last executing test programs: 7.322909647s ago: executing program 0 (id=1): r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r1 = syz_open_dev$dri(0x0, 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[0x0], 0x0, 0x0, 0x0, 0x1}) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0x1000001, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x1c8, 0x12) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000280)={0x0, 0x0, r2}) r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x800) read$qrtrtun(r7, 0x0, 0x0) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f00000000c0)={0x0, @remote, @empty}, 0xc) 6.852291483s ago: executing program 4 (id=5): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='auxv\x00') mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 6.504658706s ago: executing program 1 (id=2): mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[], 0x60}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) 6.264408956s ago: executing program 2 (id=8): socket$inet6_mptcp(0xa, 0x1, 0x106) syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) syz_io_uring_setup(0x1911, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, 0x0, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) eventfd(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) socket$packet(0x11, 0x3, 0x300) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000180)={0x7ff}, 0x0, 0x0, 0x0) 6.238895975s ago: executing program 1 (id=9): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) ptrace$ARCH_MAP_VDSO_X32(0x1e, r0, 0x3800000000, 0x2001) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x9, &(0x7f0000000040)=0x1, 0x4) 6.063898313s ago: executing program 2 (id=10): setresuid(0xee00, 0xee01, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b000000000000000000000004000000000000", @ANYRES32=0x1, @ANYBLOB="0300"/18, @ANYRES32], 0x50) 6.046621491s ago: executing program 3 (id=11): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) ptrace$ARCH_MAP_VDSO_X32(0x1e, r0, 0x3800000000, 0x2001) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x9, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e22, @loopback}, 0x10) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/tcp\x00') preadv(r5, &(0x7f0000000480)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1, 0x8, 0x0) sendmmsg$inet6(r3, &(0x7f00000002c0)=[{{&(0x7f0000000b00)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r1, 0x0, 0x0, 0x12141, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r6 = socket$rds(0x15, 0x5, 0x0) fsopen(&(0x7f00000003c0)='iso9660\x00', 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bind$rds(r6, 0x0, 0x0) 5.85417897s ago: executing program 2 (id=12): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x403, 0xfffffffc, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 4.905938336s ago: executing program 3 (id=13): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0xfffffffc, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 4.612407137s ago: executing program 3 (id=14): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x8f, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) 4.597102472s ago: executing program 3 (id=15): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r3, &(0x7f0000002300)={0x50, 0x0, r4, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r3, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r5}, 0x10) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r6, r3, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r7, 0x0) 4.446752235s ago: executing program 4 (id=16): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000040)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000400a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c0108800c0100800600050007000000240002008665"], 0x1d8}}, 0x0) 4.208173693s ago: executing program 2 (id=17): r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, 0x0) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10) getpid() bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1e, 0x2f, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESDEC=0x0]) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_PASTESEL(r5, 0x4b52, &(0x7f0000000040)) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda0602000000ffe80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) r7 = socket$inet6(0x10, 0x6, 0x0) write(r7, 0x0, 0x0) 4.130555613s ago: executing program 3 (id=18): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) connect$l2tp(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000000c0)={0x1f, 0x0, 0x0, 0x0, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x2c}, @rand_addr=0xff}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0d", 0xe) syz_emit_ethernet(0x76, &(0x7f00000017c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x40, 0x3a, 0x0, @dev, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9564ca", 0x0, 0x33, 0x0, @private2, @mcast1, [@hopopts={0x29}], "7ecc4f8b252ca180"}}}}}}}, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_NETID(r4, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000780)={0x24, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {{}, {}, {0x8, 0x2, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) recvmsg$unix(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=""/144, 0x90}], 0x1}, 0x100) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r5, &(0x7f0000001a00)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x401, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='P', 0x1}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000002400)=[{&(0x7f0000000140)}], 0x1}}], 0x2, 0x0) shutdown(r5, 0x1) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x88}, 0x1, 0x0, 0x0, 0x4000004}, 0x40000) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmmsg$inet(r0, &(0x7f0000004b40)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffffa1, 0x0) 3.833733632s ago: executing