program: sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c"], 0xc0}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'vlan0\x00', 0x0}) unshare(0x62040200) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f0000000100)={[{@noload}, {@noblock_validity}, {@discard}, {@errors_remount}, {@inode_readahead_blks, 0x0}, {@noauto_da_alloc}, {@noload}, {@journal_checksum}, {@mblk_io_submit}, {@noacl}, {@usrjquota}, {@nolazytime}, {@journal_dev={'journal_dev', 0x3d, 0x765}}, {@norecovery}, {@nobarrier}, {@data_writeback}, {@resgid}], [{@audit}, {@uid_lt={'uid<', 0xee01}}], 0x2c}, 0x2, 0x4f8, &(0x7f0000000700)="$eJzs3EtvVGUfAPD/mbaUvtC3fXm9cVFG0dhopLRcFy6AaMLGxERjcFnbQpAChtYESCPFGEhcaPgEXnYmfgJXujFqXGjcStwaE2K6AV2YY87MmTrt6fTGtGPp75fM8JzbPM//nPMwz2VOA9iwytlbErE1In6OiJ7q4uwdytV/7k5PDv8xPTmcRJq+8ntS2e/O9ORwbdfacVvyhb5SROm9JHYWs+0cv3zl7NDY2OjFfEX/RClPnRs6PXp69PzgkSMH9ncdPjR4sClxZmW6s+OdC7u2n3j95kvDJ2++8e3nWXnTfHt9HFW9lfdNS86hrbCmHOXZ57LOU0sv+rrQXZdO2rP3UusKw5Jld212uToq9b8n2ipLVT3x4rstLRywqtI0TTsLa2e+y6bSeklSPSBNr6XAfSCJVpcAaI3aF/2d6aynOjlc7Aff324fi0oPKIv7bv6qbmmv9GDLvdW+Uccq5f9ARJyc+vOj7BXzjkMAADTXl8cibhyvtjtqr+qWUjxUt99/87mh3oj4X0Rsi4j/5+2XByMq+z4cEY/UHdO9hFmA8pzlYvvnx648Ud9cbZqs/fd8Prc1u/03U/LetnypuxJ/R3LqzNjovvyc9EVHZ7Y8UPzomWG1r1746cNG+Zfr2n/ZK8u/1hbMy/Fb+5wBupGhiaF7jbvm9rXKib1ajD+J9qSWitgeETtW8PnZOTvzzGe7Gm2fFX8WZyH+Dxp/ePsKCjRH+knE09XrPxVz4o98/i+pzE+ee6t//PKV587Uz08OHD40eLB/c4yN7uuv3RVF3/1w/eU8WehGLHD9a1VjVSfSsuv/n3nv/5mZy94sNTNfO778PK7futGwT7PS+39T8molXZufvTQ0MXFxIGJTMlVcP/jPsZeGumbtn8Xft2f++r8t4q+P8+N2RkR2Ez8aEY9FxO687I9HxBMRsWeB+L85/uSbjbqQi8e/urL4R5Z1/Rsljn4fMf+mtrNff1HI+P1yIf6OaHT9D1RSffmakaGJzYvFtVBJ6xP3fAIBAABgHdgdEVsjKe3NB5q2Rqm0d2/ElpkRlPGJZ09dePv8SPUZgd7oKNVGunrqxkMH8rHhbDk7arBuOdu+vzJunKZp2pUtZ/33se7Whg4b3pYG9T/za/GRFuB+s6x5tEZPtAHr0tz6f2vJRzb/BxnA2mrC72iAdUr9h41ryfV/tZ6CA1pmvvp/NeJuC4oCrLH56v9rhTVH16QswNrS/4eNa+X1348BYL3z/Q8b0pIekl9BYtuJBfZJ2lcn08aJUiz8VwB6I2pram2ahT/wl1JEc0rY1tRIu2Zd09K8+2yOZuQVpUX3aV/GH2JY20Tp31GMaqIzIha5e2dutqu1xJXVLlilEnza2v+dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7t3fAQAA///tUdPr") r2 = gettid() sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005800)={0x50, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x50}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}]}]}], {0x14}}, 0xc8}}, 0x0) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wpan3\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r3, &(0x7f0000000640)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x9000000}, 0xc, &(0x7f0000000600)={&(0x7f00000004c0)=ANY=[@ANYBLOB="959ef0a8", @ANYRES16=r7, @ANYBLOB="00042abd7000fbdbdf251a00000008000300", @ANYRES32=r8, @ANYBLOB="2c002e80050005000100000006000300feff000006000300a1aa00000600010003000000060001000c0000000c000600020000000000000048002e8006000100ff7f0000060002000300000006000300a1aa00000600020000000000050005000000000005000500000000000c0004000202aaaaaaaaaaaa060003000000000008000300", @ANYRES32=r9, @ANYBLOB], 0xa4}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r10) ptrace$setregs(0xd, r10, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") r11 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188040f56ecdb4cb9cca7480ef436000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r11}, 