last executing test programs: 2.424582143s ago: executing program 2 (id=631): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x17, 0x4) 2.397286467s ago: executing program 2 (id=632): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000013c0)=0xc) sendmmsg$unix(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)="aa", 0x1}], 0x1, &(0x7f0000000340)=[@cred={{0x1c, 0x1, 0x2, {r1, r2, r3}}}, @rights={{0x14, 0x1, 0x1, [r0]}}], 0x38, 0x40044}}], 0x1, 0x4) 2.332363617s ago: executing program 2 (id=633): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000306010200000000000000000a0000010500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x1840) 2.332034543s ago: executing program 2 (id=634): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x1100000000000000, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setreuid(r3, 0x0) chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0) 1.580337939s ago: executing program 0 (id=641): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01032757c38d085641a726"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840) 1.566011564s ago: executing program 0 (id=646): openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000580)='attr/exec\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) r1 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x69e5, 0x10000, 0x0, 0x295, 0x0, r0}, &(0x7f00000003c0)=0x0, &(0x7f0000001040)=0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000240), &(0x7f0000000280)=r5}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/9, 0x9}], 0x1}) io_uring_enter(r1, 0x567, 0xa1ff, 0x0, 0x0, 0x0) 1.393630682s ago: executing program 0 (id=650): r0 = socket$key(0xf, 0x3, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000400)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x1) 1.362430644s ago: executing program 0 (id=651): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) ioctl$sock_bt_hci(r0, 0x400448e4, 0x0) close(r0) 1.316263678s ago: executing program 0 (id=653): r0 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) request_key(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x0) 1.30557861s ago: executing program 1 (id=655): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000003c0)=0xe8, 0xfed3) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0xf) sendto$inet6(r0, 0x0, 0x0, 0x4000840, &(0x7f0000000240)={0xa, 0x4e23, 0x8be6, @mcast2}, 0x1c) 1.18415099s ago: executing program 1 (id=659): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0xa0142, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r3 = socket$kcm(0x29, 0x2, 0x0) r4 = socket$inet6(0xa, 0x803, 0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, &(0x7f0000000340), &(0x7f0000000300)=r6}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94) r8 = io_uring_setup(0x2e51, &(0x7f0000000680)={0x0, 0xb586, 0x8, 0xfffffffe, 0x3c1}) socket$nl_route(0x10, 0x3, 0x0) r9 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r9, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r9, 0x4) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r10}, &(0x7f0000000380), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r11}, 0x10) close_range(r8, r9, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x18) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r4, r2}) sendmmsg$inet(r3, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000001c0)='\x00', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)='\b', 0x1}], 0x1}}], 0x2, 0x4000) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000100)=""/145, 0x91}], 0x1, 0xb, 0x10000cb) write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2b, 'blkio'}, {0x2b, 'net_cls'}, {0x2b, 'rdma'}, {0x2d, 'devices'}, {0x2b, 'cpuacct'}, {0x2b, 'devices'}, {0x2b, 'devices'}, {0x0, 'net_prio'}, {0x2d, 'net_prio'}, {0x2b, 'cpuacct'}]}, 0x57) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r12}, 0x10) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) sendmmsg$inet6(r0, &(0x7f00000086c0)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x81, @mcast1, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000300)="b4f33d", 0x3}], 0x1}}], 0x2, 0x8000) 1.123912046s ago: executing program 4 (id=661): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, 0x0, 0x40) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000) 1.123720423s ago: executing program 3 (id=662): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./file0\x00', 0x2000414, &(0x7f0000000900)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESDEC, @ANYRESDEC, @ANYRES16], 0x1, 0x2a1, &(0x7f0000000540)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==") bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3000046, &(0x7f00000000c0), 0x5, 0x554, &(0x7f0000000f40)="$eJzs3c9rHOUbAPBnNkl/f79NoRQVkUAPVrSbJvFHBQ/1KFos6L0uyTSUbLoluylNLNge7MWLFEHEgnjXu8fiP+BfUdBCkRL04CUym5lm0+wm22bbbN3PBya878zsvvPsO8+bd3Z22QAG1lj2pxTxYkR8nUQcjogk3zYc+caxtf1WHlybzpYkVlc/+TNp7pfVi+cqHncwr7wQEb9+ub6+VX1pea5SraYLeX28MX95vL60fPLifGU2nU0vTU5NnX5ravLdd97uWayvnfv7u4/vfHD6q+Mr3/5878itJM7EoXxbaxw7cL21MhZjeewjceaRHSd60Fg/adfH9L+hPM9HIhsDDsdQnvXAf98XEbEKDKhE/sOAKuYBxbV9j66Dnxv331+7ANoc//DaeyOxr3ltdGAl2XBllF3vjvag/ayNX/64fStbonfvQwBs6/qNiDg1PLx5/Evy8e/Jnepin0fbMP7Bs3Mnm/+80W7+U3o4/4k285+DbXL3SWyf/6V7PWimo2z+917b+W+p2GV0KK/9rznnG0kuXKym2dj2/4g4ESN7s/pW93NOr9xd3bBi73qxdf6XLVn7xVwwP457w3s3Pt9MpVHZadyF+zciXmo7/00e9n/Spv+z1+Ncl20cS2+/0mnb9vE/Xas/Rrzatv/X72glW9+fHG+eD+PFWbHZXzeP/dap/d2OP+v/A1vHP5q03q+tP34bP+z7J+20bUP80f35vyf5tFnek6+7Wmk0FiYi9iQfbV4/uf7Yol7sn8V/4vjW41+7839/RHzWZfw3j/70clfx71L/zzxW/z9+4e6Hn3/fqf3uxr83m6UT+Zpuxr9uD3Anrx0AAAAAAAD0m1JEHIqkVH5YLpXK5bXPdxyNA6Vqrd54/UJt8dJMNL8rOxojpeJO9+GWz0NM5J+HLeqTj9SnIuJIRHwztL9ZL0/XqjO7HTwAAAAAAAAAAAAAAAAAAAD0iYMdvv+f+X1ot48OeOr85DcMrm3zvxe/9AT0Jf//YXDJfxhc8h8Gl/yHwSX/YXDJfxhc8h8Gl/wHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2rK48uDad1WeuLC3O1a6cnEnrc+X5xenydG3hcnm2VputpuXp2vx2z1et1S5PTMbi1fFGWm+M15eWz8/XFi81zl+cr8ym59ORZxIVAAAAAAAAAAAAAAAAAAAAPF/qS8tzlWo1XVBQeKLCcH8chkKPC7s9MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAun8DAAD//7utN4w=") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) socket$nl_route(0x10, 0x3, 0x0) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) 1.094396644s ago: executing program 1 (id=663): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa3e}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10) fremovexattr(0xffffffffffffffff, 0x0) 1.051201451s ago: executing program 3 (id=664): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000100), 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x80) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {0x3}, {}, {0x2, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x7, 0xfff1}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x4020080) close_range(r2, r2, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r10}, 0x10) syncfs(0xffffffffffffffff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x501100, 0x0) setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) 744.334611ms ago: executing program 1 (id=665): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') pread64(r1, &(0x7f0000000180)=""/15, 0xf, 0x40000000000000b6) 738.656763ms ago: executing program 1 (id=666): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', 0x0}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x18) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 713.002935ms ago: executing program 1 (id=667): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000180)={0x2, 0xac, 0x0, 0x3, 0x0, 0xa8, 0x0, 0x2, 0x1}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) set_mempolicy(0x6005, 0x0, 0x4) bpf$MAP_GET_NEXT_KEY(0x3, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000"], 0x0, 0xfa50, 0x0, 0x0, 0x0, 0x48}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) move_pages(r0, 0x6, &(0x7f0000000000)=[&(0x7f0000443000/0x1000)=nil, &(0x7f00007d3000/0x1000)=nil, &(0x7f0000166000/0x3000)=nil, &(0x7f0000023000/0x2000)=nil, &(0x7f00009b2000/0x3000)=nil, &(0x7f0000135000/0x3000)=nil], 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 608.187257ms ago: executing program 3 (id=668): socket$packet(0x11, 0x2, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x7}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x18) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x8, 0x1}, 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r8}, &(0x7f0000000240), &(0x7f00000006c0)=r4}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000540)={r9, r6, 0x25, 0x2, @val=@tracing={0x0, 0x2}}, 0x20) syz_emit_ethernet(0x16, &(0x7f0000000000)={@remote, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@llc={0x4, {@snap={0x1, 0xaa, "ce", "285b94", 0xf5}}}}}, 0x0) 550.817102ms ago: executing program 3 (id=669): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xf7}, 0x18) readahead(0xffffffffffffffff, 0x6, 0x0) 488.569813ms ago: executing program 0 (id=670): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000500)={'veth0_to_batadv\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x2, [{0x1000b, 0x2}, {0x7}]}}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x101801, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'\x00', 0x2}) 440.407861ms ago: executing program 3 (id=671): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{}, {0x0, 0x0, 0x1, 0x1}}], 0x10) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0) 405.03898ms ago: executing program 3 (id=672): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000001400)=ANY=[], 0x835, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r2, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x3b, 0x1) 288.556653ms ago: executing program 4 (id=673): r0 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0xac9e, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="20000000930701"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r3, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 140.251158ms ago: executing program 4 (id=674): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000040), &(0x7f0000000180)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000080)='./file0\x00', r0}, 0x18) 120.451107ms ago: executing program 4 (id=675): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000010c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd70000000000025000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880) 52.372544ms ago: executing program 2 (id=676): r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f00000190c0)=[@in6={0xa, 0x4e20, 0x10001, @initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}, 0x1}]}, &(0x7f0000000000)=0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec) 4.189909ms