last executing test programs: 5.358251476s ago: executing program 2 (id=93): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10) r2 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x100}, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xc, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8000}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.292951217s ago: executing program 1 (id=94): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x89a3, &(0x7f0000000080)={'bond0\x00', @ifru_addrs=@nl=@proc={0x10, 0x0, 0x25dfdbfe, 0x400000}}) 5.197531867s ago: executing program 2 (id=95): io_uring_setup(0x6580, &(0x7f0000000440)={0x0, 0x66a6, 0x40, 0x0, 0x2b}) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x310) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000a80)=ANY=[@ANYBLOB="180000000000002000000000ff000000850000000f000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0x30, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000014001a80100004800c00098008"], 0x34}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000400)='tlb_flush\x00', r4, 0x0, 0x80000000000}, 0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="49000000150100032700000000000000f43dc81f", @ANYRES32=0x0, @ANYBLOB="0800040000000000080004000a01010208000a000000000008000900b43b000008000200ac1414bb0800080098000000"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) 5.034931898s ago: executing program 1 (id=98): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000001000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000010000009500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 4.878705098s ago: executing program 1 (id=101): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='GPL\x00', 0x5, 0x21, &(0x7f0000000040)=""/33, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x4, 0x6, 0x1, 0xb}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x55b0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r3}, 0x57) 4.717356668s ago: executing program 1 (id=104): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x42) sendfile(r1, r1, 0x0, 0x80000000) 3.748445031s ago: executing program 1 (id=107): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x8031, 0xffffffffffffffff, 0xfffff000) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000680)='tlb_flush\x00', r0, 0x0, 0x5}, 0x18) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000001d80)=ANY=[@ANYRES64=0x0, @ANYBLOB="0aedaa8eb6be6634c37b990653dd055b845c1f4d4fcd4f3f202d6f3c4d347045217f7ec0590f167e508810ad3a5a354788af2fbd542ddc072fa231", @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cd9ae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d78f9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2f4, &(0x7f0000000880)="$eJzs3U1PE1sYwPGnLxRaAsPi5t5cE8OJbnQzgepaaQwkxiYSpMaXxGSQqTYdWzLTYGqM6Mqt8UO4ICzZkShfgI073bhxx8bEhSyMYzqdodAOb6VQAv9fQubJnPNMz+kMyXMmzLB+792zYt7R80ZFon1KIiIiGyJDEpVAxN9GvTghW72Wy/0/v5y/c//BrUw2Oz6l1ERm+kpaKTU4/PH5y6TfbaVX1oYerf9If1/7d+3/9T/TTwuOKjiqVK4oQ82Uv1WMGctUswWnqCs1aZmGY6pCyTHtenu53p63ynNzVWWUZgdSc7bpOMooVVXRrKpKWVXsqoo9MQolpeu6GkgJ9pJbnJoyMm0m93V4MDgitp0xYiKSbGnJLXZlQAAAoKua6/+oqE7W/0sXViv9d5cH/fp/JRFW/1/9Wj/Wtvq/Vl2G1v/B54fW/8bB6v/WiuhsOVT9j5NhONGyK9IIa412xkj5v7+eNw+XRqTn2AYIAAAAAAAAAAAAAAAAAAAAAAAOZ8N1Ndd1tWDrxkXEdbVe/wFv198fkhoTketdGDI6qOX8+z/7OP84BRoP7sUHRay387n5XH3rd1gVEUtMGRFNfnvXg68WB08eqZoh+WQt+PkL87mY15LJS8HLHxWtR5rzXXfiZnZ8VNVtz++R1Nb8tGjyT3h+OjQ/IZcubsnXRZPPj6Uslsx642jkvxpV6sbtbFN+0usHAAAAAMBpoKtNoet3Xd+pvZ6/ub5uvj8Qa6yvR0LX53E5F+/u3AEAAAAAOCuc6ouiYVmmvUuQlL37tB/Ej+jIwQz3mxX8LcPRzXSXIPjwbU3BP9jo+NcSOcDXskMQlXayhmuzUYedRXDbaKc+Mjl2/GfQC/57/+FX5w54bblvj5m2H8R2vwB4OTAAAABwCjWK/mDPWHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGXQcb0fr9hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JvAAAA///+mQDw") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 3.440314441s ago: executing program 2 (id=109): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000007000000080000000400000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000bc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) r2 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4) bind$inet6(r2, &(0x7f0000000f80)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfffffffe}, 0x1c) 3.260353552s ago: executing program 4 (id=111): capset(&(0x7f0000000840)={0x20080522}, &(0x7f0000000880)={0x0, 0xdd1, 0xffffffb3, 0x0, 0x8fd, 0x10}) shmctl$SHM_UNLOCK(0x0, 0xc) 3.251629122s ago: executing program 2 (id=112): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000440)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c757466383d302c636865636b3d7374726963742c646973636172642c757466383d312c6572726f72733d636f6e74696e75652c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c00ae6891d042efbf5a4093e03c68e826cc9b20ffe8e847097c33c8de0da94110901182f7cc039b59348422666d314d69459f7c0f9cee8ef22cc9a5473a525f66a7cf0d13b236d96d8a1696b69f8b527b3e30b57aae2926aef71b98f159c23bcb3689704f1e866334c473866152dd8b12ed09be886a68717bb5e90de4b1bd41a40d93c9d612dd7ce4dbbd"], 0xfd, 0x2a0, &(0x7f0000000540)="$eJzs3M9rE0EUwPHXtGnTlDY5iKAgPvSil6WNf0GQFsSAUhtRD8LUbjRkTUo2RiJie/Pq31E8ehOs/0Av3ryLlyIIXnqQrnQ3a7Y12B823dh8P1B2ujMvM7s7CW8XdjbvvXlaKblWyTQkkVJJSGpVtkSykpDQUHub8MujErUqVyd+fL5w5/6Dm/lCYXZedS6/cC2nqlMXPzx/+fbSx8bE3XdT78dkI/tw83vuy8bZjXOb2wvhp9caanSxVmuYRcfWpbJbsVRvO7ZxbS1XXbu+q77k1JaXW2qqS5Pp5brtumqqLa3YLW3UtFFvqXlsylW1LEsn0zJohg8dUVybnzf5ngwGcRjvtrNez5vhrpXFtZMYFAAA6C9/5v9yIvn/k7KrZVer++X/CSH/7x0//9/umjTidEju3ADkTbr9/d2N/B8AAAAAAAAAAAAAAAAAAAAAgP/BludlPM/LhNvwb0xEUiIS/h/3ONEbR7j+QzEOF8cs8uJeSsR53Sw2i8E2qM+XpCyO2DKdFPnpz4e2oDx3ozA7rb6srDsr7Xj/JcGxMD6U7R4/E8RrJH6lWUxKOtp/TjJypnt8bk98UkSaxVG5cjkSb0lGPj2Smjiy5M/rTvyrGdXrtwp7+h/32wEAAAAAcBpY+lt29/1vsJqkZWm4bMie+mBn5/mAZPZ5PqCyPiqd+BE5PxLfcQMAAAAAMEjc1ouKcRy7PsiFcTl81CCeOisVTJq/NvY8b2Wn0b93mhCRmI70m4j0wQk/7sLXZ8EFPEjjOH+VAAAAAPRCJ+mPeyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyugy4eFrY/ytpjke6G4zlKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD/8CgAA///JRBp/") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) 2.855574323s ago: executing program 4 (id=113): r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0x800000001fe, 0x2) r1 = dup(r0) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x8, 0xf540, 0x0, 0x0, 0x0}) 1.240657538s ago: executing program 0 (id=114): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, &(0x7f0000000100), &(0x7f0000000140)) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000bc0)={{0x0, 0x1}, {0xe}, 0x7, 0x6, 0x2e}) 1.240076938s ago: executing program 3 (id=116): syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1.240005367s ago: executing program 0 (id=117): r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) 1.145338018s ago: executing program 4 (id=118): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.091163748s ago: executing program 0 (id=119): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000008000000080000000000", @ANYRES32, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = semget$private(0x0, 0x4, 0x0) semop(r3, &(0x7f0000000380)=[{0x0, 0xea39}], 0x1) semop(r3, &(0x7f0000000080)=[{0x0, 0xfffe}], 0x2) semctl$GETZCNT(r3, 0x0, 0xf, 0x0) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) write$binfmt_script(r4, &(0x7f0000000040)={'#! ', './file0', [{0x20, '\t'}, {0x20, '\t'}]}, 0xf) execveat(r4, 0x0, 0x0, 0x0, 0x1000) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000100)='kfree\x00', r5}, 0x18) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="81124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740cc85525d2991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = syz_open_dev$tty1(0xc, 0x4, 0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ustat(0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$KDSKBENT(r6, 0x4b47, &(0x7f0000000400)={0x0, 0x7f, 0xf00}) 1.020558588s ago: executing program 2 (id=120): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x1) open$dir(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) close(r0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.020325708s ago: executing program 4 (id=121): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xffffffff}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x17}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x6c}}, 0x0) 1.020168398s ago: executing program 3 (id=122): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x5d47, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 907.136888ms ago: executing program 4 (id=123): socket$inet(0x2, 0x4000000805, 0x0) r0 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r2, 0x26, &(0x7f00000031c0)={0x0, 0x0, 0x300}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) 837.733148ms ago: executing program 3 (id=124): r0 = io_uring_setup(0x410f, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x2f5}) io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000001580)={0x1, 0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x0}, 0x20) 776.464109ms ago: executing program 2 (id=125): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001800dd8d000000000000000002000000000000060000000006001500010000001800168014000100800000000000000000001000000011"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0), 0xd4ba0ff) unlink(&(0x7f0000000100)='./file0/file1\x00') r1 = socket$inet6(0xa, 0x3, 0xff) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000005600)='sys_enter\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r4 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000800850000008200000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f00000003c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000380)=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x0, 0x0) lseek(r6, 0x10000400000009, 0x1) dup2(r1, r1) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$SIOCX25SCUDMATCHLEN(r0, 0x89e7, &(0x7f00000002c0)={0x7b}) gettid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x85}}, 0x0) 709.706299ms ago: executing program 3 (id=126): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x18, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}]}, 0x18}}, 0x4000) 596.561169ms ago: executing program 3 (id=127): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r2}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1d, r3}, 0x10, &(0x7f0000000140)={&(0x7f0000000180)=@can={{0x0, 0x0, 0x1}, 0x0, 0x0, 0x4, 0x0, "1b2bc764c7ed2890"}, 0x10}, 0x2}, 0x0) 448.40498ms ago: executing program 3 (id=128): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x22000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x5c, 0x1, 0x1, 0x301, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x4ad}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @loopback}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000850}, 0x20000040) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xa3}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) get_robust_list(0x0, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYRES64=0x0], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unshare(0xa000200) getsockopt$MRT(0xffffffffffffffff, 0x0, 0xcf, 0x0, 0x0) r1 = gettid() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r2, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f0000000100)={0x10001, 0x0, {0xffffffffffffffff, 0x0, 0x3, 0x2, 0xffffffff}, 0x4}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r2, 0xc08c5334, &(0x7f0000000500)) tkill(r1, 0x7) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0x40, 0x1800}], 0x1, 0x0) tkill(r1, 