0x8) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xc, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200003a000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b2c16bd94d2da66059de81abfa15eeeae3b0ba38d8bb1bf032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f5533d3c58104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7866f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7abc231f8cde79b7a6c5aafe954b8ba37818e40c14b36f2d7c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1df7ffffff735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b82ceaeaae9b1713b5f2ee68e2b53d44bd84bf6960157e96bbb96b5e10d66c87e7a9a7d53c281d88ebb175a4dbb82130e6870980e47913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf355e5b91114052f8a398d8e10c96b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c58965c514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e24d192d67a1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb2200040000fc1e3865d17d128306d1b81884a934cb0000000000d367000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44b615ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f530043a6cd72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a673804220423f52ad8178b9fd04bff816e00000000000000000000000000000000000000000079aaf19bd1e18f582aac5b83d76bd57297512fdcdad18bcf2455bc80394d8f34e2ef84733038f4b6ef516d7baa99f24f2f100fc46aec9dc19b30fe9966b7ae563b6459d86fd3b4c7173f06387517e4189f3fb09c069e20220354b054f2391efe55a0cc7f738b3987ae033ceabddec65ec31f98c7e0858e8d411087889964b8fb3c31f74fa7b2e6e1c1d84a46d8be8afff1ac67eb2da30294d4a0f89978d4e2137319b6448da45bd00eb23aa5be1d566782b5a4aa291a854a4932bcbf472fd1175b521edb1763bb7dae4a124b0006e2ce4799519b3dbd3c0109b17fe2b4b87f6ad4b7176c9c1959669ef42cfce81fbc6dcdc7f9bde1a66c0b3cf9329bfecf0217bda1b72924ee9d90a3bd0be833f206244b5ba0648309018da5442ebd22bca0363183aae9d38f80638f52015cab5a8d772f9b92cb2f286783fa976f7d215136cae0b0b0539dc7dbd56035a69807514c732763f542f10401e65368b821b584fe2f82c94b2f5930246800000000000000000000000000000000000000c8ed77d8ac9f28a2e8f205900241ec8872fe3ecdf73abfc4024298a69649e17f3fe5ebba1e17f2f280e6d3f094cd3448700c5ee102b5d1b04f08ab2e5272990646eca26a62431e8c942ea2c0c621b4821eb5beceee6d53468852159452cf47aead473a8638a4d1ce2d4c6df1074e8cb3ec16149e6b4b7ec1a9aa1b63f41d08afd3d885b98330e25eedaaf5f361b2e81ce0c52ee84a2b340afdc59b177921e2f2a99132b82ed3291196038fe9a4f5a5dc734788c71bf46222d266a48628774c87b88bf3dcbea4574a87726345587e1e233fd4117063d183f477cc53c52a3fafcb998a96cf9f61cdd9ffa82d648880552ac506811accffc85ca34b262ed983d4645f4657522ed32b278891c26d5e70d41f9a5c8df8dc163fd84a81af0020a10fe53ce940d350d62b526f198620abdad179a273682175da1d9d82fde7eb9a45b566e78904238d00908b5876b4ebfca376d631b9b0caf3f1ef32ae87507aace4715efaf840ebda28e741a8b6b29eed5861168b4e1b3842f6db4443974dd0f0d4ceed9ca62fd2a839a8150335dc2b9640825b83c8bf4f931a51b093bf2dc84809af7c14f04b58d64e4f852bc49cf1126567e11f61774559bdbcc500000000000000000000000000eab10c8c592cb6f1ebccd9eb16c155a0666189eb16cea09f164363456645c9b7c168bc214615a7e94ff3d53f85c6396c42050f3205cef3009458f33949efa6a583d87795448b8b21ab6a7ca4bd8b0da30dee0af8b3a0f3cfd0ad9a8e7819b2057e2e5d8b453b6f743f8fc4dee677658958c4d4663ddcdfd0fc44e996665ab5586a4eb40a959fb0dababa05e776c29cf2443ad1d2fa0920288db88e645033ae1a4357078810d20bd93b8194214554c3f8c6efd61bc40000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r12, 0x18000000000002a0, 0xe40, 0x0, &(0x7f00000002c0)="f6ea090003000060009ba538a44cc2", 0x0, 0x52, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) [ 69.589620][ T4686] Bluetooth: hci0: command tx timeout [ 69.725571][ T5339] loop0: detected capacity change from 0 to 512 [ 69.762577][ T5339] ======================================================= [ 69.762577][ T5339] WARNING: The mand mount option has been deprecated and [ 69.762577][ T5339] and is ignored by this kernel. Remove the mand [ 69.762577][ T5339] option