last executing test programs: 5.873640938s ago: executing program 3 (id=76): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x13, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0xb}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x700}, {0x85, 0x0, 0x0, 0x86}}, {}, [@jmp={0x5, 0x1, 0xb, 0xa, 0x0, 0x6}, @jmp={0x5, 0x0, 0xd, 0x0, 0x0, 0xfffffffffffffff4, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x1, 0x1000, &(0x7f0000000cc0)=""/4096, 0x41100, 0x2}, 0x94) 4.706673418s ago: executing program 3 (id=85): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x1, 0xfffffffc, 0x8}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r7) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) 3.361918716s ago: executing program 3 (id=90): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, 0x0, 0x8004) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r3, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) write$nci(0xffffffffffffffff, 0x0, 0x4) 1.645221799s ago: executing program 1 (id=97): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3000046, &(0x7f0000000bc0)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@errors_remount}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@nombcache}, {@errors_remount}]}, 0x11, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000400}, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000000380)={0x3fffffffbfb, 0x5, 0x5, 0x7f}) 1.64403111s ago: executing program 3 (id=100): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r3, 0x0, 0x10000001}, 0x18) syz_open_dev$tty20(0xc, 0x4, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003280)=ANY=[@ANYBLOB="140000001000010000000000000000030000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a3200000000240b0000060a010400000000000000000100000008000b4000000000fc0a048028000180080001006c6f67001c0002800e00024073797a6b616c6c65720000000800054000000008d00a01800e000100696d6d656469617465000000bc0a0280640002804c0002800900020073797a3200000000090002f272797a310000000008000180fffffffc0900020073797a31000000000800034000009c920900020073797a300000000008000180ffffffff14000280080003400000000808000180fffffffb0800014000000002080001400000000b500002804b000100fa62d7ba9ceeacf9aa4f832b78f35731f355d63e192a72aef5e68a05d1b806151b6bd1e2d74abafd383790ad363fdc1b7766748630b48f9beefdb33c86d5835a470b5ffd20d7e9006c0102805c00028008000180fffffffe0900020073797a30000000000900020073797a320000000008000180ffffffff0900020073797a320000000008000180fffffffd0900020073797a310000000008000180fffffffc0800034000000e5628000280080003400000000608000340000000070900020073797a320000000008000180fffffffe540002800900020073797a320000000008000180fffffffe0800034000000000080003400000000008000340000000090900020073797a310000000008000180fffffffe08000340fffffffd8e000100818ce881ff18470752e86442e8b77ddcfc7a4c87f05cd36147be26c85cc854cc117db1906007a5a8c298f4724c8c743d46ec7f3ba478d9dfb10bbe9e4fdfc2188d62db9bb1364fed383fe0b0c3fbbab83959470cb0ffb14765c32f10b54d99531d04caaf264214997543a1c63637d9a3a20b7ce9312e545626eb375c88462c198f35cf8a11616de4fa0c000098020280eb00010099c8e680eb4d0e7f78e1fb62226ae541d997c8cb51c5ebd0bb7e2730b61310dcd7525807288a7ad8c00f6aa230a1d1b876ddb0e188384e7c79cd8af94a02451a04d8f116bde38077da45650d82bdd1767b03e3f35bc4a5769e659d8cdb6d9d9d717c78b50f6b3ac899b07a9eaf2c989654de7d6609299bad01ca1f3fa8b6229a6c69627a07f627880e902231b20368f3ae64fd12fc37afeb95f14a4dc3d0bc5f6e2afd0fc8ef6982054cffa703ee1376654019ad6d2add9052c5d2f2e0ba3318f931b2c5f2dcce5cbca6093c64d23b64e2f2061da3dd5983644280de22d592b63b5d7f6b571beb005400010041bbc64da6bacaad1bebec23352accccbca40d6ba87943f82df945bf4ccc5250a0c2b2cb13793380f424b280bfb960885af6df4afa26efa8fcd7a1243389ef3fcf1d709f775a9cd1dfb2b84fd03e5d70f800010001950b7c0ec30534e476b721ba6e82d03078fe63b683918ecbbb9c339c8cdd63689339ac43acd5973f4aac8720a98d18e13b98e11e291f3f3621ed29c717639f84bdd28810da6ae30538775f15e00133741e9de3f96f69ab363752fa962b3c71041ba1e463a91d782a968d9febb667b66e71a6827c53b3be014b785f61c4fd46fef00658f64cdd465edb61ba4c5f00849b2935c485da99a38489ecc29837433ac5446c3922d73153fd8fb2368a5ce4201760ca6778f570b7fcb38be633a02d57c5884b6bcbaf3bc28ca7686edb5d59e1b823a8f0f5ff788625995d51c16413783c6290a9714bd4dcbd2a388139f3e46f69916f335c0002800900020073797a3000000000080003400000000908000180000000000900020073797a3000000000080003400000000808000180fffffffd08aced400000000408000340fffffff908000180fffffffb0800034000bd535e04d0f9c655000003a80002801c000280080003400000020008000340fffffff508000340000000001400028008000340000000050800034000000007720001001c2cce526d2ee30fb33f426450278cb35ac06b1cef15fefc26b5c17a8c9251bed316fccb5588f2e071fc355537fcf458cf14217f16ce4c12a4b559f3e807c94c6cc4f418baebc6024b74b9dbc5ef66dbbe91812ea247db80670c101ed494f105ad9c09b4eaf8d5c133b46a311c1a00001c0302802000028008000180fffffffc0900020073797a320000000008000340000000035c00028008000180fffffffc08000180fffffffc08000180fffffffb0900020073797a300000000008000340000000060900020073797a30000000000900020073797a31000000000900020073797a310000000008000180fffffffbf6000100330e5af714359ac9da33381a13071148dbe4293800e6be0290efbb549850cda132ca27a55553fd77c3067504c4596086f4001f53d49e8111395ebccb983c6b04735a58ab2617dfc62123b09c8dc5a47154667414dc28e8369829764b2e3cc23303a882890bad6d3a70d9e15701ec8c4c15a46d38c9ed6bc8658f8a45a02083f563324a27c649bab7cbcb485c289bd8df0a040128df6891ab48095977e0463f8e3ed7ba6df976ee30768954dfeb3f08c942b2c9384aa0b78baf92ecf5e4d73788afb1bc5a8f7c4b454897cd8bcac7f19cdd949fac66756da3b9311e13362eee317df853f6bc7e4638eb145a1484d3780e09b50000c8000100d5c1e4159bf770e02e6e1ebe911d7513709588175328d2e11f2ebf3f6967c49bedcb2a5459a45272bb8084e3bb55ea7a80166d97ec16457ed7d2a834d9aafdb2a54110ddc7975eaeda4f897ec7d533c27df0ce5ff92cfedadc67fff850ee5d07822d72b27af229d17ad2f8d802ae40d98f373e348a04b4f0270c71f82319de3a0331f165204896e0e448cf7ea0f8eb32a312fda6716f72f0234742fe6708ad0adf587ea21d94b8c8f5080028dda1e21d3d9ac82d8edd12941631b72b692ecc262d6ae12393000100c56deda494a09379df59bad8f0f17376b307ce49571034af728b1c4bf694e3b91406b976944238ab36ccaf44e3d92952ba87aa27af6353a82868c9508577a1b6a349fce75b3e4952b04b9527f496b5555e6db110dec07430b01446635eff12f136dbcb54fd4dc90b02e1bc6488ed74efd9eeb1b6de6e2a234f6c323df5c28a0352d03b34ee4f64ab614078125aa3cc0048000280080003400000000c08000340000000010900020073797a310000000008000180fffffffd0800034000008000080003400000dc5b08000180fffffffc08000180fffffffb2c0202804b000100cece2d8ff50c68c1060c2e691ddc50c6d87b46b4e5f6695010163d98bac2d9d7693cff0ec1e2107f58d3c305c78e5a596df92f1dbe80793dce5424be9e7951890023db7d0b9b2700e5000100f46e4b21dd4b92221713eece21b0e3bfb3fe995725eca78713a8d11ac82a6aefeeeab4720bd136479523ccafa34771afedeafc62275842bb7adb37ff3c93b19d9d5139f8b67ee81e380faa9506e6c849f97545de99344338d340b1bf747ec7f9b12eb2f8c31049c1fc37e8f28812ea0aadd0caa7e32f6bb4b2b7a4473e5fa876c87bf285a503660ea12a0cfff6863a87c64ea83c31e737e278edcad77cb964828c7049d335e25156fd4d1c2faada6a8363794fe487155fbfd7c2e1b8504d4a744357734f51fca0426ffe929280df27411f8a90a067b285e970fa1e403722ae91dd000000f400010073e22ba6603d1c92836887468b100c2dc430efeb2ef19c66bd0582fe94df7b5a20292fdfbd2009980dbf9651685f7713bfb0f42583e452670f29e2cabf848fcdcb7a2067f0b257efd7dc927e540584b08f026e14be231afa797e36410d8ad6cbced8c5d2cce2f5a8b75713e57b3161b5b4ce78d483bf59a04f90bc1c5a4371abed0124c621ecb51b6166ad39f14216c09456232b7ea8dd7058bbbeae8b1c13df7ffa1515a359309683421d783f4fb00547cb06b3f974e65f28397c2c16675436a414b6e28d61800c35bdc05f9837e14491ce0fa7c0fbf6f61dd8f7eceac62373ed913de212a188ad5fa12d0eab8a0b440900010073797a30"], 