last executing test programs: 16.939751692s ago: executing program 2 (id=170): socket$can_raw(0x1d, 0x3, 0x1) r0 = socket$kcm(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000440)=r1, 0x4) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) 16.734491297s ago: executing program 2 (id=174): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 16.529538092s ago: executing program 2 (id=177): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x161242, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(0x3) openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) pwritev2(r0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000040)="18", 0x1}], 0x2, 0x4, 0xff, 0x4) 16.380126703s ago: executing program 2 (id=179): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x404, &(0x7f00000003c0)={[{@nobarrier}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@user_xattr}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x20000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0\x00', 0x0, 0x98d046, 0x0) 16.14832922s ago: executing program 2 (id=182): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f400002000000000000080000000000000000010005000000000044000500ac141426000000000000000000000000000004d53c"], 0xfc}}, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, &(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x29, 0x0, 0xe, 0x5, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8000, 0x1, 0x8, 0x790}}) r2 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c2100801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080007"], 0x104}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(r5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {r4, r5}}, './file0\x00'}) getresuid(&(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000340)) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4008010) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r6, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) semctl$GETALL(0x0, 0x0, 0xd, 0xfffffffffffffffe) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x7, 0x6, 0x0, 0x5, 0x0}) 15.716801782s ago: executing program 2 (id=186): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c00000010004b0429bd7000faffffff7a000000", @ANYRES32=0x0, @ANYBLOB="08b0010006820000400012801f0001006272696467650000c40002800c002200000000040000000005002400010000000600080088a80000080005000100000005002b00050000000a000100aa"], 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000) 15.244218647s ago: executing program 32 (id=186): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c00000010004b0429bd7000faffffff7a000000", @ANYRES32=0x0, @ANYBLOB="08b0010006820000400012801f0001006272696467650000c40002800c002200000000040000000005002400010000000600080088a80000080005000100000005002b00050000000a000100aa"], 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000) 3.095983542s ago: executing program 1 (id=275): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f400002000000000000080000000000000000010005000000000044000500ac141426000000000000000000000000000004d53c"], 0xfc}}, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, &(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x29, 0x0, 0xe, 0x5, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8000, 0x1, 0x8, 0x790}}) r2 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c2100801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080007"], 0x104}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(r5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {r4, r5}}, './file0\x00'}) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4008010) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r6, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) semctl$GETALL(0x0, 0x0, 0xd, 0xfffffffffffffffe) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x7, 0x6, 0x0, 0x5, 0x0}) 2.792673035s ago: executing program 1 (id=280): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x3c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x4}, {0xffff, 0xffff}, {0xffe0, 0x1}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x1}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x408dc}, 0x8000) 2.355133887s ago: executing program 1 (id=284): socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) sendto$inet6(r0, &(0x7f0000000140)="aa", 0x1, 0x48000, &(0x7f0000000200)={0xa, 0x4e23, 0x3ff, @loopback, 0x10001}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000080)={r1, 0x7f}, &(0x7f0000000100)=0x8) 2.066842928s ago: executing program 3 (id=286): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x6, 0x24, 0x0, 0x0) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000000)=0x10) 1.979539885s ago: executing program 4 (id=287): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r0, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000380)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000008000000850000006d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r3}, 0xc) 1.752344621s ago: executing program 4 (id=289): syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x200000, &(0x7f0000000140)=ANY=[], 0x0, 0x40b, &(0x7f0000000800)="$eJzs3M9O3EYcwPEx2aWUSqhS1PAnHCZNK9FDNrYpi1BOrnd2mcRrW7Y3glMVFYhQgVQllQqXlkvaSu1D5No36KWP0ado1L4Blf8sBXaXRbCwCH0/EppZz88zv7Esj3bRWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGG4NdO0DOFpv7Uie3NrUdDs1vDpTla0+/v4RHHGuEIY6Z8YGxNT+aGpu/83f5R3Mpl/mhRjaTEm9j+49+GTu6WR9vlnJHwtdvf2X/2R53iu+NK/h5krT+yaNJSv40A3nYaSOg7kUrVqPl6ux7KuPRWvxolqSjdSThJEcs79TFpLS/NSVVaDlt+oOZ5qH1x8ZJtmVT6thMqJ4sB//LQSu8va87TfyGLS5jRmMb0Rn+lEJsppSrmxubU+3y/JNMg6o90Q4scsyO7Xk23atmXZtlVdWFpYNM2SbdryxAHzFNFxSnbTls97w+D2GeTjG7iUw2L9BwAAAAAAt5eR/caefv8vZ7/DG6KuPWUOOy0AAAAAADBA2X/+J9OinNamhMH3fwAAAAAAbpufj++xe7/bHrs4fM/48x8RRWXjIFz5xNh20nBnW5Sy8+6c7jGpzxgTRSdZUS0Vn1w1a0znQdPt6HdFsdFvr5/RkUAx8ukE8h12hz90SUD8KmbyoJm1vFxrt+SjjNe1pypu4D2xhONMjCRqJfluZ/N7kU3/F785YYiNza31ylevttayXA7SXg62iw0UHfsoel8M8fpo32P3GY8WXWTjjufjmsfnP5K3j3SOOS16jPlG3M9j7o/n5fjJ+Y+l87cqvWZfZGFdcuZvxGweMzv3MC0eznXJwu6XhX08i97X4oJZlIsOumfx91EW85fMAgCGZaPPKmR0LvwXeMoNbnU/+4n+II95MJM9WEszXdYVs9+6Yp5zdWtndjqL3zvegdBrjU3H/c1vVkaFOFpV36YnvO05buzZRnoJ77ze/kbc293bf7S5/eLl+sv1Hduer5qfm+aCLcrZNIqCtQcA0IWK3hnjyU9GFOnwS2t0yXKSZSWjwH0mI11rKKn9REXusuM3lAyjIAncwEsrz3VNxTJuhWEQJbIeRDIMYr2SvflFFq9+iVXT8RPtxqGnnFhJN/ATx01kTceuDFtfeDpeVlF2chwqV9e16yQ68GUctCJXVaSMlToWqGvKT3Rdp1VfhpFuOtGqfB54raaSNRW7kdZ/FW/YaY+l/XoQNbNuK8O+2AAA3BC7e/tfv9jaWv/2CivDniMAADiJVRoAAAAAAAAAAAAAAAAAAAAAgJvvOvb/DbZiCCFuQBpUqAy6MnrRG/swrxhigPkM+8kE4Kr9FwAA//8MOauE") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r0, &(0x7f0000000400)=""/4096, 0xc00) 1.472070332s ago: executing program 4 (id=291): unshare(0x22020600) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r0, 0x26}, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@map=r1, r0, 0x5}, 0x10) 1.403015027s ago: executing program 1 (id=292): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x3c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x4}, {0xffff, 0xffff}, {0xffe0, 0x1}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x1}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x408dc}, 0x8000) 1.313293983s ago: executing program 0 (id=293): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x1c, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0) 1.22383575s ago: executing program 4 (id=294): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000b40)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@commit={'commit', 0x3d, 0x2}}, {@stripe={'stripe', 0x3d, 0x8}}], [{@fowner_eq}, {@hash}, {@permit_directio}, {@subj_type={'subj_type', 0x3d, '/)/-:$/I('}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}, 0xfd, 0x573, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ") ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) sendfile(r0, r0, 0x0, 0xe3aa6ea) 1.110411129s ago: executing program 3 (id=295): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x2002) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f00000002c0)=""/111) 1.08681628s ago: executing program 0 (id=296): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000007, 0x31, 