last executing test programs: 1.851569723s ago: executing program 3 (id=197): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x42, &(0x7f0000000bc0)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, "370c89", 0xc, 0x84, 0x1, @dev={0xfe, 0x80, '\x00', 0x21}, @local, {[], "a5ba94e385673ccf4fd9989f"}}}}}, 0x0) 1.745168707s ago: executing program 3 (id=200): clock_gettime(0x0, &(0x7f00000053c0)) 1.68884056s ago: executing program 3 (id=201): r0 = socket$inet6(0xa, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000080)=@ethtool_regs={0x12}}) 1.627955233s ago: executing program 2 (id=202): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000340)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getgroups(0x0, 0x0) 1.599744074s ago: executing program 3 (id=204): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r1, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000004c0)="cc", 0x1}, {&(0x7f0000001300)="1ad3ce1b113ea19dd4934357d15705ce0e39ff1aa86ca5ef72bc93424b43fd5566b5e6b6db34cf18a36e77611b2bd1fa99ba9d3e7f2fd593f165d3240e40e5a66bbf338374abb7adfe77a8b18d062984503033f83f2538f4ba5c4b7e9e65d87d1446b1ef73e048f7fe537cb3e36c1f44d1bc6e8faceabc42c2613ac8722b6f248bc2debf0da080109490b6770af0adb17204c0b0e2f701d17092044011dc2f8aab473ef2cfad6ee00d8a32a13b5ebd97b08d865e7fd665f2bb3ab49ede27eeb16612b00e51825d0490d532ef88b1daa9145f08b837b272b80591d0b13dc3dd0abe349ba1d0c03a9e1fd3efd7c4fca9166461048a95db9727a684fa8f04de987bef37f4ae057e34bba9b76c34a2abbd29fa15acf408e5b167124c8070aaba2c0e408b1f72df54160a18c626399ed55ab6f7cbf4510e0d9ea1cfaa122f6a814eda8a9a72c681a9f5dc2d0f07c3c57b290631d0560e5d09d4a958d4c93e310d4e710a15f653150719e3e2611402f4e501f9e0c1f6b883cba01bd25e4274112168378e36b201ea0400d63b60016eceef9e13bba2c7481703028da353d0fed5c01c0253032303c2ee35d99b1bf0d018d5ed60fb3195d373f45d5501312e9220c2a0d1d7adab071825e6f7b6520068247c9418c55f843f5f3c29a39169ad94c786ca349b7ce46bc682d25583e7c77c8d9515bf41279d01576b5e7e6e1cff3ef100b22e526e1abb0baa10fda77bf49ca664807edfa8192d5679a77d4f78e73cfba46fe1f1018a9281710975a6e65ed69a26439973a47aa7a4b894d4ceea69b6d3184b9395145da69a3114a3c59ab473a712080d0b4f74f411300706f72003d79a018244d9ffec674cfea6a93c9c2b9a9637db5caa09309ebfbaf68c9f75a36046f13a67aec677d2ed52e3448a49bf5ea0e31b01f22b753231c098f13b0f8510afb4960ad3ef253bf4ceb101054c055d04ff456c3286fb6328fae3ef35e69a8f36f05301a6ac2008b4bcec5ca97ee512ff4006718e453c57f2d468a958f01b739493a11fdaa31f92e0df4dbd3448e0b78474383c395c2dc663c85443e78727d858bc20c007801a6cafc64c6b09a1be3b9caf9763bcd9cd9991719ccb385c1ad2c39416e7908fb66bafb47e385381686fedd64d8440f9b9c145f32a0e0677989c9a773102ce0e464a67de56b3a8bec22db27d2eb0f4999ff3813159ba28c02ab952408df845fffe797245ebb1bd6455a682572a7c5986f3f54cfe65b9f6bd0dd654c2461ce7ca7b0ff2d5c50f52c6ae4236a1a73233a31886df8cf3b3ee9c792adfeebda59b65f1f6dc269cc60143d34a8bd8bac7db29fd8245c9770ad5ce8a376b5270508228d9106a42dec5504ae98e7437e934c39d65a3d454d7bebaecf2f733677794a74047275cf2aba40a5a5fe96332a75dc1a1ec3696e36cf0100446b678a1768c405c5fefb598a1ef5ed85740ae461c1bf19c548e610d1c4d9d3734dffe3d806e1067e0e6bf7868521e38c43e4f57acdb4615cf15a8d85710a100152ff6b80ae901246580431848adf5cdf32531af37732a6c109db6c55cc5d0a8fdb32e64ab811f0e54aa9d912f01361c5cd11ed3be6ca05f2c55f31ac33a2aa4a0504af2391b7ee318746756730c9f5494a7fc985cbac0627120c886aa94f9bc7c815a81343c47904ab2b8f330b94ea30f203ce8fcc9f510590326e42d93e7051a6d4c0e1c94c6c7904a81ec72b4a70168216e46af1a5ab2c799cb61ce7d3af4aa2f7fae9e98fa3b6f53f5b89961077a4b93db4f686ac01d7378e8f4e4e7b38f6a0e9dfa3c7a4ce7dde00548e4723c15624bb5be0da9133bc088e99887d7d5f9678d310247c3c812a4084a4d69c5cb8249331f04ae0eb44dbfd2bb2721c14339ab58d2f076867f65a8aff5f5968b5882b79aa42ef443452eebc849985b2f341da64be252703ef344d9bf64023165678ee39a63c5c7685aeda8e51c3a5c675d50ef1f6534ba4ffc57cadc09725316bb92138e279876791538a55e689164798338f02f1f2e9b2ac806acd8fe1e3a5252bcea2ffe893229d5e683cbe411ad587a795c6260c9e042c9f389cc481195eaf73cab9dc5768a751bbabddd48e7a56972b5d7bde4b56297e4d6c2b96e90702144e936e1d027e0d13c12c14edfe96b87fe80a42a8299f504cfb2134f9f84bae62b86d9f6e758c117a34a6922a97d52ba40c74dcd9e250e90d2ec4c2bcac85ed721be87dbc51b360b612eb6795d220c24b2be797d9b9799564ffb751bc566cb2b1ba3220f8b794e38286c9b3e9262e6a68f9f38303b1aba35a0a51da061ea87ba088c5e5591ff6d62db48d33acc804fcf9d9b6de1d7e334d8d03ad3675e848d7aa0228f3f7712100065cb6d73b56182f417d0c209463181779e7bb9e976b03e5a47765d22df56a1c596d8a4629e5be30bfa4f6f1894aa0a51382a91205d1313e475d74a7a351f3680a1f6497de60c4cbf8e988df68ffe920959342f2433bbf345bd075dd456406f23f956f68a4019256addc16a90620563286186c579420fa3ba2a0ea1e0137e62ea1428b53a33cc18a1eb46f4250404ec88df3494eb0f1c32fabba9e9bc144e3f68439985178c994599cbcced078a63b33147d081ab31f684149efd5155cc04015973c2745d0faa4e7fba86b1bf09c7f39a1f064ca18677d422bcf2eaedee49c4cd70612d0739e8c15cb36f1a8f57d9c3357580501d8836451b51e6cf8de685f2e8258f0d8e8e8045d0b34c7a6130ed998f660d7b62684becdb77ce6a66383b75c7a689430281d2e07277eec240745095950a6f980864cfc04a99dee9d3de5c12643ee010ad5bb97a703465f7afaef06f32d86cd253ef3a220752a227b48e0678a841fe9297b59835777dae367c02f16b382aa62ef4a87b6b7727c7f16919952e390ee452a98bf0671e33867002aaf3c02bde9ef5fd4cc9b70fde97e3ba9c8f7a07439c12dcd2b485a4af9266cd7176e6243f0553f4a8fdba8a8202adbe2e6b34f043081f60959c7e82954327d3eec208d00b871214e1ca907906947c9917cbdf96e48929f61ed93114ea09bf8912fdd996babd8cf8cf97c0e31b3b4bdfaa8ee524642bf9ae3f945bf7d9cb646b2480dc41e49baad2f55aab6073d65b05db7e26c1fb014c0ec44ef27c7bafffa680f370166dc32aa5ec088ce9ffd543543fe1b270ddddaa6588b49f5de607bfc1b61235e29e12476e31e8341b92c4a46ec2bff1d4fd45df88b4722f39d814ac6de6107d1723fbe70848f4f27deddbd016d3a4b60211cf08cd508c8666c797e0851423e767649f05afbc9ed4ddf57d01a621e1746221281bdc09988945a86b8d73b92f99d33b73c14598c6f943ab0c67bc0ee19adf7a3590940ecd68984bed9210c392939676098261703957a89036243b5250ad1df9c1c146e0f96c7bbffaba819d0454becb7974381350d4edbed3c5d3d752661c3040d5189115318cb00943d5425dbf2cf4e5d72aa4c4a9faf42b20306f26d9500459f8ba7c43da66e7259664cdce1946c748a2d3859871ae6e669cedef45c1e1779acb638eae65405819659b2e031727f02efb339cced0f044b695a647a9fb5b72aca0d6ee76b9e8670d26d55c5b4e57e279a748d3a14da608437ae5a95bd823a167fd68db29676a6bb01b44666839c072a9d76d9c10d72044b16abee226882647744c6168370f0942ec2db09691134ccff47b0a162c9fdbe8cf1f1b7932d8dbd1ce0b77decd3d77f1e28969ad7919c486a92a390f79458f603c56aca6f2cca17bc8b20e51d7578a2f0139cf2f137c8cbbefbe0d0f98094a12a3b45711170b975bdd5547ec98f5837f24a0374abd77a52283357d164c9fb38e5ec77141774e033514466cc722463e3d1cfe0ff277f7e5d7176dda850dbde0fb63bead2fad65fecff13fc1adb7ad5bb82eefafeac9db7c9f04929afb4e92807ca3f80f2913277b53e9dc3bc8f7c6aabca821b92623eae0f61d7f96319ad72cbfc3130153821d4a592f876b97c61dc95507e9fbd81a7245e7cb0cea7167126640af055b2619d9179e1d0f60223b6ebd28047220d1170927388fe27d499d52a2cde65aef6f88661192ae7c2f7d456678ef943d052cf749fbd6b8d6536bd04a2b52c1f95c0d647c2b938f767ac596e00c2640c26bd08d59304081786fac26b44c0831a75ab0a3759eb4d7cbc8a598ddb1b5a0166e86abea470b1d23ee0ee6dca190e6e1ae18e49df2dab318434b7ee4eba1216f8a04d40ec50cb775b6a51ecbd6756157515fa095f0a6985d4dd4f1887cdab5e55cb2836c30774429521181a46b2e7e01c70150e50cbd741c24b02ddb438abf793b6de9401c612a1381ff71f2bbd5ddd990e00073ef39eed7fbd90b01be525527e1d06cc8e593fc020d0408758c2ff2f5d94099fceae0b22f9a98d6a86b7fa54a345f3e41ca459950ab2ff32cb373bdaab9c9cd727cd3d966d1f40286baaff3bbb74bbedf488a39f750d0cbeb6ebb6979e661051aea63d321b17dd23bb6dc6e065fc54725eed46bfd138b9cb724bd90ffa49159b3a0a48de2e1a6bc2ff73935e13eecc3f044932fe2e1f54573c681d4bc8fa05e86bc15169401bc4b5dcd8319508f2832a9249b05ec27bd910e4427f8ce157dd076898ebec5c78efda8fbd8ae308664dc2c50e065a56de5dd3c9b208f0cf774bd1bc70ecd8b15eb06042490cfb54c8579f6088ff2f133704fe16aa15131bab2bbec7530a796daa445af2fd7d4eccc07d7e54a06a6c85d0996ecfc221103578e356b98d6d3bdafc4b2642dba1fa1e0a21c169bee734d2be92b57250e78b4744786ba94b422d518a2f69de95c9477d1ddb4ad6899526f986bcb2f457dc2f40f396809387812a58e17ee944176a5655201d34a02b66fbd92198f397b65e1ca2d799f5ec30be4cc204ffa5adf2930b1d0bc9b80ec30870a2c7ef95efddd942451c652d582f30f5f5f265bbd635bbedae886e95a5d75ec6900d20777b08e7d755ef3a45d3db31280b2be9d9d3584ea639fa2d601b60a062e72ee434ab02c7f09e12ada7ae027ab2e4b05c38ff23b36fe93a35f0526e531bb99fcc7a7940b717dce31226bd0bba8363db2553b828c11dc358ec080f92da65d3cf96f1c25912f254c6c9dc88ce364f49c4f9113c7b2086db5dbfa66e2dcff26cf30691d93acbce6a3318828d30f0b97fd58c56fe1e588b3225d88a31bbec7a3d48995b173c7352557d150a4e757704e48a36c89819aa5a4c47c024d9c347a1faa968c7ac3336c7ea5ecfdbe2ab5e60a5669c2fab921b015296cba69a35d5b8ffc137caecd9dd4ea7b9e2e1753c59658ff2e05b30df1994b700fa59b60bcea60302a12ca79cdd4a53beda1d4bd30969ee6d20dbd531e95dc3ba5189332a9b0260b4f75c25bc6848ef5f85676a644ede7d42f1e3a83e60dbef5a41b1e0d10098c2390798a10c6f8c69ef2291b1a3c793277e559952bad5b00a600da4607d6a8cff4cec099637a5a265906044a0fb8f26eeb3aa16bf4d3c2b68a2898eda8f288d1da7a8b2d3357bf00e273f6c274b0671511d6358dad6261086b1c2790b8c5013e084d392f1033164265dd4afdd3c255a2471a39c48947b3022c2eb79bab8d20ce57df9068ac929dfc32fae79a246ff12ae45cfbba35e2d54c21c20298ad9e0211f482c0e80931d5255db0264e1dc6327432f2b0650a6214a5c7304c97b1a6342ec4ca5e4b31d0e6a884d818de13726178771ebe53411f3227a70f38a48a2dee29b8760c892335e9c255da03dc9f1675d07506a954ec8b77544a917842a7", 