last executing test programs: 3.784268024s ago: executing program 1 (id=2): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000204850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="940000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c0002800500010000000000080007400000000020e814d6"], 0x94}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000000201050000"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) 3.613027244s ago: executing program 1 (id=7): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0xb}, 0x18) r1 = socket(0x10, 0x3, 0x6) r2 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000) 3.472444214s ago: executing program 5 (id=6): r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) 3.368062421s ago: executing program 1 (id=8): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000140)={0x0}) 3.243491901s ago: executing program 5 (id=9): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0xb, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x0) 3.201954753s ago: executing program 1 (id=10): r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) fallocate(r0, 0x0, 0x9, 0x2000406) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x18) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000200)={0x0, 0x2, 0x8, 0x7f}) 2.97991235s ago: executing program 5 (id=11): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='mm_page_free\x00', r1}, 0x18) ftruncate(0xffffffffffffffff, 0xc17a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2b}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.693232723s ago: executing program 5 (id=12): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000230900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000002f4000128014000180090001006c6173740000000004000280140001800c000100636f756e7465720004000280280001800b00010074756e6e656c0000040002800800034000000106"], 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x20050800) 2.524400015s ago: executing program 5 (id=13): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x802, &(0x7f0000000480)=ANY=[], 0x1, 0x2a4, &(0x7f00000001c0)="$eJzs3T9rc2UUAPBzkzSNOqSIiyJ4QQen0rq6NEoFsZMSQR002BYkCYUWAlYwduoncPR7+BFcXPwGgqvg1g6VKzf33ia16R/65k3h7e83nd7nnvOc3KckU06+eXPY3z1I4uTsz2i1kqhtxVacJ7EWtaj8FI0AAF4c51kW/2QPyWzUFt8NALAMxed/4bF7AQCW47Mvvvyks7Oz/WmatuL19umom0TE8HTULdY7+/FdDGIvNqIdFxHZpSL+6OOd7WikubV4ZzgedfPM4de/l/U7f0dM8jejHWvz8zfTwmX+y1V3aXT2V6o/2vHa/Pz3/p8fw3F0m/Hu2zP9r0c7/vg2DmIQu5HnTvN/3EzTD7Ofz374Kt8mz09q0V2d3DeV1Zd0JAAAAAAAAAAAAAAAAAAAAAAAPAHraZoU43sm83vyS5P5OaNu/WKyvp5WZuf7jKv5QElVqJgPlEU5omecxS/VfJ2NNE2z8sZpfiPeaPhhAQAAAAAAAAAAAAAAAAAAAMgdfX/c7w0Ge4cLCappANXX+h9aZ2vmyltx3O/Vby64ev+9ZqcN5L3eenM0GrGgx3JX8FLez8Irr04P9/MogupgFrrXqx8URY/7vbRcqh5yv5fctVerOrhfZ5ea8ayNZZN/iYvs6pm2Llu9mtVc0NNovjJ36d8sy+5X5/2/ijMqrySTERv3232lDOa+wDxoXT+L324ueONbRn0hbzwAAAAAAAAAAAAAAAAAAMA10y/9zlk8uTW19tyaAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAlm/7+fxW0IuLqlWvBuEy+7Z4yaMbh0SO/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ6A/wIAAP//4ipOSw==") getegid() sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f00000000c0)="120000001200e7ef007b0000", 0xc, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x6e}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000740)=""/73, 0x49}, {0x0}, {&(0x7f0000000100)=""/16, 0x10}], 0x6, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2, 0x0) 2.314379926s ago: executing program 2 (id=3): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x74}, {0x6c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000170000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='kmem_cache_free\x00', r3, 0x0, 0x4ee}, 0x18) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) setsockopt$inet_mreq(r4, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 2.169751346s ago: executing program 4 (id=5): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800", @ANYRES32], 0x0, 0x4, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$vsock_stream(0x28, 0x1, 0x0) vmsplice(r3, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000080)="96", 0x1}, {0x0}], 0x1b, 0x2) 2.062050863s ago: executing program 0 (id=1): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000400000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10) process_mrelease(0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val={'init_itable', 0x3d, 0x200}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@data_journal}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x400c84, &(0x7f0000000000)={[{@acl}]}, 0x1, 0x79a, &(0x7f0000001480)="$eJzs3c1rHGUYAPBnNtmkTauJIGi9GBA0UJqYGlsFCxUPIlgo6Nl2SbahZpMt2U1pQkCLCF4EFQ+CXnry4Ee9efXjqv+FB7FUTYsVDxKZzWy7aXbTfG9sfj+Y5H3n3dlnnvl8d2eYDWDP6k//5CIORcQHSURvNj6JiHyt1Blxcul1txbmR9MhicXF1/5Iaq+5uTA/Gg3TpA5klUcj4od3Iw7nVsatzM5NFEql4nRWH6pOXhiqzM4dOT9ZGC+OF6eODY+MHD3+7PFjW5frXz/PHbz24ctPfX3yn3ceufr+j0mcjINZW2MeG3ZiebU/+rNlkk8X4TIvbTrY7pK0ewbYkHTX7Fjay+NQ9EZHrQQA3M/eiohFAGCPSZz/AWCPqX8PcHNhfrQ+tPcbiZ11/cWI2LeUf/365lJLZ3bNbl/tOmjPzWTZlZEkIvq2IH5/RHz27RtfpkNs1XVIgDV4+3JEnO3rX3n8T1bcs7BeT6/S1pX9779rfBrfFWjYGd+l/Z/nmvX/crf7P9Gk/9PdZN/diGb7/7IR+1ed/MRm41//POKFhnvbbjXkn+nryGoP1Pp8+eTc+VIxPbY9GBEDke9O68OrxBi48e+NFSMb8qr3//786M0v0vjp/zutud86u5dPOlaoFjaTc6PrlyMe60ya5J/cXv9Ji/7v6TXGeOX59z5t1Zau/zTf+rAy/8juTtoei1cinmy6/u/c0Zasen/iUG1zGKpvFE1888snPa3iN/b/0yGNX/8ssBPS9d+zev59SeP9mpWWb9XVquGnK73ft2q7d/7Nt/+u5PVlQS8VqtXp4Yiu5NWV44/emfZS4fGstPT6NP+BJ5rv/6tt/+lnwrMtF8Vyndd+/2rj+W+vNP+xda3/9Reu3proaBV/bet/pFYayMas5fi31hnczLIDAAAAAAAAAAAAAAAAAAAAAAAAgLXKRcTBSHKDt8u53ODg0m94Pxw9uVK5Uj18rjwzNRa138rui3yu/qjL3obnoQ5nz8Ov149mT+2s15+JiIci4uPu/Un9OYpjbc4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOoOtPj9/9Sv3e2eOwBg2+xr9wwAADvO+R8A9h7nfwDYe9Z2/u/Y9vkAAHaOz/8AsPc4/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDNTp86lQ6Lfy/Mj6b1sYuzMxPli0fGipWJwcmZ0cHR8vSFwfFyebxUHBwtT97r/Url8oWRmJq5NFQtVqpDldm5M5PlmanqmfOThfHimWJ+R7ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPWpzM5NFEql4vR9X+jKMt7E++TvHrO4C/JqLOQjoi3RO7KFuxsWwo4Xkt0xG1tcaONBCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/5L8AAAD//5NXHCA=") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_access\x00', &(0x7f0000001440)=ANY=[@ANYBLOB], 0x24, 0x3) pwrite64(r1, &(0x7f0000000180)="f7", 0x1, 0x200980) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0) 1.936050395s ago: executing