last executing test programs: 46.672831173s ago: executing program 2 (id=118): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x12141, 0x0) 45.6743188s ago: executing program 2 (id=122): r0 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000780)="a112", 0x2}], 0x2}, 0x400c010) 44.958439465s ago: executing program 2 (id=125): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000054850000000400000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x64, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_DEV={0x14, 0x3, 'netdevsim0\x00'}]}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14}}, 0xac}}, 0x0) 43.882564954s ago: executing program 2 (id=128): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'syzkaller1\x00', {0x4}, 0x1}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 41.645061003s ago: executing program 2 (id=131): mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) stat(0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x10e, &(0x7f0000000280)={[{@init_itable_val={'init_itable', 0x3d, 0x957}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@stripe={'stripe', 0x3d, 0x8}}, {@orlov}, {@errors_remount}]}, 0x4, 0x46b, &(0x7f00000009c0)="$eJzs289vFFUcAPDvTFt+IxXxBz/UKhobf2yhgHLwotHEgyYmXvBY20KQhRpaEyFE0Rg8GhITj8ajiX+BJ70Y9WTiVe+GhBguoqcxsztDd9fttsC2A93PJ9nueztv9r3vvHm7b+Z1AxhYY/mfJGJbRPweETua2fYCY82n69cuTP9z7cJ0Eln21l9Jo9zf1y5Ml0XL/bYWmfE0Iv00ib1d6p0/d/7UVL0+e7bITyycfm9i/tz5506enjoxe2L2zOTRo4cPHXzh+ckjfYnz3rytez6c27f7tbcvvzF97PI7P3+blPF3xNEnY702Ppllfa6uWttb0snwCnYYWsXGsGJ5N+TdNdIY/ztiKBY7b0e8+kmljQNWVVZYYvPFDFjHkqi6BUA1yi/6/Pq3fKzd7KN6V19qXgDlcV8vHs0tw5EWZUY6rm/7aSwijl3896v8EatzHwIAoM33+fzn2W7zvzQeaCl3T2xsrA2NFmspOyPivojYFRH3RzTKPhgRD3WrpMeCQOciyf/nP+mVW49uefn878Vibat9/lfO/mJ0qMhtb8R/JI2ozx5oHJOI8RjZePxkffZgjzp+eOW3z5fa1jr/yx95/eVcsGjHleGN7fvMTC1M3U7Mra5+HLFnuFv8yY2VgCQidkfEnlus4+TT3+xbatvy8fewknWmZWRfRzzV7P+L0RF/Kem9PjmxKT8fJvKz4EDXOn759dKbS9V/W/H3Qd7/W7qe/zfiH01a12vnb+bdm6P70h+fLXlNU7ul83/xhQ3F8wdTCwtnD0ZsSF5vNrr19cnFfct8WT6Pf3x/9/G/MxaPxN6IyE/ihyPikYh4tIjusYh4PCL29zgKP738xLu9jlD3+Df1eMf+yeOf6ej/0fYiHf2/mNgQna90Twyd+vG79ndcSfylvP8PN1LjxSuNz78ve8e1knbd7NkMAAAAd6s0IrZFktZupNO0Vmv+D/+u2JLW5+YXnjk+9/6ZmeZvBEZjJC3vdDXvB48k5f3P0Zb8ZEf+UHHf+IuhzY18bXquPlN18DDgtraO//KWb6359KffaMD614d1NOAuZfzD4DL+YXAZ/zC4uoz/zVW0A1h73b7/P6qgHcDa6xj/lv1ggLj+h8E1HFlSdRuAarR+//sggIExvzmW/5H8ekhkWZbdAc1YP4lI74hm9CeRrPIo2FZ1gDefqPqTCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD/+CwAA//9lEuuH") getdents(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) pread64(r3, 0x0, 0x0, 0x9) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) 39.427586026s ago: executing program 2 (id=134): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000024f75d2d58510000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$xdp(0x2c, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x400000000000004) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) poll(&(0x7f0000000000)=[{r2, 0x4}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, './file0\x00'}}) 24.152101612s ago: executing program 32 (id=134): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000024f75d2d58510000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$xdp(0x2c, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x400000000000004) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) poll(&(0x7f0000000000)=[{r2, 0x4}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, './file0\x00'}}) 6.930345711s ago: executing program 3 (id=251): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'syzkaller1\x00', {0x4}, 0x1}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 6.522632219s ago: executing program 4 (id=253): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x50, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x80000001}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)=@newtaction={0xf8, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xe4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x5, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x6}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_bpf={0x2c, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf8}}, 0x0) 5.807162863s ago: executing program 3 (id=256): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) geteuid() 5.642241469s ago: executing program 4 (id=257): r0 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc2}, &(0x7f0000000380)={0x0, "6c4ec4570edf2a8167ea6fd8e54049ff672ddcd7e7bff01afc75ab42c5ec6166740536f246d7c91d4e9767bde1fb61d5f892e2228275d1b78bc583bf458aabf9", 0x34}, 0x48, 0xfffffffffffffffb) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000140)='logon\x00', 0x0) 5.138165358s ago: executing program 4 (id=260): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000000)={0xfffffffffffffffc, 0x12000, 0x1000, 0x0, 0x2}, 0x20) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000002c0)=0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYRESOCT], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000006000000040000000140000001000000", @ANYRES32], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1100000005000000000000000100000008100000", @ANYRES32=r2, @ANYBLOB="2200f5e81a160000000000000010000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000100"/28], 0x50) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r4, &(0x7f0000000900)}, 0x20) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_int(r6, 0x29, 0x4e, 0x0, &(0x7f0000000000)) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000780)={0x30c, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x3a4}, @NL80211_ATTR_FRAME={0x2d, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x2}, @device_a, @device_b, @from_mac, {0xe, 0x4}}, @sp_mp_confirm={0xf, 0x2, {0x400, @random=0xd18d, {0x1, 0x1, [{0xb, 0x1}]}, @val={0x72, 0x6}, @void}}}}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3}], @NL80211_ATTR_FRAME={0x21, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0x8, 0x40}}, @tdls_setup_cfm={0xc, 0x2, {0x25, 0x40}}}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_FRAME={0x285, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7f61}, @device_a, @device_b, @initial, {0x1, 0x7}}, 0x1, 0x2, 0x29, @val={0x10, 0x1, 0x50}, [{0xdd, 0x29, "f3c1c9d531a713c34933ce0c092d5e49dddb94100af4c5a0d0c52e688ceb716c429a9287c91f796e3e"}, {0xdd, 0x63, "9e297d3ea697ac681dcfcd7a59b26da870cfaadd9e30430a6fd08ad96f616d508dc145afce23f35acb021d3d163e7f91f52f552f7a8133ea1ee834444943d5351e6711ce092a46b089b9ef6cc92426e4af41acdf36e7810778405ab1fa7831c11fefd8"}, {0xdd, 0xfd, "58da637f79da84e1f0afc93e77cac09b2559c5a8aa70bd40e589dd3238e695536812156499f53a6407585afabb48b2e3297d08b18558da8a12c98adf555f8efc20685dba30b3f1337face0a8a4961848101685c51e6174ed4fed24cbd82b4037e3976763a5bf5ae81d87997e0a32dc5103f91082f5738602b45eede5c258c3a3be1edc264f42e03b4e3b20d823b628de6f156f4977b11ba1510522b932ec3834225e8125da9085a56d0716914cd51262d19638568e05eaa15169a3618a85d3b9f8a2047b0967c3bd5b67c1cdb691685fc7d2f9af6219b7b242fabc3f4159ad7fed4e74aac1404dc38c3f5177e78e493f5d707fa46c094b9f9f5a5b0180"}, {0xdd, 0xcf, "a8718284ccd7f6e6eb255698d1a10e5926809a4999e0a41e3d6c218b9a8b52149df4495e344654bfb179491476b5dd46fcf19217c9a40f795786515adc24288ad46b4a3b5cc52b12db75165b255d7a2b6da406df784442ec5ac70227239ca8fb2cda1b1a8a93b81a5fe411ca5b37d4ff8bf3bcbebe0f597583f831cca1b80d1efcacb0c1d8da438c7ac0a7f86c052d8488e8d4aa47008aa38deeff43d4907a9f11d132a04fc01e302bbf42157bfbc16adb3622ca59a99c8ed2cc51f46de0e61c579636091bbc6d768cc3d5e6fb1c0d"}]}}]}, 0x30c}, 0x1, 0x0, 0x0, 0x200048c0}, 0x4000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r8, &(0x7f0000001240)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1) 5.058988089s ago: executing program 3 (id=261): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYBLOB="fffffeff000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r2 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x4, 0x0, 0x1, 0x76, 0xc11, 0x7, 0x20000, 0x0, 0xf}}) r3 = socket(0x80000000000000a, 0x2, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000400)=@assoc_value, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000480)={0x1c, r4, 0x62c21a4ade68aba1, 0x0, 0x25dfdbfb, {{0x32}, {@val={0x8, 0x117, 0x56}, @void, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x10, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x44000) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, 0x0, 0x24000001) setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x4e23, 0x2, @mcast1, 0x3ff}}, {{0xa, 0x4e23, 0xfffffffd, @empty, 0x8}}}, 0x108) r5 = socket$netlink(0x10, 0x3, 0x14) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000580)={0x60, 0x1403, 0x1, 0xe00, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_virt_wifi\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x60}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) r7 = ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r8, 0x29, 0x1a, &(0x7f0000000000)=0x9, 0xe7) bind$inet6(r8, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c) listen(r8, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10) ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, r7) 4.98508025s ago: executing program 1 (id=262): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7}}], 0x1, 0x2040000, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000000100)=0xffff, 0x4) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000000380)=[{{&(0x7f0000000640)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000140)=""/144}, {&(0x7f0000000200)=""/230}, {&(0x7f0000000300)=""/86, 0xfffffe94}, {&(0x7f00000003c0)=""/253}, {&(0x7f00000004c0)=""/208}]}, 0x3422a61a}], 0x4000000000003c9, 0x10102, 0x0) 4.446502179s ago: executing program 1 (id=263): socket$inet_udp(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/ipc\x00') unshare(0x24020400) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080), 0x0) 4.402302725s ago: executing program 0 (id=264): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x7c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x4c, 0x2, [@TCA_BASIC_EMATCHES={0x48, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x3c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x28, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_RVALUE={0x7, 0x3, [@TCF_META_TYPE_VAR="043f51"]}, @TCA_EM_META_LVALUE={0x5, 0x2, [@TCF_META_TYPE_VAR='3']}]}}]}]}]}}]}, 0x7c}}, 0x0) 4.03821877s ago: executing program 1 (id=265): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'syzkaller1\x00', {0x4}, 0x1}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 3.744472095s ago: executing program 0 (id=266): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@struct={0x5, 0x0, 0x0, 0xf, 0x0, 0x10}]}, {0x0, [0x0, 0x0, 0x2e, 0x0, 0x61]}}, 0x0, 0x2b, 0x0, 0x9, 0x1000, 0x0, @void, @value}, 0x28) 3.674821564s ago: executing program 3 (id=267): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x1986, &(0x7f0000000140)={0x0, 0xb1a8, 0x10, 0x5}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x0, 0x1}, 0x20) 3.471327981s ago: executing program 4 (id=268): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd, 0xfff2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x800}]}}]}, 0x38}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, 0x0, 0x0) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0xfc, 0x0, 0x1, 0xffffffff}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 3.107837719s ago: executing program 0 (id=269): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='dctcp\x00', 0x6) 1.594721991s ago: executing program 4 (id=270): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x9}]}) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) 1.594218802s ago: executing program 0 (id=271): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000020000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_type(r1, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r2, &(0x7f0000000280), 0x9) r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000c40), 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, 0x0, 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000380), 0x12) socket$inet6_sctp(0xa, 0x1, 0x84) 1.577777618s ago: executing program 1 (id=272): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000780)={[{@bsdgroups}, {@nodiscard}, {@oldalloc}, {@discard}, {@nobarrier}, {@noquota}, {@abort}, {@nodiscard}, {@bh}]}, 0x64, 0x50d, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla") r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000340), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="08010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000080001000000000014000480050003000000000005000300000000000800020001000000d00008800c00078008000600000000002400078008000500000000000800060000000000080005000000000008000600000000003c0007800c000580"], 0x108}}, 0x0) 968.40073ms ago: executing program 3 (id=273): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000840)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000480)={[{@grpjquota}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@discard}, {@grpquota}], [{@seclabel}]}, 0x1, 0x446, &(0x7f0000000d40)="$eJzs28tvG8UfAPDv2kn6/P1qqvLoAwgURMQjadJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSd8QRib+AE1wQcELiCndUqUK5tMDFaOPdxHbttA5ONtSfj7TJzO44M1/vjj07kw2gbw2nP5KIvRHxa0Tsq2ebCwzXf91cXpz6c3lxKola7Y0/kpVyN5YXp/Ki+ev25JmBiNInSRxuU+/8pcvnJqvVmYtZfmzh/Ltj85cuPzN7fvLszNmZCxOnTp04Pv7cyYlnexJnGteNQx/MHTn4yltXX5s6ffXtH79O8vhb4uiR4fUOPl6r9bi6Yv2vIZ0MFNgQulKud9MYXOn/+6IcaydvX7z8caGNAzZVrVar3df58FINuIslUXQLgGLkX/Tp/W++bdHQY1u4/kL9BiiN+2a21Y8MRCkrM9hyf9tLwxFxeumvL9ItNmceAgCgybfp+OfpbPzXtPBTisZ5of9nayiViLgnIvZHxMmIOBAR90aslL0/Ih7osv7WRZJbxz+la13+ya6k47/ns7Wt5vFfPvqLSjni73y4XInB5MxsdeZY9p6MxOCOND++Th3fvfTLZ52ONY7/0i2tPx8LZu24NrCj+TXTkwuT/ybmRtc/ijg00C7+ZHUlIL0sDkbEoQ3WMfvkV0c6Hbt9/M2GGjM9WGeqfRnxRP38L0VL/Llk/fXJsZ1RnTk2ll8Vt/rp5yuvd6q/2/h7LT3/u9te/6vxV5LG9dr57uu48tunHe9pNnr9DyVvNu17f3Jh4eJ4xFDyar3RjfsnWspNrJVP4x852r7/74+1d+JwRKQX8YMR8VBEPJy1/ZGIeDQijq4T/w8vPvZO856ki/g3Vxr/dFfnfy0xFK172ifK577/pqnSSnQRf3r+T6ykRrI9d/L5dyft2tjVDAAAAP89pYjYG0lpdDVdKo2O1v+H/0DsLlXn5heeOjP33oXp+jMClRgs5TNd9fng+nzoeHZbn+cnWvLHs3njz8u7VvKjU3PV6aKDhz63p0P/T/1eLrp1wKbzvBb0L/0f+pf+D/1L/4f+1ab/7yqiHcDWa/f9/2EB7QC2Xkv/t+wHfcT9P/Qv/R/6l/4PfWl+V9z+Ifntmti5PZrRn4koFVd7PkNV+JtwFycK/mACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADokX8CAAD//2Ts5lU=") 886.822038ms ago: executing program 0 (id=274): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000500), &(0x7f0000000540)='%pS \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000080)={0x0, 0x3000040, 0x8, 0x1b, 0xfe, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) 564.910788ms ago: executing program 1 (id=275): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@restrict={0x0, 0x0, 0x0, 0x6, 0x2}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 311.18426ms ago: executing program 3 (id=276): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0}, 0x18) r1 = socket$xdp(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x9000) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) lseek(0xffffffffffffffff, 0x5, 0x3) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x53, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) mq_unlink(0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) syz_clone(0x2c9a4080, 0x0, 0x500, 0x0, 0x0, 0xfffffffffffffffc) 238.12886ms ago: executing program 4 (id=277): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x1, 0x3fa, 0x0, 0x32, 0x2}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x200000, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000040)=0x6, 0x4) sendmmsg(r0, 0x0, 0x0, 0x84004) 64.842894ms ago: executing program 0 (id=278): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000c00000000000000008500000007000000040000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x78, 0x7, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xd}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1) sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) 0s ago: executing program 1 (id=279): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd, 0xfff2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x800}]}}]}, 0x38}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendmsg$inet(r0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0xfc, 0x0, 0x1, 0xffffffff}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.197' (ED25519) to the list of known hosts. [ 187.661807][ T5777] cgroup: Unknown subsys name 'net' [ 187.831553][ T5777] cgroup: Unknown subsys name 'cpuset' [ 187.847430][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 229.799110][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 229.805995][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 239.516144][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 244.879988][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 244.889499][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 244.897732][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 244.907721][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 244.932521][ T5797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 244.941970][ T5797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 244.955556][ T5797] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 244.968431][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 244.968887][ T5803] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 244.978868][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 245.003239][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 245.016229][ T5803] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 245.028584][ T5091] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 245.037104][ T5091] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 245.046589][ T5803] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 245.049860][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 245.064243][ T5803] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 245.065716][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 245.082291][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 245.093181][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 245.096943][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 245.115463][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 245.125661][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 245.155960][ T5797] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 245.168171][ T5797] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 246.463543][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 246.696631][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 247.060666][ T5797] Bluetooth: hci0: command tx timeout [ 247.066361][ T5797] Bluetooth: hci1: command tx timeout [ 247.183607][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 247.225412][ T52] Bluetooth: hci4: command tx timeout [ 247.234150][ T52] Bluetooth: hci3: command tx timeout [ 247.234880][ T5797] Bluetooth: hci2: command tx timeout [ 247.578188][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 247.601842][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.609484][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.618363][ T5793] bridge_slave_0: entered allmulticast mode [ 247.628182][ T5793] bridge_slave_0: entered promiscuous mode [ 247.682403][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 247.764186][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.772984][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.781414][ T5793] bridge_slave_1: entered allmulticast mode [ 247.791346][ T5793] bridge_slave_1: entered promiscuous mode [ 247.916197][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.926300][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.935054][ T5806] bridge_slave_0: entered allmulticast mode [ 247.944766][ T5806] bridge_slave_0: entered promiscuous mode [ 247.976637][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.984591][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.992399][ T5806] bridge_slave_1: entered allmulticast mode [ 248.001924][ T5806] bridge_slave_1: entered promiscuous mode [ 248.051928][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.211304][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.465860][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.483706][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.493155][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.501140][ T5801] bridge_slave_0: entered allmulticast mode [ 248.510691][ T5801] bridge_slave_0: entered promiscuous mode [ 248.529263][ T5793] team0: Port device team_slave_0 added [ 248.552387][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.574638][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.582580][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.590520][ T5801] bridge_slave_1: entered allmulticast mode [ 248.614936][ T5801] bridge_slave_1: entered promiscuous mode [ 248.633870][ T5793] team0: Port device team_slave_1 added [ 248.884299][ T5806] team0: Port device team_slave_0 added [ 248.903527][ T5806] team0: Port device team_slave_1 added [ 249.087218][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.140748][ T5797] Bluetooth: hci1: command tx timeout [ 249.146432][ T5797] Bluetooth: hci0: command tx timeout [ 249.173194][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.181872][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.208301][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.225072][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.232477][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.258914][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.300832][ T5797] Bluetooth: hci3: command tx timeout [ 249.303133][ T5805] Bluetooth: hci4: command tx timeout [ 249.306689][ T5797] Bluetooth: hci2: command tx timeout [ 249.332733][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.344978][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.353043][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.379495][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.428726][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.436544][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.444340][ T5802] bridge_slave_0: entered allmulticast mode [ 249.453713][ T5802] bridge_slave_0: entered promiscuous mode [ 249.465776][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.473511][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.481835][ T5796] bridge_slave_0: entered allmulticast mode [ 249.491498][ T5796] bridge_slave_0: entered promiscuous mode [ 249.537937][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.545675][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.572067][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.654383][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.662307][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.669985][ T5802] bridge_slave_1: entered allmulticast mode [ 249.679923][ T5802] bridge_slave_1: entered promiscuous mode [ 249.688573][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.699489][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.707447][ T5796] bridge_slave_1: entered allmulticast mode [ 249.717044][ T5796] bridge_slave_1: entered promiscuous mode [ 249.837301][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.859565][ T5801] team0: Port device team_slave_0 added [ 249.949383][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.970006][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.997257][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.015994][ T5801] team0: Port device team_slave_1 added [ 250.369237][ T5793] hsr_slave_0: entered promiscuous mode [ 250.378384][ T5793] hsr_slave_1: entered promiscuous mode [ 250.445325][ T5802] team0: Port device team_slave_0 added [ 250.462565][ T5796] team0: Port device team_slave_0 added [ 250.490010][ T5806] hsr_slave_0: entered promiscuous mode [ 250.500953][ T5806] hsr_slave_1: entered promiscuous mode [ 250.510743][ T5806] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 250.518542][ T5806] Cannot create hsr debugfs directory [ 250.527510][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.534946][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.561270][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.633481][ T5802] team0: Port device team_slave_1 added [ 250.648071][ T5796] team0: Port device team_slave_1 added [ 250.707109][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.714659][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.741922][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.153985][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.162728][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.189511][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.203835][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.211409][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.237897][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.238094][ T5797] Bluetooth: hci0: command tx timeout [ 251.254919][ T5805] Bluetooth: hci1: command tx timeout [ 251.272945][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.280141][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.306781][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.367455][ T5801] hsr_slave_0: entered promiscuous mode [ 251.377883][ T5801] hsr_slave_1: entered promiscuous mode [ 251.386950][ T5801] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 251.394898][ T5801] Cannot create hsr debugfs directory [ 251.401889][ T5797] Bluetooth: hci4: command tx timeout [ 251.407528][ T5797] Bluetooth: hci3: command tx timeout [ 251.413566][ T5805] Bluetooth: hci2: command tx timeout [ 251.435701][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.443074][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.469758][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 252.112168][ T5802] hsr_slave_0: entered promiscuous mode [ 252.122419][ T5802] hsr_slave_1: entered promiscuous mode [ 252.131465][ T5802] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 252.139254][ T5802] Cannot create hsr debugfs directory [ 252.196093][ T5796] hsr_slave_0: entered promiscuous mode [ 252.206163][ T5796] hsr_slave_1: entered promiscuous mode [ 252.215012][ T5796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 252.222885][ T5796] Cannot create hsr debugfs directory [ 252.705077][ T5793] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 252.788831][ T5793] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 252.886177][ T5793] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 252.942213][ T5793] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 253.186261][ T5806] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 253.210747][ T5806] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 253.287307][ T5806] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 253.300998][ T5797] Bluetooth: hci0: command tx timeout [ 253.306673][ T5797] Bluetooth: hci1: command tx timeout [ 253.407835][ T5806] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 253.460713][ T5797] Bluetooth: hci3: command tx timeout [ 253.466502][ T52] Bluetooth: hci2: command tx timeout [ 253.472447][ T5805] Bluetooth: hci4: command tx timeout [ 253.601382][ T5801] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 253.660008][ T5801] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 253.692780][ T5801] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 253.767777][ T5801] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 253.807050][ T5796] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 253.845508][ T5796] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 253.958793][ T5796] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 254.035282][ T5796] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 254.217943][ T5802] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 254.262391][ T5802] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 254.386793][ T5802] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 254.423514][ T5802] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 254.925943][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.975966][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.126982][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.203384][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.224490][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.319474][ T3792] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.327151][ T3792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.420686][ T3792] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.428430][ T3792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.457948][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.513277][ T3792] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.520943][ T3792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.537731][ T3792] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.545425][ T3792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.603973][ T3792] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.611858][ T3792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.689156][ T3792] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.696883][ T3792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.731169][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.069469][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.191262][ T5793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 256.271506][ T3792] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.279128][ T3792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.372912][ T3792] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.380689][ T3792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.553117][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.895707][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.000104][ T3927] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.007787][ T3927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.105800][ T3927] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.113509][ T3927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.952010][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.129763][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.399705][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.571340][ T5793] veth0_vlan: entered promiscuous mode [ 258.661703][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.716265][ T5793] veth1_vlan: entered promiscuous mode [ 259.019028][ T5801] veth0_vlan: entered promiscuous mode [ 259.122938][ T5793] veth0_macvtap: entered promiscuous mode [ 259.205616][ T5793] veth1_macvtap: entered promiscuous mode [ 259.256026][ T5801] veth1_vlan: entered promiscuous mode [ 259.338269][ T5796] veth0_vlan: entered promiscuous mode [ 259.458584][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.485893][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.501795][ T5796] veth1_vlan: entered promiscuous mode [ 259.596862][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.688848][ T5801] veth0_macvtap: entered promiscuous mode [ 259.724229][ T5793] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.733487][ T5793] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.742819][ T5793] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.752063][ T5793] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.787612][ T5801] veth1_macvtap: entered promiscuous mode [ 259.979358][ T5801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.991068][ T5801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.006398][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.044489][ T5796] veth0_macvtap: entered promiscuous mode [ 260.092882][ T5796] veth1_macvtap: entered promiscuous mode [ 260.131633][ T5801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.142673][ T5801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.157622][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.282925][ T5802] veth0_vlan: entered promiscuous mode [ 260.318223][ T5801] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.327616][ T5801] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.336942][ T5801] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.347290][ T5801] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.388138][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.399152][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.409598][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.422126][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.437474][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.483301][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.495355][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.505777][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.516645][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.531853][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.564273][ T5802] veth1_vlan: entered promiscuous mode [ 260.614835][ T5796] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.624200][ T5796] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.633869][ T5796] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.643204][ T5796] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.034963][ T5802] veth0_macvtap: entered promiscuous mode [ 261.119335][ T5802] veth1_macvtap: entered promiscuous mode [ 261.145344][ T5806] veth0_vlan: entered promiscuous mode [ 261.246621][ T5806] veth1_vlan: entered promiscuous mode [ 261.346871][ T5802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 261.358824][ T5802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.371865][ T5802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 261.382852][ T5802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.393036][ T5802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 261.403947][ T5802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.419197][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 261.453330][ T5802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 261.465458][ T5802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.475735][ T5802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 261.486849][ T5802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.497096][ T5802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 261.507928][ T5802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.523056][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 261.747122][ T5802] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.757577][ T5802] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.766964][ T5802] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.776183][ T5802] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.860197][ T5806] veth0_macvtap: entered promiscuous mode [ 261.917895][ T5806] veth1_macvtap: entered promiscuous mode [ 262.124226][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.135063][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.145297][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.156043][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.166236][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.177045][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.187382][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.198205][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.309644][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 262.374781][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.387645][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.397911][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.408723][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.421854][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.433286][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.443499][ T5806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.454378][ T5806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.469719][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 262.722604][ T5806] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.731801][ T5806] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.741744][ T5806] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.750972][ T5806] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.628376][ T3692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.636566][ T3692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.854001][ T1005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.862216][ T1005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.983787][ T3692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.992776][ T3692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 267.272426][ T3692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 267.280753][ T3692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 267.288168][ T3792] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 267.288260][ T3792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 267.504503][ T1849] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 267.514605][ T1849] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 267.736491][ T5801] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 268.375810][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.384097][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.725373][ T3927] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.733819][ T3927] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.322085][ T30] audit: type=1326 audit(1746953895.136:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.345870][ T30] audit: type=1326 audit(1746953895.156:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.368320][ T30] audit: type=1326 audit(1746953895.156:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.396647][ T30] audit: type=1326 audit(1746953895.166:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.422047][ T30] audit: type=1326 audit(1746953895.166:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.445204][ T30] audit: type=1326 audit(1746953895.166:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.471403][ T30] audit: type=1326 audit(1746953895.166:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.489502][ T5973] loop1: detected capacity change from 0 to 8192 [ 269.502217][ T30] audit: type=1326 audit(1746953895.176:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.524588][ T30] audit: type=1326 audit(1746953895.176:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.552311][ T30] audit: type=1326 audit(1746953895.176:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 269.850120][ T3888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.859161][ T3888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.908270][ T5988] lo speed is unknown, defaulting to 1000 [ 269.914783][ T5988] lo speed is unknown, defaulting to 1000 [ 269.922255][ T5988] lo speed is unknown, defaulting to 1000 [ 269.942287][ T5988] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 269.983493][ T5988] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 270.145416][ T5988] lo speed is unknown, defaulting to 1000 [ 270.248545][ T5988] lo speed is unknown, defaulting to 1000 [ 270.258816][ T5988] lo speed is unknown, defaulting to 1000 [ 270.268737][ T5988] lo speed is unknown, defaulting to 1000 [ 270.279356][ T5988] lo speed is unknown, defaulting to 1000 [ 270.379809][ T3888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.389436][ T3888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.683175][ T5995] loop3: detected capacity change from 0 to 1024 [ 270.779470][ T5995] ======================================================= [ 270.779470][ T5995] WARNING: The mand mount option has been deprecated and [ 270.779470][ T5995] and is ignored by this kernel. Remove the mand [ 270.779470][ T5995] option from the mount to silence this warning. [ 270.779470][ T5995] ======================================================= [ 271.265174][ T5995] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 271.938707][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.321902][ T6012] tipc: Started in network mode [ 272.327164][ T6012] tipc: Node identity ac141417, cluster identity 4711 [ 272.337158][ T6012] tipc: Enabled bearer , priority 10 [ 272.888732][ T6018] loop3: detected capacity change from 0 to 512 [ 272.960822][ T6018] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 273.203427][ T6018] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.12: invalid indirect mapped block 4294967295 (level 1) [ 273.288501][ T6018] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.12: invalid indirect mapped block 4294967295 (level 1) [ 273.432636][ T6018] EXT4-fs (loop3): 2 truncates cleaned up [ 273.441496][ T6018] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 273.462877][ T5887] tipc: Node number set to 2886997015 [ 274.491960][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.456949][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 275.457023][ T30] audit: type=1326 audit(1746953901.286:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.2.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9c78e969 code=0x7ffc0000 [ 275.557455][ T30] audit: type=1326 audit(1746953901.316:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.2.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9c78e969 code=0x7ffc0000 [ 275.580226][ T30] audit: type=1326 audit(1746953901.326:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.2.