last executing test programs: 6.004158837s ago: executing program 2 (id=3): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f00000003c0)={&(0x7f0000000080)={0xa, 0x4e24, 0xfe000000, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000680)="76c6", 0x2}], 0x1}, 0x4048043) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x7f, 0x40, 0x2a, 0xc9, 0x4}, &(0x7f0000000140)=0x14) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 5.980783427s ago: executing program 1 (id=2): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x1e4, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1b0, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS={0x8}, @TCA_BPF_ACT={0x150, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x5c, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x2d, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0xc0, 0x2, 0x0, 0x0, {{0xd}, {0x4}, {0x8d, 0x6, "0ef6a460a5bbda16e826eafe044d3376872c48b74ae60f057b238fb15e2207986c5639bfbc3d91ee00b5a433e95b6b3527d9711d16abc0abaea927bcdffe4d3ec14fb6fca0407429934982873a3f054bcbf1e53f85fe7aee4ccd90229e6ba2b45bd165ebd7929c21abcdf0b8d47ff6a950009bf4b1ef96863b19aaa1c52a12b02f39c0816b2c613634"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0x44, 0x1, [@m_ctinfo={0x40, 0x19, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}]}, {0x9, 0x6, "c04874b480"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 5.044258826s ago: executing program 0 (id=9): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x5e21, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x6}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x2d}}}, 0x0, 0x0, 0x38, 0x0, "0f424a2bc651a9f11381328af8daf6f4bd2827984afeb6b627cea1ba22d1af57aa193c5024c9e8b22a8796a538ed893952a1aa555418ba1b4d0bc0712c028ec32a9bc2fb29b52d39e8626bc90abcc02a"}, 0xd8) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='tunl0\x00', 0x10) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendmmsg$inet6(r0, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 4.812926392s ago: executing program 1 (id=11): close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r2 = creat(&(0x7f0000000580)='./file1\x00', 0x0) r3 = fanotify_init(0xf00, 0x1) fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0) fallocate(r1, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 4.763675351s ago: executing program 4 (id=5): syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='nfs=nostale_ro,allow_utime=00000000000000000000020,discard,allow_utime=00000000000000000000001,quiet,time_offset=0x00000000000003b7,dots,usefree,nodots,check=relaxed,allow_utime=000000011,dots,dots,nfs=stale_rw,\x00'/226], 0xff, 0x23d, &(0x7f0000000a40)="$eJzs3cFq1EAcBvB/220be7Fn8RDw4qmobxBkBTEgrOSgJwPVSytCeome9jF8Bh/Jx+ipt4hN6NZUPUjadJvfD5Z87MfAzGVnDzO77x9+Ojr8fPKx+fEtkiSNWcQyziL2YzO2orXRPTfP805ctgwAYN0sFmU29hwY0MbVt6oqK7cjYvdKU3y/mUkBAAAAAAAAAAAwNOf/AWB6nP+/+6oqK/e672+/c/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGM9Z09xv/vEae34AwPDs/wAwPfZ/AJge+z8ATM+bt+9eZXk+X6RpEnG6rIu6aJ9t/+JlPn+SnttfjTqt62K7y/n8adun/X6vG//sj/1OPH7U9r+656/zXr8bh9e9eAAAAAAAAAAAAAAAAAAAALglDtILvfv9W21/8Le+TZd+H6B3f38WD2Y3tgwAAAAAAAAAAAAAAAAAAABYaydfvh6Vx8cfKkG4CPfiP0YlcTsmLwwSxv5kAgAAAAAAAAAAAAAAAACA6Vld+h17JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwntX//19fGHuNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDT8DAAA//8GmZGk") setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x20, 0x4, 0x53, 0xfffff02c}]}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200, 0x2) 4.685357711s ago: executing program 0 (id=12): openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448e6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$binderfs_ctrl(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BINDER_CTL_ADD(r4, 0xc1086201, 0x0) close(0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) setresgid(0x0, 0xee01, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) socket$packet(0x11, 0x3, 0x300) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota']) lchown(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) 2.786829697s ago: executing program 0 (id=14): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="280000000306010800000000000000000200000305000100070000000900020073797a32"], 0x28}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffa}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x8800) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) socket$igmp6(0xa, 0x3, 0x2) 2.583933335s ago: executing program 4 (id=15): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='rcu_utilization\x00', r1, 0x0, 0x1}, 0x18) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 2.477644776s ago: executing program 3 (id=16): creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 2.255308188s ago: executing program 3 (id=17): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x34, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@nested={0x6, 0x8, 0x0, 0x1, [@generic="a831"]}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) 2.030290026s ago: executing program 2 (id=18): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10, &(0x7f00000001c0)}, 0x0) 2.030127781s ago: executing program 3 (id=19): r0 = socket$l2tp(0x2, 0x2, 0x73) setuid(0xee00) modify_ldt$write(0x1, 0x0, 0x0) ioctl$FITHAW(r0, 0xc0045878) 1.962855357s ago: executing program 1 (id=20): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x2, &(0x7f0000000200)=0x0) getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = eventfd2(0x0, 