last executing test programs: 4.064993525s ago: executing program 2 (id=123): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000040)={[{@user_xattr}, {@discard}]}, 0x1, 0x513, &(0x7f0000000380)="$eJzs3c9vI1cdAPDvTOJtdjfFLiBUKlEqWpStYO2koW2EEJQLnCoB5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgf+AFSpElwQBwQIhGALBySggzwe06xjJ6GbxNn485Fe/N7MeL7vjeXn+fEyE8DEeioiXoqIqYh4NiLKxfS0SHHQS93l3rn32ko3JZFlr/w1iaSY1l9Xdx3TEXGzeNtMRHztyxHfTI7Gbe/tby43GvWdolzrNLdr7b392xvN5fX6en1rcXHhhaUXl55fms8KD9TOSj/zky99/o1Pf+t3d/5869vdan3uI1GKgXacpV7TS/m26Otuo53zCDYG/c+8NO6KAABwKt19/A9GxCfy/f9yTOV7cwOmxlEzAAAA4KxkX5iNfycRGQAAAHBlpRExG0laLcYCzEaaXivODXw4bqSNVrvzqbXW7tZqd15EJUrp2kajPl+MFa5EKemWF4oxtv3ycwPlxYh4LCK+X76el6srrcbqmM99AAAAwKS4OXD8/49ymudPNuT/BAAAAIDLqzKyAAAAAFwVDvkBAADg6hs8/n9jTPUAAAAAzsVXXn65m7L+869XX93b3Wy9enu13t6sNndXqiutne3qequ1nt+zr3nS+hqt1vZnYmv3bq1Tb3dq7b39O83W7lbnzsZ9j8AGAAAALtBjH3/z10lEHHz2ep6iuA8gwH3+MO4KAGdpatwVAMbGXbxhcpXGXQFg7JIT5hu8AwAAD7+5jx69/p9lWRbODcCVZ6wPAEwe1/9hcpWMAISJlkbEB3rZR0YtM/L6/y9PGyXLIt4qH57i/CIAAFys2TwlabU4DpiNNK1WIx6NSCtRStY2GvX54vjgV+XSI93yQv7O5MQxwwAAAAAAAAAAAAAAAAAAAAAAAABAT5Yl+fP+AAAAgKsrIv1Tkt/NP2Ku/Mzs4PmBa8k/y/HHovCjV35wd7nT2VnoTv9b/iyvaxHR+WEx/bmRjw8DAAAAzlpyMHJW7zi9eF240FoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAHeuffaSj9dZNy/fDEiKsPiT8dM/joTpYi48fckpg+9L4mIqTOIf/B6RDw+LH4S72ZZVilqMRg/jYjr5xy/km+a0fFvnkF8mGRvdvufl4Z9/9J4Kn8d/v2bLtKDGt3/pUXkx/N+blj/9+iRtTWHxnji7Z/VRsZ/PeKJ6eH9T7//TUbEf/rI2v6VZdnRGN/4+v7+qPjZjyPmhv7+JPfFqnWa27X23v7tjebyen29vrW4uPDC0otLzy/N19Y2GvXi79AY3/vYz989rv03hsT/7W96/e9x7X9m1EoH/Oftu/c+1MuWhsW/9fTQ39+ZGBE/LX77Plnku/Pn+vmDXv6wJ3/61pPHtX91xPY/6fO/dcr2P/vV7/7+lIsCABegvbe/udxo1HeOycycYpmHMfOLmUtRjf8zk32n98ldlvq830x3b/W9Kf1WXYKKHcpkFxZrKi5Jk/+XGWu3BAAAnIP3dvrHXRMAAAAAAAAAAAAAAAAAAACYXBdxO7HBmAfjaSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLH+GwAA//9yf+QF") name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="140000"], &(0x7f0000000000), 0x0) 3.472130202s ago: executing program 0 (id=126): socket$key(0xf, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000ddff00850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10) r4 = inotify_init1(0x80800) close(r4) unshare(0x28000600) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0x7}, 0x18) fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x1, 0xffffffffffffffff}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r7, @ANYBLOB="01002dbd7000fcdbdf250a0000001c0003800800010002"], 0xac}, 0x1, 0x0, 0x0, 0x10}, 0x40) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000001c0)={0x0, 0x4007}, 0x4) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0)=0xbfe, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0) setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6}) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r8, 0x1, 0x3c, &(0x7f0000000200)=0x1, 0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0) 3.215631975s ago: executing program 2 (id=128): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x2e3, &(0x7f0000000280)="$eJzs3M9LG2kYwPEnMYkxoslh2WUXFh92L7uXQbP3paEolAYq1pT+gNJRJ23INJFMsKSU2p56Lf0jehCP3oTWf8BLbz310puXQg/1UDol8yNGjdXGH/HH9wPyvvq8T+Z9Z1Sed2Bm4+bLh+WiYxTNukSTKhERkU2RjEQlFAnaqNdPSLtn8u/g5/d/Xr91+2ounx+fUp3ITf+XVdXhkTePngwEw1b7ZT1zd+NT9uP6r+u/b3ybflBytORopVpXU2eqH+rmjG3pXMkpG6qTtmU6lpYqjlXz41U/XrSr8/MNNStzQ6n5muU4alYaWrYaWq9qvdZQ875ZqqhhGDqUEuynsDQ1Zea6TJ494sngmNRqObNPRAZ2RQpLPZkQAADoqaD+b1X70WZJ3039H+tY/y//tVYfvLEyHNT/q4lm/S/SVv/f2/qsbfV/UkSOvf7fXRGdL6774/ih6n+cEc36PxX8/Xqe31ke9TrU/wAAAAAAAAAAAAAAAAAAAAAAnAWbrpt2XTcdtuFXv4gkvSdI/O97PU8cD67/xbb14o7YsIj9YqGwUPDbYMCaiNhiyaik5av3+xBo9hOi3iBtyshbezHIX1wo9HmRXFFKXv6YpCWzM991J67kx8fUtz0/Lqn2/Kyk5ZfO+dmd+fFmm5B//m7LNyQt72alKrbMBU/GhflPx1QvX8vvOP6ANw4AAAAAgPPA0JbW/r2/PW7sjvv7Yz/e2l93vD/g769HO+7vY/JHrFerBgAAAADgYnEaj8umbVu1c9cJV3jQrPC9xnuMiUhkr9ARdMKDn4JTFz/QGYt2NdWRxE9elI6d8LbRXmNksptPdtMihz2Hv716/eXorsX/K8l9VtptJ7HfSuMn9x8IAAAAwEnZKvrDn1zq7YQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiATuLFcr1eIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBafA8AAP//ohEIjg==") r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf944, 0x40002) socket$phonet_pipe(0x23, 0x5, 0x2) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f00000001c0)={0x67, 0x12, 0x3f8, 0x7, 0x0, 0x5, 0x0}) 3.157486693s ago: executing program 0 (id=129): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x18) sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 2.940039161s ago: executing program 1 (id=131): r0 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r3 = fsmount(r0, 0x0, 0x5) mount_setattr(r3, &(0x7f0000000000)='.\x00', 0x8800, &(0x7f0000000080)={0x5, 0x0, 0x0, {r3}}, 0x20) 2.86520532s ago: executing program 0 (id=132): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x10c) chown(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) 2.506595927s ago: executing program 0 (id=133): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 2.506348577s ago: executing program 3 (id=134): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x2, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in6=@dev={0xfe, 0x80, '\x00', 0x12}, @in=@local, 0x6, 0x0, 0x4}]}, 0x38}}, 0x0) 1.995629363s ago: executing program 1 (id=135): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee2, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000640)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r3) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000000c0)={0x34, r5, 0x1, 0x70bd27, 0x25dfdc01, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xac}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c080}, 0x20000040) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4008000}, 0x844) openat$sndseq(0xffffffffffffff9c, 0x0, 0x446102) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0) fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb) openat(0xffffffffffffffff, 0x0, 0x1b1600, 0x0) syz_open_dev$usbfs(0x0, 0x76, 0x160341) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) 1.948807189s ago: executing program 2 (id=136): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r3, 0x0, 0x5}, 0x18) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x7, @local, 0x7}, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x4, 0x0, 0x0) 1.806255507s ago: executing program 3 (id=137): syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Le1cYB/CTgIRCJSKCgx0Eg0ujQhx0SAYrMWQxIlYcnAUHHQQHB0mJzr78A4pvIC5iZ0cxgijESTKKc0FxyZTS9hZq7dIWU/rj81ku55znuc89fG/gfy0efmo2m7EQQjPx97u/P8tPFHunxqZnQoiF+RBC/puvfz2JRRW/v/UiWpeidTGRqR3cjr+eddz1PVRTR/Ho/DIewg8hhKWn4+S/vRtfvvPcdXJjc6WwtZZbfCysPw8vDOR7tvPLuyOH2fJsd3Yu+rEu462Zn6qNntw3Sy977YNt1VojcxPVpWOfM5//1p/z3++q1CuNyf7T1aF0Z/2qvBPl/iZ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgk53nrpMbmyuFrbXc4mNh/Xl4YSDfs51f3h05zJZnu7Nz8d/qLuOtmZ+qjZ7cN0sve+2DbdVaI3MT1aVjH1q/+/FzPokW+ja8z3+/q1KvNCb7T1eH0p31q/JOlPvbx/wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5SfqLYOzU2PRNCLMyHEMbjHce/7DcT7+suomcp2i8mMrWD2/HXs467vodq6mgqEcIfW5aejpNfteoS/GM/BwAA//8394ZP") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) preadv2(r0, &(0x7f0000000280)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0) 