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f1c9c78e969 code=0x7ffc0000 [ 275.603501][ T30] audit: type=1326 audit(1746953901.326:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.2.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9c78e969 code=0x7ffc0000 [ 275.626150][ T30] audit: type=1326 audit(1746953901.326:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.2.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9c78e969 code=0x7ffc0000 [ 276.167176][ T6048] syz.2.23 uses obsolete (PF_INET,SOCK_PACKET) [ 276.840047][ T5887] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0 [ 276.848402][ T5887] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0 [ 276.864035][ T6055] netlink: 96 bytes leftover after parsing attributes in process `syz.0.25'. [ 276.873969][ T30] audit: type=1326 audit(1746953902.666:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6052 comm="syz.4.24" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f419f38e969 code=0x7ffc0000 [ 276.874222][ T30] audit: type=1326 audit(1746953902.666:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6052 comm="syz.4.24" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f419f38e969 code=0x7ffc0000 [ 276.874468][ T30] audit: type=1326 audit(1746953902.676:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6052 comm="syz.4.24" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f419f38e969 code=0x7ffc0000 [ 276.874710][ T30] audit: type=1326 audit(1746953902.676:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6052 comm="syz.4.24" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f419f38e969 code=0x7ffc0000 [ 276.874957][ T30] audit: type=1326 audit(1746953902.676:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6052 comm="syz.4.24" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f419f38e969 code=0x7ffc0000 [ 276.999484][ T5887] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0 [ 277.099456][ T6059] netlink: 256 bytes leftover after parsing attributes in process `syz.0.25'. [ 277.109018][ T5887] hid-generic 0000:0004:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 277.119619][ T6059] ksmbd: Unknown IPC event: 3, ignore. [ 277.230184][ T6055] netlink: 'syz.0.25': attribute type 13 has an invalid length. [ 277.262070][ T6058] loop1: detected capacity change from 0 to 512 [ 277.537904][ T6058] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 277.672738][ T6058] EXT4-fs (loop1): orphan cleanup on readonly fs [ 277.710923][ T6058] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:517: comm syz.1.27: Block bitmap for bg 0 marked uninitialized [ 277.744044][ T6058] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 277.944839][ T6058] EXT4-fs (loop1): 1 orphan inode deleted [ 277.953180][ T6058] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 278.020415][ T6055] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.030491][ T6055] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.321590][ T6058] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 278.380216][ T6055] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.417759][ T6055] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.440888][ T6058] EXT4-fs: error -4 creating inode table initialization thread [ 278.448847][ T6058] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 278.587698][ T6065] loop3: detected capacity change from 0 to 512 [ 278.690813][ T6065] journal_path: Non-blockdev passed as './file0' [ 278.697558][ T6065] EXT4-fs: error: could not find journal device path [ 278.851069][ T6055] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.860970][ T6055] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.870202][ T6055] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.879648][ T6055] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.241375][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.367500][ T45] lo speed is unknown, defaulting to 1000 [ 279.374479][ T45] syz0: Port: 1 Link DOWN [ 279.788599][ T6075] netlink: 76 bytes leftover after parsing attributes in process `syz.3.33'. [ 280.622699][ T6077] veth0_to_team: entered promiscuous mode [ 280.628852][ T6077] veth0_to_team: entered allmulticast mode [ 281.673814][ T6088] Driver unsupported XDP return value 0 on prog (id 33) dev N/A, expect packet loss! [ 281.895864][ T6094] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 281.978402][ T6096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.40'. [ 282.004632][ T45] hid-generic 0000:0004:0000.0002: unknown main item tag 0x0 [ 282.012819][ T45] hid-generic 0000:0004:0000.0002: unknown main item tag 0x0 [ 282.020742][ T45] hid-generic 0000:0004:0000.0002: unknown main item tag 0x0 [ 282.111881][ T45] hid-generic 0000:0004:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 283.419693][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 283.419769][ T30] audit: type=1804 audit(1746953909.246:64): pid=6114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.48" name="/newroot/10/file0" dev="tmpfs" ino=73 res=1 errno=0 [ 283.535024][ T6114] ref_ctr going negative. vaddr: 0x200000ffc018, curr val: -17644, delta: 1 [ 283.546440][ T6114] ref_ctr increment failed for inode: 0x49 offset: 0x2 ref_ctr_offset: 0x18 of mm: 0xffff88810005a280 [ 283.687339][ T6114] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1 [ 283.696517][ T6114] ref_ctr decrement failed for inode: 0x49 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88810005a280 [ 283.746459][ T6114] uprobe: syz.3.48:6114 failed to unregister, leaking uprobe [ 284.072562][ T6118] loop1: detected capacity change from 0 to 512 [ 284.134752][ T6123] netlink: 'syz.4.50': attribute type 3 has an invalid length. [ 284.146732][ T6118] EXT4-fs: Ignoring removed nobh option [ 284.196014][ T6118] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 284.504144][ T6118] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #16: comm syz.1.51: corrupted inode contents [ 284.526436][ T6118] EXT4-fs (loop1): Remounting filesystem read-only [ 284.538163][ T6118] EXT4-fs (loop1): 1 truncate cleaned up [ 284.546623][ T6118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.560548][ T6118] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.579541][ T1849] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 284.590760][ T1849] Quota error (device loop1): write_blk: dquota write failed [ 284.598390][ T1849] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries [ 284.608775][ T1849] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 284.619855][ T1849] Quota error (device loop1): write_blk: dquota write failed [ 284.628627][ T1849] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list [ 284.645934][ T1849] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 284.658784][ T1849] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 284.668496][ T1849] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 284.993663][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.181779][ T9] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 285.189683][ T9] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 285.197983][ T9] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 285.302432][ T9] hid-generic 0000:0004:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 285.530498][ T6136] Falling back ldisc for ttyS3. [ 286.770044][ T6155] netlink: 56 bytes leftover after parsing attributes in process `syz.3.62'. [ 287.391313][ T6158] lo speed is unknown, defaulting to 1000 [ 287.602012][ T6164] netlink: 26 bytes leftover after parsing attributes in process `syz.2.65'. [ 288.361291][ T6168] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 288.367513][ T6168] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 288.476293][ T6168] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 288.482803][ T6168] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 288.649222][ T6168] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 288.655687][ T6168] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 288.856296][ T6168] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 288.863281][ T6168] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 288.966210][ T6168] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 288.972717][ T6168] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 290.750107][ T6200] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 290.758862][ T6200] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 290.767979][ T6200] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 291.245442][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 291.252664][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 295.256296][ T6259] loop0: detected capacity change from 0 to 512 [ 295.384276][ T6261] loop3: detected capacity change from 0 to 1024 [ 295.429273][ T6261] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 295.462773][ T6261] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 295.474506][ T6261] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 295.484841][ T6261] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 295.523119][ T6259] EXT4-fs (loop0): too many log groups per flexible block group [ 295.532208][ T6259] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 295.631489][ T6259] EXT4-fs (loop0): mount failed [ 295.673385][ T6261] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 296.393443][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.429986][ T6274] sd 0:0:1:0: device reset [ 296.892638][ T45] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 297.070765][ T45] usb 3-1: device descriptor read/64, error -71 [ 297.364665][ T45] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 297.541949][ T45] usb 3-1: device descriptor read/64, error -71 [ 297.662016][ T45] usb usb3-port1: attempt power cycle [ 297.813638][ T6297] process 'syz.4.99' launched './file1' with NULL argv: empty string added [ 298.051417][ T45] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 298.117717][ T45] usb 3-1: device descriptor read/8, error -71 [ 298.391125][ T45] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 298.463161][ T45] usb 3-1: device descriptor read/8, error -71 [ 298.584857][ T45] usb usb3-port1: unable to enumerate USB device [ 299.347822][ T6323] loop1: detected capacity change from 0 to 512 [ 299.524365][ T6323] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.537832][ T6323] ext4 filesystem being mounted at /24/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 299.783905][ T6323] EXT4-fs error (device loop1): ext4_get_first_dir_block:3535: inode #12: block 32: comm syz.1.108: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 299.822316][ T6323] EXT4-fs error (device loop1): ext4_get_first_dir_block:3538: inode #12: comm syz.1.108: directory missing '.' [ 300.194946][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 301.620818][ T30] audit: type=1326 audit(1746953927.436:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6361 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 301.732097][ T30] audit: type=1326 audit(1746953927.506:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6361 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 301.755148][ T30] audit: type=1326 audit(1746953927.506:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6361 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 301.778322][ T30] audit: type=1326 audit(1746953927.516:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6361 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 301.801092][ T30] audit: type=1326 audit(1746953927.526:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6361 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 301.823928][ T30] audit: type=1326 audit(1746953927.526:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6361 comm="syz.3.