program 3 (id=14): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'geneve0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000180)="0b0312002e00640002086086dd480300"/26, 0xfffffffffffffff4, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r3, 0x1, 0x0, 0x6, @remote}, 0x14) 1.791560876s ago: executing program 4 (id=15): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x23500d8, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 1.762581321s ago: executing program 2 (id=16): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="24010000", @ANYRES16=r3, @ANYBLOB="a183000000000000000005"], 0x124}}, 0x0) 1.688057933s ago: executing program 3 (id=17): syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0xe000, 0x0, 0x5, 0x0, @dev={0xac, 0x14, 0x14, 0xff}, @remote, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 1.435821811s ago: executing program 3 (id=18): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x503, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x40}}, 0x0) 1.328333252s ago: executing program 4 (id=19): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0, 0x0, 0x2000000000000}, 0x18) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x6) symlinkat(0x0, r2, &(0x7f0000000080)='./file0\x00') 1.313962804s ago: executing program 2 (id=20): r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0) recvmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000005c0)=""/141, 0x8d}], 0x1}, 0x30b3}], 0x1, 0x40012163, 0x0) 1.052029134s ago: executing program 1 (id=21): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000160000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r4, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r4], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094) r6 = socket(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x74, 0x28, 0xd27, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x44, 0x2, [@TCA_CGROUP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0xfffffffc, 0x8, 0x0, 0x8, 0x80, {0x4, 0x1, 0x0, 0x2, 0x61f, 0x10000}, {0x5, 0x1, 0x6b4a, 0x9, 0xa6, 0x10000}, 0x4, 0x80000001, 0xc6}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x404c0c0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=@delchain={0x24, 0x11, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x10}, {0x0, 0x1}, {0x8}}}, 0x24}}, 0x10) 1.021832166s ago: executing program 3 (id=22): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) llistxattr(0x0, 0x0, 0x0) 965.175213ms ago: executing program 4 (id=23): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd0300000000000085000000330000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x2}, 0x18) socket(0x28, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r0, &(0x7f0000000680)='@|', &(0x7f0000000400)=@tcp6=r3, 0x2}, 0x20) get_robust_list(0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 752.212327ms ago: executing program 3 (id=24): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x4000) sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a3200000000090001007379"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0) 664.716989ms ago: executing program 4 (id=25): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r4}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xfff3, 0xd064db0e491fa98f}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000021}, 0x4044080) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 609.577498ms ago: executing program 5 (id=26): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs289vFFUcAPDvTH8AIrQi/gBRq8Sk0djSgsrBi0YTYzCa6AGPtV1Iw0INrUaQSDHGk4kh0bPxaPQv8GZMjHoy8erJkyEhygXwVDOzM6UM/SF226ndzyeZ7nszb3bet29+vH1vN4CONRARsxFxZ0T8FhF9EZFUCwy0Xq5dOTd+/cq58STm5l7/M8nLXb1ybrwsWu63vcgMphHpR0lr54rpM2dPjDWbjdNFfnjm5NvD02fOPvnuybHjjeONU6OHDx86OPLM06NPtSXOLK6rez+Y2rfnpTcvvjJ+9OJbP32TFHFHJY52GcgC/2suV932WLsPVrMdC9JJd40V4bZ0RUTWXD359d8XXXGj8frixQ9rrRywprJn05alN8/OAZtYEnXXAKhH+aDPPv+Wyzp1PTaEy8+1PgBlcV8rltaW7kiLMj2Vz7ftNBARR2f//iJbYo3GIQAAFvpk/PMjvRHx/vWvX876Hn3zW9K4N3/9Pf+7s5hD6Y+IuyJiV0TcHRG7I+KeiLzsfRFx/yrrc2v/J720yrdcVtb/e7aY27q5/1f2/qK/q8jtyOPvSY5NNhsHiv/JYPRsyfIjyxzjuxd+/XSpbQv7f9mSHb/sCxb1uNRdGaCbGJsZyzulbXD5QsTe7sXiT+ZnApKI2BMRe2/vrXeWicnHv9q3VKGV419GG+aZ5r7MwpvN4p+NSvylZOH85OQt85PDW6PZODBcnhW3+vmXj19b6virir8NLjdarwvav1qkP1k4Xzvd3uP/x/M/7U3eyOeZe4t1743NzJweiehNjuT5m9aP3ti3zJfls/N/cP/i1/+uYp8s/gciIjuJH4yIhyLi4aLuj0TEoxGxf5kYf3x+5fgjran9L0RMLHr/mz//K+1/+4muEz98u9Tx/137H8pTg8Wa/P63gsWqk90uqhVczf8OAAAA/i/S/DvwSTo0n07ToaHWd/h3xx1pc2p65oljU++cmmh9V74/etJypKuvGA9tTjYbI8ls8Y6t8dHRYqy4HC89WIwbf9a1Lc8PjU81J2qOHTrd9iWu/8wfXXXXDlhj2xZdO9q77hUBalCdR09vzp5/NdwMYLPye23oXCtc/+l61QNYf57/0LkWu/7PV/LmAmBz8vyHzuX6hw6Vfl93DYAaef5DR1rN7/rXMLF1Y1SjnsRGbZQ8EVEm0g1RH4k1StR9ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiPfwIAAP//SAfnAA==") 562.758924ms ago: executing program 0 (id=27): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='bbr\x00', 0x4) sendto$inet6(r0, &(0x7f0000000200)="ae", 0x1, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 456.079419ms ago: executing program 1 (id=28): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) mount$9p_tcp(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x801, &(0x7f0000000740)=ANY=[@ANYBLOB='trans=tcp']) 405.25526ms ago: executing program 3 (id=29): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) close(r0) 74.049864ms ago: executing program 2 (id=30): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0xd, 0x0, &(0x7f0000000180)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) 0s ago: executing program 4 (id=31): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) pipe2(&(0x7f00000006c0)={0xffffffffffffffff}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) r4 = socket$inet6(0xa, 0x2, 0x3a) sendto$inet6(r4, &(0x7f00000000c0)="800009e92208", 0x6, 0x0, 0x0, 0x0) recvfrom$inet6(r4, 0x0, 0x0, 0x10040, 0x0, 0x26) close_range(r1, 0xffffffffffffffff, 0x200000000000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000300)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5d, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x7f, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.94' (ED25519) to the list of known hosts. [ 83.593268][ T5845] cgroup: Unknown subsys name 'net' [ 83.716279][ T5845] cgroup: Unknown subsys name 'cpuset' [ 83.725573][ T5845] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.213297][ T5845] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.118131][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.131481][ T5874] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.142441][ T5876] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.149918][ T5876] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.158477][ T5876] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.168614][ T5876] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.182435][ T5876] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.201457][ T5876] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.206278][ T5877] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.216819][ T5877] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.216865][ T5876] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.225064][ T5877] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.240624][ T5877] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.248418][ T5876] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.249307][ T5877] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.259826][ T5878] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.270325][ T5877] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.270912][ T5876] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.286180][ T5876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.294492][ T5878] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.302144][ T5877] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.302371][ T5878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.327415][ T5878] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.339978][ T5881] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.347437][ T5881] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.347638][ T5872] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.356233][ T5881] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.372403][ T5863] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 88.372416][ T5872] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.386970][ T5881] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.034712][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 89.283579][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 89.428183][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 89.543460][ T5870] chnl_net:caif_netlink_parms(): no params data found [ 89.575858][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.583670][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.590991][ T5859] bridge_slave_0: entered allmulticast mode [ 89.599124][ T5859] bridge_slave_0: entered promiscuous mode [ 89.659996][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.667247][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.674738][ T5859] bridge_slave_1: entered allmulticast mode [ 89.682823][ T5859] bridge_slave_1: entered promiscuous mode [ 89.690504][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 89.798752][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.806052][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.813392][ T5861] bridge_slave_0: entered allmulticast mode [ 89.820724][ T5861] bridge_slave_0: entered promiscuous mode [ 89.828666][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 89.841354][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.848510][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.855821][ T5861] bridge_slave_1: entered allmulticast mode [ 89.864733][ T5861] bridge_slave_1: entered promiscuous mode [ 89.969545][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.046316][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.074099][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.112602][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.119750][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.127280][ T5870] bridge_slave_0: entered allmulticast mode [ 90.134779][ T5870] bridge_slave_0: entered promiscuous mode [ 90.143611][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.150723][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.157949][ T5870] bridge_slave_1: entered allmulticast mode [ 90.165744][ T5870] bridge_slave_1: entered promiscuous mode [ 90.189778][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.215945][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.223184][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.230491][ T5858] bridge_slave_0: entered allmulticast mode [ 90.238186][ T5858] bridge_slave_0: entered promiscuous mode [ 90.264599][ T5859] team0: Port device team_slave_0 added [ 90.329462][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.337889][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.345519][ T5862] Bluetooth: hci0: command tx timeout [ 90.349383][ T5858] bridge_slave_1: entered allmulticast mode [ 90.351334][ T51] Bluetooth: hci4: command tx timeout [ 90.358922][ T5858] bridge_slave_1: entered promiscuous mode [ 90.371073][ T5859] team0: Port device team_slave_1 added [ 90.411560][ T51] Bluetooth: hci3: command tx timeout [ 90.417202][ T5861] team0: Port device team_slave_0 added [ 90.422903][ T51] Bluetooth: hci5: command tx timeout [ 90.423067][ T51] Bluetooth: hci2: command tx timeout [ 90.479210][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.486602][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.494331][ T5857] bridge_slave_0: entered allmulticast mode [ 90.501648][ T5862] Bluetooth: hci1: command tx timeout [ 90.505583][ T5857] bridge_slave_0: entered promiscuous mode [ 90.518014][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.536098][ T5861] team0: Port device team_slave_1 added [ 90.558525][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.565721][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.592683][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.604267][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.611845][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.619045][ T5857] bridge_slave_1: entered allmulticast mode [ 90.627063][ T5857] bridge_slave_1: entered promiscuous mode [ 