1.55297348s ago: executing program 1 (id=138): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r3], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0) 1.247372619s ago: executing program 3 (id=139): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffff}, 0x18) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020900000700000000000000000000000500", @ANYRES32], 0x38}}, 0x0) 899.053585ms ago: executing program 3 (id=140): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x2, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000240)=0x1) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10001) write(r0, 0x0, 0x0) 822.311594ms ago: executing program 2 (id=141): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) splice(r4, 0x0, r3, 0x0, 0xffffffffffff8000, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x2c, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@cgroup=r5, r3, 0xb, 0x20}, 0x20) write$P9_RLERRORu(r3, &(0x7f0000000100)=ANY=[], 0xe) 533.410381ms ago: executing program 1 (id=142): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x18) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 531.668422ms ago: executing program 2 (id=143): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x4}, 0x18) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r2, 0x0, 0x4, 0x0, 0x0) 460.006431ms ago: executing program 3 (id=144): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000000c80)={&(0x7f0000000b40)={0x2, 0xfffc, @loopback}, 0x10, &(0x7f0000001140)=[{&(0x7f0000000100)='_', 0x1}], 0x1}, 0x20040010) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'}) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x4, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00') r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r3, 0x7040, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close_range(r2, 0xffffffffffffffff, 0x0) socket(0x2, 0x3, 0x5574) 348.650215ms ago: executing program 1 (id=145): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0xffa0, &(0x7f0000000380)}, &(0x7f0000000180)=0x10) 284.326694ms ago: executing program 2 (id=146): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) close(0x3) 203.269904ms ago: executing program 3 (id=147): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)) syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd144, 0x0, 0xffffffff, 0x289}, &(0x7f00000001c0), &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000d40000000b"], 0x50) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'team_slave_0\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r2}, 0x18) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='io_uring_submit_sqe\x00', r4, 0x0, 0x8000000000000000}, 0xfffffffffffffdae) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xfe, 0x0, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x3a) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000880)=ANY=[@ANYBLOB="4e040000000000000000beeeab07d92e00040000ae5da35c12ea9b47788c3abf02c3b4a86f1899cc3afec5d816bd9bfecac365f8fe00302e89e1a351baa0d81b13de67c17f7f1f3b2a877183d67130f0c9edf924919ef5fd28d5deefe218d03fa58108956a91e8d8e4743c435bd41f641f33c62d08993fce3386d7e90bf9f7541ce82a9acb40fa4713de76346aae5578c69ce1229d032abe036ad21de0e8fa89bc065b50966ec42a9d41"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x8000) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000000c0)=@newtfilter={0x24, 0x11, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x74, r7, {}, {}, {0x6}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x40d5}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000938500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) 202.742694ms ago: executing program 1 (id=148): getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x18) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000012c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@barrier}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 171.209488ms ago: executing program 0 (id=149): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0xfffffffffffffff2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 0s ago: executing program 0 (id=150): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x18) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0) r3 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000300)={0x10000001}) close_range(r2, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, 0x0, 0x4811) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x289c2, 0x1) fremovexattr(r4, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x408000, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) alarm(0x2) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 41.118848][ T5433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.144889][ T5433] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.141' (ED25519) to the list of known hosts. syzkaller login: [ 64.556356][ T5755] cgroup: Unknown subsys name 'net' [ 64.687909][ T5755] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.048116][ T5755] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.026222][ T5772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.037292][ T5780] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.040010][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.046417][ T5780] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.052842][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.061083][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.066933][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.074091][ T5780] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.081313][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.088209][ T5780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.094258][ T5778] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.103268][ T5780] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.109490][ T5778] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.116257][ T5780] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.123515][ T5778] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.129670][ T5780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.136307][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.167391][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.168442][ T5778] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.190317][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.197966][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.217521][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.240163][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.250642][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.642687][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 68.715846][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 