0x1000}, {&(0x7f0000002300)}, {&(0x7f0000000340)="203ef923171c176084428e0cfe13ebd4e92270281033edac997d738672b02ef90a88b0335a07b341a003f3057cdcb5a49aa73576749c435be61c03f06b8cea0296b66a0e86a1b1748d40e5f03b8dd187d60676190ab32a02c524d807fe59c1983e4302c116bb88d75dd8179fcf6dbcdfa75b8011a36b4c75b83db3eb13667ed8586e46fe85082d5d8b1387847d42b535443419922c67227d050757222a", 0x9d}], 0x4}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000f40)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651d8a0f30993de53bbfc9d8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d78f8ff6a2f11fa4810f9ffc7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc0300000063d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a", 0x390}], 0x1}}], 0x2, 0x4040894) 1.475750299s ago: executing program 2 (id=206): capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) r0 = syz_open_dev$sg(&(0x7f00000008c0), 0x0, 0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000480)={0x53, 0xfffffffffffffffb, 0x0, 0x10, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380), 0x0, 0x2, 0x22, 0x1, 0x0}) 1.379333053s ago: executing program 2 (id=207): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000101010300000000000000000a0000030c0019800800010008000000100001800c00"], 0x30}, 0x1, 0x0, 0x0, 0x8008001}, 0x24008854) 1.255818288s ago: executing program 3 (id=209): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000c80)=ANY=[@ANYBLOB="180001a489b0d364a1bcdc00ffffffff00007400000000001811000043d81cebb20000d04e76786542b8000000ce01d600810992aa1e6aa2d50000", @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000002000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYRES16=r1], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r6 = eventfd2(0x0, 0x0) read$eventfd(r6, &(0x7f0000000040), 0x8) socket$inet6_icmp(0xa, 0x2, 0x3a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000380)='kmem_cache_free\x00', r2}, 0xfffffffffffffd05) fsync(r2) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c0100001600b30a26bd7000fedbdf2500000000000000000000ffff00000000000041818e04db792cc30000006a0000004e2300084e2000020a00a0a02a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141438000000000000000000000000000004d533000000ac1414aa00000000000000000000000000000000000000000600000000000000f9ffffffffffffff03000000000000000200000000000000350000000000000009000000000000000400000000000000fbffffffffffffff0a8600000000000010030000000000000700000000000000ffffff7f08000000d92e00002bbd7000023500000a000001010000000000000003000000ffff00000c000f00ff0700000000000028001a00fe800000000000000000000000000032e000000100000000000000000000000002000a02"], 0x12c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040810) eventfd2(0x1, 0x80000) r8 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e1208000f0000000401a80016000800014009001120036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x8000) socket$rxrpc(0x21, 0x2, 0x2) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain) 1.2057563s ago: executing program 2 (id=210): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000740)={r2}, &(0x7f0000000780)=0x8) 796.054127ms ago: executing program 0 (id=216): r0 = socket$inet6(0xa, 0x3, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0) 795.843387ms ago: executing program 1 (id=217): capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) r0 = syz_open_dev$sg(&(0x7f00000008c0), 0x0, 0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000480)={0x53, 0xfffffffffffffffb, 0x0, 0x10, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380), 0x0, 0x2, 0x22, 0x1, 0x0}) 778.540438ms ago: executing program 0 (id=218): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7fff}, 0x18) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000005980)=[{{0x0, 0x0, &(0x7f0000000380)=[{0x0}, {0x0}, {&(0x7f00000019c0)}], 0x3, &(0x7f00000006c0)=[@rights={{0x14, 0x1, 0x1, [r2]}}], 0x18, 0x800}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2], 0x18, 0x40810}}], 0x2, 0x0) 764.196489ms ago: executing program 1 (id=219): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) connect$can_bcm(r3, &(0x7f0000000140)={0x1d, r4}, 0x10) recvmmsg(r3, &(0x7f0000007140)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x40010000, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r7, {0xb, 0x6}, {0x3, 0xfff9}, {0x2}}}, 0x24}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20b01}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}, @IFLA_IPVLAN_FLAGS={0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x840}, 0x24000090) 679.950712ms ago: executing program 0 (id=220): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey72WYTYzadmP18YHafZ+bZnee7z7w8+zy7AXStoewhidgREb9GxEAju7jAUOPp+tXzkzeunp9MYmHhtT+SvNy1q+cny6Ll67YXmeE0Iv0wKXay2OzZcycn6vXamSI/OnfqrdHZs+eeeOfUxInaidrp8SNHDh8ae/qp8Sc7EmcW17V978/s3/viG5denjx26c0fv87qu6PY3hxHpwxlgf+5kGvd9mind1axnU3ppLfCirAqPRGRNVdffv4PRE/caryBeOGDSisHrKvs3rSl/eb5BWATS6LqGgDVKG/02fffcrlDXY8N4cqzjS9AWdzXi6WxpTfSokxfy/fbThqKiGPzf32eLbFO4xAAAM0+nvzsaH9EvHfjq5eyvsdARJTjQffkj7/lj7uKOZTBiPh/ROyOiLsiYk9E3F2UvTci7ltjfW7v/6SX1/iWy8r6f88Uc1uL+39l7y8Ge4rczjz+vuT4dL12sPhMhqNvS5YfW2Yf3z7/yyfttjX3/7Il23/ZFyzqcbm3ZYBuamJuIu+UdsCVixH7epeKP7k5E5BExN6I2Le6t95VJqYf+3J/u0Irx7+MDswzLXyRhTefxT8fLfGXkub5yenb5idHt0a9dnC0PCpu99PPH73abv9rir8DrtQaz03t31pkMGmer53t7P7/5fGf9iev5/PM/cW6dyfm5s6MRfQnR/P8ovXjt15b5svy2fE/fGDp83938Zos/vsjIjuIH4iIByPioaLuD0fEIxFxYJkYf3hu5fgjraj9L0ZMLXn9u3n8t7T/6hM9J7//pt3+/1n7H85Tw8Wa/Pq3gqWqk10uWiu4ls8OAAAA/ivS/DfwSTpyM52mIyON3/Dvif+l9ZnZucePz7x9eqrxW/nB6EvLka6BYjy0Pl2vjSXzxTs2xkfHi7Hicrz0UDFu/GnPtjw/MjlTn6o4duh229uc/5nfe6quHbDOti25drz/jlcEqEDrPHq6OHvhlXAxgM3K/7Whe61w/jf/DwbYZNz/oXstdf5faMmbC4DNyf0fupfzH7pU+l3VNQAq5P4PXWkt/+tfx8TWjVGNahIbtVHyRESZSDdEfSTWKVH1lQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAz/g4AAP//K2Lmiw==") syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000a80)='./file1\x00', 0x2800810, &(0x7f00000025c0)=ANY=[@ANYBLOB="646f74732c747a3d5554432c646f74732c646f74732c6e6f646f74732c666c7573682c646f74732c6e6f646f74732c71756965742c00b3d27234e95eb4b44190021bbbe89ab824d38c571641668d362b4dff6e47bdf1638c7462a3bd66a53b404ae08c32af6843a2469c7210381b9d48047c77540b6447a8e50c44cb44f91e4264a37e0209c3a234f4803ba56b7a24536ee396f4838f4143b92ad909efb23eb22dce6477c2bb5b8f793b9e07c2120d566cf1f6ba51e4d01e8ef223a2ba72cfb3127844c045765149fb1219f433feb977426596e07082254e9930296256df143ff96377d8c28c533724fbd9fdad260e7d875d0f17374141abc60c8e3c07e4a7bc381791172c217f00964aaf6e213a252b9689ae38342862d27437921e13229d407e1a6037e3f16a2cdab8f9c76a66a72ccc67015c9435e200f9fbb9d78ce426b37310b9f127e7b1207c74eff7b853de7043a001de85931463c7fc7c78be9eb9b5f88c0067aabb3a5d1f94bcc90537c1c1ce509450160c"], 0x3, 