program 4 (id=19): mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x60}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) 2.884176344s ago: executing program 2 (id=20): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) epoll_create1(0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 2.883720097s ago: executing program 4 (id=21): sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}}, 0x0) 2.804390213s ago: executing program 1 (id=22): bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000280)='net/snmp6\x00') r3 = fsopen(&(0x7f00000000c0)='ecryptfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 1.769590419s ago: executing program 1 (id=23): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r4, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r4, &(0x7f0000000000), 0x10) dup3(r3, r4, 0x0) 1.647672741s ago: executing program 4 (id=24): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 1.647220381s ago: executing program 0 (id=25): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045540, &(0x7f0000000100)) 1.579072703s ago: executing program 3 (id=26): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) write$eventfd(r1, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 282.20652ms ago: executing program 2 (id=27): open(0x0, 0x143142, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="b405000200000000711035000000000005000019000000009500000000400000083363649fec97b49b080839d6b3eb83f11a627be9fc6edf8df6039be2bb5d00241511058e221336e13ba492aa1d9146973b562288b01dfc3e20fed23f0782805f1a0f58d31439479e86bce90355a864216e9c5bd080c0108857d6dca5f7ee813d204f94120c1eb3923387c9d798f7f85e177d8f384daeadf62f0a5b96da2ccffd"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000ac0)=r0, 0x4) r2 = socket$inet6(0xa, 0x3, 0x103) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000001700)=[{{0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0xfc}, 0x1030000}], 0x40000000000035c, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) ioctl$BTRFS_IOC_FS_INFO(r1, 0x8400941f, &(0x7f00000004c0)) sendfile(r7, r6, 0x0, 0x20000023893) 1.12917ms ago: executing program 0 (id=28): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='mm_compaction_begin\x00', r1, 0x0, 0x2}, 0x18) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$MAP_GET_NEXT_KEY(0x22, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r4}, 0x10) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) close(r6) 388.103µs ago: executing program 1 (id=29): openat$sequencer2(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[], 0x1c}}, 0x0) close(0x3) 0s ago: executing program 4 (id=30): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r0) getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$gtp(0x0, r0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f00000000c0)={'team0\x00', 0x44}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts. [ 58.263107][ T5832] cgroup: Unknown subsys name 'net' [ 58.387608][ T5832] cgroup: Unknown subsys name 'cpuset' [ 58.395575][ T5832] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.666180][ T5832] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.922897][ T5860] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.931732][ T5861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.945197][ T5861] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.965433][ T5861] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.966284][ T5860] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 61.975422][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.981946][ T5860] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.989362][ T5861] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.996192][ T5860] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.002846][ T5861] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.010363][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.015084][ T5862] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.026215][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.033400][ T5862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.043926][ T5862] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.051900][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.060005][ T5862] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.067978][ T5862] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 62.071873][ T5863] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.075873][ T5862] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.084080][ T5863] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.096186][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.096245][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.104086][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.119644][ T5863] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.120767][ T5860] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.136582][ T5158] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.138862][ T5860] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.143704][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.164311][ T5862] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.621401][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 62.646315][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 62.668464][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 62.749589][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 62.814899][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 62.842930][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.851253][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.858838][ T5844] bridge_slave_0: entered allmulticast mode [ 62.866067][ T5844] bridge_slave_0: entered promiscuous mode [ 62.903372][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.911840][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.919758][ T5844] bridge_slave_1: entered allmulticast