last executing test programs: 6.427309222s ago: executing program 2 (id=474): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x942, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000040)="83656622d3872f627903c2e7fa386a967c6a6d2d3c641f3671bb60c6214f765c51f51a112ee4dbf628a7dc999c68f5dc076a0100e190039d", 0x38}], 0x1) 6.207567659s ago: executing program 2 (id=478): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r7, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = socket(0x400000000010, 0x3, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0) r9 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0xb4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x88, 0x2, [@TCA_U32_SEL={0x84, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x809, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x8, 0x42}, {0x6, 0x4, 0x12c5, 0x8}, {0x317, 0x0, 0x0, 0x8001}, {0x1, 0x1800004, 0xa525}]}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x80}, 0xc040) close_range(r4, 0xffffffffffffffff, 0x400000000000000) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) 4.939363734s ago: executing program 0 (id=485): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$key(0xf, 0x3, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0) 3.817133846s ago: executing program 2 (id=487): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x20, 0x13, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x800) 3.671178098s ago: executing program 0 (id=488): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x2800) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) syz_usb_control_io$hid(r0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000"], 0xcc}}, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r7}, &(0x7f0000000a00), &(0x7f0000000a40)=r6}, 0x20) 2.765866682s ago: executing program 2 (id=491): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x3, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xfffffffc, 0x8, 0x7, 0x4, 0x4, 0x0, 0x200, 0x6, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4c085}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0xbc, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x8c, 0x2, {{0x4, 0x1ff, 0xa, 0x10000, 0x5, 0x5}, [@TCA_NETEM_DELAY_DIST={0x6, 0x2, "8d37"}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xca3, 0x3, 0x400, 0x9, 0x2, 0x5}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x1}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x5, 0xffff}}, @TCA_NETEM_RATE64={0xc, 0x8, 0xa82c44fbf24a7028}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x3}, @TCA_NETEM_JITTER64={0xc, 0xb, 0x6}]}}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.597928976s ago: executing program 2 (id=493): bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10) sync_file_range(0xffffffffffffffff, 0x6, 0x7, 0x2) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x1, 0x2, 0x6, 0x1, 0xa8, 0x40, 0x3, 0x8, 0x1, 0x1, 0x78, 0x8, 0x9f, 0x5}, 0xe) shutdown(0xffffffffffffffff, 0x1) recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x40001123) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x3, &(0x7f0000000000)=[{0x48, 0xb, 0x48, 0x9}, {0x20, 0x4, 0x21, 0xffff7024}, {0x6, 0x2b, 0x3, 0x203}]}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1) 2.559374809s ago: executing program 3 (id=494): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) setfsgid(0x0) 2.462471167s ago: executing program 3 (id=495): syz_clone(0xc0126080, 0x0, 0x0, 0x0, 0x0, 0x0) 2.232432706s ago: executing program 1 (id=496): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x6}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r1, 0x0, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x31, 0x0, &(0x7f0000000000)="daf9e846ab156efc71b59652333536dbfd26a6d0546366e36eb77dd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x50) 2.179810071s ago: executing program 1 (id=497): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x41, &(0x7f0000000040)=0x7f, 0x4) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000100)=0x5, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000000)=""/3, 0x3}], 0x1, &(0x7f00000008c0)=""/69, 0x45}, 0xffffffff}], 0x1, 0x14100, 0x0) 2.105720497s ago: executing program 3 (id=498): syz_io_uring_setup(0xbc3, &(0x7f0000000480)={0x0, 0x1060, 0x80, 0x0, 0x264}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r4}, 0x10) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10) 2.015786514s ago: executing program 1 (id=499): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r1 = dup(0xffffffffffffffff) write$P9_RLERRORu(r1, &(0x7f0000000500)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1.935373551s ago: executing program 3 (id=500): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000400180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd27, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 1.916568992s ago: executing program 1 (id=501): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)={0x1c, 0x3, 0x1, 0x301, 0x0, 0x0, {0x3}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x804) 1.882243565s ago: executing program 3 (id=502): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x3, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xfffffffc, 0x8, 0x7, 0x4, 0x4, 0x0, 0x200, 0x6, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4c085}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0xbc, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x8c, 0x2, {{0x4, 0x1ff, 0xa, 0x10000, 0x5, 0x5}, [@TCA_NETEM_DELAY_DIST={0x6, 0x2, "8d37"}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xca3, 0x3, 0x400, 0x9, 0x2, 0x5}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x1}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x5, 0xffff}}, @TCA_NETEM_RATE64={0xc, 0x8, 0xa82c44fbf24a7028}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x3}, @TCA_NETEM_JITTER64={0xc, 0xb, 0x6}]}}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.783276023s ago: executing program 1 (id=503): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) setfsgid(0x0) 1.741387107s ago: executing program 1 (id=504): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r3, 0xffffffffffffffff}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) unshare(0x62040200) 1.676454892s ago: executing program 2 (id=505): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a40)=@newsa={0xf8, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@empty, 0x2, 0x0, 0x4e20, 0x0, 0x0, 0x20, 0x0, 0x16}, {@in6=@dev={0xfe, 0x80, '\x00', 0x16}, 0x0, 0x33}, @in=@private=0xa010100, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9}, 0x0, 0x0, 0xa, 0x1}, [@tfcpad={0x8, 0x16, 0x2000000}]}, 0xf8}, 0x1, 0x0, 0x0, 0x804}, 0x24000058) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2}, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) unshare(0x64000600) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x94, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xf, 0x3}, {}, {0xfff1, 0xfff2}}, [@filter_kind_options=@f_u32={{0x8}, {0x68, 0x2, [@TCA_U32_SEL={0x64, 0x5, {0x10, 0x9, 0xe, 0x10da, 0xf, 0x0, 0x10, 0xfc, [{0xffff8001, 0xf073, 0x4010000, 0x8000}, {0x40, 0x80000001, 0xfffffffe, 0xffffffff}, {0x2, 0x9, 0x2}, {0x2008, 0x80000000, 0x1e0a, 0x3}, {0xffffffff, 0x80000009, 0x800, 0x100}]}}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x801}, 0x4000) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='cgroup2\x00', 0x4, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0x3}, 0x18) add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630bf7c045f94cd977", 0x18, 0xffffffffffffffff) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r6, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000006800e97800000000000000000a00000000", @ANYBLOB="67a50bcc3edcfde358dc86b53378c177be6733f7d4878df2945a12c6f856b2ed00a362f1c6efd3d2c980ab5f33a1eeb1406bbf83fa6a847f0a567b447f14c55d7d09c299f1caeb5c153d11d68a8596c1f68947233be8e95459830e7cec049701314f5f4c87adade918b1ec7e10159a6d138da61c75f9508647273d5c915296edea2b5b15b3d3babb5eaa73cd0f"], 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x0) 321.547634ms ago: executing program 0 (id=506): sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x84800) 298.324995ms ago: executing program 3 (id=507): r0 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x404c080) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001100)={0x0}}, 0x0) write(r0, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000280)={'ipvlan0\x00', {0x2, 0x4e24, @rand_addr=0xac141437}}) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000417000/0x2000)=nil, 0x2000, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk") openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000002f80)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1) r4 = mq_open(&(0x7f0000001600)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) mq_timedreceive(r4, &(0x7f000001d600)=""/102389, 0x18ff5, 0x0, 0x0) 119.31454ms ago: executing program 0 (id=508): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') preadv(r2, &(0x7f0000000340)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1, 0x100013c, 0x20000000) 63.965975ms ago: executing program 0 (id=509): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r3 = dup(r2) write$P9_RLERRORu(r3, &(0x7f0000000500)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 0s ago: executing program 0 (id=510): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x1ffffffffffffffd}, 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000b00)=ANY=[@ANYBLOB="00010000160001000000000000000000000000000000e90e000000000000000100000000000000000000000000000800"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c00000000000000000000000000ffffac14143d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7f000005001900ff000000"], 0x100}}, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000340)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x10001, @local, 