68.786270][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.794790][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.802927][ T5766] bridge_slave_0: entered allmulticast mode [ 68.810441][ T5766] bridge_slave_0: entered promiscuous mode [ 68.833087][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 68.848907][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.856236][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.864750][ T5766] bridge_slave_1: entered allmulticast mode [ 68.872228][ T5766] bridge_slave_1: entered promiscuous mode [ 68.946888][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 68.962653][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.969836][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.978122][ T5769] bridge_slave_0: entered allmulticast mode [ 68.985471][ T5769] bridge_slave_0: entered promiscuous mode [ 68.995927][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.007840][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.030072][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.037591][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.044923][ T5769] bridge_slave_1: entered allmulticast mode [ 69.052185][ T5769] bridge_slave_1: entered promiscuous mode [ 69.118738][ T5766] team0: Port device team_slave_0 added [ 69.156059][ T5766] team0: Port device team_slave_1 added [ 69.174813][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.183118][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.190272][ T5767] bridge_slave_0: entered allmulticast mode [ 69.197917][ T5767] bridge_slave_0: entered promiscuous mode [ 69.205569][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.212890][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.220089][ T5767] bridge_slave_1: entered allmulticast mode [ 69.227120][ T5767] bridge_slave_1: entered promiscuous mode [ 69.236268][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.268558][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.304744][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.312217][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.338635][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.385242][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.392691][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.399859][ T5765] bridge_slave_0: entered allmulticast mode [ 69.407222][ T5765] bridge_slave_0: entered promiscuous mode [ 69.415150][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.422416][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.448409][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.461929][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.476369][ T5769] team0: Port device team_slave_0 added [ 69.482625][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.489792][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.497786][ T5765] bridge_slave_1: entered allmulticast mode [ 69.504886][ T5765] bridge_slave_1: entered promiscuous mode [ 69.532811][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.545851][ T5769] team0: Port device team_slave_1 added [ 69.601380][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.626843][ T5766] hsr_slave_0: entered promiscuous mode [ 69.633754][ T5766] hsr_slave_1: entered promiscuous mode [ 69.656312][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.663504][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.689786][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.702903][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.709875][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.736225][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.749675][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.776657][ T5767] team0: Port device team_slave_0 added [ 69.788805][ T5767] team0: Port device team_slave_1 added [ 69.834958][ T5765] team0: Port device team_slave_0 added [ 69.844212][ T5765] team0: Port device team_slave_1 added [ 69.899180][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.908589][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.935005][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.977231][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.984324][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.011403][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.023592][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.030747][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.057334][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.073242][ T5769] hsr_slave_0: entered promiscuous mode [ 70.079680][ T5769] hsr_slave_1: entered promiscuous mode [ 70.086832][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.095548][ T5769] Cannot create hsr debugfs directory [ 70.127144][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.134310][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.160562][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.221438][ T5083] Bluetooth: hci3: command tx timeout [ 70.222724][ T51] Bluetooth: hci1: command tx timeout [ 70.249115][ T5765] hsr_slave_0: entered promiscuous mode [ 70.256265][ T5765] hsr_slave_1: entered promiscuous mode [ 70.262517][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.270166][ T5765] Cannot create hsr debugfs directory [ 70.301547][ T51] Bluetooth: hci0: command tx timeout [ 70.301562][ T5083] Bluetooth: hci2: command tx timeout [ 70.359164][ T5767] hsr_slave_0: entered promiscuous mode [ 70.365456][ T5767] hsr_slave_1: entered promiscuous mode [ 70.372322][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.379946][ T5767] Cannot create hsr debugfs directory [ 70.585874][ T5766] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.597837][ T5766] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.614132][ T5766] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.627785][ T5766] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.731285][ T5769] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.741567][ T5769] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.761962][ T5769] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.796296][ T5769] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.849603][ T5767] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.868903][ T5767] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.900082][ T5767] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.933467][ T5767] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.978858][ T5765] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.988613][ T5765] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.998492][ T5765] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.009225][ T5765] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.070035][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.146453][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.156777][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.198681][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.210269][ T146] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.217612][ T146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.252766][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.259894][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.269951][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.277103][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.288599][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.295739][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.400024][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.426805][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.456630][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.505506][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.529962][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.537226][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.586161][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.593308][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.612953][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.620131][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.642725][ T146] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.649864][ T146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.669448][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.676372][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.895018][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.037446][ T5766] veth0_vlan: entered promiscuous mode [ 72.066404][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.098827][ T5766] veth1_vlan: entered promiscuous mode [ 72.197805][ T5766] veth0_macvtap: entered promiscuous mode [ 72.208030][ T5766] veth1_macvtap: entered promiscuous mode [ 72.254620][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.285026][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.300322][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.307387][ T51] Bluetooth: hci3: command tx timeout [ 72.311967][ T51] Bluetooth: hci1: command tx timeout [ 72.324223][ T5769] veth0_vlan: entered promiscuous mode [ 72.340750][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.366473][ T5766] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.379300][ T5766] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.388476][ T51] Bluetooth: hci2: command tx timeout [ 72.391914][ T51] Bluetooth: hci0: command tx timeout [ 72.395467][ T5766] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.408382][ T5766] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.446358][ T5769] veth1_vlan: entered promiscuous mode [ 72.523341][ T5767] veth0_vlan: entered promiscuous mode [ 72.570105][ T5765] veth0_vlan: entered promiscuous mode [ 72.604153][ T5769] veth0_macvtap: entered promiscuous mode [ 72.614108][ T5767] veth1_vlan: entered promiscuous mode [ 72.627715][ T5765] veth1_vlan: entered promiscuous mode [ 72.629051][ T2992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.639358][ T5769] veth1_macvtap: entered promiscuous mode [ 72.651812][ T2992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.715625][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.726980][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.739729][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.756595][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.767036][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.777979][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.785461][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.800046][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.812129][ T5769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.821608][ T5769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.830339][ T5769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.839787][ T5769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.888481][ T5767] veth0_macvtap: entered promiscuous mode [ 72.899172][ T5765] veth0_macvtap: entered promiscuous mode [ 72.920262][ T5767] veth1_macvtap: entered promiscuous mode [ 72.932675][ T5765] veth1_macvtap: entered promiscuous mode [ 72.987076][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.997792][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.008432][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.019506][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.032673][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.046574][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.057687][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.070769][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.086231][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.111090][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.122627][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.137863][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.168423][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.189133][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.208093][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.220824][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.236662][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.272498][ T5765] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.287771][ T5765] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.297207][ T5765] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.310761][ T5765] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.331309][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.342953][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.357552][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.368784][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.379200][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.390157][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.407480][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.437318][ T5767] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.446820][ T5767] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.457048][ T5767] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.466682][ T5767] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.487393][ T146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.500823][ T146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.635119][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.683291][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.683973][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.715607][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.836361][ T5874] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5'. [ 73.924759][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.932777][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.940715][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.985270][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.076575][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.104210][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.382710][ T51] Bluetooth: hci1: command tx timeout [ 74.388478][ T51] Bluetooth: hci3: command tx timeout [ 74.462282][ T5083] Bluetooth: hci0: command tx timeout [ 74.468172][ T5772] Bluetooth: hci2: command tx timeout [ 74.730024][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7'. [ 74.749913][ T5884] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7'. [ 74.808079][ T28] audit: type=1326 audit(1768337631.403:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 74.891085][ T28] audit: type=1326 audit(1768337631.403:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 74.971042][ T28] audit: type=1326 audit(1768337631.433:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 74.988325][ T5890] netlink: 'syz.2.10': attribute type 1 has an invalid length. [ 75.018276][ T5890] netlink: 'syz.2.10': attribute type 2 has an invalid length. [ 75.029207][ T5890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10'. [ 75.059791][ T28] audit: type=1326 audit(1768337631.433:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 75.138089][ T28] audit: type=1326 audit(1768337631.433:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 75.205065][ T5899] syz.2.14[5899]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 75.237488][ T28] audit: type=1326 audit(1768337631.433:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 75.256130][ T5901] loop3: detected capacity change from 0 to 512 [ 75.276914][ T5899] loop2: detected capacity change from 0 to 512 [ 75.293749][ T28] audit: type=1326 audit(1768337631.433:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 75.349318][ T5901] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 75.371221][ T28] audit: type=1326 audit(1768337631.433:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 75.420265][ T5899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.444489][ T28] audit: type=1326 audit(1768337631.433:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 75.467038][ T28] audit: type=1326 audit(1768337631.433:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5887 comm="syz.0.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ddb8f749 code=0x7ffc0000 [ 75.491631][ T5901] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 75.499813][ T5901] EXT4-fs (loop3): orphan cleanup on readonly fs [ 75.519867][ T5899] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.629287][ T5901] EXT4-fs error (device loop3): ext4_do_update_inode:5248: inode #16: comm syz.3.15: corrupted inode contents [ 75.679552][ T5901] EXT4-fs (loop3): Remounting filesystem read-only [ 75.693381][ T5901] EXT4-fs (loop3): 1 truncate cleaned up [ 75.722978][ T2975] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 75.761910][ T2975] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 75.781181][ T2975] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 75.808501][ T5901] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.034651][ T5765] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.086601][ T5914] process 'syz.0.17' launched './file0' with NULL argv: empty string added [ 76.795630][ T51] Bluetooth: hci1: command tx timeout [ 76.795869][ T5083] Bluetooth: hci3: command tx timeout [ 76.811111][ T5772] Bluetooth: hci0: command tx timeout [ 76.811286][ T5780] Bluetooth: hci2: command tx timeout [ 76.994952][ T5924] loop0: detected capacity change from 0 to 128 [ 77.032416][ T5924] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 77.097328][ T5924] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.220418][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.259442][ T5769] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 77.528120][ T5932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23'. [ 77.933822][ T5939] loop1: detected capacity change from 0 to 128 [ 77.950942][ T5939] ======================================================= [ 77.950942][ T5939] WARNING: The mand mount option has been deprecated and [ 77.950942][ T5939] and is ignored by this kernel. Remove the mand [ 77.950942][ T5939] option from the mount to silence this warning. [ 77.950942][ T5939] ======================================================= [ 78.714248][ T5951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29'. [ 78.790454][ T5953] syzkaller0: entered promiscuous mode [ 78.799077][ T5954] capability: warning: `syz.1.29' uses 32-bit capabilities (legacy support in use) [ 78.810812][ T5953] syzkaller0: entered allmulticast mode [ 79.290256][ T5965] netlink: 96 bytes leftover after parsing attributes in process `syz.1.34'. [ 79.468992][ T5972] netlink: 28 bytes leftover after parsing attributes in process `syz.1.37'. [ 79.478152][ T5972] netlink: 108 bytes leftover after parsing attributes in process `syz.1.37'. [ 79.490580][ T5972] netlink: 28 bytes leftover after parsing attributes in process `syz.1.37'. [ 79.502538][ T5972] netlink: 108 bytes leftover after parsing attributes in process `syz.1.37'. [ 79.516058][ T5972] netlink: 84 bytes leftover after parsing attributes in process `syz.1.37'. [ 79.635521][ T5974] loop1: detected capacity change from 0 to 2048 [ 79.675619][ T5974] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.789525][ T5974] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 79.835532][ T5974] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28 [ 79.855283][ T5974] EXT4-fs (loop1): This should not happen!! Data will be lost [ 79.855283][ T5974] [ 79.879296][ T5974] EXT4-fs (loop1): Total free blocks count 0 [ 79.895049][ T5974] EXT4-fs (loop1): Free/Dirty block details [ 79.908098][ T5974] EXT4-fs (loop1): free_blocks=2415919104 [ 79.918153][ T5974] EXT4-fs (loop1): dirty_blocks=32 [ 79.923855][ T5974] EXT4-fs (loop1): Block reservation details [ 79.930305][ T5974] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 80.005553][ T5766] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.142847][ T5981] loop3: detected capacity change from 0 to 1024 [ 80.160509][ T5981] EXT4-fs: Ignoring removed nobh option [ 80.179764][ T5981] EXT4-fs: inline encryption not supported [ 80.220689][ T5981] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.288411][ T5981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.368185][ T28] kauditd_printk_skb: 294 callbacks suppressed [ 80.368199][ T28] audit: type=1326 audit(1768337636.963:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.404359][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.467807][ T28] audit: type=1326 audit(1768337636.963:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.536514][ T5995] netlink: 96 bytes leftover after parsing attributes in process `syz.1.45'. [ 80.556793][ T28] audit: type=1326 audit(1768337636.963:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.598990][ T28] audit: type=1326 audit(1768337636.963:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.627905][ T28] audit: type=1326 audit(1768337636.963:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.687692][ T28] audit: type=1326 