90.636943][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.693365][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.703373][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.710324][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.736509][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.792565][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.799540][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.826016][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.840185][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.888154][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.895454][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.903211][ T5865] bridge_slave_0: entered allmulticast mode [ 90.910616][ T5865] bridge_slave_0: entered promiscuous mode [ 90.918686][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.926077][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.952181][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.004072][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.016842][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.028495][ T5870] team0: Port device team_slave_0 added [ 91.038552][ T5870] team0: Port device team_slave_1 added [ 91.044799][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.052151][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.059383][ T5865] bridge_slave_1: entered allmulticast mode [ 91.067113][ T5865] bridge_slave_1: entered promiscuous mode [ 91.109973][ T5858] team0: Port device team_slave_0 added [ 91.133932][ T973] cfg80211: failed to load regulatory.db [ 91.202137][ T5858] team0: Port device team_slave_1 added [ 91.215414][ T5859] hsr_slave_0: entered promiscuous mode [ 91.222536][ T5859] hsr_slave_1: entered promiscuous mode [ 91.284633][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.292008][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.318303][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.333058][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.372517][ T5857] team0: Port device team_slave_0 added [ 91.387897][ T5861] hsr_slave_0: entered promiscuous mode [ 91.394677][ T5861] hsr_slave_1: entered promiscuous mode [ 91.400790][ T5861] debugfs: 'hsr0' already exists in 'hsr' [ 91.407523][ T5861] Cannot create hsr debugfs directory [ 91.414173][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.421133][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.448118][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.461770][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.488252][ T5857] team0: Port device team_slave_1 added [ 91.510308][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.517309][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.543272][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.555984][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.563011][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.588970][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.654058][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.661009][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.687281][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.721053][ T5865] team0: Port device team_slave_0 added [ 91.730494][ T5865] team0: Port device team_slave_1 added [ 91.752465][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.759410][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.785704][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.922565][ T5858] hsr_slave_0: entered promiscuous mode [ 91.928948][ T5858] hsr_slave_1: entered promiscuous mode [ 91.935765][ T5858] debugfs: 'hsr0' already exists in 'hsr' [ 91.942166][ T5858] Cannot create hsr debugfs directory [ 91.964161][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.971109][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.997158][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.037110][ T5870] hsr_slave_0: entered promiscuous mode [ 92.043755][ T5870] hsr_slave_1: entered promiscuous mode [ 92.050046][ T5870] debugfs: 'hsr0' already exists in 'hsr' [ 92.055806][ T5870] Cannot create hsr debugfs directory [ 92.089051][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.096166][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.122266][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.234611][ T5857] hsr_slave_0: entered promiscuous mode [ 92.240995][ T5857] hsr_slave_1: entered promiscuous mode [ 92.247975][ T5857] debugfs: 'hsr0' already exists in 'hsr' [ 92.253956][ T5857] Cannot create hsr debugfs directory [ 92.412010][ T5862] Bluetooth: hci4: command tx timeout [ 92.417450][ T51] Bluetooth: hci0: command tx timeout [ 92.431690][ T5865] hsr_slave_0: entered promiscuous mode [ 92.438109][ T5865] hsr_slave_1: entered promiscuous mode [ 92.444419][ T5865] debugfs: 'hsr0' already exists in 'hsr' [ 92.450160][ T5865] Cannot create hsr debugfs directory [ 92.501778][ T51] Bluetooth: hci2: command tx timeout [ 92.507241][ T51] Bluetooth: hci5: command tx timeout [ 92.514018][ T5862] Bluetooth: hci3: command tx timeout [ 92.591382][ T51] Bluetooth: hci1: command tx timeout [ 92.922077][ T5859] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 92.936054][ T5859] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 92.976728][ T5859] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 92.988104][ T5859] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 93.070160][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.095168][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.118352][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.134335][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.186319][ T5858] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.199409][ T5858] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.214797][ T5858] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.249644][ T5858] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.361847][ T5870] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.374089][ T5870] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.387251][ T5870] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.398439][ T5870] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.506226][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.524060][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.567440][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.579346][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.656587][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.696416][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.735874][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.743153][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.763283][ T5865] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.784519][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.791800][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.814529][ T5865] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.827220][ T5865] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.838831][ T5865] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.867877][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.944926][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.997476][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.046948][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.089446][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.096622][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.125951][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.165482][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.172657][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.184176][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.191318][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.205392][ T5870] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.245427][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.252620][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.310982][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.361074][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.368250][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.444954][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.452183][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.473999][ T5861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.491741][ T51] Bluetooth: hci0: command tx timeout [ 94.491791][ T5881] Bluetooth: hci4: command tx timeout [ 94.530756][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.548591][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.576566][ T5881] Bluetooth: hci5: command tx timeout [ 94.576588][ T51] Bluetooth: hci3: command tx timeout [ 94.582937][ T5881] Bluetooth: hci2: command tx timeout [ 94.606263][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.613420][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.629720][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.636886][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.651684][ T5881] Bluetooth: hci1: command tx timeout [ 94.717174][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.844721][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.926402][ T5974] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.933590][ T5974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.018933][ T5974] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.026125][ T5974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.266855][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.444268][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.697924][ T5861] veth0_vlan: entered promiscuous mode [ 95.794828][ T5861] veth1_vlan: entered promiscuous mode [ 95.841662][ T5859] veth0_vlan: entered promiscuous mode [ 95.879745][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.894825][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.912081][ T5859] veth1_vlan: entered promiscuous mode [ 95.958255][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.977137][ T5861] veth0_macvtap: entered promiscuous mode [ 96.043001][ T5861] veth1_macvtap: entered promiscuous mode [ 96.097764][ T5859] veth0_macvtap: entered promiscuous mode [ 96.130642][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.146746][ T5857] veth0_vlan: entered promiscuous mode [ 96.168202][ T5859] veth1_macvtap: entered promiscuous mode [ 96.180885][ T5870] veth0_vlan: entered promiscuous mode [ 96.210243][ T5857] veth1_vlan: entered promiscuous mode [ 96.225512][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.260827][ T5974] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.270487][ T5974] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.280469][ T5974] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.298702][ T5870] veth1_vlan: entered promiscuous mode [ 96.308081][ T5865] veth0_vlan: entered promiscuous mode [ 96.316893][ T5974] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.358487][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.375778][ T5858] veth0_vlan: entered promiscuous mode [ 96.412089][ T5865] veth1_vlan: entered promiscuous mode [ 96.435428][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.453024][ T5858] veth1_vlan: entered promiscuous mode [ 96.517443][ T5857] veth0_macvtap: entered promiscuous mode [ 96.527554][ T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.536362][ T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.554893][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.567347][ T5974] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.576378][ T5881] Bluetooth: hci0: command tx timeout [ 96.576533][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.589839][ T5881] Bluetooth: hci4: command tx timeout [ 96.603744][ T5974] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.619051][ T5870] veth0_macvtap: entered promiscuous mode [ 96.632939][ T5857] veth1_macvtap: entered promiscuous mode [ 96.651443][ T5881] Bluetooth: hci3: command tx timeout [ 96.652301][ T5862] Bluetooth: hci5: command tx timeout [ 96.662670][ T5862] Bluetooth: hci2: command tx timeout [ 96.676660][ T5870] veth1_macvtap: entered promiscuous mode [ 96.731982][ T5862] Bluetooth: hci1: command tx timeout [ 96.739138][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.781067][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.821819][ T5858] veth0_macvtap: entered promiscuous mode [ 96.829487][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.833060][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.846065][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.860533][ T5865] veth0_macvtap: entered promiscuous mode [ 96.866836][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.881949][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.885065][ T5858] veth1_macvtap: entered promiscuous mode [ 96.920838][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.942539][ T5974] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.989596][ T5865] veth1_macvtap: entered promiscuous mode [ 96.999105][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.015783][ T5861] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.017092][ T5974] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.044916][ T5974] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.065368][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.075196][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.082515][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.099831][ T5974] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.109888][ T5974] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.174667][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.183641][ T5974] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.199646][ T5974] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.256177][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.296582][ T5974] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.314434][ T5974] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.349994][ T5974] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.368679][ T5974] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.419199][ T5974] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.438550][ T5974] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.493501][ T6008] syz.5.6 uses obsolete (PF_INET,SOCK_PACKET) [ 97.534849][ T5974] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.570355][ T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.589386][ T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.769251][ T5982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.808424][ T5982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.821836][ T4196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.837742][ T4196] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.985253][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.997368][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.084358][ T6019] Zero length message leads to an empty skb [ 98.110843][ T5982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.137069][ T5982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.254948][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.272264][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.280140][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.304246][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.393845][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.430234][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.516680][ T4196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.530425][ T6023] loop5: detected capacity change from 0 to 256 [ 98.559492][ T4196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.889627][ T6028] syz_tun: entered allmulticast mode [ 98.948573][ T6026] syz_tun: left allmulticast mode [ 99.214148][ T6034] loop0: detected capacity change from 0 to 512 [ 99.255048][ T6034] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 99.315399][ T6034] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 99.328580][ T6041] netlink: 272 bytes leftover after parsing attributes in process `syz.2.16'. [ 99.425076][ T6034] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 99.464355][ T6034] EXT4-fs (loop0): 1 truncate cleaned up [ 99.529428][ T6034] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.935052][ T30] audit: type=1326 audit(1757467010.798:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 99.969962][ T6058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'. [ 100.032069][ T30] audit: type=1326 audit(1757467010.808:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.108675][ T30] audit: type=1326 audit(1757467010.838:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.136611][ T6058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21'. [ 100.148332][ T30] audit: type=1326 audit(1757467010.838:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.245404][ T30] audit: type=1326 audit(1757467010.838:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.272157][ T6065] netlink: 52 bytes leftover after parsing attributes in process `syz.3.24'. [ 100.402451][ T30] audit: type=1326 audit(1757467010.838:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.475871][ T6067] netlink: 28 bytes leftover after parsing attributes in process `syz.4.25'. [ 100.503234][ T6069] loop5: detected capacity change from 0 to 512 [ 100.508025][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.557862][ T30] audit: type=1326 audit(1757467010.838:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.596385][ T6073] loop1: detected capacity change from 0 to 512 [ 100.633025][ T6073] EXT4-fs: Ignoring removed nobh option [ 100.676826][ T30] audit: type=1326 audit(1757467010.838:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.739800][ T30] audit: type=1326 audit(1757467010.858:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.748144][ T6069] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.26: bg 0: block 127: padding at end of block bitmap is not set [ 100.774891][ T30] audit: type=1326 audit(1757467010.858:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6059 comm="syz.3.