0x0) io_submit(r1, 0x1, &(0x7f00000006c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) io_getevents(r1, 0x2, 0x0, 0x0, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r4, 0x6, 0x17, 0xfffffffffffffffd, &(0x7f0000000340)=0x33) r5 = socket(0x2, 0x80805, 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x3, r2}]) 1.820936802s ago: executing program 3 (id=21): setresuid(0xee00, 0xee01, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x891a, &(0x7f0000000080)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}}) 1.819719414s ago: executing program 2 (id=22): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000e35e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 1.41660196s ago: executing program 0 (id=23): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x4) 655.321829ms ago: executing program 1 (id=24): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000004640)={0x0}}, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') r3 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x400, 0x40206, 0x11e, 0x0, r2}, &(0x7f0000000140)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000040)=0xefefffd7, 0x0, 0x4) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}}, 0x80) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_enter(r3, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 540.24751ms ago: executing program 2 (id=25): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}], {0x14}}, 0xd4}}, 0x0) 531.576297ms ago: executing program 3 (id=26): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@ipv6_newaddrlabel={0x30, 0x18, 0x1, 0x0, 0x8, {0xa, 0x37}, [@IFAL_ADDRESS={0x14, 0x1, @mcast1}]}, 0x30}}, 0x20004004) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbff, {{@in=@multicast2, @in=@remote, 0x0, 0xffff, 0x0, 0x0, 0xa, 0x20}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x1000, 0x0, 0xa, 0x20}, {}, {0x1, 0x6, 0x0, 0xfffffffffffffffe}}}, 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0) 517.859803ms ago: executing program 4 (id=27): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x20000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0) socket$igmp(0x2, 0x3, 0x2) 496.060901ms ago: executing program 0 (id=28): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x24d2, &(0x7f0000000040)={0x0, 0xc8e2, 0xc000, 0x0, 0x20002f5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xffff}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000000000)=0x6, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 144.235695ms ago: executing program 2 (id=29): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x9, 0x8b}, 0x0) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket(0x15, 0x5, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000040000000000000000850000000e000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r1}, 0x10) getsockopt(r0, 0x200000000114, 0x271a, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x3) sched_setaffinity(0x0, 0xfffffd10, &(0x7f0000000200)=0x2000000000006) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000004c00)=""/102392, 0x18ff8) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 41.696692ms ago: executing program 3 (id=30): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 0s ago: executing program 0 (id=31): close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r2 = creat(&(0x7f0000000580)='./file1\x00', 0x0) r3 = fanotify_init(0xf00, 0x1) fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0) fallocate(r1, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. [ 76.043205][ T5814] cgroup: Unknown subsys name 'net' [ 76.171966][ T5814] cgroup: Unknown subsys name 'cpuset' [ 76.181150][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.607324][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.829332][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.849064][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.860518][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.871433][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.879933][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.887976][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.892565][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.896984][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.911937][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.912282][ T5835] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.921268][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.927197][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.933776][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.941015][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.956943][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.958271][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.965496][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.975429][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.980072][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.986999][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.994411][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.003462][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.017078][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.044916][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.053443][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.717424][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 