0x176, &(0x7f0000000240)="$eJzs27GL01AcB/BfbNRTl5vFIeDiVNTJUZET1ICidNBJ4XS5yoG3RKfgX+LqHyfITTcIT2q0tSVFrU0j189n6Q++7eP3hteXF5IXV94c7B8evT58fBw7WRb57SjiJIvdOBODaNQBAJwmJynFl5RSOl/HhY+RUuq7IwCga/Z/ANg+v93/b/XUGADQGed/ANg+T589f3inLPeeFMVOxOe6GlWj5rPJ790v964X3+3OfnVcVaPBNL/R5MV8fjYu/shvtubn4trVJp9kdx+VC/ml2J9v1WOIAAAAsKJhMdV6vh8Ol+VN9cv9gYXzex6X841NAwD4C0fv3h+8HI9fvV1Dkcd6xlG0FVH/wZcnF239t7qZIvtZfE0prTDOh0/NEhg/+C+ms94ii4h/G6fvfyaga7NF33cnAAAAAAAAAAAAAADAMt2+jTToe3oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ6lsAAAD//1UCS4E=") sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009) 561.676797ms ago: executing program 0 (id=221): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e40)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x27) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a600083c00fc020000000000000000000000000000fe8000000000000000000000000000aa84000100f50000a7"], 0x0) 494.75697ms ago: executing program 1 (id=222): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x7fffffff}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x17, r3, 0x1, 0xd8, 0x6, @link_local}, 0x14) 411.992163ms ago: executing program 0 (id=223): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x9}, 0x18) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x2004000, &(0x7f0000000040), 0xfe, 0x563, &(0x7f00000007c0)="$eJzs3c9rHFUcAPDvbHbbpK02BSnoQQI9WKndtIk/KnioR9FiQe91SaahZNMt2U1pYsH2oBcvUgQRC+If4N1j8R/wryhooUgJevASmWQ22Ta7m1/bZHU/H5j2vZnZefPmzXv5vp1dNoCBNZb9U4h4OSK+SSKOt2wrRr5xbG2/5Se3p7IliZWVT/5MIsnXNfdP8v+PNjPFiF+/jDhT2FxufXFptlKtpvN5frwxd2O8vrh09tpcZSadSa9PTE5eeGty4t133u5ZXV+//Pf3Hz/44MLXp5a/+/nRiXtJXIxj+bbWeuzBndbMWIzl16QUF5/Z8XwPCusnyUGfALsylPfzUmRjwPEYyns98P/3RUSsAANpJBL9HwZUMw5ozu035sHDBxiV7J/H769NgDbXv7j23kgMr86NjiwnT82MsvnuaA/Kz8r45Y/797Ilevc+BMCW7tyNiHPF4ubxL8nHv907t419ni3D+Af750EW/7zRLv4prMc/0Sb+Odqm7+7G1v2/8KgHxXSUxX/vtY1/1x9ajQ7luRciRkajlFy9Vk2zse3FiDgdpcNZvtvznAvLD1c6bWuN/7IlK78ZC+bn8ah4+OnXTFcalb3UudXjuxGvtI1/k/X2T9q0f3Y9Lm+zjJPp/Vc7bdu6/s/Xyk8Rr7Vt/40nWkn355Pjq/fDePOu2Oyvr07+1qn8g65/1v5Hutd/NGl9XlvfeRk/Dv+Tdtq22/v/UPLpavpQvu5WpdGYPx9xKPlo8/qJjdc28839s/qfPtV9/Gt3/49ExGfbrH+3mXQ/tP/0jtp/54mHH37+Q6fy8/qXomv7v7maOp2v2c74t90T3Mu1AwAAAAAAgH5TiIhjkRTK6+lCoVxe+3zHS3GkUK3VG2eu1hauT8fqd2VHo1RoPuk+vpZPmp9/GG3JTzyTn4yIExHx7dDIar48VatOH3TlAQAAAAAAAAAAAAAAAAAAoE8c7fD9/8zvQwd9dsBz5ye/YXBt2f978UtPQF/a7d//+R6fB7D/xP8wuPR/GFz6Pwwu/R8Gl/4Pg0v/h8Gl/wMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXb50KVtWlp/cnsry0zcXF2ZrN89Op/XZ8tzCVHmqNn+jPFOrzVTT8lRtbqvjVWu1G+cnYuHWeCOtN8bri0tX5moL1xtXrs1VZtIraWlfagUAAAAAAAAAAAAAAAAAAAD/LfXFpdlKtZrOS/RzYvg5HfnO3o9T7IfrI7HjRBLd9znokQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvwbAAD//+f9MzI=") r1 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) fallocate(r1, 0x3, 0xf00, 0x10000) 345.965996ms ago: executing program 3 (id=224): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0x6, 0x8, 0xae, 0x0, 0x1, 0x20727ff}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4006, 0x5, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x50) 301.144808ms ago: executing program 0 (id=225): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x11) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000005c0)) pwritev2(r0, &(0x7f0000000cc0)=[{&(0x7f0000000240)=';', 0xffffffbc}], 0x1, 0xfff, 0xc, 0x4) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) 255.95229ms ago: executing program 1 (id=226): r0 = socket$inet6(0xa, 0x3, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0) 236.455501ms ago: executing program 1 (id=227): capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) r0 = syz_open_dev$sg(&(0x7f00000008c0), 0x0, 0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000480)={0x53, 0xfffffffffffffffb, 0x3, 0x10, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380)="23d3b6", 0x0, 0x2, 0x22, 0x1, 0x0}) 216.975111ms ago: executing program 2 (id=228): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0xbae, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7fff}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600}}, 0x20) bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r3, 0x4) 58.382958ms ago: executing program 1 (id=229): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x78f, &(0x7f00000007c0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9/pWgQcaKJ2YGlsFF3ElgoWCrm3DZBpqJpmSmZQmZNEightBxYWgm679UXdu/bFwo/+FC2mpmhYrLiRy50czTWbSSZqZCeTzgZs55/7IOd8595577sxlbgCH1lj6JxNxIiLeSyJGavOTiBiopPojpqvrPVhfy6VTEhsbr/2aVNa5v76Wi4ZtUsdqmf9GxLdvR5zMbC+3tLI6P1Mo5Jdq+YnywpWJ0srqqcsLM3P5ufzimcmpqdNnnzt7Zv9i/f3H1eN33n/56S+m/3zrP7fe/S6J6TheW9YYx34Zi7HaezKQvoWbRva7pN5Lel0B9iQ9NPuqR3mciJHoq6RaGOpmzQCATtkAAA6hxBgAAA6Z+ucA99fXcvWpt59IdNfdlyLiaDX++veb1SX9MR2DlYUDETF8P3nkm5EkIkb3ofyxiPjkqzc+S6eotYPv0oBuuH4jIi6Ojm3v/5NH71nYg2d2WrgxWHkZ2zL7sJ1/oJe+Tsc/zzcb/2Vqx//Ryt+t45/BJsfuXjz++M/c3rrN96/vQ8E16fjvxYZ72x40xF8z2lfL/aMy5htILl0u5NO+7Z8RMR4Dg2l+srJq85Hb+L2/7rUqv3H899sHb36alp++bq6Rud0/+Og2szPlmSeNu+7ujYj/9TeLP3nY/kmL8e/5Nst45YV3Pm61LI0/jbc+bY+/szZuRjzVtP032zLZ8f7EicruMFHfKZr48qePhluV39j+6ZSWX78W6Ia0/Yd3jn80abxfs7T7Mn64OfJNq2WPj7/5/n8kqXYCR2rzrs2Uy0uTEUeSV7fPP725bT1fXz+Nf/z/zY//arHN9//0mvBim/H33/nl873H31lp/LO7av/dJ249mO9rVX577T9VSY3X5rTT/7VbwSd57wAAAAAAAAAAAAAAAAAAAAAAAACgXZmIOB5JJvswnclks9VneP87hjOFYql88lJxeXE2Ks/KHo2BTP2nLkcafg91svZ7+PX86S35ZyPiXxHx4eBQJZ/NFQuzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGqOtXj+f+rnwV7XDgDomKO9rgAA0HXO/wBw+Ozu/D/UsXoAAN3j+h8ADp+2z/8XO1sPAKB7XP8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQYefPnUunjT/W13JpfvbqyvJ88eqp2XxpPruwnMvmiktXsnPF4lwhn80VF1r+o+vVl0KxeGUqFpevTZTzpfJEaWX1wkJxebF84fLCzFz+Qn6ga5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQPtKK6vzM4VCfklix8TQwajGgUn0x4GohkTHEo29xFDvOigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA+7vAAAA//9oei8M") r0 = openat(0xffffffffffffff9c, &(0x7f0000000640)='./file1\x00', 0x14b142, 0x40) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@enum64={0x1, 0x0, 0x0, 0x13, 0x0, 0x2}]}, {0x0, [0x61, 0x61]}}, 0x0, 0x28, 0x0, 0x8}, 0x28) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000380)={0x3fffffffbfb, 0x5, 0x5, 0x7f}) 0s ago: executing program 2 (id=230): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000140)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0) umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x9) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.197' (ED25519) to the list of known hosts. [ 63.639868][ T5775] cgroup: Unknown subsys name 'net' [ 63.779275][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.118558][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.308173][ T5795] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.316645][ T5795] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.325469][ T5795] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.334682][ T5795] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.342723][ T5795] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.351291][ T5795] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.352769][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.383833][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.392136][ T5795] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.392857][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.405588][ T5804] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.407763][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.414677][ T5804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.420575][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.428556][ T5804] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.435377][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.450287][ T5804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.451279][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.457994][ T5804] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.465085][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.477483][ T5804] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.479302][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.498116][ T5797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.515650][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.947166][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 67.991536][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 68.044960][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 68.081649][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 68.207483][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.214845][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.222182][ T5785] bridge_slave_0: entered allmulticast mode [ 68.229388][ T5785] bridge_slave_0: entered promiscuous mode [ 68.237251][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.245173][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.252331][ T5790] bridge_slave_0: entered allmulticast mode [ 68.259664][ T5790] bridge_slave_0: entered promiscuous mode [ 68.295204][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.302360][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.312190][ T5785] bridge_slave_1: entered allmulticast mode [ 68.319023][ T5785] bridge_slave_1: entered promiscuous mode [ 68.338766][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.346976][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.354275][ T5790] bridge_slave_1: entered allmulticast mode [ 68.360939][ T5790] bridge_slave_1: entered promiscuous mode [ 68.387347][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.394702][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.401865][ T5786] bridge_slave_0: entered allmulticast mode [ 68.408808][ T5786] bridge_slave_0: entered promiscuous mode [ 68.452624][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.459785][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.467343][ T5788] bridge_slave_0: entered allmulticast mode [ 68.474901][ T5788] bridge_slave_0: entered promiscuous mode [ 68.482058][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.489195][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.496480][ T5786] bridge_slave_1: entered allmulticast mode [ 68.503423][ T5786] bridge_slave_1: entered promiscuous mode [ 68.512735][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.524184][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.537563][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.547024][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.554372][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.561601][ T5788] bridge_slave_1: entered allmulticast mode [ 68.568545][ T5788] bridge_slave_1: entered promiscuous mode [ 68.599010][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.630010][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.642091][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.705048][ T5790] team0: Port device team_slave_0 added [ 68.713861][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.727171][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.748716][ T5786] team0: Port device team_slave_0 added [ 68.757184][ T5785] team0: Port device team_slave_0 added [ 68.767369][ T5785] team0: Port device team_slave_1 added [ 68.775328][ T5790] team0: Port device team_slave_1 added [ 68.799848][ T5786] team0: Port device team_slave_1 added [ 68.867914][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.875117][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.901728][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.916084][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.923273][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.949202][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.963565][ T5788] team0: Port device team_slave_0 added [ 68.983169][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.990139][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.016574][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.033286][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.040255][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.066671][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.079455][ T5788] team0: Port device team_slave_1 added [ 69.096368][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.103899][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.131187][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.179765][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.187459][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.213960][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.237154][ T5785] hsr_slave_0: entered promiscuous mode [ 69.244972][ T5785] hsr_slave_1: entered promiscuous mode [ 69.252107][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.259179][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.285166][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.321400][ T5790] hsr_slave_0: entered promiscuous mode [ 69.327921][ T5790] hsr_slave_1: entered promiscuous mode [ 69.334374][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.342179][ T5790] Cannot create hsr debugfs directory [ 69.348612][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.355802][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.381792][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.483344][ T5786] hsr_slave_0: entered promiscuous mode [ 69.489622][ T5786] hsr_slave_1: entered promiscuous mode [ 69.497718][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.505787][ T5786] Cannot create hsr debugfs directory [ 69.523788][ T5797] Bluetooth: hci3: command tx timeout [ 69.523799][ T5792] Bluetooth: hci2: command tx timeout [ 69.570296][ T5788] hsr_slave_0: entered promiscuous mode [ 69.577252][ T5788] hsr_slave_1: entered promiscuous mode [ 69.585352][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.593171][ T5788] Cannot create hsr debugfs directory [ 69.603745][ T5797] Bluetooth: hci1: command tx timeout [ 69.606322][ T5792] Bluetooth: hci0: command tx timeout [ 69.964582][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 69.989161][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 69.998703][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.009599][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.058758][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.077278][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.094107][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.104623][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.202439][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.212790][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.240536][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.251528][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.324806][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.334290][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.346803][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.360818][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.415474][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.451496][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.475141][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.502954][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.510245][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.539642][ T2956] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.546817][ T2956] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.647314][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.661722][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.686582][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.693800][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.705593][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.712708][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.729909][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.800392][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.831665][ T5785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 70.878914][ T2971] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.886139][ T2971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.902284][ T2971] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.909500][ T2971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.937295][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.962428][ T2971] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.969623][ T2971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.986231][ T2971] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.993444][ T2971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.041258][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.212993][ T5790] veth0_vlan: entered promiscuous mode [ 71.269797][ T5790] veth1_vlan: entered promiscuous mode [ 71.356418][ T5790] veth0_macvtap: entered promiscuous mode [ 71.391788][ T5790] veth1_macvtap: entered promiscuous mode [ 71.409125][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.451289][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.469742][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.492852][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.502862][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.511899][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.521292][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.601440][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.614013][ T5792] Bluetooth: hci3: command tx timeout [ 71.617474][ T5797] Bluetooth: hci2: command tx timeout [ 71.620376][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.632474][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.683192][ T5797] Bluetooth: hci1: command tx timeout [ 71.683964][ T5792] Bluetooth: hci0: command tx timeout [ 71.691706][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.708872][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.709765][ T5785] veth0_vlan: entered promiscuous mode [ 71.732892][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.768317][ T5785] veth1_vlan: entered promiscuous mode [ 71.824375][ T5785] veth0_macvtap: entered promiscuous mode [ 71.824617][ T1114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.838620][ T5786] veth0_vlan: entered promiscuous mode [ 71.852795][ T5785] veth1_macvtap: entered promiscuous mode [ 71.859562][ T1114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.889436][ T5788] veth0_vlan: entered promiscuous mode [ 71.915505][ T5786] veth1_vlan: entered promiscuous mode [ 71.932125][ T5788] veth1_vlan: entered promiscuous mode [ 71.945795][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.961114][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.978631][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.997495][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.014840][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.035831][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.048434][ T5785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.058797][ T5785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.067889][ T5785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.076997][ T5785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.134989][ T5788] veth0_macvtap: entered promiscuous mode [ 72.186909][ T5788] veth1_macvtap: entered promiscuous mode [ 72.240943][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.253525][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.277211][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.299511][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.312035][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.320300][ T5786] veth0_macvtap: entered promiscuous mode [ 72.341956][ T2971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.357690][ T2971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.360530][ T5786] veth1_macvtap: entered promiscuous mode [ 72.376069][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.390341][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.391921][ T5881] ======================================================= [ 72.391921][ T5881] WARNING: The mand mount option has been deprecated and [ 72.391921][ T5881] and is ignored by this kernel. Remove the mand [ 72.391921][ T5881] option from the mount to silence this warning. [ 72.391921][ T5881] ======================================================= [ 72.401777][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.449421][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.461064][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.519206][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.528364][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.538119][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.548873][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.568589][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.576049][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.576742][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.587262][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.606349][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.617508][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.627445][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.637963][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.649449][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.662785][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.676934][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.686873][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.698170][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.708164][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.718661][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.730161][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.763626][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.772448][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.781780][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.790650][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.952713][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.971229][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.059854][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.082573][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.171462][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.189129][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.208096][ T1114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.253644][ T1114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.543815][ T27] audit: type=1326 audit(1764533055.908:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.578689][ T5901] syz.0.6[5901]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.641747][ T27] audit: type=1326 audit(1764533055.938:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.680871][ T27] audit: type=1326 audit(1764533055.938:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.693224][ T5792] Bluetooth: hci2: command tx timeout [ 73.708399][ T5792] Bluetooth: hci3: command tx timeout [ 73.714784][ T27] audit: type=1326 audit(1764533055.938:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.737885][ T27] audit: type=1326 audit(1764533055.938:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.760436][ T27] audit: type=1326 audit(1764533055.948:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.783574][ T5792] Bluetooth: hci1: command tx timeout [ 73.789002][ T5792] Bluetooth: hci0: command tx timeout [ 73.797343][ T27] audit: type=1326 audit(1764533055.948:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.833434][ T27] audit: type=1326 audit(1764533055.948:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.876513][ T5901] loop0: detected capacity change from 0 to 1024 [ 73.880944][ T27] audit: type=1326 audit(1764533055.948:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.920561][ T27] audit: type=1326 audit(1764533056.038:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5899 