0xffffffffffffffff, 0x40040000) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000000)) 907.331643ms ago: executing program 3 (id=297): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r0, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000380)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000008000000850000006d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r3}, 0xc) 906.369113ms ago: executing program 1 (id=298): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f400002000000000000080000000000000000010005000000000044000500ac141426000000000000000000000000000004d53c"], 0xfc}}, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, &(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x29, 0x0, 0xe, 0x5, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8000, 0x1, 0x8, 0x790}}) r2 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c2100801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080007"], 0x104}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(r5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {r4, r5}}, './file0\x00'}) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4008010) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r6, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) semctl$GETALL(0x0, 0x0, 0xd, 0xfffffffffffffffe) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x7, 0x6, 0x0, 0x5, 0x0}) 814.04241ms ago: executing program 0 (id=299): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$unix(r1, &(0x7f0000001680)={&(0x7f0000000100)=@file={0x2, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee00, @ANYBLOB="0000000014"], 0x90, 0x810}, 0xc4000) 671.630271ms ago: executing program 0 (id=300): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000100)=@assoc_value, &(0x7f0000000180)=0x8) 658.963542ms ago: executing program 3 (id=301): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xb, 0x80, 0x3, 0xc4, 0x7, 0x4002, 0x3, 0xcd8d}}}}]}, 0x58}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r4, 0x0, 0x20000800) 528.144921ms ago: executing program 4 (id=302): socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) sendto$inet6(r0, &(0x7f0000000140)="aa", 0x1, 0x48000, &(0x7f0000000200)={0xa, 0x4e23, 0x3ff, @loopback, 0x10001}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000080)={r1, 0x7f}, &(0x7f0000000100)=0x8) 518.184612ms ago: executing program 1 (id=303): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x6, 0x24, 0x0, 0x0) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000000)=0x10) 425.260639ms ago: executing program 0 (id=304): unshare(0x22020600) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000d62b00006110600000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r0, 0x26}, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@map=r1, r0, 0x5}, 0x10) 232.008033ms ago: executing program 3 (id=305): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r1 = socket$igmp(0x2, 0x3, 0x2) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x20) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, 0x0, 0x0) close(r0) 210.001315ms ago: executing program 0 (id=306): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x3c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x4}, {0xffff, 0xffff}, {0xffe0, 0x1}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x1}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x408dc}, 0x8000) 172.079778ms ago: executing program 4 (id=307): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xfff9, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x54, 0x2c, 0xf3f, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xf}, {}, {0x7, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x45aa, 0x2, 0x6}, {0x11, 0x0, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0x810) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x4}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000540)="1e", 0x1}], 0x1}, 0x4c00c) 0s ago: executing program 3 (id=308): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_CONN_CREDITS_NTF={0x0, 0x0, 0x3, 0x6, 0x9, {0x4, [{0x0, 0x2}, {0x1, 0x5}, {0x3}, {0x0, 0x1}]}}, 0xc) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.184' (ED25519) to the list of known hosts. [ 73.874966][ T5755] cgroup: Unknown subsys name 'net' [ 74.009493][ T5755] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.731593][ T5755] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.427269][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.436812][ T5778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.444876][ T5780] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.452305][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.453752][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.461414][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.468133][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.475034][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.482193][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.489269][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.502713][ T5780] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.503623][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.511217][ T5780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.517236][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.525145][ T5780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.531941][ T5778] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.538490][ T5780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.548326][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.552460][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.562394][ T5778] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.566713][ T5780] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.574157][ T5778] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.582745][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.588884][ T5778] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.110139][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 78.124245][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 78.143453][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 78.234997][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 78.397490][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.404890][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.412339][ T5770] bridge_slave_0: entered allmulticast mode [ 78.419302][ T5770] bridge_slave_0: entered promiscuous mode [ 78.438488][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.445813][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.455775][ T5766] bridge_slave_0: entered allmulticast mode [ 78.462813][ T5766] bridge_slave_0: entered promiscuous mode [ 78.470423][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.477953][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.485531][ T5768] bridge_slave_0: entered allmulticast mode [ 78.492818][ T5768] bridge_slave_0: entered promiscuous mode [ 78.501648][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.509336][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.516802][ T5768] bridge_slave_1: entered allmulticast mode [ 78.523784][ T5768] bridge_slave_1: entered promiscuous mode [ 78.531251][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.538483][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.545887][ T5770] bridge_slave_1: entered allmulticast mode [ 78.553332][ T5770] bridge_slave_1: entered promiscuous mode [ 78.567514][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.577000][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.584269][ T5766] bridge_slave_1: entered allmulticast mode [ 78.591047][ T5766] bridge_slave_1: entered promiscuous mode [ 78.636554][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.643780][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.650914][ T5767] bridge_slave_0: entered allmulticast mode [ 78.658191][ T5767] bridge_slave_0: entered promiscuous mode [ 