0x5}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000a40)=ANY=[@ANYBLOB="180000000800000000000000030000001801000020646c24ffffe400002020207b1af8ff86a289894b214e36dbf7f120b43300000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) epoll_create1(0x80000) syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x800414, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2c2, &(0x7f0000000c40)="$eJzs3dFLU28cx/GPzp+bE91+EEFB9VA3dTN0/QE1QiEaFOakugiOeVZjp03OGcYicjfRbX9EV1J33QXVZTfeRDfddydB0I0X0Yl2Nt102nQ6l75fIOe7830+nEc9yneC28qtFw/zWS+RtUrqjxj1SxWtSvE/VU1f7dhfrQfVqKILwz++nLp5+861VDo9MWXMZGr6YtIYM3rm3aMnr85+KA3PvBl9G9Zy/O7K9+TX5ePLJ1Z+TT/IeSbnmUKxZCwzWyyWrFnHNnM5L58w5oZjW55tcgXPdpv6Wac4P182VmFuJDrv2p5nrELZ5O2yKRVNyS0b676VK5hYImFGojraBtpYk1mamrJSW7b9UKuzLU+iJwy1Oum6qUrrZmapC3sCAAA9Zvv5P5j1t57/0zPBcdv5P1Sb/1+/lNqb/6XO5v9E0/zf19UvaI+rND36y/yPQ8F1U1a09vPbjPkfAAAAAAAAAAAAAAAAAAAAAIB/warvx3zfj9WP9Y+wpIik+uOD3if2xy6//5cOaLvYYw3/uBeRnOcLmYVMcAz6qaxycmRrTDH9rN4PNUE9eTU9MWaq4nrvLNbyiwuZkML1fF28Vf70/+NB3jTn/1O08fpJxXSs9fWTLfODOn+uIZ9QTJ/uqShHc9X7ej3/dNyYK9fTG/JD1XUAAAAAABwGCbNm0/P3ar+6IKLN/SC/g78PbHh+PaCT7bxEJQAAAAAA6JhXfpy3HMd2d1GEJXUQ30Hh9+37JfauCKkntrGhuCypB7bRrSIiKThjdhP/thZvK+W3sWZAUqefV6SLt9ZB/2YCAAAAsNfWh/4dhD4/28cdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABw9LT7emD19Zta9cY28YbLhfRx7e0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCPndwAAAP//6bYmHA==") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f00000007c0)) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f00000000c0)=0x1, 0x4) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus/file0\x00') sendmmsg$inet(r5, &(0x7f0000000b80)=[{{&(0x7f0000000040)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x7, 0x4, [@multicast1=0xe0000306]}]}}}], 0x18}}], 0x1, 0x4880) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. syzkaller login: [ 64.881686][ T5770] cgroup: Unknown subsys name 'net' [ 65.043071][ T5770] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.395976][ T5770] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.832803][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.841382][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.860390][ T5792] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.865252][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.868277][ T5795] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.876003][ T5793] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.885312][ T5795] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.890292][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.897006][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.904529][ T5793] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.910340][ T5795] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.917969][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.933966][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.941707][ T5793] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.942204][ T5792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.949814][ T5795] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.958418][ T5792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.964683][ T5795] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.970254][ T5794] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.978510][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.985762][ T5794] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.992692][ T5792] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.001082][ T5794] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.016936][ T5794] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.462310][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 68.495174][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 68.619085][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 68.628681][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 68.702955][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.710976][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.719118][ T5780] bridge_slave_0: entered allmulticast mode [ 68.725973][ T5780] bridge_slave_0: entered promiscuous mode [ 68.736849][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.744048][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.751441][ T5780] bridge_slave_1: entered allmulticast mode [ 68.758656][ T5780] bridge_slave_1: entered promiscuous mode [ 68.765780][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.773107][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.780465][ T5782] bridge_slave_0: entered allmulticast mode [ 68.787845][ T5782] bridge_slave_0: entered promiscuous mode [ 68.815253][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.822540][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.830055][ T5782] bridge_slave_1: entered allmulticast mode [ 68.837320][ T5782] bridge_slave_1: entered promiscuous mode [ 68.865240][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.894942][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.946911][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.977507][ T5780] team0: Port device team_slave_0 added [ 68.985463][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.015879][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.023630][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.031380][ T5781] bridge_slave_0: entered allmulticast mode [ 69.038540][ T5781] bridge_slave_0: entered promiscuous mode [ 69.047945][ T5780] team0: Port device team_slave_1 added [ 69.054979][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.062257][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.069858][ T5781] bridge_slave_1: entered allmulticast mode [ 69.076932][ T5781] bridge_slave_1: entered promiscuous mode [ 69.091756][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.099118][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.106292][ T5779] bridge_slave_0: entered allmulticast mode [ 69.114144][ T5779] bridge_slave_0: entered promiscuous mode [ 69.143979][ T5782] team0: Port device team_slave_0 added [ 69.153024][ T5782] team0: Port device team_slave_1 added [ 69.159104][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.166227][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.174531][ T5779] bridge_slave_1: entered allmulticast mode [ 69.181797][ T5779] bridge_slave_1: entered promiscuous mode [ 69.240262][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.247703][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.275093][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.288375][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.295791][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.322448][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.335686][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.358501][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.370561][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.386085][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.407248][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.414402][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.440431][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.474714][ T5779] team0: Port device team_slave_0 added [ 69.501636][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.509027][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.535652][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.554158][ T5779] team0: Port device team_slave_1 added [ 69.573364][ T5781] team0: Port device team_slave_0 added [ 69.614007][ T5781] team0: Port device team_slave_1 added [ 69.642854][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.650077][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.676601][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.712802][ T5782] hsr_slave_0: entered promiscuous mode [ 69.719812][ T5782] hsr_slave_1: entered promiscuous mode [ 69.730921][ T5780] hsr_slave_0: entered promiscuous mode [ 69.738497][ T5780] hsr_slave_1: entered promiscuous mode [ 69.744605][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.752604][ T5780] Cannot create hsr debugfs directory [ 69.758745][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.765693][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.792041][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.803690][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.810883][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.837246][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.850151][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.857455][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.883990][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.988721][ T5781] hsr_slave_0: entered promiscuous mode [ 69.995365][ T5781] hsr_slave_1: entered promiscuous mode [ 70.001586][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.010588][ T5781] Cannot create hsr debugfs directory [ 70.035219][ T5779] hsr_slave_0: entered promiscuous mode [ 70.041623][ T5779] hsr_slave_1: entered promiscuous mode [ 70.047891][ T5779] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.055527][ T5779] Cannot create hsr debugfs directory [ 70.057447][ T5102] Bluetooth: hci3: command tx timeout [ 70.067416][ T5790] Bluetooth: hci2: command tx timeout [ 70.067432][ T5792] Bluetooth: hci1: command tx timeout [ 70.074232][ T5794] Bluetooth: hci0: command tx timeout [ 70.397382][ T5782] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.410838][ T5782] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.422927][ T5782] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.432332][ T5782] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.505556][ T5779] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.515467][ T5779] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.530886][ T5779] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.549433][ T5779] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.623963][ T5781] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.644297][ T5781] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.674134][ T5781] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.683770][ T5781] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.745186][ T5780] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.754596][ T5780] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.769476][ T5780] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.785475][ T5780] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.804659][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.868422][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.881985][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.889438][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.958825][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.965969][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.034115][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.052829][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.108168][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.122344][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.135209][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.149901][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.157375][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.191757][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.199332][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.220010][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.230667][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.237858][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.282470][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.289681][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.305265][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.312565][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.326209][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.333548][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.411479][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.502329][ T5780] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.528928][ T5782] veth0_vlan: entered promiscuous mode [ 71.573740][ T5782] veth1_vlan: entered promiscuous mode [ 71.663513][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.668083][ T5782] veth0_macvtap: entered promiscuous mode [ 71.680049][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.700319][ T5782] veth1_macvtap: entered promiscuous mode [ 71.760248][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.781511][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.793583][ T5782] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.803689][ T5782] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.814529][ T5782] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.830105][ T5782] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.879878][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.034994][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.046336][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.048695][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.075658][ T5779] veth0_vlan: entered promiscuous mode [ 72.125215][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.125963][ T5779] veth1_vlan: entered promiscuous mode [ 72.139160][ T5794] Bluetooth: hci2: command tx timeout [ 72.141403][ T5790] Bluetooth: hci3: command tx timeout [ 72.144639][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.150205][ T5790] Bluetooth: hci0: command tx timeout [ 72.150285][ T5790] Bluetooth: hci1: command tx timeout [ 72.171217][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.234591][ T5781] veth0_vlan: entered promiscuous mode [ 72.252096][ T5779] veth0_macvtap: entered promiscuous mode [ 72.289649][ T5779] veth1_macvtap: entered promiscuous mode [ 72.310126][ T5781] veth1_vlan: entered promiscuous mode [ 72.402712][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.423316][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.436190][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.455008][ T5780] veth0_vlan: entered promiscuous mode [ 72.472669][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.487613][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.500544][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.516036][ T5780] veth1_vlan: entered promiscuous mode [ 72.527166][ T5779] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.539655][ T5779] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.549894][ T5779] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.560188][ T5779] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.594567][ T5781] veth0_macvtap: entered promiscuous mode [ 72.646127][ T5781] veth1_macvtap: entered promiscuous mode [ 72.742587][ T5780] veth0_macvtap: entered promiscuous mode [ 72.765278][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.773236][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.773282][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.773291][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.773302][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.774959][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.824433][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.856395][ T5875] netlink: 136 bytes leftover after parsing attributes in process `syz.2.7'. [ 72.874606][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.890183][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.901314][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.912381][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.923998][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.933831][ T5780] veth1_macvtap: entered promiscuous mode [ 72.975518][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.976040][ T5781] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.998454][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.009902][ T5781] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.021204][ T5781] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.030475][ T5781] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.090333][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.105240][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.115655][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.128250][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.138490][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.149741][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.162626][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.240370][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.277893][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.293986][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.317881][ T5884] syz.2.9[5884]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.319434][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.334949][ T5884] loop2: detected capacity change from 0 to 128 [ 73.337876][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.354033][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.384669][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.398240][ T5780] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.408002][ T5780] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.415181][ T5884] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 73.418658][ T5780] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.438600][ T5780] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.458739][ T5884] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 73.458893][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.479082][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.597103][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.605250][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.633021][ T5883] serio: Serial port ptm0 [ 73.708528][ T5886] loop0: detected capacity change from 0 to 1024 [ 73.730098][ T5886] EXT4-fs: Ignoring removed orlov option [ 73.736166][ T5886] EXT4-fs: Ignoring removed nomblk_io_submit option [ 73.779889][ T3477] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.819916][ T3477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.898138][ T5886] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.958705][ T5782] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 74.008678][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.017799][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.055187][ T28] audit: type=1804 audit(1756493686.906:2): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1" name="/newroot/0/file1/file1" dev="loop0" ino=15 res=1 errno=0 [ 74.162365][ T28] audit: type=1326 audit(1756493687.016:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.184436][ T5896] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11'. [ 74.200010][ T28] audit: type=1326 audit(1756493687.016:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.227114][ T28] audit: type=1326 audit(1756493687.026:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.228344][ T5794] Bluetooth: hci1: command tx timeout [ 74.249902][ T5790] Bluetooth: hci0: command tx timeout [ 74.255008][ T5794] Bluetooth: hci3: command tx timeout [ 74.260588][ T5790] Bluetooth: hci2: command tx timeout [ 74.283863][ T5779] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.294318][ T28] audit: type=1326 audit(1756493687.026:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.337540][ T28] audit: type=1326 audit(1756493687.026:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.371945][ T5898] loop2: detected capacity change from 0 to 1024 [ 74.407026][ T28] audit: type=1326 audit(1756493687.026:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.417514][ T5898] EXT4-fs: Ignoring removed nomblk_io_submit option [ 74.445823][ T28] audit: type=1326 audit(1756493687.026:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.471389][ T28] audit: type=1326 audit(1756493687.036:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.495369][ T28] audit: type=1326 audit(1756493687.036:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5895 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 74.585123][ T5898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.837769][ T5906] ======================================================= [ 74.837769][ T5906] WARNING: The mand mount option has been deprecated and [ 74.837769][ T5906] and is ignored by this kernel. Remove the mand [ 74.837769][ T5906] option from the mount to silence this warning. [ 74.837769][ T5906] ======================================================= [ 