80.763388][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 80.785681][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 81.023501][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 81.102415][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.110293][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.119809][ T5829] bridge_slave_0: entered allmulticast mode [ 81.127689][ T5829] bridge_slave_0: entered promiscuous mode [ 81.136303][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 81.186510][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.194016][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.201769][ T5829] bridge_slave_1: entered allmulticast mode [ 81.209275][ T5829] bridge_slave_1: entered promiscuous mode [ 81.285148][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.293061][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.301125][ T5825] bridge_slave_0: entered allmulticast mode [ 81.308372][ T5825] bridge_slave_0: entered promiscuous mode [ 81.316328][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.324145][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.331566][ T5827] bridge_slave_0: entered allmulticast mode [ 81.338771][ T5827] bridge_slave_0: entered promiscuous mode [ 81.365029][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.375478][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.383458][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.390906][ T5825] bridge_slave_1: entered allmulticast mode [ 81.398201][ T5825] bridge_slave_1: entered promiscuous mode [ 81.405610][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.413421][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.421902][ T5827] bridge_slave_1: entered allmulticast mode [ 81.429543][ T5827] bridge_slave_1: entered promiscuous mode [ 81.455219][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.561609][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.569344][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.577217][ T5826] bridge_slave_0: entered allmulticast mode [ 81.586019][ T5826] bridge_slave_0: entered promiscuous mode [ 81.601476][ T5829] team0: Port device team_slave_0 added [ 81.613162][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.625273][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.635028][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.642372][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.650170][ T5826] bridge_slave_1: entered allmulticast mode [ 81.657605][ T5826] bridge_slave_1: entered promiscuous mode [ 81.677537][ T5829] team0: Port device team_slave_1 added [ 81.700941][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.715633][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.853583][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.862355][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.870692][ T5824] bridge_slave_0: entered allmulticast mode [ 81.879442][ T5824] bridge_slave_0: entered promiscuous mode [ 81.888478][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.896124][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.904382][ T5824] bridge_slave_1: entered allmulticast mode [ 81.912982][ T5824] bridge_slave_1: entered promiscuous mode [ 81.921609][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.929952][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.959868][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.013454][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.023766][ T5848] Bluetooth: hci3: command tx timeout [ 82.028806][ T5848] Bluetooth: hci0: command tx timeout [ 82.061104][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.068162][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.095780][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.108847][ T5147] Bluetooth: hci1: command tx timeout [ 82.114633][ T5841] Bluetooth: hci2: command tx timeout [ 82.121268][ T5848] Bluetooth: hci4: command tx timeout [ 82.122089][ T5825] team0: Port device team_slave_0 added [ 82.135555][ T5827] team0: Port device team_slave_0 added [ 82.144226][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.172840][ T5825] team0: Port device team_slave_1 added [ 82.181155][ T5827] team0: Port device team_slave_1 added [ 82.211130][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.224683][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.274860][ T5826] team0: Port device team_slave_0 added [ 82.304710][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.312051][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.339475][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.353111][ T5826] team0: Port device team_slave_1 added [ 82.384887][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.392385][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.419493][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.432109][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.439441][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.465944][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.504234][ T5824] team0: Port device team_slave_0 added [ 82.512400][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.521305][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.548824][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.583347][ T5829] hsr_slave_0: entered promiscuous mode [ 82.590833][ T5829] hsr_slave_1: entered promiscuous mode [ 82.599924][ T5824] team0: Port device