mode [ 62.926800][ T5844] bridge_slave_1: entered promiscuous mode [ 62.962182][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.969435][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.976966][ T5846] bridge_slave_0: entered allmulticast mode [ 62.983585][ T5846] bridge_slave_0: entered promiscuous mode [ 63.018152][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.025607][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.032887][ T5846] bridge_slave_1: entered allmulticast mode [ 63.039911][ T5846] bridge_slave_1: entered promiscuous mode [ 63.058782][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.074058][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.082031][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.089776][ T5847] bridge_slave_0: entered allmulticast mode [ 63.096535][ T5847] bridge_slave_0: entered promiscuous mode [ 63.114640][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.137851][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.145553][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.152711][ T5847] bridge_slave_1: entered allmulticast mode [ 63.159635][ T5847] bridge_slave_1: entered promiscuous mode [ 63.176485][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.216387][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.237947][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.246565][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.253750][ T5842] bridge_slave_0: entered allmulticast mode [ 63.260929][ T5842] bridge_slave_0: entered promiscuous mode [ 63.276046][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.294277][ T5844] team0: Port device team_slave_0 added [ 63.301039][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.308494][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.315878][ T5842] bridge_slave_1: entered allmulticast mode [ 63.322544][ T5842] bridge_slave_1: entered promiscuous mode [ 63.329313][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.337529][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.344997][ T5843] bridge_slave_0: entered allmulticast mode [ 63.351699][ T5843] bridge_slave_0: entered promiscuous mode [ 63.360336][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.389207][ T5846] team0: Port device team_slave_0 added [ 63.397703][ T5844] team0: Port device team_slave_1 added [ 63.405996][ T5846] team0: Port device team_slave_1 added [ 63.420301][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.427600][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.435554][ T5843] bridge_slave_1: entered allmulticast mode [ 63.442138][ T5843] bridge_slave_1: entered promiscuous mode [ 63.461237][ T5847] team0: Port device team_slave_0 added [ 63.506609][ T5847] team0: Port device team_slave_1 added [ 63.521865][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.529121][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.555609][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.569006][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.576527][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.603691][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.632474][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.644964][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.672066][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.683812][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.700235][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.707584][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.735003][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.747868][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.754955][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.781193][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.799500][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.806585][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.833283][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.870659][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.880758][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.907537][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.933586][ T5843] team0: Port device team_slave_0 added [ 63.942044][ T5843] team0: Port device team_slave_1 added [ 63.950886][ T5842] team0: Port device team_slave_0 added [ 63.961091][ T5842] team0: Port device team_slave_1 added [ 64.005312][ T5844] hsr_slave_0: entered promiscuous mode [ 64.011632][ T5844] hsr_slave_1: entered promiscuous mode [ 64.025386][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.032356][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.058546][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.071739][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.078770][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.104799][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.135567][ T5863] Bluetooth: hci4: command tx timeout [ 64.146707][ T5847] hsr_slave_0: entered promiscuous mode [ 64.152955][ T5847] hsr_slave_1: entered promiscuous mode [ 64.159692][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.167984][ T5847] Cannot create hsr debugfs directory [ 64.185106][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.192083][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.204811][ T54] Bluetooth: hci3: command tx timeout [ 64.218122][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.219937][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.223829][ T5851] Bluetooth: hci2: command tx timeout [ 64.234332][ T5862] Bluetooth: hci1: command tx timeout [ 64.242157][ T5863] Bluetooth: hci0: command tx timeout [ 64.258237][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.284404][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.309899][ T5846] hsr_slave_0: entered promiscuous mode [ 64.316069][ T5846] hsr_slave_1: entered promiscuous mode [ 