last executing test programs: 1.646987482s ago: executing program 1 (id=2): ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00']) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x90) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, 0x0, &(0x7f00000000c0)) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000140)={0x38, 0x0, 0x1, 0x0, 0x100, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{}]}]}]}]}, 0x38}}, 0x0) r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x200000000000, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r6, 0xc0585605, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x0, 0x3012, 0x7}}) 568.494989ms ago: executing program 2 (id=3): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0xd0) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x0) getpid() r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000380)='\n', 0x160a}], 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x44}}, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000100)={0x6, @local, 0x0, 0x0, 'lblc\x00'}, 0x2c) syz_emit_ethernet(0x40, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x32, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback}, '\x00\x00'}}}}}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'geneve0\x00'}) setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0) close(0xffffffffffffffff) 487.727164ms ago: executing program 1 (id=6): syz_mount_image$squashfs(&(0x7f0000000300), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000001480)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYBLOB="76c7e7f30c9c68a449119ac24c53d873ea11e569f57a4b1815758a6d", @ANYRES64, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES64], 0x1, 0x1ee, &(0x7f0000001200)="$eJzslU1rE0EYx3+zO2kazaFnTwWL9qI2WxDxC9gP4AcwpGstbn3pBjShYPTSiwfxSxT8FB4EvXsQEbzUg4IeKp4qEpmdZ6aTGoiVWgjMH5bn/WVmdp65Vd4v68Cvva0Oc1RQNPmgFBo4r6xuf8bS70KHgs/ayi3RvxD6SWjZ6799atn+7XZR5JtlbwKjFEzyYYhlpDzOdrVi9JhiznNS6uLNk1GNYqxzAvzVeo6FMdX+MHVTOS84ZHo2El4f12oq+3ECzf87M3+E/8au1DI/mge/hNF8Oe7GavzvtQdn+rM5+ZjeP7fHOdYnlfAGo9syfUxypKgSGV/ltccJ3yrh3d5WxzA3ZIoZ3ar93JWofIzwKvA5o2EAKmXo82h7+5SUuXep7PUvrG+01/K1/E6WLV9een3aZiyGj2C9yJdU0Ia51Li5BJh72gjsNeDjgX1AABW0ZnAKlMxcn9IN58WzQWBjFjfCOZTD5n3p69dFl7LBdc5hIh8M1Dxk2N1aABI0N83SVlCkIrR00CfskzBbGS527har29WWSdgO2udo7VLzQiaCKZQvX/HL3xa6IHRF6I7QXaHu7XJvkq4yfBVpcQAzPGx3u5vV42U5r8u8LpvzlROp6l5D5TqpExERERERERExJfgdAAD//60rPIY=") syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000008080)={0x0, 0x0, &(0x7f00000003c0)=[{0x0, 0x10}], 0x1}, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000040)=0x7fff, 0x4) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f0000000a40)={[{@resgid={'resgid', 0x3d, 0xee00}}, {@grpquota}, {@noblock_validity}, {@init_itable}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@usrquota}]}, 0x1, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4ieCtZ6rzHZhJBNNmQ3bROKpHhXEFHBkycvgn+AIP0TRCjoXaoooq0ePKgrOztb27jbRLrd6Tf5fGA67zvv7j7P27Az88687ARwaJ2PiFsRMRIRlyNiPN+e5ku77dadzutePH80316SaLXu/iWJJN/W/awkX5+IiJ2IOBoRX/tKxDeT/43b2NpemavVqht5vdJcXa80travLK/OLVWXqmszM9PXZ2/MXpudGkg/JyLi5pf+8IPv/vTLN3/52Qe/u/enS99qpzWWt7/aj0HqdL2U/V90jUbExrsIVoCRfF3q0/6dkSEmAwDAntrn+B+NiE9l5//jMZKdnQIAAAAHSesLY/HPJKIFAAAAHFhpNgc2Scv5XICxSNNyuTOH9+NxPK3VG83PLNY31xY6c2UnopQuLteqU/lc4YkoJe36dD7Htlu/uqs+ExGnIuL748eyenm+Xlso+uIHAAAAHBIndo3//z6ejf+PFJ0XAAAAMGATRScAAAAAvHPG/wAAAHDwGf8DAADAgfbV27fbS6v7/OuF+1ubK/X7VxaqjZXy6uZ8eb6+sV5eqteXst/sW93r82r1+vrnYm3zYaVZbTQrja3te6v1zbXmveXXHoENAAAADNGpc09+m0TEzuePZUvbB0UnBQxFskd79pCQZ3nl90NICBiakaITAAozWnQCQGFKRScAFG6v6wB9J+/8avC5AAAA78bkJ/rf/3dtAA62tOgEAIChc/8fDq/S6zMArxWXCVCUj+zR/vb3/1ut/yshAABg4MayJUnL+b3AsUjTcjniZPZYgFKyuFyrTuXjg9+Ml46069PZO5M95wwDAAAAAAAAAAAAAAAAAAAAAAAAAB2tVhItAAAA4ECLSP+YZL/mHzE5fnFs9/WBD5J/jGfriHjw47s/fDjXbG5Mt7f/9eX25o/y7VeLuIIBAAAA7NYdp3fH8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwSC+eP5rvLsOM++cvRsREz/jnjmaro1GKiON/S2L0lfclETEygPg7jyPidK/4STutmIhOFr3iHyswfhoRJwYQHw6zJ+39z61e3780zmfr3t+/0Xx5W/33f2l0938jffY/J/cZ48zTn1f6xn8ccWa09/6nGz/pE//CPuN/4+vb2/3aWj+JmOx5/Elei1Vprq5XGlvbV5ZX55aqS9W1mZnp67M3Zq/NTlUWl2vV/N+eMb73yV/8+039P94n/sQe/b+4z/7/6+nD5x/rFEu94l+60Pv4e7pP/DQ/9n06L7fbJ7vlnU75VWd/9uuzb+r/Qp/+v/z79zjQtmNe2mf/L9/59rN9vhQAGILG1vbKXK1W3fgwFtJ4L9JQGEjhyPuRhkKnUPSeCQAAGLT/nvQXnQkAAAAAAAAAAAAAAAAAAAAcXsP4ObHdMXeK6SoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv9JwAA///NOtlz") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, 0x0) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x402, &(0x7f0000000800)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7"], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==") syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x5, 0xf0, &(0x7f0000000080)=""/240}, 0x90) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0xc0a85320, &(0x7f00000000c0)={0x80}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r3) mount$bind(&(0x7f00000001c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) chroot(&(0x7f0000000180)='./file0\x00') umount2(&(0x7f0000002140)='./file0\x00', 0x0) 462.174555ms ago: executing program 3 (id=4): bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0), 0x18) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000080)={{}, {0x0, @remote}, 