audit(1768337636.963:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.734073][ T28] audit: type=1326 audit(1768337636.963:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.779017][ T28] audit: type=1326 audit(1768337636.963:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.806439][ T28] audit: type=1326 audit(1768337636.963:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 80.843027][ T28] audit: type=1326 audit(1768337636.963:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.3.41" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1a5b18f749 code=0x7ffc0000 [ 81.186567][ T6014] netlink: 'syz.0.48': attribute type 21 has an invalid length. [ 81.230223][ T6014] netlink: 'syz.0.48': attribute type 1 has an invalid length. [ 81.325825][ T6014] netlink: 144 bytes leftover after parsing attributes in process `syz.0.48'. [ 82.083952][ T9] cfg80211: failed to load regulatory.db [ 82.489875][ T5999] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 82.497128][ T5999] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 82.509363][ T5999] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 82.525338][ T5999] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 82.531479][ T5999] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 82.539513][ T5999] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 82.630300][ T5999] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 82.637859][ T5999] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 82.655625][ T5999] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 82.673205][ T5999] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 82.679227][ T5999] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 82.689985][ T5999] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 82.781075][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 83.571454][ T6047] netlink: 96 bytes leftover after parsing attributes in process `syz.3.57'. [ 83.638773][ T6051] netlink: 'syz.0.58': attribute type 3 has an invalid length. [ 83.662540][ T6051] netlink: 'syz.0.58': attribute type 1 has an invalid length. [ 83.711026][ T6051] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.58'. [ 84.146150][ T6071] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 84.509025][ T6087] loop1: detected capacity change from 0 to 1764 [ 84.548375][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 84.617816][ T5783] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 84.644166][ T6091] netlink: 96 bytes leftover after parsing attributes in process `syz.3.70'. [ 84.701625][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 84.707733][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 84.863139][ T5780] Bluetooth: hci0: command 0x0c1a tx timeout [ 85.028588][ T6102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.75'. [ 85.081875][ T6102] veth0_macvtap: left promiscuous mode [ 85.706736][ T6118] netlink: 96 bytes leftover after parsing attributes in process `syz.2.81'. [ 85.856360][ T6124] bond_slave_0: entered promiscuous mode [ 85.862412][ T6124] bond_slave_1: entered promiscuous mode [ 85.911745][ T6124] macvtap1: entered allmulticast mode [ 85.927024][ T6124] bond0: entered allmulticast mode [ 85.951308][ T6124] bond_slave_0: entered allmulticast mode [ 85.957102][ T6124] bond_slave_1: entered allmulticast mode [ 85.990451][ T6124] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 86.012417][ T6124] batman_adv: batadv0: Adding interface: macvtap1 [ 86.027297][ T6124] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.070294][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 86.070307][ T28] audit: type=1326 audit(1768337642.663:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 86.133864][ T6124] batman_adv: batadv0: Interface activated: macvtap1 [ 86.141682][ T28] audit: type=1326 audit(1768337642.663:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 86.164789][ T28] audit: type=1326 audit(1768337642.663:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 86.189282][ T28] audit: type=1326 audit(1768337642.663:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 86.601161][ T28] audit: type=1326 audit(1768337642.663:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 86.639579][ T5780] Bluetooth: hci1: command 0x0c1a tx timeout [ 86.806939][ T6131] loop1: detected capacity change from 0 to 1024 [ 86.841247][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 86.848423][ T5780] Bluetooth: hci3: command 0x0c1a tx timeout [ 86.876353][ T28] audit: type=1326 audit(1768337642.663:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 86.924844][ T28] audit: type=1326 audit(1768337642.663:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 86.947152][ T5780] Bluetooth: hci0: command 0x0c1a tx timeout [ 86.967082][ T6131] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.004302][ T28] audit: type=1326 audit(1768337642.663:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 87.054996][ T6128] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2852: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 87.173790][ T28] audit: type=1326 audit(1768337642.713:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 87.221114][ T28] audit: type=1326 audit(1768337642.783:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6127 comm="syz.1.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe471b8f749 code=0x7ffc0000 [ 87.298428][ T6147] syz_tun: refused to change device tx_queue_len [ 87.314162][ T5766] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.470380][ T6150] netlink: 96 bytes leftover after parsing attributes in process `syz.0.93'. [ 87.670349][ T6156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.95'. [ 87.691086][ T6156] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.698730][ T6156] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.727808][ T6156] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.740499][ T6158] Illegal XDP return value 4294967274 on prog (id 54) dev N/A, expect packet loss! [ 87.745420][ T6156] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.785690][ T6156] batman_adv: batadv0: Interface deactivated: macvtap1 [ 87.801784][ T6156] batman_adv: batadv0: Removing interface: macvtap1 [ 88.184642][ T6166] netlink: 140 bytes leftover after parsing attributes in process `syz.0.99'. [ 88.236830][ T6169] syz.2.100 uses obsolete (PF_INET,SOCK_PACKET) [ 88.332214][ T6174] syz.0.102[6174] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.332349][ T6174] syz.0.102[6174] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.576868][ T6180] netlink: 28 bytes leftover after parsing attributes in process `syz.2.105'. [ 88.614509][ T6180] netlink: 108 bytes leftover after parsing attributes in process `syz.2.105'. [ 88.626071][ T6180] netlink: 28 bytes leftover after parsing attributes in process `syz.2.105'. [ 88.637895][ T6180] netlink: 108 bytes leftover after parsing attributes in process `syz.2.105'. [ 88.701150][ T5780] Bluetooth: hci1: command 0x0c1a tx timeout [ 