ago: executing program 4 (id=677): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x0) 3.995008ms ago: executing program 2 (id=678): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 0s ago: executing program 4 (id=679): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xb, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x46, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x2, 0x3, 0x38, 0x68, 0x0, 0xfe, 0x6, 0x0, @remote, @remote, {[@timestamp={0x44, 0x10, 0x9, 0x0, 0x3, [0x0, 0xfffffffd, 0x6]}]}}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x6079, 0x0, 0x4}}}}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts. [ 32.021095][ T6516] cgroup: Unknown subsys name 'net' [ 32.177376][ T6516] cgroup: Unknown subsys name 'cpuset' [ 32.179351][ T6516] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 32.327359][ T6516] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 34.668998][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 34.669662][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 34.669833][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 34.670542][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 34.670743][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 34.708072][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 34.708798][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 34.708994][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 34.709331][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 34.709521][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 34.743473][ T6526] chnl_net:caif_netlink_parms(): no params data found [ 34.789146][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 34.795437][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 34.796047][ T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 34.796382][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 34.796573][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 34.816148][ T6122] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 34.816664][ T6122] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 34.816817][ T6122] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 34.822275][ T6526] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.822983][ T6526] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.823079][ T6526] bridge_slave_0: entered allmulticast mode [ 34.823578][ T6526] bridge_slave_0: entered promiscuous mode [ 34.830154][ T6528] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 34.831675][ T6528] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 34.833379][ T6528] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 34.834787][ T6528] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 34.836115][ T6545] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 34.837150][ T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 34.837364][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 34.851556][ T6526] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.851640][ T6526] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.851729][ T6526] bridge_slave_1: entered allmulticast mode [ 34.852171][ T6526] bridge_slave_1: entered promiscuous mode [ 34.876343][ T6526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.884299][ T6526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.897840][ T6531] chnl_net:caif_netlink_parms(): no params data found [ 34.905209][ T6526] team0: Port device team_slave_0 added [ 34.913322][ T6526] team0: Port device team_slave_1 added [ 34.952785][ T6526] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.954018][ T6526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.956359][ T6526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.957407][ T6526] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.957417][ T6526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.957428][ T6526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.982057][ T6531] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.982171][ T6531] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.982231][ T6531] bridge_slave_0: entered allmulticast mode [ 34.982656][ T6531] bridge_slave_0: entered promiscuous mode [ 34.985122][ T6526] hsr_slave_0: entered promiscuous mode [ 34.985463][ T6526] hsr_slave_1: entered promiscuous mode [ 34.997572][ T6531] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.997645][ T6531] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.997707][ T6531] bridge_slave_1: entered allmulticast mode [ 34.998140][ T6531] bridge_slave_1: entered promiscuous mode [ 35.026212][ T6531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.027101][ T6531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.037395][ T6531] team0: Port device team_slave_0 added [ 35.039999][ T6531] team0: Port device team_slave_1 added [ 35.067955][ T6531] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.069309][ T6531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.073980][ T6531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.077859][ T6531] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.079042][ T6531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.083391][ T6531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.088182][ T6538] chnl_net:caif_netlink_parms(): no params data found [ 35.131312][ T6531] hsr_slave_0: entered promiscuous mode [ 35.132765][ T6531] hsr_slave_1: entered promiscuous mode [ 35.133999][ T6531] debugfs: 'hsr0' already exists in 'hsr' [ 35.135034][ T6531] Cannot create hsr debugfs directory [ 35.162433][ T6541] chnl_net:caif_netlink_parms(): no params data found [ 35.164941][ T6526] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 35.185116][ T6526] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 35.200221][ T6538] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.200272][ T6538] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.200336][ T6538] bridge_slave_0: entered allmulticast mode [ 35.200929][ T6538] bridge_slave_0: entered promiscuous mode [ 35.202115][ T6538] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.202182][ T6538] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.202233][ T6538] bridge_slave_1: entered allmulticast mode [ 35.202640][ T6538] bridge_slave_1: entered promiscuous mode [ 35.202961][ T6526] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 35.215025][ T6526] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 35.230888][ T6538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.234187][ T6542] chnl_net:caif_netlink_parms(): no params data found [ 35.240450][ T6538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.249961][ T6541] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.251283][ T6541] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.252447][ T6541] bridge_slave_0: entered allmulticast mode [ 35.253965][ T6541] bridge_slave_0: entered promiscuous mode [ 35.267948][ T6541] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.269275][ T6541] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.270090][ T6541] bridge_slave_1: entered allmulticast mode [ 35.270562][ T6541] bridge_slave_1: entered promiscuous mode [ 35.275005][ T6538] team0: Port device team_slave_0 added [ 35.276700][ T6538] team0: Port device team_slave_1 added [ 35.299170][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.299203][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.299216][ T6538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.299705][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.299711][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.299723][ T6538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.319554][ T6541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.331979][ T6541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.336920][ T6538] hsr_slave_0: entered promiscuous mode [ 35.338300][ T6538] hsr_slave_1: entered promiscuous mode [ 35.339495][ T6538] debugfs: 'hsr0' already exists in 'hsr' [ 35.340398][ T6538] Cannot create hsr debugfs directory [ 35.341496][ T6542] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.341824][ T6542] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.341930][ T6542] bridge_slave_0: entered allmulticast mode [ 35.342371][ T6542] bridge_slave_0: entered promiscuous mode [ 35.343008][ T6542] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.343024][ T6542] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.343069][ T6542] bridge_slave_1: entered allmulticast mode [ 35.343457][ T6542] bridge_slave_1: entered promiscuous mode [ 35.360726][ T6541] team0: Port device team_slave_0 added [ 35.366704][ T6542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.369421][ T6542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.371004][ T6541] team0: Port device team_slave_1 added [ 35.399246][ T6541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.399272][ T6541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.399285][ T6541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.400026][ T6541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.400033][ T6541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.400044][ T6541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.414234][ T6526] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.414288][ T6526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.414494][ T6526] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.414518][ T6526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.428741][ T6542] team0: Port device team_slave_0 added [ 35.429622][ T6542] team0: Port device team_slave_1 added [ 35.439336][ T6531] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 35.446444][ T6541] hsr_slave_0: entered promiscuous mode [ 35.447833][ T6541] hsr_slave_1: entered promiscuous mode [ 35.449195][ T6541] debugfs: 'hsr0' already exists in 'hsr' [ 35.450363][ T6541] Cannot create hsr debugfs directory [ 35.454669][ T6531] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 35.457988][ T6542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.458018][ T6542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.458034][ T6542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.458596][ T6542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.458603][ T6542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.458612][ T6542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.481718][ T6531] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 35.489082][ T6542] hsr_slave_0: entered promiscuous mode [ 35.490662][ T6542] hsr_slave_1: entered promiscuous mode [ 35.491858][ T6542] debugfs: 'hsr0' already