78.679045][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.693744][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.717374][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.727782][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.735640][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.742935][ T5767] bridge_slave_1: entered allmulticast mode [ 78.749730][ T5767] bridge_slave_1: entered promiscuous mode [ 78.758680][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.781112][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.802438][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.844165][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.868181][ T5766] team0: Port device team_slave_0 added [ 78.887241][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.920041][ T5766] team0: Port device team_slave_1 added [ 78.928500][ T5770] team0: Port device team_slave_0 added [ 78.946325][ T5770] team0: Port device team_slave_1 added [ 78.955915][ T5768] team0: Port device team_slave_0 added [ 78.975674][ T5767] team0: Port device team_slave_0 added [ 78.996946][ T5768] team0: Port device team_slave_1 added [ 79.017062][ T5767] team0: Port device team_slave_1 added [ 79.052177][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.059188][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.085399][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.107817][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.114936][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.140927][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.152923][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.159958][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.187054][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.223813][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.230895][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.262276][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.274930][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.284118][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.310818][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.338303][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.345670][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.371948][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.384466][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.391520][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.418119][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.437083][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.444279][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.470983][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.499594][ T5770] hsr_slave_0: entered promiscuous mode [ 79.505986][ T5770] hsr_slave_1: entered promiscuous mode [ 79.562896][ T5766] hsr_slave_0: entered promiscuous mode [ 79.569258][ T5766] hsr_slave_1: entered promiscuous mode [ 79.576382][ T5766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.584386][ T5766] Cannot create hsr debugfs directory [ 79.607294][ T5768] hsr_slave_0: entered promiscuous mode [ 79.614179][ T5768] hsr_slave_1: entered promiscuous mode [ 79.620445][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.628764][ T5768] Cannot create hsr debugfs directory [ 79.653548][ T51] Bluetooth: hci0: command tx timeout [ 79.659709][ T5774] Bluetooth: hci3: command tx timeout [ 79.665995][ T5780] Bluetooth: hci2: command tx timeout [ 79.671615][ T5778] Bluetooth: hci1: command tx timeout [ 79.742877][ T5767] hsr_slave_0: entered promiscuous mode [ 79.749246][ T5767] hsr_slave_1: entered promiscuous mode [ 79.755451][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.765337][ T5767] Cannot create hsr debugfs directory [ 80.107246][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.121248][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.151507][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.163926][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.244090][ T5766] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.258147][ T5766] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.268386][ T5766] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.281121][ T5766] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.366453][ T5768] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.406457][ T5768] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.416513][ T5768] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.429954][ T5768] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.535939][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.546336][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.561380][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.585636][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.596666][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.637817][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.657774][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.704636][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.721064][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.728473][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.743441][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.750773][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.803278][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.810397][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.829646][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.836870][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.864131][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.927784][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.975740][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.983050][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.997217][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.004600][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.156572][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.219762][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.264715][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.272208][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.358618][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.366045][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.420280][ T5767] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 81.433786][ T5767] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.522990][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.597018][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.688331][ T5766] veth0_vlan: entered promiscuous mode [ 81.709767][ T5770] veth0_vlan: entered promiscuous mode [ 81.739681][ T5770] veth1_vlan: entered promiscuous mode [ 81.746470][ T5778] Bluetooth: hci1: command tx timeout [ 81.746495][ T51] Bluetooth: hci2: command tx timeout [ 81.752669][ T5778] Bluetooth: hci0: command tx timeout [ 81.760272][ T51] Bluetooth: hci3: command tx timeout [ 81.767254][ T5766] veth1_vlan: entered promiscuous mode [ 81.821705][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.924159][ T5770] veth0_macvtap: entered promiscuous mode [ 81.946309][ T5766] veth0_macvtap: entered promiscuous mode [ 81.966802][ T5770] veth1_macvtap: entered promiscuous mode [ 82.006233][ T5768] veth0_vlan: entered promiscuous mode [ 82.027899][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.041589][ T5766] veth1_macvtap: entered promiscuous mode [ 82.090270][ T5768] veth1_vlan: entered promiscuous mode [ 82.139491][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.153723][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.166318][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.179692][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.225742][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.256410][ T5766] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.282125][ T5766] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.291005][ T5766] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.312054][ T5766] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.385474][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.401924][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.415527][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.439872][ T5767] veth0_vlan: entered promiscuous mode [ 82.463045][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.483056][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.496750][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.505816][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.531410][ T5768] veth0_macvtap: entered promiscuous mode [ 82.600295][ T5768] veth1_macvtap: entered promiscuous mode [ 82.632234][ T5767] veth1_vlan: entered promiscuous mode [ 82.756270][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.768473][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.779519][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.792022][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.804225][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.820639][ T5767] veth0_macvtap: entered promiscuous mode [ 82.822909][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.844798][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.846239][ T5767] veth1_macvtap: entered promiscuous mode [ 82.887538][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.898740][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.909207][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.924887][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.938219][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.981349][ T5768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.990266][ T5768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.999417][ T5768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.009282][ T5768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.059218][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.074474][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.084872][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.095922][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.106052][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.116660][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.128614][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.139253][ T2990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.170712][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.188824][ T2990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.190269][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.218115][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.233717][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.243931][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.255071][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.265131][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.276413][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.287862][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.327305][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.330401][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.353371][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.354834][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.369943][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.379105][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.488797][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.530290][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.635503][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.668754][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.762937][ T5837] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3'. [ 83.787596][ T5837] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3'. [ 83.816436][ T51] Bluetooth: hci3: command tx timeout [ 83.832097][ T5780] Bluetooth: hci0: command tx timeout [ 83.832444][ T5778] Bluetooth: hci2: command tx timeout [ 83.837552][ T5780] Bluetooth: hci1: command tx timeout [ 83.862161][ T5837] syzkaller0: entered promiscuous mode [ 83.879461][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.918351][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.000677][ T5844] ======================================================= [ 84.000677][ T5844] WARNING: The mand mount option has been deprecated and [ 84.000677][ T5844] and is ignored by this kernel. Remove the mand [ 84.000677][ T5844] option from the mount to silence this warning. [ 84.000677][ T5844] ======================================================= [ 84.091156][ T2990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.124737][ T2990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.239846][ T5847] syz.1.2[5847]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 84.290524][ T5847] loop1: detected capacity change from 0 to 164 [ 84.399152][ T5849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6'. [ 84.703958][ T5855] loop2: detected capacity change from 0 to 128 [ 84.976731][ T5860] loop3: detected capacity change from 0 to 1024 [ 85.016210][ T5860] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 85.146427][ T5860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.197409][ T5860] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 85.212882][ T5870] capability: warning: `syz.2.12' uses 32-bit capabilities (legacy support in use) [ 85.300279][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.402553][ T5867] can0: slcan on ttyS3. [ 85.896130][ T5774] Bluetooth: hci1: command tx timeout [ 85.902157][ T5774] Bluetooth: hci3: command tx timeout [ 85.908451][ T5780] Bluetooth: hci2: command tx timeout [ 85.908487][ T51] Bluetooth: hci0: command tx timeout [ 87.108248][ T23] cfg80211: failed to load regulatory.db [ 87.942251][ T5870] can0 (unregistered): slcan off ttyS3. [ 87.954247][ T5870] Falling back ldisc for ttyS3. [ 88.045459][ T5899] syzkaller0: entered promiscuous mode [ 88.051041][ T5899] syzkaller0: entered allmulticast mode [ 88.095240][ T5910] loop1: detected capacity change from 0 to 128 [ 88.185852][ T5912] loop2: detected capacity change from 0 to 1024 [ 88.208461][ T5912] EXT4-fs: Ignoring removed orlov option [ 88.234698][ T5914] netlink: 44 bytes leftover after parsing attributes in process `syz.0.22'. [ 88.276939][ T5912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.280909][ T5917] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.355257][ T5910] syz.1.20: attempt to access beyond end of device [ 88.355257][ T5910] loop1: rw=2049, sector=145, nr_sectors = 200 limit=128 [ 88.598800][ T5910] syz.1.20: attempt to access beyond end of device [ 88.598800][ T5910] loop1: rw=524288, sector=145, nr_sectors = 200 limit=128 [ 88.651456][ T5910] syz.1.20: attempt to access beyond end of device [ 88.651456][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.676510][ T5910] syz.1.20: attempt to access beyond end of device [ 88.676510][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.702047][ T5910] syz.1.20: attempt to access beyond end of device [ 88.702047][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.732076][ T5910] syz.1.20: attempt to access beyond end of device [ 88.732076][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.776287][ T5910] syz.1.20: attempt to access beyond end of device [ 88.776287][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.783270][ T5766] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.814707][ T5910] syz.1.20: attempt to access beyond end of device [ 88.814707][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.834938][ T5910] syz.1.20: attempt to access beyond end of device [ 88.834938][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.842943][ T5923] loop0: detected capacity change from 0 to 1024 [ 88.851666][ T5910] syz.1.20: attempt to access beyond end of device [ 88.851666][ T5910] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 88.959674][ T5923] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 89.049355][ T5923] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.121961][ T27] audit: type=1800 audit(1775270565.008:2): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.24" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 89.135942][ T5923] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: comm syz.0.24: lblock 0 mapped to illegal pblock 0 (length 1) [ 