team_slave_1 added [ 82.616015][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.623569][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.650521][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.699514][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.706484][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.733899][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.757733][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.765337][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.794116][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.817409][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.824740][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.850786][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.916075][ T5827] hsr_slave_0: entered promiscuous mode [ 82.922809][ T5827] hsr_slave_1: entered promiscuous mode [ 82.929785][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 82.935617][ T5827] Cannot create hsr debugfs directory [ 82.956048][ T5825] hsr_slave_0: entered promiscuous mode [ 82.963969][ T5825] hsr_slave_1: entered promiscuous mode [ 82.971093][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 82.976863][ T5825] Cannot create hsr debugfs directory [ 83.099763][ T5826] hsr_slave_0: entered promiscuous mode [ 83.106442][ T5826] hsr_slave_1: entered promiscuous mode [ 83.113047][ T5826] debugfs: 'hsr0' already exists in 'hsr' [ 83.118913][ T5826] Cannot create hsr debugfs directory [ 83.143442][ T5824] hsr_slave_0: entered promiscuous mode [ 83.149943][ T5824] hsr_slave_1: entered promiscuous mode [ 83.156086][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 83.161886][ T5824] Cannot create hsr debugfs directory [ 83.694642][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.715810][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.729561][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.757281][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.839353][ T5825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.856084][ T5825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.868046][ T5825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.894052][ T5825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.971269][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.999763][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.030121][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.043776][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.099764][ T5848] Bluetooth: hci0: command tx timeout [ 84.099772][ T5841] Bluetooth: hci3: command tx timeout [ 84.171597][ T5826] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 84.189020][ T5848] Bluetooth: hci4: command tx timeout [ 84.190024][ T5147] Bluetooth: hci1: command tx timeout [ 84.200284][ T5841] Bluetooth: hci2: command tx timeout [ 84.200788][ T5826] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 84.224675][ T5826] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 84.251623][ T5826] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 84.297133][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.365952][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.389627][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.402666][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.417419][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.435116][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.471565][ T4320] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.478932][ T4320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.522088][ T4320] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.529530][ T4320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.554606][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.633270][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.670705][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.688015][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.696066][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.740342][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.747779][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.767137][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.803264][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.810861][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.828281][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.871060][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.879147][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.952066][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.024578][ T3534] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.032032][ T3534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.057348][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.081622][ T3534] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.088978][ T3534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.117286][ T5827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.174572][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.208421][ T2001] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.215871][ T2001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.272236][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.279487][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.296332][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.562371][ T5829] veth0_vlan: entered promiscuous mode [ 