0xb98}, 0x1, 0x0, 0x0, 0x4000085}, 0x40800) 1.449965118s ago: executing program 1 (id=101): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x55c, &(0x7f00000006c0)="$eJzs3c1vG2kZAPBnJh92u91mC3uAFdCCFgqqajfubrXay7YXEFqthFhxQBy6IXGjqHZdamfZhEpk/4ZFAokT/AkckDgg7YkDN45IHBDSckAqEIEaJJCMZux8NHGIiR17E/9+0mQ+Xs88z9tkPK/fcecNYGJdiYiNiJiNiHciYq67PelOcbszZa97uvl4cWvz8WIS7fbbf0vy8mxbvkNh95jPdY9ZjIhvfi3iu8nBuM219fsLtVr1UXe93Ko/LDfX1q+v1BeWq8vVB5XKrflbN167+WplaHW9XP/Fk6+uvPmtX//qsx/9buMrP8jSutAt26nHkHWqPrMTJzMdEW+eRLAxmOrOZ8ecB8eTRsQnIuIL+fk/F1P5XycAcJa123PRntu7DgCcdWneB5akpYhI024joNTpw3sxzqe1RrN17V5j9cFSp6/shZhJ763UqjcuFf7wvfzFM0m2Pp+X5eX5emXf+s2IuBQRPyqcy9dLi43a0niaPAAw8Z7be/2PiH8W0rRU6mvXHnf1AIBTo3jsPX1ZAABOq+Nf/wGA02rf9f/cuPIAAEanj8//3Zv9GyeeCwAwGv9f///FE8sDABgd9/8BYPK4/gPARPnGW29lU3ur+/zrpXfXVu833r2+VG3eL9VXF0uLjUcPS8uNxnL+zJ76UcerNRoP51+J1ffKrWqzVW6urd+tN1YftO7mz/W+W50ZSa0AgP/l0uUPf59ExMbr5/Ip9ozl4FoNZ1s67gSAsZkaZGcNBDjVPMALJldfl/C8kfDbE88FGI+eD/Mu9lx81k86sw/6CeJ7RvCxcvXT/ff/G+MZzhb9/zC5jtf//8bQ8wBGT/8/TK52O9k/5v/sThEAcCYN8BW+9g+H1QgBxuqowbyPuv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk+jC7exnkpbyscDT7GdaKkU8HxEvxExyb6VWvRERF+NyRMwUsvX5cScNAAwo/UvSHf/r6tzLF/aXzib/KuTziPj+T9/+8XsLrdaj+Wz733e2F7aHD6vs7jfAuIIAwJDl1+9Kd77ng/zTzceL29Mo83lyJ/7THYp4cWvzcT51SqYj2xhRzNsS5/+RxHR3n2JEvBQRU0OIv/F+RHyqV/2TuJD3gXRGPt0bP7qxnx9p/PSZ+Gle1plnja9PDiEXmDQf3omI273OvzSu5PPe538xf4ca3JM7nYNtv/dt7Yk/3Y001SN+ds5f6TfGK7/5+oGN7blO2fsRL033ip/sxE8Oif9yn/H/+JnPffDGIWXtn0Vcjd7x98Yqt+oPy8219esr9YXl6nL1QaVya/7Wjdduvlop533U5e2e6oP++vq1i4flltX//CHxiz3rP7uz7xf7rP/P//3Odz6/u1rYH//L21v2/f5f7Bm/I7smfqnP+Avnf3no8N1Z/KVD6n/U7/9an/E/+vP6Up8vBQBGoLm2fn+hVqs+Gmgh+xQ6jOMcWMhS7O/F283FwYL+KU6iFsdcmDmpf9VjLxT7zGd6p6043DS+nR2xR1Ha5x/JcRbSoddioIWno4o1vvckYDR2T/pxZwIAAAAAAAAAAAAAABxmFP91adx1BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oz6bwAAAP//yxbH0Q==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0xf3a, 0x0) r2 = memfd_create(&(0x7f00000003c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,U\xb1]*\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3S\xef}\xfd\x12\xbc:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec=\x9e\xc3\xfd\x85d\x0fl5\xf3\xbe\" 6\r<\xea\x8dz\xcf6\x99\x91\xear8p\xaaR\xd5\xa6\xab#N>\x9a\xdf\xea\x009\xfbB\xc1\xd0_\xc0\'Z\xeb\xd8\xaf\xf0\'J\xe2\xff\xe5x*;(p\xf7p\xce\xbb\xa7\xfe\x04\xd0t\x81\x1a\x1b?m/\x1ex\xf8\x88^\xbaU\xb9\xa6\xab\x8d\a\xa6\"\xd9\x13\xeb\xe2\rh\x8dsx\xaa!\xd5Q\xf8\xce*\x95\x0es\xfaZ\x94t\x19\xdc\xdc\xcf\x0f\x9a\xa2O>\xb9\xfc\x01\fW\xee\xffh\xbd\xb2\xb4z\xeb\x84\x13\x13u\x8f\xe2\\Z\xef\xa3\xe1c\xc5\xe6', 0x0) write$bt_hci(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="01"], 0x2b) execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r3, 0x6628) 1.288657534s ago: executing program 2 (id=103): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x100, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="000086dd0003110004000000a60c6eec00be004411"], 0xfdef) 1.286656915s ago: executing program 3 (id=105): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x1, 0x1, r1}}, 0x40) timer_delete(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) r3 = socket(0xa, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="39e8dcfa461ac09e8a722e34d7e484893ffa560200133b1b00003f210000001770faf047145bc79e0b9971bcbedac0eeaf3300000000000000000000cab0312cf6b68ced50ac2b5546216e3ce964359fa4ea01a34f038f38", 0x58}], 0x1) r4 = syz_open_dev$sg(&(0x7f0000001bc0), 0x208, 0x2c41) setreuid(0x0, 0xee00) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r4]) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}, 0x1ff}, 0x1c) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x401, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINK={0x8}]}, 0x28}}, 0x40800) 1.131830891s ago: executing program 1 (id=106): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000380)={0x5, 0x88}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0xffffffffffffff22}, 0x2e) 976.539988ms ago: executing program 3 (id=108): r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, 0x0, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, 0x0, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r3, 0x0, 0x1034}, 0x18) socket$netlink(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[], 0x0) 976.136118ms ago: executing program 1 (id=109): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080)) 898.166821ms ago: executing program 0 (id=110): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000040e000a000f00000002800000121f", 0x2e}], 0x1}, 0x4008084) 807.200305ms ago: executing program 2 (id=111): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x34, 0x2c, 0xd27, 0xfffffffc, 0xfbff, {0x0, 0x0, 0x0, r5, {0xc, 0xfff1}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}}, 0x20040054) 744.497348ms ago: executing program 1 (id=112): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000240)='{/}\\') syz_mount_image$iso9660(&(0x7f0000000cc0), &(0x7f0000000180)='./file3\x00', 0x1004081, &(0x7f0000000500)=ANY=[@ANYRES16=0x0, @ANYRES32], 0x10, 0x7f4, &(0x7f0000000d80)="$eJzs3U9oHOfZAPBnFMl2FD5/Id9HPmMcZ2znA5s6ymqVKBU5pJvVSJ5ktSt2V8WmlMTEcjCWk5AQ0pjS1JekLS2lpx7TXEMuubUUWuih7anQHHrpoRDIpSUtLZSWUnDZ2V1r9Wcl/5HlNP39RPadfeeZd953drLPznpnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACASKqzpdJkErW8vnQ6Ha4622wsbDG/395P1xRbrDci6fwX+/bFgW7Vgf9dnX1/5+FoHOo+OxT7OsW+uHzP/fc+8T+jI/3lt+jQzToyfNbY4JMk4uudTl08u7Ky/Mpt6Mgu+taPexP7rnuRv1/tPM5n9bzVyBcq81matxrpzPR06ZFTc610Lq9lrTOtdraQVptZpd1opserJ9LJmZmpNJs401iqz89Walm/8vGHy6XSdPr0xGJWabYa9UeenmhVT+W1Wl6fL2LKpdejE/N4Z0d8Jm+n7ayykKbnL6wsT23X1U7Q5JqavWt2nEMP3fvxax/95cJyZ4cc1kjS2zHLk5Pl8uT0YzOPPV4qjZZL5bUVpXXiWkSMRHQibstOy511zyZ1o709ZsOMiKv/vTNv3nCLRnr5P2qRRz2W4nSkkcZI8bj6NxbVmI1mNGKh8/w3Y+vmb8j////IH3+11XoH838/yx9YnX0wivx/uPvs8LD8v6EXO/A3OqzV+vvd3gzWvRpvxOW4GGdjJVZiOV65mTXuWd/qbfwb2dn25iOLeuTRikbksRCVoibt1aQxE9MxHaV4Nk7FXLQijbnIoxZZtOJMtKIdWbFHVaMZWVSiHY1oRhrHoxonIo3JmImZmIo0spiIM9GIpajHfMxGpWjlfFwotvvUun7d/7XnfvTCrz9+pzN9LWhyi4EknQ9znaA/bxG0Id3fQP7vRIz09u5dyUnskn03+Kru0Ds33LqrRf4fvdPdAAAAAG6jpPj2PYmIsXigmJrLa9mX7nS3AAAAgB1U/K75UKcY60w9EEnn+L+0SeSHu943AAAAYGckxTl2SUSMx4Pdqf7pUpt9CQAAAAD8Gyr+/f9wpxiPeLOocPwPAAAAnzHfGHaN/Y/29K6x21rcm/zkT9FsjiVXFk8/lFyqdOIql+7qLtcrvnitxfbcwWR/r5GimB69fE8SEaPV7FDSv/rlP/d2y0+Kx4OrFyAcdq3/ZJsOxNYdKJ7Ft+NIN+bIuW55rj+nu5bxubyWTVQbtScmk96XI+3XXrzwlSiG/836wv4kzl9YWZ54/qWVc0VfrnRauXKpd3n4pL9URPeEii36crW3BeKBzUc8VpyI0VvveHe9pcHx964mO7L1+JPBdb4VR7sxR8e75fja8e/rrHNy4onJqFT2j7Sz0+3Xrg6MvteLydWR7+2PNrmBV+GtONaNOXb8WLfYpBflNb14cWMvyoPb//q2xXX34p0jb57+688bSTa1XS+mbrEXAHfK+eKqP6tZ6O4iC/3jalcnoa3Lu3f3l7yRd7nzq58y+ssP5LrR2JDd05vJ7m/F8W7M8e7nidGDm+SV0ibv6C9fePkXvXf0R9/7/g++fPiXH6zL6zfQi/fiRDemV8R9PxuSYztj/s66rPpuZ4l3h663VSsnr++dGku6Nx+Kyw9fuHT2heUXll8sl6emS4+WSo+VY6z4qNArhvRU5gH4z7bdPXY++Oq10GF34Uke3eao+r5rPymYiOfjpViJc3GyONsgIh7cvNXxgZ8hnNzmqHV84A4vJ7c5tlyNLa+P3XssiSGxUwNb7P++VxR/u00vCADsgqPb5OEk7u3Of/2/ekusi7grSU5uc9y9Npef6N44t390HMNz+aDf98rP3/YtAgCffVnzk2S8/XbSbOaLz07OzExW2qeytNmoPpM289n5LM3r7axZPVWpz2fpYrPRblT7Xx3PZq20tbS42Gi207lGM11stPLTxZ3f096t31vZQqXezqutxVpWaWVptVFvV6rtdDZvVdPFpadqeetU1iwWbi1m1Xwur1baeaOethpLzWo2kaatLBsIzGezejufy7OxNK+ni818odK8EhG1pYUsnc1a1Wa+2G50G+yvK6/PNZoLRbMTG4f/h93e3gDwafDqG5cvnl1ZWX7l5iZ+ez3Bd3qMAMBasjQAAAAAAAAAAAAAAHz6bTxdr1N7QycCjsVNnz746t64lbMPP3sTn3u/+7LsRIO30s7da17TPb2d5c5vnxueeO7JJy+u1iSjg5v3qTcPnPpdFv3RbdHO5v+nbHaq69v7I/b88Lvdmi8MCU5Gd3ikH0bETSx+NdkiZvffiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgO/8KAAD//wifUTs=") r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a30000000001400078005001500f0ffffff080012400000000011000300686173683a69702c6d61726b000000000500050002000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="28000000030601020000000000000000010000050500010007"], 