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc918e969 code=0x7ffc0000 [ 305.677727][ T6400] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98 [ 306.707928][ T6405] loop2: detected capacity change from 0 to 512 [ 306.841698][ T6405] EXT4-fs: Ignoring removed orlov option [ 306.930663][ T6405] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 307.180700][ T6405] EXT4-fs (loop2): 1 orphan inode deleted [ 307.186718][ T6405] EXT4-fs (loop2): 1 truncate cleaned up [ 307.195766][ T6405] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 307.278267][ T6407] loop0: detected capacity change from 0 to 2048 [ 308.209815][ T5802] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.037948][ T6431] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 310.047754][ T6431] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 310.901557][ T30] audit: type=1326 audit(1746953936.726:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 310.924690][ T30] audit: type=1326 audit(1746953936.726:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 310.947594][ T30] audit: type=1326 audit(1746953936.756:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 310.970468][ T30] audit: type=1326 audit(1746953936.756:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 310.993198][ T30] audit: type=1326 audit(1746953936.756:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 311.015944][ T30] audit: type=1326 audit(1746953936.776:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 311.359346][ T30] audit: type=1326 audit(1746953936.916:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 311.382382][ T30] audit: type=1326 audit(1746953936.936:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb53298d2d0 code=0x7ffc0000 [ 311.405385][ T30] audit: type=1326 audit(1746953936.936:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb53298d2d0 code=0x7ffc0000 [ 311.428794][ T30] audit: type=1326 audit(1746953936.966:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6435 comm="syz.1.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 311.569611][ T6436] loop1: detected capacity change from 0 to 512 [ 311.680386][ T6436] EXT4-fs error (device loop1): ext4_iget_extra_inode:4693: inode #15: comm syz.1.138: corrupted in-inode xattr: invalid ea_ino [ 311.777993][ T6436] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.138: couldn't read orphan inode 15 (err -117) [ 311.862330][ T6436] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.574268][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.888172][ T6461] 9pnet_fd: Insufficient options for proto=fd [ 314.264317][ T6476] loop0: detected capacity change from 0 to 512 [ 314.298002][ T6476] EXT4-fs: Ignoring removed mblk_io_submit option [ 314.451207][ T6476] EXT4-fs (loop0): Invalid log cluster size: 4294967295 [ 314.732826][ T6487] Zero length message leads to an empty skb [ 315.883026][ T6502] 9pnet_fd: Insufficient options for proto=fd [ 317.862810][ T6527] 9pnet_fd: Insufficient options for proto=fd [ 318.595114][ T30] kauditd_printk_skb: 70 callbacks suppressed [ 318.595193][ T30] audit: type=1326 audit(1746953944.426:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6531 comm="syz.0.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 318.820856][ T30] audit: type=1326 audit(1746953944.486:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6531 comm="syz.0.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 318.843964][ T30] audit: type=1326 audit(1746953944.486:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6531 comm="syz.0.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 318.866950][ T30] audit: type=1326 audit(1746953944.496:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6531 comm="syz.0.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 318.889608][ T30] audit: type=1326 audit(1746953944.496:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6531 comm="syz.0.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 318.912856][ T30] audit: type=1326 audit(1746953944.546:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6531 comm="syz.0.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 318.935510][ T30] audit: type=1326 audit(1746953944.546:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6531 comm="syz.0.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 320.667548][ T30] audit: type=1326 audit(1746953946.486:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6544 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 320.827432][ T30] audit: type=1326 audit(1746953946.576:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6544 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 320.850723][ T30] audit: type=1326 audit(1746953946.576:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6544 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 321.725507][ T3927] ------------[ cut here ]------------ [ 321.731522][ T3927] RTNL: assertion failed at ./include/net/netdev_lock.h (56) [ 321.742481][ T3927] WARNING: CPU: 0 PID: 3927 at ./include/net/netdev_lock.h:56 __linkwatch_sync_dev+0x5cf/0x5f0 [ 321.753558][ T3927] Modules linked in: [ 321.757806][ T3927] CPU: 0 UID: 0 PID: 3927 Comm: kworker/u8:20 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) [ 321.770763][ T3927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 321.781390][ T3927] Workqueue: bond0 bond_mii_monitor [ 321.786999][ T3927] RIP: 0010:__linkwatch_sync_dev+0x5cf/0x5f0 [ 321.793623][ T3927] Code: 00 00 00 00 00 49 c7 84 24 80 0c 00 00 00 00 00 00 48 c7 c7 f3 a9 e3 91 48 c7 c6 9c 92 c8 91 ba 38 00 00 00 e8 42 bc 8d f3 90 <0f> 0b 90 90 e9 3b fc ff ff 44 89 e7 e8 70 af ff f4 89 c7 e8 89 b3 [ 321.813833][ T3927] RSP: 0018:ffff8881199a3930 EFLAGS: 00010293 [ 321.820405][ T3927] RAX: ffffffff81207f4e RBX: ffff88804920c000 RCX: ffff8881183720c0 [ 321.828744][ T3927] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 321.837165][ T3927] RBP: ffff8881199a39a8 R08: ffffea000000000f R09: 0000000000000000 [ 321.845548][ T3927] R10: ffff888237b48028 R11: ffff88823f27f070 R12: ffff888118372c18 [ 321.853983][ T3927] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000ffffff00 [ 321.862323][ T3927] FS: 0000000000000000(0000) GS:ffff8881aaac5000(0000) knlGS:0000000000000000 [ 321.871791][ T3927] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 321.878636][ T3927] CR2: 000000110c3f5776 CR3: 000000005c938000 CR4: 00000000003526f0 [ 321.887009][ T3927] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 321.895385][ T3927] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 321.903724][ T3927] Call Trace: [ 321.907216][ T3927] [ 321.910491][ T3927] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 321.917177][ T3927] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 321.923235][ T3927] ethtool_op_get_link+0x29/0xb0 [ 321.928466][ T3927] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 321.934659][ T3927] bond_check_dev_link+0x590/0x9b0 [ 321.940094][ T3927] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 321.950109][ T3927] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 321.956728][ T3927] bond_mii_monitor+0x6d9/0x4710 [ 321.962141][ T3927] ? try_to_wake_up+0x1020/0x1f70 [ 321.967483][ T3927] ? kmsan_get_metadata+0x105/0x1b0 [ 321.973180][ T3927] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 321.979342][ T3927] ? kmsan_get_metadata+0x105/0x1b0 [ 321.985033][ T3927] ? kmsan_get_metadata+0x105/0x1b0 [ 321.990994][ T3927] ? __pfx_bond_mii_monitor+0x10/0x10 [ 321.996712][ T3927] process_scheduled_works+0xb97/0x1d90 [ 322.002814][ T3927] worker_thread+0xedf/0x1590 [ 322.007832][ T3927] kthread+0xd59/0xf00 [ 322.012371][ T3927] ? __pfx_worker_thread+0x10/0x10 [ 322.017819][ T3927] ? __pfx_kthread+0x10/0x10 [ 322.023010][ T3927] ret_from_fork+0x6e/0x90 [ 322.033182][ T3927] ? __pfx_kthread+0x10/0x10 [ 322.038108][ T3927] ret_from_fork_asm+0x1a/0x30 [ 322.043402][ T3927] [ 322.046641][ T3927] ---[ end trace 0000000000000000 ]--- [ 322.412542][ T6556] netlink: 12 bytes leftover after parsing attributes in process `syz.3.180'. [ 322.589460][ T6559] netlink: 'syz.4.183': attribute type 10 has an invalid length. [ 322.598338][ T6559] veth1_macvtap: left promiscuous mode [ 322.680943][ T5151] udevd[5151]: worker [5982] terminated by signal 33 (Unknown signal 33) [ 323.620778][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 323.620857][ T30] audit: type=1326 audit(1746953949.436:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.649893][ T30] audit: type=1326 audit(1746953949.436:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.672678][ T30] audit: type=1326 audit(1746953949.456:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.695476][ T30] audit: type=1326 audit(1746953949.506:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.718354][ T30] audit: type=1326 audit(1746953949.506:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.741169][ T30] audit: type=1326 