89.176624][ T5923] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 89.201244][ T5923] EXT4-fs (loop0): This should not happen!! Data will be lost [ 89.201244][ T5923] [ 89.337434][ T5923] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: comm syz.0.24: lblock 0 mapped to illegal pblock 0 (length 1) [ 89.364103][ T5929] loop2: detected capacity change from 0 to 512 [ 89.381191][ T5923] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: comm syz.0.24: lblock 0 mapped to illegal pblock 0 (length 1) [ 89.417244][ T5923] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 1: comm syz.0.24: lblock 1 mapped to illegal pblock 1 (length 3) [ 89.457929][ T5929] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 89.479194][ T5923] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117 [ 89.491906][ T5929] System zones: 1-12 [ 89.507452][ T5929] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.26: Directory hole found for htree index block 0 [ 89.532037][ T5923] EXT4-fs (loop0): This should not happen!! Data will be lost [ 89.532037][ T5923] [ 89.537658][ T5929] EXT4-fs (loop2): Remounting filesystem read-only [ 89.557722][ T5929] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 89.575223][ T5929] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 89.588955][ T5929] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.644859][ T1127] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 4: comm kworker/u4:6: lblock 4 mapped to illegal pblock 4 (length 2) [ 89.710418][ T1127] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117 [ 89.751035][ T1127] EXT4-fs (loop0): This should not happen!! Data will be lost [ 89.751035][ T1127] [ 89.769757][ T5766] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.771429][ T1127] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 8: comm kworker/u4:6: lblock 8 mapped to illegal pblock 8 (length 8) [ 89.851187][ T1127] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 89.888688][ T1127] EXT4-fs (loop0): This should not happen!! Data will be lost [ 89.888688][ T1127] [ 89.916326][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 89.952349][ T5942] loop2: detected capacity change from 0 to 512 [ 90.008468][ T5942] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 90.121105][ T5942] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 90.148154][ T5942] Quota error (device loop2): write_blk: dquota write failed [ 90.173083][ T5942] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5 [ 90.182797][ T5942] Quota error (device loop2): write_blk: dquota write failed [ 90.202280][ T5942] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 90.213175][ T5942] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.31: Failed to acquire dquot type 1 [ 90.232793][ T5942] EXT4-fs (loop2): 1 truncate cleaned up [ 90.240073][ T5942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.419095][ T5951] loop1: detected capacity change from 0 to 512 [ 92.986631][ T5766] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.259472][ T5987] loop3: detected capacity change from 0 to 512 [ 93.905191][ T6006] loop3: detected capacity change from 0 to 512 [ 93.929099][ T6006] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 94.033557][ T6006] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 94.063870][ T6006] Quota error (device loop3): write_blk: dquota write failed [ 94.071509][ T6006] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5 [ 94.080872][ T6006] Quota error (device loop3): write_blk: dquota write failed [ 94.091483][ T6006] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 94.111047][ T6006] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.51: Failed to acquire dquot type 1 [ 94.127141][ T6006] EXT4-fs (loop3): 1 truncate cleaned up [ 94.139542][ T6006] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.236621][ T6013] loop2: detected capacity change from 0 to 512 [ 94.263654][ T6017] loop0: detected capacity change from 0 to 1024 [ 94.275139][ T6017] EXT4-fs: Ignoring removed orlov option [ 94.320630][ T6017] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 94.358732][ T6017] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (24670!=35945) [ 94.402651][ T6017] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 94.438932][ T6017] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 94.489550][ T6017] EXT4-fs (loop0): Can't support bigalloc feature without extents feature [ 94.489550][ T6017] [ 94.534435][ T6020] loop2: detected capacity change from 0 to 256 [ 94.547149][ T6017] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features [ 94.588728][ T6017] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 94.612803][ T6020] FAT-fs (loop2): Directory bread(block 64) failed [ 94.619716][ T6020] FAT-fs (loop2): Directory bread(block 65) failed [ 94.647229][ T6020] FAT-fs (loop2): Directory bread(block 66) failed [ 94.672979][ T6020] FAT-fs (loop2): Directory bread(block 67) failed [ 94.705945][ T6020] FAT-fs (loop2): Directory bread(block 68) failed [ 94.736486][ T6020] FAT-fs (loop2): Directory bread(block 69) failed [ 94.759519][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.763813][ T6020] FAT-fs (loop2): Directory bread(block 70) failed [ 94.814436][ T6020] FAT-fs (loop2): Directory bread(block 71) failed [ 94.892163][ T6020] FAT-fs (loop2): Directory bread(block 72) failed [ 94.898798][ T6020] FAT-fs (loop2): Directory bread(block 73) failed [ 95.040863][ T6020] bio_check_eod: 432 callbacks suppressed [ 95.040881][ T6020] syz.2.56: attempt to access beyond end of device [ 95.040881][ T6020] loop2: rw=524288, sector=1192, nr_sectors = 4 limit=256 [ 95.084232][ T6020] syz.2.56: attempt to access beyond end of device [ 95.084232][ T6020] loop2: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 95.148293][ T27] audit: type=1800 audit(1775270571.038:3): pid=6020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.56" name="file1" dev="loop2" ino=1048605 res=0 errno=0 [ 95.276668][ T6025] Process accounting resumed [ 95.295219][ T6025] syz.2.56: attempt to access beyond end of device [ 95.295219][ T6025] loop2: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 95.373946][ T5811] kworker/1:3: attempt to access beyond end of device [ 95.373946][ T5811] loop2: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 95.587373][ T6029] 9pnet_fd: Insufficient options for proto=fd [ 96.972441][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.048493][ T6039] loop1: detected capacity change from 0 to 512 [ 97.099765][ T6040] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.913306][ T6056] 9pnet_fd: Insufficient options for proto=fd [ 98.539396][ T6068] loop1: detected capacity change from 0 to 512 [ 98.871586][ T6075] 9pnet_fd: Insufficient options for proto=fd [ 99.065660][ T6078] netlink: 44 bytes leftover after parsing attributes in process `syz.1.79'. [ 100.191606][ T6092] loop3: detected capacity change from 0 to 512 [ 100.457310][ T6097] 9pnet_fd: Insufficient options for proto=fd [ 100.569427][ T6101] netlink: 44 bytes leftover after parsing attributes in process `syz.2.90'. [ 101.155332][ T6117] loop3: detected capacity change from 0 to 512 [ 101.408618][ T6121] 9pnet_fd: Insufficient options for proto=fd [ 101.539894][ T6125] netlink: 44 bytes leftover after parsing attributes in process `syz.3.101'. [ 101.883942][ T6136] loop0: detected capacity change from 0 to 256 [ 101.925833][ T6137] loop3: detected capacity change from 0 to 512 [ 102.061060][ T6141] 9pnet_fd: Insufficient options for proto=fd [ 102.323156][ T6148] netlink: 44 bytes leftover after parsing attributes in process `syz.2.113'. [ 102.579176][ T6159] loop3: detected capacity change from 0 to 512 [ 103.000311][ T6171] netlink: 44 bytes leftover after parsing attributes in process `syz.1.124'. [ 103.277109][ T6182] loop3: detected capacity change from 0 to 512 [ 103.468751][ T6187] loop2: detected capacity change from 0 to 256 [ 103.763772][ T6197] netlink: 44 bytes leftover after parsing attributes in process `syz.3.136'. [ 104.093498][ T6206] netlink: 71 bytes leftover after parsing attributes in