88.861524][ T5780] Bluetooth: hci3: command 0x0c1a tx timeout [ 88.867923][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 88.981829][ T6187] netlink: 'syz.2.110': attribute type 29 has an invalid length. [ 89.603682][ T6204] macvtap0: refused to change device tx_queue_len [ 90.026606][ T6218] __nla_validate_parse: 1 callbacks suppressed [ 90.026621][ T6218] netlink: 96 bytes leftover after parsing attributes in process `syz.0.120'. [ 90.336822][ T6221] usb usb9: usbfs: process 6221 (syz.0.121) did not claim interface 0 before use [ 90.488634][ T6226] loop2: detected capacity change from 0 to 512 [ 90.578741][ T6226] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 90.624500][ T6226] EXT4-fs (loop2): orphan cleanup on readonly fs [ 90.638536][ T6234] loop1: detected capacity change from 0 to 512 [ 90.644942][ T6226] EXT4-fs warning (device loop2): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 90.645087][ T6226] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 90.655082][ T6226] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #16: comm syz.2.123: corrupted inode contents [ 90.724480][ T6234] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 90.742687][ T6226] EXT4-fs error (device loop2): ext4_dirty_inode:6124: inode #16: comm syz.2.123: mark_inode_dirty error [ 90.756204][ T6234] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 90.786645][ T6226] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #16: comm syz.2.123: corrupted inode contents [ 90.809607][ T6234] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.124: Corrupt directory, running e2fsck is recommended [ 90.837413][ T6226] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.123: mark_inode_dirty error [ 90.860348][ T6226] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #16: comm syz.2.123: corrupted inode contents [ 90.877009][ T6234] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 90.911168][ T6234] EXT4-fs error (device loop1): ext4_iget_extra_inode:4732: inode #15: comm syz.1.124: corrupted in-inode xattr: e_name out of bounds [ 90.914856][ T6226] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 90.938832][ T6234] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.124: couldn't read orphan inode 15 (err -117) [ 90.966679][ T6226] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #16: comm syz.2.123: corrupted inode contents [ 90.984290][ T6234] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.012089][ T6226] EXT4-fs error (device loop2): ext4_truncate:4294: inode #16: comm syz.2.123: mark_inode_dirty error [ 91.033403][ T6226] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 91.058568][ T6226] EXT4-fs (loop2): 1 truncate cleaned up [ 91.076215][ T6226] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 91.105001][ T6246] netlink: 124 bytes leftover after parsing attributes in process `syz.0.126'. [ 91.137178][ T6246] netlink: 16 bytes leftover after parsing attributes in process `syz.0.126'. [ 91.168514][ T5766] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.247875][ T5765] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.413937][ T6253] netlink: 96 bytes leftover after parsing attributes in process `syz.0.129'. [ 91.581977][ T6256] program syz.3.130 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 91.873193][ T6266] loop2: detected capacity change from 0 to 128 [ 92.820471][ T6283] loop3: detected capacity change from 0 to 2048 [ 92.960289][ T6283] Alternate GPT is invalid, using primary GPT. [ 92.984295][ T6283] loop3: p2 p3 p7 [ 93.434852][ T5784] udevd[5784]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 93.435098][ T5783] udevd[5783]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 93.465708][ T5768] udevd[5768]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 94.051810][ T6320] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.362435][ T6329] loop1: detected capacity change from 0 to 512 [ 94.422853][ T6329] ------------[ cut here ]------------ [ 94.428708][ T6329] EA inode 11 i_nlink=2 [ 94.438921][ T6329] WARNING: CPU: 0 PID: 6329 at fs/ext4/xattr.c:1058 ext4_xattr_inode_update_ref+0x4fb/0x550 [ 94.454037][ T6329] Modules linked in: [ 94.458000][ T6329] CPU: 0 PID: 6329 Comm: syz.1.148 Not tainted syzkaller #0 [ 94.466278][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 94.476453][ T6329] RIP: 0010:ext4_xattr_inode_update_ref+0x4fb/0x550 [ 94.483556][ T6329] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 f6 20 9a ff 49 8b 37 48 c7 c7 60 c7 be 8a 89 da e8 c5 12 0d ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 b9 fe ff ff e8 0f 0c 25 08 [ 94.504834][ T6329] RSP: 0018:ffffc9000c7df1a0 EFLAGS: 00010246 [ 94.511219][ T6329] RAX: 3940f48526c97100 RBX: 0000000000000002 RCX: 0000000000080000 [ 94.519237][ T6329] RDX: ffffc9000cc91000 RSI: 0000000000034a0b RDI: 0000000000034a0c [ 94.527476][ T6329] RBP: ffffc9000c7df290 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 94.535873][ T6329] R10: dffffc0000000000 R11: ffffed10171e5183 R12: dffffc0000000000 [ 94.544280][ T6329] R13: ffff88805e2168a8 R14: ffff88805e2166b0 R15: ffff88805e216700 [ 94.552354][ T6329] FS: 00007fe472a2a6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 94.561400][ T6329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.568127][ T6329] CR2: 0000001b2d620ff8 CR3: 000000005e6c9000 CR4: 00000000003506f0 [ 94.576290][ T6329] Call Trace: [ 94.579619][ T6329] [ 94.582650][ T6329] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 94.588350][ T6329] ? ext4_xattr_inode_iget+0x3df/0x600 [ 94.594996][ T6329] ? __might_sleep+0xe0/0xe0 [ 94.599967][ T6329] ext4_xattr_set_entry+0xcda/0x1e90 [ 94.605508][ T6329] ext4_xattr_ibody_set+0x254/0x6a0 [ 94.610893][ T6329] ext4_expand_extra_isize_ea+0x13a3/0x1e90 [ 94.616868][ T6329] __ext4_expand_extra_isize+0x306/0x400 [ 94.622641][ T6329] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 94.628132][ T6329] ext4_evict_inode+0x7ed/0xea0 [ 94.633047][ T6329] ? _raw_spin_unlock+0x28/0x40 [ 94.637948][ T6329] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 94.645190][ T6329] ? do_raw_spin_unlock+0x121/0x230 [ 94.650449][ T6329] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 94.656518][ T6329] evict+0x486/0x870 [ 94.660459][ T6329] ? __lock_acquire+0x7c80/0x7c80 [ 94.665595][ T6329] ? proc_nr_inodes+0x230/0x230 [ 94.670484][ T6329] ? do_raw_spin_unlock+0x121/0x230 [ 94.675800][ T6329] ? _raw_spin_unlock+0x28/0x40 [ 94.680698][ T6329] ? iput+0x70a/0x920 [ 94.684814][ T6329] ext4_orphan_cleanup+0xbd4/0x1400 [ 94.690067][ T6329] ? do_raw_spin_unlock+0x121/0x230 [ 94.696766][ T6329] ? ext4_orphan_del+0xba0/0xba0 [ 94.702478][ T6329] ? ext4_register_li_request+0x183/0x940 [ 94.708251][ T6329] ? errseq_check_and_advance+0x66/0x120 [ 94.714114][ T6329] ext4_fill_super+0x5e29/0x66f0 [ 94.719120][ T6329] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 94.725541][ T6329] ? __might_sleep+0xe0/0xe0 [ 94.730204][ T6329] ? read_lock_is_recursive+0x20/0x20 [ 