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b93f8f749 code=0x7ffc0000 [ 73.966701][ T5909] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12'. [ 74.018367][ T5901] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 74.067266][ T5901] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 74.152301][ T5901] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 74.175822][ T5901] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.217395][ T5901] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.6: Inode bitmap for bg 0 marked uninitialized [ 74.255124][ T5901] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 74.532571][ T5918] netlink: 'syz.1.15': attribute type 10 has an invalid length. [ 74.542762][ T5918] macvlan1: entered allmulticast mode [ 74.552614][ T5918] veth1_vlan: entered allmulticast mode [ 74.559853][ T5918] team0: Device macvlan1 is up. Set it down before adding it as a team port [ 74.952611][ T5931] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 75.049668][ T5935] Zero length message leads to an empty skb [ 75.375955][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.736128][ T5954] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 75.763871][ T5797] Bluetooth: hci2: command tx timeout [ 75.764580][ T5792] Bluetooth: hci3: command tx timeout [ 75.843140][ T5792] Bluetooth: hci0: command tx timeout [ 75.843483][ T5797] Bluetooth: hci1: command tx timeout [ 76.329426][ T5975] Cannot find add_set index 0 as target [ 76.496188][ T5979] loop3: detected capacity change from 0 to 1024 [ 76.520484][ T5982] syz.1.42[5982] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.520609][ T5982] syz.1.42[5982] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.543715][ T5983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.43'. [ 76.604162][ T5983] netlink: 32 bytes leftover after parsing attributes in process `syz.0.43'. [ 76.616640][ T5979] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 76.713117][ T5979] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 76.744357][ T5985] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 76.825227][ T5979] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 76.852452][ T5979] EXT4-fs (loop3): orphan cleanup on readonly fs [ 76.967407][ T5979] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.37: Inode bitmap for bg 0 marked uninitialized [ 77.164480][ T5979] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 78.047426][ T6005] netlink: 176 bytes leftover after parsing attributes in process `syz.0.53'. [ 78.697264][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.029767][ T6038] loop0: detected capacity change from 0 to 1024 [ 79.042029][ T6038] EXT4-fs: Ignoring removed bh option [ 79.068713][ T6038] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.115169][ T6038] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.215025][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.554555][ T6067] atomic_op ffff88807fb7d198 conn xmit_atomic 0000000000000000 [ 79.655732][ T6073] netlink: 'syz.0.79': attribute type 10 has an invalid length. [ 79.733321][ T6073] team0: Device veth1_macvtap failed to register rx_handler [ 79.888499][ T6073] syz.0.79 (6073) used greatest stack depth: 20136 bytes left [ 80.201275][ T27] kauditd_printk_skb: 106 callbacks suppressed [ 80.201290][ T27] audit: type=1326 audit(1764533062.568:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6096 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500858f749 code=0x7ffc0000 [ 80.276094][ T27] audit: type=1326 audit(1764533062.568:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6096 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f500858f749 code=0x7ffc0000 [ 80.294839][ T6102] +}[@[6102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.298933][ T6102] +}[@[6102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.341928][ T27] audit: type=1326 audit(1764533062.568:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6096 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500858f749 code=0x7ffc0000 [ 80.441124][ T6108] loop1: detected capacity change from 0 to 164 [ 80.510682][ T6112] loop0: detected capacity change from 0 to 512 [ 80.557515][ T6112] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 80.591743][ T6112] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 80.615350][ T27] audit: type=1326 audit(1764533062.978:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.2.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 80.642275][ T6112] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.679737][ T6112] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0 [ 80.710143][ T6112] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 80.739150][ T6125] loop3: detected capacity change from 0 to 512 [ 80.748538][ T6112] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 80.750327][ T27] audit: type=1326 audit(1764533062.978:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.2.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 80.788465][ T6127] mmap: syz.2.102 (6127) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 80.790633][ T27] audit: type=1326 audit(1764533062.988:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.2.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 80.832669][ T6112] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.95: bg 0: block 40: padding at end of block bitmap is not set [ 80.834793][ T6125] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 80.859223][ T6125] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 80.869386][ T6125] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.99: Corrupt directory, running e2fsck is recommended [ 80.884723][ T27] audit: type=1326 audit(1764533062.988:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.2.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 80.886518][ T6125] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 80.907688][ T6112] EXT4-fs (loop0): Remounting filesystem read-only [ 80.923014][ T6112] EXT4-fs (loop0): 1 truncate cleaned up [ 80.926942][ T6131] netlink: 96 bytes leftover after parsing attributes in process `syz.1.98'. [ 80.929794][ T6112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 80.946604][ T27] audit: type=1326 audit(1764533062.988:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.2.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 81.005576][ T6125] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2249: inode #15: comm syz.3.99: corrupted in-inode xattr: invalid ea_ino [ 81.025151][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.033504][ T27] audit: type=1326 audit(1764533062.988:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.2.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 81.056667][ T6125] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.99: couldn't read orphan inode 15 (err -117) [ 81.096445][ T6125] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.122598][ T6125] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 81.143218][ T6125] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 81.167238][ T6125] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.99: Corrupt directory, running e2fsck is recommended [ 81.190408][ T6137] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 81.223133][ T6137] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 81.243172][ T6137] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.99: Corrupt directory, running e2fsck is recommended [ 81.260139][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 81.267190][ T6125] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 81.292527][ T6125] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 81.314273][ T6125] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.99: Corrupt directory, running e2fsck is recommended [ 81.337434][ T6138] netlink: 224 bytes leftover after parsing attributes in process `syz.2.104'. [ 81.347943][ T6139] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 81.496757][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.851967][ T28] cfg80211: failed to load regulatory.db [ 82.501539][ T6178] netlink: 'syz.0.122': attribute type 1 has an invalid length. [ 82.695678][ T6184] loop0: detected capacity change from 0 to 512 [ 82.713686][ T6184] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.741623][ T6184] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 82.754741][ T6184] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.097515][ T6201] netlink: 8 bytes leftover after parsing attributes in process `syz.2.129'. [ 83.121030][ T6201] netlink: 8 bytes leftover after parsing attributes in process `syz.2.129'. [ 83.578018][ T6216] Driver unsupported XDP return value 0 on prog (id 89) dev N/A, expect packet loss! [ 83.797192][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 84.094053][ T6207] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 84.105999][ T6207] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.129431][ T6207] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.146261][ T6207] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 84.161669][ T6207] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.179281][ T6207] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.191542][ T6207] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 84.210099][ T6207] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.222353][ T6207] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.232819][ T6207] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 84.239322][ T6207] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.251092][ T6207] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.388860][ T6246] macvtap0: refused to change device tx_queue_len [ 84.500291][ T6254] netlink: 96 bytes leftover after parsing attributes in process `syz.1.152'. [ 84.552172][ T6254] loop1: detected capacity change from 0 to 1764 [ 84.652793][ T6262] loop3: detected capacity change from 0 to 2048 [ 84.759334][ T6262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.842824][ T6262] syz.3.157[6262] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.843073][ T6262] syz.3.157[6262] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 85.384442][ T5797] Bluetooth: hci0: command 0x0c1a tx timeout [ 85.583297][ T5786] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 85.772992][ T5786] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 85.886800][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.946692][ T27] kauditd_printk_skb: 71 callbacks suppressed [ 85.946706][ T27] audit: type=1326 audit(1764533068.318:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 85.975449][ T27] audit: type=1326 audit(1764533068.348:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 85.997925][ T27] audit: type=1326 audit(1764533068.348:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.048836][ T27] audit: type=1326 audit(1764533068.348:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.119159][ T27] audit: type=1326 audit(1764533068.348:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.165882][ T5797] Bluetooth: hci2: command 0x0c1a tx timeout [ 86.211391][ T27] audit: type=1326 audit(1764533068.348:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.240339][ T6308] loop0: detected capacity change from 0 to 512 [ 86.247439][ T5797] Bluetooth: hci3: command 0x0c1a tx timeout [ 86.247497][ T5792] Bluetooth: hci1: command 0x0c1a tx timeout [ 86.253635][ T27] audit: type=1326 audit(1764533068.348:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.253674][ T27] audit: type=1326 audit(1764533068.348:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.253710][ T27] audit: type=1326 audit(1764533068.348:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.253744][ T27] audit: type=1326 audit(1764533068.368:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ee878f749 code=0x7ffc0000 [ 86.291749][ T6308] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 86.393070][ T6308] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 86.429147][ T6308] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 86.453758][ T6308] EXT4-fs (loop0): 1 truncate cleaned up [ 86.460652][ T6308] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.509095][ T6320] netlink: 'syz.2.178': attribute type 3 has an invalid length. [ 86.663512][ T6325] netlink: 28 bytes leftover after parsing attributes in process `syz.1.179'. [ 86.687255][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.696159][ T6325] netlink: 28 bytes leftover after parsing attributes in process `syz.1.179'. [ 87.053126][ T6346] netlink: 'syz.1.187': attribute type 1 has an invalid length. [ 87.443926][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout [ 88.159583][ T6394] netlink: 52 bytes leftover after parsing attributes in process `syz.3.209'. [ 88.198008][ T6394] netlink: 'syz.3.209': attribute type 21 has an invalid length. [ 88.217120][ T6394] netlink: 156 bytes leftover after parsing attributes in process `syz.3.209'. [ 88.245248][ T5792] Bluetooth: hci2: command 0x0c1a tx timeout [ 88.316824][ T6401] netlink: 12 bytes leftover after parsing attributes in process `syz.0.214'. [ 88.326546][ T5792] Bluetooth: hci1: command 0x0c1a tx timeout [ 88.333315][ T5792] Bluetooth: hci3: command 0x0c1a tx timeout [ 88.510293][ T6412] loop0: detected capacity change from 0 to 512 [ 88.531601][ T6412] EXT4-fs error (device loop0): ext4_xattr_inode_iget:444: inode #11: comm syz.0.220: iget: bad extra_isize 90 (inode size 256) [ 88.547562][ T6412] EXT4-fs (loop0): Remounting filesystem read-only [ 88.549741][ T6414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.219'. [ 88.558005][ T6412] EXT4-fs warning (device loop0): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 88.576200][ T6412] EXT4-fs (loop0): 1 orphan inode deleted [ 88.583375][ T6412] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.625870][ T6410] ipvlan1: entered promiscuous mode [ 88.631909][ T6410] ipvlan1: entered allmulticast mode [ 88.639226][ T6410] veth0_vlan: entered allmulticast mode [ 88.640500][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.753601][ T6418] syzkaller0: entered promiscuous mode [ 88.759131][ T6418] syzkaller0: entered allmulticast mode [ 88.792375][ T6420] loop0: detected capacity change from 0 to 1024 [ 88.833701][ T6420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.914089][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.048275][ T6432] loop0: detected capacity change from 0 to 128 [ 89.063808][ T6432] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 89.091072][ T6432] ext4 filesystem being mounted at /62/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 89.206174][ T6436] [ 89.208568][ T6436] ====================================================== [ 89.215596][ T6436] WARNING: possible circular locking dependency detected [ 89.222631][ T6436] syzkaller #0 Not tainted [ 89.227053][ T6436] ------------------------------------------------------ [ 89.227057][ T6438] loop1: detected capacity change from 0 to 2048 [ 89.240374][ T6436] syz.0.225/6436 is trying to acquire lock: [ 89.246260][ T6436] ffff88802fa24608 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2b9/0xea0 [ 89.255217][ T6436] [ 89.255217][ T6436] but task is already holding lock: [ 89.262572][ T6436] ffff88802fa26bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_ext_migrate+0x2f1/0xff0 [ 89.272651][ T6436] [ 89.272651][ T6436] which lock already depends on the new lock. [ 89.272651][ T6436] [ 89.283039][ T6436] [ 89.283039][ T6436] the existing dependency chain (in reverse order) is: [ 89.292038][ T6436] [ 89.292038][ T6436] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 89.300452][ T6436] percpu_down_read+0x44/0x1a0 [ 89.305736][ T6436] ext4_writepages+0x170/0x2f0 [ 89.311011][ T6436] do_writepages+0x3a2/0x600 [ 89.316118][ T6436] __writeback_single_inode+0x153/0xee0 [ 89.322173][ T6436] writeback_single_inode+0x211/0x720 [ 89.328049][ T6436] write_inode_now+0x161/0x1e0 [ 89.333318][ T6436] iput+0x5b2/0x920 [ 89.337631][ T6436] ext4_xattr_block_set+0x273a/0x32a0 [ 89.343602][ T6436] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 89.350003][ T6436] __ext4_expand_extra_isize+0x306/0x400 [ 89.356145][ T6436] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 89.362116][ T6436] ext4_evict_inode+0x7ed/0xea0 [ 89.367471][ T6436] evict+0x486/0x870 [ 89.371875][ T6436] ext4_orphan_cleanup+0xbd4/0x1400 [ 89.377588][ T6436] ext4_fill_super+0x5de4/0x66c0 [ 89.383030][ T6436] get_tree_bdev+0x3e4/0x510 [ 89.388131][ T6436] vfs_get_tree+0x8c/0x280 [ 89.393059][ T6436] do_new_mount+0x24b/0xa40 [ 89.398162][ T6436] __se_sys_mount+0x2da/0x3c0 [ 89.403343][ T6436] do_syscall_64+0x55/0xb0 [ 89.408266][ T6436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 89.414700][ T6436] [ 89.414700][ T6436] -> #0 (sb_internal){.