74.907821][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.967810][ T5908] syzkaller0: entered promiscuous mode [ 74.983686][ T5908] syzkaller0: entered allmulticast mode [ 75.341330][ T5900] loop0: detected capacity change from 0 to 32768 [ 75.403751][ T5900] loop0: p1 p3 < > [ 75.725935][ T5919] 9pnet: Could not find request transport: 0xffffffffffffffff [ 75.862213][ T5924] mmap: syz.2.18 (5924) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 76.200977][ T5929] loop3: detected capacity change from 0 to 512 [ 76.232025][ T5929] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 76.277837][ T5929] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 76.298905][ T5790] Bluetooth: hci2: command tx timeout [ 76.303324][ T5102] Bluetooth: hci3: command tx timeout [ 76.304332][ T5790] Bluetooth: hci0: command tx timeout [ 76.304357][ T5790] Bluetooth: hci1: command tx timeout [ 76.342339][ T5929] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 76.366874][ T5929] EXT4-fs (loop3): 1 truncate cleaned up [ 76.376374][ T5929] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.665122][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.726093][ T5934] netlink: 48 bytes leftover after parsing attributes in process `syz.2.21'. [ 77.373306][ T5944] loop3: detected capacity change from 0 to 512 [ 77.438131][ T5944] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 77.536211][ T5944] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.776852][ T5944] netlink: 14 bytes leftover after parsing attributes in process `syz.3.26'. [ 77.885650][ T5944] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.927126][ T5944] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.965674][ T5944] bond0 (unregistering): Released all slaves [ 78.155852][ T5950] rdma_op ffff88805c0799f0 conn xmit_rdma 0000000000000000 [ 78.165864][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.550162][ T5957] syzkaller0: entered promiscuous mode [ 78.560907][ T5957] syzkaller0: entered allmulticast mode [ 78.831885][ T5961] syz.2.31[5961] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.832008][ T5961] syz.2.31[5961] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.231878][ T5970] loop3: detected capacity change from 0 to 128 [ 79.321817][ T5970] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 79.338145][ T5970] ext4 filesystem being mounted at /13/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 79.528010][ T5970] syzkaller0: entered promiscuous mode [ 79.533533][ T5970] syzkaller0: entered allmulticast mode [ 79.835186][ T5979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.36'. [ 79.977931][ T5981] rdma_op ffff88802eaac1f0 conn xmit_rdma 0000000000000000 [ 80.490274][ T5905] Set syz1 is full, maxelem 65536 reached [ 80.560780][ T5987] serio: Serial port ptm0 [ 80.933431][ T5996] syz.0.44[5996] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.933557][ T5996] syz.0.44[5996] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.976326][ T5996] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.122889][ T6000] rdma_op ffff8880316d89f0 conn xmit_rdma 0000000000000000 [ 81.933252][ T27] cfg80211: failed to load regulatory.db [ 82.159485][ T5996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.44'. [ 82.168588][ T5996] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.223091][ T5996] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.253876][ T6002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.47'. [ 82.267229][ T5781] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 82.362025][ T6006] loop3: detected capacity change from 0 to 512 [ 82.378834][ T6006] EXT4-fs (loop3): orphan cleanup on readonly fs [ 82.385355][ T6006] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 82.440788][ T6006] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 82.468350][ T6006] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.49: attempt to clear invalid blocks 2 len 1 [ 82.493198][ T6006] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.49: invalid indirect mapped block 1819239214 (level 0) [ 82.537528][ T6006] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.49: invalid indirect mapped block 1819239214 (level 1) [ 82.569052][ T6006] EXT4-fs (loop3): 1 truncate cleaned up [ 82.576036][ T6006] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 82.762759][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.888388][ T6015] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.971989][ T6020] rdma_op ffff88807cd721f0 conn xmit_rdma 0000000000000000 [ 82.983784][ T6021] serio: Serial port ptm0 [ 83.064038][ T6015] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.205067][ T6015] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.371651][ T6015] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.542679][ T6015] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.561888][ T6015] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.591632][ T6015] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.617718][ T6015] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.965644][ T6048] netlink: 'syz.1.68': attribute type 10 has an invalid length. [ 84.013772][ T6048] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.047806][ T6048] bond0: (slave team0): Enslaving as an active interface with an up link [ 84.071917][ T6050] (null): rxe_set_mtu: Set mtu to 1024 [ 84.111135][ T6050] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:f079:06ff:fe9a:9940 error=-28 [ 84.261721][ T6056] Zero length message leads to an empty skb [ 84.448318][ T6063] batadv1: entered promiscuous mode [ 84.560587][ T6050] infiniband syz!: set active [ 84.584015][ T6050] infiniband syz!: added team_slave_0 [ 84.735127][ T6050] RDS/IB: syz!: added [ 84.752088][ T6050] smc: adding ib device syz! with port count 1 [ 84.773295][ T6050] smc: ib device syz! port 1 has pnetid [ 85.515584][ T6089] netlink: 12 bytes leftover after parsing attributes in process `gtp'. [ 85.524375][ T6089] netlink: 4 bytes leftover after parsing attributes in process `gtp'. [ 85.570880][ T6089] bridge0: port 3(macsec1) entered blocking state [ 85.599498][ T6089] bridge0: port 3(macsec1) entered disabled state [ 85.616972][ T6089] macsec1: entered allmulticast mode [ 85.640216][ T6089] macsec1: left allmulticast mode [ 85.865143][ T6097] loop3: detected capacity change from 0 to 512 [ 85.922557][ T6097] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.994814][ T6097] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 86.367406][ T6097] EXT4-fs (loop3): shut down requested (0) [ 86.529995][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.235803][ T6144] syzkaller0: entered promiscuous mode [ 87.266128][ T6144] syzkaller0: entered allmulticast mode [ 87.982966][ T6168] loop0: detected capacity change from 0 to 128 [ 88.023174][ T6168] FAT-fs (loop0): Directory bread(block 32) failed [ 88.037366][ T6168] FAT-fs (loop0): Directory bread(block 33) failed [ 88.055109][ T6168] FAT-fs (loop0): Directory bread(block 34) failed [ 88.072130][ T6168] FAT-fs (loop0): Directory bread(block 35) failed [ 88.084080][ T6168] FAT-fs (loop0): Directory bread(block 36) failed [ 88.106993][ T6168] FAT-fs (loop0): Directory bread(block 37) failed [ 88.113814][ T6168] FAT-fs (loop0): Directory bread(block 38) failed [ 88.133469][ T6168] FAT-fs (loop0): Directory bread(block 39) failed [ 88.161462][ T6168] FAT-fs (loop0): Directory bread(block 40) failed [ 88.175721][ T6168] FAT-fs (loop0): Directory bread(block 41) failed [ 88.220389][ T6176] loop3: detected capacity change from 0 to 2048 [ 88.304556][ T6176] loop3: p1 < > p4 [ 88.314792][ T6176] loop3: p4 size 8388608 extends beyond EOD, truncated [ 88.342096][ T6168] syz.0.120: attempt to access beyond end of device [ 88.342096][ T6168] loop0: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 88.386182][ T6168] FAT-fs (loop0): Filesystem has been set read-only [ 88.407801][ T6168] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 88.787598][ T6171] loop1: detected capacity change from 0 to 32768 [ 88.818862][ T6177] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.827528][ T6177] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.842805][ T6171] loop1: p1 p3 < > [ 89.043718][ T6200] netlink: 68 bytes leftover after parsing attributes in process `syz.1.124'. [ 89.301407][ T5772] udevd[5772]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 89.312425][ T5787] udevd[5787]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 89.737915][ T6177] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.767506][ T6177] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.052944][ T6177] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.067584][ T6177] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.078552][ T6177] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.088204][ T6177] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.284006][ T6222] loop1: detected capacity change from 0 to 32768 [ 91.322029][ T6247] syzkaller0: entered promiscuous mode [ 91.325733][ T6250] process 'syz.0.143' launched './file0' with NULL argv: empty string added [ 91.334464][ T6247] syzkaller0: entered allmulticast mode [ 91.849248][ T6265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.150'. [ 92.212393][ T6274] loop2: detected capacity change from 0 to 512 [ 92.297347][ T6274] EXT4-fs (loop2): too many log groups per flexible block group [ 92.340337][ T6274] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 92.378677][ T6274] EXT4-fs (loop2): mount failed [ 92.441433][ T6269] loop0: detected capacity change from 0 to 32768 [ 92.511701][ T6269] loop0: p1 p3 < > [ 92.553978][ T6283] Bluetooth: MGMT ver 1.22 [ 92.744752][ T6290] netlink: 12 bytes leftover after parsing attributes in process `syz.3.161'. [ 92.921371][ T6296] loop3: detected capacity change from 0 to 512 [ 93.025016][ T6296] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.071191][ T6296] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 93.095648][ T5772] udevd[5772]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 93.110539][ T5796] udevd[5796]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 