0x37) unshare(0x60400) r3 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r3, 0x10d, 0x16, &(0x7f0000000280), &(0x7f00000005c0)=0x3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) 137.4003ms ago: executing program 0 (id=129): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) 103.28473ms ago: executing program 0 (id=130): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = epoll_create1(0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x60002015}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)={0x8000200a}) 538.831µs ago: executing program 1 (id=131): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) 326.59µs ago: executing program 0 (id=132): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r3 = fcntl$dupfd(r2, 0x0, r2) write$tun(r3, &(0x7f0000000800)=ANY=[@ANYBLOB="0101c008ff0308"], 0x24d) 0s ago: executing program 4 (id=133): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYBLOB="28000000ea583a648b1bdbbb906a5c65dde4c2a8e7d29044d3ae4fbd2b66d0a3004c1993eed3330b5502c8f44fae6fa7c97d600678a1b18bede6264a2a39f988683dbc1e9422aaaacab358f91f1d044aceeb161fd04783aeba7b179be91f315ba35315191160a5cc4ab7385b173ee9719117628aa371b41170f87c6991d69b361273249c9de5826eae1ecbd5a8170a58b0f318dd6b92fd64b7f624268d5f17d1ea56467dcad126136b33500035971cbd64f1877c5582f28d6f9b76d7c3d4ecb434d871f5ae4a067052aec3c2ebd128d1ad61e6d184b91cd1eb2fe0ac0b6860ee136d57e874215ce208e3d0d4d99341d7164b17ca634a70d4cb5b1ab038ca82d8dc7d78ffdd959489719db5f5e8719cdf64e6e709fd6367cdee1289631297561d56c0c30f99d70474e99b6509f9da362a8483f9ad0168772c378453ebfe1829749336cfa80d3254b9f208903cef0fc28216580bd247f75670ca0551375d95864223dc2f712472dcd0e0d8", @ANYRES16=r0, @ANYBLOB="0003fcffffff00000000210000000c009900020000006000000006002a00dd0000"], 0x28}}, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r1, 0x101) r2 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r2, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) r3 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000d00)=ANY=[], 0x3ce0}, 0x1, 0x0, 0x0, 0x4024011}, 0x40084) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts. [ 58.296444][ T4157] cgroup: Unknown subsys name 'net' [ 58.441974][ T4157] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.869375][ T4157] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 61.302126][ T4177] chnl_net:caif_netlink_parms(): no params data found [ 61.319940][ T4174] chnl_net:caif_netlink_parms(): no params data found [ 61.373367][ T4172] chnl_net:caif_netlink_parms(): no params data found [ 61.429035][ T4168] chnl_net:caif_netlink_parms(): no params data found [ 61.485721][ T4177] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.493428][ T4177] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.502080][ T4177] device bridge_slave_0 entered promiscuous mode [ 61.529261][ T4178] chnl_net:caif_netlink_parms(): no params data found [ 61.541728][ T4177] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.548945][ T4177] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.557230][ T4177] device bridge_slave_1 entered promiscuous mode [ 61.598580][ T4174] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.605923][ T4174] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.613742][ T4174] device bridge_slave_0 entered promiscuous mode [ 61.652333][ T4174] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.659714][ T4174] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.667977][ T4174] device bridge_slave_1 entered promiscuous mode [ 61.694657][ T4177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.713181][ T4172] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.720487][ T4172] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.728497][ T4172] device bridge_slave_0 entered promiscuous mode [ 61.740971][ T4168] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.748488][ T4168] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.757220][ T4168] device bridge_slave_0 entered promiscuous mode [ 61.766597][ T4177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.782536][ T4172] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.789927][ T4172] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.798281][ T4172] device bridge_slave_1 entered promiscuous mode [ 61.808666][ T4168] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.815847][ T4168] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.823597][ T4168] device bridge_slave_1 entered promiscuous mode [ 61.839326][ T4174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.880687][ T4174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.922771][ T4177] team0: Port device team_slave_0 added [ 61.931069][ T4177] team0: Port device team_slave_1 added [ 61.945695][ T4172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.955123][ T4178] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.962197][ T4178] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.970341][ T4178] device bridge_slave_0 entered promiscuous mode [ 61.980203][ T4168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.998443][ T4174] team0: Port device team_slave_0 added [ 62.014609][ T4172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.024033][ T4178] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.031277][ T4178] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.039096][ T4178] device bridge_slave_1 entered promiscuous mode [ 62.048399][ T4168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.058951][ T4174] team0: Port device team_slave_1 added [ 62.071978][ T4177] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.079114][ T4177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.105160][ T4177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.145291][ T4177] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.152264][ T4177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.178536][ T4177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.214207][ T4168] team0: Port device team_slave_0 added [ 62.226637][ T4172] team0: Port device team_slave_0 added [ 62.236391][ T4178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.246063][ T4174] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.253019][ T4174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.279332][ T4174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.291755][ T4168] team0: Port device team_slave_1 added [ 62.315769][ T4172] team0: Port device team_slave_1 added [ 62.322304][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.329354][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.355574][ T4168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.375122][ T4178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.384625][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.391616][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.421542][ T4168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.443175][ T4174] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.450172][ T4174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.476260][ T4174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.542418][ T4177] device hsr_slave_0 entered promiscuous mode [ 62.553075][ T4177] device hsr_slave_1 entered promiscuous mode [ 62.562324][ T4178] team0: Port device team_slave_0 added [ 62.569566][ T4172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.577113][ T4172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.603202][ T4172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.623667][ T4178] team0: Port device team_slave_1 added [ 62.637451][ T4172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.644400][ T4172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.670954][ T4172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.720966][ T4168] device hsr_slave_0 entered promiscuous mode [ 62.728007][ T4168] device hsr_slave_1 entered promiscuous mode [ 62.734731][ T4168] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.742661][ T4168] Cannot create hsr debugfs directory [ 62.762436][ T4174] device hsr_slave_0 entered promiscuous mode [ 62.769811][ T4174] device hsr_slave_1 entered promiscuous mode [ 62.776693][ T4174] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.784500][ T4174] Cannot create hsr debugfs directory [ 62.816517][ T4178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.823486][ T4178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.849694][ T4178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.880186][ T4172] device hsr_slave_0 entered promiscuous mode [ 62.887006][ T4172] device hsr_slave_1 entered promiscuous mode [ 62.893784][ T4172] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.901778][ T4172] Cannot create hsr debugfs directory [ 62.906179][ T4159] Bluetooth: hci0: command 0x0409 tx timeout [ 62.922629][ T4178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.929744][ T4178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.955994][ T4178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.975524][ T4159] Bluetooth: hci2: command 0x0409 tx timeout [ 62.976365][ T1111] Bluetooth: hci3: command 0x0409 tx timeout [ 62.982309][ T4159] Bluetooth: hci1: command 0x0409 tx timeout [ 63.055183][ T4159] Bluetooth: hci4: command 0x0409 tx timeout [ 63.081700][ T4178] device hsr_slave_0 entered promiscuous mode [ 63.088722][ T4178] device hsr_slave_1 entered promiscuous mode [ 63.095966][ T4178] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.103538][ T4178] Cannot create hsr debugfs directory [ 63.328164][ T4177] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.339692][ T4177] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.350452][ T4177] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.359810][ T4177] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.427645][ T4174] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 63.443010][ T4174] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 63.460794][ T4172] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.496322][ T4174] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 63.507490][ T4172] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.522746][ T4174] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 63.531679][ T4172] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.561476][ T4172] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.577713][ T4168] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.589246][ T4168] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.599291][ T4168] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.609907][ T4168] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.702501][ T4178] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.712012][ T4178] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.721958][ T4178] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.743626][ T4177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.760330][ T4178] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.792366][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.804256][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.832792][ T4177] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.879780][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.889949][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.899340][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.906684][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.915967][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.940934][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.950771][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.962274][ T3082] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.969399][ T3082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.987431][ T4174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.005597][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.015065][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.027117][ T4168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.044189][ T4174] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.060919][ T4172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.068103][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.076458][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.084238][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.093822][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.109259][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.134410][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.143802][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.152946][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.162081][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.171000][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.178137][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.186580][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.196233][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.204549][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.214479][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.223733][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.230843][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.238623][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.251159][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.260769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.269434][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.302588][ T4177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.312108][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.320263][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.332282][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.341567][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.349787][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.357861][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.367698][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.381610][ T4168] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.393699][ T4172] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.414062][ T4178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.423306][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.432225][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.443749][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.453974][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.463634][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.472187][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.479284][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.490542][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.525261][ T4174] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.536416][ T4174] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.556433][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.567268][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.576852][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.585872][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.594329][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.604273][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.613520][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.620628][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.630900][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.640182][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.650005][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.658927][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.666384][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.674711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.683543][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.692023][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.699142][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.706919][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.716463][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.725498][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.733235][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.742515][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.750731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.761310][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.776588][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.787116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.823630][ T4172] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.834355][ T4172] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.853308][ T4178] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.861517][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.870571][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.880805][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.889742][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.901367][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.911142][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.920318][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.929033][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.937769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.946481][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.955077][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.963590][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.971888][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.983184][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.990912][ T4209] Bluetooth: hci0: command 0x041b tx timeout [ 64.997326][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.026571][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.036715][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.053049][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.060204][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.065572][ T4210] Bluetooth: hci1: command 0x041b tx timeout [ 65.073720][ T4210] Bluetooth: hci3: command 0x041b tx timeout [ 65.075692][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.095371][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.095724][ T4210] Bluetooth: hci2: command 0x041b tx timeout [ 65.103960][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.116510][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.130733][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.139469][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.145466][ T4210] Bluetooth: hci4: command 0x041b tx timeout [ 65.148461][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.166869][ T4177] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.178798][ T4168] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.190242][ T4168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.225841][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.241435][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.250728][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.266622][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.275969][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.290615][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.300574][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.310822][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.319927][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.352291][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.361321][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.371010][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.380559][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.401382][ T4178] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.418826][ T4178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.438746][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.448269][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.457708][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.467081][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.476952][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.484934][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.499225][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.507001][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.527311][ T4177] device veth0_vlan entered promiscuous mode [ 65.548790][ T4174] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.572742][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.583345][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.602396][ T4177] device veth1_vlan entered promiscuous mode [ 65.622613][ T4168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.634329][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.643462][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.660379][ T4172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.711661][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.723511][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.736157][ T4177] device veth0_macvtap entered promiscuous mode [ 65.766100][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.775038][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.783765][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.795108][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.803770][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.813804][ T4177] device veth1_macvtap entered promiscuous mode [ 65.836707][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.845458][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.852988][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.862707][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.872837][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.901532][ T4178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.915989][ T4168] device veth0_vlan entered promiscuous mode [ 65.936026][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.943850][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.953009][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.961750][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.972469][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.980674][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.990867][ T4177] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.004022][ T4177] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.028361][ T4172] device veth0_vlan entered promiscuous mode [ 66.035628][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.044305][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.053482][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.063933][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.072874][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.081903][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.099421][ T4168] device veth1_vlan entered promiscuous mode [ 66.109757][ T4177] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.118809][ T4177] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.128029][ T4177] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.137125][ T4177] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.173165][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.182364][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.191087][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.205016][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.233761][ T4172] device veth1_vlan entered promiscuous mode [ 66.251184][ T4178] device veth0_vlan entered promiscuous mode [ 66.260313][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.270091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.279880][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.318421][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.327206][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.336825][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.344717][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.353364][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.362369][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.371018][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.396486][ T4174] device veth0_vlan entered promiscuous mode [ 66.407035][ T4178] device veth1_vlan entered promiscuous mode [ 66.435798][ T395] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.443844][ T395] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.458218][ T4168] device veth0_macvtap entered promiscuous mode [ 66.478209][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.487286][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.495697][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.504245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.513652][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.526456][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.538666][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.547886][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.559742][ T4168] device veth1_macvtap entered promiscuous mode [ 66.578186][ T4174] device veth1_vlan entered promiscuous mode [ 66.588999][ T4172] device veth0_macvtap entered promiscuous mode [ 66.618000][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.620795][ T4178] device veth0_macvtap entered promiscuous mode [ 66.634344][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.645161][ T4172] device veth1_macvtap entered promiscuous mode [ 66.652198][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.661123][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.669931][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.678791][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.687996][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.712165][ T4178] device veth1_macvtap entered promiscuous mode [ 66.720157][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.732180][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.744401][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.754385][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.763684][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.772032][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.780992][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.817035][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.834373][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.851099][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.874400][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.887138][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.903200][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.914045][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.927848][ T4174] device veth0_macvtap entered promiscuous mode [ 66.945372][ T4178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.964566][ T4178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.976870][ T4178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.012377][ T4178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.026322][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.038239][ T4168] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.048175][ T4168] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.057969][ T4210] Bluetooth: hci0: command 0x040f tx timeout [ 67.060617][ T4168] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.073653][ T4168] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.087899][ T4174] device veth1_macvtap entered promiscuous mode [ 67.102119][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.110606][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.119171][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.128634][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.141369][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.152643][ T4210] Bluetooth: hci2: command 0x040f tx timeout [ 67.159389][ T4210] Bluetooth: hci3: command 0x040f tx timeout [ 67.159893][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.165812][ T4210] Bluetooth: hci1: command 0x040f tx timeout [ 67.181645][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.192248][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.202356][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.212971][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.225525][ T4210] Bluetooth: hci4: command 0x040f tx timeout [ 67.229703][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.240920][ T4178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.252550][ T4178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.262667][ T4178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.273281][ T4178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.286989][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.315314][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.324369][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.333565][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.342724][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.358652][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.369492][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.380743][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.391515][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.406328][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.417413][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.428911][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.441051][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.451722][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.462701][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.473838][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.483999][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.494916][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.505091][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.515696][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.527556][ T4174] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.556001][ T4178] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.564744][ T4178] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.574221][ T4178] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.583097][ T4178] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.593159][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.602881][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.611905][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.621810][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.634071][ T4172] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.643237][ T4172] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.652271][ T4172] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.661478][ T4172] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.688471][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.701510][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.711789][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.722773][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.732785][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.743823][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.753851][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.764333][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.779140][ T4174] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.791751][ T4174] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.800879][ T4174] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.810111][ T4174] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.819250][ T4174] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.843240][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.852960][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.027434][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.059797][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.071260][ T4247] loop0: detected capacity change from 0 to 512 [ 68.086145][ T3082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.094189][ T3082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.105473][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.126405][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.135473][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.142307][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.151990][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.168314][ T1452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.183382][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.197452][ T1452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.208549][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.227109][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.236399][ T4247] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #2: comm syz.0.7: corrupted xattr block 255 [ 68.239106][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.265915][ T4247] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 68.274130][ T4247] EXT4-fs (loop0): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback. [ 68.298716][ T4247] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #2: comm syz.0.7: corrupted xattr block 255 [ 68.329413][ T1452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.358598][ T1452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.367365][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.373324][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.440926][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.472980][ T1452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.480133][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.529844][ T1452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.568750][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.611428][ T26] audit: type=1326 audit(1733892890.635:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4255 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c7aab4f19 code=0x7ffc0000 [ 68.651932][ T4257] netlink: 72 bytes leftover after parsing attributes in process `syz.0.8'. [ 68.721465][ T26] audit: type=1326 audit(1733892890.695:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4255 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f5c7aab4f19 code=0x7ffc0000 [ 68.834112][ T4263] netlink: 'syz.1.10': attribute type 15 has an invalid length. [ 68.835321][ T26] audit: type=1326 audit(1733892890.695:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4255 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c7aab4f19 code=0x7ffc0000 [ 68.988105][ T26] audit: type=1326 audit(1733892890.775:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4258 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff909ed7f19 code=0x7ffc0000 [ 69.070590][ T4276] syz.1.14[4276] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 69.070697][ T4276] syz.1.14[4276] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 69.103479][ T26] audit: type=1326 audit(1733892890.775:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4258 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff909ed7f19 code=0x7ffc0000 [ 69.147710][ T4209] Bluetooth: hci0: command 0x0419 tx timeout [ 69.226293][ T4210] Bluetooth: hci1: command 0x0419 tx timeout [ 69.232651][ T4210] Bluetooth: hci3: command 0x0419 tx timeout [ 69.239948][ T4282] syz.3.16[4282] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 69.240066][ T4282] syz.3.16[4282] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 69.282047][ T4210] Bluetooth: hci2: command 0x0419 tx timeout [ 69.297469][ T26] audit: type=1326 audit(1733892890.805:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4258 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff909ed7f19 code=0x7ffc0000 [ 69.356956][ T4210] Bluetooth: hci4: command 0x0419 tx timeout [ 69.442327][ T26] audit: type=1326 audit(1733892890.805:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4258 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff909ed7f19 code=0x7ffc0000 [ 69.544314][ T26] audit: type=1326 audit(1733892890.805:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4258 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff909ed7f19 code=0x7ffc0000 [ 69.684874][ T26] audit: type=1326 audit(1733892890.825:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4258 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff909ed7f19 code=0x7ffc0000 [ 69.790639][ T26] audit: type=1326 audit(1733892890.825:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4258 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff909ed7f19 code=0x7ffc0000 [ 70.109974][ T4315] loop2: detected capacity change from 0 to 1024 [ 70.168017][ T4315] ======================================================= [ 70.168017][ T4315] WARNING: The mand mount option has been deprecated and [ 70.168017][ T4315] and is ignored by this kernel. Remove the mand [ 70.168017][ T4315] option from the mount to silence this warning. [ 70.168017][ T4315] ======================================================= [ 70.213347][ T4315] EXT4-fs (loop2): Ignoring removed nobh option [ 70.257936][ T4315] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.29: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 70.260584][ T4319] netlink: 36 bytes leftover after parsing attributes in process `syz.1.31'. [ 70.296859][ T4315] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.29: couldn't read orphan inode 11 (err -117) [ 70.310047][ T4315] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 70.636487][ T4331] loop4: detected capacity change from 0 to 1024 [ 70.714824][ T4339] syz.0.39 uses obsolete (PF_INET,SOCK_PACKET) [ 70.757999][ T4331] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 70.799618][ T4331] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 70.806619][ T4345] loop1: detected capacity change from 0 to 512 [ 70.865236][ T4331] JBD2: no valid journal superblock found [ 70.881383][ T4331] EXT4-fs (loop4): error loading journal [ 70.886603][ T4345] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 70.962626][ T4345] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 71.032293][ T4345] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 71.054486][ T4345] EXT4-fs (loop1): 1 truncate cleaned up [ 71.062861][ T4345] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,jqfmt=vfsv0,nombcache,quota,,errors=continue. Quota mode: writeback. [ 71.113653][ T4359] loop4: detected capacity change from 0 to 512 [ 71.193959][ T4359] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 71.318413][ T4359] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.48: invalid indirect mapped block 11 (level 0) [ 71.366019][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.372740][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.486086][ T4359] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.48: attempt to clear invalid blocks 1024 len 1 [ 71.911805][ T4359] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 72.247482][ T4359] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.48: invalid indirect mapped block 1819239214 (level 0) [ 72.362655][ T4359] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.48: invalid indirect mapped block 33554432 (level 2) [ 72.406610][ T4359] EXT4-fs (loop4): 1 truncate cleaned up [ 72.456768][ T4359] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 72.558418][ T4386] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT [ 72.734145][ T4394] netlink: 12 bytes leftover after parsing attributes in process `syz.0.60'. [ 72.753256][ T4392] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 72.950964][ T4402] capability: warning: `syz.3.63' uses 32-bit capabilities (legacy support in use) [ 73.470844][ T4422] loop3: detected capacity change from 0 to 512 [ 73.579214][ T4422] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 73.603238][ T4422] EXT4-fs (loop3): Unrecognized mount option "grpid2" or missing value [ 73.797562][ T4427] netlink: 'syz.1.76': attribute type 4 has an invalid length. [ 74.072206][ T4443] loop2: detected capacity change from 0 to 512 [ 74.142197][ T4427] syz.1.76 (4427) used greatest stack depth: 19928 bytes left [ 74.249665][ T4443] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 74.316152][ T4443] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.484094][ T4457] loop4: detected capacity change from 0 to 128 [ 74.572740][ T4457] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 74.601447][ T4457] ext4 filesystem being mounted at /11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 74.645445][ T4462] loop1: detected capacity change from 0 to 256 [ 74.852359][ T4466] Zero length message leads to an empty skb [ 75.265231][ T4482] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT [ 75.407051][ T26] kauditd_printk_skb: 359 callbacks suppressed [ 75.407066][ T26] audit: type=1326 audit(1733892897.435:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 75.541307][ T26] audit: type=1326 audit(1733892897.475:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 75.663361][ T26] audit: type=1326 audit(1733892897.475:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 75.665215][ T4490] loop1: detected capacity change from 0 to 4096 [ 75.741297][ T26] audit: type=1326 audit(1733892897.475:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 75.752985][ T4492] loop4: detected capacity change from 0 to 4096 [ 75.829826][ T26] audit: type=1326 audit(1733892897.475:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 75.888427][ T4490] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 75.924057][ T26] audit: type=1326 audit(1733892897.475:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 75.947594][ T26] audit: type=1326 audit(1733892897.475:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 75.955176][ T4492] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 76.020024][ T26] audit: type=1326 audit(1733892897.475:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 76.042459][ T26] audit: type=1326 audit(1733892897.475:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 76.075391][ T26] audit: type=1326 audit(1733892897.475:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4486 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a66caf19 code=0x7ffc0000 [ 76.134868][ T4492] EXT4-fs error (device loop4): ext4_get_first_dir_block:3617: inode #12: block 80: comm syz.4.105: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 76.234897][ T4492] EXT4-fs error (device loop4): ext4_get_first_dir_block:3619: inode #12: comm syz.4.105: directory missing '..' [ 76.934410][ T4510] loop2: detected capacity change from 0 to 128 [ 77.007655][ T4510] FAT-fs (loop2): Directory bread(block 162) failed [ 77.040408][ T4510] FAT-fs (loop2): Directory bread(block 163) failed [ 77.065060][ T4510] FAT-fs (loop2): Directory bread(block 164) failed [ 77.077451][ T4510] FAT-fs (loop2): Directory bread(block 165) failed [ 77.091420][ T4510] FAT-fs (loop2): Directory bread(block 166) failed [ 78.574971][ T4510] FAT-fs (loop2): Directory bread(block 167) failed [ 78.584074][ T4510] FAT-fs (loop2): Directory bread(block 168) failed [ 78.618040][ T4510] FAT-fs (loop2): Directory bread(block 169) failed [ 78.867041][ T4510] FAT-fs (loop2): Directory bread(block 162) failed [ 78.907713][ T4510] FAT-fs (loop2): Directory bread(block 163) failed [ 78.917585][ T4510] attempt to access beyond end of device [ 78.917585][ T4510] loop2: rw=3, want=232, limit=128 [ 78.952634][ T4510] attempt to access beyond end of device [ 78.952634][ T4510] loop2: rw=2051, want=234, limit=128 [ 79.225845][ T4545] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 79.225845][ T4545] The task syz.0.119 (4545) triggered the difference, watch for misbehavior. [ 79.564025][ T4557] process 'syz.2.125' launched './file0' with NULL argv: empty string added [ 79.584053][ T4533] loop1: detected capacity change from 0 to 128 [ 79.663535][ T4562] loop3: detected capacity change from 0 to 128 [ 80.142348][ T4569] sg_write: data in/out 525275/547 bytes for SCSI command 0x0-- guessing data in; [ 80.142348][ T4569] program syz.0.132 not setting count and/or reply_len properly [ 80.234985][ C1] ------------[ cut here ]------------ [ 80.234985][ C0] ------------[ cut here ]------------ [ 80.235071][ C0] [ 80.235076][ C0] ====================================================== [ 80.235081][ C0] WARNING: possible circular locking dependency detected [ 80.235086][ C0] 5.15.173-syzkaller #0 Not tainted [ 80.235094][ C0] ------------------------------------------------------ [ 80.235098][ C0] syz.0.132/4569 is trying to acquire lock: [ 80.235107][ C0] ffffffff8c9fc4b8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x1c/0xa0 [ 80.235169][ C0] [ 80.235169][ C0] but task is already holding lock: [ 80.235174][ C0] ffff8880b8e28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 80.235219][ C0] [ 80.235219][ C0] which lock already depends on the new lock. [ 80.235219][ C0] [ 80.235224][ C0] [ 80.235224][ C0] the existing dependency chain (in reverse order) is: [ 80.235228][ C0] [ 80.235228][ C0] -> #3 (&base->lock){-.-.}-{2:2}: [ 80.235252][ C0] lock_acquire+0x1db/0x4f0 [ 80.235270][ C0] _raw_spin_lock_irqsave+0xd1/0x120 [ 80.235291][ C0] lock_timer_base+0x120/0x260 [ 80.235311][ C0] __mod_timer+0x1d6/0xeb0 [ 80.235330][ C0] queue_delayed_work_on+0x156/0x250 [ 80.235349][ C0] enqueue_task+0x2fe/0x3a0 [ 80.235368][ C0] wake_up_new_task+0x515/0xb60 [ 80.235388][ C0] kernel_clone+0x44e/0x960 [ 80.235405][ C0] kernel_thread+0x168/0x1e0 [ 80.235422][ C0] rest_init+0x21/0x330 [ 80.235441][ C0] start_kernel+0x48c/0x540 [ 80.235459][ C0] secondary_startup_64_no_verify+0xb1/0xbb [ 80.235480][ C0] [ 80.235480][ C0] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 80.235504][ C0] lock_acquire+0x1db/0x4f0 [ 80.235519][ C0] _raw_spin_lock_nested+0x2d/0x40 [ 80.235539][ C0] raw_spin_rq_lock_nested+0x26/0x140 [ 80.235560][ C0] task_fork_fair+0x5d/0x350 [ 80.235576][ C0] sched_cgroup_fork+0x2d3/0x330 [ 80.235597][ C0] copy_process+0x224a/0x3ef0 [ 80.235613][ C0] kernel_clone+0x210/0x960 [ 80.235630][ C0] kernel_thread+0x168/0x1e0 [ 80.235647][ C0] rest_init+0x21/0x330 [ 80.235664][ C0] start_kernel+0x48c/0x540 [ 80.235682][ C0] secondary_startup_64_no_verify+0xb1/0xbb [ 80.235702][ C0] [ 80.235702][ C0] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 80.235725][ C0] lock_acquire+0x1db/0x4f0 [ 80.235741][ C0] _raw_spin_lock_irqsave+0xd1/0x120 [ 80.235760][ C0] try_to_wake_up+0xae/0x1300 [ 80.235780][ C0] up+0x6e/0x90 [ 80.235796][ C0] __up_console_sem+0x11a/0x1e0 [ 80.235814][ C0] console_unlock+0x1145/0x12b0 [ 80.235831][ C0] vprintk_emit+0xbf/0x150 [ 80.235847][ C0] _printk+0xd1/0x120 [ 80.235865][ C0] do_execveat_common+0x5f8/0x720 [ 80.235884][ C0] __x64_sys_execve+0x8e/0xa0 [ 80.235903][ C0] do_syscall_64+0x3b/0xb0 [ 80.235919][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.235940][ C0] [ 80.235940][ C0] -> #0 ((console_sem).lock){-.