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96d518eba9 code=0x7ffc0000 [ 100.816981][ T6069] ------------[ cut here ]------------ [ 100.822760][ T6069] EA inode 11 i_nlink=2 [ 100.848347][ T6069] WARNING: CPU: 1 PID: 6069 at fs/ext4/xattr.c:1053 ext4_xattr_inode_update_ref+0x534/0x5d0 [ 100.862901][ T6069] Modules linked in: [ 100.867251][ T6069] CPU: 1 UID: 0 PID: 6069 Comm: syz.5.26 Not tainted syzkaller #0 PREEMPT(full) [ 100.877137][ T6069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 100.887588][ T6069] RIP: 0010:ext4_xattr_inode_update_ref+0x534/0x5d0 [ 100.894241][ T6069] Code: 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 0f 85 86 00 00 00 41 8b 14 24 48 c7 c7 60 e3 9f 8b 4c 89 fe e8 6d 5d fd fe 90 <0f> 0b 90 90 48 bb 00 00 00 00 00 fc ff df e9 bb fd ff ff e8 e4 39 [ 100.915814][ T6069] RSP: 0018:ffffc900050172e0 EFLAGS: 00010246 [ 100.919080][ T6073] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #3: comm syz.1.28: corrupted inode contents [ 100.923250][ T6069] RAX: 313792ddd9425200 RBX: dffffc0000000000 RCX: 0000000000080000 [ 100.941764][ T6069] RDX: ffffc9000cca5000 RSI: 0000000000076cab RDI: 0000000000076cac [ 100.949744][ T6069] RBP: ffffc900050173d0 R08: 0000000000000003 R09: 0000000000000004 [ 100.957781][ T6069] R10: dffffc0000000000 R11: fffffbfff1bfa1f4 R12: ffff88807723ec10 [ 100.965885][ T6069] R13: 1ffff1100ee47d82 R14: 00000000ffffffff R15: 000000000000000b [ 100.975174][ T6069] FS: 00007f586d38d6c0(0000) GS:ffff888125d15000(0000) knlGS:0000000000000000 [ 100.984602][ T6069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 100.991241][ T6069] CR2: 00007f3c231056c0 CR3: 0000000075f72000 CR4: 0000000000350ef0 [ 100.999219][ T6069] Call Trace: [ 101.002638][ T6069] [ 101.005581][ T6069] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 101.013912][ T6069] ? __kasan_kmalloc+0x93/0xb0 [ 101.018700][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.025774][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.031506][ T6069] ? __ext4_journal_ensure_credits+0x30/0x450 [ 101.037601][ T6069] ext4_xattr_inode_dec_ref_all+0x867/0xda0 [ 101.043559][ T6069] ? __pfx___ext4_get_inode_loc+0x10/0x10 [ 101.049303][ T6069] ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10 [ 101.055851][ T6069] ? __ext4_journal_get_write_access+0x272/0x570 [ 101.062240][ T6069] ? __pfx___ext4_journal_get_write_access+0x10/0x10 [ 101.068956][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.074668][ T6069] ext4_xattr_delete_inode+0xa4c/0xc10 [ 101.080162][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.085895][ T6069] ? __pfx_ext4_xattr_delete_inode+0x10/0x10 [ 101.092028][ T6069] ext4_evict_inode+0xac9/0xee0 [ 101.096988][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.102714][ T6069] ? __pfx_ext4_evict_inode+0x10/0x10 [ 101.108109][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.115419][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.121077][ T6069] ? do_raw_spin_unlock+0x122/0x240 [ 101.127679][ T6069] ? __pfx_ext4_evict_inode+0x10/0x10 [ 101.133375][ T6069] evict+0x504/0x9c0 [ 101.137296][ T6069] ? __pfx_evict+0x10/0x10 [ 101.141874][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.147520][ T6069] ? do_raw_spin_unlock+0x122/0x240 [ 101.152867][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.158517][ T6069] ? _raw_spin_unlock+0x28/0x50 [ 101.163487][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.169134][ T6069] ? iput+0x6d8/0x9d0 [ 101.173236][ T6069] ext4_orphan_cleanup+0xc20/0x1460 [ 101.178465][ T6069] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 101.184412][ T6069] ? ext4_register_li_request+0x259/0x720 [ 101.190147][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.195852][ T6069] ? errseq_check_and_advance+0x66/0x120 [ 101.201583][ T6069] ext4_fill_super+0x57df/0x6090 [ 101.206545][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.214587][ T6069] ? __pfx_ext4_fill_super+0x10/0x10 [ 101.219894][ T6069] ? set_blocksize+0x21e/0x500 [ 101.226628][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.232439][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.238088][ T6069] ? sb_set_blocksize+0x104/0x180 [ 101.243223][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.248877][ T6069] ? setup_bdev_super+0x4c1/0x5b0 [ 101.254011][ T6069] get_tree_bdev_flags+0x40e/0x4d0 [ 101.259143][ T6069] ? __pfx_ext4_fill_super+0x10/0x10 [ 101.264536][ T6069] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 101.270190][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.275917][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.281640][ T6069] vfs_get_tree+0x92/0x2b0 [ 101.286082][ T6069] do_new_mount+0x2a2/0x9e0 [ 101.290606][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.297323][ T6069] ? ns_capable+0x8a/0xf0 [ 101.301897][ T6069] ? __pfx_do_new_mount+0x10/0x10 [ 101.306949][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.312675][ T6069] ? path_mount+0x61c/0xfe0 [ 101.318759][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.326375][ T6069] __se_sys_mount+0x317/0x410 [ 101.331089][ T6069] ? __pfx___se_sys_mount+0x10/0x10 [ 101.336409][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.342113][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.347758][ T6069] ? __x64_sys_mount+0x20/0xc0 [ 101.352623][ T6069] do_syscall_64+0xfa/0x3b0 [ 101.357142][ T6069] ? lockdep_hardirqs_on+0x9c/0x150 [ 101.362427][ T6069] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.368503][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.374933][ T6069] ? exc_page_fault+0x9f/0xf0 [ 101.379623][ T6069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.385844][ T6069] RIP: 0033:0x7f586c59034a [ 101.390268][ T6069] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.409979][ T6069] RSP: 002b:00007f586d38ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 101.420056][ T6069] RAX: ffffffffffffffda RBX: 00007f586d38cef0 RCX: 00007f586c59034a [ 101.429414][ T6069] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f586d38ceb0 [ 101.431792][ T6073] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #3: comm syz.1.28: mark_inode_dirty error [ 101.437483][ T6069] RBP: 0000200000000180 R08: 00007f586d38cef0 R09: 0000000000800700 [ 101.456607][ T6069] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 101.464676][ T6069] R13: 00007f586d38ceb0 R14: 0000000000000473 R15: 0000200000000680 [ 101.472734][ T6069] [ 101.475767][ T6069] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 101.483041][ T6069] CPU: 1 UID: 0 PID: 6069 Comm: syz.5.26 Not tainted syzkaller #0 PREEMPT(full) [ 101.492140][ T6069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 101.502184][ T6069] Call Trace: [ 101.505452][ T6069] [ 101.508370][ T6069] dump_stack_lvl+0x99/0x250 [ 101.512962][ T6069] ? __asan_memcpy+0x40/0x70 [ 101.517550][ T6069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.522746][ T6069] ? __pfx__printk+0x10/0x10 [ 101.527352][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.532982][ T6069] vpanic+0x281/0x750 [ 101.536960][ T6069] ? __pfx__printk+0x10/0x10 [ 101.541551][ T6069] ? __pfx_vpanic+0x10/0x10 [ 