0x8, {0x2, 0x0, @loopback}, 'veth0_macvtap\x00'}) connect$can_j1939(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000026c0)={&(0x7f0000002680)="cdf5083070ea05552d", 0x9}}, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000002740)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000002e00"/80], 0x58) recvmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000008500000087000000850000002a000000950000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192, 0x0, 0x2}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000000000000000020000000300010073797a3000000000140000001100010000000000000000"], 0x48}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x4383, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="400000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000020001280080001006873720014d60a2bc696e384bece00028008000200", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB], 0x81}, 0x1, 0x7500}, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$system_posix_acl(r5, &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f0000000080)={{}, {0x2}}, 0x24, 0x0) 155.581749ms ago: executing program 3 (id=7): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c0000000206010800000000000000000000000014000780080011400000000005001500000000000500010006000000050005000a00000005000400000000000900020073797a300000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0xffffffffffff1c3a, 0x101000) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r3, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @local}, 0x1c) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x57) setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) syz_mount_image$squashfs(&(0x7f00000002c0), &(0x7f0000000140)='./file1\x00', 0x808b42, &(0x7f0000000300)=ANY=[], 0x4b, 0x22a, &(0x7f0000000600)="$eJzsVc1qE1EU/s78ZNpasGs3BizqRpNMoXQpuLCrrnwAhzitIVN/OgFNCHS66saF+BKCj+BKQfABXIgIbqKgYNG6FOTKOffecbBOnCDZzbfIOffcc8/Plzvn3krvpQGAn8fjLlYgICzjHRE8ABdI27YCLb83tFw360+elh1jf2rkByPT4ej1QwBKnVX9KGHTcNSPkiTeS0sUon/6kFQJaEtZoEZ5jlkUQumWL1uUTTnehLV8XNKU/G89UxRXM96PHoml6UCy8391wpl9cTBjPf7JOFUVX3dfTuY8lc8znXJYuVLuswXL8xxrBnILVTj19jHQVFXp5Y/n2+lK9WRzaFDpq3B19itBWSXmlZ4gqUwJNJBeO3CwIMneHI+7bL0hU0lJKfZuWrAPfx8vCz5nPCADyIUi68PDT7n6TGuwe7eVDkeXervRTrwT3w7DtfX2q1N6N4nbre1eErcJyozOcddhYQYoXJv8KA/PZb338qoybPjARD5agS2NsQTQIo7o67Je8/x9Zs5ePFfobRFwCmeNzBkgPM/zB4XSruO8EHg/Iz17BavgaB6ktU0QXNNPx8vjMX6A6Wevy907yc1DEPh92ZauCjE6E/hw9gH0kjiUhdlZ28hs0kP5Xcg72jTyiZETI+3bZd8kTyJ8MasXikl6EA0Ge/J4aS23hbktXMnMyxgIX9xOo9gcsBrgL/jzVv3GfulOjRo1atSoUaPGvPErAAD//3ouN+c=") r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="0c0000000100000002"], 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x500050}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x64, r6, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CQM={0x34, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xfff}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x3}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x15}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x401}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x6]}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x4}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x24000000}, 0x9000) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x1}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24040001}, 0x1) bind$netlink(r5, &(0x7f0000000480)={0x10, 0x0, 0x25dfdbfc, 0x20101000}, 0xc) 0s ago: executing program 1 (id=8): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000080)={{{@in=@empty, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8001}, {}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x32}, 0x0, @in6=@loopback, 0x0, 0x4}}, 0xe8) sendmmsg(r6, &(0x7f0000000180), 0x400000000000077, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x4}, 0x5) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x700, {}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts. [ 48.642870][ T5217] cgroup: Unknown subsys name 'net' [ 48.810482][ T5217] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 50.061231][ T5217] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.090282][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.098167][ T5234] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.106559][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.113029][ T5238] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.113785][ T5234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.122139][ T5238] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.128417][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.135657][ T5238] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.149890][ T5238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.157451][ T5238] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 52.165914][ T5238] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.171672][ T5236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.174481][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.188180][ T5238] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 52.195473][ T5241] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.195972][ T5238] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.203245][ T5241] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.210648][ T5238] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 52.217398][ T5241] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.224067][ T5238] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.231907][ T5241] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.240192][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.246107][ T5241] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 52.273593][ T5241] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.331421][ T5241] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 52.340217][ T5241] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 52.348167][ T5241] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 52.362626][ T5241] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 52.377374][ T5241] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 52.385395][ T5241] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 52.554764][ T5227] chnl_net:caif_netlink_parms(): no params data found [ 52.709741][ T5240] chnl_net:caif_netlink_parms(): no params data found [ 52.800089][ T5227] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.807499][ T5227] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.815300][ T5227] bridge_slave_0: entered allmulticast mode [ 52.821863][ T5227] bridge_slave_0: entered promiscuous mode [ 52.832033][ T5227] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.839475][ T5227] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.846856][ T5227] bridge_slave_1: entered allmulticast mode [ 52.853476][ T5227] bridge_slave_1: entered promiscuous mode [ 52.881798][ T5229] chnl_net:caif_netlink_parms(): no params data found [ 52.890482][ T5237] chnl_net:caif_netlink_parms(): no params data found [ 52.939895][ T5227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.970644][ T5227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.996934][ T5240] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.004095][ T5240] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.011484][ T5240] bridge_slave_0: entered allmulticast mode [ 53.018275][ T5240] bridge_slave_0: entered promiscuous mode [ 53.040354][ T5245] chnl_net:caif_netlink_parms(): no params data found [ 53.050189][ T5240] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.057540][ T5240] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.065585][ T5240] bridge_slave_1: entered allmulticast mode [ 53.072048][ T5240] bridge_slave_1: entered promiscuous mode [ 53.086606][ T5227] team0: Port device team_slave_0 added [ 53.127727][ T5227] team0: Port device team_slave_1 added [ 53.146148][ T5240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.162948][ T5237] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.170465][ T5237] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.180644][ T5237] bridge_slave_0: entered allmulticast mode [ 53.187436][ T5237] bridge_slave_0: entered promiscuous mode [ 53.213671][ T5240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.222938][ T5229] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.230152][ T5229] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.237363][ T5229] bridge_slave_0: entered allmulticast mode [ 53.243797][ T5229] bridge_slave_0: entered promiscuous mode [ 53.251127][ T5237] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.258624][ T5237] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.265955][ T5237] bridge_slave_1: entered allmulticast mode [ 53.272377][ T5237] bridge_slave_1: entered promiscuous mode [ 53.302770][ T5229] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.309875][ T5229] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.317153][ T5229] bridge_slave_1: entered allmulticast mode [ 53.323580][ T5229] bridge_slave_1: entered promiscuous mode [ 53.343081][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.350225][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.379237][ T5227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.421226][ T5229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.432575][ T5237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.444824][ T5237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.454436][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.461392][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.487445][ T5227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.514530][ T5240] team0: Port device team_slave_0 added [ 53.522008][ T5229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.564414][ T5245] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.571479][ T5245] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.579624][ T5245] bridge_slave_0: entered allmulticast mode [ 53.586269][ T5245] bridge_slave_0: entered promiscuous mode [ 53.594214][ T5245] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.601354][ T5245] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.608917][ T5245] bridge_slave_1: entered allmulticast mode [ 53.615947][ T5245] bridge_slave_1: entered promiscuous mode [ 53.623217][ T5240] team0: Port device team_slave_1 added [ 53.638560][ T5229] team0: Port device team_slave_0 added [ 53.646233][ T5237] team0: Port device team_slave_0 added [ 53.653168][ T5229] team0: Port device team_slave_1 added [ 53.707854][ T5237] team0: Port device team_slave_1 added [ 53.716964][ T5227] hsr_slave_0: entered promiscuous mode [ 53.723084][ T5227] hsr_slave_1: entered promiscuous mode [ 53.731960][ T5245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.743412][ T5245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.761398][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.768404][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.794403][ T5240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.807299][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.814316][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.840391][ T5229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.853571][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.860747][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.887033][ T5229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.915307][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.922262][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.948450][ T5237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.967762][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.975204][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.001591][ T5240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.026179][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.033129][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.059370][ T5237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.102274][ T5245] team0: Port device team_slave_0 added [ 54.110174][ T5245] team0: Port device team_slave_1 added [ 54.174020][ T5240] hsr_slave_0: entered promiscuous mode [ 54.180206][ T5240] hsr_slave_1: entered promiscuous mode [ 54.186881][ T5240] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.195377][ T5240] Cannot create hsr debugfs directory [ 54.206717][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.213664][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.240483][ T5245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.255929][ T5229] hsr_slave_0: entered promiscuous mode [ 54.264643][ T5229] hsr_slave_1: entered promiscuous mode [ 54.270546][ T5229] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.278286][ T5229] Cannot create hsr debugfs directory [ 54.292974][ T5237] hsr_slave_0: entered promiscuous mode [ 54.295009][ T5241] Bluetooth: hci1: command tx timeout [ 54.298837][ T53] Bluetooth: hci0: command tx timeout [ 54.304093][ T5241] Bluetooth: hci2: command tx timeout [ 54.315150][ T5236] Bluetooth: hci3: command tx timeout [ 54.321037][ T5237] hsr_slave_1: entered promiscuous mode [ 54.327109][ T5237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.334753][ T5237] Cannot create hsr debugfs directory [ 54.343841][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.350920][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.377017][ T5245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.455626][ T5236] Bluetooth: hci4: command tx timeout [ 54.464950][ T5245] hsr_slave_0: entered promiscuous mode [ 54.471082][ T5245] hsr_slave_1: entered promiscuous mode [ 54.477770][ T5245] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.485398][ T5245] Cannot create hsr debugfs directory [ 54.713722][ T5227] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.764359][ T5227] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.773302][ T5227] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.791483][ T5240] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.810723][ T5227] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.820293][ T5240] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.835878][ T5240] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.846312][ T5240] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.901422][ T5237] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.912750][ T5237] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.932998][ T5237] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.943106][ T5237] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.993877][ T5227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.036630][ T5229] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 55.069166][ T5227] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.076414][ T5229] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 55.086012][ T5229] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 55.096475][ T5229] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 55.126806][ T2602] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.134011][ T2602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.167156][ T1071] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.174303][ T1071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.210873][ T5245] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.222713][ T5245] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.247918][ T5245] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.272065][ T5245] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.315864][ T5240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.326065][ T5237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.371428][ T5237] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.399896][ T5240] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.439744][ T2518] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.446972][ T2518] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.462119][ T2518] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.469251][ T2518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.507180][ T2602] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.514310][ T2602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.524798][ T2602] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.531898][ T2602] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.562619][ T5229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.602134][ T5227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.619350][ T5229] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.651733][ T5240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.670769][ T1071] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.677871][ T1071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.699552][ T2518] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.706954][ T2518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.738521][ T5245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.777244][ T5245] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.808210][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.815402][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.832421][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.839574][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.900952][ T5229] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.925521][ T5229] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.970691][ T5227] veth0_vlan: entered promiscuous mode [ 55.999045][ T5237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.013407][ T5240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.042762][ T5227] veth1_vlan: entered promiscuous mode [ 56.141485][ T5240] veth0_vlan: entered promiscuous mode [ 56.171158][ T5227] veth0_macvtap: entered promiscuous mode [ 56.188727][ T5240] veth1_vlan: entered promiscuous mode [ 56.200640][ T5237] veth0_vlan: entered promiscuous mode [ 56.212981][ T5227] veth1_macvtap: entered promiscuous mode [ 56.232943][ T5237] veth1_vlan: entered promiscuous mode [ 56.289386][ T5229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.320041][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.333255][ T5240] veth0_macvtap: entered promiscuous mode [ 56.353676][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.370617][ T5240] veth1_macvtap: entered promiscuous mode [ 56.377683][ T5236] Bluetooth: hci2: command tx timeout [ 56.384559][ T5241] Bluetooth: hci0: command tx timeout [ 56.384900][ T53] Bluetooth: hci1: command tx timeout [ 56.389997][ T5236] Bluetooth: hci3: command tx timeout [ 56.409362][ T5227] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.418474][ T5227] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.428691][ T5227] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.438030][ T5227] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.449080][ T5237] veth0_macvtap: entered promiscuous mode [ 56.459503][ T5237] veth1_macvtap: entered promiscuous mode [ 56.513189][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.527452][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.534787][ T5236] Bluetooth: hci4: command tx timeout [ 56.541436][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.567082][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.577951][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.589167][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.609863][ T5245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.619398][ T5237] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.635533][ T5237] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.650641][ T5237] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.659634][ T5237] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.677362][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.688055][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.698295][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.709012][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.720027][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.759374][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.770236][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.781108][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.791947][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.803272][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.813795][ T5240] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.823360][ T5240] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.832227][ T5240] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.841247][ T5240] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.852925][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.867270][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.968097][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.982502][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.005241][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.008746][ T5245] veth0_vlan: entered promiscuous mode [ 57.013066][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.052121][ T5229] veth0_vlan: entered promiscuous mode [ 57.087803][ T5245] veth1_vlan: entered promiscuous mode [ 57.104744][ T5229] veth1_vlan: entered promiscuous mode [ 57.146837][ T2518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.170511][ T2518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.183200][ T1071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.193681][ T5229] veth0_macvtap: entered promiscuous mode [ 57.212318][ T1071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.233436][ T2602] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.236644][ T5229] veth1_macvtap: entered promiscuous mode [ 57.249866][ T2602] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.296067][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.306676][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.317617][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.329413][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.340242][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.351509][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.363066][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.410740][ T5245] veth0_macvtap: entered promiscuous mode [ 57.435621][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.452809][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.463170][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.474131][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.484774][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.495974][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.514089][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.532851][ T5245] veth1_macvtap: entered promiscuous mode [ 57.541401][ T5229] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.551001][ T5229] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.560474][ T5229] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.569514][ T5229] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.293686][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.329204][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.360767][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.380117][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.391082][ T5318] loop1: detected capacity change from 0 to 8 [ 58.393957][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.414880][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.429459][ T5318] SQUASHFS error: Unable to read inode 0xe3 [ 58.429914][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.438097][ T5318] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.451502][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.460154][ T5236] Bluetooth: hci3: command tx timeout [ 58.473800][ T53] Bluetooth: hci0: command tx timeout [ 58.473839][ T53] Bluetooth: hci2: command tx timeout [ 58.473869][ T53] Bluetooth: hci1: command tx timeout [ 58.479925][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.525801][ T5320] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4'. [ 58.543017][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.559274][ T5314] [U] [ 58.562069][ T5314] [U] [ 58.564778][ T5314] [U] [ 58.567497][ T5314] [U] [ 58.570973][ T5314] [U] [ 58.573693][ T5314] [U] [ 58.576401][ T5314] [U] [ 58.579112][ T5314] [U] [ 58.579782][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.594406][ T5314] [U] [ 58.597090][ T5314] [U] [ 58.599793][ T5314] [U] [ 58.614925][ T5236] Bluetooth: hci4: command tx timeout [ 58.635980][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.647191][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.657363][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.667980][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.678383][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.690136][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.702029][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.773594][ T5319] BUG: kernel NULL pointer dereference, address: 000000000000003e [ 58.781403][ T5319] #PF: supervisor instruction fetch in kernel mode [ 58.787880][ T5319] #PF: error_code(0x0010) - not-present page [ 58.793834][ T5319] PGD 8000000021a06067 P4D 8000000021a06067 PUD 2a5b6067 PMD 0 [ 58.801457][ T5319] Oops: Oops: 0010 [#1] PREEMPT SMP KASAN PTI [ 58.807514][ T5319] CPU: 1 UID: 0 PID: 5319 Comm: syz.2.3 Not tainted 6.11.0-rc5-next-20240827-syzkaller #0 [ 58.817384][ T5319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 58.827425][ T5319] RIP: 0010:0x3e [ 58.830960][ T5319] Code: Unable to access opcode bytes at 0x14. [ 58.837082][ T5319] RSP: 0018:ffffc90004047018 EFLAGS: 00010082 [ 58.843214][ T5319] RAX: ffff8880b9128cec RBX: 0000000000000000 RCX: dffffc0000000000 [ 58.851167][ T5319] RDX: ffffc9000a4fe000 RSI: 0000000000010984 RDI: 0000000000010985 [ 58.859120][ T5319] RBP: ffffc900040471f8 R08: ffffffff8bc07606 R09: 