0x28}, 0x1, 0x0, 0x0, 0xc011}, 0x20004000) 719.149419ms ago: executing program 0 (id=113): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r2, 0x0, 0x10000001}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) 601.659904ms ago: executing program 2 (id=114): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0x3}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x3c}}, 0x4000) 544.172697ms ago: executing program 0 (id=115): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gretap0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x20, r3, 0x205, 0x0, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}]}, 0x20}}, 0x0) 503.048208ms ago: executing program 1 (id=116): socket(0x2, 0x80805, 0x0) r0 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x20, r0, 0x1, 0x0, 0xfffffffc, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8081}, 0x8) r2 = socket(0x10, 0x803, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000007c0)="d8000000180081054e81f782db4cb90402200800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370301a8001600a40002400f000100035c0461c1d67f6f94007134cf6edb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090014d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00350db798262f3d40fad95667e006dcdf63951f215c3f8b6ad2cba0e2375ee535e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x20010000) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000a00)=""/178, 0xb2}], 0x1}, 0x2}], 0x1, 0x40000022, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4089, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f0000000540)=""/158, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800001965ba917c62e1e6902300000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 466.25494ms ago: executing program 2 (id=117): syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x22acc00, &(0x7f0000000880)=ANY=[], 0x0, 0x207, &(0x7f0000000500)="$eJzs3b9uUmEUAPBDS/ljHLqZmJhc46BToz5BjamJkcSkhkG3JnYqEyzA0j6Gr+B7+QCmE4v5DF5uQUoRiRe0/n5LTznfufc73HBh4ZAi9+Xep2g0KrFzGIcxqsR+7EThIgCA22SUUnxNud+vrpaxJQCgZCu8/3/b8JYAgJK9e//hzYtW6+g4yxoRlxf9dr+d/83zr163jp5mP+xPqy77/fbuVf5ZNv/ZYZzfizuT/PO8PrtK1yKiXYsnj/L8OPfybSv7ub4eH0vuHQAAAAAAAAAAAAAAAAAAAAAAtuVBZIWF830ODubzzUk+/29mPtDc/J5q3C/GA0/HA6XzTTQFAAAAAAAAAAAAAAAAAAAA/5jeYHh20umcdqdBPSJmH6kuWHNzUJkceKXF2w92Yr3y5qTNNU5amTxF5TbYXHxxVwmi+rdcnXWD7E8dsF5c5uupZlSWlKc0Dha/CoqxGDeW1yJi+cYeH6/b1yil1Pn8sNsbRFq6eHqPqG/sbgQAAAAAAAAAAAAAAAAAAP+3mW99X9PY3caOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDzeoNh8Sv/w7OTTue02xusHJxHxN345eLiXHvR2F6jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3GrfAwAA//8nTRyq") r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0xd) syz_open_dev$usbfs(&(0x7f0000003f00), 0x201, 0xa401) connect$inet(r0, &(0x7f0000000280)={0x2, 0x4, @multicast1}, 0x10) sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x7e1f, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x300}}], 0x3, 0x0) 388.551313ms ago: executing program 0 (id=118): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0xfffe, @dev}, 0x2}}, 0x2e) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) close(r4) 251.610739ms ago: executing program 0 (id=119): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x1000, 0x1}, 0x8}, 0x94) 185.259572ms ago: executing program 2 (id=120): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) 56.554567ms ago: executing program 0 (id=121): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f0000000540)='./file1\x00', &(0x7f0000000180), &(0x7f0000000500)=ANY=[], 0x361, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x7, 0x8, 0x22, 0x0, 0xffffffffffffffff, 0x8}, 0x50) syz_usb_connect(0x2, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090561eb1000000001"], 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000000)=ANY=[], 0xfe37, 0x0) 0s ago: executing program 2 (id=122): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x52}]}, &(0x7f0000000440)=0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.80' (ED25519) to the list of known hosts. [ 80.621176][ T5777] cgroup: Unknown subsys name 'net' [ 80.815862][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.679592][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.977796][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.992011][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.000177][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.008665][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.016857][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.024282][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.073917][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.084274][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.092258][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.104431][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.112415][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.119912][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.152065][ T5791] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.162009][ T5791] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.207123][ T5791] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.208247][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.237162][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.245367][ T5791] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.245367][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.262893][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.270964][ T5791] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.272517][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.281696][ T5791] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.297020][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.577190][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 85.710869][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 85.842005][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.852376][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.861136][ T5788] bridge_slave_0: entered allmulticast mode [ 85.869771][ T5788] bridge_slave_0: entered promiscuous mode [ 85.879950][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.887560][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.895337][ T5788] bridge_slave_1: entered allmulticast mode [ 85.902903][ T5788] bridge_slave_1: entered promiscuous mode [ 86.002798][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.027787][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 86.039907][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.047282][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.054475][ T5792] bridge_slave_0: entered allmulticast mode [ 86.061663][ T5792] bridge_slave_0: entered promiscuous mode [ 86.071538][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.129393][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.136601][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.144244][ T5792] bridge_slave_1: entered allmulticast mode [ 86.151803][ T5792] bridge_slave_1: entered promiscuous mode [ 86.208862][ T5788] team0: Port device team_slave_0 added [ 86.217875][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.238421][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.250265][ T5788] team0: Port device team_slave_1 added [ 86.256287][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 86.350148][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.358791][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.385072][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.405699][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.412980][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.439571][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.451046][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.458615][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.465802][ T5796] bridge_slave_0: entered allmulticast mode [ 86.473006][ T5796] bridge_slave_0: entered promiscuous mode [ 86.485031][ T5792] team0: Port device team_slave_0 added [ 86.508990][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.516283][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.523742][ T5796] bridge_slave_1: entered allmulticast mode [ 86.531408][ T5796] bridge_slave_1: entered promiscuous mode [ 86.553596][ T5792] team0: Port device team_slave_1 added [ 86.648264][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.660634][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.682859][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.690388][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.716646][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.729727][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.736773][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.762856][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.779152][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.786369][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.793925][ T5797] bridge_slave_0: entered allmulticast mode [ 86.801423][ T5797] bridge_slave_0: entered promiscuous mode [ 86.849375][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.856632][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.864099][ T5797] bridge_slave_1: entered allmulticast mode [ 86.873576][ T5797] bridge_slave_1: entered promiscuous mode [ 86.883254][ T5796] team0: Port device team_slave_0 added [ 86.894675][ T5788] hsr_slave_0: entered promiscuous mode [ 86.901617][ T5788] hsr_slave_1: entered promiscuous mode [ 86.937887][ T5796] team0: Port device team_slave_1 added [ 87.017291][ T5792] hsr_slave_0: entered promiscuous mode [ 87.023819][ T5792] hsr_slave_1: entered promiscuous mode [ 87.030586][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.038513][ T5792] Cannot create hsr debugfs directory [ 87.046497][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.059547][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.077679][ T5791] Bluetooth: hci0: command tx timeout [ 87.115336][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.122668][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.148883][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.159727][ T5791] Bluetooth: hci1: command tx timeout [ 87.165321][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.172479][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.199169][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.248475][ T5797] team0: Port device team_slave_0 added [ 87.267862][ T5797] team0: Port device team_slave_1 added [ 87.327235][ T5104] Bluetooth: hci2: command tx timeout [ 87.333543][ T5791] Bluetooth: hci3: command tx timeout [ 87.371392][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.378784][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.406220][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.434869][ T5796] hsr_slave_0: entered promiscuous mode [ 87.441821][ T5796] hsr_slave_1: entered promiscuous mode [ 87.448484][ T5796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.456077][ T5796] Cannot create hsr debugfs directory [ 87.462543][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.469592][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.496146][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.661544][ T5797] hsr_slave_0: entered promiscuous mode [ 87.668340][ T5797] hsr_slave_1: entered promiscuous mode [ 87.674818][ T5797] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.683357][ T5797] Cannot create hsr debugfs directory [ 87.818449][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.836535][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.873232][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.883828][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.015855][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.032578][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.048227][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.073207][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.133261][ T5796] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.144758][ T5796] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.156340][ T5796] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.169815][ T5796] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.268505][ T5797] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.280752][ T5797] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.293494][ T5797] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.328367][ T5797] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.378134][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.438447][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.465089][ T1125] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.472495][ T1125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.485553][ T1125] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.492755][ T1125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.533269][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.634840][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.652400][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.659603][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.684966][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.721930][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.729539][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.778549][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.800676][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.848520][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.855693][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.871913][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.879104][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.973946][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.036609][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.043843][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.100243][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.107472][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.156956][ T5791] Bluetooth: hci0: command tx timeout [ 89.195277][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.237929][ T5791] Bluetooth: hci1: command tx timeout [ 89.295134][ T5788] veth0_vlan: entered promiscuous mode [ 89.312150][ T5788] veth1_vlan: entered promiscuous mode [ 89.398541][ T5791] Bluetooth: hci3: command tx timeout [ 89.404029][ T5791] Bluetooth: hci2: command tx timeout [ 89.414533][ T5788] veth0_macvtap: entered promiscuous mode [ 89.427783][ T5788] veth1_macvtap: entered promiscuous mode [ 89.451635][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.466138][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.484478][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.496266][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.505481][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.514625][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.609251][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.739522][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.785109][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.798719][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.857424][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.865323][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.890100][ T5792] veth0_vlan: entered promiscuous mode [ 89.917731][ T5796] veth0_vlan: entered promiscuous mode [ 89.957759][ T5796] veth1_vlan: entered promiscuous mode [ 89.985705][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.998556][ T5792] veth1_vlan: entered promiscuous mode [ 90.123741][ T5796] veth0_macvtap: entered promiscuous mode [ 90.150583][ T5797] veth0_vlan: entered promiscuous mode [ 90.171569][ T5797] veth1_vlan: entered promiscuous mode [ 90.243589][ T5796] veth1_macvtap: entered promiscuous mode [ 90.268729][ T5792] veth0_macvtap: entered promiscuous mode [ 90.323741][ T5797] veth0_macvtap: entered promiscuous mode [ 90.353018][ T5792] veth1_macvtap: entered promiscuous mode [ 90.372342][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.383906][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.396365][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.410934][ T5797] veth1_macvtap: entered promiscuous mode [ 90.428649][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.439537][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.565715][ T5876] syz.1.2[5876]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 90.607364][ T5876] loop1: detected capacity change from 0 to 128 [ 90.740238][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.840941][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.920380][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.972277][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.044182][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.112811][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.138779][ T5795] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 91.188800][ T5875] loop1: detected capacity change from 0 to 1024 [ 91.189233][ T5795] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 91.214006][ T5875] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 91.227829][ T5875] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 91.238555][ T5875] EXT4-fs (loop1): required journal recovery suppressed and not mounted read-only [ 91.252297][ T5791] Bluetooth: hci0: command tx timeout [ 91.275689][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.288459][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.298543][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.309224][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.319895][ T5791] Bluetooth: hci1: command tx timeout [ 91.329677][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.343210][ T5792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.352549][ T5792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.362214][ T5792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.403218][ T5792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.477151][ T5791] Bluetooth: hci2: command tx timeout [ 91.482636][ T5791] Bluetooth: hci3: command tx timeout [ 91.505887][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.514268][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.537540][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.557891][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.586866][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.605573][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.630069][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.640776][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.652829][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.680654][ T5796] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.690482][ T5796] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.703267][ T5796] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.714183][ T5796] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.750778][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.765029][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.780833][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.791895][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.807194][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.821417][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.834858][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.876350][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.901756][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.977975][ T5797] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.992790][ T5797] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.002463][ T5797] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.012332][ T5797] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.081267][ T5881] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5'. [ 92.098634][ T5881] loop1: detected capacity change from 0 to 512 [ 92.106630][ T5881] EXT4-fs: quotafile must be on filesystem root [ 92.408283][ T27] cfg80211: failed to load regulatory.db [ 92.464165][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.476927][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.730262][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.847595][ T5886] loop0: detected capacity change from 0 to 128 [ 