audit(1746953949.506:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.763988][ T30] audit: type=1326 audit(1746953949.506:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.786859][ T30] audit: type=1326 audit(1746953949.506:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 323.809622][ T30] audit: type=1326 audit(1746953949.526:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 324.350662][ T30] audit: type=1326 audit(1746953949.686:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850b98e969 code=0x7ffc0000 [ 324.462468][ T5797] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 324.483773][ T5797] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 324.505133][ T5797] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 324.522791][ T5797] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 324.545360][ T5797] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 324.620726][ T52] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 324.631007][ T52] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 324.646211][ T52] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 324.661025][ T52] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 324.678348][ T52] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 324.792623][ T6578] lo speed is unknown, defaulting to 1000 [ 325.569868][ T6595] macvlan2: entered promiscuous mode [ 325.575639][ T6595] bridge0: entered promiscuous mode [ 325.584516][ T6595] bridge0: port 3(macvlan2) entered blocking state [ 325.591703][ T6595] bridge0: port 3(macvlan2) entered disabled state [ 325.599019][ T6595] macvlan2: entered allmulticast mode [ 325.604914][ T6595] bridge0: entered allmulticast mode [ 325.692377][ T6595] macvlan2: left allmulticast mode [ 325.698078][ T6595] bridge0: left allmulticast mode [ 325.744612][ T6595] bridge0: left promiscuous mode [ 325.898514][ T6578] chnl_net:caif_netlink_parms(): no params data found [ 326.101472][ T6604] netlink: 'syz.1.202': attribute type 16 has an invalid length. [ 326.109799][ T6604] netlink: 'syz.1.202': attribute type 17 has an invalid length. [ 326.749375][ T5797] Bluetooth: hci5: command tx timeout [ 327.502183][ T6623] netlink: 'syz.0.206': attribute type 10 has an invalid length. [ 327.510201][ T6623] netlink: 40 bytes leftover after parsing attributes in process `syz.0.206'. [ 327.547158][ T6623] team0: Port device netdevsim1 added [ 327.587291][ T6578] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.594944][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804c181a00: rx timeout, send abort [ 327.604795][ T6578] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.612817][ T6578] bridge_slave_0: entered allmulticast mode [ 327.622606][ T6578] bridge_slave_0: entered promiscuous mode [ 327.773634][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.781765][ T6578] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.789660][ T6578] bridge_slave_1: entered allmulticast mode [ 327.799772][ T6578] bridge_slave_1: entered promiscuous mode [ 328.088574][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804c181000: rx timeout, send abort [ 328.097653][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804c181a00: abort rx timeout. Force session deactivation [ 328.216256][ T6578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 328.301930][ T6578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 328.597334][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804c181000: abort rx timeout. Force session deactivation [ 328.754801][ T6578] team0: Port device team_slave_0 added [ 328.799747][ T6578] team0: Port device team_slave_1 added [ 328.820796][ T5797] Bluetooth: hci5: command tx timeout [ 329.034893][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.042705][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.069140][ T6578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.114316][ T6631] netlink: 24 bytes leftover after parsing attributes in process `syz.1.212'. [ 329.123963][ T6631] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 329.204965][ T6632] macsec1: entered promiscuous mode [ 329.303811][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.311721][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.338373][ T6578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 329.884592][ T6578] hsr_slave_0: entered promiscuous mode [ 329.895009][ T6578] hsr_slave_1: entered promiscuous mode [ 329.904385][ T6578] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 329.912387][ T6578] Cannot create hsr debugfs directory [ 330.299046][ T6639] loop1: detected capacity change from 0 to 2048 [ 330.503907][ T6639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.903046][ T5797] Bluetooth: hci5: command tx timeout [ 331.162132][ T6578] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 331.221567][ T6578] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 331.283415][ T6578] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 331.357870][ T6578] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 331.507628][ T6651] netlink: 26 bytes leftover after parsing attributes in process `syz.3.218'. [ 331.731778][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 331.872944][ T6654] loop0: detected capacity change from 0 to 512 [ 331.922797][ T6654] EXT4-fs: Ignoring removed mblk_io_submit option [ 331.929768][ T6654] ext4: Unknown parameter 'seclabel' [ 332.471087][ T6661] loop4: detected capacity change from 0 to 512 [ 332.521694][ T6661] EXT4-fs: Ignoring removed mblk_io_submit option [ 332.529421][ T6661] EXT4-fs: Ignoring removed mblk_io_submit option [ 332.590996][ T6661] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 332.629333][ T6661] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c11c, mo2=0002] [ 332.661126][ T6578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.704356][ T6661] System zones: 1-12 [ 332.739899][ T6578] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.770449][ T6661] EXT4-fs error (device loop4): ext4_iget_extra_inode:4693: inode #15: comm syz.4.222: corrupted in-inode xattr: e_value size too large [ 332.826541][ T3888] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.832874][ T6661] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.222: couldn't read orphan inode 15 (err -117) [ 332.834157][ T3888] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.864056][ T3888] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.871726][ T3888] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.922840][ T6661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 332.983217][ T5797] Bluetooth: hci5: command tx timeout [ 333.346083][ T6668] loop0: detected capacity change from 0 to 128 [ 333.393331][ T5806] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.749427][ T6578] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 335.162983][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804b625200: rx timeout, send abort [ 335.181117][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88804b625200: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 336.967110][ T6715] loop0: detected capacity change from 0 to 256 [ 337.117793][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 337.117879][ T30] audit: type=1804 audit(1746953962.856:205): pid=6715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.236" name="/newroot/45/file1/file0" dev="loop0" ino=7 res=1 errno=0 [ 337.146632][ T30] audit: type=1800 audit(1746953962.856:206): pid=6715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.236" name="file0" dev="loop0" ino=7 res=0 errno=0 [ 338.302139][ T6718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.240'. [ 338.389549][ T6578] veth0_vlan: entered promiscuous mode [ 338.675927][ T6578] veth1_vlan: entered promiscuous mode [ 339.281437][ T6578] veth0_macvtap: entered promiscuous mode [ 339.412120][ T6578] veth1_macvtap: entered promiscuous mode [ 339.717122][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 339.728107][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.747048][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 339.758078][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.768281][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 339.779274][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.789461][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 339.800459][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.816424][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 339.890686][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.901587][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.911824][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.922654][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.933327][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.944361][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.954641][ T6578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.965566][ T6578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.981302][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 340.092951][ T6732] netlink: 16 bytes leftover after parsing attributes in process `syz.4.245'. [ 340.237195][ T6578] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.247225][ T6578] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.256414][ T6578] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.265631][ T6578] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.392320][ T30] audit: type=1326 audit(1746953966.196:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 340.415833][ T30] audit: type=1326 audit(1746953966.206:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 340.439084][ T30] audit: type=1326 audit(1746953966.206:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53298e969 code=0x7ffc0000 [ 341.043011][ T6749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.252'. [ 341.596958][ T3927] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.838500][ T3927] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.036955][ T3927] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.216315][ T3927] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.624130][ T3927] bridge_slave_1: left allmulticast mode [ 342.630072][ T3927] bridge_slave_1: left promiscuous mode [ 342.637023][ T3927] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.755866][ T3927] bridge_slave_0: left allmulticast