exists in 'hsr' [ 35.492930][ T6542] Cannot create hsr debugfs directory [ 35.503958][ T6531] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 35.551045][ T6526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.571446][ T6538] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 35.582913][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.584598][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.595093][ T6526] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.596704][ T6538] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 35.598902][ T6538] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 35.611148][ T6538] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 35.618821][ T266] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.618867][ T266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.629448][ T266] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.629494][ T266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.665787][ T6541] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 35.676157][ T6541] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 35.697906][ T6538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.699583][ T6541] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 35.702553][ T6541] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 35.708475][ T6531] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.728105][ T6538] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.737840][ T6526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.739857][ T6531] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.755116][ T6542] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 35.758867][ T6542] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 35.761401][ T6542] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 35.764438][ T6542] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 35.767314][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.767359][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.767694][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.767709][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.769094][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.769111][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.769399][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.769413][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.774380][ T6531] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 35.774394][ T6531] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 35.794807][ T6526] veth0_vlan: entered promiscuous mode [ 35.810023][ T6526] veth1_vlan: entered promiscuous mode [ 35.831576][ T6526] veth0_macvtap: entered promiscuous mode [ 35.832845][ T6526] veth1_macvtap: entered promiscuous mode [ 35.835742][ T6526] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.842770][ T6526] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.859530][ T41] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.859751][ T41] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.859768][ T41] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.859781][ T41] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.890491][ T6538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.909292][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.909321][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.914065][ T6541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.919027][ T6541] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.929371][ T2050] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.929408][ T2050] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.935455][ T2050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.935484][ T2050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.939149][ T6531] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.944385][ T2050] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.944435][ T2050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.961971][ T6538] veth0_vlan: entered promiscuous mode [ 35.972907][ T6531] veth0_vlan: entered promiscuous mode [ 35.982915][ T6538] veth1_vlan: entered promiscuous mode [ 35.991559][ T6538] veth0_macvtap: entered promiscuous mode [ 35.998018][ T6538] veth1_macvtap: entered promiscuous mode [ 36.003898][ T6542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.014618][ T6531] veth1_vlan: entered promiscuous mode [ 36.017773][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.026575][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.032005][ T6542] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.033224][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.033368][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.033394][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.033416][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.040063][ T266] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.040103][ T266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.041483][ T6526] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 36.053265][ T266] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.053318][ T266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.095759][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.095799][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.101783][ T6541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.105545][ T31] audit: type=1400 audit(36.070:2): lsm=SMACK fn=smack_task_setioprio action=denied subject="w" object="_" requested=w pid=6624 comm="syz.0.1" opid=6624 ocomm="syz.0.1" [ 36.131273][ T6531] veth0_macvtap: entered promiscuous mode [ 36.142453][ T6628] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6'. [ 36.143040][ T6541] veth0_vlan: entered promiscuous mode [ 36.145778][ T2050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.145810][ T2050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.158574][ T6531] veth1_macvtap: entered promiscuous mode [ 36.163845][ T6541] veth1_vlan: entered promiscuous mode [ 36.177663][ T6632] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 36.191099][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.192016][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.204470][ T266] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.204534][ T266] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.204566][ T266] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.204595][ T266] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.219969][ T6541] veth0_macvtap: entered promiscuous mode [ 36.222948][ T6541] veth1_macvtap: entered promiscuous mode [ 36.234127][ T6541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.241332][ T6541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.251508][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.251538][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.261812][ T6542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.267618][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.267653][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.289101][ T2212] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.289159][ T2212] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.289186][ T2212] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.289206][ T2212] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.397532][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.397564][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.411110][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.411148][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.451846][ T6542] veth0_vlan: entered promiscuous mode [ 36.457262][ T6542] veth1_vlan: entered promiscuous mode [ 36.464648][ T6542] veth0_macvtap: entered promiscuous mode [ 36.470088][ T6542] veth1_macvtap: entered promiscuous mode [ 36.495432][ T6542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.502089][ T6542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.510826][ T266] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.511068][ T266] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.511094][ T266] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.511113][ T266] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.513326][ T6660] tc_dump_action: action bad kind [ 36.513594][ T6660] tc_dump_action: action bad kind [ 36.513635][ T6660] tc_dump_action: action bad kind [ 36.513677][ T6660] tc_dump_action: action bad kind [ 36.586582][ T6657] loop3: detected capacity change from 0 to 32768 [ 36.591841][ T6657] jfs: Bad value for 'errors' [ 36.596818][ T6664] macsec1: entered promiscuous mode [ 36.597812][ T6664] macsec1: entered allmulticast mode [ 36.601164][ T2166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.601200][ T2166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.639962][ T2050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.640004][ T2050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.648553][ T6668] overlayfs: failed to resolve './file0': -2 [ 36.747556][ T6122] Bluetooth: hci0: command tx timeout [ 36.747746][ T52] Bluetooth: hci1: command tx timeout [ 36.757012][ T6667] loop2: detected capacity change from 0 to 32768 [ 36.763992][ T6667] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.12 (6667) [ 36.770762][ T6667] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 36.772599][ T6667] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 36.818025][ T6686] syz.3.14 uses obsolete (PF_INET,SOCK_PACKET) [ 36.826698][ T52] Bluetooth: hci2: command tx timeout [ 36.849558][ T6667] BTRFS info (device loop2): turning off barriers [ 36.851171][ T6667] BTRFS info (device loop2): enabling free space tree [ 36.852725][ T6667] BTRFS info (device loop2): use zstd compression, level 3 [ 36.909630][ T52] Bluetooth: hci4: command tx timeout [ 36.909741][ T52] Bluetooth: hci3: command tx timeout [ 36.942083][ T6541] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 37.063686][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20'. [ 37.065476][ T6706] netlink: 16 bytes leftover after parsing attributes in process `syz.2.20'. [ 37.081648][ T6706] input: syz1 as /devices/virtual/input/input2 [ 37.136633][ T6708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21'. [ 37.155460][ T6695] loop3: detected capacity change from 0 to 32768 [ 37.173892][ T6695] ERROR: (device loop3): dbAdjCtl: Corrupt dmapctl page [ 37.173892][ T6695] [ 37.176576][ T6695] ERROR: (device loop3): remounting filesystem as read-only [ 37.178012][ T6695] ERROR: (device loop3): dbDiscardAG: -EIO [ 37.178012][ T6695] [ 37.250689][ T6702] loop4: detected capacity change from 0 to 32768 [ 37.277028][ T6719] loop0: detected capacity change from 0 to 128 [ 37.277283][ T6719] ======================================================= [ 37.277283][ T6719] WARNING: The mand mount option has been deprecated and [ 37.277283][ T6719] and is ignored by this kernel. Remove the mand [ 37.277283][ T6719] option from the mount to silence this warning. [ 37.277283][ T6719] ======================================================= [ 37.413041][ T6723] tipc: Started in network mode [ 37.413273][ T6723] tipc: Node identity 8edd3aceeacf, cluster identity 4711 [ 37.413683][ T6723] tipc: Enabled bearer , priority 0 [ 37.658487][ T6729] warning: `syz.0.23' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 37.696147][ T6723] syzkaller0: entered promiscuous mode [ 37.699761][ T6723] syzkaller0: entered allmulticast mode [ 37.979765][ T6723] tipc: Resetting bearer [ 37.994760][ T6723] netlink: 60 bytes leftover after parsing attributes in process `syz.1.25'. [ 37.994801][ T6723] netlink: 12 bytes leftover after parsing attributes in process `syz.1.25'. [ 38.000395][ T6722] tipc: Resetting bearer [ 38.012116][ T6722] tipc: Disabling bearer [ 38.158704][ T6744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30'. [ 38.193201][ T6734] loop3: detected capacity change from 0 to 32768 [ 38.245786][ T6734] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 38.303438][ T6758] loop0: detected capacity change from 0 to 512 [ 38.304193][ T6758] EXT4-fs: Ignoring removed i_version option [ 38.308961][ T6734] XFS (loop3): Ending clean mount [ 38.315441][ T6758] EXT4-fs (loop0): 1 orphan inode deleted [ 38.317280][ T6758] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.432844][ T6736] loop4: detected capacity change from 0 to 131072 [ 38.446515][ T6736] F2FS-fs (loop4): invalid crc value [ 38.465934][ T6736] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 38.470332][ T6736] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 38.510897][ T6738] loop1: detected capacity change from 0 to 32768 [ 38.529560][ T6747] loop2: detected capacity change from 0 to 32768 [ 38.529989][ T6747] btrfs: Deprecated parameter 'usebackuproot' [ 38.531619][ T6747] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 38.539086][ T6738] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.28 (6738) [ 38.550551][ T6747] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.31 (6747) [ 38.556973][ T6738] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 38.557045][ T6738] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 38.557152][ T6738] BTRFS error (device loop1): superblock checksum mismatch [ 38.557237][ T6738] BTRFS error (device loop1): open_ctree failed: -22 [ 38.568278][ T6747] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 38.568353][ T6747] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 38.575351][ T6738] capability: warning: `syz.1.28' uses 32-bit capabilities (legacy support in use) [ 38.585210][ T2166] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 38.585414][ T6747] BTRFS warning (device loop2): couldn't read tree root [ 38.585430][ T6747] BTRFS warning (device loop2): try to load backup roots slot 1 [ 38.585559][ T2166] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0 [ 38.587038][ T6747] BTRFS warning (device loop2): couldn't read tree root [ 38.587057][ T6747] BTRFS warning (device loop2): try to load backup roots slot 2 [ 38.596090][ T266] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 38.599844][ T6747] BTRFS warning (device loop2): couldn't read tree root [ 38.599884][ T6747] BTRFS warning (device loop2): try to load backup roots slot 3 [ 38.612085][ T6747] BTRFS info (device loop2): rebuilding free space tree [ 38.639939][ T6785] F2FS-fs (loop4): Corrupted max_depth of 3: 16842753 [ 38.644511][ T6747] BTRFS info (device loop2): checking UUID tree [ 38.649694][ T6747] BTRFS info (device loop2): enabling ssd optimizations [ 38.650506][ T6747] BTRFS info (device loop2): disabling tree log [ 38.650525][ T6747] BTRFS info (device loop2): enabling free space tree [ 38.650533][ T6747] BTRFS info (device loop2): force clearing of disk cache [ 38.650540][ T6747] BTRFS info (device loop2): doing ref verification [ 38.650546][ T6747] BTRFS info (device loop2): trying to use backup root at mount time [ 38.650552][ T6747] BTRFS info (device loop2): force lzo compression, level 0 [ 38.664259][ T6785] 9pnet_fd: Insufficient options for proto=fd [ 38.730508][ T6538] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 38.750023][ T6724] udevd[6724]: incorrect btrfs checksum on /dev/loop1 [ 38.826531][ T6122] Bluetooth: hci1: command tx timeout [ 38.830146][ T6541] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 38.905973][ T6122] Bluetooth: hci2: command tx timeout [ 38.986791][ T6122] Bluetooth: hci3: command tx timeout [ 38.986840][ T6122] Bluetooth: hci4: command tx timeout [ 39.154118][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.165625][ T6795] netlink: 'syz.3.33': attribute type 30 has an invalid length. [ 39.211662][ T6806] loop0: detected capacity change from 0 to 512 [ 39.238947][ T6806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.261210][ T6805] EXT4-fs (loop0): shut down requested (1) [ 39.359730][ T6809] loop3: detected capacity change from 0 to 2048 [ 39.379424][ T6809] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #2: comm syz.3.36: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 39.379997][ T6809] EXT4-fs (loop3): get root inode failed [ 39.380009][ T6809] EXT4-fs (loop3): mount failed [ 39.410659][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.439574][ T6809] loop3: detected capacity change from 0 to 4096 [ 39.551586][ T6818] loop0: detected capacity change from 0 to 4096 [ 39.831729][ T6834] netlink: 56 bytes leftover after parsing attributes in process `syz.2.44'. [ 39.848229][ T6818] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 39.850807][ T6818] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 39.988238][ T6844] loop0: detected capacity change from 0 to 256 [ 39.996936][ T6844] exfat: Deprecated parameter 'utf8' [ 40.019002][ T6844] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe649ead, utbl_chksum : 0xe619d30d) [ 40.170084][ T6851] loop4: detected capacity change from 0 to 32768 [ 40.173217][ T6851] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.42 (6851) [ 40.179334][ T6851] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 40.181193][ T6851] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 40.227490][ T6851] BTRFS info (device loop4): enabling ssd optimizations [ 40.228848][ T6851] BTRFS info (device loop4): enabling free space tree [ 40.402591][ T6830] loop3: detected capacity change from 0 to 131072 [ 40.540913][ T6877] netlink: 32 bytes leftover after parsing attributes in process `syz.3.49'. [ 40.572858][ T6878] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 40.814337][ T6542] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 40.823873][ T6887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.836820][ T6887] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.909434][ T52] Bluetooth: hci1: command tx timeout [ 40.924110][ T6893] loop0: detected capacity change from 0 to 512 [ 40.947629][ T6888] loop3: detected capacity change from 0 to 32768 [ 40.960038][ T6900] fuse: Bad value for 'fd' [ 40.961499][ T6888] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section members_v2: device 0: not enough buckets (got 0, max 64) [ 40.961499][ T6888] members_v2 (size 640): [ 40.961499][ T6888] member_bytes 0 [ 40.961589][ T6888] bcachefs: bch2_fs_get_tree() error: invalid_sb_members [ 40.987557][ T52] Bluetooth: hci2: command tx timeout [ 41.039723][ T6888] loop3: detected capacity change from 0 to 512 [ 41.047708][ T6888] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.047749][ T6888] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 41.066763][ T52] Bluetooth: hci4: command tx timeout [ 41.066804][ T52] Bluetooth: hci3: command tx timeout [ 41.072368][ T6888] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.50: invalid indirect mapped block 4294967295 (level 0) [ 41.073412][ T6888] EXT4-fs (loop3): Remounting filesystem read-only [ 41.073732][ T6888] EXT4-fs (loop3): 1 orphan inode deleted [ 41.073742][ T6888] EXT4-fs (loop3): 1 truncate cleaned up [ 41.074197][ T6888] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.108927][ T6538] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.257557][ T6907] loop0: detected capacity change from 0 to 32768 [ 41.263513][ T6907] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.55 (6907) [ 41.271460][ T6907] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 41.271520][ T6907] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 41.271536][ T6907] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 41.307624][ T6122] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 41.307667][ T6122] Bluetooth: hci0: Injecting HCI hardware error event [ 41.308096][ T6122] Bluetooth: hci0: hardware error 0x00 [ 41.339243][ T6907] BTRFS info (device loop0): rebuilding free space tree [ 41.360114][ T6911] loop2: detected capacity change from 0 to 32768 [ 41.364500][ T6907] BTRFS info (device loop0): disabling free space tree [ 41.364598][ T6907] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 41.364607][ T6907] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 41.370022][ T6907] BTRFS info (device loop0): enabling ssd optimizations [ 41.370056][ T6907] BTRFS info (device loop0): enabling disk space caching [ 41.370076][ T6907] BTRFS info (device loop0): force clearing of disk cache [ 41.370083][ T6907] BTRFS info (device loop0): enabling auto defrag [ 41.370091][ T6907] BTRFS info (device loop0): max_inline set to 0 [ 41.387991][ T6911] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 41.461226][ T6911] XFS (loop2): Ending clean mount [ 41.490812][ T6918] loop3: detected capacity change from 0 to 32768 [ 41.494658][ T6918] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.59 (6918) [ 41.501388][ T6918] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 41.501442][ T6918] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 41.531232][ T6526] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 41.539867][ T6913] loop4: detected capacity change from 0 to 131072 [ 41.560325][ T6918] BTRFS info (device loop3): rebuilding free space tree [ 41.563228][ T6913] F2FS-fs (loop4): Skip to start discard thread for readonly image [ 41.647055][ T6918] BTRFS info (device loop3): disabling free space tree [ 41.647107][ T6918] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 