92.922800][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.161366][ T5886] loop0: detected capacity change from 0 to 1024 [ 93.231038][ T5886] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 93.241627][ T5886] EXT4-fs (loop0): required journal recovery suppressed and not mounted read-only [ 93.318005][ T5791] Bluetooth: hci0: command tx timeout [ 93.467950][ T5791] Bluetooth: hci1: command tx timeout [ 93.557012][ T5791] Bluetooth: hci3: command tx timeout [ 93.557077][ T5104] Bluetooth: hci2: command tx timeout [ 93.758692][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.766560][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.912966][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.041575][ T5892] loop0: detected capacity change from 0 to 4096 [ 95.077504][ T5843] IPVS: starting estimator thread 0... [ 95.085726][ T5892] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 95.108622][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.223344][ T5896] loop1: detected capacity change from 0 to 128 [ 95.240240][ T5893] IPVS: using max 16 ests per chain, 38400 per kthread [ 95.863929][ T5795] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 95.912291][ T5895] loop1: detected capacity change from 0 to 1024 [ 96.002987][ T5895] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 96.024450][ T5895] EXT4-fs (loop1): required journal recovery suppressed and not mounted read-only [ 97.861498][ T5909] netlink: 32 bytes leftover after parsing attributes in process `syz.2.10'. [ 98.055169][ T5909] netlink: 44 bytes leftover after parsing attributes in process `syz.2.10'. [ 98.653924][ T5915] loop3: detected capacity change from 0 to 128 [ 98.872912][ T5921] fuse: Unknown parameter '0x0000000000000003' [ 98.987150][ T5789] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 99.151223][ T5910] loop3: detected capacity change from 0 to 1024 [ 99.184131][ T5910] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 99.196795][ T5910] EXT4-fs (loop3): required journal recovery suppressed and not mounted read-only [ 99.700630][ T5937] v: renamed from veth0_vlan (while UP) [ 99.777991][ T5940] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.252319][ T5958] "syz.0.26" (5958) uses obsolete ecb(arc4) skcipher [ 100.463816][ T5963] syz.0.30 uses obsolete (PF_INET,SOCK_PACKET) [ 100.692470][ T5975] netlink: 8 bytes leftover after parsing attributes in process `syz.1.32'. [ 100.714702][ T5975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.32'. [ 100.741783][ T5975] netlink: 8 bytes leftover after parsing attributes in process `syz.1.32'. [ 101.664455][ T6011] netlink: 'syz.1.40': attribute type 4 has an invalid length. [ 101.911506][ T6015] syzkaller1: entered promiscuous mode [ 101.919354][ T6015] syzkaller1: entered allmulticast mode [ 102.031426][ T6020] v: renamed from veth0_vlan (while UP) [ 102.590965][ T6034] syzkaller0: entered promiscuous mode [ 102.609693][ T6034] syzkaller0: entered allmulticast mode [ 103.153479][ T6055] tipc: Started in network mode [ 103.168835][ T6055] tipc: Node identity e28cb206c9a1, cluster identity 4711 [ 103.176325][ T6055] tipc: Enabled bearer , priority 0 [ 103.200569][ T6055] syzkaller0: entered promiscuous mode [ 103.206115][ T6055] syzkaller0: entered allmulticast mode [ 103.319391][ T6059] tipc: Resetting bearer [ 103.359878][ T6063] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 103.377104][ T6054] tipc: Resetting bearer [ 103.410215][ T6054] tipc: Disabling bearer [ 103.694694][ T6071] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.833296][ T6078] v: renamed from veth0_vlan (while UP) [ 104.411183][ T28] audit: type=1326 audit(1764686720.268:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.446622][ T28] audit: type=1326 audit(1764686720.268:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.476451][ T28] audit: type=1326 audit(1764686720.268:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.501458][ T28] audit: type=1326 audit(1764686720.268:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.533290][ T28] audit: type=1326 audit(1764686720.268:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.588368][ T28] audit: type=1326 audit(1764686720.268:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.612295][ T28] audit: type=1326 audit(1764686720.278:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.634801][ T28] audit: type=1326 audit(1764686720.448:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.665539][ T28] audit: type=1326 audit(1764686720.448:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 104.696458][ T28] audit: type=1326 audit(1764686720.448:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f869038f749 code=0x7ffc0000 [ 105.958864][ T6083] netlink: 76 bytes leftover after parsing attributes in process `syz.1.66'. [ 106.386653][ T6114] loop0: detected capacity change from 0 to 256 [ 106.755153][ T6120] loop0: detected capacity change from 0 to 256 [ 107.022821][ T6121] syz.1.80 (6121) used greatest stack depth: 17960 bytes left [ 107.211234][ T6126] loop0: detected capacity change from 0 to 512 [ 107.282236][ T6126] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 107.364301][ T6126] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=42c028, mo2=0002] [ 107.418210][ T6126] EXT4-fs (loop0): orphan cleanup on readonly fs [ 107.455071][ T6126] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.82: Allocating blocks 41-42 which overlap fs metadata [ 107.479512][ T6132] netlink: 76 bytes leftover after parsing attributes in process `syz.3.85'. [ 107.584511][ T6126] EXT4-fs (loop0): Remounting filesystem read-only [ 107.748524][ T6126] EXT4-fs (loop0): 1 truncate cleaned up [ 107.854342][ T6126] EXT4-fs (loop0): pa ffff888079760570: logic 1, phys. 41, len 23 [ 108.267888][ T6126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 108.292674][ T6132] syzkaller0: entered promiscuous mode [ 108.308760][ T6136] 0: reclassify loop, rule prio 0, protocol 800 [ 108.320664][ T6132] syzkaller0: entered allmulticast mode [ 108.327602][ T6126] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.379172][ T6171] loop2: detected capacity change from 0 to 128 [ 110.434406][ T6171] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 110.452044][ T6171] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.500621][ T6175] netlink: 2184 bytes leftover after parsing attributes in process `syz.3.100'. [ 110.511669][ T6175] netlink: 144 bytes leftover after parsing attributes in process `syz.3.100'. [ 110.620555][ T5796] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 110.652672][ T6177] process 'syz.1.101' launched '/dev/fd/7' with NULL argv: empty string added [ 110.843037][ T6181] program syz.3.105 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.991920][ T6190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.107'. [ 111.132699][ T6196] netlink: 'syz.0.110': attribute type 10 has an invalid length. [ 111.269242][ T6200] netlink: 12 bytes leftover after parsing attributes in process `{/}\'. [ 111.283119][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 111.283133][ T28] audit: type=1326 