+.+}-{0:0}: [ 89.421986][ T6436] __lock_acquire+0x2ddb/0x7c80 [ 89.427345][ T6436] lock_acquire+0x197/0x410 [ 89.432354][ T6436] percpu_down_read+0x44/0x1a0 [ 89.437626][ T6436] ext4_evict_inode+0x2b9/0xea0 [ 89.442984][ T6436] evict+0x486/0x870 [ 89.447383][ T6436] ext4_ext_migrate+0xcfb/0xff0 [ 89.452737][ T6436] ext4_ioctl+0x1c4b/0x3820 [ 89.457748][ T6436] __se_sys_ioctl+0xfd/0x170 [ 89.462844][ T6436] do_syscall_64+0x55/0xb0 [ 89.467774][ T6436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 89.474173][ T6436] [ 89.474173][ T6436] other info that might help us debug this: [ 89.474173][ T6436] [ 89.484381][ T6436] Possible unsafe locking scenario: [ 89.484381][ T6436] [ 89.491815][ T6436] CPU0 CPU1 [ 89.497164][ T6436] ---- ---- [ 89.502508][ T6436] lock(&sbi->s_writepages_rwsem); [ 89.507695][ T6436] lock(sb_internal); [ 89.514269][ T6436] lock(&sbi->s_writepages_rwsem); [ 89.521981][ T6436] rlock(sb_internal); [ 89.526122][ T6436] [ 89.526122][ T6436] *** DEADLOCK *** [ 89.526122][ T6436] [ 89.534265][ T6436] 3 locks held by syz.0.225/6436: [ 89.539269][ T6436] #0: ffff88802fa24418 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write_file+0x63/0x200 [ 89.548923][ T6436] #1: ffff8880789b4a10 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_ioctl+0x1c43/0x3820 [ 89.559269][ T6436] #2: ffff88802fa26bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_ext_migrate+0x2f1/0xff0 [ 89.569779][ T6436] [ 89.569779][ T6436] stack backtrace: [ 89.575667][ T6436] CPU: 1 PID: 6436 Comm: syz.0.225 Not tainted syzkaller #0 [ 89.582935][ T6436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 89.592983][ T6436] Call Trace: [ 89.596245][ T6436] [ 89.599167][ T6436] dump_stack_lvl+0x16c/0x230 [ 89.603838][ T6436] ? load_image+0x3b0/0x3b0 [ 89.608332][ T6436] ? show_regs_print_info+0x20/0x20 [ 89.613522][ T6436] ? print_circular_bug+0x12b/0x1a0 [ 89.618720][ T6436] check_noncircular+0x2bd/0x3c0 [ 89.623646][ T6436] ? print_deadlock_bug+0x5d0/0x5d0 [ 89.628837][ T6436] ? lockdep_lock+0xe0/0x220 [ 89.633416][ T6436] ? __lock_acquire+0x1260/0x7c80 [ 89.638426][ T6436] ? _find_first_zero_bit+0xd3/0x100 [ 89.643705][ T6436] __lock_acquire+0x2ddb/0x7c80 [ 89.648549][ T6436] ? __lock_acquire+0x1334/0x7c80 [ 89.653557][ T6436] ? verify_lock_unused+0x140/0x140 [ 89.658746][ T6436] ? verify_lock_unused+0x140/0x140 [ 89.663931][ T6436] ? truncate_inode_pages_range+0x3a9/0xf00 [ 89.669819][ T6436] ? mapping_evict_folio+0x510/0x510 [ 89.675094][ T6436] lock_acquire+0x197/0x410 [ 89.679584][ T6436] ? ext4_evict_inode+0x2b9/0xea0 [ 89.684605][ T6436] ? __might_sleep+0xe0/0xe0 [ 89.689181][ T6436] ? read_lock_is_recursive+0x20/0x20 [ 89.694572][ T6436] ? dquot_initialize+0x20/0x20 [ 89.699409][ T6436] ? do_raw_spin_lock+0x121/0x2c0 [ 89.704424][ T6436] percpu_down_read+0x44/0x1a0 [ 89.709177][ T6436] ? ext4_evict_inode+0x2b9/0xea0 [ 89.714189][ T6436] ext4_evict_inode+0x2b9/0xea0 [ 89.719116][ T6436] ? _raw_spin_unlock+0x28/0x40 [ 89.723951][ T6436] ? inode_wait_for_writeback+0x1b4/0x200 [ 89.729654][ T6436] ? evict+0x451/0x870 [ 89.733707][ T6436] ? sb_clear_inode_writeback+0x360/0x360 [ 89.739410][ T6436] ? do_raw_spin_lock+0x121/0x2c0 [ 89.744422][ T6436] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 89.750308][ T6436] ? do_raw_spin_unlock+0x121/0x230 [ 89.755496][ T6436] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 89.761373][ T6436] evict+0x486/0x870 [ 89.765253][ T6436] ? __lock_acquire+0x7c80/0x7c80 [ 89.770265][ T6436] ? proc_nr_inodes+0x230/0x230 [ 89.775184][ T6436] ? do_raw_spin_unlock+0x121/0x230 [ 89.780376][ T6436] ? _raw_spin_unlock+0x28/0x40 [ 89.785215][ T6436] ? iput+0x70a/0x920 [ 89.789184][ T6436] ext4_ext_migrate+0xcfb/0xff0 [ 89.794024][ T6436] ? mb_regenerate_buddy+0x510/0x510 [ 89.799298][ T6436] ? down_read_killable+0x340/0x340 [ 89.804481][ T6436] ? sb_start_write+0x110/0x1c0 [ 89.809321][ T6436] ? mnt_want_write_file+0x16a/0x200 [ 89.814606][ T6436] ext4_ioctl+0x1c4b/0x3820 [ 89.819102][ T6436] ? ext4_fileattr_set+0x1630/0x1630 [ 89.824378][ T6436] ? mark_lock+0x94/0x320 [ 89.828692][ T6436] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 89.834668][ T6436] ? do_vfs_ioctl+0x1567/0x1bb0 [ 89.839505][ T6436] ? __ia32_compat_sys_ioctl+0x7f0/0x7f0 [ 89.845125][ T6436] ? tomoyo_path_number_perm+0x1ba/0x590 [ 89.850750][ T6436] ? __lock_acquire+0x7c80/0x7c80 [ 89.855757][ T6436] ? slab_free_freelist_hook+0x130/0x1b0 [ 89.861381][ T6436] ? tomoyo_path_number_perm+0x477/0x590 [ 89.867000][ T6436] ? __kmem_cache_free+0xba/0x1f0 [ 89.872013][ T6436] ? tomoyo_path_number_perm+0x4dc/0x590 [ 89.877633][ T6436] ? tomoyo_path_number_perm+0x1ba/0x590 [ 89.883258][ T6436] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 89.888723][ T6436] ? __fget_files+0x28/0x4d0 [ 89.893305][ T6436] ? bpf_lsm_file_ioctl+0x9/0x10 [ 89.898227][ T6436] ? security_file_ioctl+0x80/0xa0 [ 89.903341][ T6436] ? ext4_fileattr_set+0x1630/0x1630 [ 89.908619][ T6436] __se_sys_ioctl+0xfd/0x170 [ 89.913200][ T6436] do_syscall_64+0x55/0xb0 [ 89.917611][ T6436] ? clear_bhb_loop+0x40/0x90 [ 89.922275][ T6436] ? clear_bhb_loop+0x40/0x90 [ 89.926946][ T6436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 89.932825][ T6436] RIP: 0033:0x7f19b098f749 [ 89.937241][ T6436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.956848][ T6436] RSP: 002b:00007f19b17bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.965261][ T6436] RAX: ffffffffffffffda RBX: 00007f19b0be6090 RCX: 00007f19b098f749 [ 89.973231][ T6436] RDX: 0000000000000000 RSI: 0000000000006609 RDI: 0000000000000004 [ 89.981187][ T6436] RBP: 00007f19b0a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 89.989146][ T6436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.997102][ T6436] R13: 00007f19b0be6128 R14: 00007f19b0be6090 R15: 00007ffd95fb3078 [ 90.005069][ T6436] [ 90.020685][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout [ 90.049079][ T6438] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.049697][ T5785] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 90.080727][ T6438] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 90.097626][ T6438] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 22 with error 28 [ 90.111264][ T6438] EXT4-fs (loop1): This should not happen!! Data will be lost [ 90.111264][ T6438] [ 90.121220][ T6438] EXT4-fs (loop1): Total free blocks count 0 [ 90.128706][ T6438] EXT4-fs (loop1): Free/Dirty block details [ 90.134869][ T6438] EXT4-fs (loop1): free_blocks=2415919504 [ 90.140624][ T6438] EXT4-fs (loop1): dirty_blocks=32 [ 90.142454][ T6441] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 90.147381][ T6438] EXT4-fs (loop1): Block reservation details [ 90.158227][ T6441] EXT4-fs (loop1): This should not happen!! Data will be lost [ 90.158227][ T6441] [ 90.323083][ T5792] Bluetooth: hci2: command 0x0c1a tx timeout [ 90.403123][ T5797] Bluetooth: hci1: command 0x0c1a tx timeout [ 90.404191][ T5792] Bluetooth: hci3: command 0x0c1a tx timeout