process `syz.0.141'. [ 104.193610][ T6209] syzkaller0: entered promiscuous mode [ 104.199595][ T6209] syzkaller0: entered allmulticast mode [ 104.258304][ T6209] 0: reclassify loop, rule prio 0, protocol 800 [ 104.383472][ T6215] netlink: 44 bytes leftover after parsing attributes in process `syz.0.146'. [ 105.115009][ T6239] loop2: detected capacity change from 0 to 256 [ 105.280626][ T6243] netlink: 44 bytes leftover after parsing attributes in process `syz.2.158'. [ 105.934980][ T6261] netlink: 44 bytes leftover after parsing attributes in process `syz.3.167'. [ 106.550841][ T6288] loop2: detected capacity change from 0 to 512 [ 106.563426][ T6288] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 106.583913][ T6288] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 106.606052][ T6288] EXT4-fs (loop2): 1 truncate cleaned up [ 106.626465][ T6288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.709581][ T5766] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /43/file1/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 106.742071][ T5766] EXT4-fs (loop2): Remounting filesystem read-only [ 106.824102][ T6294] loop1: detected capacity change from 0 to 512 [ 106.871175][ T6294] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 106.904405][ T6294] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 106.919712][ T6294] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2)! [ 106.933572][ T6294] EXT4-fs (loop1): group descriptors corrupted! [ 107.101076][ T5766] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.207383][ T3482] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.245864][ T6303] Zero length message leads to an empty skb [ 107.376356][ T3482] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.471351][ T3482] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.562706][ T3482] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.974441][ T6314] netlink: 'syz.0.190': attribute type 39 has an invalid length. [ 108.026265][ T6316] loop3: detected capacity change from 0 to 512 [ 108.089620][ T6316] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 108.130498][ T6316] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.191: iget: bad i_size value: 38620345925642 [ 108.169396][ T6316] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.191: couldn't read orphan inode 15 (err -117) [ 108.217791][ T6316] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.453997][ T40] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm kworker/u4:2: bg 0: block 5: invalid block bitmap [ 108.508204][ T40] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 516 with error 28 [ 108.530522][ T40] EXT4-fs (loop3): This should not happen!! Data will be lost [ 108.530522][ T40] [ 108.544605][ T40] EXT4-fs (loop3): Total free blocks count 0 [ 108.550652][ T40] EXT4-fs (loop3): Free/Dirty block details [ 108.556856][ T40] EXT4-fs (loop3): free_blocks=0 [ 108.572086][ T40] EXT4-fs (loop3): dirty_blocks=520 [ 108.605105][ T40] EXT4-fs (loop3): Block reservation details [ 108.611705][ T5774] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 108.625388][ T40] EXT4-fs (loop3): i_reserved_data_blocks=520 [ 108.632773][ T5774] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 108.643682][ T5774] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 108.666513][ T5774] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 108.685048][ T5774] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 108.702396][ T5774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 108.711331][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.965053][ T6340] netlink: 44 bytes leftover after parsing attributes in process `syz.3.194'. [ 109.853431][ T6366] loop0: detected capacity change from 0 to 512 [ 109.901666][ T6366] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 109.910325][ T6366] EXT4-fs (loop0): orphan cleanup on readonly fs [ 109.928263][ T6330] chnl_net:caif_netlink_parms(): no params data found [ 109.997564][ T6366] EXT4-fs error (device loop0): ext4_do_update_inode:5248: inode #16: comm syz.0.204: corrupted inode contents [ 110.040710][ T6366] EXT4-fs (loop0): Remounting filesystem read-only [ 110.048860][ T6366] EXT4-fs (loop0): 1 truncate cleaned up [ 110.063042][ T1127] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 110.077044][ T1127] Quota error (device loop0): write_blk: dquota write failed [ 110.090953][ T1127] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 110.107481][ T1127] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 110.125034][ T1127] Quota error (device loop0): write_blk: dquota write failed [ 110.139235][ T1127] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 110.157999][ T1127] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 110.222529][ T1127] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 110.268597][ T1127] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 110.336023][ T6366] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 110.442590][ T3482] hsr_slave_0: left promiscuous mode [ 110.513288][ T3482] hsr_slave_1: left promiscuous mode [ 110.543024][ T3482] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.550627][ T3482] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.581038][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.623822][ T3482] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.631499][ T3482] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.643847][ T6387] netlink: 44 bytes leftover after parsing attributes in process `syz.1.206'. [ 110.700273][ T3482] bridge_slave_1: left allmulticast mode [ 110.731814][ T3482] bridge_slave_1: left promiscuous mode [ 110.738907][ T3482] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.778682][ T5774] Bluetooth: hci1: command tx timeout [ 110.814081][ T3482] bridge_slave_0: left allmulticast mode [ 110.820279][ T3482] bridge_slave_0: left promiscuous mode [ 110.851573][ T3482] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.982851][ T3482] veth1_macvtap: left promiscuous mode [ 111.029218][ T3482] veth0_macvtap: left promiscuous mode [ 111.038875][ T3482] veth1_vlan: left promiscuous mode [ 111.053421][ T3482] veth0_vlan: left promiscuous mode [ 111.817657][ T3482] team0 (unregistering): Port device team_slave_1 removed [ 111.864700][ T3482] team0 (unregistering): Port device team_slave_0 removed [ 111.910189][ T3482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.991478][ T3482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.323569][ T3482] bond0 (unregistering): Released all slaves [ 112.417911][ T6330] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.426487][ T6330] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.433913][ T6330] bridge_slave_0: entered allmulticast mode [ 112.440815][ T6330] bridge_slave_0: entered promiscuous mode [ 112.494826][ T6330] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.507250][ T6330] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.521257][ T6330] bridge_slave_1: entered allmulticast mode [ 112.535787][ T6330] bridge_slave_1: entered promiscuous mode [ 112.607991][ T6330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.646462][ T6330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.658295][ T6416] loop0: detected capacity change from 0 to 512 [ 112.705461][ T6416] EXT4-fs: Ignoring removed mblk_io_submit option [ 112.729259][ T6416] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 112.780066][ T6330] team0: Port device team_slave_0 added [ 112.792206][ T6416] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 112.823987][ T6330] team0: Port device team_slave_1 added [ 112.852005][ T5774] Bluetooth: hci1: command tx timeout [ 112.892271][ T6416] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.907751][ T6330] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.915222][ T6330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.977675][ T6416] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 113.027120][ T6330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.050828][ T6426] netlink: 44 bytes leftover after parsing attributes in