last executing test programs: 3.953772913s ago: executing program 3 (id=4): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) 3.059936269s ago: executing program 0 (id=12): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x200a}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "fa"}]}, @NFTA_CMP_OP={0x8}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc0}}, 0x0) 2.785143271s ago: executing program 1 (id=13): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) socket$inet(0x2, 0x1, 0x0) fgetxattr(r0, &(0x7f00000000c0)=@known='user.incfs.metadata\x00', &(0x7f0000000500)=""/213, 0xd5) mkdir(&(0x7f0000000400)='./file1\x00', 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r3, 0x4) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 2.699058193s ago: executing program 2 (id=14): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000e40)='\b', 0x17ff}], 0x5) 2.649441898s ago: executing program 0 (id=15): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r1) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r1}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000280)=@chain={'key_or_keyring:', r2}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r3, 0x0, 0x6e}, 0x18) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xb) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYRES16], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f600000085"], 0x0, 0x0, 0x0, 0x0, 0x20780, 0x40, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='rxrpc_call_reset\x00', r5, 0x0, 0x1}, 0x18) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000840)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x1}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x2, 0x1}, 0x10) sendmsg$tipc(r7, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000090}, 0x95) r8 = dup3(r6, r7, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r8, 0x10f, 0x88) 2.341178278s ago: executing program 0 (id=18): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010200000000000000000700"], 0xe8}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x16b, @time={0x6fd, 0x7}, 0x0, {0x0, 0xff}, 0x0, 0x0, 0x2}) 2.261102581s ago: executing program 4 (id=19): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x2, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x24, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x93}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010102}}}]}]}, 0x7c}}, 0x0) 2.1014332s ago: executing program 4 (id=20): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4c24, @empty}}, 0x6, 0x6}, 0x90) sendmsg$inet6(r1, &(0x7f0000000540)={&(0x7f0000000000)={0xa, 0x4e24, 0x7fff, @loopback, 0x6}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000040)="f0", 0x1}], 0x1}, 0x54) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e20, @empty}}, 0xe, 0x2b, 0xa4f, 0xc1, 0x28, 0xffffff81, 0x80}, 0x9c) 2.082015793s ago: executing program 0 (id=21): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x4, 0x0, &(0x7f0000000000)="259a53f2", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r0 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x82, &(0x7f0000000000)=""/4087, 0x0) 2.07119526s ago: executing program 2 (id=22): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) r2 = dup(r1) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000540)={0x23, 0x1, 0x2, 0x2001, 0x0, 0x3, 0x0}) 1.893114021s ago: executing program 0 (id=23): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) add_key(&(0x7f0000000440)='dns_resolver\x00', 0x0, &(0x7f00000004c0)="a079394a04954e2d1523cd274d954f18a7b1235d2023e670955c12e7265fa97c2cfb7ba5f67d4a0f06d00c089c2dbb7034ddf203c4f50b4d19d6ab0b49d345571461f3c9bc2be016252397574e61cd9b5fc6337f92b077112e9d69d5f0d761e584bd5f7a22aa334740193d174c89a6670c", 0x71, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20) pselect6(0x40, &(0x7f0000000240)={0xffffffffffff4557, 0x4, 0xfffffffffffffff7, 0x1, 0x62a, 0x1, 0x7, 0x2}, &(0x7f0000000280)={0x3, 0x3e, 0x4, 0x7, 0x3, 0x1ccc200000000, 0x1, 0x3ec4d2c1}, &(0x7f0000000300)={0x9, 0xfffffffffffffffe, 0x8, 0xb, 0xb, 0x3, 0x8000, 0x7f}, &(0x7f0000000340), &(0x7f00000003c0)={&(0x7f0000000380)={[0x5]}, 0x8}) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) r5 = pidfd_getfd(r4, r4, 0x0) setns(r5, 0x66020000) r6 = syz_pidfd_open(0x0, 0x0) setns(r6, 0x24020000) syz_clone(0xf5982500, 0x0, 0x0, 0x0, 0x0, 0x0) 1.89265554s ago: executing program 3 (id=24): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001860000000000000e9ff00000400000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c25"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r2 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8) close(r2) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$LINK_DETACH(0x22, 0x0, 0x0) 1.814730015s ago: executing program 2 (id=25): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x200a}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "fa"}]}, @NFTA_CMP_OP={0x8}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc0}}, 0x0) 1.802394577s ago: executing program 1 (id=26): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0xe) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, 0x0}) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, 0x0) 1.493350117s ago: executing program 4 (id=27): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 735.670987ms ago: executing program 1 (id=28): socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc0a00e9bfde908990817b364e51afe9c81a97f0570759f1cae63487ff68fffffffffffe8e3932e2b7185a25a4cf8a9456aa8a701c318c67edb6e9330b53c0eeba8644311ba75411890700000000000000d8e5b1dc91c5499bea0977"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24}, 0x94) r1 = syz_io_uring_setup(0x38, &(0x7f0000000140)={0x0, 0x1d2d, 0x13500}, &(0x7f0000000240), &(0x7f0000000480)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x21, &(0x7f0000000440), 0x1) 734.987316ms ago: executing program 4 (id=29): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x14) setresuid(0xee00, 0xee00, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x1) 594.415865ms ago: executing program 2 (id=30): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x24ef5, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 437.240902ms ago: executing program 1 (id=31): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c00000009"], 0xe8}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x16b, @time={0x6fd, 0x7}, 0x0, {0x0, 0xff}, 0x0, 0x0, 0x2}) 436.882299ms ago: executing program 4 (id=32): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x2, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x24, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x93}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010102}}}]}]}, 0x7c}}, 0x0) 406.402693ms ago: executing program 2 (id=33): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x4, 0x0, &(0x7f0000000000)="259a53f2", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r0 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x82, &(0x7f0000000000)=""/4087, 0x0) 276.649535ms ago: executing program 1 (id=34): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000e40)='\b', 0x17ff}], 0x5) 201.810987ms ago: executing program 4 (id=35): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) 141.260477ms ago: executing program 2 (id=36): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)={0x34, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4004000) 23.672248ms ago: executing program 0 (id=37): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) socket$inet(0x2, 0x1, 0x0) fgetxattr(r0, &(0x7f00000000c0)=@known='user.incfs.metadata\x00', &(0x7f0000000500)=""/213, 0xd5) mkdir(&(0x7f0000000400)='./file1\x00', 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r3, 0x4) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 0s ago: executing program 1 (id=38): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) shutdown(r0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan1\x00'}) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.109' (ED25519) to the list of known hosts. [ 89.569406][ T5814] cgroup: Unknown subsys name 'net' [ 89.664543][ T5814] cgroup: Unknown subsys name 'cpuset' [ 89.673970][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.361491][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.295233][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.303924][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.311738][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.319908][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.327750][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.360800][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.383460][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.391429][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.399566][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.407987][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.494860][ T5147] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.504268][ T5147] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.513736][ T5828] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.524688][ T5828] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.532961][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.541656][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.549334][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.558032][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.566164][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.575104][ T5828] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.596815][ T5828] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 95.607857][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 95.616138][ T5828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 95.629996][ T5828] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 95.641748][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 96.174658][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 96.228139][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 96.386334][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 96.486733][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 96.570906][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.578257][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.587562][ T5829] bridge_slave_0: entered allmulticast mode [ 96.595196][ T5829] bridge_slave_0: entered promiscuous mode [ 96.668200][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.675496][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.682833][ T5829] bridge_slave_1: entered allmulticast mode [ 96.690192][ T5829] bridge_slave_1: entered promiscuous mode [ 96.710142][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.717859][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.725187][ T5825] bridge_slave_0: entered allmulticast mode [ 96.732618][ T5825] bridge_slave_0: entered promiscuous mode [ 96.746039][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.753927][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.761685][ T5825] bridge_slave_1: entered allmulticast mode [ 96.769371][ T5825] bridge_slave_1: entered promiscuous mode [ 96.810086][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 96.835705][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.843025][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.850219][ T5835] bridge_slave_0: entered allmulticast mode [ 96.858692][ T5835] bridge_slave_0: entered promiscuous mode [ 96.912080][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.919390][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.930323][ T5835] bridge_slave_1: entered allmulticast mode [ 96.938034][ T5835] bridge_slave_1: entered promiscuous mode [ 96.949442][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.962538][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.989851][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.062066][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.140763][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.152539][ T5829] team0: Port device team_slave_0 added [ 97.158266][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.165624][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.172906][ T5840] bridge_slave_0: entered allmulticast mode [ 97.180198][ T5840] bridge_slave_0: entered promiscuous mode [ 97.210732][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.222347][ T5829] team0: Port device team_slave_1 added [ 97.243163][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.250341][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.257784][ T5840] bridge_slave_1: entered allmulticast mode [ 97.265215][ T5840] bridge_slave_1: entered promiscuous mode [ 97.280167][ T5825] team0: Port device team_slave_0 added [ 97.344249][ T5825] team0: Port device team_slave_1 added [ 97.365119][ T5835] team0: Port device team_slave_0 added [ 97.416991][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.424214][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.450575][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.462129][ T5832] Bluetooth: hci0: command tx timeout [ 97.470891][ T5832] Bluetooth: hci1: command tx timeout [ 97.472398][ T5835] team0: Port device team_slave_1 added [ 97.499338][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.508755][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.516687][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.524377][ T5834] bridge_slave_0: entered allmulticast mode [ 97.532057][ T5834] bridge_slave_0: entered promiscuous mode [ 97.553313][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.560291][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.586626][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.614257][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.620810][ T5828] Bluetooth: hci3: command tx timeout [ 97.630269][ T5832] Bluetooth: hci2: command tx timeout [ 97.642630][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.649808][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.657218][ T5834] bridge_slave_1: entered allmulticast mode [ 97.665034][ T5834] bridge_slave_1: entered promiscuous mode [ 97.672806][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.679773][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.706790][ T5832] Bluetooth: hci4: command tx timeout [ 97.712288][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.732559][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.739613][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.766188][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.779762][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.786908][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.813081][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.841016][ T5840] team0: Port device team_slave_0 added [ 97.861934][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.868913][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.895455][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.916809][ T5840] team0: Port device team_slave_1 added [ 97.945612][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.998840][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.051808][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.058791][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.085388][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.098921][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.106301][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.133659][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.160798][ T5834] team0: Port device team_slave_0 added [ 98.172663][ T5829] hsr_slave_0: entered promiscuous mode [ 98.179949][ T5829] hsr_slave_1: entered promiscuous mode [ 98.223512][ T5834] team0: Port device team_slave_1 added [ 98.235634][ T5835] hsr_slave_0: entered promiscuous mode [ 98.242337][ T5835] hsr_slave_1: entered promiscuous mode [ 98.248791][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 98.254695][ T5835] Cannot create hsr debugfs directory [ 98.289027][ T5825] hsr_slave_0: entered promiscuous mode [ 98.295990][ T5825] hsr_slave_1: entered promiscuous mode [ 98.302831][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 98.308587][ T5825] Cannot create hsr debugfs directory [ 98.427315][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.435204][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.461298][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.504560][ T5840] hsr_slave_0: entered promiscuous mode [ 98.512173][ T5840] hsr_slave_1: entered promiscuous mode [ 98.518703][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 98.524867][ T5840] Cannot create hsr debugfs directory [ 98.550112][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.557139][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.583462][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.788831][ T5834] hsr_slave_0: entered promiscuous mode [ 98.797297][ T5834] hsr_slave_1: entered promiscuous mode [ 98.811928][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 98.817712][ T5834] Cannot create hsr debugfs directory [ 99.197110][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 99.214424][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 99.225240][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.245362][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 99.321728][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.333373][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.368653][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.394038][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.443180][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.474534][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.487379][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.512549][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.541198][ T5832] Bluetooth: hci1: command tx timeout [ 99.541206][ T5828] Bluetooth: hci0: command tx timeout [ 99.606219][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.619963][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 99.657173][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 99.670162][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.702076][ T5832] Bluetooth: hci2: command tx timeout [ 99.702085][ T5828] Bluetooth: hci3: command tx timeout [ 99.717550][ T793] cfg80211: failed to load regulatory.db [ 99.781072][ T5832] Bluetooth: hci4: command tx timeout [ 99.794042][ T5834] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 99.805345][ T5834] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 99.817519][ T5834] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 99.836596][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.853200][ T5834] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 99.869160][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.905329][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.933150][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.940537][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.960195][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.967408][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.987605][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.011223][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.018417][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.063066][ T3556] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.070215][ T3556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.212719][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.235854][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.325276][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.346813][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.377670][ T3532] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.384921][ T3532] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.426010][ T3556] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.433288][ T3556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.453950][ T3532] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.461216][ T3532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.514921][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.539779][ T3532] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.547081][ T3532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.658475][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.695201][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.718284][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.725614][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.778319][ T3556] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.785539][ T3556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.809953][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.997932][ T5829] veth0_vlan: entered promiscuous mode [ 101.087734][ T5829] veth1_vlan: entered promiscuous mode [ 101.155898][ T5825] veth0_vlan: entered promiscuous mode [ 101.217378][ T5825] veth1_vlan: entered promiscuous mode [ 101.255709][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.287246][ T5829] veth0_macvtap: entered promiscuous mode [ 101.308786][ T5829] veth1_macvtap: entered promiscuous mode [ 101.354944][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.389813][ T5825] veth0_macvtap: entered promiscuous mode [ 101.430272][ T5825] veth1_macvtap: entered promiscuous mode [ 101.447174][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.480239][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.519710][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.546386][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.565245][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.576917][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.595019][ T5835] veth0_vlan: entered promiscuous mode [ 101.608894][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.618081][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.628522][ T5832] Bluetooth: hci0: command tx timeout [ 101.630867][ T5832] Bluetooth: hci1: command tx timeout [ 101.641783][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.708361][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.725768][ T5835] veth1_vlan: entered promiscuous mode [ 101.742699][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.754476][ T5840] veth0_vlan: entered promiscuous mode [ 101.784026][ T5832] Bluetooth: hci2: command tx timeout [ 101.784037][ T5828] Bluetooth: hci3: command tx timeout [ 101.798223][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.808588][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.838861][ T5840] veth1_vlan: entered promiscuous mode [ 101.866736][ T5832] Bluetooth: hci4: command tx timeout [ 101.975439][ T5835] veth0_macvtap: entered promiscuous mode [ 102.010170][ T5835] veth1_macvtap: entered promiscuous mode [ 102.022235][ T3532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.030432][ T3532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.088348][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.097841][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.137345][ T5840] veth0_macvtap: entered promiscuous mode [ 102.166421][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.177401][ T5840] veth1_macvtap: entered promiscuous mode [ 102.210122][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.216152][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.221099][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.231069][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.246640][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.287654][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.309743][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.318953][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.332575][ T5834] veth0_vlan: entered promiscuous mode [ 102.345296][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.354920][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.370064][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.382710][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.421907][ T5834] veth1_vlan: entered promiscuous mode [ 102.436689][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.446146][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.503793][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.532186][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.549210][ T5944] loop1: detected capacity change from 0 to 1024 [ 102.557307][ T5944] ======================================================= [ 102.557307][ T5944] WARNING: The mand mount option has been deprecated and [ 102.557307][ T5944] and is ignored by this kernel. Remove the mand [ 102.557307][ T5944] option from the mount to silence this warning. [ 102.557307][ T5944] ======================================================= [ 102.775988][ T5951] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 102.834032][ T5944] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.820783][ T5828] Bluetooth: hci0: command tx timeout [ 103.826449][ T5832] Bluetooth: hci1: command tx timeout [ 103.862370][ T5832] Bluetooth: hci2: command tx timeout [ 103.867828][ T5832] Bluetooth: hci3: command tx timeout [ 104.178194][ T30] audit: type=1800 audit(1762605398.513:2): pid=5944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 104.198551][ T5832] Bluetooth: hci4: command tx timeout [ 104.252374][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.261288][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.498187][ T5834] veth0_macvtap: entered promiscuous mode [ 104.574897][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.587073][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.619828][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.639773][ T5834] veth1_macvtap: entered promiscuous mode [ 104.716444][ T3556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.738246][ T3556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.817550][ T3556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.855638][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.873306][ T3556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.889220][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.051354][ T3532] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.051564][ T5958] loop2: detected capacity change from 0 to 128 [ 105.060153][ T3532] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.100696][ T3532] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.125849][ T3532] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.176619][ T5958] syz.2.7: attempt to access beyond end of device [ 105.176619][ T5958] loop2: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 105.196664][ T5958] syz.2.7: attempt to access beyond end of device [ 105.196664][ T5958] loop2: rw=2049, sector=146, nr_sectors = 6 limit=128 [ 105.213074][ T5958] syz.2.7: attempt to access beyond end of device [ 105.213074][ T5958] loop2: rw=2049, sector=150, nr_sectors = 2 limit=128 [ 105.242899][ T5958] Buffer I/O error on dev loop2, logical block 75, lost async page write [ 105.253181][ T5958] syz.2.7: attempt to access beyond end of device [ 105.253181][ T5958] loop2: rw=2049, sector=152, nr_sectors = 2 limit=128 [ 105.272561][ T5958] Buffer I/O error on dev loop2, logical block 76, lost async page write [ 105.282208][ T5962] loop0: detected capacity change from 0 to 2048 [ 105.333632][ T5958] syz.2.7: attempt to access beyond end of device [ 105.333632][ T5958] loop2: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 105.399652][ T5958] syz.2.7: attempt to access beyond end of device [ 105.399652][ T5958] loop2: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 105.414579][ T5958] syz.2.7: attempt to access beyond end of device [ 105.414579][ T5958] loop2: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 105.443033][ T5962] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.476803][ T5958] Buffer I/O error on dev loop2, logical block 83, lost async page write [ 105.522465][ T30] audit: type=1800 audit(1762605400.113:3): pid=5962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 105.554428][ T5958] syz.2.7: attempt to access beyond end of device [ 105.554428][ T5958] loop2: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 105.571017][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.577105][ T5958] Buffer I/O error on dev loop2, logical block 84, lost async page write [ 105.632971][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.639618][ T5958] syz.2.7: attempt to access beyond end of device [ 105.639618][ T5958] loop2: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 105.678775][ T5958] syz.2.7: attempt to access beyond end of device [ 105.678775][ T5958] loop2: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 105.724505][ T5958] Buffer I/O error on dev loop2, logical block 95, lost async page write [ 105.734148][ T5958] Buffer I/O error on dev loop2, logical block 96, lost async page write [ 105.758920][ T5958] Buffer I/O error on dev loop2, logical block 99, lost async page write [ 105.773099][ T5958] Buffer I/O error on dev loop2, logical block 100, lost async page write [ 105.817928][ T3532] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.829890][ T5958] Buffer I/O error on dev loop2, logical block 111, lost async page write [ 105.834761][ T3532] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.849719][ T5958] Buffer I/O error on dev loop2, logical block 112, lost async page write [ 106.235677][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.556927][ T30] audit: type=1326 audit(1762605401.153:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.1.13" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8969f8f6c9 code=0x0 [ 106.670821][ T5987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13'. [ 106.696697][ T5987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13'. [ 108.691774][ T6028] Falling back ldisc for ptm0. [ 109.236602][ C1] ------------[ cut here ]------------ [ 109.242769][ C1] WARNING: ./include/linux/ns_common.h:255 at delayed_free_pidns+0x118/0x150, CPU#1: ksoftirqd/1/23 [ 109.253640][ C1] Modules linked in: [ 109.257713][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 109.267004][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 109.277230][ C1] RIP: 0010:delayed_free_pidns+0x118/0x150 [ 109.283136][ C1] Code: 85 ed 7e 2b e8 99 9f 03 00 48 83 c3 a8 48 8b 3d 5e be c7 17 48 89 de 5b 41 5c 41 5e 41 5f 5d e9 1e 1e 5f 00 e8 79 9f 03 00 90 <0f> 0b 90 eb b4 e8 6e 9f 03 00 4c 89 ff be 03 00 00 00 e8 01 fb d2 [ 109.302837][ C1] RSP: 0018:ffffc900001d7890 EFLAGS: 00010246 [ 109.308950][ C1] RAX: ffffffff81bde0b7 RBX: ffff8880632cc5b8 RCX: ffff88801d2fdb80 [ 109.317000][ C1] RDX: 0000000000000100 RSI: 0000000000000002 RDI: 0000000000000000 [ 109.325047][ C1] RBP: 0000000000000002 R08: ffff888030df8193 R09: 1ffff110061bf032 [ 109.333126][ C1] R10: dffffc0000000000 R11: ffffed10061bf033 R12: dffffc0000000000 [ 109.341166][ C1] R13: ffffffff81a903d7 R14: ffff888030df8000 R15: ffff888030df8190 [ 109.349181][ C1] FS: 0000000000000000(0000) GS:ffff888125fc2000(0000) knlGS:0000000000000000 [ 109.358185][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.364836][ C1] CR2: 0000000020000000 CR3: 000000005f130000 CR4: 00000000003526f0 [ 109.372965][ C1] Call Trace: [ 109.376276][ C1] [ 109.379240][ C1] ? __pfx_delayed_free_pidns+0x10/0x10 [ 109.384868][ C1] rcu_core+0xcab/0x1770 [ 109.389185][ C1] ? __pfx_rcu_core+0x10/0x10 [ 109.393951][ C1] ? rcu_qs+0xc4/0x170 [ 109.398078][ C1] ? __pfx_rcu_qs+0x10/0x10 [ 109.402651][ C1] ? sched_clock_cpu+0x74/0x430 [ 109.407574][ C1] ? rcu_softirq_qs+0xf2/0x350 [ 109.412414][ C1] ? __pfx_rcu_softirq_qs+0x10/0x10 [ 109.417686][ C1] handle_softirqs+0x286/0x870 [ 109.422553][ C1] ? run_ksoftirqd+0x9b/0x100 [ 109.427301][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 109.432706][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.437787][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.442927][ C1] run_ksoftirqd+0x9b/0x100 [ 109.447486][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 109.450436][ T30] audit: type=1326 audit(1762605404.043:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.37" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feb7d38f6c9 code=0x0 [ 109.452803][ C1] smpboot_thread_fn+0x542/0xa60 [ 109.479144][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.484270][ C1] kthread+0x711/0x8a0 [ 109.488390][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 109.493929][ C1] ? __pfx_kthread+0x10/0x10 [ 109.498623][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 109.503925][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.509175][ C1] ? __pfx_kthread+0x10/0x10 [ 109.513852][ C1] ret_from_fork+0x599/0xb30 [ 109.515694][ T6049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.37'. [ 109.518486][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 109.532421][ C1] ? __switch_to_asm+0x39/0x70 [ 109.537236][ C1] ? __switch_to_asm+0x33/0x70 [ 109.542080][ C1] ? __pfx_kthread+0x10/0x10 [ 109.546723][ C1] ret_from_fork_asm+0x1a/0x30 [ 109.551589][ C1] [ 109.554646][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 109.561967][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 109.571279][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 109.581452][ C1] Call Trace: [ 109.584777][ C1] [ 109.587740][ C1] dump_stack_lvl+0x99/0x250 [ 109.592393][ C1] ? __asan_memcpy+0x40/0x70 [ 109.597037][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.602286][ C1] ? __pfx__printk+0x10/0x10 [ 109.606936][ C1] vpanic+0x237/0x6d0 [ 109.610952][ C1] ? __pfx_vpanic+0x10/0x10 [ 109.615480][ C1] ? is_bpf_text_address+0x26/0x2b0 [ 109.620731][ C1] panic+0xb9/0xc0 [ 109.624505][ C1] ? __pfx_panic+0x10/0x10 [ 109.628979][ C1] __warn+0x334/0x4c0 [ 109.633007][ C1] ? delayed_free_pidns+0x118/0x150 [ 109.638246][ C1] ? delayed_free_pidns+0x118/0x150 [ 109.643494][ C1] report_bug+0x2be/0x4f0 [ 109.647871][ C1] ? delayed_free_pidns+0x118/0x150 [ 109.653133][ C1] ? delayed_free_pidns+0x118/0x150 [ 109.658372][ C1] ? delayed_free_pidns+0x11a/0x150 [ 109.663610][ C1] handle_bug+0x84/0x160 [ 109.667891][ C1] exc_invalid_op+0x1a/0x50 [ 109.672446][ C1] asm_exc_invalid_op+0x1a/0x20 [ 109.677327][ C1] RIP: 0010:delayed_free_pidns+0x118/0x150 [ 109.683170][ C1] Code: 85 ed 7e 2b e8 99 9f 03 00 48 83 c3 a8 48 8b 3d 5e be c7 17 48 89 de 5b 41 5c 41 5e 41 5f 5d e9 1e 1e 5f 00 e8 79 9f 03 00 90 <0f> 0b 90 eb b4 e8 6e 9f 03 00 4c 89 ff be 03 00 00 00 e8 01 fb d2 [ 109.702990][ C1] RSP: 0018:ffffc900001d7890 EFLAGS: 00010246 [ 109.709114][ C1] RAX: ffffffff81bde0b7 RBX: ffff8880632cc5b8 RCX: ffff88801d2fdb80 [ 109.717129][ C1] RDX: 0000000000000100 RSI: 0000000000000002 RDI: 0000000000000000 [ 109.725137][ C1] RBP: 0000000000000002 R08: ffff888030df8193 R09: 1ffff110061bf032 [ 109.733145][ C1] R10: dffffc0000000000 R11: ffffed10061bf033 R12: dffffc0000000000 [ 109.741160][ C1] R13: ffffffff81a903d7 R14: ffff888030df8000 R15: ffff888030df8190 [ 109.749175][ C1] ? rcu_core+0xc37/0x1770 [ 109.753689][ C1] ? delayed_free_pidns+0x117/0x150 [ 109.759818][ C1] ? __pfx_delayed_free_pidns+0x10/0x10 [ 109.765416][ C1] rcu_core+0xcab/0x1770 [ 109.769818][ C1] ? __pfx_rcu_core+0x10/0x10 [ 109.774555][ C1] ? rcu_qs+0xc4/0x170 [ 109.778669][ C1] ? __pfx_rcu_qs+0x10/0x10 [ 109.783205][ C1] ? sched_clock_cpu+0x74/0x430 [ 109.788084][ C1] ? rcu_softirq_qs+0xf2/0x350 [ 109.792971][ C1] ? __pfx_rcu_softirq_qs+0x10/0x10 [ 109.798197][ C1] handle_softirqs+0x286/0x870 [ 109.802993][ C1] ? run_ksoftirqd+0x9b/0x100 [ 109.807696][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 109.813008][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.818079][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.823117][ C1] run_ksoftirqd+0x9b/0x100 [ 109.827644][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 109.832783][ C1] smpboot_thread_fn+0x542/0xa60 [ 109.837740][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.842789][ C1] kthread+0x711/0x8a0 [ 109.846955][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 109.852433][ C1] ? __pfx_kthread+0x10/0x10 [ 109.857036][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 109.862251][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.867468][ C1] ? __pfx_kthread+0x10/0x10 [ 109.872074][ C1] ret_from_fork+0x599/0xb30 [ 109.876694][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 109.881856][ C1] ? __switch_to_asm+0x39/0x70 [ 109.886631][ C1] ? __switch_to_asm+0x33/0x70 [ 109.891402][ C1] ? __pfx_kthread+0x10/0x10 [ 109.896006][ C1] ret_from_fork_asm+0x1a/0x30 [ 109.900796][ C1] [ 109.904147][ C1] Kernel Offset: disabled [ 109.908478][ C1] Rebooting in 86400 seconds..