from the mount to silence this warning. [ 69.762577][ T5339] ======================================================= [ 69.778509][ T5339] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 69.784550][ T5339] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 69.788357][ T5339] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.794192][ T5339] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.0: bg 0: block 361: padding at end of block bitmap is not set [ 69.801776][ T5339] EXT4-fs (loop0): Remounting filesystem read-only [ 69.805027][ T5339] EXT4-fs (loop0): 1 truncate cleaned up [ 69.807986][ T5339] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 69.863067][ T5332] IPVS: starting estimator thread 0... [ 69.930290][ T5339] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 69.938786][ T5339] netlink: 55 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.951263][ T5344] IPVS: using max 41 ests per chain, 98400 per kthread [ 70.070054][ T5339] ================================================================== [ 70.073134][ T5339] BUG: KASAN: slab-use-after-free in __dev_get_by_index+0x5d/0x110 [ 70.076250][ T5339] Read of size 8 at addr ffff888043eba1b0 by task syz.0.0/5339 [ 70.079234][ T5339] [ 70.080197][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 70.084812][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.089207][ T5339] Call Trace: [ 70.090552][ T5339] [ 70.091737][ T5339] dump_stack_lvl+0x241/0x360 [ 70.093598][ T5339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.095625][ T5339] ? __pfx__printk+0x10/0x10 [ 70.097439][ T5339] ? _printk+0xd5/0x120 [ 70.099042][ T5339] ? __virt_addr_valid+0x183/0x530 [ 70.100999][ T5339] ? __virt_addr_valid+0x183/0x530 [ 70.103010][ T5339] print_report+0x169/0x550 [ 70.104732][ T5339] ? __virt_addr_valid+0x183/0x530 [ 70.106664][ T5339] ? __virt_addr_valid+0x183/0x530 [ 70.108689][ T5339] ? __virt_addr_valid+0x45f/0x530 [ 70.110634][ T5339] ? __phys_addr+0xba/0x170 [ 70.112467][ T5339] ? __dev_get_by_index+0x5d/0x110 [ 70.114486][ T5339] kasan_report+0x143/0x180 [ 70.116330][ T5339] ? __dev_get_by_index+0x5d/0x110 [ 70.118280][ T5339] __dev_get_by_index+0x5d/0x110 [ 70.120199][ T5339] rfc2863_policy+0x224/0x300 [ 70.122062][ T5339] linkwatch_do_dev+0x3e/0x170 [ 70.123935][ T5339] netdev_run_todo+0x461/0x1000 [ 70.125790][ T5339] ? __pfx_netdev_run_todo+0x10/0x10 [ 70.127798][ T5339] ? unregister_netdevice_queue+0x26b/0x370 [ 70.129925][ T5339] ? veth_dellink+0xef/0x140 [ 70.131562][ T5339] ? __pfx_veth_dellink+0x10/0x10 [ 70.133321][ T5339] rtnl_dellink+0x760/0x8d0 [ 70.134871][ T5339] ? __pfx_rtnl_dellink+0x10/0x10 [ 70.136625][ T5339] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.138730][ T5339] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.141076][ T5339] ? __pfx_rtnl_dellink+0x10/0x10 [ 70.143069][ T5339] rtnetlink_rcv_msg+0x791/0xcf0 [ 70.145052][ T5339] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 70.147021][ T5339] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 70.149171][ T5339] ? ref_tracker_free+0x643/0x7e0 [ 70.151064][ T5339] netlink_rcv_skb+0x1e3/0x430 [ 70.152922][ T5339] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 70.154969][ T5339] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 70.157020][ T5339] ? netlink_deliver_tap+0x2e/0x1b0 [ 70.159094][ T5339] netlink_unicast+0x7f6/0x990 [ 70.160910][ T5339] ? __pfx_netlink_unicast+0x10/0x10 [ 70.163001][ T5339] ? __virt_addr_valid+0x183/0x530 [ 70.164955][ T5339] ? __check_object_size+0x48e/0x900 [ 70.167018][ T5339] netlink_sendmsg+0x8e4/0xcb0 [ 70.169098][ T5339] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.171441][ T5339] ? aa_sock_msg_perm+0x91/0x160 [ 70.173652][ T5339] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.175944][ T5339] __sock_sendmsg+0x221/0x270 [ 70.177779][ T5339] ____sys_sendmsg+0x52a/0x7e0 [ 70.179766][ T5339] ? __pfx_____sys_sendmsg+0x10/0x10 [ 70.181844][ T5339] ? __fget_files+0x2a/0x410 [ 70.183690][ T5339] ? __fget_files+0x2a/0x410 [ 70.185404][ T5339] __sys_sendmsg+0x269/0x350 [ 70.187211][ T5339] ? __pfx___sys_sendmsg+0x10/0x10 [ 70.189152][ T5339] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.191481][ T5339] ? do_syscall_64+0x100/0x230 [ 70.193317][ T5339] ? do_syscall_64+0xb6/0x230 [ 70.195153][ T5339] do_syscall_64+0xf3/0x230 [ 70.196894][ T5339] ? clear_bhb_loop+0x35/0x90 [ 70.198691][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.200991][ T5339] RIP: 0033:0x7f2a3cb80809 [ 70.202732][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.209964][ T5339] RSP: 002b:00007f2a3d9cd058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.212955][ T5339] RAX: ffffffffffffffda RBX: 00007f2a3cd45fa0 RCX: 00007f2a3cb80809 [ 70.215972][ T5339] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008 [ 70.218938][ T5339] RBP: 00007f2a3cbf393e R08: 0000000000000000 R09: 0000000000000000 [ 70.221879][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.224997][ T5339] R13: 0000000000000000 R14: 00007f2a3cd45fa0 R15: 00007ffd03bc65c8 [ 70.228061][ T5339] [ 70.229185][ T5339] [ 70.230091][ T5339] Allocated by task 5339: [ 70.231779][ T5339] kasan_save_track+0x3f/0x80 [ 70.233596][ T5339] __kasan_kmalloc+0x98/0xb0 [ 70.235393][ T5339] __kmalloc_cache_noprof+0x243/0x390 [ 70.237399][ T5339] netdev_init+0x10c/0x250 [ 70.239055][ T5339] ops_init+0x31e/0x590 [ 70.240638][ T5339] setup_net+0x287/0x9e0 [ 70.242218][ T5339] copy_net_ns+0x33f/0x570 [ 70.244138][ T5339] create_new_namespaces+0x425/0x7b0 [ 70.246062][ T5339] unshare_nsproxy_namespaces+0x124/0x180 [ 70.248202][ T5339] ksys_unshare+0x57d/0xa70 [ 70.250050][ T5339] __x64_sys_unshare+0x38/0x40 [ 70.251737][ T5339] do_syscall_64+0xf3/0x230 [ 70.253319][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.255473][ T5339] [ 70.256367][ T5339] Freed by task 12: [ 70.257840][ T5339] kasan_save_track+0x3f/0x80 [ 70.259605][ T5339] kasan_save_free_info+0x40/0x50 [ 70.261463][ T5339] __kasan_slab_free+0x59/0x70 [ 70.263243][ T5339] kfree+0x196/0x420 [ 70.264739][ T5339] netdev_exit+0x65/0xd0 [ 70.266417][ T5339] cleanup_net+0x802/0xcc0 [ 70.268196][ T5339] process_scheduled_works+0xa63/0x1850 [ 70.270319][ T5339] worker_thread+0x870/0xd30 [ 70.272130][ T5339] kthread+0x2f0/0x390 [ 70.273745][ T5339] ret_from_fork+0x4b/0x80 [ 70.275485][ T5339] ret_from_fork_asm+0x1a/0x30 [ 70.277297][ T5339] [ 70.278211][ T5339] The buggy address belongs to the object at ffff888043eba000 [ 70.278211][ T5339] which belongs to the cache kmalloc-2k of size 2048 [ 70.283538][ T5339] The buggy address is located 432 bytes inside of [ 70.283538][ T5339] freed 2048-byte region [ffff888043eba000, ffff888043eba800) [ 70.288741][ T5339] [ 70.289723][ T5339] The buggy address belongs to the physical page: [ 70.292136][ T5339] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43eb8 [ 70.295489][ T5339] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 70.298672][ T5339] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 70.301486][ T5339] page_type: f5(slab) [ 70.302931][ T5339] raw: 04fff00000000040 ffff88801ac42000 