101.546075][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.551806][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.557435][ T6069] ? is_bpf_text_address+0x26/0x2b0 [ 101.562638][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.568274][ T6069] panic+0xb9/0xc0 [ 101.571987][ T6069] ? __pfx_panic+0x10/0x10 [ 101.576415][ T6069] __warn+0x31b/0x4b0 [ 101.580390][ T6069] ? ext4_xattr_inode_update_ref+0x534/0x5d0 [ 101.586364][ T6069] ? ext4_xattr_inode_update_ref+0x534/0x5d0 [ 101.592336][ T6069] report_bug+0x2be/0x4f0 [ 101.596659][ T6069] ? ext4_xattr_inode_update_ref+0x534/0x5d0 [ 101.602635][ T6069] ? ext4_xattr_inode_update_ref+0x534/0x5d0 [ 101.608606][ T6069] ? ext4_xattr_inode_update_ref+0x536/0x5d0 [ 101.614580][ T6069] handle_bug+0x84/0x160 [ 101.618825][ T6069] exc_invalid_op+0x1a/0x50 [ 101.623325][ T6069] asm_exc_invalid_op+0x1a/0x20 [ 101.628166][ T6069] RIP: 0010:ext4_xattr_inode_update_ref+0x534/0x5d0 [ 101.634746][ T6069] Code: 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 0f 85 86 00 00 00 41 8b 14 24 48 c7 c7 60 e3 9f 8b 4c 89 fe e8 6d 5d fd fe 90 <0f> 0b 90 90 48 bb 00 00 00 00 00 fc ff df e9 bb fd ff ff e8 e4 39 [ 101.654358][ T6069] RSP: 0018:ffffc900050172e0 EFLAGS: 00010246 [ 101.660420][ T6069] RAX: 313792ddd9425200 RBX: dffffc0000000000 RCX: 0000000000080000 [ 101.668382][ T6069] RDX: ffffc9000cca5000 RSI: 0000000000076cab RDI: 0000000000076cac [ 101.676345][ T6069] RBP: ffffc900050173d0 R08: 0000000000000003 R09: 0000000000000004 [ 101.684305][ T6069] R10: dffffc0000000000 R11: fffffbfff1bfa1f4 R12: ffff88807723ec10 [ 101.692276][ T6069] R13: 1ffff1100ee47d82 R14: 00000000ffffffff R15: 000000000000000b [ 101.700270][ T6069] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 101.706619][ T6069] ? __kasan_kmalloc+0x93/0xb0 [ 101.711390][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.717029][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.722657][ T6069] ? __ext4_journal_ensure_credits+0x30/0x450 [ 101.728737][ T6069] ext4_xattr_inode_dec_ref_all+0x867/0xda0 [ 101.734652][ T6069] ? __pfx___ext4_get_inode_loc+0x10/0x10 [ 101.740381][ T6069] ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10 [ 101.746797][ T6069] ? __ext4_journal_get_write_access+0x272/0x570 [ 101.753134][ T6069] ? __pfx___ext4_journal_get_write_access+0x10/0x10 [ 101.759822][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.765452][ T6069] ext4_xattr_delete_inode+0xa4c/0xc10 [ 101.770924][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.776555][ T6069] ? __pfx_ext4_xattr_delete_inode+0x10/0x10 [ 101.782554][ T6069] ext4_evict_inode+0xac9/0xee0 [ 101.787435][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.793072][ T6069] ? __pfx_ext4_evict_inode+0x10/0x10 [ 101.798444][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.804137][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.809767][ T6069] ? do_raw_spin_unlock+0x122/0x240 [ 101.814965][ T6069] ? __pfx_ext4_evict_inode+0x10/0x10 [ 101.820336][ T6069] evict+0x504/0x9c0 [ 101.824235][ T6069] ? __pfx_evict+0x10/0x10 [ 101.828646][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.834277][ T6069] ? do_raw_spin_unlock+0x122/0x240 [ 101.839477][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.845102][ T6069] ? _raw_spin_unlock+0x28/0x50 [ 101.849954][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.855581][ T6069] ? iput+0x6d8/0x9d0 [ 101.859563][ T6069] ext4_orphan_cleanup+0xc20/0x1460 [ 101.864774][ T6069] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 101.870403][ T6069] ? ext4_register_li_request+0x259/0x720 [ 101.876114][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.881745][ T6069] ? errseq_check_and_advance+0x66/0x120 [ 101.887393][ T6069] ext4_fill_super+0x57df/0x6090 [ 101.892337][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.897979][ T6069] ? __pfx_ext4_fill_super+0x10/0x10 [ 101.903256][ T6069] ? set_blocksize+0x21e/0x500 [ 101.908031][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.913662][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.919287][ T6069] ? sb_set_blocksize+0x104/0x180 [ 101.924403][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.930029][ T6069] ? setup_bdev_super+0x4c1/0x5b0 [ 101.935058][ T6069] get_tree_bdev_flags+0x40e/0x4d0 [ 101.940171][ T6069] ? __pfx_ext4_fill_super+0x10/0x10 [ 101.945453][ T6069] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 101.951085][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.956715][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.962358][ T6069] vfs_get_tree+0x92/0x2b0 [ 101.966779][ T6069] do_new_mount+0x2a2/0x9e0 [ 101.971289][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.976948][ T6069] ? ns_capable+0x8a/0xf0 [ 101.981265][ T6069] ? __pfx_do_new_mount+0x10/0x10 [ 101.986292][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 101.991918][ T6069] ? path_mount+0x61c/0xfe0 [ 101.996427][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 102.002063][ T6069] __se_sys_mount+0x317/0x410 [ 102.006749][ T6069] ? __pfx___se_sys_mount+0x10/0x10 [ 102.011958][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 102.017601][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 102.023230][ T6069] ? __x64_sys_mount+0x20/0xc0 [ 102.028004][ T6069] do_syscall_64+0xfa/0x3b0 [ 102.032540][ T6069] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.037729][ T6069] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.043793][ T6069] ? srso_alias_return_thunk+0x5/0xfbef5 [ 102.049421][ T6069] ? exc_page_fault+0x9f/0xf0 [ 102.054094][ T6069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.059980][ T6069] RIP: 0033:0x7f586c59034a [ 102.064384][ T6069] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.083986][ T6069] RSP: 002b:00007f586d38ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 102.092409][ T6069] RAX: ffffffffffffffda RBX: 00007f586d38cef0 RCX: 00007f586c59034a [ 102.100376][ T6069] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f586d38ceb0 [ 102.108339][ T6069] RBP: 0000200000000180 R08: 00007f586d38cef0 R09: 0000000000800700 [ 102.116303][ T6069] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 102.124264][ T6069] R13: 00007f586d38ceb0 R14: 0000000000000473 R15: 0000200000000680 [ 102.132243][ T6069] [ 102.135453][ T6069] Kernel Offset: disabled [ 102.139772][ T6069] Rebooting in 86400 seconds..