0x51}, 0x1, 0x0, 0x0, 0x44040}, 0x2400c004) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40088a01, &(0x7f0000000000)=0x100) 1.972578498s ago: executing program 4 (id=59): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="31032fbd7000fddbdf2508000000080003"], 0x2c}, 0x1, 0x0, 0x0, 0x8814}, 0x20000084) 1.972207506s ago: executing program 2 (id=60): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 1.490015951s ago: executing program 0 (id=61): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000040)=0x4) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000180)=""/141) 1.406640688s ago: executing program 3 (id=62): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000280), &(0x7f0000000000)=r1}, 0x20) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x16, &(0x7f00000004c0)={@local, @random="a6e286036e89", @void, {@mpls_uc={0x8847, {[], @llc={@snap={0x1, 0x1, "8b", "d3d9e4"}}}}}}, 0x0) 1.236617895s ago: executing program 1 (id=63): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) fstatfs(r0, &(0x7f0000000140)=""/32) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES32=r2], 0x1c}}, 0x4008054) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@data_err_ignore}, {@dioread_nolock}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@grpid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x3c}}, {@min_batch_time={'min_batch_time', 0x3d, 0x3}}]}, 0x1, 0x47a, &(0x7f00000006c0)="$eJzs28uPFMUfAPBv9z6AH4/lh/gAUVeJyUbjLrugcvCi0cQYjCZ6wOM6O5ANA2vY1QgSWYzxZGJI9Ew8Gv0LvBkTo55MuHryZEiIcgE8remebpgdZni4M8yy8/kkPVPVXT1VNdWP6qqZAPrWaPaSRGyKiN8jYqQeXZ5gtP525dKpytVLpypJLC299VeSp7t86VSlTFrut7GIjKUR6adJkcly8ydOHpmu1arHi/jEwtH3JuZPnHzmg6PTh6uHq8em9u/ft3fy+eemnu1IPbN6Xd758dyuHa++c/b1ysGz7/7yXVbeTcX2xnp0ymhW8b+Xcs3bnux0Zj22uSGcDPawINyRgYjImmsoP/9HYiCuN95IvPJJTwsHdFV2b1rXfvPiErCGJdHrEgC9Ud7os+ffcrlLXY9V4eKL9QegrN5XiqW+ZTDSIs1Q0/NtJ41GxMHFf85lS3RpHAIAoNHnla8ODEfER1e/fS3re4xERDke9ED++kf+uqWYQ9kaEf+PiG0RcV9EbI+I+4u0D0bEQyssz439n/TCCj/yprL+3wvF3Nby/l/Z+4utA0Vsc17/oeTQbK26J9bl38lYDK3L4pM3yeOHl89/0W5bY/8vW7L8y75gUY4Lg00DdDPTC9N5p7QDLp6J2DnYqv7JtZmAJCJ2RMTOO/voLWVg9qlvdrVL1Lr+l8/dVg4dmGda+jqr3mJW/8Voqn8paZyfnL1hfnJifdSqeybqR0Urv/722Zvt8r91+3fXxWr9vaH9m5NsTRrna+c7m/9/PP7T4eTtfJ55uFj34fTCwvHJiOHkQB5ftn7q+r5lvEyfHf9ju1uf/9uKfbL6PxwR2UH8SEQ8GhGPFWV/PCKeiIjdN6njzy/duv6R9qj9z0TMtLz+XTv+m9r/zgMDR376vl3+t9f++/LQWLEmv/7dQqviZJeL5gKu5LsDAACAe0Wa/wY+ScevhdN0fLz+G/7t8b+0Nje/8PShufePzcT5LfXxz7Qc6RopxkNrs7XqZLJYfGJ9fHSqGCsux0v3FuPGXw5syOPjlbnaTI/rDv1uY5vzP/PnQK9LB3TZhpZrp4bvekGAHmieR0+XR0+/ES4GsFb5vzb0r/L8b/O83/g/GGCNcf+H/tXq/D/dFDcXAGuT+z/0L+c/9Kn0xxXs7KkA7nXu/9CXVvK//i4G1q+OYvQmsFobJQ9ElIF0VZRHoEuBXl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOuPfAAAA//+Pc+dq") 824.422137ms ago: executing program 4 (id=64): sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) socket$netlink(0x10, 0x3, 0x0) close_range(r2, 0xffffffffffffffff, 0x200000000000000) 178.17637ms ago: executing program 2 (id=65): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0x980) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) getdents64(r1, 0x0, 0x0) 109.188249ms ago: executing program 0 (id=66): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000f40)="aefdda9d040000005a90f57f07703aefeef64ebbee07962cfff3f878f5772e11b44e65d76641cb090052e436dd2a6fc3", 0x30}, {&(0x7f0000000180)='S\x00\x00', 0x3}], 0x2) 0s ago: executing program 3 (id=67): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000009c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c0005000000000000000000050037000000000008000200", @ANYRES32=r4, @ANYBLOB="0600060003000000060004"], 0x50}, 0x4, 0x700000000000000, 0x0, 0x50}, 0x0) socket(0x40000000015, 0x5, 0x0) r5 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r5, 0x0, 0x40080b4) sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000480)={0x20, r2, 0x10, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}]}, 0x20}}, 0x20000040) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r8, &(0x7f00000003c0)={0x0, 0xfffffffffffffd90, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r9, 0x701, 0x74bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r9, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8040}, 0x24000084) sendmsg$ETHTOOL_MSG_RINGS_GET(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000600)={0x2c, r7, 0x1, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x90) r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) r11 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r11, 0x0, 0x0, 0x0, 0x0, 0x0) r12 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_opts(r12, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmsg$inet(r12, &(0x7f0000000400)={&(0x7f0000000080)={0x2, 0x4e1d, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x60000000}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r12, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000240)=0x8) writev(r10, &(0x7f00000004c0)=[{&(0x7f0000000180)="812e", 0x2}], 0x1) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f0000000640)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x60, r9, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}]}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x6}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x10}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}]}]}, 0x60}}, 0x20040804) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.151' (ED25519) to the list of known hosts. [ 180.856089][ T5557] cgroup: Unknown subsys name 'net' [ 181.047037][ T5557] cgroup: Unknown subsys name 'cpuset' [ 181.065094][ T5557] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 187.415439][ T5557] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 192.307301][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 192.319321][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 192.330770][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 192.345368][ T5580] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 192.354183][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 192.367299][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 192.378069][ T5580] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 192.388046][ T5580] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 192.404479][ T48] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 192.417739][ T48] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 192.417904][ T4874] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 192.435087][ T4874] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 192.467063][ T4874] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 192.479966][ T5585] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 