41.647131][ T6918] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 41.648925][ T6918] BTRFS info (device loop3): enabling ssd optimizations [ 41.648937][ T6918] BTRFS info (device loop3): force clearing of disk cache [ 41.648943][ T6918] BTRFS info (device loop3): enabling auto defrag [ 41.648949][ T6918] BTRFS info (device loop3): doing ref verification [ 41.657022][ T6913] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 41.667391][ T6913] F2FS-fs (loop4): Mounted with checkpoint version = 1b41e955 [ 41.909128][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909507][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909608][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909687][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909752][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909817][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909875][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909929][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.909987][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.910041][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.57'. [ 41.935039][ T6541] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 41.996696][ T6944] loop1: detected capacity change from 0 to 32768 [ 42.093423][ T6538] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 42.133460][ T6944] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow [ 42.133498][ T6944] allowing incompatible features above 0.0: (unknown version) [ 42.133517][ T6944] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 42.133528][ T6944] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 42.133553][ T6944] bcachefs (loop1): initializing new filesystem [ 42.135389][ T6944] bcachefs (loop1): going read-write [ 42.200072][ T6981] loop0: detected capacity change from 0 to 4096 [ 42.221675][ T6944] bcachefs (loop1): marking superblocks [ 42.255035][ T6944] bcachefs (loop1): initializing freespace [ 42.259290][ T6996] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 42.260548][ T6944] bcachefs (loop1): done initializing freespace [ 42.261716][ T6944] bcachefs (loop1): reading snapshots table [ 42.261742][ T6944] bcachefs (loop1): reading snapshots done [ 42.282882][ T6944] bcachefs (loop1): done starting filesystem [ 42.312890][ T6998] loop3: detected capacity change from 0 to 512 [ 42.322565][ T6981] syzkaller0: entered promiscuous mode [ 42.323663][ T6981] syzkaller0: entered allmulticast mode [ 42.328374][ T6998] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 42.328402][ T6998] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 42.337302][ T6998] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 42.337352][ T6998] System zones: 0-2, 18-18, 34-35 [ 42.339666][ T6998] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 42.344396][ T6944] netlink: 'syz.1.60': attribute type 1 has an invalid length. [ 42.363880][ T6998] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 42.369824][ T6998] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 42.371449][ T6531] bcachefs (loop1): shutting down [ 42.371500][ T6531] bcachefs (loop1): going read-only [ 42.371587][ T6531] bcachefs (loop1): finished waiting for writes to stop [ 42.372504][ T6998] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 42.380342][ T6998] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.64: bg 0: block 353: padding at end of block bitmap is not set [ 42.390686][ T6531] bcachefs (loop1): flushing journal and stopping allocators, journal seq 5 [ 42.421406][ T6531] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 7 [ 42.426450][ T6531] bcachefs (loop1): clean shutdown complete, journal seq 8 [ 42.427130][ T6531] bcachefs (loop1): marking filesystem clean [ 42.454366][ T6531] bcachefs (loop1): shutdown complete [ 42.878896][ T6538] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.944008][ T7020] loop0: detected capacity change from 0 to 512 [ 42.949991][ T7020] EXT4-fs: Ignoring removed nobh option [ 42.953795][ T7020] EXT4-fs (loop0): external journal device major/minor numbers have changed [ 42.964695][ T7020] EXT4-fs (loop0): failed to open journal device unknown-block(4,0) -6 [ 42.985947][ T6545] Bluetooth: hci1: command tx timeout [ 42.994365][ T7030] loop2: detected capacity change from 0 to 256 [ 43.005265][ T7030] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 43.050614][ T7030] tipc: Started in network mode [ 43.050659][ T7030] tipc: Node identity aaaaaaaaaa16, cluster identity 4711 [ 43.050836][ T7030] tipc: Enabled bearer , priority 10 [ 43.053662][ T7024] loop4: detected capacity change from 0 to 32768 [ 43.064983][ T7032] netlink: 'syz.0.77': attribute type 5 has an invalid length. [ 43.082922][ T7032] loop0: detected capacity change from 0 to 2048 [ 43.105523][ T7024] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 43.108616][ T7032] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 43.146004][ T6545] Bluetooth: hci3: command tx timeout [ 43.146042][ T7007] Bluetooth: hci4: command tx timeout [ 43.210983][ T6542] ocfs2: Unmounting device (7,4) on (node local) [ 43.435279][ T7049] loop0: detected capacity change from 0 to 2048 [ 43.448525][ T7041] qrtr: Invalid version 255 [ 43.460635][ T7049] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 43.466465][ T6122] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 43.473216][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 43.564369][ T7055] loop2: detected capacity change from 0 to 128 [ 43.644097][ T7057] netlink: 'syz.2.84': attribute type 27 has an invalid length. [ 43.680690][ T7057] tipc: Resetting bearer [ 43.737771][ T7057] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.738289][ T7057] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.744914][ T7063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 43.746947][ T7063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.768925][ T7065] loop3: detected capacity change from 0 to 512 [ 43.796594][ T7065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.824155][ T6538] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.914347][ T7063] loop1: detected capacity change from 0 to 40427 [ 43.917477][ T7063] F2FS-fs (loop1): invalid crc value [ 43.949093][ T7063] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 43.951840][ T7063] F2FS-fs (loop1): Start checkpoint disabled! [ 43.963142][ T7063] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 44.013206][ T7057] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.015595][ T7057] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.097323][ T6580] tipc: Node number set to 12364458 [ 44.569316][ T7057] macsec1: left promiscuous mode [ 44.569351][ T7057] macsec1: left allmulticast mode [ 44.571067][ T7069] syz_tun: entered allmulticast mode [ 44.573236][ T7069] syz_tun: left allmulticast mode [ 44.576182][ T2050] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.579500][ T2050] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.579562][ T2050] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.579584][ T2050] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.598138][ T31] audit: type=1326 audit(44.570:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7091 comm="syz.2.93" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 44.598326][ T31] audit: type=1326 audit(44.570:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7091 comm="syz.2.93" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 44.598494][ T31] audit: type=1326 audit(44.570:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7091 comm="syz.2.93" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=439 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 44.598582][ T31] audit: type=1326 audit(44.570:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7091 comm="syz.2.93" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 44.598643][ T31] audit: type=1326 audit(44.570:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7091 comm="syz.2.93" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 44.630963][ T31] audit: type=1326 audit(44.600:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.2.94" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x0 [ 44.750974][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.750974][ T41] loop1: rw=1, sector=77824, nr_sectors = 8 limit=40427 [ 44.754075][ T7112] IPv6: Can't replace route, no match found [ 44.761720][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.761720][ T41] loop1: rw=1, sector=77832, nr_sectors = 2056 limit=40427 [ 44.770820][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.770820][ T41] loop1: rw=1, sector=79888, nr_sectors = 2032 limit=40427 [ 44.773868][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.773868][ T41] loop1: rw=1, sector=49152, nr_sectors = 8 limit=40427 [ 44.786116][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.786116][ T41] loop1: rw=1, sector=49160, nr_sectors = 2048 limit=40427 [ 44.793601][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.793601][ T41] loop1: rw=1, sector=51208, nr_sectors = 2040 limit=40427 [ 44.797102][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.797102][ T41] loop1: rw=1, sector=57344, nr_sectors = 8 limit=40427 [ 44.804331][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.804331][ T41] loop1: rw=1, sector=57352, nr_sectors = 2104 limit=40427 [ 44.813608][ T41] kworker/u8:2: attempt to access beyond end of device [ 44.813608][ T41] loop1: rw=1, sector=59456, nr_sectors = 1960 limit=40427 [ 44.822850][ T2166] kworker/u8:7: attempt to access beyond end of device [ 44.822850][ T2166] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 44.827391][ T2166] CPU: 1 UID: 0 PID: 2166 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT [ 44.827418][ T2166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 44.827424][ T2166] Workqueue: writeback wb_workfn (flush-7:1) [ 44.827447][ T2166] Call trace: [ 44.827451][ T2166] show_stack+0x2c/0x3c (C) [ 44.827461][ T2166] __dump_stack+0x30/0x40 [ 44.827467][ T2166] dump_stack_lvl+0xd8/0x12c [ 44.827472][ T2166] dump_stack+0x1c/0x28 [ 44.827476][ T2166] f2fs_handle_critical_error+0x34c/0x4b8 [ 44.827483][ T2166] f2fs_stop_checkpoint+0x5c/0x70 [ 44.827489][ T2166] f2fs_write_end_io+0x768/0xa70 [ 44.827495][ T2166] bio_endio+0x858/0x894 [ 44.827502][ T2166] submit_bio_noacct+0x158/0x177c [ 44.827508][ T2166] submit_bio+0x3b4/0x550 [ 44.827512][ T2166] f2fs_submit_write_bio+0x13c/0x324 [ 44.827518][ T2166] __submit_merged_bio+0x254/0x704 [ 44.827523][ T2166] __submit_merged_write_cond+0x23c/0x4ac [ 44.827529][ T2166] f2fs_write_data_pages+0x1d28/0x2634 [ 44.827535][ T2166] do_writepages+0x270/0x468 [ 44.827542][ T2166] __writeback_single_inode+0x15c/0x13e8 [ 44.827548][ T2166] writeback_sb_inodes+0x55c/0xe40 [ 44.827554][ T2166] wb_writeback+0x3cc/0xd70 [ 44.827560][ T2166] wb_workfn+0x338/0xdc0 [ 44.827565][ T2166] process_one_work+0x7e8/0x155c [ 44.827571][ T2166] worker_thread+0x958/0xed8 [ 44.827575][ T2166] kthread+0x5fc/0x75c [ 44.827581][ T2166] ret_from_fork+0x10/0x20 [ 44.852481][ T2166] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 44.895353][ T31] audit: type=1326 audit(44.860:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7117 comm="syz.0.107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 44.895400][ T31] audit: type=1326 audit(44.860:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7117 comm="syz.0.107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 44.895417][ T31] audit: type=1326 audit(44.860:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7117 comm="syz.0.107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 44.895432][ T31] audit: type=1326 audit(44.860:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7117 comm="syz.0.107" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 45.101577][ T7137] loop3: detected capacity change from 0 to 128 [ 45.101990][ T7137] msdos: Unknown parameter 'dosn4r1xfloppy' [ 45.490967][ T7155] netlink: 'syz.0.123': attribute type 21 has an invalid length. [ 45.551560][ T7159] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 45.733179][ T7169] loop0: detected capacity change from 0 to 512 [ 45.749247][ T7169] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 45.761795][ T7169] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.130: bg 0: block 4: invalid block bitmap [ 45.764697][ T7169] EXT4-fs (loop0): Remounting filesystem read-only [ 45.764936][ T7169] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 45.764990][ T7169] EXT4-fs (loop0): 1 truncate cleaned up [ 45.765470][ T7169] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.790812][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.800497][ T7172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 45.800680][ T7172] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 45.864955][ T7174] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.916539][ T7174] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.966127][ T7174] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.043260][ T7174] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.081568][ T7194] Driver unsupported XDP return value 0 on prog (id 10) dev N/A, expect packet loss! [ 46.132138][ T2212] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.141378][ T2212] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.148290][ T41] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.173504][ T2166] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.316860][ T7209] : renamed from wg2 (while UP) [ 46.322322][ T7201] tipc: Enabled bearer , priority 10 [ 46.549474][ T7223] vhci_hcd: invalid port number 255 [ 46.622543][ T3928] kernel write not supported for file /40/attr/exec (pid: 3928 comm: kworker/0:2) [ 46.638912][ T7236] loop4: detected capacity change from 0 to 1024 [ 46.675298][ T7236] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.684558][ T7240] syzkaller0: entered promiscuous mode [ 46.684596][ T7240] syzkaller0: entered allmulticast mode [ 46.701090][ T6542] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.435943][ T6529] tipc: Node number set to 1678916302 [ 47.442520][ C0] vxcan0: j1939_tp_rxtimer: 0x00000000574e61c8: rx timeout, send abort [ 47.443455][ C0] vxcan0: j1939_xtp_rx_abort_one: 0x00000000574e61c8: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 47.813802][ T7297] loop3: detected capacity change from 0 to 8192 [ 47.934956][ T7310] __nla_validate_parse: 29 callbacks suppressed [ 47.938717][ T7310] netlink: 12 bytes leftover after parsing attributes in process `syz.3.191'. [ 48.043686][ T7327] syz.3.200 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 48.102997][ T7331] netlink: 'syz.4.199': attribute type 27 has an invalid length. [ 48.124259][ T7331] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.124410][ T7331] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.155655][ T7328] loop4: detected capacity change from 0 to 128 [ 48.262149][ T7337] loop2: detected capacity change from 0 to 8192 [ 48.308037][ T7342] loop0: detected capacity change from 0 to 512 [ 48.324551][ T7342] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.336543][ T7331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.338667][ T7331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.403237][ T7351] netlink: 12 bytes leftover after parsing attributes in process `syz.3.204'. [ 48.403288][ T7351] netlink: 12 bytes leftover after parsing attributes in process `syz.3.204'. [ 48.892886][ T7351] bridge0: port 3(vlan2) entered blocking state [ 48.893168][ T7351] bridge0: port 3(vlan2) entered disabled state [ 48.893244][ T7351] vlan2: entered allmulticast mode [ 48.893252][ T7351] bridge0: entered allmulticast mode [ 48.897688][ T7351] vlan2: left allmulticast mode [ 48.897710][ T7351] bridge0: left allmulticast mode [ 48.962623][ T41] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.962687][ T41] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.962727][ T41] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.962750][ T41] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.068176][ T24] cfg80211: failed to load regulatory.db [ 49.119863][ T7385] syzkaller0: entered promiscuous mode [ 49.119902][ T7385] syzkaller0: entered allmulticast mode [ 49.165280][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.351537][ T7400] loop2: detected capacity change from 0 to 4096 [ 49.352020][ T7400] EXT4-fs: Ignoring removed nomblk_io_submit option [ 49.372922][ T7400] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.653532][ T7417] netlink: 5 bytes leftover after parsing attributes in process `syz.3.233'. [ 49.703003][ T6541] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.032257][ T7394] IPVS: Error joining to the multicast group [ 50.034437][ T7417] 0XD: renamed from gretap0 (while UP) [ 50.037038][ T7417] 0XD: entered allmulticast mode [ 50.038761][ T7417] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 50.286478][ T7432] capability: warning: `syz.0.240' uses deprecated v2 capabilities in a way that may be insecure [ 50.352754][ T7442] loop0: detected capacity change from 0 to 1764 [ 50.386640][ T31] kauditd_printk_skb: 91 callbacks suppressed [ 50.386679][ T31] audit: type=1326 audit(50.360:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7443 comm="syz.3.245" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffa775c068 code=0x0 [ 50.440753][ T7448] loop9: detected capacity change from 0 to 7 [ 50.441227][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441277][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441310][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441342][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441378][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441412][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441443][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441463][ T7448] ldm_validate_partition_table(): Disk read failed. [ 50.441479][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441506][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441533][ T7448] Buffer I/O error on dev loop9, logical block 0, async page read [ 50.441576][ T7448] Dev loop9: unable to read RDB block 0 [ 50.441652][ T7448] loop9: unable to read partition table [ 50.441711][ T7448] loop9: partition table beyond EOD, truncated [ 50.441719][ T7448] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 50.441719][ T7448] ) failed (rc=-5) [ 50.706603][ T31] audit: type=1326 audit(50.680:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7469 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.706641][ T31] audit: type=1326 audit(50.680:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7469 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.707297][ T31] audit: type=1326 audit(50.680:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7469 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=54 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.707460][ T31] audit: type=1326 audit(50.680:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7469 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.707535][ T31] audit: type=1326 audit(50.680:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7469 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.746613][ T31] audit: type=1326 audit(50.720:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7474 comm="syz.2.260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.746669][ T31] audit: type=1326 audit(50.720:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7474 comm="syz.2.260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.746689][ T31] audit: type=1326 audit(50.720:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7474 comm="syz.2.260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.746704][ T31] audit: type=1326 audit(50.720:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7474 comm="syz.2.260" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 50.853666][ T7480] loop2: detected capacity change from 0 to 1024 [ 50.861025][ T7482] syzkaller1: entered promiscuous mode [ 50.862375][ T7482] syzkaller1: entered allmulticast mode [ 50.875109][ T7480] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.263: Failed to acquire dquot type 0 [ 50.884748][ T7480] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 50.884988][ T7480] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.263: corrupted inode contents [ 50.887410][ T7480] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #13: comm syz.2.263: mark_inode_dirty error [ 50.887655][ T7480] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.263: corrupted inode contents [ 50.887785][ T7480] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #13: comm syz.2.263: mark_inode_dirty error [ 50.887900][ T7480] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.263: corrupted inode contents [ 50.888117][ T7480] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 50.888261][ T7480] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.263: corrupted inode contents [ 50.888360][ T7480] EXT4-fs error (device loop2): ext4_truncate:4666: inode #13: comm syz.2.263: mark_inode_dirty error [ 50.888848][ T7480] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 