audit(1764686727.138:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6201 comm="syz.0.113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1113d8f749 code=0x7ffc0000 [ 111.387973][ T786] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 111.496247][ T6208] netlink: 'syz.1.116': attribute type 21 has an invalid length. [ 111.535993][ T6208] netlink: 'syz.1.116': attribute type 1 has an invalid length. [ 111.550688][ T6208] netlink: 144 bytes leftover after parsing attributes in process `syz.1.116'. [ 111.571013][ T6210] loop2: detected capacity change from 0 to 256 [ 111.577580][ T786] usb 4-1: device descriptor read/64, error -71 [ 111.662840][ T5877] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 111.853733][ T786] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 111.935260][ T6219] loop0: detected capacity change from 0 to 1024 [ 111.964019][ T6219] ======================================================= [ 111.964019][ T6219] WARNING: The mand mount option has been deprecated and [ 111.964019][ T6219] and is ignored by this kernel. Remove the mand [ 111.964019][ T6219] option from the mount to silence this warning. [ 111.964019][ T6219] ======================================================= [ 112.035023][ T786] usb 4-1: device descriptor read/64, error -71 [ 112.073188][ T6219] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.169727][ T786] usb usb4-port1: attempt power cycle [ 112.194562][ T6219] ================================================================== [ 112.202697][ T6219] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 112.210485][ T6219] Read of size 18446744073709551588 at addr ffff888030fe4840 by task syz.0.121/6219 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=-1 (errno 104: Connection reset by peer) [ 112.219888][ T6219] [ 112.222262][ T6219] CPU: 1 PID: 6219 Comm: syz.0.121 Not tainted syzkaller #0 [ 112.229580][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 112.239674][ T6219] Call Trace: [ 112.242985][ T6219] [ 112.246049][ T6219] dump_stack_lvl+0x16c/0x230 [ 112.250782][ T6219] ? read_lock_is_recursive+0x20/0x20 [ 112.256323][ T6219] ? show_regs_print_info+0x20/0x20 [ 112.261577][ T6219] ? load_image+0x3b0/0x3b0 [ 112.266123][ T6219] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 112.272075][ T6219] ? __virt_addr_valid+0x18c/0x540 [ 112.277228][ T6219] ? __virt_addr_valid+0x469/0x540 [ 112.282388][ T6219] print_report+0xac/0x220 [ 112.286848][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 112.292346][ T6219] kasan_report+0x117/0x150 [ 112.296900][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 112.302411][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 112.307919][ T6219] kasan_check_range+0x288/0x290 [ 112.312901][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 112.318403][ T6219] __asan_memmove+0x29/0x70 [ 112.322956][ T6219] ext4_xattr_set_entry+0x94b/0x1e90 [ 112.328309][ T6219] ext4_xattr_block_set+0xae3/0x32a0 [ 112.333643][ T6219] ? ext4_destroy_inode+0x200/0x200 [ 112.338892][ T6219] ? proc_nr_inodes+0x230/0x230 [ 112.343968][ T6219] ? do_raw_spin_unlock+0x121/0x230 [ 112.349216][ T6219] ? _raw_spin_unlock+0x28/0x40 [ 112.354106][ T6219] ? ext4_xattr_block_find+0x350/0x350 [ 112.359651][ T6219] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 112.365078][ T6219] ext4_xattr_set_handle+0x10a1/0x1290 [ 112.370559][ T6219] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 112.376560][ T6219] ? __ext4_journal_start_sb+0x259/0x570 [ 112.382214][ T6219] ext4_xattr_set+0x22d/0x320 [ 112.386914][ T6219] ? end_current_label_crit_section+0x170/0x170 [ 112.393267][ T6219] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 112.398829][ T6219] ? posix_xattr_acl+0x93/0xb0 [ 112.403612][ T6219] ? evm_protect_xattr+0x36d/0x7a0 [ 112.408757][ T6219] ? ext4_xattr_trusted_get+0x40/0x40 [ 112.414149][ T6219] __vfs_setxattr+0x431/0x470 [ 112.418938][ T6219] __vfs_setxattr_noperm+0x12d/0x5e0 [ 112.424266][ T6219] vfs_setxattr+0x16c/0x2f0 [ 112.428801][ T6219] ? xattr_permission+0x470/0x470 [ 112.433852][ T6219] ? __mnt_want_write+0x223/0x2a0 [ 112.438905][ T6219] ? path_setxattr+0x314/0x550 [ 112.443691][ T6219] path_setxattr+0x362/0x550 [ 112.448310][ T6219] ? simple_xattrs_free+0x150/0x150 [ 112.453545][ T6219] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 112.459665][ T6219] ? lock_chain_count+0x20/0x20 [ 112.464539][ T6219] __x64_sys_lsetxattr+0xb8/0xd0 [ 112.469509][ T6219] do_syscall_64+0x55/0xb0 [ 112.473950][ T6219] ? clear_bhb_loop+0x40/0x90 [ 112.478658][ T6219] ? clear_bhb_loop+0x40/0x90 [ 112.483359][ T6219] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 112.489279][ T6219] RIP: 0033:0x7f1113d8f749 [ 112.493719][ T6219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.513338][ T6219] RSP: 002b:00007f1114c46038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 112.521782][ T6219] RAX: ffffffffffffffda RBX: 00007f1113fe5fa0 RCX: 00007f1113d8f749 [ 112.529774][ T6219] RDX: 0000200000000500 RSI: 0000200000000180 RDI: 0000200000000540 [ 112.537766][ T6219] RBP: 00007f1113e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 112.545759][ T6219] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 112.553760][ T6219] R13: 00007f1113fe6038 R14: 00007f1113fe5fa0 R15: 00007ffd2ce0b0e8 [ 112.561754][ T6219] [ 112.564781][ T6219] [ 112.567128][ T6219] Allocated by task 6219: [ 112.571462][ T6219] kasan_set_track+0x4e/0x70 [ 112.576066][ T6219] __kasan_kmalloc+0x8f/0xa0 [ 112.580669][ T6219] __kmalloc_node_track_caller+0xb2/0x230 [ 112.586412][ T6219] kmemdup+0x2b/0x70 [ 112.590319][ T6219] ext4_xattr_block_set+0x9e5/0x32a0 [ 112.595616][ T6219] ext4_xattr_set_handle+0x10a1/0x1290 [ 112.601090][ T6219] ext4_xattr_set+0x22d/0x320 [ 112.605781][ T6219] __vfs_setxattr+0x431/0x470 [ 112.610472][ T6219] __vfs_setxattr_noperm+0x12d/0x5e0 [ 112.615766][ T6219] vfs_setxattr+0x16c/0x2f0 [ 112.620375][ T6219] path_setxattr+0x362/0x550 [ 112.624984][ T6219] __x64_sys_lsetxattr+0xb8/0xd0 [ 112.629935][ T6219] do_syscall_64+0x55/0xb0 [ 112.634388][ T6219] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 112.640290][ T6219] [ 112.642624][ T6219] Last potentially related work creation: [ 112.648341][ T6219] kasan_save_stack+0x3e/0x60 [ 112.653025][ T6219] __kasan_record_aux_stack+0xaf/0xc0 [ 112.658418][ T6219] kvfree_call_rcu+0xee/0x780 [ 112.663118][ T6219] neigh_remove_one+0x5f1/0x700 [ 112.667979][ T6219] ___neigh_create+0x467/0x2440 [ 112.672844][ T6219] ip6_finish_output2+0x159e/0x1650 [ 112.678057][ T6219] ndisc_send_skb+0xbed/0x14b0 [ 112.682851][ T6219] addrconf_dad_completed+0x79f/0xd40 [ 112.688239][ T6219] addrconf_dad_work+0xc4e/0x14e0 [ 112.693279][ T6219] process_scheduled_works+0xa45/0x15b0 [ 112.698837][ T6219] worker_thread+0xa55/0xfc0 [ 112.703464][ T6219] kthread+0x2fa/0x390 [ 112.707553][ T6219] ret_from_fork+0x48/0x80 [ 112.711994][ T6219] ret_from_fork_asm+0x11/0x20 [ 112.716785][ T6219] [ 112.719116][ T6219] The buggy address belongs to the object at ffff888030fe4800 [ 112.719116][ T6219] which belongs to the cache kmalloc-1k of size 1024 [ 112.733216][ T6219] The buggy address is located 64 bytes inside of [ 112.733216][ T6219] 1024-byte region [ffff888030fe4800, ffff888030fe4c00) [ 112.746504][ T6219] [ 112.748843][ T6219] The buggy address belongs to the physical page: [ 112.755266][ T6219] page:ffffea0000c3f800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30fe0 [ 112.765423][ T6219] head:ffffea0000c3f800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 112.774360][ T6219] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 112.782354][ T6219] page_type: 0xffffffff() [ 112.786700][ T6219] raw: 00fff00000000840 ffff888017841dc0 dead000000000100 dead000000000122 [ 112.795297][ T6219] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 112.803881][ T6219] page dumped because: kasan: bad access detected [ 112.810307][ T6219] page_owner tracks the page as allocated [ 112.816026][ T6219] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5858, tgid 5858 (kworker/u4:7), ts 88790826134, free_ts 88704025017 [ 112.837748][ T6219] post_alloc_hook+0x1cd/0x210 [ 112.842537][ T6219] get_page_from_freelist+0x195c/0x19f0 [ 112.848103][ T6219] __alloc_pages+0x1e3/0x460 [ 112.852711][ T6219] alloc_slab_page+0x5d/0x170 [ 112.857411][ T6219] new_slab+0x87/0x2e0 [ 112.861499][ T6219] ___slab_alloc+0xc6d/0x1300 [ 112.866215][ T6219] __kmem_cache_alloc_node+0x1a2/0x260 [ 112.871704][ T6219] __kmalloc+0xa4/0x240 [ 112.876165][ T6219] load_elf_phdrs+0x136/0x230 [ 112.880856][ T6219] load_elf_binary+0x956/0x2700 [ 112.885741][ T6219] bprm_execve+0xaeb/0x16f0 [ 112.890354][ T6219] kernel_execve+0x8bd/0x9c0 [ 112.894972][ T6219] call_usermodehelper_exec_async+0x20b/0x350 [ 112.901057][ T6219] ret_from_fork+0x48/0x80 [ 112.905484][ T6219] ret_from_fork_asm+0x11/0x20 [ 112.910268][ T6219] page last free stack trace: [ 112.914954][ T6219] free_unref_page_prepare+0x7ce/0x8e0 [ 112.920433][ T6219] free_unref_page+0x32/0x2e0 [ 112.925126][ T6219] __slab_free+0x35e/0x410 [ 112.929557][ T6219] qlist_free_all+0x75/0xe0 [ 112.934074][ T6219] kasan_quarantine_reduce+0x143/0x160 [ 112.939558][ T6219] __kasan_slab_alloc+0x22/0x80 [ 112.944417][ T6219] slab_post_alloc_hook+0x6e/0x4d0 [ 112.949548][ T6219] __kmem_cache_alloc_node+0x13e/0x260 [ 112.955023][ T6219] __kmalloc+0xa4/0x240 [ 112.959198][ T6219] tomoyo_realpath_from_path+0xe3/0x5d0 [ 112.964762][ T6219] tomoyo_condition+0x1f73/0x32c0 [ 112.969799][ T6219] tomoyo_check_acl+0x17b/0x3f0 [ 112.974663][ T6219] tomoyo_execute_permission+0x130/0x420 [ 112.980311][ T6219] tomoyo_find_next_domain+0x44c/0x1a60 [ 112.985870][ T6219] tomoyo_bprm_check_security+0x116/0x170 [ 112.991602][ T6219] security_bprm_check+0x62/0xa0 [ 112.996730][ T6219] [ 112.999065][ T6219] Memory state around the buggy address: [ 113.004702][ T6219] ffff888030fe4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.012774][ T6219] ffff888030fe4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.020840][ T6219] >ffff888030fe4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 113.029075][ T6219] ^ [ 113.035227][ T6219] ffff888030fe4880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 113.043289][ T6219] ffff888030fe4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 113.051363][ T6219] ================================================================== [ 113.156856][ T6219] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 113.164214][ T6219] CPU: 0 PID: 6219 Comm: syz.0.121 Not tainted syzkaller #0 [ 113.171540][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 113.181629][ T6219] Call Trace: [ 113.184940][ T6219] [ 113.187895][ T6219] dump_stack_lvl+0x16c/0x230 [ 113.192621][ T6219] ? show_regs_print_info+0x20/0x20 [ 113.197961][ T6219] ? load_image+0x3b0/0x3b0 [ 113.202508][ T6219] panic+0x2c0/0x710 [ 113.206434][ T6219] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.212642][ T6219] ? bpf_jit_dump+0xd0/0xd0 [ 113.217287][ T6219] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 113.223398][ T6219] ? _raw_spin_unlock+0x40/0x40 [ 113.228452][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 113.233932][ T6219] check_panic_on_warn+0x84/0xa0 [ 113.238895][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 113.244375][ T6219] end_report+0x6f/0x140 [ 113.248634][ T6219] kasan_report+0x128/0x150 [ 113.253151][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 113.258633][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 113.264104][ T6219] kasan_check_range+0x288/0x290 [ 113.269056][ T6219] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 113.274529][ T6219] __asan_memmove+0x29/0x70 [ 113.279153][ T6219] ext4_xattr_set_entry+0x94b/0x1e90 [ 113.284464][ T6219] ext4_xattr_block_set+0xae3/0x32a0 [ 113.289776][ T6219] ? ext4_destroy_inode+0x200/0x200 [ 113.295001][ T6219] ? proc_nr_inodes+0x230/0x230 [ 113.299863][ T6219] ? do_raw_spin_unlock+0x121/0x230 [ 113.305080][ T6219] ? _raw_spin_unlock+0x28/0x40 [ 113.309954][ T6219] ? ext4_xattr_block_find+0x350/0x350 [ 113.315614][ T6219] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 113.321004][ T6219] ext4_xattr_set_handle+0x10a1/0x1290 [ 113.326484][ T6219] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 113.332489][ T6219] ? __ext4_journal_start_sb+0x259/0x570 [ 113.338137][ T6219] ext4_xattr_set+0x22d/0x320 [ 113.343087][ T6219] ? end_current_label_crit_section+0x170/0x170 [ 113.349348][ T6219] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 113.354910][ T6219] ? posix_xattr_acl+0x93/0xb0 [ 113.359696][ T6219] ? evm_protect_xattr+0x36d/0x7a0 [ 113.364826][ T6219] ? ext4_xattr_trusted_get+0x40/0x40 [ 113.370216][ T6219] __vfs_setxattr+0x431/0x470 [ 113.374911][ T6219] __vfs_setxattr_noperm+0x12d/0x5e0 [ 113.380215][ T6219] vfs_setxattr+0x16c/0x2f0 [ 113.384735][ T6219] ? xattr_permission+0x470/0x470 [ 113.389769][ T6219] ? __mnt_want_write+0x223/0x2a0 [ 113.394810][ T6219] ? path_setxattr+0x314/0x550 [ 113.399592][ T6219] path_setxattr+0x362/0x550 [ 113.404195][ T6219] ? simple_xattrs_free+0x150/0x150 [ 113.409416][ T6219] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 113.415415][ T6219] ? lock_chain_count+0x20/0x20 [ 113.420273][ T6219] __x64_sys_lsetxattr+0xb8/0xd0 [ 113.425228][ T6219] do_syscall_64+0x55/0xb0 [ 113.429659][ T6219] ? clear_bhb_loop+0x40/0x90 [ 113.434343][ T6219] ? clear_bhb_loop+0x40/0x90 [ 113.439031][ T6219] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 113.445279][ T6219] RIP: 0033:0x7f1113d8f749 [ 113.449807][ T6219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.469423][ T6219] RSP: 002b:00007f1114c46038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 113.477933][ T6219] RAX: ffffffffffffffda RBX: 00007f1113fe5fa0 RCX: 00007f1113d8f749 [ 113.485919][ T6219] RDX: 0000200000000500 RSI: 0000200000000180 RDI: 0000200000000540 [ 113.493905][ T6219] RBP: 00007f1113e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 113.501887][ T6219] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 113.509862][ T6219] R13: 00007f1113fe6038 R14: 00007f1113fe5fa0 R15: 00007ffd2ce0b0e8 [ 113.517861][ T6219] [ 113.521228][ T6219] Kernel Offset: disabled [ 113.525557][ T6219] Rebooting in 86400 seconds..