-.}-{2:2}: [ 80.235964][ C0] validate_chain+0x1649/0x5930 [ 80.235982][ C0] __lock_acquire+0x1295/0x1ff0 [ 80.235998][ C0] lock_acquire+0x1db/0x4f0 [ 80.236013][ C0] _raw_spin_lock_irqsave+0xd1/0x120 [ 80.236041][ C0] down_trylock+0x1c/0xa0 [ 80.236060][ C0] __down_trylock_console_sem+0x105/0x250 [ 80.236079][ C0] console_trylock_spinning+0x8a/0x3f0 [ 80.236098][ C0] vprintk_emit+0xa6/0x150 [ 80.236114][ C0] _printk+0xd1/0x120 [ 80.236131][ C0] report_bug+0x1e5/0x2e0 [ 80.236150][ C0] handle_bug+0x3d/0x70 [ 80.236166][ C0] exc_invalid_op+0x16/0x40 [ 80.236187][ C0] asm_exc_invalid_op+0x16/0x20 [ 80.236206][ C0] copy_from_user_nofault+0x15c/0x1c0 [ 80.236224][ C0] bpf_probe_read_compat+0xe4/0x180 [ 80.236243][ C0] bpf_prog_660a4dcab242cdbf+0x3a/0x790 [ 80.236259][ C0] bpf_trace_run3+0x1d1/0x380 [ 80.236276][ C0] __traceiter_timer_start+0x79/0xd0 [ 80.236295][ C0] enqueue_timer+0x3ae/0x540 [ 80.236311][ C0] __mod_timer+0xa60/0xeb0 [ 80.236330][ C0] call_timer_fn+0x16d/0x560 [ 80.236345][ C0] __run_timers+0x67c/0x890 [ 80.236361][ C0] run_timer_softirq+0x63/0xf0 [ 80.236381][ C0] handle_softirqs+0x3a7/0x930 [ 80.236398][ C0] __irq_exit_rcu+0x157/0x240 [ 80.236414][ C0] irq_exit_rcu+0x5/0x20 [ 80.236430][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 80.236449][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 80.236471][ C0] lock_page_memcg+0x24/0x4d0 [ 80.236489][ C0] page_remove_rmap+0x2a/0x11e0 [ 80.236509][ C0] unmap_page_range+0xffa/0x2630 [ 80.236529][ C0] unmap_vmas+0x1f8/0x390 [ 80.236546][ C0] exit_mmap+0x3b6/0x670 [ 80.236562][ C0] __mmput+0x112/0x3b0 [ 80.236577][ C0] exit_mm+0x688/0x7f0 [ 80.236596][ C0] do_exit+0x626/0x2480 [ 80.236615][ C0] do_group_exit+0x144/0x310 [ 80.236635][ C0] get_signal+0xc66/0x14e0 [ 80.236651][ C0] arch_do_signal_or_restart+0xc3/0x1890 [ 80.236673][ C0] exit_to_user_mode_loop+0x97/0x130 [ 80.236690][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 80.236708][ C0] syscall_exit_to_user_mode+0x5d/0x240 [ 80.236728][ C0] do_syscall_64+0x47/0xb0 [ 80.236744][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.236765][ C0] [ 80.236765][ C0] other info that might help us debug this: [ 80.236765][ C0] [ 80.236770][ C0] Chain exists of: [ 80.236770][ C0] (console_sem).lock --> &rq->__lock --> &base->lock [ 80.236770][ C0] [ 80.236798][ C0] Possible unsafe locking scenario: [ 80.236798][ C0] [ 80.236803][ C0] CPU0 CPU1 [ 80.236808][ C0] ---- ---- [ 80.236811][ C0] lock(&base->lock); [ 80.236822][ C0] lock(&rq->__lock); [ 80.236834][ C0] lock(&base->lock); [ 80.236846][ C0] lock((console_sem).lock); [ 80.236857][ C0] [ 80.236857][ C0] *** DEADLOCK *** [ 80.236857][ C0] [ 80.236861][ C0] 4 locks held by syz.0.132/4569: [ 80.236871][ C0] #0: ffff88801f216078 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 [ 80.236922][ C0] #1: ffffc90000007be0 ((&app->join_timer)#2){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x560 [ 80.236970][ C0] #2: ffff8880b8e28098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 80.237017][ C0] #3: ffffffff8cb1fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 80.237067][ C0] [ 80.237067][ C0] stack backtrace: [ 80.237079][ C0] CPU: 0 PID: 4569 Comm: syz.0.132 Not tainted 5.15.173-syzkaller #0 [ 80.237099][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 80.237109][ C0] Call Trace: [ 80.237115][ C0] [ 80.237121][ C0] dump_stack_lvl+0x1e3/0x2d0 [ 80.237161][ C0] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 80.237190][ C0] ? print_circular_bug+0x12b/0x1a0 [ 80.237211][ C0] check_noncircular+0x2f8/0x3b0 [ 80.237235][ C0] ? add_chain_block+0x850/0x850 [ 80.237253][ C0] ? queued_spin_lock_slowpath+0x42/0x50 [ 80.237273][ C0] ? lockdep_lock+0x1a7/0x2a0 [ 80.237295][ C0] ? _find_first_zero_bit+0xcf/0xf0 [ 80.237318][ C0] validate_chain+0x1649/0x5930 [ 80.237340][ C0] ? unwind_get_return_address+0x49/0x80 [ 80.237373][ C0] ? reacquire_held_locks+0x660/0x660 [ 80.237398][ C0] ? lockdep_lock+0x11f/0x2a0 [ 80.237417][ C0] ? lockdep_unlock+0x166/0x300 [ 80.237434][ C0] ? lockdep_lock+0x2a0/0x2a0 [ 80.237456][ C0] ? mark_lock+0x98/0x340 [ 80.237495][ C0] __lock_acquire+0x1295/0x1ff0 [ 80.237522][ C0] lock_acquire+0x1db/0x4f0 [ 80.237539][ C0] ? down_trylock+0x1c/0xa0 [ 80.237560][ C0] ? vsnprintf+0x1c70/0x1c70 [ 80.237583][ C0] ? read_lock_is_recursive+0x10/0x10 [ 80.237603][ C0] ? memcpy+0x3c/0x60 [ 80.237623][ C0] ? vsnprintf+0x1b93/0x1c70 [ 80.237644][ C0] ? _prb_commit+0x30a/0x3e0 [ 80.237665][ C0] ? prb_reserve+0x1240/0x1240 [ 80.237687][ C0] _raw_spin_lock_irqsave+0xd1/0x120 [ 80.237708][ C0] ? down_trylock+0x1c/0xa0 [ 80.237728][ C0] ? _raw_spin_lock+0x40/0x40 [ 80.237751][ C0] ? vprintk_store+0xf1b/0x1300 [ 80.237772][ C0] down_trylock+0x1c/0xa0 [ 80.237794][ C0] __down_trylock_console_sem+0x105/0x250 [ 80.237815][ C0] ? printk_parse_prefix+0x2c0/0x2c0 [ 80.237833][ C0] ? vprintk_emit+0xa6/0x150 [ 80.237852][ C0] ? console_trylock+0x70/0x70 [ 80.237871][ C0] ? validate_chain+0x112/0x5930 [ 80.237893][ C0] ? vprintk_emit+0xa6/0x150 [ 80.237911][ C0] console_trylock_spinning+0x8a/0x3f0 [ 80.237932][ C0] ? vprintk_emit+0x150/0x150 [ 80.237950][ C0] ? validate_chain+0x112/0x5930 [ 80.237971][ C0] ? reacquire_held_locks+0x660/0x660 [ 80.237989][ C0] ? validate_chain+0x112/0x5930 [ 80.238008][ C0] ? reacquire_held_locks+0x660/0x660 [ 80.238033][ C0] ? validate_chain+0x112/0x5930 [ 80.238054][ C0] vprintk_emit+0xa6/0x150 [ 80.238075][ C0] _printk+0xd1/0x120 [ 80.238094][ C0] ? mark_lock+0x98/0x340 [ 80.238112][ C0] ? report_bug+0x16e/0x2e0 [ 80.238132][ C0] ? panic+0x860/0x860 [ 80.238150][ C0] ? __lock_acquire+0x1295/0x1ff0 [ 80.238172][ C0] ? find_bug+0x9c/0x350 [ 80.238193][ C0] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.238212][ C0] report_bug+0x1e5/0x2e0 [ 80.238235][ C0] handle_bug+0x3d/0x70 [ 80.238253][ C0] exc_invalid_op+0x16/0x40 [ 80.238271][ C0] asm_exc_invalid_op+0x16/0x20 [ 80.238292][ C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 [ 80.238314][ C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 cb c6 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff [ 80.238330][ C0] RSP: 0018:ffffc90000007850 EFLAGS: 00010046 [ 80.238345][ C0] RAX: ffffffff81aaacec RBX: 0000000000000000 RCX: ffff88802a7d9dc0 [ 80.238360][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 80.238371][ C0] RBP: dffffc0000000000 R08: ffffffff81aaabfd R09: ffffed10054fb3b9 [ 80.238386][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 80.238399][ C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900000078c8 [ 80.238415][ C0] ? copy_from_user_nofault+0x6d/0x1c0 [ 80.238434][ C0] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.238458][ C0] bpf_probe_read_compat+0xe4/0x180 [ 80.238480][ C0] bpf_prog_660a4dcab242cdbf+0x3a/0x790 [ 80.238497][ C0] bpf_trace_run3+0x1d1/0x380 [ 80.238518][ C0] ? bpf_trace_run2+0x340/0x340 [ 80.238539][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 80.238561][ C0] ? _raw_spin_unlock+0x40/0x40 [ 80.238581][ C0] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 80.238602][ C0] ? _raw_spin_lock+0x40/0x40 [ 80.238622][ C0] ? __bpf_trace_timer_class+0x20/0x20 [ 80.238644][ C0] __traceiter_timer_start+0x79/0xd0 [ 80.238668][ C0] enqueue_timer+0x3ae/0x540 [ 80.238688][ C0] __mod_timer+0xa60/0xeb0 [ 80.238710][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 80.238735][ C0] ? mod_timer_pending+0x20/0x20 [ 80.238757][ C0] ? prandom_u32+0x218/0x260 [ 80.238782][ C0] call_timer_fn+0x16d/0x560 [ 80.238800][ C0] ? garp_init_applicant+0x470/0x470 [ 80.238823][ C0] ? __run_timers+0x890/0x890 [ 80.238843][ C0] ? do_raw_spin_unlock+0x137/0x8b0 [ 80.238864][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 80.238885][ C0] ? garp_init_applicant+0x470/0x470 [ 80.238906][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 80.238927][ C0] ? garp_init_applicant+0x470/0x470 [ 80.238948][ C0] __run_timers+0x67c/0x890 [ 80.238972][ C0] ? detach_timer+0x2f0/0x2f0 [ 80.238989][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 80.239012][ C0] ? ktime_get_real_ts64+0x460/0x460 [ 80.239042][ C0] run_timer_softirq+0x63/0xf0 [ 80.239065][ C0] handle_softirqs+0x3a7/0x930 [ 80.239086][ C0] ? __irq_exit_rcu+0x157/0x240 [ 80.239107][ C0] ? do_softirq+0x240/0x240 [ 80.239128][ C0] ? irqtime_account_irq+0xd0/0x1e0 [ 80.239151][ C0] __irq_exit_rcu+0x157/0x240 [ 80.239169][ C0] ? irq_exit_rcu+0x20/0x20 [ 80.239194][ C0] irq_exit_rcu+0x5/0x20 [ 80.239210][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 80.239231][ C0] [ 80.239237][ C0] [ 80.239243][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 80.239266][ C0] RIP: 0010:lock_page_memcg+0x24/0x4d0 [ 80.239286][ C0] Code: 08 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec c0 00 00 00 49 89 fe 65 48 8b 04 25 28 00 00 00 <48> 89 84 24 a0 00 00 00 48 b9 00 00 00 00 00 fc ff df 48 c7 44 24 [ 80.239301][ C0] RSP: 0018:ffffc9000309f2c0 EFLAGS: 00000286 [ 80.239317][ C0] RAX: 62ba42a426106000 RBX: 0000000000000000 RCX: ffff88802a7d9dc0 [ 80.239331][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0001a930c0 [ 80.239343][ C0] RBP: ffffc9000309f3b8 R08: ffffffff81b881f0 R09: fffff94000352619 [ 80.239357][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 00007f01cc9e8000 [ 80.239371][ C0] R13: ffffea0001a930c0 R14: ffffea0001a930c0 R15: ffffea0001a930c0 [ 80.239390][ C0] ? unmap_page_range+0xfb0/0x2630 [ 80.239418][ C0] ? mem_cgroup_print_oom_group+0x70/0x70 [ 80.239440][ C0] ? rcu_lock_acquire+0x30/0x30 [ 80.239459][ C0] ? do_raw_spin_lock+0x14a/0x370 [ 80.239479][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 80.239502][ C0] page_remove_rmap+0x2a/0x11e0 [ 80.239523][ C0] ? __tlb_remove_page_size+0x19f/0x3e0 [ 80.239543][ C0] ? vm_normal_page+0x93/0x1d0 [ 80.239564][ C0] unmap_page_range+0xffa/0x2630 [ 80.239601][ C0] ? mmu_notifier_invalidate_range_end+0xf0/0xf0 [ 80.239623][ C0] ? __pagevec_lru_add+0x1584/0x18d0 [ 80.239645][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 80.239662][ C0] ? uprobe_munmap+0x17a/0x400 [ 80.239687][ C0] ? unmap_single_vma+0x1a1/0x2d0 [ 80.239711][ C0] unmap_vmas+0x1f8/0x390 [ 80.239734][ C0] ? unmap_page_range+0x2630/0x2630 [ 80.239760][ C0] ? tlb_gather_mmu_fullmm+0x159/0x200 [ 80.239782][ C0] exit_mmap+0x3b6/0x670 [ 80.239803][ C0] ? vm_brk+0x20/0x20 [ 80.239828][ C0] ? uprobe_clear_state+0x304/0x460 [ 80.239854][ C0] __mmput+0x112/0x3b0 [ 80.239873][ C0] exit_mm+0x688/0x7f0 [ 80.239893][ C0] ? _raw_spin_unlock+0x40/0x40 [ 80.239917][ C0] ? do_exit+0x2480/0x2480 [ 80.239940][ C0] ? taskstats_exit+0x491/0xa10 [ 80.239960][ C0] ? tty_audit_exit+0x150/0x1f0 [ 80.239983][ C0] do_exit+0x626/0x2480 [ 80.240009][ C0] ? put_task_struct+0x80/0x80 [ 80.240037][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 80.240064][ C0] do_group_exit+0x144/0x310 [ 80.240086][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 80.240108][ C0] get_signal+0xc66/0x14e0 [ 80.240135][ C0] arch_do_signal_or_restart+0xc3/0x1890 [ 80.240160][ C0] ? futex_exit_release+0x1e0/0x1e0 [ 80.240189][ C0] ? read_lock_is_recursive+0x10/0x10 [ 80.240208][ C0] ? get_sigframe_size+0x10/0x10 [ 80.240230][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 80.240258][ C0] ? exit_to_user_mode_loop+0x39/0x130 [ 80.240279][ C0] exit_to_user_mode_loop+0x97/0x130 [ 80.240299][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 80.240319][ C0] syscall_exit_to_user_mode+0x5d/0x240 [ 80.240342][ C0] do_syscall_64+0x47/0xb0 [ 80.240360][ C0] ? clear_bhb_loop+0x15/0x70 [ 80.240382][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.240404][ C0] RIP: 0033:0x7f01cd053f19 [ 80.240419][ C0] Code: Unable to access opcode bytes at RIP 0x7f01cd053eef. [ 80.240428][ C0] RSP: 002b:00007f01caeca0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 80.240447][ C0] RAX: fffffffffffffe00 RBX: 00007f01cd219fa8 RCX: 00007f01cd053f19 [ 80.240460][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f01cd219fa8 [ 80.240473][ C0] RBP: 00007f01cd219fa0 R08: 0000000000000000 R09: 0000000000000000 [ 80.240485][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01cd219fac [ 80.240497][ C0] R13: 0000000000000000 R14: 00007fff3c00e5e0 R15: 00007fff3c00e6c8 [ 80.240518][ C0] [ 80.240563][ C1] WARNING: CPU: 1 PID: 4552 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0 [ 80.246099][ C0] WARNING: CPU: 0 PID: 4569 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0 [ 80.248411][ C1] Modules linked in: [ 80.255407][ C0] Modules linked in: [ 80.262403][ C1] CPU: 1 PID: 4552 Comm: syz.2.125 Not tainted 5.15.173-syzkaller #0 [ 80.267580][ C0] CPU: 0 PID: 4569 Comm: syz.0.132 Not tainted 5.15.173-syzkaller #0 [ 80.274576][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 80.280446][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 80.289441][ C1] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 [ 80.296796][ C0] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 [ 80.305618][ C1] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 cb c6 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff [ 80.316005][ C0] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 cb c6 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff [ 80.325001][ C1] RSP: 0018:ffffc90000dd0850 EFLAGS: 00010046 [ 80.332265][ C0] RSP: 0018:ffffc90000007850 EFLAGS: 00010046 [ 80.337265][ C1] [ 80.337271][ C1] RAX: ffffffff81aaacec RBX: 0000000000000000 RCX: ffff888029f78000 [ 80.343046][ C0] [ 80.343052][ C0] RAX: ffffffff81aaacec RBX: 0000000000000000 RCX: ffff88802a7d9dc0 [ 80.348309][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 80.353227][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 80.359011][ C1] RBP: dffffc0000000000 R08: ffffffff81aaabfd R09: ffffed10053ef001 [ 80.364020][ C0] RBP: dffffc0000000000 R08: ffffffff81aaabfd R09: ffffed10054fb3b9 [ 80.369370][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 80.374377][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 80.379465][ C1] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc90000dd08c8 [ 80.384120][ C0] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900000078c8 [ 80.389123][ C1] FS: 000055558aaa7500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 80.395511][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 80.402774][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.407780][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.413387][ C1] CR2: 000000110c38a041 CR3: 00000000614b3000 CR4: 00000000003506e0 [ 80.419259][ C0] CR2: 000000110c28f2d1 CR3: 00000000645a0000 CR4: 00000000003506f0 [ 80.424351][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.429790][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.434972][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.440061][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.445147][ C1] Call Trace: [ 80.445156][ C1] [ 80.449802][ C0] Call Trace: [ 80.449809][ C0] [ 80.454805][ C1] ? __warn+0x15b/0x300 [ 80.461201][ C0] ? __warn+0x15b/0x300 [ 80.468462][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.473463][ C0] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.479246][ C1] ? report_bug+0x1b7/0x2e0 [ 80.484424][ C0] ? report_bug+0x1b7/0x2e0 [ 80.488388][ C1] ? handle_bug+0x3d/0x70 [ 80.493738][ C0] ? handle_bug+0x3d/0x70 [ 80.499086][ C1] ? exc_invalid_op+0x16/0x40 [ 80.504006][ C0] ? exc_invalid_op+0x16/0x40 [ 80.508482][ C1] ? asm_exc_invalid_op+0x16/0x20 [ 80.514007][ C0] ? asm_exc_invalid_op+0x16/0x20 [ 80.519185][ C1] ? copy_from_user_nofault+0x6d/0x1c0 [ 80.524106][ C0] ? copy_from_user_nofault+0x6d/0x1c0 [ 80.530492][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.538357][ C0] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.543710][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.549059][ C0] ? copy_from_user_nofault+0x15c/0x1c0 [ 80.554071][ C1] bpf_probe_read_compat+0xe4/0x180 [ 80.559854][ C0] bpf_probe_read_compat+0xe4/0x180 [ 80.564685][ C1] bpf_prog_660a4dcab242cdbf+0x3a/0x790 [ 80.570902][ C0] bpf_prog_660a4dcab242cdbf+0x3a/0x790 [ 80.576860][ C1] bpf_trace_run3+0x1d1/0x380 [ 80.581778][ C0] bpf_trace_run3+0x1d1/0x380 [ 80.586264][ C1] ? bpf_trace_run2+0x340/0x340 [ 80.591092][ C0] ? bpf_trace_run2+0x340/0x340 [ 80.595754][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 80.600758][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 80.606220][ C1] ? _raw_spin_unlock+0x40/0x40 [ 80.612135][ C0] ? _raw_spin_unlock+0x40/0x40 [ 80.617956][ C1] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 80.624024][ C0] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 80.629214][ C1] ? _raw_spin_lock+0x40/0x40 [ 80.634997][ C0] ? _raw_spin_lock+0x40/0x40 [ 80.640087][ C1] ? __bpf_trace_timer_class+0x20/0x20 [ 80.645005][ C0] ? __bpf_trace_timer_class+0x20/0x20 [ 80.650096][ C1] __traceiter_timer_start+0x79/0xd0 [ 80.655101][ C0] __traceiter_timer_start+0x79/0xd0 [ 80.660400][ C1] enqueue_timer+0x3ae/0x540 [ 80.665751][ C0] enqueue_timer+0x3ae/0x540 [ 80.670934][ C1] __mod_timer+0xa60/0xeb0 [ 80.675679][ C0] __mod_timer+0xa60/0xeb0 [ 80.681823][ C1] ? mod_timer_pending+0x20/0x20 [ 80.688301][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 80.693480][ C1] ? nsecs_to_jiffies+0x9/0x30 [ 80.698836][ C0] ? mod_timer_pending+0x20/0x20 [ 80.704273][ C1] ? wb_timer_fn+0xa42/0xe60 [ 80.709165][ C0] ? prandom_u32+0x218/0x260 [ 80.713927][ C1] call_timer_fn+0x16d/0x560 [ 80.718500][ C0] call_timer_fn+0x16d/0x560 [ 80.723071][ C1] ? blk_stat_alloc_callback+0x230/0x230 [ 80.727730][ C0] ? garp_init_applicant+0x470/0x470 [ 80.732818][ C1] ? __run_timers+0x890/0x890 [ 80.737736][ C0] ? __run_timers+0x890/0x890 [ 80.743896][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 80.749683][ C0] ? do_raw_spin_unlock+0x137/0x8b0 [ 80.755816][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 80.761862][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 80.766777][ C1] ? blk_stat_alloc_callback+0x230/0x230 [ 80.773169][ C0] ? garp_init_applicant+0x470/0x470 [ 80.783387][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 80.795943][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 80.803381][ C1] ? blk_stat_alloc_callback+0x230/0x230 [ 80.808732][ C0] ? garp_init_applicant+0x470/0x470 [ 80.814083][ C1] __run_timers+0x67c/0x890 [ 80.818216][ C0] __run_timers+0x67c/0x890 [ 80.824787][ C1] ? detach_timer+0x2f0/0x2f0 [ 80.831354][ C0] ? detach_timer+0x2f0/0x2f0 [ 80.836023][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 80.844157][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 80.849176][ C1] ? ktime_get_real_ts64+0x460/0x460 [ 80.859224][ C0] ? ktime_get_real_ts64+0x460/0x460 [ 80.869004][ C1] run_timer_softirq+0x63/0xf0 [ 80.878263][ C0] run_timer_softirq+0x63/0xf0 [ 80.887518][ C1] handle_softirqs+0x3a7/0x930 [ 80.893388][ C0] handle_softirqs+0x3a7/0x930 [ 80.901442][ C1] ? __irq_exit_rcu+0x157/0x240 [ 80.911488][ C0] ? __irq_exit_rcu+0x157/0x240 [ 80.914763][ C1] ? do_softirq+0x240/0x240 [ 80.917610][ C0] ? do_softirq+0x240/0x240 [ 80.922267][ C1] ? irqtime_account_irq+0xd0/0x1e0 [ 80.927880][ C0] ? irqtime_account_irq+0xd0/0x1e0 [ 80.933059][ C1] __irq_exit_rcu+0x157/0x240 [ 80.937974][ C0] __irq_exit_rcu+0x157/0x240 [ 80.942889][ C1] ? irq_exit_rcu+0x20/0x20 [ 80.948500][ C0] ? irq_exit_rcu+0x20/0x20 [ 80.953158][ C1] irq_exit_rcu+0x5/0x20 [ 80.958334][ C0] irq_exit_rcu+0x5/0x20 [ 80.963159][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 80.968772][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 80.974267][ C1] [ 80.979020][ C0] [ 80.983850][ C1] [ 80.983859][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 80.988507][ C0] [ 80.988516][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 80.992817][ C1] RIP: 0010:__kasan_check_read+0x0/0x10 [ 80.997657][ C0] RIP: 0010:lock_page_memcg+0x24/0x4d0 [ 81.002139][ C1] Code: d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 c7 c7 57 e0 3c 8c eb 0a 48 c7 c7 8f e0 3c 8c 4c 89 fe e8 66 25 73 08 31 db eb d7 cc cc <89> f6 48 8b 0c 24 31 d2 e9 63 ef ff ff 0f 1f 00 89 f6 48 8b 0c 24 [ 81.006655][ C0] Code: 08 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec c0 00 00 00 49 89 fe 65 48 8b 04 25 28 00 00 00 <48> 89 84 24 a0 00 00 00 48 b9 00 00 00 00 00 fc ff df 48 c7 44 24 [ 81.011221][ C1] RSP: 0018:ffffc900030bf648 EFLAGS: 00000293 [ 81.016581][ C0] RSP: 0018:ffffc9000309f2c0 EFLAGS: 00000286 [ 81.020540][ C1] [ 81.020547][ C1] RAX: ffffffff81c4e679 RBX: 0000000000000000 RCX: ffff888029f78000 [ 81.025106][ C0] [ 81.025111][ C0] RAX: 62ba42a426106000 RBX: 0000000000000000 RCX: ffff88802a7d9dc0 [ 81.029672][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffea00015c82c0 [ 81.034411][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0001a930c0 [ 81.039674][ C1] RBP: 0000000000000a5b R08: ffffffff81a8cf3d R09: fffff940002b9059 [ 81.044356][ C0] RBP: ffffc9000309f3b8 R08: ffffffff81b881f0 R09: fffff94000352619 [ 81.049015][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900030bf768 [ 81.053839][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 00007f01cc9e8000 [ 81.058147][ C1] R13: ffffea00015c82c0 R14: ffffea00015c82c0 R15: dffffc0000000000 [ 81.063844][ C0] R13: ffffea0001a930c0 R14: ffffea0001a930c0 R15: ffffea0001a930c0 [ 81.069128][ C1] ? find_lock_entries+0xa3d/0x1030 [ 81.073695][ C0] ? unmap_page_range+0xfb0/0x2630 [ 81.078436][ C1] ? PageHuge+0x19/0x130 [ 81.083363][ C0] ? mem_cgroup_print_oom_group+0x70/0x70 [ 81.087952][ C1] PageHuge+0x26/0x130 [ 81.093386][ C0] ? rcu_lock_acquire+0x30/0x30 [ 81.098053][ C1] thp_contains+0x21/0x3c0 [ 81.102968][ C0] ? do_raw_spin_lock+0x14a/0x370 [ 81.108323][ C1] ? xas_reload+0x299/0x470 [ 81.113249][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 81.118601][ C1] find_lock_entries+0xa6d/0x1030 [ 81.123520][ C0] page_remove_rmap+0x2a/0x11e0 [ 81.127920][ C1] ? find_get_entry+0x280/0x280 [ 81.131879][ C0] ? __tlb_remove_page_size+0x19f/0x3e0 [ 81.136202][ C1] shmem_undo_range+0x2a3/0x1b50 [ 81.140679][ C0] ? vm_normal_page+0x93/0x1d0 [ 81.144738][ C1] ? shmem_truncate_range+0xa0/0xa0 [ 81.149736][ C0] unmap_page_range+0xffa/0x2630 [ 81.153972][ C1] ? __lock_acquire+0x1ff0/0x1ff0 [ 81.159504][ C0] ? mmu_notifier_invalidate_range_end+0xf0/0xf0 [ 81.163799][ C1] ? do_raw_spin_lock+0x14a/0x370 [ 81.167935][ C0] ? __pagevec_lru_add+0x1584/0x18d0 [ 81.172430][ C1] shmem_evict_inode+0x21b/0xa00 [ 81.177263][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 81.183399][ C1] ? _raw_spin_unlock+0x24/0x40 [ 81.202985][ C0] ? uprobe_munmap+0x17a/0x400 [ 81.209034][ C1] ? inode_wait_for_writeback+0x21f/0x280 [ 81.216993][ C0] ? unmap_single_vma+0x1a1/0x2d0 [ 81.224946][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 81.232907][ C0] unmap_vmas+0x1f8/0x390 [ 81.240860][ C1] ? bit_waitqueue+0x30/0x30 [ 81.248818][ C0] ? unmap_page_range+0x2630/0x2630 [ 81.254253][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 81.259797][ C0] ? tlb_gather_mmu_fullmm+0x159/0x200 [ 81.264972][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 81.270526][ C0] exit_mmap+0x3b6/0x670 [ 81.275188][ C1] evict+0x529/0x930 [ 81.280023][ C0] ? vm_brk+0x20/0x20 [ 81.285902][ C1] ? mode_strip_sgid+0x210/0x210 [ 81.290739][ C0] ? uprobe_clear_state+0x304/0x460 [ 81.296173][ C1] ? _raw_spin_unlock+0x24/0x40 [ 81.300829][ C0] __mmput+0x112/0x3b0 [ 81.306262][ C1] ? iput+0x6f5/0x8b0 [ 81.311528][ C0] exit_mm+0x688/0x7f0 [ 81.316097][ C1] __dentry_kill+0x436/0x650 [ 81.320511][ C0] ? _raw_spin_unlock+0x40/0x40 [ 81.326383][ C1] dentry_kill+0xbb/0x290 [ 81.331302][ C0] ? do_exit+0x2480/0x2480 [ 81.335871][ C1] dput+0xd8/0x1a0 [ 81.340453][ C0] ? taskstats_exit+0x491/0xa10 [ 81.345716][ C1] __fput+0x636/0x8e0 [ 81.350373][ C0] ? tty_audit_exit+0x150/0x1f0 [ 81.355556][ C1] task_work_run+0x129/0x1a0 [ 81.360729][ C0] do_exit+0x626/0x2480 [ 81.366003][ C1] exit_to_user_mode_loop+0x106/0x130 [ 81.371184][ C0] ? put_task_struct+0x80/0x80 [ 81.376446][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 81.380933][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 81.385592][ C1] syscall_exit_to_user_mode+0x5d/0x240 [ 81.391560][ C0] do_group_exit+0x144/0x310 [ 81.396819][ C1] do_syscall_64+0x47/0xb0 [ 81.401560][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 81.406302][ C1] ? clear_bhb_loop+0x15/0x70 [ 81.411131][ C0] get_signal+0xc66/0x14e0 [ 81.415617][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.420838][ C0] arch_do_signal_or_restart+0xc3/0x1890 [ 81.425507][ C1] RIP: 0033:0x7ff909ed7f19 [ 81.429993][ C0] ? futex_exit_release+0x1e0/0x1e0 [ 81.434217][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.439829][ C0] ? read_lock_is_recursive+0x10/0x10 [ 81.442746][ C1] RSP: 002b:00007ffcff9dcf08 EFLAGS: 00000246 [ 81.445665][ C0] ? get_sigframe_size+0x10/0x10 [ 81.451624][ C1] ORIG_RAX: 00000000000001b4 [ 81.457066][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 81.476663][ C1] RAX: 0000000000000000 RBX: 00007ff90a09fba0 RCX: 00007ff909ed7f19 [ 81.482758][ C0] ? exit_to_user_mode_loop+0x39/0x130 [ 81.490700][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 81.498656][ C0] exit_to_user_mode_loop+0x97/0x130 [ 81.506625][ C1] RBP: 00007ff90a09fba0 R08: 0000000000000188 R09: 00007ffcff9dd1ef [ 81.514584][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 81.522537][ C1] R10: 00000000003ffc5c R11: 0000000000000246 R12: 000000000001391f [ 81.527630][ C0] syscall_exit_to_user_mode+0x5d/0x240 [ 81.533325][ C1] R13: 00007ff90a09e160 R14: 0000000000000032 R15: ffffffffffffffff [ 81.538157][ C0] do_syscall_64+0x47/0xb0 [ 81.543167][ C1] [ 81.548160][ C0] ? clear_bhb_loop+0x15/0x70 [ 81.553008][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 81.558515][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.563259][ C1] CPU: 1 PID: 4552 Comm: syz.2.125 Not tainted 5.15.173-syzkaller #0 [ 81.568175][ C0] RIP: 0033:0x7f01cd053f19 [ 81.574478][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 81.579739][ C0] Code: Unable to access opcode bytes at RIP 0x7f01cd053eef. [ 81.584744][ C1] Call Trace: [ 81.584753][ C1] [ 81.589486][ C0] RSP: 002b:00007f01caeca0e8 EFLAGS: 00000246 [ 81.594493][ C1] dump_stack_lvl+0x1e3/0x2d0 [ 81.598807][ C0] ORIG_RAX: 00000000000000ca [ 81.604076][ C1] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 81.609511][ C0] RAX: fffffffffffffe00 RBX: 00007f01cd219fa8 RCX: 00007f01cd053f19 [ 81.613737][ C1] ? panic+0x860/0x860 [ 81.617698][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f01cd219fa8 [ 81.622882][ C1] ? copy_from_user_nofault+0x70/0x1c0 [ 81.626922][ C0] RBP: 00007f01cd219fa0 R08: 0000000000000000 R09: 0000000000000000 [ 81.630969][ C1] ? copy_from_user_nofault+0x70/0x1c0 [ 81.636068][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01cd219fac [ 81.640462][ C1] panic+0x318/0x860 [ 81.645295][ C0] R13: 0000000000000000 R14: 00007fff3c00e5e0 R15: 00007fff3c00e6c8 [ 81.650130][ C1] ? __warn+0x16a/0x300 [ 81.654270][ C0] [ 81.659013][ C1] ? fb_is_primary_device+0xd0/0xd0 [ 81.664971][ C0] irq event stamp: 4375 [ 81.669544][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 81.674713][ C0] hardirqs last enabled at (4374): [] _raw_spin_unlock_irqrestore+0x8b/0x130 [ 81.679111][ C1] __warn+0x2b2/0x300 [ 81.684721][ C0] hardirqs last disabled at (4375): [] _raw_spin_lock_irqsave+0xac/0x120 [ 81.689902][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 81.695251][ C0] softirqs last enabled at (1066): [] __irq_exit_rcu+0x157/0x240 [ 81.700169][ C1] report_bug+0x1b7/0x2e0 [ 81.705179][ C0] softirqs last disabled at (4369): [] __irq_exit_rcu+0x157/0x240 [ 81.710661][ C1] handle_bug+0x3d/0x70 [ 81.715919][ C0] ---[ end trace 07158d5f6652a49c ]--- [ 81.721446][ C1] exc_invalid_op+0x16/0x40 [ 83.390885][ C1] asm_exc_invalid_op+0x16/0x20 [ 83.395729][ C1] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 [ 83.401882][ C1] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 cb c6 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff [ 83.421482][ C1] RSP: 0018:ffffc90000dd0850 EFLAGS: 00010046 [ 83.427555][ C1] RAX: ffffffff81aaacec RBX: 0000000000000000 RCX: ffff888029f78000 [ 83.435516][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 83.443478][ C1] RBP: dffffc0000000000 R08: ffffffff81aaabfd R09: ffffed10053ef001 [ 83.451432][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 83.459390][ C1] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc90000dd08c8 [ 83.467355][ C1] ? copy_from_user_nofault+0x6d/0x1c0 [ 83.472805][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 83.478338][ C1] bpf_probe_read_compat+0xe4/0x180 [ 83.483523][ C1] bpf_prog_660a4dcab242cdbf+0x3a/0x790 [ 83.489050][ C1] bpf_trace_run3+0x1d1/0x380 [ 83.493714][ C1] ? bpf_trace_run2+0x340/0x340 [ 83.498547][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 83.504426][ C1] ? _raw_spin_unlock+0x40/0x40 [ 83.509274][ C1] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 83.514732][ C1] ? _raw_spin_lock+0x40/0x40 [ 83.519393][ C1] ? __bpf_trace_timer_class+0x20/0x20 [ 83.524834][ C1] __traceiter_timer_start+0x79/0xd0 [ 83.530119][ C1] enqueue_timer+0x3ae/0x540 [ 83.534697][ C1] __mod_timer+0xa60/0xeb0 [ 83.539101][ C1] ? mod_timer_pending+0x20/0x20 [ 83.544025][ C1] ? nsecs_to_jiffies+0x9/0x30 [ 83.548771][ C1] ? wb_timer_fn+0xa42/0xe60 [ 83.553364][ C1] call_timer_fn+0x16d/0x560 [ 83.557946][ C1] ? blk_stat_alloc_callback+0x230/0x230 [ 83.563585][ C1] ? __run_timers+0x890/0x890 [ 83.568247][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 83.573432][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 83.578635][ C1] ? blk_stat_alloc_callback+0x230/0x230 [ 83.584249][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 83.589432][ C1] ? blk_stat_alloc_callback+0x230/0x230 [ 83.595045][ C1] __run_timers+0x67c/0x890 [ 83.599551][ C1] ? detach_timer+0x2f0/0x2f0 [ 83.604208][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 83.610261][ C1] ? ktime_get_real_ts64+0x460/0x460 [ 83.615543][ C1] run_timer_softirq+0x63/0xf0 [ 83.620295][ C1] handle_softirqs+0x3a7/0x930 [ 83.625046][ C1] ? __irq_exit_rcu+0x157/0x240 [ 83.629882][ C1] ? do_softirq+0x240/0x240 [ 83.634374][ C1] ? irqtime_account_irq+0xd0/0x1e0 [ 83.639575][ C1] __irq_exit_rcu+0x157/0x240 [ 83.644236][ C1] ? irq_exit_rcu+0x20/0x20 [ 83.648749][ C1] irq_exit_rcu+0x5/0x20 [ 83.652977][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 83.658609][ C1] [ 83.661526][ C1] [ 83.664441][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 83.670408][ C1] RIP: 0010:__kasan_check_read+0x0/0x10 [ 83.675937][ C1] Code: d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 c7 c7 57 e0 3c 8c eb 0a 48 c7 c7 8f e0 3c 8c 4c 89 fe e8 66 25 73 08 31 db eb d7 cc cc <89> f6 48 8b 0c 24 31 d2 e9 63 ef ff ff 0f 1f 00 89 f6 48 8b 0c 24 [ 83.695526][ C1] RSP: 0018:ffffc900030bf648 EFLAGS: 00000293 [ 83.701676][ C1] RAX: ffffffff81c4e679 RBX: 0000000000000000 RCX: ffff888029f78000 [ 83.709631][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffea00015c82c0 [ 83.717584][ C1] RBP: 0000000000000a5b R08: ffffffff81a8cf3d R09: fffff940002b9059 [ 83.725542][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900030bf768 [ 83.733496][ C1] R13: ffffea00015c82c0 R14: ffffea00015c82c0 R15: dffffc0000000000 [ 83.741456][ C1] ? find_lock_entries+0xa3d/0x1030 [ 83.746657][ C1] ? PageHuge+0x19/0x130 [ 83.750903][ C1] PageHuge+0x26/0x130 [ 83.754958][ C1] thp_contains+0x21/0x3c0 [ 83.759363][ C1] ? xas_reload+0x299/0x470 [ 83.763850][ C1] find_lock_entries+0xa6d/0x1030 [ 83.768867][ C1] ? find_get_entry+0x280/0x280 [ 83.773708][ C1] shmem_undo_range+0x2a3/0x1b50 [ 83.778651][ C1] ? shmem_truncate_range+0xa0/0xa0 [ 83.783937][ C1] ? __lock_acquire+0x1ff0/0x1ff0 [ 83.788957][ C1] ? do_raw_spin_lock+0x14a/0x370 [ 83.793991][ C1] shmem_evict_inode+0x21b/0xa00 [ 83.799023][ C1] ? _raw_spin_unlock+0x24/0x40 [ 83.803872][ C1] ? inode_wait_for_writeback+0x21f/0x280 [ 83.809579][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 83.815108][ C1] ? bit_waitqueue+0x30/0x30 [ 83.819697][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 83.824902][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 83.830434][ C1] evict+0x529/0x930 [ 83.834321][ C1] ? mode_strip_sgid+0x210/0x210 [ 83.839275][ C1] ? _raw_spin_unlock+0x24/0x40 [ 83.844114][ C1] ? iput+0x6f5/0x8b0 [ 83.848084][ C1] __dentry_kill+0x436/0x650 [ 83.852747][ C1] dentry_kill+0xbb/0x290 [ 83.857063][ C1] dput+0xd8/0x1a0 [ 83.860768][ C1] __fput+0x636/0x8e0 [ 83.864755][ C1] task_work_run+0x129/0x1a0 [ 83.869331][ C1] exit_to_user_mode_loop+0x106/0x130 [ 83.874701][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 83.880229][ C1] syscall_exit_to_user_mode+0x5d/0x240 [ 83.885761][ C1] do_syscall_64+0x47/0xb0 [ 83.890161][ C1] ? clear_bhb_loop+0x15/0x70 [ 83.894824][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 83.900703][ C1] RIP: 0033:0x7ff909ed7f19 [ 83.905106][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.924692][ C1] RSP: 002b:00007ffcff9dcf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 83.933092][ C1] RAX: 0000000000000000 RBX: 00007ff90a09fba0 RCX: 00007ff909ed7f19 [ 83.941045][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 83.949017][ C1] RBP: 00007ff90a09fba0 R08: 0000000000000188 R09: 00007ffcff9dd1ef [ 83.956989][ C1] R10: 00000000003ffc5c R11: 0000000000000246 R12: 000000000001391f [ 83.964949][ C1] R13: 00007ff90a09e160 R14: 0000000000000032 R15: ffffffffffffffff [ 83.972914][ C1] [ 85.092464][ C1] Shutting down cpus with NMI [ 85.097522][ C1] Kernel Offset: disabled [ 85.101868][ C1] Rebooting in 86400 seconds..