0000000000000000 [ 58.867070][ T5319] R10: ffffc90004047160 R11: fffff52000808e30 R12: 1ffff92000808e18 [ 58.875031][ T5319] R13: dffffc0000000000 R14: 00000000000002ac R15: 0000000000000010 [ 58.882997][ T5319] FS: 00007fc2a37936c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 58.891943][ T5319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.898524][ T5319] CR2: 000000000000003e CR3: 000000002aea2000 CR4: 00000000003506f0 [ 58.906485][ T5319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.914443][ T5319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.922399][ T5319] Call Trace: [ 58.925665][ T5319] [ 58.928591][ T5319] ? __die_body+0x5f/0xb0 [ 58.932919][ T5319] ? page_fault_oops+0x8e4/0xcc0 [ 58.937842][ T5319] ? __pfx_page_fault_oops+0x10/0x10 [ 58.943111][ T5319] ? validate_chain+0x15c0/0x5920 [ 58.948119][ T5319] ? page_ext_put+0x97/0xc0 [ 58.952606][ T5319] ? exc_page_fault+0x57/0x8c0 [ 58.957352][ T5319] ? is_errata93+0xbe/0x260 [ 58.961988][ T5319] ? exc_page_fault+0x5ed/0x8c0 [ 58.966833][ T5319] ? asm_exc_page_fault+0x26/0x30 [ 58.971839][ T5319] ? nbcon_get_cpu_emergency_nesting+0x26/0x90 [ 58.977974][ T5319] ? validate_chain+0x11e/0x5920 [ 58.982903][ T5319] ? page_fault_oops+0x21d/0xcc0 [ 58.987829][ T5319] ? __pfx_page_fault_oops+0x10/0x10 [ 58.993093][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 58.998269][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 59.003445][ T5319] ? exc_page_fault+0x57/0x8c0 [ 59.008192][ T5319] ? is_errata93+0xbe/0x260 [ 59.012686][ T5319] exc_page_fault+0x5ed/0x8c0 [ 59.017349][ T5319] ? mark_lock+0x9a/0x360 [ 59.021655][ T5319] asm_exc_page_fault+0x26/0x30 [ 59.026487][ T5319] RIP: 6970:kallsyms_seqs_of_names+0x23b145/0x4a3cf8 [ 59.033158][ T5319] Code: 36 34 20 31 20 35 20 6f 6c 64 2e 69 20 38 30 20 34 20 38 20 76 61 6c 2e 61 64 64 72 00 31 20 33 32 20 31 20 33 20 6f 6c 64 00 <31> 20 33 32 20 38 20 33 20 6f 6c 64 00 70 76 5f 6c 6f 63 6b 5f 68 [ 59.052773][ T5319] RSP: 0000:0000000000000046 EFLAGS: 00000008 ORIG_RAX: 0000000045e0360e [ 59.061187][ T5319] ================================================================== [ 59.069223][ T5319] BUG: KASAN: stack-out-of-bounds in __show_regs+0xdc/0x610 [ 59.076494][ T5319] Read of size 8 at addr ffffc900040472c0 by task syz.2.3/5319 [ 59.084074][ T5319] [ 59.086392][ T5319] CPU: 1 UID: 0 PID: 5319 Comm: syz.2.3 Not tainted 6.11.0-rc5-next-20240827-syzkaller #0 [ 59.096264][ T5319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 59.106307][ T5319] Call Trace: [ 59.109572][ T5319] [ 59.112494][ T5319] dump_stack_lvl+0x241/0x360 [ 59.117165][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.122348][ T5319] ? __pfx__printk+0x10/0x10 [ 59.126928][ T5319] ? _printk+0xd5/0x120 [ 59.131093][ T5319] print_report+0x169/0x550 [ 59.135600][ T5319] ? __virt_addr_valid+0xbd/0x530 [ 59.140636][ T5319] ? __show_regs+0xdc/0x610 [ 59.145123][ T5319] kasan_report+0x143/0x180 [ 59.149613][ T5319] ? __show_regs+0xdc/0x610 [ 59.154093][ T5319] __show_regs+0xdc/0x610 [ 59.158399][ T5319] ? asm_exc_page_fault+0x26/0x30 [ 59.163404][ T5319] show_trace_log_lvl+0x348/0x410 [ 59.168417][ T5319] __die_body+0x5f/0xb0 [ 59.172565][ T5319] page_fault_oops+0x8e4/0xcc0 [ 59.177310][ T5319] ? __pfx_page_fault_oops+0x10/0x10 [ 59.182597][ T5319] ? validate_chain+0x15c0/0x5920 [ 59.187634][ T5319] ? page_ext_put+0x97/0xc0 [ 59.192128][ T5319] ? exc_page_fault+0x57/0x8c0 [ 59.196923][ T5319] ? is_errata93+0xbe/0x260 [ 59.201422][ T5319] exc_page_fault+0x5ed/0x8c0 [ 59.206107][ T5319] asm_exc_page_fault+0x26/0x30 [ 59.210940][ T5319] RIP: 0010:0x3e [ 59.214463][ T5319] Code: Unable to access opcode bytes at 0x14. [ 59.220586][ T5319] RSP: 0018:ffffc90004047018 EFLAGS: 00010082 [ 59.226628][ T5319] RAX: ffff8880b9128cec RBX: 0000000000000000 RCX: dffffc0000000000 [ 59.234604][ T5319] RDX: ffffc9000a4fe000 RSI: 0000000000010984 RDI: 0000000000010985 [ 59.242580][ T5319] RBP: ffffc900040471f8 R08: ffffffff8bc07606 R09: 0000000000000000 [ 59.250532][ T5319] R10: ffffc90004047160 R11: fffff52000808e30 R12: 1ffff92000808e18 [ 59.258486][ T5319] R13: dffffc0000000000 R14: 00000000000002ac R15: 0000000000000010 [ 59.266451][ T5319] ? nbcon_get_cpu_emergency_nesting+0x26/0x90 [ 59.272597][ T5319] ? validate_chain+0x11e/0x5920 [ 59.277511][ T5319] ? page_fault_oops+0x21d/0xcc0 [ 59.282435][ T5319] ? __pfx_page_fault_oops+0x10/0x10 [ 59.287708][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 59.292892][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 59.298081][ T5319] ? exc_page_fault+0x57/0x8c0 [ 59.302829][ T5319] ? is_errata93+0xbe/0x260 [ 59.307314][ T5319] ? exc_page_fault+0x5ed/0x8c0 [ 59.312147][ T5319] ? mark_lock+0x9a/0x360 [ 59.316451][ T5319] ? asm_exc_page_fault+0x26/0x30 [ 59.321455][ T5319] ? kvm_wait+0x18a/0x2c0 [ 59.325761][ T5319] ? __pfx_kvm_wait+0x10/0x10 [ 59.330414][ T5319] ? __pfx_pv_hash+0x10/0x10 [ 59.334980][ T5319] ? rcu_is_watching+0x15/0xb0 [ 59.339721][ T5319] ? __pv_queued_spin_lock_slowpath+0x8d0/0xdb0 [ 59.345941][ T5319] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 59.352511][ T5319] ? debug_locks_off+0x6c/0x90 [ 59.357250][ T5319] ? queued_spin_lock_slowpath+0x42/0x50 [ 