85.586382][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.626306][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.640758][ T5829] veth1_vlan: entered promiscuous mode [ 85.816746][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.862447][ T5829] veth0_macvtap: entered promiscuous mode [ 85.917330][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.935301][ T5829] veth1_macvtap: entered promiscuous mode [ 85.950320][ T5825] veth0_vlan: entered promiscuous mode [ 85.966156][ T5825] veth1_vlan: entered promiscuous mode [ 86.023267][ T5827] veth0_vlan: entered promiscuous mode [ 86.051502][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.081907][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.108137][ T5827] veth1_vlan: entered promiscuous mode [ 86.140358][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.153779][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.169180][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.184568][ T5841] Bluetooth: hci0: command tx timeout [ 86.190790][ T5147] Bluetooth: hci3: command tx timeout [ 86.208098][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.234525][ T5825] veth0_macvtap: entered promiscuous mode [ 86.261085][ T5147] Bluetooth: hci1: command tx timeout [ 86.263764][ T5841] Bluetooth: hci2: command tx timeout [ 86.266522][ T5848] Bluetooth: hci4: command tx timeout [ 86.284996][ T5824] veth0_vlan: entered promiscuous mode [ 86.297743][ T5825] veth1_macvtap: entered promiscuous mode [ 86.345461][ T5824] veth1_vlan: entered promiscuous mode [ 86.363385][ T5827] veth0_macvtap: entered promiscuous mode [ 86.390885][ T5827] veth1_macvtap: entered promiscuous mode [ 86.430998][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.456483][ T5826] veth0_vlan: entered promiscuous mode [ 86.465597][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.475636][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.497462][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.542400][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.549857][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.570953][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.582398][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.593294][ T5826] veth1_vlan: entered promiscuous mode [ 86.599566][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.604317][ T5824] veth0_macvtap: entered promiscuous mode [ 86.607413][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.619576][ T5824] veth1_macvtap: entered promiscuous mode [ 86.628558][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.643485][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.696873][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.708895][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.724620][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.742576][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 86.770105][ T1141] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.785748][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.834282][ T981] cfg80211: failed to load regulatory.db [ 86.909280][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.930790][ T5826] veth0_macvtap: entered promiscuous mode [ 86.964247][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.994077][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.005382][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.015009][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.048376][ T5826] veth1_macvtap: entered promiscuous mode [ 87.122337][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.151698][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.162221][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.170224][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.667347][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.677642][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.680398][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.724213][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.736597][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.749200][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.887776][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.901237][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.936712][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.974170][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.984704][ T4320] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.986662][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.031906][ T4320] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.055723][ T4320] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.268880][ T5147] Bluetooth: hci0: command tx timeout [ 88.276367][ T5848] Bluetooth: hci3: command tx timeout [ 88.340915][ T5147] Bluetooth: hci1: command tx timeout [ 88.347714][ T5848] Bluetooth: hci4: command tx timeout [ 88.354953][ T5147] Bluetooth: hci2: command tx timeout [ 88.428877][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.422387][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.437272][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.645282][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.656053][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.636792][ T5985] loop4: detected capacity change from 0 to 512 [ 90.649098][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.649353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.669339][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 