process `syz.3.217'. [ 113.074467][ T6330] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.101920][ T6330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.206559][ T6330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.229057][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.496635][ T6330] hsr_slave_0: entered promiscuous mode [ 113.525642][ T6330] hsr_slave_1: entered promiscuous mode [ 113.539722][ T6330] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.554383][ T6330] Cannot create hsr debugfs directory [ 114.119197][ T6460] loop0: detected capacity change from 0 to 128 [ 114.268374][ T6330] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 114.288912][ T6330] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 114.304445][ T6330] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 114.320980][ T6330] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 114.624884][ T6469] netlink: 44 bytes leftover after parsing attributes in process `syz.3.227'. [ 114.645335][ T6330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.705259][ T6330] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.720560][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.728206][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.851536][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.859089][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.933095][ T5774] Bluetooth: hci1: command tx timeout [ 115.069769][ T6330] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 115.127452][ T6330] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 115.645168][ T6330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.807998][ T6510] mmap: syz.1.236 (6510) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 116.143352][ T6525] netlink: 44 bytes leftover after parsing attributes in process `syz.1.237'. [ 116.265540][ T6330] veth0_vlan: entered promiscuous mode [ 116.291737][ T6330] veth1_vlan: entered promiscuous mode [ 116.349496][ T6330] veth0_macvtap: entered promiscuous mode [ 116.367207][ T6330] veth1_macvtap: entered promiscuous mode [ 116.393308][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.404010][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.415252][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.425945][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.436071][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.446612][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.459241][ T6330] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.480607][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.491464][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.501356][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.512927][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.522938][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.533844][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.545652][ T6330] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.567169][ T6330] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.582894][ T6330] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.591660][ T6330] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.626534][ T6330] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.012657][ T5774] Bluetooth: hci1: command tx timeout [ 117.029748][ T6546] netlink: 44 bytes leftover after parsing attributes in process `syz.3.246'. [ 117.866105][ T6566] netlink: 44 bytes leftover after parsing attributes in process `syz.1.254'. [ 117.984656][ T6483] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 117.997192][ T6570] IPv6: NLM_F_CREATE should be specified when creating new route [ 118.012037][ T6570] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 118.020032][ T6570] IPv6: NLM_F_CREATE should be set when creating new route [ 118.163136][ T3521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.171028][ T3521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.266897][ T3521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.281121][ T3521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.774843][ T6593] netlink: 44 bytes leftover after parsing attributes in process `syz.3.262'. [ 119.026650][ T6601] netlink: 'syz.4.265': attribute type 5 has an invalid length. [ 119.348443][ T6618] netlink: 64 bytes leftover after parsing attributes in process `syz.3.270'. [ 119.747209][ T6628] netlink: 256 bytes leftover after parsing attributes in process `syz.4.272'. [ 119.772073][ T6628] netlink: 56 bytes leftover after parsing attributes in process `syz.4.272'. [ 119.925685][ T6633] netlink: 44 bytes leftover after parsing attributes in process `syz.1.275'. [ 120.261477][ T6642] syzkaller0: entered promiscuous mode [ 120.287158][ T6642] syzkaller0: entered allmulticast mode [ 120.359181][ T6642] TC_ACT_REPEAT abuse ? [ 120.510981][ T6657] loop0: detected capacity change from 0 to 512 [ 120.561039][ T6657] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 120.562520][ T6660] futex_wake_op: syz.3.283 tries to shift op by 32; fix this program [ 120.723598][ T6657] EXT4-fs (loop0): 1 orphan inode deleted [ 120.748925][ T6657] EXT4-fs (loop0): 1 truncate cleaned up [ 120.786181][ T6657] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.978919][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.155340][ T6680] netlink: 44 bytes leftover after parsing attributes in process `syz.0.288'. [ 121.220222][ T6682] loop4: detected capacity change from 0 to 136 [ 121.276533][ T6682] rock: directory entry would overflow storage [ 121.293126][ T6682] rock: sig=0x4f50, size=4, remaining=3 [ 121.308655][ T6682] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 121.868693][ T6702] loop4: detected capacity change from 0 to 1024 [ 121.946167][ T6702] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 122.056322][ T6702] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.163331][ T6702] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #11: comm syz.4.294: missing EA_INODE flag [ 122.197124][ T6716] netlink: 44 bytes leftover after parsing attributes in process `syz.1.298'. [ 122.220063][ T6702] EXT4-fs (loop4): Remounting filesystem read-only [ 122.330416][ T6330] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.743511][ T6734] syz_tun: entered allmulticast mode [ 122.770791][ T6734] syz_tun: left allmulticast mode [ 122.917616][ T6739] syzkaller0: entered promiscuous mode [ 122.931685][ T6739] syzkaller0: entered allmulticast mode [ 122.947178][ T6739] ------------[ cut here ]------------ [ 122.953045][ T6739] WARNING: CPU: 0 PID: 6739 at include/linux/skbuff.h:2903 em_nbyte_match+0x2d0/0x3e0 [ 122.962772][ T6739] Modules linked in: [ 122.966692][ T6739] CPU: 0 PID: 6739 Comm: syz.4.307 Not tainted syzkaller #0 [ 122.974033][ T6739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 122.984418][ T6739] RIP: 0010:em_nbyte_match+0x2d0/0x3e0 [ 122.990082][ T6739] Code: c0 eb 07 e8 62 73 d4 f8 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4c 73 d4 f8 0f 0b e9 e5 fe ff ff e8 40 73 d4 f8 <0f> 0b e9 00 fe ff ff 89 d1 80 e1 07 fe c1 38 c1 0f 8c 7a fd ff ff [ 123.009827][ T6739] RSP: 0018:ffffc90004e2f118 EFLAGS: 00010287 [ 123.015942][ T6739] RAX: ffffffff88b2ace0 RBX: ffff88802504a8c0 RCX: 0000000000080000 [ 123.023978][ T6739] RDX: ffffc90004ed9000 RSI: 00000000000007b0 RDI: 00000000000007b1 [ 123.032231][ T6739] RBP: 000000000000ffff R08: ffff8880225bda00 R09: 0000000000000003 [ 123.040231][ T6739] R10: 0000000000000002 R11: 0000000000000002 R12: dffffc0000000000 [ 123.048309][ T6739] R13: 1ffff11004a0952e R14: ffff888144316050 R15: 1ffff11028862c0a [ 123.056306][ T6739] FS: 00007f72eb8836c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 123.065436][ T6739] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.072042][ T6739] CR2: 000000110c40b426 CR3: 000000005a261000 CR4: 00000000003506f0 [ 123.080037][ T6739] Call Trace: [ 123.083341][ T6739] [ 123.086382][ T6739] __tcf_em_tree_match+0x1cf/0x7a0 [ 123.091528][ T6739] ? tcf_em_tree_dump+0x900/0x900 [ 123.096580][ T6739] ? __lock_acquire+0x1273/0x7d40 [ 123.101650][ T6739] basic_classify+0x115/0x2d0 [ 123.106445][ T6739] tcf_classify+0x4c4/0xeb0 [ 123.110967][ T6739] multiq_enqueue+0x103/0x4c0 [ 123.115675][ T6739] ? sch_tree_unlock+0x1b0/0x1b0 [ 123.120664][ T6739] ? do_raw_spin_lock+0x11f/0x2c0 [ 123.125731][ T6739] ? __rwlock_init+0x150/0x150 [ 123.130743][ T6739] dev_qdisc_enqueue+0x48/0x220 [ 123.135770][ T6739] ? __dev_queue_xmit+0xd30/0x3660 [ 123.141080][ T6739] __dev_queue_xmit+0xe96/0x3660 [ 123.146149][ T6739] ? __dev_queue_xmit+0x265/0x3660 [ 123.151269][ T6739] ? sock_alloc_send_pskb+0x8a1/0x9a0 [ 123.156711][ T6739] ? netdev_core_pick_tx+0x340/0x340 [ 123.162056][ T6739] ? packet_parse_headers+0x85e/0xac0 [ 123.167455][ T6739] ? __virt_addr_valid+0x18c/0x540 [ 123.172719][ T6739] ? __check_object_size+0x506/0xa20 [ 123.178041][ T6739] ? skb_setup_tx_timestamp+0x1f0/0x1f0 [ 123.183619][ T6739] ? skb_copy_datagram_from_iter+0x5f6/0x6e0 [ 123.189697][ T6739] ? packet_xmit+0x66/0x330 [ 123.194229][ T6739] ? packet_sendmsg+0x3a37/0x4d70 [ 123.199264][ T6739] packet_sendmsg+0x3b7a/0x4d70 [ 123.204254][ T6739] ? verify_lock_unused+0x140/0x140 [ 123.209458][ T6739] ? finish_task_switch+0x265/0x8f0 [ 123.214681][ T6739] ? verify_lock_unused+0x140/0x140 [ 123.219880][ T6739] ? aa_sk_perm+0x83c/0x970 [ 123.224444][ T6739] ? packet_getsockopt+0xad0/0xad0 [ 123.229585][ T6739] ? aa_sock_msg_perm+0x94/0x150 [ 123.234584][ T6739] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 123.239897][ T6739] ? security_socket_sendmsg+0x80/0xa0 [ 123.245472][ T6739] ? packet_getsockopt+0xad0/0xad0 [ 123.250610][ T6739] ____sys_sendmsg+0x5ba/0x960 [ 123.255496][ T6739] ? __lock_acquire+0x7d40/0x7d40 [ 123.260522][ T6739] ? __asan_memset+0x22/0x40 [ 123.265228][ T6739] ? __sys_sendmsg_sock+0x30/0x30 [ 123.270249][ T6739] ? __import_iovec+0x5f2/0x850 [ 123.275213][ T6739] ? import_iovec+0x73/0xa0 [ 123.279804][ T6739] ___sys_sendmsg+0x2a6/0x360 [ 123.284555][ T6739] ? __sys_sendmsg+0x2a0/0x2a0 [ 123.289394][ T6739] __se_sys_sendmsg+0x1c2/0x2b0 [ 123.294354][ T6739] ? __x64_sys_sendmsg+0x80/0x80 [ 123.299308][ T6739] ? lockdep_hardirqs_on+0x98/0x150 [ 123.304540][ T6739] do_syscall_64+0x55/0xa0 [ 123.308978][ T6739] ? clear_bhb_loop+0x40/0x90 [ 123.313693][ T6739] ? clear_bhb_loop+0x40/0x90 [ 123.318454][ T6739] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 123.324370][ T6739] RIP: 0033:0x7f72ea99c819 [ 123.328784][ T6739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 123.348538][ T6739] RSP: 002b:00007f72eb883028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.357005][ T6739] RAX: ffffffffffffffda RBX: 00007f72eac15fa0 RCX: 00007f72ea99c819 [ 123.365092][ T6739] RDX: 000000000004c00c RSI: 00002000000000c0 RDI: 0000000000000005 [ 123.373087][ T6739] RBP: 00007f72eaa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 123.381062][ T6739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.389489][ T6739] R13: 00007f72eac16038 R14: 00007f72eac15fa0 R15: 00007ffee10af118 [ 123.397515][ T6739] [ 123.400539][ T6739] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 123.408039][ T6739] CPU: 0 PID: 6739 Comm: syz.4.307 Not tainted syzkaller #0 [ 123.415510][ T6739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 123.425738][ T6739] Call Trace: [ 123.429078][ T6739] [ 123.432014][ T6739] dump_stack_lvl+0x18c/0x250 [ 123.436728][ T6739] ? show_regs_print_info+0x20/0x20 [ 123.442276][ T6739] ? load_image+0x400/0x400 [ 123.446826][ T6739] panic+0x2dc/0x730 [ 123.450735][ T6739] ? bpf_jit_dump+0xd0/0xd0 [ 123.455242][ T6739] __warn+0x2e0/0x470 [ 123.459224][ T6739] ? em_nbyte_match+0x2d0/0x3e0 [ 123.464157][ T6739] ? em_nbyte_match+0x2d0/0x3e0 [ 123.469002][ T6739] report_bug+0x2be/0x4f0 [ 123.473332][ T6739] ? em_nbyte_match+0x2d0/0x3e0 [ 123.478268][ T6739] ? em_nbyte_match+0x2d0/0x3e0 [ 123.483304][ T6739] ? em_nbyte_match+0x2d2/0x3e0 [ 123.488256][ T6739] handle_bug+0xcf/0x120 [ 123.492611][ T6739] exc_invalid_op+0x1a/0x50 [ 123.497130][ T6739] asm_exc_invalid_op+0x1a/0x20 [ 123.502005][ T6739] RIP: 0010:em_nbyte_match+0x2d0/0x3e0 [ 123.507475][ T6739] Code: c0 eb 07 e8 62 73 d4 f8 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4c 73 d4 f8 0f 0b e9 e5 fe ff ff e8 40 73 d4 f8 <0f> 0b e9 00 fe ff ff 89 d1 80 e1 07 fe c1 38 c1 0f 8c 7a fd ff ff [ 123.527161][ T6739] RSP: 0018:ffffc90004e2f118 EFLAGS: 00010287 [ 123.533221][ T6739] RAX: ffffffff88b2ace0 RBX: ffff88802504a8c0 RCX: 0000000000080000 [ 123.541194][ T6739] RDX: ffffc90004ed9000 RSI: 00000000000007b0 RDI: 00000000000007b1 [ 123.549263][ T6739] RBP: 000000000000ffff R08: ffff8880225bda00 R09: 0000000000000003 [ 123.557340][ T6739] R10: 0000000000000002 R11: 0000000000000002 R12: dffffc0000000000 [ 123.565313][ T6739] R13: 1ffff11004a0952e R14: ffff888144316050 R15: 1ffff11028862c0a [ 123.573382][ T6739] ? em_nbyte_match+0x2d0/0x3e0 [ 123.578258][ T6739] ? em_nbyte_match+0x2d0/0x3e0 [ 123.583128][ T6739] __tcf_em_tree_match+0x1cf/0x7a0 [ 123.588241][ T6739] ? tcf_em_tree_dump+0x900/0x900 [ 123.593270][ T6739] ? __lock_acquire+0x1273/0x7d40 [ 123.598306][ T6739] basic_classify+0x115/0x2d0 [ 123.603094][ T6739] tcf_classify+0x4c4/0xeb0 [ 123.607610][ T6739] multiq_enqueue+0x103/0x4c0 [ 123.612290][ T6739] ? sch_tree_unlock+0x1b0/0x1b0 [ 123.617236][ T6739] ? do_raw_spin_lock+0x11f/0x2c0 [ 123.622262][ T6739] ? __rwlock_init+0x150/0x150 [ 123.627047][ T6739] dev_qdisc_enqueue+0x48/0x220 [ 123.631907][ T6739] ? __dev_queue_xmit+0xd30/0x3660 [ 123.637117][ T6739] __dev_queue_xmit+0xe96/0x3660 [ 123.642158][ T6739] ? __dev_queue_xmit+0x265/0x3660 [ 123.647294][ T6739] ? sock_alloc_send_pskb+0x8a1/0x9a0 [ 123.652961][ T6739] ? netdev_core_pick_tx+0x340/0x340 [ 123.658321][ T6739] ? packet_parse_headers+0x85e/0xac0 [ 123.663865][ T6739] ? __virt_addr_valid+0x18c/0x540 [ 123.669237][ T6739] ? __check_object_size+0x506/0xa20 [ 123.674551][ T6739] ? skb_setup_tx_timestamp+0x1f0/0x1f0 [ 123.680097][ T6739] ? skb_copy_datagram_from_iter+0x5f6/0x6e0 [ 123.686427][ T6739] ? packet_xmit+0x66/0x330 [ 123.691010][ T6739] ? packet_sendmsg+0x3a37/0x4d70 [ 123.696117][ T6739] packet_sendmsg+0x3b7a/0x4d70 [ 123.701191][ T6739] ? verify_lock_unused+0x140/0x140 [ 123.706832][ T6739] ? finish_task_switch+0x265/0x8f0 [ 123.712044][ T6739] ? verify_lock_unused+0x140/0x140 [ 123.717339][ T6739] ? aa_sk_perm+0x83c/0x970 [ 123.721849][ T6739] ? packet_getsockopt+0xad0/0xad0 [ 123.726974][ T6739] ? aa_sock_msg_perm+0x94/0x150 [ 123.731915][ T6739] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 123.737229][ T6739] ? security_socket_sendmsg+0x80/0xa0 [ 123.742706][ T6739] ? packet_getsockopt+0xad0/0xad0 [ 123.747842][ T6739] ____sys_sendmsg+0x5ba/0x960 [ 123.752618][ T6739] ? __lock_acquire+0x7d40/0x7d40 [ 123.757651][ T6739] ? __asan_memset+0x22/0x40 [ 123.762256][ T6739] ? __sys_sendmsg_sock+0x30/0x30 [ 123.767294][ T6739] ? __import_iovec+0x5f2/0x850 [ 123.772170][ T6739] ? import_iovec+0x73/0xa0 [ 123.776791][ T6739] ___sys_sendmsg+0x2a6/0x360 [ 123.781477][ T6739] ? __sys_sendmsg+0x2a0/0x2a0 [ 123.786361][ T6739] __se_sys_sendmsg+0x1c2/0x2b0 [ 123.791211][ T6739] ? __x64_sys_sendmsg+0x80/0x80 [ 123.796259][ T6739] ? lockdep_hardirqs_on+0x98/0x150 [ 123.801526][ T6739] do_syscall_64+0x55/0xa0 [ 123.805961][ T6739] ? clear_bhb_loop+0x40/0x90 [ 123.810726][ T6739] ? clear_bhb_loop+0x40/0x90 [ 123.815406][ T6739] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 123.821296][ T6739] RIP: 0033:0x7f72ea99c819 [ 123.825731][ T6739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 123.845507][ T6739] RSP: 002b:00007f72eb883028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.854011][ T6739] RAX: ffffffffffffffda RBX: 00007f72eac15fa0 RCX: 00007f72ea99c819 [ 123.861980][ T6739] RDX: 000000000004c00c RSI: 00002000000000c0 RDI: 0000000000000005 [ 123.870048][ T6739] RBP: 00007f72eaa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 123.878012][ T6739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.885991][ T6739] R13: 00007f72eac16038 R14: 00007f72eac15fa0 R15: 00007ffee10af118 [ 123.893977][ T6739] [ 123.897493][ T6739] Kernel Offset: disabled [ 123.901899][ T6739] Rebooting in 86400 seconds..