93.974761][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.394239][ T6327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.173'. [ 95.504537][ T6336] loop0: detected capacity change from 0 to 256 [ 95.551970][ T6338] syz!: rxe_newlink: already configured on team_slave_0 [ 95.618306][ T6336] FAT-fs (loop0): Directory bread(block 64) failed [ 95.664641][ T6336] FAT-fs (loop0): Directory bread(block 65) failed [ 95.690975][ T6336] FAT-fs (loop0): Directory bread(block 66) failed [ 95.726649][ T6336] FAT-fs (loop0): Directory bread(block 67) failed [ 95.777191][ T6336] FAT-fs (loop0): Directory bread(block 68) failed [ 95.807347][ T6336] FAT-fs (loop0): Directory bread(block 69) failed [ 95.833240][ T6336] FAT-fs (loop0): Directory bread(block 70) failed [ 95.859124][ T6336] FAT-fs (loop0): Directory bread(block 71) failed [ 95.888807][ T6336] FAT-fs (loop0): Directory bread(block 72) failed [ 95.912697][ T6336] FAT-fs (loop0): Directory bread(block 73) failed [ 96.116434][ C0] sched: RT throttling activated [ 96.502911][ T6348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.183'. [ 96.580435][ T6354] netlink: 'syz.0.182': attribute type 1 has an invalid length. [ 96.609230][ T6351] serio: Serial port ptm0 [ 97.236960][ T6359] loop2: detected capacity change from 0 to 32768 [ 97.342499][ T6359] loop2: p1 p3 < > [ 97.493308][ T6370] loop0: detected capacity change from 0 to 256 [ 97.603806][ T6370] FAT-fs (loop0): Directory bread(block 64) failed [ 97.636996][ T6370] FAT-fs (loop0): Directory bread(block 65) failed [ 97.659110][ T6370] FAT-fs (loop0): Directory bread(block 66) failed [ 97.706867][ T6370] FAT-fs (loop0): Directory bread(block 67) failed [ 97.724102][ T6370] FAT-fs (loop0): Directory bread(block 68) failed [ 97.754558][ T6370] FAT-fs (loop0): Directory bread(block 69) failed [ 97.779343][ T6370] FAT-fs (loop0): Directory bread(block 70) failed [ 97.813734][ T6370] FAT-fs (loop0): Directory bread(block 71) failed [ 97.850582][ T6370] FAT-fs (loop0): Directory bread(block 72) failed [ 97.885160][ T6370] FAT-fs (loop0): Directory bread(block 73) failed [ 97.888384][ T6376] batadv1: entered promiscuous mode [ 98.100844][ T5787] udevd[5787]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 98.114797][ T5772] udevd[5772]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 98.396817][ T3533] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 99.131500][ T6391] serio: Serial port ptm0 [ 99.150028][ T6395] loop0: detected capacity change from 0 to 2048 [ 99.175235][ T6395] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 99.228659][ T6395] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.499635][ T6401] loop2: detected capacity change from 0 to 256 [ 100.515763][ T6401] FAT-fs (loop2): Directory bread(block 64) failed [ 100.546242][ T6401] FAT-fs (loop2): Directory bread(block 65) failed [ 100.566730][ T6401] FAT-fs (loop2): Directory bread(block 66) failed [ 100.586520][ T6401] FAT-fs (loop2): Directory bread(block 67) failed [ 100.636908][ T6401] FAT-fs (loop2): Directory bread(block 68) failed [ 100.673376][ T6401] FAT-fs (loop2): Directory bread(block 69) failed [ 100.696084][ T6401] FAT-fs (loop2): Directory bread(block 70) failed [ 100.712894][ T6401] FAT-fs (loop2): Directory bread(block 71) failed [ 100.720857][ T6401] FAT-fs (loop2): Directory bread(block 72) failed [ 100.727778][ T6401] FAT-fs (loop2): Directory bread(block 73) failed [ 100.886558][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'. [ 101.381304][ T6423] serio: Serial port ptm0 [ 101.401293][ T6430] loop3: detected capacity change from 0 to 256 [ 101.441466][ T6430] FAT-fs (loop3): Directory bread(block 64) failed [ 101.455285][ T6430] FAT-fs (loop3): Directory bread(block 65) failed [ 101.473294][ T6430] FAT-fs (loop3): Directory bread(block 66) failed [ 101.486350][ T6430] FAT-fs (loop3): Directory bread(block 67) failed [ 101.512762][ T6430] FAT-fs (loop3): Directory bread(block 68) failed [ 101.533331][ T6430] FAT-fs (loop3): Directory bread(block 69) failed [ 101.554631][ T6430] FAT-fs (loop3): Directory bread(block 70) failed [ 101.564607][ T6430] FAT-fs (loop3): Directory bread(block 71) failed [ 101.575942][ T6430] FAT-fs (loop3): Directory bread(block 72) failed [ 101.586828][ T6430] FAT-fs (loop3): Directory bread(block 73) failed [ 101.662745][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.1.217'. [ 101.986060][ T6439] tipc: Enabling of bearer rejected, failed to enable media [ 102.007403][ T6439] syzkaller0: entered promiscuous mode [ 102.024650][ T6439] syzkaller0: entered allmulticast mode [ 102.241191][ T6451] netlink: 44 bytes leftover after parsing attributes in process `syz.0.224'. [ 102.332673][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.1.226'. [ 102.356226][ T6459] loop0: detected capacity change from 0 to 256 [ 102.362749][ T6455] netlink: 16 bytes leftover after parsing attributes in process `syz.2.227'. [ 102.374238][ T6455] netlink: 4 bytes leftover after parsing attributes in process `syz.2.227'. [ 102.392242][ T6455] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.438497][ T6459] FAT-fs (loop0): Directory bread(block 64) failed [ 102.470890][ T6459] FAT-fs (loop0): Directory bread(block 65) failed [ 102.505020][ T6459] FAT-fs (loop0): Directory bread(block 66) failed [ 102.515591][ T6455] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 102.523186][ T6459] FAT-fs (loop0): Directory bread(block 67) failed [ 102.554787][ T6459] FAT-fs (loop0): Directory bread(block 68) failed [ 102.574322][ T6459] FAT-fs (loop0): Directory bread(block 69) failed [ 102.599353][ T6459] FAT-fs (loop0): Directory bread(block 70) failed [ 102.606122][ T6459] FAT-fs (loop0): Directory bread(block 71) failed [ 102.614923][ T6459] FAT-fs (loop0): Directory bread(block 72) failed [ 102.628220][ T6459] FAT-fs (loop0): Directory bread(block 73) failed [ 102.771653][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 102.771666][ T28] audit: type=1326 audit(1756493715.636:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6464 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 102.822584][ T28] audit: type=1326 audit(1756493715.636:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6464 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 102.868215][ T28] audit: type=1326 audit(1756493715.636:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6464 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 102.988544][ T6467] serio: Serial port ptm0 [ 103.083242][ T6473] program syz.0.233 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.148353][ T6475] tipc: Enabling of bearer rejected, failed to enable media [ 103.197100][ T6475] syzkaller0: entered promiscuous mode [ 103.216510][ T6475] syzkaller0: entered allmulticast mode [ 103.273261][ T6480] loop0: detected capacity change from 0 to 2048 [ 103.308095][ T6480] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 103.333033][ T6480] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 105.384622][ T6499] loop1: detected capacity change from 0 to 256 [ 105.459030][ T6499] FAT-fs (loop1): Directory bread(block 64) failed [ 105.465930][ T6499] FAT-fs (loop1): Directory bread(block 65) failed [ 105.499123][ T6499] FAT-fs (loop1): Directory bread(block 66) failed [ 105.505708][ T6499] FAT-fs (loop1): Directory bread(block 67) failed [ 105.528170][ T6499] FAT-fs (loop1): Directory bread(block 68) failed [ 105.546327][ T6499] FAT-fs (loop1): Directory bread(block 69) failed [ 105.587966][ T6499] FAT-fs (loop1): Directory bread(block 70) failed [ 105.594655][ T6499] FAT-fs (loop1): Directory bread(block 71) failed [ 105.607905][ T6499] FAT-fs (loop1): Directory bread(block 72) failed [ 105.614775][ T6499] FAT-fs (loop1): Directory bread(block 73) failed [ 105.911221][ T6506] capability: warning: `syz.2.245' uses deprecated v2 capabilities in a way that may be insecure [ 105.957541][ T6506] program syz.2.245 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 106.006809][ T6511] syz.1.244[6511] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 106.006926][ T6511] syz.1.244[6511] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 106.035346][ T6511] loop1: detected capacity change from 0 to 512 [ 106.081024][ T6511] EXT4-fs: Ignoring removed mblk_io_submit option [ 106.099337][ T6508] serio: Serial port ptm0 [ 106.156788][ T6511] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.163117][ T28] audit: type=1326 audit(1756493719.026:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6524 comm="syz.2.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 106.190929][ T6511] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.205447][ T6511] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.210339][ T28] audit: type=1326 audit(1756493719.026:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6524 comm="syz.2.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 106.280806][ T28] audit: type=1326 audit(1756493719.066:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6524 comm="syz.2.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 106.357438][ T28] audit: type=1326 audit(1756493719.066:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6524 comm="syz.2.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 106.431558][ T28] audit: type=1326 audit(1756493719.066:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6524 comm="syz.2.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 106.504463][ T6531] loop3: detected capacity change from 0 to 2048 [ 106.536927][ T28] audit: type=1326 audit(1756493719.066:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6524 comm="syz.2.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 106.555047][ T6534] loop1: detected capacity change from 0 to 256 [ 106.592363][ T6531] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 106.602356][ T28] audit: type=1326 audit(1756493719.066:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6524 comm="syz.2.