90.679875][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.069294][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 91.079689][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 91.171817][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 91.181232][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 91.274242][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 92.519666][ T6003] openvswitch: netlink: Geneve opt len 2 is not a multiple of 4. [ 94.618558][ T6031] syz_tun: entered allmulticast mode [ 94.789022][ T6027] ================================================================== [ 94.797305][ T6027] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40 [ 94.804940][ T6027] Read of size 1 at addr ffff888144ab1458 by task syz.4.27/6027 [ 94.812654][ T6027] [ 94.815085][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.4.27 Not tainted syzkaller #0 PREEMPT(full) [ 94.815102][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 94.815114][ T6027] Call Trace: [ 94.815122][ T6027] [ 94.815128][ T6027] dump_stack_lvl+0x189/0x250 [ 94.815145][ T6027] ? __virt_addr_valid+0x1c8/0x5c0 [ 94.815158][ T6027] ? rcu_is_watching+0x15/0xb0 [ 94.815169][ T6027] ? __kasan_check_byte+0x12/0x40 [ 94.815180][ T6027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.815190][ T6027] ? rcu_is_watching+0x15/0xb0 [ 94.815200][ T6027] ? lock_release+0x4b/0x3b0 [ 94.815211][ T6027] ? __virt_addr_valid+0x1c8/0x5c0 [ 94.815222][ T6027] ? __virt_addr_valid+0x4a5/0x5c0 [ 94.815234][ T6027] print_report+0xca/0x240 [ 94.815244][ T6027] ? _raw_spin_lock+0x2e/0x40 [ 94.815254][ T6027] kasan_report+0x118/0x150 [ 94.815264][ T6027] ? _raw_spin_lock+0x2e/0x40 [ 94.815274][ T6027] ? mqueue_flush_file+0x49/0x270 [ 94.815285][ T6027] __kasan_check_byte+0x2a/0x40 [ 94.815295][ T6027] lock_acquire+0x84/0x340 [ 94.815306][ T6027] ? __pfx_mqueue_flush_file+0x10/0x10 [ 94.815317][ T6027] _raw_spin_lock+0x2e/0x40 [ 94.815325][ T6027] ? mqueue_flush_file+0x49/0x270 [ 94.815335][ T6027] mqueue_flush_file+0x49/0x270 [ 94.815346][ T6027] ? filp_flush+0xae/0x190 [ 94.815359][ T6027] ? __pfx_mqueue_flush_file+0x10/0x10 [ 94.815369][ T6027] filp_flush+0xbd/0x190 [ 94.815381][ T6027] filp_close+0x1d/0x40 [ 94.815393][ T6027] __se_sys_close_range+0x359/0x650 [ 94.815407][ T6027] ? __pfx___se_sys_close_range+0x10/0x10 [ 94.815418][ T6027] ? rcu_is_watching+0x15/0xb0 [ 94.815430][ T6027] do_syscall_64+0xfa/0xf80 [ 94.815441][ T6027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.815451][ T6027] ? clear_bhb_loop+0x60/0xb0 [ 94.815461][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.815470][ T6027] RIP: 0033:0x7f23c978f749 [ 94.815484][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.815493][ T6027] RSP: 002b:00007ffcfef72d08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 94.815504][ T6027] RAX: ffffffffffffffda RBX: 00007f23c99e7da0 RCX: 00007f23c978f749 [ 94.815511][ T6027] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 94.815517][ T6027] RBP: 00007f23c99e7da0 R08: 000000000000015c R09: 00000014fef72fff [ 94.815524][ T6027] R10: 00000000003ffc80 R11: 0000000000000246 R12: 00000000000173a2 [ 94.815530][ T6027] R13: 00007f23c99e6090 R14: ffffffffffffffff R15: 00007ffcfef72e20 [ 94.815540][ T6027] [ 94.815544][ T6027] [ 95.074613][ T6027] Allocated by task 6031: [ 95.079564][ T6027] kasan_save_track+0x3e/0x80 [ 95.084244][ T6027] __kasan_slab_alloc+0x6c/0x80 [ 95.089083][ T6027] kmem_cache_alloc_lru_noprof+0x36c/0x6e0 [ 95.095022][ T6027] mqueue_alloc_inode+0x28/0x40 [ 95.099954][ T6027] alloc_inode+0x6a/0x1b0 [ 95.104377][ T6027] new_inode+0x22/0x170 [ 95.108548][ T6027] mqueue_get_inode+0x27/0xb50 [ 95.113418][ T6027] mqueue_create_attr+0x1ac/0x2e0 [ 95.118525][ T6027] vfs_mkobj+0xcf/0x290 [ 95.122757][ T6027] do_mq_open+0x60d/0x7c0 [ 95.127159][ T6027] __x64_sys_mq_open+0x16a/0x1c0 [ 95.132262][ T6027] do_syscall_64+0xfa/0xf80 [ 95.136858][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.142862][ T6027] [ 95.145245][ T6027] Freed by task 6031: [ 95.149211][ T6027] kasan_save_track+0x3e/0x80 [ 95.153975][ T6027] kasan_save_free_info+0x46/0x50 [ 95.158990][ T6027] __kasan_slab_free+0x5c/0x80 [ 95.163844][ T6027] kmem_cache_free+0x197/0x620 [ 95.168603][ T6027] rcu_core+0xd70/0x1870 [ 95.172873][ T6027] handle_softirqs+0x27d/0x850 [ 95.177700][ T6027] __irq_exit_rcu+0xca/0x1f0 [ 95.182442][ T6027] irq_exit_rcu+0x9/0x30 [ 95.186682][ T6027] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 95.192487][ T6027] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 95.198470][ T6027] [ 95.200874][ T6027] Last potentially related work creation: [ 95.206671][ T6027] kasan_save_stack+0x3e/0x60 [ 95.211533][ T6027] kasan_record_aux_stack+0xbd/0xd0 [ 95.217337][ T6027] call_rcu+0x157/0x9c0 [ 95.221581][ T6027] evict+0x931/0xae0 [ 95.225474][ T6027] __se_sys_mq_unlink+0x2c5/0x360 [ 95.230656][ T6027] do_syscall_64+0xfa/0xf80 [ 95.235147][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.241034][ T6027] [ 95.243341][ T6027] The buggy address belongs to the object at ffff888144ab1440 [ 95.243341][ T6027] which belongs to the cache mqueue_inode_cache of size 1576 [ 95.259637][ T6027] The buggy address is located 24 bytes inside of [ 95.259637][ T6027] freed 1576-byte region [ffff888144ab1440, ffff888144ab1a68) [ 95.273608][ T6027] [ 95.275944][ T6027] The buggy address belongs to the