64.321954][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.329970][ T5846] Cannot create hsr debugfs directory [ 64.397521][ T5843] hsr_slave_0: entered promiscuous mode [ 64.407763][ T5843] hsr_slave_1: entered promiscuous mode [ 64.413809][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.421863][ T5843] Cannot create hsr debugfs directory [ 64.466382][ T5842] hsr_slave_0: entered promiscuous mode [ 64.472606][ T5842] hsr_slave_1: entered promiscuous mode [ 64.479345][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.487243][ T5842] Cannot create hsr debugfs directory [ 64.784545][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 64.799285][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 64.821150][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 64.839881][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 64.874123][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.883793][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.917286][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.932857][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.957726][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.968921][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.986588][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.024938][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.069819][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.100053][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.111255][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.122683][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.204115][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.220258][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.241699][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.251709][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.285077][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.330927][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.357577][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.401296][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.408700][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.430079][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.439430][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.467772][ T716] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.474968][ T716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.500838][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.517161][ T716] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.524275][ T716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.534333][ T716] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.541475][ T716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.609236][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.617153][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.641689][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.680138][ T716] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.687341][ T716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.733595][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.782191][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.789395][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.800610][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.807792][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.899045][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.958739][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.993581][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.000790][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.021993][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.058404][ T716] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.065682][ T716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.157679][ T5843] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.186836][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.206666][ T5863] Bluetooth: hci4: command tx timeout [ 66.213762][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.285697][ T5863] Bluetooth: hci2: command tx timeout [ 66.287172][ T5851] Bluetooth: hci1: command tx timeout [ 66.291181][ T5863] Bluetooth: hci0: command tx timeout [ 66.297428][ T5862] Bluetooth: hci3: command tx timeout [ 66.336669][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.443497][ T5846] veth0_vlan: entered promiscuous mode [ 66.501091][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.513927][ T5846] veth1_vlan: entered promiscuous mode [ 66.547722][ T5842] veth0_vlan: entered promiscuous mode [ 66.590660][ T5842] veth1_vlan: entered promiscuous mode [ 66.617637][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.650264][ T5847] veth0_vlan: entered promiscuous mode [ 66.670571][ T5846] veth0_macvtap: entered promiscuous mode [ 66.679219][ T5844] veth0_vlan: entered promiscuous mode [ 66.694099][ T5847] veth1_vlan: entered promiscuous mode [ 66.704472][ T5846] veth1_macvtap: entered promiscuous mode [ 66.714690][ T5844] veth1_vlan: entered promiscuous mode [ 66.742434][ T5842] veth0_macvtap: entered promiscuous mode [ 66.751892][ T5842] veth1_macvtap: entered promiscuous mode [ 66.781765][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.808119][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.830279][ T5844] veth0_macvtap: entered promiscuous mode [ 66.840685][ T5847] veth0_macvtap: entered promiscuous mode [ 66.861316][ T5844] veth1_macvtap: entered promiscuous mode [ 66.871228][ T5846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.880757][ T5846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.889751][ T5846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.898516][ T5846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.911547][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.922639][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.934208][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.947131][ T5843] veth0_vlan: entered promiscuous mode [ 66.960946][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.972088][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.984842][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.995565][ T5842] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.004278][ T5842] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.019357][ T5842] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.028288][ T5842] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.039328][ T5847] veth1_macvtap: entered promiscuous mode [ 67.070241][ T5843] veth1_vlan: entered promiscuous mode [ 67.091809][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.102612][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.114955][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.125771][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.137893][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.149117][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.159830][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.170142][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.180774][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.191521][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.202129][ T5844] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.211331][ T5844] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.220525][ T5844] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.229755][ T5844] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.273516][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.285607][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.295743][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.308146][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.318030][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.329096][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.340870][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.390403][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.401242][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.411836][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.423139][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.433100][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.443608][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.456454][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.480822][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.490097][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.490432][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.500477][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.514693][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.523398][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.581795][ T5843] veth0_macvtap: entered promiscuous mode [ 67.599117][ T3023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.600164][ T5843] veth1_macvtap: entered promiscuous mode [ 67.613656][ T3023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.635284][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.643143][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.679361][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.688045][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.719204][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.736590][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.746819][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.758359][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.768373][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.778832][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.788759][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.799257][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.811695][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.837060][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.850845][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.853806][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 67.863761][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.887782][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.898155][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.909380][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.919326][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.929811][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.942117][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.970477][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.971372][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.984777][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.997749][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.007339][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.016766][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.099728][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.111004][ T3023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.127403][ T3023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.128279][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.214741][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.222572][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.395401][ T5851] Bluetooth: hci4: command tx timeout [ 68.401150][ T5851] Bluetooth: hci0: command tx timeout [ 68.407635][ T5851] Bluetooth: hci1: command tx timeout [ 68.413061][ T5851] Bluetooth: hci2: command tx timeout [ 68.425853][ T5862] Bluetooth: hci3: command tx timeout [ 68.445111][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 68.546842][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.718733][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.739899][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.829526][ T3023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.865364][ T3023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.135592][ T5848] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 69.185117][ T5945] syz.3.7 uses obsolete (PF_INET,SOCK_PACKET) [ 69.324951][ T5848] usb 5-1: Using ep0 maxpacket: 8 [ 69.338025][ T5848] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 69.357381][ T5848] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 69.381343][ T5848] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 69.399558][ T5848] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 69.483376][ T5848] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 69.506986][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.541963][ T5931] block device autoloading is deprecated and will be removed. [ 69.762434][ T5848] usb 5-1: GET_CAPABILITIES returned 0 [ 69.810983][ T5848] usbtmc 5-1:16.0: can't read capabilities [ 69.817680][ T5961] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 70.139142][ T5938] 9pnet_fd: Insufficient options for proto=fd [ 70.522202][ T5863] Bluetooth: hci2: command tx timeout [ 70.528539][ T5863] Bluetooth: hci3: command tx timeout [ 70.533985][ T5863] Bluetooth: hci1: command tx timeout [ 70.539680][ T5862] Bluetooth: hci0: command tx timeout [ 70.545178][ T5863] Bluetooth: hci4: command tx timeout [ 70.604522][ T5961] ipvlan2: entered promiscuous mode [ 70.623751][ T5848] usb 5-1: USB disconnect, device number 2 [ 70.705631][ T5967] ip_vti0: Master is either lo or non-ether device [ 70.871024][ T5970] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 71.076626][ T29] audit: type=1804 audit(1730488026.762:2): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.15" name="/newroot/5/file1" dev="fuse" ino=1 res=1 errno=0 [ 71.206417][ T29] audit: type=1800 audit(1730488026.762:3): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.15" name="/" dev="fuse" ino=1 res=0 errno=0 [ 71.367379][ T29] audit: type=1804 audit(1730488026.762:4): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.15" name="/newroot/5/file1" dev="fuse" ino=1 res=1 errno=0 [ 71.387807][ T29] audit: type=1804 audit(1730488026.762:5): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.15" name="/newroot/5/file1" dev="fuse" ino=1 res=1 errno=0 [ 71.407707][ C0] vkms_vblank_simulate: vblank timer overrun [ 71.415949][ T29] audit: type=1800 audit(1730488026.762:6): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.15" name="/" dev="fuse" ino=1 res=0 errno=0 [ 71.455010][ T5977] netlink: 220 bytes leftover after parsing attributes in process `syz.4.16'. [ 71.595301][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.601865][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.628321][ T5981] xfrm0: entered allmulticast mode [ 73.007775][ T5999] Error parsing options; rc = [-22] [ 75.817463][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 75.826557][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 75.888625][ T6025] ================================================================== [ 75.896730][ T6025] BUG: KASAN: slab-out-of-bounds in skb_copy_and_csum_bits+0x433/0x9c0 [ 75.905004][ T6025] Write of size 1108 at addr ffff88805e44aa24 by task syz.2.27/6025 [ 75.912987][ T6025] [ 75.915341][ T6025] CPU: 1 UID: 0 PID: 6025 Comm: syz.2.27 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 75.925344][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 75.935448][ T6025] Call Trace: [ 75.938757][ T6025] [ 75.941704][ T6025] dump_stack_lvl+0x241/0x360 [ 75.946403][ T6025] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.951613][ T6025] ? __pfx__printk+0x10/0x10 [ 75.956220][ T6025] ? _printk+0xd5/0x120 [ 75.960393][ T6025] ? __virt_addr_valid+0x183/0x530 [ 75.965524][ T6025] ? __virt_addr_valid+0x183/0x530 [ 75.970642][ T6025] print_report+0x169/0x550 [ 75.975159][ T6025] ? __virt_addr_valid+0x183/0x530 [ 75.980279][ T6025] ? __virt_addr_valid+0x183/0x530 [ 75.985488][ T6025] ? __virt_addr_valid+0x45f/0x530 [ 75.990611][ T6025] ? __phys_addr+0xba/0x170 [ 75.995127][ T6025] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 76.000769][ T6025] kasan_report+0x143/0x180 [ 76.005287][ T6025] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 76.010841][ T6025] kasan_check_range+0x282/0x290 [ 76.015785][ T6025] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 76.021511][ T6025] __asan_memcpy+0x40/0x70 [ 76.025945][ T6025] skb_copy_and_csum_bits+0x433/0x9c0 [ 76.031330][ T6025] __ip_append_data+0x2fc1/0x40f0 [ 76.036379][ T6025] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 76.041940][ T6025] ? __pfx___ip_append_data+0x10/0x10 [ 76.047323][ T6025] ? lockdep_hardirqs_on+0x99/0x150 [ 76.052534][ T6025] ip_append_data+0x14c/0x190 [ 76.057224][ T6025] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 76.062785][ T6025] udp_sendmsg+0x3e2/0x2a50 [ 76.067299][ T6025] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 76.074251][ T6025] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 76.079805][ T6025] ? __pfx_lock_acquire+0x10/0x10 [ 76.084836][ T6025] ? __pfx_udp_sendmsg+0x10/0x10 [ 76.089783][ T6025] ? unwind_next_frame+0x18e6/0x22d0 [ 76.095086][ T6025] ? __pfx_aa_sk_perm+0x10/0x10 [ 76.099947][ T6025] ? unwind_get_return_address+0x4d/0x90 [ 76.105581][ T6025] ? sock_rps_record_flow+0x1a/0x400 [ 76.110875][ T6025] ? inet_sendmsg+0x2ba/0x390 [ 76.115558][ T6025] __sock_sendmsg+0x1a6/0x270 [ 76.120244][ T6025] sock_sendmsg+0x134/0x200 [ 76.124759][ T6025] ? __pfx_sock_sendmsg+0x10/0x10 [ 76.129814][ T6025] ? stack_depot_save_flags+0x29/0x830 [ 76.135319][ T6025] ? copy_splice_read+0xa07/0xb60 [ 76.140369][ T6025] ? splice_direct_to_actor+0x4af/0xc80 [ 76.145933][ T6025] ? do_splice_direct+0x289/0x3e0 [ 76.150969][ T6025] ? do_sendfile+0x561/0xe10 [ 76.155576][ T6025] ? do_syscall_64+0xf3/0x230 [ 76.160262][ T6025] ? iov_iter_bvec+0x4e/0x180 [ 76.164949][ T6025] splice_to_socket+0xa10/0x10b0 [ 76.169885][ T6025] ? __pfx_splice_to_socket+0x10/0x10 [ 76.175257][ T6025] ? file_start_write+0x5e/0x250 [ 76.180177][ T6025] ? file_start_write+0x10c/0x250 [ 76.185191][ T6025] ? __pfx_splice_to_socket+0x10/0x10 [ 76.190552][ T6025] direct_splice_actor+0x11b/0x220 [ 76.195660][ T6025] splice_direct_to_actor+0x586/0xc80 [ 76.201015][ T6025] ? __pfx_direct_splice_actor+0x10/0x10 [ 76.206630][ T6025] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 76.212515][ T6025] ? rcu_read_unlock_special+0x497/0x570 [ 76.218137][ T6025] ? __fget_files+0x2a/0x410 [ 76.222723][ T6025] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.228741][ T6025] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 76.234725][ T6025] do_splice_direct+0x289/0x3e0 [ 76.239599][ T6025] ? __pfx_do_splice_direct+0x10/0x10 [ 76.244980][ T6025] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 76.250864][ T6025] ? bpf_lsm_file_permission+0x9/0x10 [ 76.256228][ T6025] ? security_file_permission+0x74/0x280 [ 76.261860][ T6025] ? rw_verify_area+0x1c3/0x6f0 [ 76.266707][ T6025] do_sendfile+0x561/0xe10 [ 76.271118][ T6025] ? __pfx_do_sendfile+0x10/0x10 [ 76.276040][ T6025] __se_sys_sendfile64+0x17c/0x1e0 [ 76.281157][ T6025] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 76.286803][ T6025] ? do_syscall_64+0x100/0x230 [ 76.291552][ T6025] ? do_syscall_64+0xb6/0x230 [ 76.296210][ T6025] do_syscall_64+0xf3/0x230 [ 76.300694][ T6025] ? clear_bhb_loop+0x35/0x90 [ 76.305353][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.311233][ T6025] RIP: 0033:0x7fa74ff7e719 [ 76.315637][ T6025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.335235][ T6025] RSP: 002b:00007fa750cfa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 76.343722][ T6025] RAX: ffffffffffffffda RBX: 00007fa750136130 RCX: 00007fa74ff7e719 [ 76.351681][ T6025] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009 [ 76.359652][ T6025] RBP: 00007fa74fff132e R08: 0000000000000000 R09: 0000000000000000 [ 76.367623][ T6025] R10: 0000020000023893 R11: 0000000000000246 R12: 0000000000000000 [ 76.375593][ T6025] R13: 0000000000000000 R14: 00007fa750136130 R15: 00007ffccb635498 [ 76.383566][ T6025] [ 76.386586][ T6025] [ 76.388901][ T6025] Allocated by task 6025: [ 76.393231][ T6025] kasan_save_track+0x3f/0x80 [ 76.397916][ T6025] __kasan_slab_alloc+0x66/0x80 [ 76.402757][ T6025] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 76.408643][ T6025] kmalloc_reserve+0xa8/0x2a0 [ 76.413317][ T6025] __alloc_skb+0x1f3/0x440 [ 76.417717][ T6025] __ip_append_data+0x2da7/0x40f0 [ 76.422723][ T6025] ip_append_data+0x14c/0x190 [ 76.427382][ T6025] udp_sendmsg+0x3e2/0x2a50 [ 76.431874][ T6025] __sock_sendmsg+0x1a6/0x270 [ 76.436565][ T6025] sock_sendmsg+0x134/0x200 [ 76.441049][ T6025] splice_to_socket+0xa10/0x10b0 [ 76.445977][ T6025] direct_splice_actor+0x11b/0x220 [ 76.451068][ T6025] splice_direct_to_actor+0x586/0xc80 [ 76.456418][ T6025] do_splice_direct+0x289/0x3e0 [ 76.461246][ T6025] do_sendfile+0x561/0xe10 [ 76.465650][ T6025] __se_sys_sendfile64+0x17c/0x1e0 [ 76.470738][ T6025] do_syscall_64+0xf3/0x230 [ 76.475221][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.481110][ T6025] [ 76.483412][ T6025] The buggy address belongs to the object at ffff88805e44aa00 [ 76.483412][ T6025] which belongs to the cache skbuff_small_head of size 640 [ 76.497978][ T6025] The buggy address is located 36 bytes inside of [ 76.497978][ T6025] allocated 640-byte region [ffff88805e44aa00, ffff88805e44ac80) [ 76.512022][ T6025] [ 76.514332][ T6025] The buggy address belongs to the physical page: [ 76.520734][ T6025] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e448 [ 76.529481][ T6025] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.537967][ T6025] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 76.545960][ T6025] page_type: f5(slab) [ 76.549929][ T6025] raw: 00fff00000000040 ffff88801e2d9280 0000000000000000 0000000000000001 [ 76.558502][ T6025] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 76.567075][ T6025] head: 00fff00000000040 ffff88801e2d9280 0000000000000000 0000000000000001 [ 76.575734][ T6025] head: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 76.584385][ T6025] head: 00fff00000000002 ffffea0001791201 ffffffffffffffff 0000000000000000 [ 76.593040][ T6025] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 76.601689][ T6025] page dumped because: kasan: bad access detected [ 76.608091][ T6025] page_owner tracks the page as allocated [ 76.613783][ T6025] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5846, tgid 5846 (syz-executor), ts 65139427570, free_ts 16933743974 [ 76.634532][ T6025] post_alloc_hook+0x1f3/0x230 [ 76.639308][ T6025] get_page_from_freelist+0x3725/0x3870 [ 76.644853][ T6025] __alloc_pages_noprof+0x292/0x710 [ 76.650044][ T6025] alloc_pages_mpol_noprof+0x3e8/0x680 [ 76.655487][ T6025] alloc_slab_page+0x6a/0x140 [ 76.660151][ T6025] allocate_slab+0x5a/0x2f0 [ 76.664642][ T6025] ___slab_alloc+0xcd1/0x14b0 [ 76.669338][ T6025] __slab_alloc+0x58/0xa0 [ 76.673666][ T6025] kmem_cache_alloc_node_noprof+0x269/0x380 [ 76.679644][ T6025] kmalloc_reserve+0xa8/0x2a0 [ 76.684319][ T6025] __alloc_skb+0x1f3/0x440 [ 76.688837][ T6025] __ipv6_ifa_notify+0x2e9/0x1230 [ 76.693877][ T6025] inet6_addr_add+0x75e/0xb00 [ 76.698539][ T6025] inet6_rtm_newaddr+0x8a3/0xc90 [ 76.703463][ T6025] rtnetlink_rcv_msg+0x73f/0xcf0 [ 76.708383][ T6025] netlink_rcv_skb+0x1e3/0x430 [ 76.713131][ T6025] page last free pid 1 tgid 1 stack trace: [ 76.718922][ T6025] free_unref_page+0xcfb/0xf20 [ 76.723686][ T6025] free_contig_range+0x152/0x550 [ 76.728614][ T6025] destroy_args+0x92/0x910 [ 76.733103][ T6025] debug_vm_pgtable+0x4be/0x550 [ 76.737944][ T6025] do_one_initcall+0x248/0x880 [ 76.742701][ T6025] do_initcall_level+0x157/0x210 [ 76.747630][ T6025] do_initcalls+0x3f/0x80 [ 76.751941][ T6025] kernel_init_freeable+0x435/0x5d0 [ 76.757124][ T6025] kernel_init+0x1d/0x2b0 [ 76.761443][ T6025] ret_from_fork+0x4b/0x80 [ 76.765849][ T6025] ret_from_fork_asm+0x1a/0x30 [ 76.770599][ T6025] [ 76.772912][ T6025] Memory state around the buggy address: [ 76.778520][ T6025] ffff88805e44ab80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.786564][ T6025] ffff88805e44ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.794706][ T6025] >ffff88805e44ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.802759][ T6025] ^ [ 76.806907][ T6025] ffff88805e44ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.814960][ T6025] ffff88805e44ad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.823008][ T6025] ================================================================== [ 76.837208][ T6025] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.844453][ T6025] CPU: 1 UID: 0 PID: 6025 Comm: syz.2.27 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 76.854445][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 76.864515][ T6025] Call Trace: [ 76.867788][ T6025] [ 76.870714][ T6025] dump_stack_lvl+0x241/0x360 [ 76.875391][ T6025] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.880577][ T6025] ? __pfx__printk+0x10/0x10 [ 76.885163][ T6025] ? lock_release+0xbf/0xa30 [ 76.889746][ T6025] ? vscnprintf+0x5d/0x90 [ 76.894066][ T6025] panic+0x349/0x880 [ 76.897956][ T6025] ? check_panic_on_warn+0x21/0xb0 [ 76.903058][ T6025] ? __pfx_panic+0x10/0x10 [ 76.907476][ T6025] ? mark_lock+0x9a/0x360 [ 76.911814][ T6025] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 76.917702][ T6025] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 76.923587][ T6025] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.929908][ T6025] ? print_report+0x502/0x550 [ 76.934586][ T6025] check_panic_on_warn+0x86/0xb0 [ 76.939547][ T6025] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 76.945118][ T6025] end_report+0x77/0x160 [ 76.949385][ T6025] kasan_report+0x154/0x180 [ 76.953897][ T6025] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 76.959444][ T6025] kasan_check_range+0x282/0x290 [ 76.964378][ T6025] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 76.969923][ T6025] __asan_memcpy+0x40/0x70 [ 76.974342][ T6025] skb_copy_and_csum_bits+0x433/0x9c0 [ 76.979728][ T6025] __ip_append_data+0x2fc1/0x40f0 [ 76.984759][ T6025] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 76.990303][ T6025] ? __pfx___ip_append_data+0x10/0x10 [ 76.995672][ T6025] ? lockdep_hardirqs_on+0x99/0x150 [ 77.000872][ T6025] ip_append_data+0x14c/0x190 [ 77.005543][ T6025] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 77.011086][ T6025] udp_sendmsg+0x3e2/0x2a50 [ 77.015589][ T6025] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 77.022528][ T6025] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 77.028067][ T6025] ? __pfx_lock_acquire+0x10/0x10 [ 77.033081][ T6025] ? __pfx_udp_sendmsg+0x10/0x10 [ 77.038019][ T6025] ? unwind_next_frame+0x18e6/0x22d0 [ 77.043308][ T6025] ? __pfx_aa_sk_perm+0x10/0x10 [ 77.048158][ T6025] ? unwind_get_return_address+0x4d/0x90 [ 77.053783][ T6025] ? sock_rps_record_flow+0x1a/0x400 [ 77.059068][ T6025] ? inet_sendmsg+0x2ba/0x390 [ 77.063742][ T6025] __sock_sendmsg+0x1a6/0x270 [ 77.068417][ T6025] sock_sendmsg+0x134/0x200 [ 77.072918][ T6025] ? __pfx_sock_sendmsg+0x10/0x10 [ 77.077933][ T6025] ? stack_depot_save_flags+0x29/0x830 [ 77.083414][ T6025] ? copy_splice_read+0xa07/0xb60 [ 77.088438][ T6025] ? splice_direct_to_actor+0x4af/0xc80 [ 77.093978][ T6025] ? do_splice_direct+0x289/0x3e0 [ 77.098991][ T6025] ? do_sendfile+0x561/0xe10 [ 77.103575][ T6025] ? do_syscall_64+0xf3/0x230 [ 77.108243][ T6025] ? iov_iter_bvec+0x4e/0x180 [ 77.112918][ T6025] splice_to_socket+0xa10/0x10b0 [ 77.117862][ T6025] ? __pfx_splice_to_socket+0x10/0x10 [ 77.123245][ T6025] ? file_start_write+0x5e/0x250 [ 77.128171][ T6025] ? file_start_write+0x10c/0x250 [ 77.133185][ T6025] ? __pfx_splice_to_socket+0x10/0x10 [ 77.138554][ T6025] direct_splice_actor+0x11b/0x220 [ 77.143659][ T6025] splice_direct_to_actor+0x586/0xc80 [ 77.149031][ T6025] ? __pfx_direct_splice_actor+0x10/0x10 [ 77.154661][ T6025] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 77.160555][ T6025] ? rcu_read_unlock_special+0x497/0x570 [ 77.166189][ T6025] ? __fget_files+0x2a/0x410 [ 77.170774][ T6025] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.176753][ T6025] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 77.182743][ T6025] do_splice_direct+0x289/0x3e0 [ 77.187589][ T6025] ? __pfx_do_splice_direct+0x10/0x10 [ 77.192962][ T6025] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 77.198854][ T6025] ? bpf_lsm_file_permission+0x9/0x10 [ 77.204220][ T6025] ? security_file_permission+0x74/0x280 [ 77.209959][ T6025] ? rw_verify_area+0x1c3/0x6f0 [ 77.214823][ T6025] do_sendfile+0x561/0xe10 [ 77.219239][ T6025] ? __pfx_do_sendfile+0x10/0x10 [ 77.224171][ T6025] __se_sys_sendfile64+0x17c/0x1e0 [ 77.229278][ T6025] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 77.234902][ T6025] ? do_syscall_64+0x100/0x230 [ 77.239659][ T6025] ? do_syscall_64+0xb6/0x230 [ 77.244326][ T6025] do_syscall_64+0xf3/0x230 [ 77.248826][ T6025] ? clear_bhb_loop+0x35/0x90 [ 77.253500][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.259396][ T6025] RIP: 0033:0x7fa74ff7e719 [ 77.263809][ T6025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.283407][ T6025] RSP: 002b:00007fa750cfa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 77.291818][ T6025] RAX: ffffffffffffffda RBX: 00007fa750136130 RCX: 00007fa74ff7e719 [ 77.299784][ T6025] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009 [ 77.307747][ T6025] RBP: 00007fa74fff132e R08: 0000000000000000 R09: 0000000000000000 [ 77.315725][ T6025] R10: 0000020000023893 R11: 0000000000000246 R12: 0000000000000000 [ 77.323700][ T6025] R13: 0000000000000000 R14: 00007fa750136130 R15: 00007ffccb635498 [ 77.331684][ T6025] [ 77.334938][ T6025] Kernel Offset: disabled [ 77.339262][ T6025] Rebooting in 86400 seconds..