last executing test programs: 7.58611187s ago: executing program 0 (id=66): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9fa0000000f8701d1d10fc4020a1bf7b805000000b908001bfe0fae41d9a0000005009100918b7fae260f3200000f30660fc775022e0fba600c980f320f3566b85700c30fefd0", 0x4c}], 0x2d891dc90fe8a01, 0x19, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)={0x1, 0x0, [{0x7, 0x0, 0x3, 0xfaa, 0x8, 0x4, 0x4}]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.166690893s ago: executing program 0 (id=71): prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x3d, 0x7fff0000}]}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000540)={0x3, 0x4, 0x202, 0x17558e07, 0x90e, 0x7c26, 0xffffffff, 0x7}, 0x20) 7.056472911s ago: executing program 0 (id=74): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) prctl$PR_MCE_KILL_GET(0x22) 6.452601172s ago: executing program 2 (id=79): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x280c3, 0x0) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040)=@gcm_256={{}, "1df37f1e9402f61c", "9537a1c3df9130c8ec859ab3cb868b231ec8f47d41651c3da60731f13012bd8f", "7a9f4b71", "459c594676665db5"}, 0x38) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000640)=[@uexit={0x0, 0x18, 0x4}, @code={0x1, 0x5a, {"b805000000b9451700000f01c167460fc7b4e4420000000f2101b8010000000f01d92666430fc732b805000000b93802212b0f01c128e1660f3882a5007800006567440f01c3450f08"}}, @code={0x1, 0x7b, {"b9f10800000f32c7442400e26adcbec744240200000000c7442406000000000f01142466440ff6880c00000066baf80cb81ebc8f85ef66bafc0cec430f01c90f01c94f0fc7990d000000c7442400d4000000c744240224450000420f210866ba2100ec66420f38815394"}}, @uexit={0x0, 0x18, 0x43c2}, @code={0x1, 0x87, {"0f01c2b956080000b8bb450000ba000000000f303e360f35c744240002000000c7442402c83c0000c7442406000000000f01142466b873000f00d065673e0fd7e4f30f01bc0a2ce50000b9a8020000b8c6000000ba000000000f30fe042848b81bbb510f000000000f23d00f21f8351000000c0f23f8"}}], 0x18c}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x7fff, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0xffffffffffffffff) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r6 = semget$private(0x0, 0x7, 0x191) semtimedop(r6, &(0x7f0000000200)=[{0x4, 0xffff, 0x2000}, {0x4, 0x3, 0x1800}], 0x2, 0x0) semop(r6, &(0x7f0000000180)=[{0x2, 0x2, 0x800}, {0x3, 0x5, 0x3000}], 0x2) semop(r6, &(0x7f0000000140)=[{0x2, 0xce97, 0x800}, {0x1, 0x5, 0x1000}], 0x2) semctl$GETZCNT(r6, 0x0, 0xf, 0x0) 5.313195075s ago: executing program 2 (id=85): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x102, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @in6={0xa, 0x4e20, 0x4, @remote, 0x6}}}, 0x90) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/cpu_byteorder', 0x1, 0x2) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000001c0)) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000100)}, 0x10) setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x0) ioctl$sock_SIOCSIFBR(r1, 0x8941, 0x0) recvfrom$inet(r1, 0x0, 0x0, 0x720, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x1, 0xe, 0x7ffffffe}]}) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0) truncate(&(0x7f0000000280)='./file1\x00', 0x1) 4.409260627s ago: executing program 0 (id=91): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000001c0)="b805000000b9fa0000000f01d9660f78c4020a1bf7b805000000b90000c0fe0fae41d901000000b87f8b7f26ba000000000f30660fc775022e0fba600c980f320f3566b857000f00d0", 0x49}], 0x1, 0x10, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd6000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)={0x1, 0x0, [{0x80000008, 0x0, 0x5, 0xa0, 0x7fff, 0x800, 0x4}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.36052721s ago: executing program 2 (id=92): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) 3.983446315s ago: executing program 0 (id=95): r0 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r0, 0x0) ftruncate(r0, 0x3) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x109c00, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @ioapic={0xf000, 0x6, 0x8, 0x8c66, 0x0, [{0xf, 0x9, 0x8, '\x00', 0x18}, {0x4, 0x81, 0x0, '\x00', 0xb3}, {0xf0, 0x3, 0xb, '\x00', 0x4}, {0x2, 0x4, 0xfe, '\x00', 0x8}, {0x1, 0x71, 0x7f, '\x00', 0x6}, {0xe, 0x8, 0x6a, '\x00', 0x81}, {0x8, 0x5, 0x5e}, {0x7, 0x29, 0x6}, {0x7, 0x18, 0x14, '\x00', 0x7}, {0x5, 0x81, 0x0, '\x00', 0x5}, {0x70, 0x6b, 0xa0, '\x00', 0x40}, {0x81, 0xb}, {0x6, 0x6, 0x27, '\x00', 0x9}, {0x2, 0x1, 0xfa, '\x00', 0xe}, {0x4, 0x2, 0x1, '\x00', 0x7b}, {0xc0, 0x9, 0x36, '\x00', 0x3e}, {0x8, 0x3c, 0xa, '\x00', 0x5}, {0xfe, 0xb, 0x6}, {0x2, 0x2, 0x9, '\x00', 0x9}, {0x7f, 0xb6, 0x56, '\x00', 0x3}, {0xed, 0xfc, 0x5, '\x00', 0x2}, {0x0, 0xd, 0x3, '\x00', 0x86}, {0xa, 0x1, 0x3, '\x00', 0x6}, {0x0, 0x2, 0x1, '\x00', 0x9}]}}) 3.721001536s ago: executing program 0 (id=99): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x801, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) move_pages(0x0, 0x20000000000000fe, &(0x7f0000000080)=[&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000300)={&(0x7f0000017000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f000000f000/0x3000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000019000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') read$FUSE(r3, 0x0, 0x0) read$FUSE(r3, &(0x7f0000005100)={0x2020}, 