192.481904][ T4874] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 192.496515][ T5585] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 192.518037][ T5585] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 192.526781][ T4874] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 192.536048][ T5585] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 192.554986][ T5580] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 192.760084][ T4874] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 192.769404][ T4874] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 192.787581][ T4874] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 192.807019][ T4874] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 192.823484][ T4874] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 194.476675][ T5580] Bluetooth: hci1: command tx timeout [ 194.482397][ T4874] Bluetooth: hci0: command tx timeout [ 194.637652][ T5580] Bluetooth: hci3: command tx timeout [ 194.643424][ T4874] Bluetooth: hci2: command tx timeout [ 194.876538][ T4874] Bluetooth: hci4: command tx timeout [ 196.557101][ T4874] Bluetooth: hci1: command tx timeout [ 196.562082][ T5580] Bluetooth: hci0: command tx timeout [ 196.716639][ T5580] Bluetooth: hci2: command tx timeout [ 196.722359][ T5580] Bluetooth: hci3: command tx timeout [ 196.957016][ T5580] Bluetooth: hci4: command tx timeout [ 197.462907][ T5586] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.474893][ T5586] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.484281][ T5586] bridge_slave_0: entered allmulticast mode [ 197.495609][ T5586] bridge_slave_0: entered promiscuous mode [ 197.593912][ T5586] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.619973][ T5586] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.630631][ T5586] bridge_slave_1: entered allmulticast mode [ 197.644030][ T5586] bridge_slave_1: entered promiscuous mode [ 197.658220][ T5582] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.667375][ T5582] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.675023][ T5582] bridge_slave_0: entered allmulticast mode [ 197.687899][ T5582] bridge_slave_0: entered promiscuous mode [ 197.757073][ T5582] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.764704][ T5582] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.772815][ T5582] bridge_slave_1: entered allmulticast mode [ 197.781951][ T5582] bridge_slave_1: entered promiscuous mode [ 197.971766][ T5594] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.979740][ T5594] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.987697][ T5594] bridge_slave_0: entered allmulticast mode [ 197.996027][ T5594] bridge_slave_0: entered promiscuous mode [ 198.033365][ T5586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.129620][ T5582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.142917][ T5575] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.152047][ T5575] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.159754][ T5575] bridge_slave_0: entered allmulticast mode [ 198.168858][ T5575] bridge_slave_0: entered promiscuous mode [ 198.180532][ T5594] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.188834][ T5594] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.197421][ T5594] bridge_slave_1: entered allmulticast mode [ 198.205849][ T5594] bridge_slave_1: entered promiscuous mode [ 198.224416][ T5586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.234293][ T5576] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.242354][ T5576] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.249993][ T5576] bridge_slave_0: entered allmulticast mode [ 198.259608][ T5576] bridge_slave_0: entered promiscuous mode [ 198.277737][ T5582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.319024][ T5575] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.326824][ T5575] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.334214][ T5575] bridge_slave_1: entered allmulticast mode [ 198.343030][ T5575] bridge_slave_1: entered promiscuous mode [ 198.402244][ T5576] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.410253][ T5576] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.417885][ T5576] bridge_slave_1: entered allmulticast mode [ 198.426537][ T5576] bridge_slave_1: entered promiscuous mode [ 198.592960][ T5582] team0: Port device team_slave_0 added [ 198.634904][ T5594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.644504][ T5580] Bluetooth: hci0: command tx timeout [ 198.647238][ T5580] Bluetooth: hci1: command tx timeout [ 198.667543][ T5586] team0: Port device team_slave_0 added [ 198.682649][ T5576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.703764][ T5576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.722853][ T5582] team0: Port device team_slave_1 added [ 198.774115][ T5575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.796684][ T4874] Bluetooth: hci3: command tx timeout [ 198.804169][ T5580] Bluetooth: hci2: command tx timeout [ 198.815107][ T5594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.835514][ T5586] team0: Port device team_slave_1 added [ 198.973064][ T5575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.036585][ T5580] Bluetooth: hci4: command tx timeout [ 199.114762][ T5582] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.122583][ T5582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.149218][ T5582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.218710][ T5586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.225951][ T5586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.252813][ T5586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.275438][ T5576] team0: Port device team_slave_0 added [ 199.301833][ T5582] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.309038][ T5582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.335740][ T5582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.354362][ T5575] team0: Port device team_slave_0 added [ 199.369389][ T5594] team0: Port device team_slave_0 added [ 199.378563][ T5586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.385711][ T5586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.412032][ T5586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.430886][ T5576] team0: Port device team_slave_1 added [ 199.460703][ T5575] team0: Port device team_slave_1 added [ 199.472433][ T5594] team0: Port device team_slave_1 added [ 199.664950][ T5594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.672311][ T5594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.706289][ T5594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.721174][ T5576] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.728559][ T5576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.755001][ T5576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.794645][ T5575] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.801830][ T5575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.828217][ T5575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.867816][ T5594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.874939][ T5594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.901248][ T5594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.915297][ T5576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.922599][ T5576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 199.949180][ T5576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.988290][ T5575] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.995355][ T5575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.021733][ T5575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.106420][ T5582] hsr_slave_0: entered promiscuous mode [ 200.115040][ T5582] hsr_slave_1: entered promiscuous mode [ 200.152714][ T5586] hsr_slave_0: entered promiscuous mode [ 200.161677][ T5586] hsr_slave_1: entered promiscuous mode [ 200.170338][ T5586] debugfs: 'hsr0' already exists in 'hsr' [ 200.176393][ T5586] Cannot create hsr debugfs directory [ 200.464668][ T5594] hsr_slave_0: entered promiscuous mode [ 200.473611][ T5594] hsr_slave_1: entered promiscuous mode [ 200.482862][ T5594] debugfs: 'hsr0' already exists in 'hsr' [ 200.488883][ T5594] Cannot create hsr debugfs directory [ 200.508429][ T5576] hsr_slave_0: entered promiscuous mode [ 200.517468][ T5576] hsr_slave_1: entered promiscuous mode [ 200.525264][ T5576] debugfs: 'hsr0' already exists in 'hsr' [ 200.531354][ T5576] Cannot create hsr debugfs directory [ 200.577707][ T5575] hsr_slave_0: entered promiscuous mode [ 200.587209][ T5575] hsr_slave_1: entered promiscuous mode [ 200.594924][ T5575] debugfs: 'hsr0' already exists in 'hsr' [ 200.600935][ T5575] Cannot create hsr debugfs directory [ 200.716765][ T5580] Bluetooth: hci1: command tx timeout [ 200.716811][ T4874] Bluetooth: hci0: command tx timeout [ 200.876755][ T5580] Bluetooth: hci2: command tx timeout [ 200.882490][ T4874] Bluetooth: hci3: command tx timeout [ 201.116450][ T5580] Bluetooth: hci4: command tx timeout [ 201.872777][ T5582] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 201.900983][ T5582] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 201.913318][ T5582] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 201.938106][ T5582] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 201.950346][ T5582] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 201.971268][ T5582] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 201.995740][ T5582] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 202.017735][ T5582] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 202.140461][ T5586] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 202.164732][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 202.180480][ T5586] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 202.199332][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 202.209828][ T5586] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 202.231933][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 202.255763][ T5586] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 202.278467][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 202.481285][ T5575] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 202.503806][ T5575] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 202.525637][ T5575] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 202.547697][ T5575] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 202.560049][ T5575] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 202.581455][ T5575] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 202.619236][ T5575] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 202.639702][ T5575] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 202.904840][ T5576] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 202.927317][ T5576] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 202.968821][ T5576] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 202.990243][ T5576] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 203.019904][ T5576] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 203.041997][ T5576] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 203.082676][ T5576] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 203.103335][ T5576] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 203.355063][ T5594] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 203.377871][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 203.397317][ T5582] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.413672][ T5594] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 203.440422][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 203.451448][ T5594] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 203.469676][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 203.505753][ T5594] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 203.527821][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 203.686118][ T5582] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.799345][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.806971][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.831963][ T5586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.885546][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.893004][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.087099][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.097030][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.143410][ T5586] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.215582][ T5575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.282915][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.290422][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.395659][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.403172][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.518886][ T5575] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.623712][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.631331][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.755692][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.763279][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.812948][ T5576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.095309][ T5594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.148923][ T5576] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.291071][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.298719][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.398047][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.405626][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.524958][ T5594] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.678436][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.685997][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.843381][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.851229][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.204558][ T5582] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.828673][ T5582] veth0_vlan: entered promiscuous mode [ 208.062478][ T5582] veth1_vlan: entered promiscuous mode [ 208.480743][ T5586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.612894][ T5582] veth0_macvtap: entered promiscuous mode [ 208.739545][ T5582] veth1_macvtap: entered promiscuous mode [ 208.933614][ T5575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.140298][ T5582] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 209.251340][ T5582] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.465553][ T150] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.491963][ T150] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.569534][ T150] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.604431][ T150] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.025292][ T5576] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.084583][ T5575] veth0_vlan: entered promiscuous mode [ 210.277556][ T5575] veth1_vlan: entered promiscuous mode [ 210.399804][ T5594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.843940][ T5576] veth0_vlan: entered promiscuous mode [ 210.904396][ T5575] veth0_macvtap: entered promiscuous mode [ 211.038339][ T5575] veth1_macvtap: entered promiscuous mode [ 211.085448][ T5586] veth0_vlan: entered promiscuous mode [ 211.096043][ T5576] veth1_vlan: entered promiscuous mode [ 211.251040][ T5594] veth0_vlan: entered promiscuous mode [ 211.301077][ T5586] veth1_vlan: entered promiscuous mode [ 211.380882][ T5575] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.448733][ T5594] veth1_vlan: entered promiscuous mode [ 211.497982][ T5575] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.588888][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.606058][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.620324][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.658785][ T5576] veth0_macvtap: entered promiscuous mode [ 211.671686][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.793826][ T5576] veth1_macvtap: entered promiscuous mode [ 212.002082][ T5586] veth0_macvtap: entered promiscuous mode [ 212.103857][ T5586] veth1_macvtap: entered promiscuous mode [ 212.142853][ T5576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.201240][ T5594] veth0_macvtap: entered promiscuous mode [ 212.280697][ T5594] veth1_macvtap: entered promiscuous mode [ 212.340566][ T5576] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.502083][ T55] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.531949][ T55] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.591171][ T55] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.607100][ T5586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.675833][ T150] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.731739][ T5594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.772116][ T5586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.854660][ T5594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.926200][ T35] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.959292][ T35] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.990629][ T35] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.026508][ T35] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.130478][ T81] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.183769][ T81] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.220749][ T81] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.263894][ T81] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.796688][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.859972][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.119761][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.168441][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.786040][ T5582] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 218.204452][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.249008][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.508768][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.546296][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.560456][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.592057][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.962800][ T5850] loop2: detected capacity change from 0 to 512 [ 220.061791][ T5850] EXT4-fs error (device loop2): ext4_iget_extra_inode:5128: inode #15: comm syz.2.9: corrupted in-inode xattr: invalid ea_ino [ 220.090967][ T5850] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 220.092124][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.101741][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 220.101840][ C0] EXT4-fs (loop2): initial error at time 1777967860: ext4_iget_extra_inode:5128: inode 15 [ 220.102026][ C0] EXT4-fs (loop2): last error at time 1777967860: ext4_iget_extra_inode:5128: inode 15 [ 220.140048][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.171755][ T5850] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.9: couldn't read orphan inode 15 (err -117) [ 220.204476][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.253763][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.270855][ T5850] loop2: lost filesystem error report for type 5 error -117 [ 220.295245][ T5850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.576983][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.610273][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.662198][ T5582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.929362][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.977298][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.298578][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.333242][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.983760][ T5864] random: crng reseeded on system resumption [ 222.176012][ T5860] loop3: detected capacity change from 0 to 4096 [ 222.335316][ T5860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.618227][ T29] audit: type=1800 audit(1777967862.868:2): pid=5860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 223.141249][ T5576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.449746][ T5882] loop4: detected capacity change from 0 to 512 [ 223.660376][ T5882] ------------[ cut here ]------------ [ 223.666104][ T5882] EA inode 11 i_nlink=0 [ 223.666494][ T5882] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x7a2/0x880, CPU#0: syz.4.15/5882 [ 223.681941][ T5882] Modules linked in: [ 223.686353][ T5882] CPU: 0 UID: 0 PID: 5882 Comm: syz.4.15 Not tainted syzkaller #0 PREEMPT(full) [ 223.695673][ T5882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 223.706327][ T5882] RIP: 0010:ext4_xattr_inode_update_ref+0x81c/0x880 [ 223.713737][ T5882] Code: 06 00 00 44 89 ab 70 09 00 00 48 c7 83 80 0c 00 00 00 00 00 00 4d 85 f6 75 46 45 85 ff 75 55 48 8b 7d c0 48 8b 75 d0 8b 55 b8 <67> 48 0f b9 3a e9 d3 fc ff ff 44 89 e7 e8 72 50 52 ff 89 c7 e8 8b [ 223.744872][ T5882] RSP: 0018:ffff888054926d30 EFLAGS: 00010246 [ 223.754142][ T5882] RAX: 0000000000000000 RBX: ffff8880548d0bb8 RCX: 00000000005a5db1 [ 223.762589][ T5882] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff92d45130 [ 223.770923][ T5882] RBP: ffff888054926db8 R08: ffffea000000000f R09: 0000000000000000 [ 223.779344][ T5882] R10: ffff888054126c78 R11: 00000000abcd0100 R12: 0000000000000000 [ 223.787725][ T5882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.795891][ T5882] FS: 0000000000000000(0000) GS:ffff8881aa60c000(0063) knlGS:00000000f5475b40 [ 223.805277][ T5882] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 223.812511][ T5882] CR2: 00000000f7f855b8 CR3: 000000005318e000 CR4: 00000000003526f0 [ 223.830915][ T5882] Call Trace: [ 223.834363][ T5882] [ 223.840280][ T5882] ext4_xattr_set_entry+0x1176/0x3440 [ 223.846037][ T5882] ext4_xattr_ibody_set+0x430/0xa30 [ 223.851879][ T5882] ext4_expand_extra_isize_ea+0x29b7/0x3bf0 [ 223.858369][ T5882] __ext4_expand_extra_isize+0x571/0x6f0 [ 223.864401][ T5882] __ext4_mark_inode_dirty+0x665/0x9a0 [ 223.870383][ T5882] ext4_evict_inode+0x196a/0x2730 [ 223.875712][ T5882] ? __pfx_ext4_evict_inode+0x10/0x10 [ 223.881523][ T5882] evict+0x69b/0xc90 [ 223.885715][ T5882] ? kmsan_get_metadata+0xf1/0x160 [ 223.891427][ T5882] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 223.898613][ T5882] iput+0xafb/0xf00 [ 223.902713][ T5882] ext4_process_orphan+0x49a/0x520 [ 223.908278][ T5882] ext4_orphan_cleanup+0x108a/0x1e10 [ 223.913913][ T5882] ext4_fill_super+0xa699/0xafa0 [ 223.925887][ T5882] ? sb_set_blocksize+0x24e/0x390 [ 223.945996][ T5882] get_tree_bdev_flags+0x6e6/0x920 [ 223.954590][ T5882] ? __pfx_ext4_fill_super+0x10/0x10 [ 223.960393][ T5882] ? __pfx_ext4_fill_super+0x10/0x10 [ 223.965941][ T5882] ? __pfx_ext4_get_tree+0x10/0x10 [ 223.971556][ T5882] get_tree_bdev+0x38/0x50 [ 223.976428][ T5882] ext4_get_tree+0x35/0x40 [ 223.981132][ T5882] vfs_get_tree+0xb3/0x5d0 [ 223.985851][ T5882] do_new_mount+0x885/0x1dd0 [ 223.990990][ T5882] ? apparmor_capable+0x2a2/0x380 [ 223.996491][ T5882] ? kmsan_get_metadata+0xf1/0x160 [ 224.001919][ T5882] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 224.008239][ T5882] path_mount+0x7a2/0x20b0 [ 224.012947][ T5882] ? user_path_at+0x1fc/0x330 [ 224.018075][ T5882] __se_sys_mount+0x704/0x7f0 [ 224.023039][ T5882] __ia32_sys_mount+0xe2/0x150 [ 224.038333][ T5882] ia32_sys_call+0x27fe/0x4360 [ 224.045971][ T5882] __do_fast_syscall_32+0x180/0x460 [ 224.051815][ T5882] do_fast_syscall_32+0x37/0x80 [ 224.057115][ T5882] do_SYSENTER_32+0x1f/0x30 [ 224.061906][ T5882] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 224.068642][ T5882] RIP: 0023:0xf7fd300c [ 224.072917][ T5882] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 224.092973][ T5882] RSP: 002b:00000000f5475360 EFLAGS: 00000206 ORIG_RAX: 0000000000000015 [ 224.101754][ T5882] RAX: ffffffffffffffda RBX: 00000000f54753c0 RCX: 0000000080000000 [ 224.110471][ T5882] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 00000000f5475400 [ 224.118875][ T5882] RBP: 00000000f54753c0 R08: 0000000000000000 R09: 0000000000000000 [ 224.137371][ T5882] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 224.145599][ T5882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.156767][ T5882] [ 224.160146][ T5882] ---[ end trace 0000000000000000 ]--- [ 224.275460][ T5887] batman_adv: batadv0: Adding interface: dummy0 [ 224.313570][ T5887] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 224.405638][ T5882] EXT4-fs error (device loop4): ext4_free_inode:354: comm syz.4.15: bit already cleared for inode 11 [ 224.457923][ T5887] batman_adv: batadv0: Interface activated: dummy0 [ 224.497298][ T5882] loop4: lost filesystem error report for type 5 error -117 [ 224.505397][ T5882] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 224.513375][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 224.513463][ C1] EXT4-fs (loop4): initial error at time 1777967864: ext4_free_inode:354 [ 224.513585][ C1] EXT4-fs (loop4): last error at time 1777967864: ext4_free_inode:354 [ 224.607399][ T5882] loop4: lost filesystem error report for type 5 error -117 [ 224.617402][ T5882] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 224.711110][ T5882] loop4: lost filesystem error report for type 5 error -117 [ 224.717771][ T5882] EXT4-fs (loop4): 1 orphan inode deleted [ 224.759465][ T5891] batadv0: mtu less than device minimum [ 224.811060][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.814517][ T5882] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 224.827348][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.847555][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.860567][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.873725][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.886924][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.900047][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.912923][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 224.926034][ T5891] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 225.533348][ T5586] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.752612][ T5895] loop0: detected capacity change from 0 to 1764 [ 225.980912][ T5899] loop3: detected capacity change from 0 to 512 [ 226.054090][ T5899] ======================================================= [ 226.054090][ T5899] WARNING: The mand mount option has been deprecated and [ 226.054090][ T5899] and is ignored by this kernel. Remove the mand [ 226.054090][ T5899] option from the mount to silence this warning. [ 226.054090][ T5899] ======================================================= [ 226.294689][ T5899] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.20: inode has both inline data and extents flags [ 226.328056][ T5899] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 226.336377][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 226.352581][ C0] EXT4-fs (loop3): initial error at time 1777967866: ext4_orphan_get:1397: inode 15 [ 226.362534][ C0] EXT4-fs (loop3): last error at time 1777967866: ext4_orphan_get:1397: inode 15 [ 226.490577][ T5899] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.20: couldn't read orphan inode 15 (err -117) [ 226.542829][ T5899] loop3: lost filesystem error report for type 5 error -117 [ 226.553635][ T5899] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.733341][ T5899] netlink: 436 bytes leftover after parsing attributes in process `syz.3.20'. [ 226.774188][ T5899] netlink: 'syz.3.20': attribute type 9 has an invalid length. [ 226.940029][ T5909] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25'. [ 226.985492][ T5908] loop1: detected capacity change from 0 to 128 [ 227.319644][ T5911] tipc: Started in network mode [ 227.331613][ T5576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.338774][ T5911] tipc: Node identity 84e, cluster identity 4711 [ 227.388432][ T5911] tipc: Node number set to 2126 [ 227.428353][ T5908] FAT-fs (loop1): Directory bread(block 32) failed [ 227.527523][ T5908] FAT-fs (loop1): Directory bread(block 33) failed [ 227.623312][ T5908] FAT-fs (loop1): Directory bread(block 34) failed [ 227.683401][ T5908] FAT-fs (loop1): Directory bread(block 35) failed [ 227.739274][ T5908] FAT-fs (loop1): Directory bread(block 36) failed [ 227.861449][ T5908] FAT-fs (loop1): Directory bread(block 37) failed [ 227.939374][ T5908] FAT-fs (loop1): Directory bread(block 38) failed [ 227.974942][ T5915] loop4: detected capacity change from 0 to 512 [ 228.042508][ T5908] FAT-fs (loop1): Directory bread(block 39) failed [ 228.093156][ T5908] FAT-fs (loop1): Directory bread(block 40) failed [ 228.133841][ T5915] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c119, mo2=0002] [ 228.147768][ T5908] FAT-fs (loop1): Directory bread(block 41) failed [ 228.207270][ T5915] System zones: 0-2, 18-18, 34-35 [ 228.247411][ T5915] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.286050][ T5915] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 228.963643][ T5586] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.161913][ T5928] capability: warning: `syz.2.30' uses deprecated v2 capabilities in a way that may be insecure [ 229.988942][ T5937] loop2: detected capacity change from 0 to 1024 [ 230.012574][ T5937] EXT4-fs: Ignoring removed nobh option [ 230.048196][ T5937] EXT4-fs: Ignoring removed bh option [ 230.059977][ T5931] loop4: detected capacity change from 0 to 512 [ 230.101107][ T5937] EXT4-fs (loop2): stripe (17) is not aligned with cluster size (16), stripe is disabled [ 230.231386][ T5937] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.287671][ T5931] EXT4-fs error (device loop4): ext4_free_inode:354: comm syz.4.32: bit already cleared for inode 11 [ 230.370283][ T29] audit: type=1804 audit(1777967870.648:3): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.33" name="/newroot/12/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 230.391159][ T5931] loop4: lost filesystem error report for type 5 error -117 [ 230.396292][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 230.410404][ C1] EXT4-fs (loop4): initial error at time 1777967870: ext4_free_inode:354 [ 230.419160][ C1] EXT4-fs (loop4): last error at time 1777967870: ext4_free_inode:354 [ 230.419948][ T5937] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 230.534484][ T5931] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 230.600654][ T5931] loop4: lost filesystem error report for type 5 error -117 [ 230.604193][ T5942] batman_adv: batadv0: Adding interface: dummy0 [ 230.633693][ T5931] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 230.674875][ T5942] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 230.700477][ T5931] loop4: lost filesystem error report for type 5 error -117 [ 230.704057][ T5931] EXT4-fs (loop4): 1 orphan inode deleted [ 230.751800][ T5931] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.807020][ T5942] batman_adv: batadv0: Interface activated: dummy0 [ 230.954334][ T5943] net_ratelimit: 10 callbacks suppressed [ 230.954413][ T5943] batadv0: mtu less than device minimum [ 231.043610][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.057046][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.069908][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.079464][ T5582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.086546][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.102218][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.115298][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.128213][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.141279][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.154363][ T5943] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 231.263048][ T5586] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.815450][ T5949] loop4: detected capacity change from 0 to 512 [ 231.946986][ T5949] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.37: inode has both inline data and extents flags [ 232.096327][ T5949] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 232.105057][ T5949] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.37: couldn't read orphan inode 15 (err -117) [ 232.114840][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 232.114933][ C1] EXT4-fs (loop4): initial error at time 1777967872: ext4_orphan_get:1397: inode 15 [ 232.115106][ C1] EXT4-fs (loop4): last error at time 1777967872: ext4_orphan_get:1397: inode 15 [ 232.223426][ T5949] loop4: lost filesystem error report for type 5 error -117 [ 232.240134][ T5949] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.546077][ T5952] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.951299][ T5586] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.568952][ T5967] Zero length message leads to an empty skb [ 235.126617][ T5982] loop3: detected capacity change from 0 to 512 [ 235.255815][ T5982] EXT4-fs error (device loop3): ext4_free_inode:354: comm syz.3.47: bit already cleared for inode 11 [ 235.269893][ T5982] loop3: lost filesystem error report for type 5 error -117 [ 235.276274][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 235.290809][ C1] EXT4-fs (loop3): initial error at time 1777967875: ext4_free_inode:354 [ 