59.362863][ T5319] ? do_raw_spin_lock+0x272/0x370 [ 59.367935][ T5319] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 59.373323][ T5319] ? raw_spin_rq_lock_nested+0xb0/0x140 [ 59.378855][ T5319] ? __schedule+0x354/0x4b30 [ 59.383439][ T5319] ? __pfx___schedule+0x10/0x10 [ 59.388289][ T5319] ? schedule+0x90/0x320 [ 59.392515][ T5319] ? __pfx_lock_release+0x10/0x10 [ 59.397517][ T5319] ? __lock_acquire+0x1384/0x2050 [ 59.402521][ T5319] ? schedule+0x90/0x320 [ 59.406751][ T5319] ? schedule+0x14b/0x320 [ 59.411067][ T5319] ? schedule_timeout+0xb0/0x310 [ 59.415979][ T5319] ? __pfx_schedule_timeout+0x10/0x10 [ 59.421366][ T5319] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.427346][ T5319] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.432527][ T5319] ? lockdep_hardirqs_on+0x99/0x150 [ 59.437703][ T5319] ? wait_for_completion_killable+0x3d1/0x730 [ 59.443757][ T5319] ? __pfx_wait_for_completion_killable+0x10/0x10 [ 59.450156][ T5319] ? __pfx___mutex_lock+0x10/0x10 [ 59.455168][ T5319] ? virtio_read+0x102/0x200 [ 59.459739][ T5319] ? __pfx_virtio_read+0x10/0x10 [ 59.464652][ T5319] ? rng_dev_read+0x245/0x6d0 [ 59.469307][ T5319] ? __pfx_rng_dev_read+0x10/0x10 [ 59.474313][ T5319] ? rw_verify_area+0x568/0x6f0 [ 59.479157][ T5319] ? vfs_readv+0x6bc/0xa80 [ 59.483570][ T5319] ? __pfx_rng_dev_read+0x10/0x10 [ 59.488577][ T5319] ? __pfx_vfs_readv+0x10/0x10 [ 59.493334][ T5319] ? __fget_files+0x29/0x470 [ 59.497913][ T5319] ? __fget_files+0x29/0x470 [ 59.502513][ T5319] ? __x64_sys_preadv+0x1c7/0x2d0 [ 59.507520][ T5319] ? __pfx___x64_sys_preadv+0x10/0x10 [ 59.512872][ T5319] ? do_syscall_64+0x100/0x230 [ 59.517627][ T5319] ? do_syscall_64+0xb6/0x230 [ 59.522285][ T5319] ? do_syscall_64+0xf3/0x230 [ 59.526944][ T5319] ? clear_bhb_loop+0x35/0x90 [ 59.531606][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.537654][ T5319] [ 59.540653][ T5319] [ 59.542954][ T5319] The buggy address belongs to stack of task syz.2.3/5319 [ 59.550036][ T5319] and is located at offset 0 in frame: [ 59.555551][ T5319] kvm_wait+0x0/0x2c0 [ 59.559512][ T5319] [ 59.561816][ T5319] This frame has 2 objects: [ 59.566297][ T5319] [32, 40) 'flags.i.i.i' [ 59.566307][ T5319] [64, 72) 'flags.i.i' [ 59.570611][ T5319] [ 59.577045][ T5319] The buggy address belongs to the virtual mapping at [ 59.577045][ T5319] [ffffc90004040000, ffffc90004049000) created by: [ 59.577045][ T5319] copy_process+0x5d1/0x3d50 [ 59.594649][ T5319] [ 59.596952][ T5319] The buggy address belongs to the physical page: [ 59.603344][ T5319] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x2baf3 [ 59.613383][ T5319] memcg:ffff888142f92582 [ 59.617597][ T5319] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 59.624690][ T5319] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 59.633251][ T5319] raw: ffff888000000002 0000000000000000 00000001ffffffff ffff888142f92582 [ 59.641806][ T5319] page dumped because: kasan: bad access detected [ 59.648197][ T5319] page_owner tracks the page as allocated [ 59.653887][ T5319] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5313, tgid 5313 (syz.2.3), ts 58436212824, free_ts 58373390571 [ 59.671850][ T5319] post_alloc_hook+0x1f3/0x230 [ 59.676594][ T5319] get_page_from_freelist+0x312a/0x3270 [ 59.682550][ T5319] __alloc_pages_noprof+0x29e/0x780 [ 59.687726][ T5319] alloc_pages_mpol_noprof+0x3e8/0x680 [ 59.693164][ T5319] __vmalloc_node_range_noprof+0xa40/0x1400 [ 59.699032][ T5319] dup_task_struct+0x444/0x8c0 [ 59.703775][ T5319] copy_process+0x5d1/0x3d50 [ 59.708347][ T5319] kernel_clone+0x226/0x8f0 [ 59.712828][ T5319] __se_sys_clone3+0x2cb/0x350 [ 59.717572][ T5319] do_syscall_64+0xf3/0x230 [ 59.722076][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.727952][ T5319] page last free pid 4685 tgid 4685 stack trace: [ 59.734248][ T5319] free_unref_page+0xc64/0xe80 [ 59.738986][ T5319] __slab_free+0x31b/0x3d0 [ 59.743376][ T5319] qlist_free_all+0x9a/0x140 [ 59.747946][ T5319] kasan_quarantine_reduce+0x14f/0x170 [ 59.753381][ T5319] __kasan_slab_alloc+0x23/0x80 [ 59.758230][ T5319] kmem_cache_alloc_noprof+0x135/0x2a0 [ 59.764647][ T5319] getname_flags+0xb7/0x540 [ 59.769172][ T5319] do_sys_openat2+0xd2/0x1d0 [ 59.773748][ T5319] __x64_sys_openat+0x247/0x2a0 [ 59.778576][ T5319] do_syscall_64+0xf3/0x230 [ 59.783062][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.788936][ T5319] [ 59.791242][ T5319] Memory state around the buggy address: [ 59.796851][ T5319] ffffc90004047180: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.804913][ T5319] ffffc90004047200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.812970][ T5319] >ffffc90004047280: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 [ 59.821006][ T5319] ^ [ 59.827136][ T5319] ffffc90004047300: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.835175][ T5319] ffffc90004047380: 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 [ 59.843228][ T5319] ================================================================== [ 59.851356][ T5319] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.930829][ T5319] Shutting down cpus with NMI [ 60.935658][ T5319] Kernel Offset: disabled [ 60.939981][ T5319] Rebooting in 86400 seconds..