physical page: [ 95.282892][ T6027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x144ab0 [ 95.291757][ T6027] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 95.300955][ T6027] memcg:ffff88814d8dbc01 [ 95.305194][ T6027] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 95.313037][ T6027] page_type: f5(slab) [ 95.317118][ T6027] raw: 057ff00000000040 ffff8881462e13c0 dead000000000122 0000000000000000 [ 95.325788][ T6027] raw: 0000000000000000 0000000080120012 00000000f5000000 ffff88814d8dbc01 [ 95.334641][ T6027] head: 057ff00000000040 ffff8881462e13c0 dead000000000122 0000000000000000 [ 95.343770][ T6027] head: 0000000000000000 0000000080120012 00000000f5000000 ffff88814d8dbc01 [ 95.352434][ T6027] head: 057ff00000000003 ffffea000512ac01 00000000ffffffff 00000000ffffffff [ 95.361185][ T6027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 95.370110][ T6027] page dumped because: kasan: bad access detected [ 95.376540][ T6027] page_owner tracks the page as allocated [ 95.382571][ T6027] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6645959294, free_ts 0 [ 95.402706][ T6027] post_alloc_hook+0x234/0x290 [ 95.407731][ T6027] get_page_from_freelist+0x2365/0x2440 [ 95.413278][ T6027] __alloc_frozen_pages_noprof+0x181/0x370 [ 95.419078][ T6027] alloc_pages_mpol+0x232/0x4a0 [ 95.423914][ T6027] allocate_slab+0x86/0x3b0 [ 95.428601][ T6027] ___slab_alloc+0xf2b/0x1960 [ 95.433303][ T6027] __slab_alloc+0x65/0x100 [ 95.438153][ T6027] kmem_cache_alloc_lru_noprof+0x3fe/0x6e0 [ 95.444042][ T6027] mqueue_alloc_inode+0x28/0x40 [ 95.448923][ T6027] alloc_inode+0x6a/0x1b0 [ 95.453249][ T6027] new_inode+0x22/0x170 [ 95.457405][ T6027] mqueue_fill_super+0xdc/0x380 [ 95.462338][ T6027] get_tree_nodev+0xbb/0x150 [ 95.467004][ T6027] vfs_get_tree+0x92/0x2a0 [ 95.471408][ T6027] fc_mount_longterm+0x1c/0x100 [ 95.476256][ T6027] mq_init_ns+0x275/0x360 [ 95.480596][ T6027] page_owner free stack trace missing [ 95.485987][ T6027] [ 95.488354][ T6027] Memory state around the buggy address: [ 95.494252][ T6027] ffff888144ab1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.502300][ T6027] ffff888144ab1380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 95.510353][ T6027] >ffff888144ab1400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 95.518607][ T6027] ^ [ 95.525680][ T6027] ffff888144ab1480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.533730][ T6027] ffff888144ab1500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.541995][ T6027] ================================================================== [ 95.551609][ T6027] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 95.559013][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.4.27 Not tainted syzkaller #0 PREEMPT(full) [ 95.568390][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 95.579411][ T6027] Call Trace: [ 95.582881][ T6027] [ 95.585958][ T6027] dump_stack_lvl+0x99/0x250 [ 95.590662][ T6027] ? __asan_memcpy+0x40/0x70 [ 95.595466][ T6027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.601014][ T6027] ? __pfx__printk+0x10/0x10 [ 95.605706][ T6027] vpanic+0x237/0x6d0 [ 95.609795][ T6027] ? __pfx_vpanic+0x10/0x10 [ 95.614469][ T6027] ? irqentry_exit+0x5dd/0x660 [ 95.619249][ T6027] ? trace_irq_disable+0x37/0x100 [ 95.624373][ T6027] panic+0xb9/0xc0 [ 95.628111][ T6027] ? __pfx_panic+0x10/0x10 [ 95.632552][ T6027] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 95.638628][ T6027] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 95.645163][ T6027] ? _raw_spin_lock+0x2e/0x40 [ 95.649842][ T6027] check_panic_on_warn+0x89/0xb0 [ 95.654931][ T6027] ? _raw_spin_lock+0x2e/0x40 [ 95.659903][ T6027] end_report+0x6f/0x140 [ 95.664303][ T6027] kasan_report+0x129/0x150 [ 95.669069][ T6027] ? _raw_spin_lock+0x2e/0x40 [ 95.673757][ T6027] ? mqueue_flush_file+0x49/0x270 [ 95.678908][ T6027] __kasan_check_byte+0x2a/0x40 [ 95.683852][ T6027] lock_acquire+0x84/0x340 [ 95.688444][ T6027] ? __pfx_mqueue_flush_file+0x10/0x10 [ 95.694084][ T6027] _raw_spin_lock+0x2e/0x40 [ 95.698594][ T6027] ? mqueue_flush_file+0x49/0x270 [ 95.704592][ T6027] mqueue_flush_file+0x49/0x270 [ 95.709530][ T6027] ? filp_flush+0xae/0x190 [ 95.714472][ T6027] ? __pfx_mqueue_flush_file+0x10/0x10 [ 95.720884][ T6027] filp_flush+0xbd/0x190 [ 95.725247][ T6027] filp_close+0x1d/0x40 [ 95.729422][ T6027] __se_sys_close_range+0x359/0x650 [ 95.734659][ T6027] ? __pfx___se_sys_close_range+0x10/0x10 [ 95.740471][ T6027] ? rcu_is_watching+0x15/0xb0 [ 95.745406][ T6027] do_syscall_64+0xfa/0xf80 [ 95.749894][ T6027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.756500][ T6027] ? clear_bhb_loop+0x60/0xb0 [ 95.761269][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.767353][ T6027] RIP: 0033:0x7f23c978f749 [ 95.771847][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.791954][ T6027] RSP: 002b:00007ffcfef72d08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 95.800458][ T6027] RAX: ffffffffffffffda RBX: 00007f23c99e7da0 RCX: 00007f23c978f749 [ 95.808608][ T6027] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 95.816821][ T6027] RBP: 00007f23c99e7da0 R08: 000000000000015c R09: 00000014fef72fff [ 95.824792][ T6027] R10: 00000000003ffc80 R11: 0000000000000246 R12: 00000000000173a2 [ 95.832958][ T6027] R13: 00007f23c99e6090 R14: ffffffffffffffff R15: 00007ffcfef72e20 [ 95.841095][ T6027] [ 95.844750][ T6027] Kernel Offset: disabled [ 95.849173][ T6027] Rebooting in 86400 seconds..