mode [ 342.762055][ T3927] bridge_slave_0: left promiscuous mode [ 342.768882][ T3927] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.045873][ T6783] rdma_rxe: rxe_newlink: failed to add lo [ 343.477777][ T3927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 343.533482][ T3927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 343.554123][ T3927] bond0 (unregistering): Released all slaves [ 343.572093][ T6788] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'. [ 343.704068][ T6778] Falling back ldisc for ttyS3. [ 344.208748][ T3927] hsr_slave_0: left promiscuous mode [ 344.226918][ T3927] hsr_slave_1: left promiscuous mode [ 344.236511][ T3927] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 344.244710][ T3927] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 344.256217][ T3927] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 344.265446][ T3927] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 344.320502][ T3927] veth1_macvtap: left promiscuous mode [ 344.326676][ T3927] veth0_macvtap: left promiscuous mode [ 344.332798][ T3927] veth1_vlan: left promiscuous mode [ 344.338500][ T3927] veth0_vlan: left promiscuous mode [ 345.069126][ T3927] team0 (unregistering): Port device team_slave_1 removed [ 345.144128][ T3927] team0 (unregistering): Port device team_slave_0 removed [ 346.257397][ T30] audit: type=1326 audit(1746953972.076:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6812 comm="syz.4.270" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f419f38e969 code=0x0 [ 346.497339][ T6818] loop1: detected capacity change from 0 to 512 [ 346.518591][ T6818] EXT4-fs: Ignoring removed oldalloc option [ 346.525541][ T6818] EXT4-fs: Ignoring removed bh option [ 346.581438][ T6818] EXT4-fs (loop1): orphan cleanup on readonly fs [ 346.605929][ T6818] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 346.616624][ T6818] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 346.626500][ T6818] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.272: Failed to acquire dquot type 1 [ 346.658407][ T6818] EXT4-fs (loop1): 1 truncate cleaned up [ 346.674350][ T6818] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 346.776932][ T6818] netlink: 96 bytes leftover after parsing attributes in process `syz.1.272'. [ 346.786791][ T6818] netlink: 'syz.1.272': attribute type 5 has an invalid length. [ 346.795164][ T6818] netlink: 44 bytes leftover after parsing attributes in process `syz.1.272'. [ 347.038134][ T6825] loop3: detected capacity change from 0 to 512 [ 347.078343][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.108573][ T6825] EXT4-fs: Ignoring removed mblk_io_submit option [ 347.109030][ T6825] ext4: Unknown parameter 'seclabel' [ 347.474448][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.482642][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.659953][ T6834] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 347.734064][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.742478][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.750968][ T6835] ===================================================== [ 347.758344][ T6835] BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 [ 347.766802][ T6835] sctp_assoc_bh_rcv+0x34e/0xbc0 [ 347.773000][ T6835] sctp_inq_push+0x2a3/0x350 [ 347.778640][ T6835] sctp_backlog_rcv+0x3c7/0xda0 [ 347.784683][ T6835] sk_backlog_rcv+0x13f/0x420 [ 347.789612][ T6835] __release_sock+0x1d3/0x330 [ 347.795478][ T6835] release_sock+0x6b/0x270 [ 347.800137][ T6835] sctp_wait_for_connect+0x458/0x820 [ 347.806680][ T6835] sctp_sendmsg_to_asoc+0x223a/0x2260 [ 347.813946][ T6835] sctp_sendmsg+0x3910/0x49f0 [ 347.821841][ T6835] inet_sendmsg+0x269/0x2a0 [ 347.826611][ T6835] __sock_sendmsg+0x278/0x3d0 [ 347.832875][ T6835] __sys_sendto+0x590/0x710 [ 347.837651][ T6835] __x64_sys_sendto+0x130/0x200 [ 347.843053][ T6835] x64_sys_call+0x3c0b/0x3db0 [ 347.848031][ T6835] do_syscall_64+0xd9/0x1b0 [ 347.852922][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.859049][ T6835] [ 347.862363][ T6835] Uninit was created at: [ 347.866900][ T6835] __kmalloc_node_track_caller_noprof+0x96d/0x12f0 [ 347.873808][ T6835] kmalloc_reserve+0x22f/0x4b0 [ 347.878847][ T6835] __alloc_skb+0x347/0x7d0 [ 347.883697][ T6835] sctp_packet_transmit+0x189e/0x4560 [ 347.889306][ T6835] sctp_outq_flush+0x1c7d/0x67c0 [ 347.894789][ T6835] sctp_outq_uncork+0x9e/0xc0 [ 347.899715][ T6835] sctp_do_sm+0x8c8e/0x9720 [ 347.904598][ T6835] sctp_assoc_bh_rcv+0x88b/0xbc0 [ 347.909772][ T6835] sctp_inq_push+0x2a3/0x350 [ 347.914832][ T6835] sctp_backlog_rcv+0x3c7/0xda0 [ 347.920017][ T6835] sk_backlog_rcv+0x13f/0x420 [ 347.927294][ T6835] __release_sock+0x1d3/0x330 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 347.932946][ T6835] release_sock+0x6b/0x270 [ 347.937603][ T6835] sctp_wait_for_connect+0x458/0x820 [ 347.943262][ T6835] sctp_sendmsg_to_asoc+0x223a/0x2260 [ 347.948856][ T6835] sctp_sendmsg+0x3910/0x49f0 [ 347.954462][ T6835] inet_sendmsg+0x269/0x2a0 [ 347.959221][ T6835] __sock_sendmsg+0x278/0x3d0 [ 347.964263][ T6835] __sys_sendto+0x590/0x710 [ 347.969021][ T6835] __x64_sys_sendto+0x130/0x200 [ 347.974344][ T6835] x64_sys_call+0x3c0b/0x3db0 [ 347.979280][ T6835] do_syscall_64+0xd9/0x1b0 [ 347.984241][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.990488][ T6835] [ 347.992991][ T6835] CPU: 1 UID: 0 PID: 6835 Comm: syz.4.277 Tainted: G W 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) [ 348.007006][ T6835] Tainted: [W]=WARN [ 348.011269][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 348.022453][ T6835] ===================================================== [ 348.031823][ T6835] Disabling lock debugging due to kernel taint [ 348.038157][ T6835] Kernel panic - not syncing: kmsan.panic set ... [ 348.044767][ T6835] CPU: 1 UID: 0 PID: 6835 Comm: syz.4.277 Tainted: G B W 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) [ 348.058615][ T6835] Tainted: [B]=BAD_PAGE, [W]=WARN [ 348.063799][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 348.074058][ T6835] Call Trace: [ 348.077495][ T6835] [ 348.080573][ T6835] __dump_stack+0x26/0x30 [ 348.085160][ T6835] dump_stack_lvl+0x53/0x270 [ 348.090020][ T6835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.096112][ T6835] dump_stack+0x1e/0x25 [ 348.100509][ T6835] panic+0x4bd/0xd50 [ 348.104754][ T6835] kmsan_report+0x29d/0x2a0 [ 348.109562][ T6835] ? __sock_sendmsg+0x278/0x3d0 [ 348.114761][ T6835] ? dump_stack_print_info+0x176/0x650 [ 348.120478][ T6835] ? do_syscall_64+0xd9/0x1b0 [ 348.125509][ T6835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.131830][ T6835] ? __msan_warning+0x96/0x120 [ 348.136851][ T6835] ? sctp_assoc_bh_rcv+0x34e/0xbc0 [ 348.142230][ T6835] ? sctp_inq_push+0x2a3/0x350 [ 348.147245][ T6835] ? sctp_backlog_rcv+0x3c7/0xda0 [ 348.152608][ T6835] ? sk_backlog_rcv+0x13f/0x420 [ 348.157729][ T6835] ? __release_sock+0x1d3/0x330 [ 348.162813][ T6835] ? release_sock+0x6b/0x270 [ 348.167682][ T6835] ? sctp_wait_for_connect+0x458/0x820 [ 348.173455][ T6835] ? sctp_sendmsg_to_asoc+0x223a/0x2260 [ 348.179246][ T6835] ? sctp_sendmsg+0x3910/0x49f0 [ 348.184336][ T6835] ? inet_sendmsg+0x269/0x2a0 [ 348.189269][ T6835] ? __sock_sendmsg+0x278/0x3d0 [ 348.194368][ T6835] ? __sys_sendto+0x590/0x710 [ 348.199344][ T6835] ? __x64_sys_sendto+0x130/0x200 [ 348.204758][ T6835] ? x64_sys_call+0x3c0b/0x3db0 [ 348.209893][ T6835] ? do_syscall_64+0xd9/0x1b0 [ 348.214835][ T6835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.221147][ T6835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.227256][ T6835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.233337][ T6835] ? kmsan_get_metadata+0x105/0x1b0 [ 348.238805][ T6835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.244892][ T6835] ? kmsan_get_metadata+0x105/0x1b0 [ 348.250346][ T6835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.256426][ T6835] ? sctp_inq_pop+0x15ea/0x19e0 [ 348.261532][ T6835] ? kmsan_get_metadata+0x105/0x1b0 [ 348.267005][ T6835] __msan_warning+0x96/0x120 [ 348.271833][ T6835] sctp_assoc_bh_rcv+0x34e/0xbc0 [ 348.277058][ T6835] ? __pfx_sctp_assoc_bh_rcv+0x10/0x10 [ 348.282768][ T6835] sctp_inq_push+0x2a3/0x350 [ 348.287708][ T6835] sctp_backlog_rcv+0x3c7/0xda0 [ 348.292798][ T6835] ? kmsan_get_metadata+0x105/0x1b0 [ 348.298256][ T6835] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 348.303859][ T6835] sk_backlog_rcv+0x13f/0x420 [ 348.308781][ T6835] __release_sock+0x1d3/0x330 [ 348.313665][ T6835] release_sock+0x6b/0x270 [ 348.318304][ T6835] sctp_wait_for_connect+0x458/0x820 [ 348.323837][ T6835] ? __pfx_autoremove_wake_function+0x10/0x10 [ 348.330138][ T6835] sctp_sendmsg_to_asoc+0x223a/0x2260 [ 348.335740][ T6835] ? kmsan_get_metadata+0x105/0x1b0 [ 348.341173][ T6835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.347250][ T6835] sctp_sendmsg+0x3910/0x49f0 [ 348.352124][ T6835] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 348.358731][ T6835] ? __pfx_sctp_sendmsg+0x10/0x10 [ 348.363950][ T6835] inet_sendmsg+0x269/0x2a0 [ 348.368693][ T6835] __sock_sendmsg+0x278/0x3d0 [ 348.373579][ T6835] __sys_sendto+0x590/0x710 [ 348.378313][ T6835] ? kmsan_get_metadata+0x105/0x1b0 [ 348.383725][ T6835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 348.389763][ T6835] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 348.396317][ T6835] __x64_sys_sendto+0x130/0x200 [ 348.401416][ T6835] x64_sys_call+0x3c0b/0x3db0 [ 348.406394][ T6835] do_syscall_64+0xd9/0x1b0 [ 348.411101][ T6835] ? irqentry_exit+0x16/0x60 [ 348.415872][ T6835] ? clear_bhb_loop+0x25/0x80 [ 348.420749][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.426822][ T6835] RIP: 0033:0x7f419f38e969 [ 348.431392][ T6835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.451199][ T6835] RSP: 002b:00007f41a0154038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 348.459897][ T6835] RAX: ffffffffffffffda RBX: 00007f419f5b5fa0 RCX: 00007f419f38e969 [ 348.468028][ T6835] RDX: 000000000000fee4 RSI: 0000200000847fff RDI: 0000000000000003 [ 348.476146][ T6835] RBP: 00007f419f410ab1 R08: 000020000005ffe4 R09: 000000000000001c [ 348.484270][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.492382][ T6835] R13: 0000000000000000 R14: 00007f419f5b5fa0 R15: 00007ffe0097cf88 [ 348.500536][ T6835] [ 348.503879][ T6835] Kernel Offset: disabled [ 348.508295][ T6835] Rebooting in 86400 seconds..