50.890306][ T7480] EXT4-fs (loop2): 1 truncate cleaned up [ 50.890755][ T7480] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.912423][ T6541] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.931348][ T7488] netlink: 24 bytes leftover after parsing attributes in process `syz.4.265'. [ 50.951145][ T7493] netlink: 20 bytes leftover after parsing attributes in process `syz.2.266'. [ 50.963987][ T7495] loop4: detected capacity change from 0 to 512 [ 50.989635][ T7495] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.008339][ T7499] netlink: 'syz.2.269': attribute type 3 has an invalid length. [ 51.039849][ T6542] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.098744][ T7515] loop0: detected capacity change from 0 to 128 [ 51.233345][ T7534] netlink: 32 bytes leftover after parsing attributes in process `syz.0.286'. [ 51.248594][ T7538] netlink: 4 bytes leftover after parsing attributes in process `syz.4.287'. [ 51.311824][ T7538] team0 (unregistering): Port device team_slave_0 removed [ 51.314281][ T7538] team0 (unregistering): Port device team_slave_1 removed [ 51.323183][ T7542] netlink: 'syz.2.289': attribute type 7 has an invalid length. [ 51.323217][ T7542] netlink: 8 bytes leftover after parsing attributes in process `syz.2.289'. [ 51.348548][ T7547] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.445062][ T7556] netlink: 36 bytes leftover after parsing attributes in process `syz.0.295'. [ 51.450588][ T7547] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.489516][ T7562] loop0: detected capacity change from 0 to 1024 [ 51.513153][ T7562] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.524887][ T7547] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.530073][ T7562] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.298: Allocating blocks 385-513 which overlap fs metadata [ 51.536606][ T7561] EXT4-fs (loop0): pa 00000000c56588b7: logic 16, phys. 129, len 24 [ 51.536636][ T7561] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 51.558044][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.595414][ T7547] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.634396][ T7569] loop0: detected capacity change from 0 to 512 [ 51.651305][ T7569] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 51.661590][ T7569] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.300: Failed to acquire dquot type 1 [ 51.667127][ T7569] EXT4-fs (loop0): 1 truncate cleaned up [ 51.667608][ T7569] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.690470][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.711218][ T2093] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.741815][ T2093] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.745553][ T2093] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.747258][ T2093] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.993159][ T7603] hub 6-0:1.0: USB hub found [ 51.995575][ T7603] hub 6-0:1.0: 8 ports detected [ 52.082926][ T7617] loop1: detected capacity change from 0 to 256 [ 52.083400][ T7617] vfat: Unknown parameter 'fs' [ 52.738922][ T7654] loop3: detected capacity change from 0 to 1024 [ 52.768742][ T7654] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 52.789501][ T6538] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 52.828323][ T7664] ieee802154 phy0 wpan0: encryption failed: -22 [ 52.844078][ T6518] udevd[6518]: inotify_add_watch(7, /dev/loop3, 10) failed: No such file or directory [ 52.851561][ T7664] Zero length message leads to an empty skb [ 53.172275][ T7703] serio: Serial port ptm0 [ 53.190947][ T7707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.359'. [ 53.260683][ T7716] loop2: detected capacity change from 0 to 128 [ 53.842211][ T7750] loop0: detected capacity change from 0 to 164 [ 53.859479][ T7750] rock: directory entry would overflow storage [ 53.859506][ T7750] rock: sig=0x66, size=4, remaining=3 [ 53.944447][ T7763] netlink: 16 bytes leftover after parsing attributes in process `syz.1.383'. [ 54.059876][ T7778] tipc: Enabled bearer , priority 0 [ 54.061595][ T7778] syzkaller0: entered promiscuous mode [ 54.062694][ T7778] syzkaller0: entered allmulticast mode [ 54.074789][ T7778] tipc: Resetting bearer [ 54.094281][ T7777] tipc: Resetting bearer [ 54.112081][ T7777] tipc: Disabling bearer [ 54.143701][ T7785] loop1: detected capacity change from 0 to 1024 [ 54.160812][ T7785] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.180599][ T6531] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.331579][ T7808] loop2: detected capacity change from 0 to 1024 [ 54.336536][ T7808] EXT4-fs: Ignoring removed mblk_io_submit option [ 54.336566][ T7808] EXT4-fs: Ignoring removed bh option [ 54.336581][ T7808] ext3: Unknown parameter 'subj_type' [ 54.347227][ T7808] mmap: syz.2.405 (7808) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 54.467439][ T7818] netlink: 16 bytes leftover after parsing attributes in process `syz.2.409'. [ 54.475723][ T7824] loop4: detected capacity change from 0 to 512 [ 54.494567][ T7827] netlink: 28 bytes leftover after parsing attributes in process `syz.2.414'. [ 54.494601][ T7827] netlink: 28 bytes leftover after parsing attributes in process `syz.2.414'. [ 54.513519][ T7824] EXT4-fs (loop4): too many log groups per flexible block group [ 54.513667][ T7824] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 54.513773][ T7824] EXT4-fs (loop4): mount failed [ 54.518095][ T7829] netlink: 80 bytes leftover after parsing attributes in process `syz.1.413'. [ 54.782435][ T7839] loop2: detected capacity change from 0 to 512 [ 54.788740][ T7839] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 54.804197][ T7839] EXT4-fs (loop2): 1 truncate cleaned up [ 54.804669][ T7839] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.843640][ T7846] loop4: detected capacity change from 0 to 164 [ 54.854875][ T7846] process 'syz.4.419' launched '/dev/fd/5' with NULL argv: empty string added [ 54.860555][ T7846] syz.4.419: attempt to access beyond end of device [ 54.860555][ T7846] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 54.860720][ T7846] syz.4.419: attempt to access beyond end of device [ 54.860720][ T7846] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 54.890617][ T6541] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.004606][ T7864] vhci_hcd: invalid port number 96 [ 55.004643][ T7864] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 55.864614][ T31] kauditd_printk_skb: 91 callbacks suppressed [ 55.864646][ T31] audit: type=1326 audit(55.830:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7880 comm="syz.2.434" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 55.865073][ T31] audit: type=1326 audit(55.830:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7880 comm="syz.2.434" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 55.875141][ T31] audit: type=1326 audit(55.840:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7880 comm="syz.2.434" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=24 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 55.875183][ T31] audit: type=1326 audit(55.840:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7880 comm="syz.2.434" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 55.875199][ T31] audit: type=1326 audit(55.840:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7880 comm="syz.2.434" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb915c068 code=0x7ffc0000 [ 56.086557][ T7899] netlink: 'syz.2.441': attribute type 10 has an invalid length. [ 56.095655][ T7899] team0: Port device dummy0 added [ 56.434981][ T7915] loop1: detected capacity change from 0 to 512 [ 56.468751][ T31] audit: type=1326 audit(56.440:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.0.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 56.468796][ T31] audit: type=1326 audit(56.440:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.0.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 56.472651][ T31] audit: type=1326 audit(56.440:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.0.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=221 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 56.472685][ T31] audit: type=1326 audit(56.440:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.0.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 56.472699][ T31] audit: type=1326 audit(56.440:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.0.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9295c068 code=0x7ffc0000 [ 56.483053][ T7915] EXT4-fs (loop1): 1 orphan inode deleted [ 56.483487][ T7915] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.500013][ T41] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:2: Failed to release dquot type 1 [ 56.504048][ T6531] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.919747][ T7956] netlink: 8 bytes leftover after parsing attributes in process `syz.2.467'. [ 56.921319][ T7956] netlink: 312 bytes leftover after parsing attributes in process `syz.2.467'. [ 56.921366][ T7956] netlink: 8 bytes leftover after parsing attributes in process `syz.2.467'. [ 56.976928][ T7960] loop2: detected capacity change from 0 to 512 [ 56.984525][ T7960] EXT4-fs: Ignoring removed nobh option [ 57.003855][ T7960] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.469: corrupted inode contents [ 57.020985][ T7960] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #3: comm syz.2.469: mark_inode_dirty error [ 57.042216][ T7960] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.469: corrupted inode contents [ 57.045600][ T7960] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.469: mark_inode_dirty error [ 57.088447][ T7960] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.469: Failed to acquire dquot type 0 [ 57.102694][ T7960] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.469: corrupted inode contents [ 57.104875][ T7960] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #16: comm syz.2.469: mark_inode_dirty error [ 57.105110][ T7960] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.469: corrupted inode contents [ 57.105235][ T7960] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.469: mark_inode_dirty error [ 57.105362][ T7960] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.469: corrupted inode contents [ 57.105468][ T7960] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 57.105573][ T7960] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.469: corrupted inode contents [ 57.105673][ T7960] EXT4-fs error (device loop2): ext4_truncate:4666: inode #16: comm syz.2.469: mark_inode_dirty error [ 57.105773][ T7960] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 57.122955][ T7960] EXT4-fs (loop2): 1 truncate cleaned up [ 57.124471][ T7960] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.150725][ T7969] loop0: detected capacity change from 0 to 512 [ 57.175457][ T6541] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.178458][ T7969] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.180415][ T7969] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.470: bg 0: block 248: padding at end of block bitmap is not set [ 57.183745][ T7969] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.470: Failed to acquire dquot type 1 [ 57.185549][ T7969] EXT4-fs (loop0): 1 truncate cleaned up [ 57.201403][ T7969] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 57.457129][ T6529] IPVS: starting estimator thread 0... [ 57.462965][ T7987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.478'. [ 57.492363][ T7989] loop2: detected capacity change from 0 to 128 [ 57.493464][ T7991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.493613][ T7991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.498013][ T7989] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 57.502467][ T7989] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 57.576714][ T7986] IPVS: using max 69 ests per chain, 165600 per kthread [ 57.603263][ T7999] can0: slcan on ttyS3. [ 57.656965][ T7998] can0 (unregistered): slcan off ttyS3. [ 57.940695][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.320288][ T8072] pimreg: entered allmulticast mode [ 58.323982][ T8072] pimreg: left allmulticast mode [ 58.505484][ T8085] __nla_validate_parse: 1 callbacks suppressed [ 58.507290][ T8085] netlink: 48 bytes leftover after parsing attributes in process `syz.0.511'. [ 59.419939][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.523'. [ 59.535390][ T8115] tipc: Enabled bearer , priority 0 [ 59.542948][ T8114] tipc: Resetting bearer [ 60.074720][ T8165] loop4: detected capacity change from 0 to 764 [ 60.095479][ T8165] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 60.180230][ T8171] loop4: detected capacity change from 0 to 128 [ 60.183640][ T8171] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 60.439630][ T8114] tipc: Disabling bearer [ 60.450141][ T266] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 60.557908][ T8183] loop4: detected capacity change from 0 to 8192 [ 60.593120][ T8189] loop1: detected capacity change from 0 to 512 [ 60.668266][ T8189] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.746166][ T6531] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.032057][ T8225] tipc: Enabled bearer , priority 0 [ 61.033111][ T8225] syzkaller0: entered promiscuous mode [ 61.033129][ T8225] syzkaller0: entered allmulticast mode [ 61.038678][ T8225] tipc: Resetting bearer [ 61.040971][ T8224] tipc: Resetting bearer [ 61.061055][ T8224] tipc: Disabling bearer [ 61.162225][ T31] kauditd_printk_skb: 81 callbacks suppressed [ 61.162262][ T31] audit: type=1326 audit(61.130:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.167879][ T31] audit: type=1326 audit(61.140:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.171777][ T31] audit: type=1326 audit(61.140:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.176910][ T31] audit: type=1326 audit(61.150:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.181423][ T31] audit: type=1326 audit(61.150:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.185583][ T31] audit: type=1326 audit(61.150:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.190479][ T31] audit: type=1326 audit(61.160:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.194199][ T31] audit: type=1326 audit(61.160:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.198818][ T31] audit: type=1326 audit(61.160:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.198884][ T31] audit: type=1326 audit(61.160:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.1.578" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8e75c068 code=0x7ffc0000 [ 61.374261][ T8245] vhci_hcd: invalid port number 96 [ 61.374305][ T8245] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 61.617785][ T8263] loop2: detected capacity change from 0 to 512 [ 61.635261][ T8263] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 61.647086][ T8263] EXT4-fs (loop2): 1 truncate cleaned up [ 61.647574][ T8263] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.763786][ T8272] netlink: 16 bytes leftover after parsing attributes in process `+}[@'. [ 61.823879][ T8276] loop1: detected capacity change from 0 to 128 [ 61.827657][ T8276] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 61.838220][ T8276] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 61.854761][ T41] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 61.943528][ T8283] macvtap0: refused to change device tx_queue_len [ 62.131150][ T8298] rdma_op 00000000f2ce6d9c conn xmit_rdma 0000000000000000 [ 62.153313][ T8300] netlink: 272 bytes leftover after parsing attributes in process `syz.0.607'. [ 62.442031][ T8308] loop0: detected capacity change from 0 to 512 [ 62.450450][ T8308] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 62.470372][ T8308] EXT4-fs (loop0): 1 truncate cleaned up [ 62.475517][ T8308] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.679004][ T8313] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.899880][ T8313] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.955405][ T6541] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.031505][ T8313] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.036662][ T8322] loop2: detected capacity change from 0 to 512 [ 63.074240][ T8322] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: inode #11: comm syz.2.613: missing EA_INODE flag [ 63.085084][ T8322] EXT4-fs error (device loop2): ext4_xattr_inode_iget:442: comm syz.2.613: error while reading EA inode 11 err=-117 [ 63.088154][ T8322] EXT4-fs (loop2): 1 orphan inode deleted [ 63.088618][ T8322] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.115729][ T8313] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.129491][ T6541] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.137842][ T8328] loop1: detected capacity change from 0 to 1024 [ 63.159784][ T8328] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.185707][ T6531] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.257487][ T41] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.257538][ T41] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.257566][ T41] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.257581][ T41] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.307644][ T6526] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.106245][ T8379] IPv4: Oversized IP packet from 127.202.26.0 [ 64.270594][ T8389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.641'. [ 64.314712][ T6587] kernel write not supported for file /334/attr/exec (pid: 6587 comm: kworker/1:5) [ 64.329606][ T8395] netlink: 10 bytes leftover after parsing attributes in process `syz.1.644'. [ 64.346729][ T8397] usb usb8: usbfs: process 8397 (syz.4.645) did not claim interface 0 before use [ 64.404345][ T8402] loop1: detected capacity change from 0 to 1024 [ 64.406376][ T8401] netlink: 20 bytes leftover after parsing attributes in process `syz.3.647'. [ 64.406524][ T8401] x_tables: ip_tables: udp match: only valid for protocol 17 [ 64.441764][ T8402] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.476795][ T8402] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.648: Allocating blocks 385-513 which overlap fs metadata [ 64.509007][ T2415] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.509068][ T2415] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.530522][ T8398] EXT4-fs (loop1): pa 00000000d5242643: logic 16, phys. 129, len 24 [ 64.530564][ T8398] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 64.598099][ T6531] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.830218][ T8440] netlink: 'syz.4.661': attribute type 10 has an invalid length. [ 64.831525][ T8440] bond0: (slave dummy0): Enslaving as an active interface with an up link [ ** replaying previous printk message ** [ 65.871737][ T8478] ------------[ cut here ]------------ [ 65.871766][ T8478] verifier bug: not inlined functions bpf_perf_event_read#22 is missing func(1) [ 65.871834][ T8478] WARNING: CPU: 0 PID: 8478 at kernel/bpf/verifier.c:22840 bpf_check+0x1559c/0x15d8c [ 65.876553][ T8478] Modules linked in: [ 65.877181][ T8478] CPU: 0 UID: 0 PID: 8478 Comm: syz.2.678 Not tainted syzkaller #0 PREEMPT [ 65.878533][ T8478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 65.880290][ T8478] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 65.881616][ T8478] pc : bpf_check+0x1559c/0x15d8c [ 65.882469][ T8478] lr : bpf_check+0x1559c/0x15d8c [ 65.883320][ T8478] sp : ffff8000a1a17480 [ 65.884023][ T8478] x29: ffff8000a1a17980 x28: dfff800000000000 x27: 0000000000000006 [ 65.885417][ T8478] x26: 1ffff00013755c13 x25: ffff80009baae09c x24: ffff0001016f8008 [ 65.886792][ T8478] x23: ffff80009baae098 x22: ffff80008b153420 x21: ffff800092e12000 [ 65.888153][ T8478] x20: ffff80009baae09c x19: 1ffff00013755c13 x18: 00000000b7040000 [ 65.889423][ T8478] x17: 0000000000000000 x16: ffff80008b0156e8 x15: 0000000000000001 [ 65.890682][ T8478] x14: 1ffff00014342e00 x13: 0000000000000000 x12: 0000000000000000 [ 65.891857][ T8478] x11: 0000000000080000 x10: 000000000000677e x9 : 573371fc2bb1fa00 [ 65.893011][ T8478] x8 : 573371fc2bb1fa00 x7 : ffff800080563530 x6 : 0000000000000000 [ 65.894217][ T8478] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de538 [ 65.895559][ T8478] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 [ 65.896942][ T8478] Call trace: [ 65.897416][ T8478] bpf_check+0x1559c/0x15d8c (P) [ 65.898293][ T8478] bpf_prog_load+0xec8/0x13fc [ 65.899039][ T8478] __sys_bpf+0x450/0x628 [ 65.899668][ T8478] __arm64_sys_bpf+0x80/0x98 [ 65.900400][ T8478] invoke_syscall+0x98/0x2b8 [ 65.901097][ T8478] el0_svc_common+0x130/0x23c [ 65.901824][ T8478] do_el0_svc+0x48/0x58 [ 65.902486][ T8478] el0_svc+0x5c/0x254 [ 65.903112][ T8478] el0t_64_sync_handler+0x84/0x12c [ 65.903958][ T8478] el0t_64_sync+0x198/0x19c [ 65.904685][ T8478] irq event stamp: 338 [ 65.905305][ T8478] hardirqs last enabled at (337): [] irqentry_exit+0xd8/0x108 [ 65.906728][ T8478] hardirqs last disabled at (338): [] el1_brk64+0x20/0x54 [ 65.908037][ T8478] softirqs last enabled at (138): [] local_bh_enable+0x10/0x34 [ 65.909545][ T8478] softirqs last disabled at (136): [] local_bh_disable+0x10/0x34 [ 65.911026][ T8478] ---[ end trace 0000000000000000 ]---