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 106.637498][ T6531] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 106.661591][ T6536] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 106.702811][ T6534] FAT-fs (loop1): Directory bread(block 64) failed [ 106.722231][ T6534] FAT-fs (loop1): Directory bread(block 65) failed [ 106.736051][ T6534] FAT-fs (loop1): Directory bread(block 66) failed [ 106.745834][ T6534] FAT-fs (loop1): Directory bread(block 67) failed [ 106.752872][ T6534] FAT-fs (loop1): Directory bread(block 68) failed [ 106.759723][ T6534] FAT-fs (loop1): Directory bread(block 69) failed [ 106.766806][ T6534] FAT-fs (loop1): Directory bread(block 70) failed [ 106.773374][ T6534] FAT-fs (loop1): Directory bread(block 71) failed [ 106.786382][ T6534] FAT-fs (loop1): Directory bread(block 72) failed [ 106.850897][ T6534] FAT-fs (loop1): Directory bread(block 73) failed [ 107.900553][ T6546] hub 9-0:1.0: USB hub found [ 107.906108][ T6546] hub 9-0:1.0: 1 port detected [ 108.278655][ T6564] syzkaller0: entered allmulticast mode [ 108.284520][ T6557] serio: Serial port ptm0 [ 108.379351][ T6564] tipc: Started in network mode [ 108.388400][ T6564] tipc: Node identity , cluster identity 4711 [ 108.394594][ T6564] tipc: Failed to obtain node identity [ 108.403425][ T6564] tipc: Enabling of bearer rejected, failed to enable media [ 109.229135][ T6588] loop0: detected capacity change from 0 to 512 [ 109.288106][ T6588] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 109.415551][ T6588] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.272: bad orphan inode 11 [ 109.462641][ T6588] ext4_test_bit(bit=10, block=4) = 1 [ 109.468257][ T6588] is_bad_inode(inode)=0 [ 109.472643][ T6588] NEXT_ORPHAN(inode)=2080374784 [ 109.477835][ T6588] max_ino=32 [ 109.481070][ T6588] i_nlink=0 [ 109.487033][ T6588] EXT4-fs (loop0): 1 truncate cleaned up [ 109.499762][ T6588] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.725734][ T6591] syz!: rxe_newlink: already configured on team_slave_0 [ 109.838621][ T5779] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.110000][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 110.110012][ T28] audit: type=1326 audit(1756493722.976:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.1.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 110.173168][ T28] audit: type=1326 audit(1756493722.976:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.1.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 110.201137][ T28] audit: type=1326 audit(1756493722.976:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.1.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 110.223723][ T28] audit: type=1326 audit(1756493722.976:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.1.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 110.246455][ T28] audit: type=1326 audit(1756493722.976:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.1.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 110.271032][ T28] audit: type=1326 audit(1756493722.986:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.1.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 110.294460][ T28] audit: type=1326 audit(1756493722.986:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.1.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 111.459024][ T28] audit: type=1326 audit(1756493724.326:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.1.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 111.489569][ T28] audit: type=1326 audit(1756493724.346:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.1.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 112.498907][ T6634] netdevsim netdevsim3: Direct firmware load for ./file0/file1 failed with error -2 [ 112.515119][ T6633] loop2: detected capacity change from 0 to 2048 [ 112.524199][ T6634] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0/file1 [ 112.552963][ T6633] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 112.575100][ T6633] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 114.321611][ T28] audit: type=1326 audit(1756493727.186:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6656 comm="syz.3.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 114.662020][ T6663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.298'. [ 115.393476][ T6683] syzkaller0: entered promiscuous mode [ 115.417720][ T6683] syzkaller0: entered allmulticast mode [ 116.404428][ T6720] netlink: 'syz.0.322': attribute type 10 has an invalid length. [ 116.415166][ T6720] macvlan1: entered allmulticast mode [ 116.425273][ T6720] veth1_vlan: entered allmulticast mode [ 116.431445][ T6720] team0: Device macvlan1 is up. Set it down before adding it as a team port [ 116.526582][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 116.526596][ T28] audit: type=1326 audit(1756493729.386:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 116.610500][ T28] audit: type=1326 audit(1756493729.386:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 116.657034][ T28] audit: type=1326 audit(1756493729.386:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 116.740384][ T28] audit: type=1326 audit(1756493729.386:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 116.861366][ T28] audit: type=1326 audit(1756493729.386:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 116.997812][ T28] audit: type=1326 audit(1756493729.386:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 117.096062][ T28] audit: type=1326 audit(1756493729.386:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 117.178373][ T28] audit: type=1326 audit(1756493729.386:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 117.233282][ T28] audit: type=1326 audit(1756493729.386:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7f78ebe9 code=0x7ffc0000 [ 117.671512][ T6757] batadv1: entered promiscuous mode [ 117.845418][ T6762] 9pnet: p9_errstr2errno: server reported unknown error [ 118.518531][ T6793] syz.3.346[6793] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.518649][ T6793] syz.3.346[6793] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.574126][ T6793] loop3: detected capacity change from 0 to 512 [ 118.576678][ T6795] netlink: 'syz.0.347': attribute type 10 has an invalid length. [ 118.622741][ T6793] EXT4-fs: Ignoring removed mblk_io_submit option [ 118.673921][ T6793] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.682885][ T6805] (null): rxe_set_mtu: Set mtu to 1024 [ 118.690226][ T6793] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.704945][ T6793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.722696][ T6805] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 118.772823][ T6795] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.828470][ T6795] bond0: (slave team0): Enslaving as an active interface with an up link [ 118.869975][ T28] audit: type=1326 audit(1756493731.736:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.2.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f795ef8ebe9 code=0x7ffc0000 [ 119.404713][ T6832] syz.0.360[6832] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.404896][ T6832] syz.0.360[6832] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.527636][ T6838] netlink: 'syz.1.364': attribute type 10 has an invalid length. [ 119.561924][ T6838] syz!: rxe_newlink: already configured on team_slave_0 [ 119.621458][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.365'. [ 120.327159][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.377'. [ 120.345240][ T6871] IPVS: Error joining to the multicast group [ 120.433323][ T6873] 8021q: adding VLAN 0 to HW filter on device bond1 [ 120.442226][ T6876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.379'. [ 120.506920][ T6879] loop3: detected capacity change from 0 to 128 [ 120.761927][ T6883] loop3: detected capacity change from 0 to 1024 [ 120.819219][ T6883] EXT4-fs (loop3): corrupt root inode, run e2fsck [ 120.829801][ T6883] EXT4-fs (loop3): mount failed [ 120.840913][ T6876] bond1 (unregistering): Released all slaves [ 120.896576][ T6889] syzkaller0: entered promiscuous mode [ 120.909386][ T6889] syzkaller0: entered allmulticast mode [ 121.244241][ T6900] netlink: 'syz.3.390': attribute type 10 has an invalid length. [ 121.265392][ T6900] (null): rxe_set_mtu: Set mtu to 1024 [ 121.282525][ T6900] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 121.744241][ T6925] loop2: detected capacity change from 0 to 256 [ 121.776253][ T6925] FAT-fs (loop2): Directory bread(block 64) failed [ 121.793471][ T6925] FAT-fs (loop2): Directory bread(block 65) failed [ 121.813776][ T6925] FAT-fs (loop2): Directory bread(block 66) failed [ 121.836276][ T6925] FAT-fs (loop2): Directory bread(block 67) failed [ 121.866678][ T6925] FAT-fs (loop2): Directory bread(block 68) failed [ 121.906540][ T6925] FAT-fs (loop2): Directory bread(block 69) failed [ 121.928273][ T6925] FAT-fs (loop2): Directory bread(block 70) failed [ 121.935408][ T6925] FAT-fs (loop2): Directory bread(block 71) failed [ 121.942853][ T6929] netlink: 'syz.3.404': attribute type 10 has an invalid length. [ 121.943510][ T6925] FAT-fs (loop2): Directory bread(block 72) failed [ 121.962171][ T6925] FAT-fs (loop2): Directory bread(block 73) failed [ 121.969627][ T6929] (null): rxe_set_mtu: Set mtu to 1024 [ 121.988426][ T6929] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 122.898491][ T6935] batadv1: entered promiscuous mode [ 123.079576][ T6940] loop2: detected capacity change from 0 to 164 [ 123.196314][ T6940] rock: directory entry would overflow storage [ 123.244783][ T6940] rock: sig=0x4f50, size=4, remaining=3 [ 123.274096][ T6940] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 123.861777][ T6955] loop3: detected capacity change from 0 to 8192 [ 123.878117][ T6955] FAT-fs (loop3): Unrecognized mount option "‘odots" or missing value [ 123.898445][ T6960] netlink: 'syz.1.415': attribute type 10 has an invalid length. [ 123.906357][ T28] kauditd_printk_skb: 278 callbacks suppressed [ 123.906368][ T28] audit: type=1326 audit(1756493736.766:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 123.945110][ T6960] syz!: rxe_newlink: already configured on team_slave_0 [ 123.960676][ T28] audit: type=1326 audit(1756493736.766:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.002196][ T28] audit: type=1326 