dead000000000122 0000000000000000 [ 70.306186][ T5339] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 70.309420][ T5339] head: 04fff00000000040 ffff88801ac42000 dead000000000122 0000000000000000 [ 70.312628][ T5339] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 70.315818][ T5339] head: 04fff00000000003 ffffea00010fae01 ffffffffffffffff 0000000000000000 [ 70.319143][ T5339] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 70.322383][ T5339] page dumped because: kasan: bad access detected [ 70.324828][ T5339] page_owner tracks the page as allocated [ 70.326984][ T5339] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5339, tgid 5338 (syz.0.0), ts 69674195892, free_ts 69663220888 [ 70.334815][ T5339] post_alloc_hook+0x1f3/0x230 [ 70.336725][ T5339] get_page_from_freelist+0x3649/0x3790 [ 70.338846][ T5339] __alloc_pages_noprof+0x292/0x710 [ 70.340812][ T5339] alloc_pages_mpol_noprof+0x3e8/0x680 [ 70.342838][ T5339] alloc_slab_page+0x6a/0x140 [ 70.344704][ T5339] allocate_slab+0x5a/0x2f0 [ 70.346451][ T5339] ___slab_alloc+0xcd1/0x14b0 [ 70.348295][ T5339] __slab_alloc+0x58/0xa0 [ 70.350074][ T5339] __kmalloc_noprof+0x2e6/0x4c0 [ 70.352119][ T5339] sk_prot_alloc+0xe0/0x210 [ 70.353830][ T5339] sk_alloc+0x38/0x370 [ 70.355416][ T5339] __netlink_create+0x65/0x260 [ 70.357228][ T5339] __netlink_kernel_create+0x174/0x6f0 [ 70.359266][ T5339] uevent_net_init+0xed/0x2d0 [ 70.361055][ T5339] ops_init+0x31e/0x590 [ 70.362632][ T5339] setup_net+0x287/0x9e0 [ 70.364209][ T5339] page last free pid 1032 tgid 1032 stack trace: [ 70.366541][ T5339] free_unref_page+0xdf9/0x1140 [ 70.368374][ T5339] __slab_free+0x31b/0x3d0 [ 70.370045][ T5339] qlist_free_all+0x9a/0x140 [ 70.371824][ T5339] kasan_quarantine_reduce+0x14f/0x170 [ 70.373847][ T5339] __kasan_slab_alloc+0x23/0x80 [ 70.375727][ T5339] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 70.377909][ T5339] __alloc_skb+0x1c3/0x440 [ 70.379633][ T5339] alloc_skb_with_frags+0xc3/0x820 [ 70.381500][ T5339] sock_alloc_send_pskb+0x91a/0xa60 [ 70.383376][ T5339] mld_newpack+0x1c3/0xaf0 [ 70.385078][ T5339] add_grec+0x1492/0x19a0 [ 70.386648][ T5339] mld_send_initial_cr+0x228/0x4b0 [ 70.388632][ T5339] ipv6_mc_dad_complete+0x88/0x490 [ 70.390468][ T5339] addrconf_dad_completed+0x712/0xcd0 [ 70.392555][ T5339] addrconf_dad_work+0xdc2/0x16f0 [ 70.394406][ T5339] process_scheduled_works+0xa63/0x1850 [ 70.396458][ T5339] [ 70.397282][ T5339] Memory state around the buggy address: [ 70.399283][ T5339] ffff888043eba080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.401926][ T5339] ffff888043eba100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.404652][ T5339] >ffff888043eba180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.407357][ T5339] ^ [ 70.409248][ T5339] ffff888043eba200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.411989][ T5339] ffff888043eba280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.414778][ T5339] ================================================================== [ 70.452027][ T5339] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.455084][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 70.459163][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.463190][ T5339] Call Trace: [ 70.464391][ T5339] [ 70.465591][ T5339] dump_stack_lvl+0x241/0x360 [ 70.467422][ T5339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.469458][ T5339] ? __pfx__printk+0x10/0x10 [ 70.471204][ T5339] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.473541][ T5339] ? vscnprintf+0x5d/0x90 [ 70.475225][ T5339] panic+0x349/0x880 [ 70.476655][ T5339] ? check_panic_on_warn+0x21/0xb0 [ 70.478534][ T5339] ? __pfx_panic+0x10/0x10 [ 70.480293][ T5339] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 70.482672][ T5339] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.485028][ T5339] check_panic_on_warn+0x86/0xb0 [ 70.486883][ T5339] ? __dev_get_by_index+0x5d/0x110 [ 70.488877][ T5339] end_report+0x77/0x160 [ 70.490509][ T5339] kasan_report+0x154/0x180 [ 70.492229][ T5339] ? __dev_get_by_index+0x5d/0x110 [ 70.494033][ T5339] __dev_get_by_index+0x5d/0x110 [ 70.495864][ T5339] rfc2863_policy+0x224/0x300 [ 70.497710][ T5339] linkwatch_do_dev+0x3e/0x170 [ 70.499545][ T5339] netdev_run_todo+0x461/0x1000 [ 70.501382][ T5339] ? __pfx_netdev_run_todo+0x10/0x10 [ 70.503366][ T5339] ? unregister_netdevice_queue+0x26b/0x370 [ 70.505367][ T5339] ? veth_dellink+0xef/0x140 [ 70.506909][ T5339] ? __pfx_veth_dellink+0x10/0x10 [ 70.508798][ T5339] rtnl_dellink+0x760/0x8d0 [ 70.510395][ T5339] ? __pfx_rtnl_dellink+0x10/0x10 [ 70.512301][ T5339] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.514509][ T5339] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.516976][ T5339] ? __pfx_rtnl_dellink+0x10/0x10 [ 70.518852][ T5339] rtnetlink_rcv_msg+0x791/0xcf0 [ 70.520800][ T5339] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 70.522787][ T5339] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 70.524889][ T5339] ? ref_tracker_free+0x643/0x7e0 [ 70.526865][ T5339] netlink_rcv_skb+0x1e3/0x430 [ 70.528735][ T5339] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 70.530721][ T5339] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 70.532622][ T5339] ? netlink_deliver_tap+0x2e/0x1b0 [ 70.534439][ T5339] netlink_unicast+0x7f6/0x990 [ 70.536099][ T5339] ? __pfx_netlink_unicast+0x10/0x10 [ 70.537920][ T5339] ? __virt_addr_valid+0x183/0x530 [ 70.539724][ T5339] ? __check_object_size+0x48e/0x900 [ 70.541543][ T5339] netlink_sendmsg+0x8e4/0xcb0 [ 70.543298][ T5339] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.545350][ T5339] ? aa_sock_msg_perm+0x91/0x160 [ 70.547245][ T5339] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.549275][ T5339] __sock_sendmsg+0x221/0x270 [ 70.551090][ T5339] ____sys_sendmsg+0x52a/0x7e0 [ 70.552980][ T5339] ? __pfx_____sys_sendmsg+0x10/0x10 [ 70.554986][ T5339] ? __fget_files+0x2a/0x410 [ 70.556732][ T5339] ? __fget_files+0x2a/0x410 [ 70.558551][ T5339] __sys_sendmsg+0x269/0x350 [ 70.560308][ T5339] ? __pfx___sys_sendmsg+0x10/0x10 [ 70.562337][ T5339] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.564686][ T5339] ? do_syscall_64+0x100/0x230 [ 70.566518][ T5339] ? do_syscall_64+0xb6/0x230 [ 70.568271][ T5339] do_syscall_64+0xf3/0x230 [ 70.570030][ T5339] ? clear_bhb_loop+0x35/0x90 [ 70.571878][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.574076][ T5339] RIP: 0033:0x7f2a3cb80809 [ 70.575751][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.583074][ T5339] RSP: 002b:00007f2a3d9cd058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.586169][ T5339] RAX: ffffffffffffffda RBX: 00007f2a3cd45fa0 RCX: 00007f2a3cb80809 [ 70.588913][ T5339] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008 [ 70.591648][ T5339] RBP: 00007f2a3cbf393e R08: 0000000000000000 R09: 0000000000000000 [ 70.594504][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.597375][ T5339] R13: 0000000000000000 R14: 00007f2a3cd45fa0 R15: 00007ffd03bc65c8 [ 70.600275][ T5339] [ 70.601741][ T5339] Kernel Offset: disabled [ 70.603337][ T5339] Rebooting in 86400 seconds..