235.299511][ C1] EXT4-fs (loop3): last error at time 1777967875: ext4_free_inode:354 [ 235.316048][ T5982] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 235.403598][ T5982] loop3: lost filesystem error report for type 5 error -117 [ 235.411997][ T5982] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 235.513727][ T5982] loop3: lost filesystem error report for type 5 error -117 [ 235.520894][ T5982] EXT4-fs (loop3): 1 orphan inode deleted [ 235.570469][ T5982] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.625657][ T5992] loop4: detected capacity change from 0 to 512 [ 235.712001][ T5992] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 235.922579][ T5992] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 235.946234][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 235.952917][ C1] EXT4-fs (loop4): initial error at time 1777967876: ext4_mb_generate_buddy:1317 [ 235.962371][ C1] EXT4-fs (loop4): last error at time 1777967876: ext4_mb_generate_buddy:1317 [ 235.994912][ T5992] Quota error (device loop4): write_blk: dquota write failed [ 236.065057][ T5992] Quota error (device loop4): find_free_dqentry: Can't write quota data block 5 [ 236.125014][ T5992] Quota error (device loop4): write_blk: dquota write failed [ 236.195241][ T5992] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 236.280588][ T5992] EXT4-fs error (device loop4): ext4_acquire_dquot:7034: comm syz.4.49: Failed to acquire dquot type 1 [ 236.338386][ T5576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.352909][ T5992] loop4: lost filesystem error report for type 5 error -28 [ 236.364981][ T5992] EXT4-fs (loop4): 1 truncate cleaned up [ 236.439350][ T5992] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.554454][ T5992] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 236.616490][ T5996] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 236.701945][ T5996] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 236.975374][ T6002] loop1: detected capacity change from 0 to 1024 [ 237.047422][ T6002] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 237.144202][ T6002] EXT4-fs error (device loop1): ext4_map_blocks:791: inode #3: block 2: comm syz.1.52: lblock 2 mapped to illegal pblock 2 (length 1) [ 237.163007][ T6002] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 237.163739][ T6002] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 237.173170][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 237.173260][ C1] EXT4-fs (loop1): initial error at time 1777967877: ext4_map_blocks:791: inode 3: block 2 [ 237.173469][ C1] EXT4-fs (loop1): last error at time 1777967877: ext4_map_blocks:791: inode 3: block 2 [ 237.208968][ T6002] EXT4-fs error (device loop1): ext4_map_blocks:791: inode #3: block 48: comm syz.1.52: lblock 0 mapped to illegal pblock 48 (length 1) [ 237.223787][ T6002] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 237.225057][ T6002] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 237.274037][ T5586] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.332162][ T6002] EXT4-fs error (device loop1): ext4_acquire_dquot:7034: comm syz.1.52: Failed to acquire dquot type 0 [ 237.409460][ T6002] loop1: lost filesystem error report for type 5 error -117 [ 237.413770][ T6002] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6383: Corrupt filesystem [ 237.561799][ T6002] loop1: lost filesystem error report for type 5 error -117 [ 237.562668][ T6002] EXT4-fs error (device loop1): ext4_evict_inode:267: inode #11: comm syz.1.52: mark_inode_dirty error [ 237.617347][ T6002] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 237.621363][ T6002] EXT4-fs warning (device loop1): ext4_evict_inode:270: couldn't mark inode dirty (err -117) [ 237.692806][ T6002] EXT4-fs (loop1): 1 orphan inode deleted [ 237.722967][ T6002] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.761073][ T35] EXT4-fs error (device loop1): ext4_map_blocks:791: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 237.815792][ T35] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 237.866849][ T35] EXT4-fs error (device loop1): ext4_release_dquot:7070: comm kworker/u8:2: Failed to release dquot type 0 [ 237.961347][ T6002] EXT4-fs error (device loop1): __ext4_get_inode_loc:4885: comm syz.1.52: Invalid inode table block 1 in block_group 0 [ 237.981547][ T6002] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6383: Corrupt filesystem [ 238.375319][ T5594] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.442607][ T6011] loop0: detected capacity change from 0 to 512 [ 238.505447][ T5594] EXT4-fs error (device loop1): __ext4_get_inode_loc:4885: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 238.591723][ T5594] loop1: lost filesystem error report for type 5 error -117 [ 238.593748][ T6011] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.55: inode has both inline data and extents flags [ 238.615774][ T5594] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6383: Corrupt filesystem [ 238.625960][ T5594] loop1: lost filesystem error report for type 5 error -117 [ 238.626862][ T6011] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 238.627603][ T5594] EXT4-fs error (device loop1): ext4_quota_off:7318: inode #3: comm syz-executor: mark_inode_dirty error [ 238.671446][ T5594] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 238.726317][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 238.742467][ C0] EXT4-fs (loop0): initial error at time 1777967879: ext4_orphan_get:1397: inode 15 [ 238.752219][ C0] EXT4-fs (loop0): last error at time 1777967879: ext4_orphan_get:1397: inode 15 [ 238.791650][ T6011] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.55: couldn't read orphan inode 15 (err -117) [ 238.849084][ T6011] loop0: lost filesystem error report for type 5 error -117 [ 238.863658][ T6011] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.541865][ T5575] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.652208][ T6029] loop1: detected capacity change from 0 to 512 [ 240.816778][ T6029] EXT4-fs error (device loop1): ext4_free_inode:354: comm syz.1.63: bit already cleared for inode 11 [ 240.937114][ T6029] loop1: lost filesystem error report for type 5 error -117 [ 240.942047][ T6029] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 240.949852][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 240.949939][ C1] EXT4-fs (loop1): initial error at time 1777967881: ext4_free_inode:354 [ 240.950059][ C1] EXT4-fs (loop1): last error at time 1777967881: ext4_free_inode:354 [ 241.069397][ T6029] loop1: lost filesystem error report for type 5 error -117 [ 241.073417][ T6029] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 241.094225][ T6036] ===================================================== [ 241.101816][ T6036] BUG: KMSAN: uninit-value in mptcp_established_options+0x112f/0x3530 [ 241.110524][ T6036] mptcp_established_options+0x112f/0x3530 [ 241.119087][ T6036] tcp_established_options+0x312/0xcc0 [ 241.127542][ T6036] __tcp_transmit_skb+0x5dc/0x5fe0 [ 241.132819][ T6036] __tcp_send_ack+0x967/0xad0 [ 241.142832][ T6036] tcp_send_ack+0x3d/0x60 [ 241.147493][ T6036] mptcp_subflow_shutdown+0x164/0x690 [ 241.153079][ T6036] mptcp_check_send_data_fin+0x31b/0x3d0 [ 241.159040][ T6036] __mptcp_close+0x860/0x1360 [ 241.163913][ T6036] mptcp_close+0x42/0x260 [ 241.168569][ T6036] inet_release+0x1ee/0x2a0 [ 241.173280][ T6036] sock_close+0xd6/0x2f0 [ 241.177945][ T6036] __fput+0x60e/0x1010 [ 241.182184][ T6036] ____fput+0x25/0x30 [ 241.188056][ T6036] task_work_run+0x208/0x2b0 [ 241.192825][ T6036] exit_to_user_mode_loop+0x306/0x1b60 [ 241.203724][ T6036] __do_fast_syscall_32+0x2c7/0x460 [ 241.211290][ T6036] do_fast_syscall_32+0x37/0x80 [ 241.216526][ T6036] do_SYSENTER_32+0x1f/0x30 [ 241.221248][ T6036] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 241.229558][ T6036] [ 241.231982][ T6036] Local variable opts created at: [ 241.237931][ T6036] __tcp_transmit_skb+0x4d/0x5fe0 [ 241.243136][ T6036] __tcp_send_ack+0x967/0xad0 [ 241.248122][ T6036] [ 241.250581][ T6036] CPU: 1 UID: 0 PID: 6036 Comm: syz.4.64 Tainted: G W syzkaller #0 PREEMPT(full) [ 241.261586][ T6036] Tainted: [W]=WARN [ 241.265492][ T6036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 241.275803][ T6036] ===================================================== [ 241.282981][ T6036] Disabling lock debugging due to kernel taint [ 241.357019][ T6029] loop1: lost filesystem error report for type 5 error -117 [ 241.363334][ T6029] EXT4-fs (loop1): 1 orphan inode deleted [ 241.402623][ T6036] Kernel panic - not syncing: kmsan.panic set ... [ 241.409331][ T6036] CPU: 1 UID: 0 PID: 6036 Comm: syz.4.64 Tainted: G B W syzkaller #0 PREEMPT(full) [ 241.420230][ T6036] Tainted: [B]=BAD_PAGE, [W]=WARN [ 241.425355][ T6036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 241.435539][ T6036] Call Trace: [ 241.438916][ T6036] [ 241.441951][ T6036] __dump_stack+0x26/0x30 [ 241.446502][ T6036] dump_stack_lvl+0x50/0x1c0 [ 241.451284][ T6036] ? dump_stack+0x12/0x25 [ 241.455768][ T6036] dump_stack+0x1e/0x25 [ 241.460125][ T6036] vpanic+0x7b4/0x1430 [ 241.464422][ T6036] panic+0x15d/0x160 [ 241.468554][ T6036] kmsan_report+0x31a/0x320 [ 241.473258][ T6036] ? __msan_warning+0x1b/0x30 [ 241.478105][ T6036] ? mptcp_established_options+0x112f/0x3530 [ 241.484263][ T6036] ? tcp_established_options+0x312/0xcc0 [ 241.490099][ T6036] ? __tcp_transmit_skb+0x5dc/0x5fe0 [ 241.495508][ T6036] ? __tcp_send_ack+0x967/0xad0 [ 241.500493][ T6036] ? tcp_send_ack+0x3d/0x60 [ 241.505179][ T6036] ? mptcp_subflow_shutdown+0x164/0x690 [ 241.510952][ T6036] ? mptcp_check_send_data_fin+0x31b/0x3d0 [ 241.516950][ T6036] ? __mptcp_close+0x860/0x1360 [ 241.521989][ T6036] ? mptcp_close+0x42/0x260 [ 241.526679][ T6036] ? inet_release+0x1ee/0x2a0 [ 241.531519][ T6036] ? sock_close+0xd6/0x2f0 [ 241.536171][ T6036] ? __fput+0x60e/0x1010 [ 241.540610][ T6036] ? ____fput+0x25/0x30 [ 241.544957][ T6036] ? task_work_run+0x208/0x2b0 [ 241.549899][ T6036] ? exit_to_user_mode_loop+0x306/0x1b60 [ 241.555728][ T6036] ? __do_fast_syscall_32+0x2c7/0x460 [ 241.561328][ T6036] ? do_fast_syscall_32+0x37/0x80 [ 241.566558][ T6036] ? do_SYSENTER_32+0x1f/0x30 [ 241.571408][ T6036] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 241.578081][ T6036] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 241.584775][ T6036] ? kmsan_get_metadata+0xf1/0x160 [ 241.590099][ T6036] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 241.596091][ T6036] ? mptcp_established_options+0xe1/0x3530 [ 241.602098][ T6036] ? filter_irq_stacks+0x49/0x190 [ 241.607290][ T6036] ? stack_depot_save_flags+0x35/0x790 [ 241.612967][ T6036] ? kmsan_get_metadata+0xf1/0x160 [ 241.618320][ T6036] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 241.624859][ T6036] ? kmsan_get_metadata+0xf1/0x160 [ 241.630191][ T6036] __msan_warning+0x1b/0x30 [ 241.634870][ T6036] mptcp_established_options+0x112f/0x3530 [ 241.640985][ T6036] tcp_established_options+0x312/0xcc0 [ 241.646695][ T6036] __tcp_transmit_skb+0x5dc/0x5fe0 [ 241.652018][ T6036] ? kmem_cache_alloc_node_noprof+0x3f5/0x12c0 [ 241.658412][ T6036] ? kmsan_get_metadata+0xf1/0x160 [ 241.663732][ T6036] ? kmsan_get_metadata+0xf1/0x160 [ 241.669047][ T6036] ? kmsan_get_metadata+0xf1/0x160 [ 241.674382][ T6036] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 241.680413][ T6036] ? __alloc_skb+0xb7d/0x1190 [ 241.685291][ T6036] __tcp_send_ack+0x967/0xad0 [ 241.690162][ T6036] tcp_send_ack+0x3d/0x60 [ 241.694674][ T6036] mptcp_subflow_shutdown+0x164/0x690 [ 241.700231][ T6036] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 241.706247][ T6036] mptcp_check_send_data_fin+0x31b/0x3d0 [ 241.712096][ T6036] __mptcp_close+0x860/0x1360 [ 241.716992][ T6036] ? __pfx_mptcp_close+0x10/0x10 [ 241.722151][ T6036] mptcp_close+0x42/0x260 [ 241.726659][ T6036] ? __pfx_mptcp_close+0x10/0x10 [ 241.731788][ T6036] inet_release+0x1ee/0x2a0 [ 241.736491][ T6036] ? __pfx_inet_release+0x10/0x10 [ 241.741724][ T6036] sock_close+0xd6/0x2f0 [ 241.746217][ T6036] ? __pfx_sock_close+0x10/0x10 [ 241.751268][ T6036] __fput+0x60e/0x1010 [ 241.755536][ T6036] ? __pfx_____fput+0x10/0x10 [ 241.760381][ T6036] ____fput+0x25/0x30 [ 241.764564][ T6036] task_work_run+0x208/0x2b0 [ 241.769326][ T6036] exit_to_user_mode_loop+0x306/0x1b60 [ 241.775071][ T6036] ? __ia32_sys_close_range+0x96/0xe0 [ 241.780643][ T6036] __do_fast_syscall_32+0x2c7/0x460 [ 241.786042][ T6036] do_fast_syscall_32+0x37/0x80 [ 241.791084][ T6036] do_SYSENTER_32+0x1f/0x30 [ 241.795752][ T6036] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 241.802308][ T6036] RIP: 0023:0xf7fd300c [ 241.806484][ T6036] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 241.826247][ T6036] RSP: 002b:00000000ff845cfc EFLAGS: 00000206 ORIG_RAX: 00000000000001b4 [ 241.834827][ T6036] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 241.842929][ T6036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 241.851033][ T6036] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 241.859572][ T6036] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 241.867675][ T6036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 241.875821][ T6036] [ 241.879633][ T6036] Kernel Offset: disabled [ 241.884041][ T6036] Rebooting in 86400 seconds..