audit(1756493736.766:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.030817][ T28] audit: type=1326 audit(1756493736.766:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.078902][ T6962] loop2: detected capacity change from 0 to 256 [ 124.133195][ T28] audit: type=1326 audit(1756493736.766:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.163037][ T6964] loop1: detected capacity change from 0 to 512 [ 124.184166][ T6962] FAT-fs (loop2): Directory bread(block 64) failed [ 124.192828][ T6964] EXT4-fs: Ignoring removed mblk_io_submit option [ 124.200089][ T6962] FAT-fs (loop2): Directory bread(block 65) failed [ 124.211859][ T28] audit: type=1326 audit(1756493736.766:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.239507][ T6962] FAT-fs (loop2): Directory bread(block 66) failed [ 124.270764][ T6962] FAT-fs (loop2): Directory bread(block 67) failed [ 124.313448][ T6962] FAT-fs (loop2): Directory bread(block 68) failed [ 124.330728][ T6964] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.339585][ T6962] FAT-fs (loop2): Directory bread(block 69) failed [ 124.350374][ T6962] FAT-fs (loop2): Directory bread(block 70) failed [ 124.357434][ T6962] FAT-fs (loop2): Directory bread(block 71) failed [ 124.360724][ T28] audit: type=1326 audit(1756493736.766:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.364268][ T6962] FAT-fs (loop2): Directory bread(block 72) failed [ 124.393853][ T6962] FAT-fs (loop2): Directory bread(block 73) failed [ 124.399667][ T6964] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.423856][ T28] audit: type=1326 audit(1756493736.766:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.476119][ T28] audit: type=1326 audit(1756493736.766:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.502279][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.546573][ T28] audit: type=1326 audit(1756493736.766:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6954 comm="syz.3.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8ff8ebe9 code=0x7ffc0000 [ 124.853574][ T6984] netlink: 'syz.2.425': attribute type 10 has an invalid length. [ 124.890276][ T6984] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.917939][ T6987] (null): rxe_set_mtu: Set mtu to 1024 [ 124.923827][ T6987] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 124.955489][ T6984] bond0: (slave team0): Enslaving as an active interface with an up link [ 125.031582][ T6986] loop1: detected capacity change from 0 to 8192 [ 125.050891][ T6986] FAT-fs (loop1): Unrecognized mount option "‘odots" or missing value [ 125.540423][ T7011] random: crng reseeded on system resumption [ 125.593134][ T7013] loop2: detected capacity change from 0 to 256 [ 125.641241][ T7013] FAT-fs (loop2): Directory bread(block 64) failed [ 125.648798][ T7013] FAT-fs (loop2): Directory bread(block 65) failed [ 125.655812][ T7013] FAT-fs (loop2): Directory bread(block 66) failed [ 125.663044][ T7013] FAT-fs (loop2): Directory bread(block 67) failed [ 125.674917][ T7013] FAT-fs (loop2): Directory bread(block 68) failed [ 125.682833][ T7013] FAT-fs (loop2): Directory bread(block 69) failed [ 125.690382][ T7013] FAT-fs (loop2): Directory bread(block 70) failed [ 125.697136][ T7013] FAT-fs (loop2): Directory bread(block 71) failed [ 125.708695][ T7013] FAT-fs (loop2): Directory bread(block 72) failed [ 125.715411][ T7013] FAT-fs (loop2): Directory bread(block 73) failed [ 126.177070][ T7024] loop2: detected capacity change from 0 to 8192 [ 126.184518][ T7024] FAT-fs (loop2): Unrecognized mount option "‘odots" or missing value [ 126.252625][ T7030] netlink: 'syz.3.444': attribute type 298 has an invalid length. [ 126.273619][ T7028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.443'. [ 126.493274][ T7034] loop1: detected capacity change from 0 to 256 [ 126.582943][ T7034] FAT-fs (loop1): Directory bread(block 64) failed [ 126.601713][ T7034] FAT-fs (loop1): Directory bread(block 65) failed [ 126.633492][ T7034] FAT-fs (loop1): Directory bread(block 66) failed [ 126.667672][ T7034] FAT-fs (loop1): Directory bread(block 67) failed [ 126.674346][ T7034] FAT-fs (loop1): Directory bread(block 68) failed [ 126.724944][ T7034] FAT-fs (loop1): Directory bread(block 69) failed [ 126.734163][ T7034] FAT-fs (loop1): Directory bread(block 70) failed [ 126.748675][ T7034] FAT-fs (loop1): Directory bread(block 71) failed [ 126.763928][ T7034] FAT-fs (loop1): Directory bread(block 72) failed [ 126.770798][ T7034] FAT-fs (loop1): Directory bread(block 73) failed [ 126.965534][ T7048] batadv1: entered promiscuous mode [ 127.900223][ T7089] loop1: detected capacity change from 0 to 512 [ 127.957180][ T7089] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.992521][ T7089] ext4 filesystem being mounted at /100/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 128.018519][ T7089] EXT4-fs (loop1): shut down requested (0) [ 128.129122][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.319083][ T7109] batadv1: entered promiscuous mode [ 131.201386][ T7146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.488'. [ 131.835326][ T7151] syzkaller0: entered promiscuous mode [ 131.842670][ T7151] syzkaller0: entered allmulticast mode [ 132.572119][ T7169] 9pnet_fd: Insufficient options for proto=fd [ 132.729192][ T7175] syzkaller0: entered promiscuous mode [ 132.735169][ T7175] syzkaller0: entered allmulticast mode [ 133.103349][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.987621][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.390129][ T7190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.507'. [ 134.432270][ T7190] bridge_slave_1: left allmulticast mode [ 134.451849][ T7190] bridge_slave_1: left promiscuous mode [ 134.458935][ T7190] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.474341][ T7190] bridge_slave_0: left allmulticast mode [ 134.481135][ T7190] bridge_slave_0: left promiscuous mode [ 134.503829][ T7190] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.559856][ T7196] loop3: detected capacity change from 0 to 1024 [ 134.580330][ T7196] __quota_error: 169 callbacks suppressed [ 134.580347][ T7196] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5 [ 134.603412][ T7196] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 134.613613][ T7196] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.507: Failed to acquire dquot type 0 [ 134.618651][ T7201] ================================================================== [ 134.630645][ T7196] EXT4-fs error (device loop3): mb_free_blocks:1938: group 0, [ 134.632883][ T7201] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0 [ 134.640875][ T7196] inode 13: [ 134.648235][ T7201] Read of size 4 at addr ffff88805dd400a0 by task syz.0.510/7201 [ 134.648254][ T7201] [ 134.648276][ T7201] CPU: 0 PID: 7201 Comm: syz.0.510 Not tainted syzkaller #0 [ 134.648290][ T7201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 134.648306][ T7201] Call Trace: [ 134.648314][ T7201] [ 134.648325][ T7201] dump_stack_lvl+0x16c/0x230 [ 134.648347][ T7201] ? __lock_acquire+0x7c80/0x7c80 [ 134.648364][ T7201] ? show_regs_print_info+0x20/0x20 [ 134.648381][ T7201] ? load_image+0x3b0/0x3b0 [ 134.648398][ T7201] ? __virt_addr_valid+0x469/0x540 [ 134.648416][ T7201] print_report+0xac/0x220 [ 134.651592][ T7196] block 144: [ 134.659287][ T7201] ? xfrm_alloc_spi+0x598/0x11f0 [ 134.659309][ T7201] kasan_report+0x117/0x150 [ 134.659326][ T7201] ? xfrm_alloc_spi+0x598/0x11f0 [ 134.659346][ T7201] xfrm_alloc_spi+0x598/0x11f0 [ 134.661645][ T7196] freeing already freed block (bit 9); block bitmap corrupt. [ 134.668954][ T7201] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 134.668972][ T7201] ? verify_spi_info+0x120/0x120 [ 134.668987][ T7201] ? xfrm_find_acq+0x79/0x90 [ 134.669005][ T7201] xfrm_alloc_userspi+0x5d1/0xa90 [ 134.669019][ T7201] ? end_current_label_crit_section+0x170/0x170 [ 134.669039][ T7201] ? apparmor_capable+0x137/0x1a0 [ 134.669052][ T7201] ? xfrm_dump_policy_done+0x90/0x90 [ 134.669066][ T7201] ? __nla_parse+0x40/0x50 [ 134.669087][ T7201] xfrm_user_rcv_msg+0x596/0x870 [ 134.669102][ T7201] ? lockdep_hardirqs_on+0x98/0x150 [ 134.669123][ T7201] ? xfrm_netlink_rcv+0x90/0x90 [ 134.669142][ T7201] ? __local_bh_enable_ip+0x12e/0x1c0 [ 134.669173][ T7201] ? __dev_queue_xmit+0x245/0x35a0 [ 134.669193][ T7201] ? __mutex_trylock_common+0x153/0x250 [ 134.669218][ T7201] netlink_rcv_skb+0x216/0x480 [ 134.669237][ T7201] ? xfrm_netlink_rcv+0x90/0x90 [ 134.669259][ T7201] ? netlink_ack+0x1110/0x1110 [ 134.669279][ T7201] ? netlink_deliver_tap+0x2e/0x1b0 [ 134.669294][ T7201] ? __lock_acquire+0x7c80/0x7c80 [ 134.669313][ T7201] xfrm_netlink_rcv+0x79/0x90 [ 134.688869][ T7196] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.507: corrupted inode contents [ 134.690233][ T7201] netlink_unicast+0x751/0x8d0 [ 134.695693][ T7196] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #13: comm syz.3.507: mark_inode_dirty error [ 134.702885][ T7201] netlink_sendmsg+0x8c1/0xbe0 [ 134.702912][ T7201] ? netlink_getsockopt+0x580/0x580 [ 134.702929][ T7201] ? aa_sock_msg_perm+0x94/0x150 [ 134.702946][ T7201] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 134.708487][ T7196] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.507: corrupted inode contents [ 134.712525][ T7201] ? security_socket_sendmsg+0x80/0xa0 [ 134.722642][ T7196] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #13: comm syz.3.507: mark_inode_dirty error [ 134.725309][ T7201] ? netlink_getsockopt+0x580/0x580 [ 134.725336][ T7201] ____sys_sendmsg+0x5bf/0x950 [ 134.730930][ T7196] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.507: corrupted inode contents [ 134.734984][ T7201] ? __asan_memset+0x22/0x40 [ 134.735010][ T7201] ? __sys_sendmsg_sock+0x30/0x30 [ 134.735030][ T7201] ? __import_iovec+0x5f2/0x860 [ 134.742961][ T7196] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 134.747473][ T7201] ? import_iovec+0x73/0xa0 [ 134.747501][ T7201] ___sys_sendmsg+0x220/0x290 [ 134.747524][ T7201] ? __sys_sendmsg+0x270/0x270 [ 134.753427][ T7196] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.507: corrupted inode contents [ 134.757384][ T7201] ? debug_mutex_init+0x38/0x70 [ 134.757414][ T7201] __se_sys_sendmsg+0x1a5/0x270 [ 134.757436][ T7201] ? __x64_sys_sendmsg+0x80/0x80 [ 134.762951][ T7196] EXT4-fs error (device loop3): ext4_truncate:4288: inode #13: comm syz.3.507: mark_inode_dirty error [ 134.767187][ T7201] ? lockdep_hardirqs_on+0x98/0x150 [ 134.767212][ T7201] do_syscall_64+0x55/0xb0 [ 134.767228][ T7201] ? clear_bhb_loop+0x40/0x90 [ 134.767243][ T7201] ? clear_bhb_loop+0x40/0x90 [ 134.767257][ T7201] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 134.767278][ T7201] RIP: 0033:0x7f46dd58ebe9 [ 134.767306][ T7201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.767319][ T7201] RSP: 002b:00007f46de41e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 134.767336][ T7201] RAX: ffffffffffffffda RBX: 00007f46dd7b6090 RCX: 00007f46dd58ebe9 [ 134.767347][ T7201] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000006 [ 134.767356][ T7201] RBP: 00007f46dd611e19 R08: 0000000000000000 R09: 0000000000000000 [ 134.767365][ T7201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.767373][ T7201] R13: 00007f46dd7b6128 R14: 00007f46dd7b6090 R15: 00007ffcf5b87398 [ 134.767391][ T7201] [ 134.767396][ T7201] [ 134.767404][ T7201] Allocated by task 6451: [ 134.767411][ T7201] kasan_set_track+0x4e/0x70 [ 134.767425][ T7201] __kasan_slab_alloc+0x6c/0x80 [ 134.767437][ T7201] slab_post_alloc_hook+0x6e/0x4d0 [ 134.778595][ T7196] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 134.778753][ T7201] kmem_cache_alloc+0x11e/0x2e0 [ 134.787686][ T7196] EXT4-fs (loop3): 1 truncate cleaned up [ 134.788546][ T7201] xfrm_state_alloc+0x22/0x2a0 [ 134.788568][ T7201] __find_acq_core+0x7d8/0x19d0 [ 134.794809][ T7196] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.798693][ T7201] xfrm_find_acq+0x6a/0x90 [ 134.798716][ T7201] xfrm_alloc_userspi+0x57a/0xa90 [ 134.798728][ T7201] xfrm_user_rcv_msg+0x596/0x870 [ 134.798740][ T7201] netlink_rcv_skb+0x216/0x480 [ 134.798755][ T7201] xfrm_netlink_rcv+0x79/0x90 [ 134.798772][ T7201] netlink_unicast+0x751/0x8d0 [ 135.215252][ T7201] netlink_sendmsg+0x8c1/0xbe0 [ 135.220101][ T7201] ____sys_sendmsg+0x5bf/0x950 [ 135.225016][ T7201] ___sys_sendmsg+0x220/0x290 [ 135.229699][ T7201] __se_sys_sendmsg+0x1a5/0x270 [ 135.234537][ T7201] do_syscall_64+0x55/0xb0 [ 135.238959][ T7201] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.245101][ T7201] [ 135.247421][ T7201] Freed by task 6185: [ 135.251452][ T7201] kasan_set_track+0x4e/0x70 [ 135.256120][ T7201] kasan_save_free_info+0x2e/0x50 [ 135.261232][ T7201] ____kasan_slab_free+0x126/0x1e0 [ 135.266329][ T7201] slab_free_freelist_hook+0x130/0x1b0 [ 135.271920][ T7201] kmem_cache_free+0xf8/0x280 [ 135.276586][ T7201] xfrm_state_gc_task+0x10a/0x160 [ 135.281606][ T7201] process_scheduled_works+0xa45/0x15b0 [ 135.287173][ T7201] worker_thread+0xa55/0xfc0 [ 135.291769][ T7201] kthread+0x2fa/0x390 [ 135.295832][ T7201] ret_from_fork+0x48/0x80 [ 135.300353][ T7201] ret_from_fork_asm+0x11/0x20 [ 135.305118][ T7201] [ 135.307444][ T7201] The buggy address belongs to the object at ffff88805dd40000 [ 135.307444][ T7201] which belongs to the cache xfrm_state of size 848 [ 135.321427][ T7201] The buggy address is located 160 bytes inside of [ 135.321427][ T7201] freed 848-byte region [ffff88805dd40000, ffff88805dd40350) [ 135.335452][ T7201] [ 135.337775][ T7201] The buggy address belongs to the physical page: [ 135.344184][ T7201] page:ffffea0001775000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5dd40 [ 135.354421][ T7201] head:ffffea0001775000 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 135.363353][ T7201] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 135.371419][ T7201] page_type: 0xffffffff() [ 135.375740][ T7201] raw: 00fff00000000840 ffff888145674dc0 dead000000000122 0000000000000000 [ 135.384316][ T7201] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 135.393163][ T7201] page dumped because: kasan: bad access detected [ 135.399589][ T7201] page_owner tracks the page as allocated [ 135.405316][ T7201] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6451, tgid 6448 (syz.0.224), ts 102259342011, free_ts 102127857914 [ 135.425912][ T7201] post_alloc_hook+0x1cd/0x210 [ 135.430666][ T7201] get_page_from_freelist+0x195c/0x19f0 [ 135.436198][ T7201] __alloc_pages+0x1e3/0x460 [ 135.440769][ T7201] alloc_slab_page+0x5d/0x170 [ 135.445440][ T7201] new_slab+0x87/0x2e0 [ 135.449622][ T7201] ___slab_alloc+0xc6d/0x12f0 [ 135.454322][ T7201] kmem_cache_alloc+0x1b7/0x2e0 [ 135.459253][ T7201] xfrm_state_alloc+0x22/0x2a0 [ 135.464023][ T7201] __find_acq_core+0x7d8/0x19d0 [ 135.468882][ T7201] xfrm_find_acq+0x6a/0x90 [ 135.473426][ T7201] xfrm_alloc_userspi+0x57a/0xa90 [ 135.478573][ T7201] xfrm_user_rcv_msg+0x596/0x870 [ 135.483528][ T7201] netlink_rcv_skb+0x216/0x480 [ 135.488289][ T7201] xfrm_netlink_rcv+0x79/0x90 [ 135.492970][ T7201] netlink_unicast+0x751/0x8d0 [ 135.497726][ T7201] netlink_sendmsg+0x8c1/0xbe0 [ 135.502671][ T7201] page last free stack trace: [ 135.507348][ T7201] free_unref_page_prepare+0x7ce/0x8e0 [ 135.512794][ T7201] free_unref_page+0x32/0x2e0 [ 135.517480][ T7201] free_large_kmalloc+0x101/0x1a0 [ 135.523206][ T7201] bpf_check+0x62c6/0xe970 [ 135.527619][ T7201] bpf_prog_load+0x11cb/0x16d0 [ 135.532371][ T7201] __sys_bpf+0x55a/0x800 [ 135.536601][ T7201] __x64_sys_bpf+0x7c/0x90 [ 135.541005][ T7201] do_syscall_64+0x55/0xb0 [ 135.545519][ T7201] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.551416][ T7201] [ 135.553833][ T7201] Memory state around the buggy address: [ 135.559451][ T7201] ffff88805dd3ff80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 135.567628][ T7201] ffff88805dd40000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 135.575733][ T7201] >ffff88805dd40080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 135.583881][ T7201] ^ [ 135.589004][ T7201] ffff88805dd40100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 135.597248][ T7201] ffff88805dd40180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 135.605493][ T7201] ================================================================== [ 135.613774][ T7201] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 135.621061][ T7201] CPU: 0 PID: 7201 Comm: syz.0.510 Not tainted syzkaller #0 [ 135.628476][ T7201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 135.638624][ T7201] Call Trace: [ 135.642011][ T7201] [ 135.645049][ T7201] dump_stack_lvl+0x16c/0x230 [ 135.649722][ T7201] ? show_regs_print_info+0x20/0x20 [ 135.654948][ T7201] ? load_image+0x3b0/0x3b0 [ 135.659554][ T7201] panic+0x2c0/0x710 [ 135.663444][ T7201] ? bpf_jit_dump+0xd0/0xd0 [ 135.667948][ T7201] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 135.673860][ T7201] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 135.679765][ T7201] ? _raw_spin_unlock+0x40/0x40 [ 135.684632][ T7201] ? print_memory_metadata+0x314/0x400 [ 135.690104][ T7201] ? xfrm_alloc_spi+0x598/0x11f0 [ 135.695052][ T7201] check_panic_on_warn+0x84/0xa0 [ 135.699992][ T7201] ? xfrm_alloc_spi+0x598/0x11f0 [ 135.704932][ T7201] end_report+0x6f/0x140 [ 135.709183][ T7201] kasan_report+0x128/0x150 [ 135.713688][ T7201] ? xfrm_alloc_spi+0x598/0x11f0 [ 135.718978][ T7201] xfrm_alloc_spi+0x598/0x11f0 [ 135.723735][ T7201] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 135.728665][ T7201] ? verify_spi_info+0x120/0x120 [ 135.733600][ T7201] ? xfrm_find_acq+0x79/0x90 [ 135.738182][ T7201] xfrm_alloc_userspi+0x5d1/0xa90 [ 135.743188][ T7201] ? end_current_label_crit_section+0x170/0x170 [ 135.749504][ T7201] ? apparmor_capable+0x137/0x1a0 [ 135.754511][ T7201] ? xfrm_dump_policy_done+0x90/0x90 [ 135.759780][ T7201] ? __nla_parse+0x40/0x50 [ 135.764271][ T7201] xfrm_user_rcv_msg+0x596/0x870 [ 135.769203][ T7201] ? lockdep_hardirqs_on+0x98/0x150 [ 135.774404][ T7201] ? xfrm_netlink_rcv+0x90/0x90 [ 135.779676][ T7201] ? __local_bh_enable_ip+0x12e/0x1c0 [ 135.785045][ T7201] ? __dev_queue_xmit+0x245/0x35a0 [ 135.790142][ T7201] ? __mutex_trylock_common+0x153/0x250 [ 135.795689][ T7201] netlink_rcv_skb+0x216/0x480 [ 135.800527][ T7201] ? xfrm_netlink_rcv+0x90/0x90 [ 135.805455][ T7201] ? netlink_ack+0x1110/0x1110 [ 135.810301][ T7201] ? netlink_deliver_tap+0x2e/0x1b0 [ 135.816543][ T7201] ? __lock_acquire+0x7c80/0x7c80 [ 135.822278][ T7201] xfrm_netlink_rcv+0x79/0x90 [ 135.827407][ T7201] netlink_unicast+0x751/0x8d0 [ 135.832287][ T7201] netlink_sendmsg+0x8c1/0xbe0 [ 135.837219][ T7201] ? netlink_getsockopt+0x580/0x580 [ 135.842430][ T7201] ? aa_sock_msg_perm+0x94/0x150 [ 135.847820][ T7201] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 135.853320][ T7201] ? security_socket_sendmsg+0x80/0xa0 [ 135.858785][ T7201] ? netlink_getsockopt+0x580/0x580 [ 135.863990][ T7201] ____sys_sendmsg+0x5bf/0x950 [ 135.868852][ T7201] ? __asan_memset+0x22/0x40 [ 135.873432][ T7201] ? __sys_sendmsg_sock+0x30/0x30 [ 135.878462][ T7201] ? __import_iovec+0x5f2/0x860 [ 135.883303][ T7201] ? import_iovec+0x73/0xa0 [ 135.887810][ T7201] ___sys_sendmsg+0x220/0x290 [ 135.892516][ T7201] ? __sys_sendmsg+0x270/0x270 [ 135.897365][ T7201] ? debug_mutex_init+0x38/0x70 [ 135.902210][ T7201] __se_sys_sendmsg+0x1a5/0x270 [ 135.907054][ T7201] ? __x64_sys_sendmsg+0x80/0x80 [ 135.911989][ T7201] ? lockdep_hardirqs_on+0x98/0x150 [ 135.917180][ T7201] do_syscall_64+0x55/0xb0 [ 135.921685][ T7201] ? clear_bhb_loop+0x40/0x90 [ 135.926345][ T7201] ? clear_bhb_loop+0x40/0x90 [ 135.931008][ T7201] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.936891][ T7201] RIP: 0033:0x7f46dd58ebe9 [ 135.941289][ T7201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.961014][ T7201] RSP: 002b:00007f46de41e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.969425][ T7201] RAX: ffffffffffffffda RBX: 00007f46dd7b6090 RCX: 00007f46dd58ebe9 [ 135.977382][ T7201] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000006 [ 135.985344][ T7201] RBP: 00007f46dd611e19 R08: 0000000000000000 R09: 0000000000000000 [ 135.993318][ T7201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.001357][ T7201] R13: 00007f46dd7b6128 R14: 00007f46dd7b6090 R15: 00007ffcf5b87398 [ 136.009403][ T7201] [ 136.012687][ T7201] Kernel Offset: disabled [ 136.017039][ T7201] Rebooting in 86400 seconds..