94.735737][ T6329] ? snprintf+0xdb/0x120 [ 94.740034][ T6329] ? vscnprintf+0x80/0x80 [ 94.744569][ T6329] ? down_read_killable+0x340/0x340 [ 94.749906][ T6329] ? setup_bdev_super+0x56b/0x660 [ 94.755022][ T6329] get_tree_bdev+0x3e4/0x510 [ 94.759652][ T6329] ? vfs_parse_fs_string+0x160/0x160 [ 94.765154][ T6329] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 94.771497][ T6329] ? setup_bdev_super+0x660/0x660 [ 94.776571][ T6329] ? apparmor_capable+0x137/0x1a0 [ 94.781712][ T6329] ? bpf_lsm_capable+0x9/0x10 [ 94.786436][ T6329] ? security_capable+0x89/0xb0 [ 94.791373][ T6329] vfs_get_tree+0x8c/0x280 [ 94.797193][ T6329] do_new_mount+0x24b/0xa40 [ 94.802048][ T6329] __se_sys_mount+0x2da/0x3c0 [ 94.806862][ T6329] ? __x64_sys_mount+0xc0/0xc0 [ 94.811717][ T6329] ? lockdep_hardirqs_on+0x98/0x150 [ 94.817043][ T6329] ? __x64_sys_mount+0x20/0xc0 [ 94.821922][ T6329] do_syscall_64+0x55/0xb0 [ 94.826382][ T6329] ? clear_bhb_loop+0x40/0x90 [ 94.831185][ T6329] ? clear_bhb_loop+0x40/0x90 [ 94.835914][ T6329] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 94.842020][ T6329] RIP: 0033:0x7fe471b90eea [ 94.846490][ T6329] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.866537][ T6329] RSP: 002b:00007fe472a29e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 94.875180][ T6329] RAX: ffffffffffffffda RBX: 00007fe472a29ef0 RCX: 00007fe471b90eea [ 94.883307][ T6329] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fe472a29eb0 [ 94.891356][ T6329] RBP: 0000200000000180 R08: 00007fe472a29ef0 R09: 0000000000800700 [ 94.900844][ T6329] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 94.909160][ T6329] R13: 00007fe472a29eb0 R14: 000000000000046f R15: 000000000000002c [ 94.917236][ T6329] [ 94.920286][ T6329] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 94.927587][ T6329] CPU: 0 PID: 6329 Comm: syz.1.148 Not tainted syzkaller #0 [ 94.934905][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 94.944996][ T6329] Call Trace: [ 94.948299][ T6329] [ 94.951257][ T6329] dump_stack_lvl+0x16c/0x230 [ 94.955973][ T6329] ? show_regs_print_info+0x20/0x20 [ 94.961207][ T6329] ? load_image+0x3b0/0x3b0 [ 94.965764][ T6329] panic+0x2c0/0x710 [ 94.969703][ T6329] ? bpf_jit_dump+0xd0/0xd0 [ 94.974262][ T6329] __warn+0x2e0/0x470 [ 94.978392][ T6329] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 94.984419][ T6329] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 94.990459][ T6329] report_bug+0x2be/0x4f0 [ 94.994822][ T6329] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 95.000850][ T6329] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 95.006861][ T6329] ? ext4_xattr_inode_update_ref+0x4fd/0x550 [ 95.012856][ T6329] handle_bug+0xcf/0x120 [ 95.017386][ T6329] exc_invalid_op+0x1a/0x50 [ 95.021926][ T6329] asm_exc_invalid_op+0x1a/0x20 [ 95.026821][ T6329] RIP: 0010:ext4_xattr_inode_update_ref+0x4fb/0x550 [ 95.033417][ T6329] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 f6 20 9a ff 49 8b 37 48 c7 c7 60 c7 be 8a 89 da e8 c5 12 0d ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 b9 fe ff ff e8 0f 0c 25 08 [ 95.053214][ T6329] RSP: 0018:ffffc9000c7df1a0 EFLAGS: 00010246 [ 95.059286][ T6329] RAX: 3940f48526c97100 RBX: 0000000000000002 RCX: 0000000000080000 [ 95.067251][ T6329] RDX: ffffc9000cc91000 RSI: 0000000000034a0b RDI: 0000000000034a0c [ 95.075225][ T6329] RBP: ffffc9000c7df290 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 95.083192][ T6329] R10: dffffc0000000000 R11: ffffed10171e5183 R12: dffffc0000000000 [ 95.091245][ T6329] R13: ffff88805e2168a8 R14: ffff88805e2166b0 R15: ffff88805e216700 [ 95.099230][ T6329] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 95.104961][ T6329] ? ext4_xattr_inode_iget+0x3df/0x600 [ 95.110442][ T6329] ? __might_sleep+0xe0/0xe0 [ 95.115059][ T6329] ext4_xattr_set_entry+0xcda/0x1e90 [ 95.120376][ T6329] ext4_xattr_ibody_set+0x254/0x6a0 [ 95.125587][ T6329] ext4_expand_extra_isize_ea+0x13a3/0x1e90 [ 95.131558][ T6329] __ext4_expand_extra_isize+0x306/0x400 [ 95.137205][ T6329] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 95.142681][ T6329] ext4_evict_inode+0x7ed/0xea0 [ 95.147539][ T6329] ? _raw_spin_unlock+0x28/0x40 [ 95.152398][ T6329] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 95.158292][ T6329] ? do_raw_spin_unlock+0x121/0x230 [ 95.163488][ T6329] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 95.169378][ T6329] evict+0x486/0x870 [ 95.173375][ T6329] ? __lock_acquire+0x7c80/0x7c80 [ 95.178462][ T6329] ? proc_nr_inodes+0x230/0x230 [ 95.183326][ T6329] ? do_raw_spin_unlock+0x121/0x230 [ 95.188535][ T6329] ? _raw_spin_unlock+0x28/0x40 [ 95.193525][ T6329] ? iput+0x70a/0x920 [ 95.197511][ T6329] ext4_orphan_cleanup+0xbd4/0x1400 [ 95.202711][ T6329] ? do_raw_spin_unlock+0x121/0x230 [ 95.207920][ T6329] ? ext4_orphan_del+0xba0/0xba0 [ 95.212859][ T6329] ? ext4_register_li_request+0x183/0x940 [ 95.218585][ T6329] ? errseq_check_and_advance+0x66/0x120 [ 95.224216][ T6329] ext4_fill_super+0x5e29/0x66f0 [ 95.229173][ T6329] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 95.235440][ T6329] ? __might_sleep+0xe0/0xe0 [ 95.240027][ T6329] ? read_lock_is_recursive+0x20/0x20 [ 95.245392][ T6329] ? snprintf+0xdb/0x120 [ 95.249655][ T6329] ? vscnprintf+0x80/0x80 [ 95.253986][ T6329] ? down_read_killable+0x340/0x340 [ 95.259184][ T6329] ? setup_bdev_super+0x56b/0x660 [ 95.264201][ T6329] get_tree_bdev+0x3e4/0x510 [ 95.268789][ T6329] ? vfs_parse_fs_string+0x160/0x160 [ 95.274106][ T6329] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 95.280362][ T6329] ? setup_bdev_super+0x660/0x660 [ 95.285404][ T6329] ? apparmor_capable+0x137/0x1a0 [ 95.290423][ T6329] ? bpf_lsm_capable+0x9/0x10 [ 95.295096][ T6329] ? security_capable+0x89/0xb0 [ 95.299946][ T6329] vfs_get_tree+0x8c/0x280 [ 95.304446][ T6329] do_new_mount+0x24b/0xa40 [ 95.308955][ T6329] __se_sys_mount+0x2da/0x3c0 [ 95.313632][ T6329] ? __x64_sys_mount+0xc0/0xc0 [ 95.318391][ T6329] ? lockdep_hardirqs_on+0x98/0x150 [ 95.323585][ T6329] ? __x64_sys_mount+0x20/0xc0 [ 95.328346][ T6329] do_syscall_64+0x55/0xb0 [ 95.332854][ T6329] ? clear_bhb_loop+0x40/0x90 [ 95.337527][ T6329] ? clear_bhb_loop+0x40/0x90 [ 95.342639][ T6329] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 95.348527][ T6329] RIP: 0033:0x7fe471b90eea [ 95.352942][ T6329] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.372564][ T6329] RSP: 002b:00007fe472a29e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 95.381065][ T6329] RAX: ffffffffffffffda RBX: 00007fe472a29ef0 RCX: 00007fe471b90eea [ 95.389036][ T6329] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fe472a29eb0 [ 95.397000][ T6329] RBP: 0000200000000180 R08: 00007fe472a29ef0 R09: 0000000000800700 [ 95.404962][ T6329] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 95.412931][ T6329] R13: 00007fe472a29eb0 R14: 000000000000046f R15: 000000000000002c [ 95.420924][ T6329] [ 95.424324][ T6329] Kernel Offset: disabled [ 95.428740][ T6329] Rebooting in 86400 seconds..