0x2020) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) getpeername(r1, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, &(0x7f0000000040)=0x80) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000000)="baa100ecb8e5008ed8643ef367640f09ba400066ed67ad640f350fae56e40fc76df70fc775bcb818008ee0", 0x2b}], 0x1, 0x2, 0x0, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000006, 0x9132, 0xffffffffffffffff, 0x9aa9b000) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='environ\x00') sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, 0x0, 0x0) preadv(r5, &(0x7f0000000040)=[{&(0x7f0000003000)=""/4106, 0x100a}], 0x1, 0x0, 0x0) 3.176862457s ago: executing program 1 (id=102): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$binder(&(0x7f000000d000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x8000000000000) r1 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000000}, 0x10000}, 0x1c) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') read$FUSE(r2, &(0x7f00000005c0)={0x2020}, 0x2020) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x1, r3, 0x0, 0x2000000a, 0x0) ioprio_set$pid(0x2, 0x0, 0x4007) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, 0x0, &(0x7f0000000a00)) r4 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f0000000040)={0x4, 0xfffffffffffffd80, 0xfa00, {0xffffffffffffffff, 0xd}}, 0xfffffe01) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file1', [{0x20, 'smaps\x00'}, {0x20, '\'{'}, {}, {}, {0x20, '\xdd'}], 0xa, "2662f3c590c7759e95cf15a5c2d7a403233d2724"}, 0x2d) r5 = getuid() ioprio_set$uid(0x3, r5, 0x6000) 2.108165104s ago: executing program 1 (id=104): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 1.988206065s ago: executing program 3 (id=105): r0 = socket(0x11, 0x2, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8, 0x6c033, 0xffffffffffffffff, 0x0) setsockopt(r0, 0x107, 0x14, &(0x7f0000000000)="11106e00", 0x4) 1.858161989s ago: executing program 3 (id=106): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000002c40)=[@in6={0xa, 0x4e21, 0xc9, @private0, 0xd6c2}]}, &(0x7f0000000440)=0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000100)={r1, 0xc350, 0x20, 0x2, 0xfffffffffffffff9}, &(0x7f0000000140)=0x18) 1.732810575s ago: executing program 1 (id=107): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) 1.73256826s ago: executing program 2 (id=108): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0x4000, 0x2000, &(0x7f0000ff8000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x4b, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 1.610241399s ago: executing program 3 (id=109): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff3e24852548deb01efd54f11ed2c41d078b9cf1fc8f72566153c97e4af37017ea6b16b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633bffff250b5a293e3877adc1660edbc9a0307a25720a170e7f5670e419dc44febf7ddc73fd4a5a0b6c28665f7f46c7084e17c809268103a2584ab40a68e528329d97afc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"}) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x0, 0x0}) 1.538258245s ago: executing program 1 (id=110): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000440)={0x79, 0x0, 0x726}) msgctl$IPC_RMID(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) 1.264943303s ago: executing program 2 (id=111): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000000)={0x25000, 0x5000}) 1.244225606s ago: executing program 1 (id=112): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r0 = socket$unix(0x1, 0x1, 0x0) io_setup(0x5, &(0x7f0000000e80)=0x0) syz_io_uring_setup(0x4, &(0x7f0000000580), &(0x7f0000000080), 0x0) io_submit(r1, 0x2, &(0x7f0000000200)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, &(0x7f0000000080)="8c", 0x1}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x4, r0, 0x0, 0x0, 0xf3}]) 1.039474393s ago: executing program 1 (id=113): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0xc) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00004a3000/0x3000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x3000, 0x2, 0x2}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1.02044742s ago: executing program 2 (id=114): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x3ef4, 0x81, r0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x5) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) mkdir(0x0, 0xae) 512.607091ms ago: executing program 3 (id=115): r0 = socket$inet_tcp(0x2, 0x1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x8) splice(r1, 0x0, r0, 0x0, 0x2, 0x4) splice(r1, 0x0, r3, 0x0, 0x80, 0x1) write$binfmt_misc(r2, &(0x7f0000000100)='F', 0x1) close_range(r0, 0xffffffffffffffff, 0x2) 190.033837ms ago: executing program 3 (id=116): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x31, &(0x7f0000000200)=0x1, 0x4) 0s ago: executing program 3 (id=117): r0 = mq_open(&(0x7f0000000080)='$@\x00', 0x370e082a94541ad5, 0xb4, 0x0) fcntl$setlease(r0, 0x400, 0x0) mq_unlink(&(0x7f0000000000)='$@\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. [ 84.062192][ T5812] cgroup: Unknown subsys name 'net' [ 84.190116][ T5812] cgroup: Unknown subsys name 'cpuset' [ 84.200003][ T5812] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.861692][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.411943][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.420613][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.428680][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.437094][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.445110][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.508672][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.522022][ T5824] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.531970][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.546825][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.555067][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.561808][ T5830] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.572571][ T5830] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.580477][ T5146] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.589374][ T5146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.607313][ T5146] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.652171][ T5824] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.662520][ T5824] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.671666][ T5824] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.682622][ T5824] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.690975][ T5824] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.073602][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 90.229155][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 90.322754][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.330768][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.338707][ T5821] bridge_slave_0: entered allmulticast mode [ 90.346597][ T5821] bridge_slave_0: entered promiscuous mode [ 90.371047][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.395980][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.403635][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.410959][ T5821] bridge_slave_1: entered allmulticast mode [ 90.418830][ T5821] bridge_slave_1: entered promiscuous mode [ 90.552460][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.589398][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.596723][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.603959][ T5825] bridge_slave_0: entered allmulticast mode [ 90.612045][ T5825] bridge_slave_0: entered promiscuous mode [ 90.622401][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.655387][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.663263][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.671177][ T5825] bridge_slave_1: entered allmulticast mode [ 90.679733][ T5825] bridge_slave_1: entered promiscuous mode [ 90.740701][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.748676][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.756633][ T5827] bridge_slave_0: entered allmulticast mode [ 90.764391][ T5827] bridge_slave_0: entered promiscuous mode [ 90.792899][ T5821] team0: Port device team_slave_0 added [ 90.799069][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.806875][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.814178][ T5827] bridge_slave_1: entered allmulticast mode [ 90.822204][ T5827] bridge_slave_1: entered promiscuous mode [ 90.829422][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 90.843217][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.854724][ T5821] team0: Port device team_slave_1 added [ 90.882545][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.957963][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.999508][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.006874][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.033103][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.047603][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.070156][ T5825] team0: Port device team_slave_0 added [ 91.077859][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.085031][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.111400][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.145034][ T5825] team0: Port device team_slave_1 added [ 91.190708][ T5827] team0: Port device team_slave_0 added [ 91.225838][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.233957][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.260578][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.274385][ T5827] team0: Port device team_slave_1 added [ 91.309899][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.317041][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.343970][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.367849][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.376547][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.386017][ T5834] bridge_slave_0: entered allmulticast mode [ 91.394293][ T5834] bridge_slave_0: entered promiscuous mode [ 91.435741][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.443437][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.450918][ T5834] bridge_slave_1: entered allmulticast mode [ 91.458462][ T5834] bridge_slave_1: entered promiscuous mode [ 91.470974][ T5821] hsr_slave_0: entered promiscuous mode [ 91.478291][ T5821] hsr_slave_1: entered promiscuous mode [ 91.487726][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.494712][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.521483][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.537146][ T5824] Bluetooth: hci0: command tx timeout [ 91.561186][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.569048][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.596290][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.617022][ T5824] Bluetooth: hci1: command tx timeout [ 91.663588][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.696324][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.706228][ T5824] Bluetooth: hci2: command tx timeout [ 91.716286][ T5825] hsr_slave_0: entered promiscuous mode [ 91.723266][ T5825] hsr_slave_1: entered promiscuous mode [ 91.730943][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 91.737229][ T5825] Cannot create hsr debugfs directory [ 91.776558][ T5824] Bluetooth: hci3: command tx timeout [ 91.823789][ T5834] team0: Port device team_slave_0 added [ 91.863883][ T5834] team0: Port device team_slave_1 added [ 91.875320][ T5827] hsr_slave_0: entered promiscuous mode [ 91.882073][ T5827] hsr_slave_1: entered promiscuous mode [ 91.889305][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 91.895092][ T5827] Cannot create hsr debugfs directory [ 91.986935][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.993912][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.020208][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.065097][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.072532][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.106313][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.365797][ T5834] hsr_slave_0: entered promiscuous mode [ 92.374576][ T5834] hsr_slave_1: entered promiscuous mode [ 92.382211][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 92.388485][ T5834] Cannot create hsr debugfs directory [ 92.623881][ T5821] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.651708][ T5821] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.675884][ T5821] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.714312][ T5821] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.831943][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.854715][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.868242][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.902942][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.010916][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.032532][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.046588][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.094689][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.237289][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.255184][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.277753][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.292079][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.347598][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.421694][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.449384][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.457052][ T4463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.474501][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.499585][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.506913][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.557999][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.575965][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.610791][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.617976][ T4463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.625694][ T5824] Bluetooth: hci0: command tx timeout [ 93.642693][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.649998][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.675457][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.697072][ T5824] Bluetooth: hci1: command tx timeout [ 93.705169][ T4980] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.712509][ T4980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.771319][ T4980] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.778529][ T4980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.786486][ T5824] Bluetooth: hci2: command tx timeout [ 93.801189][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.856330][ T5824] Bluetooth: hci3: command tx timeout [ 93.915166][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.957875][ T201] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.965129][ T201] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.002929][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.010326][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.205903][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.365447][ T5821] veth0_vlan: entered promiscuous mode [ 94.429331][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.437938][ T5821] veth1_vlan: entered promiscuous mode [ 94.540309][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.560791][ T5821] veth0_macvtap: entered promiscuous mode [ 94.598727][ T5821] veth1_macvtap: entered promiscuous mode [ 94.612554][ T5827] veth0_vlan: entered promiscuous mode [ 94.654229][ T5827] veth1_vlan: entered promiscuous mode [ 94.680030][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.703303][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.734324][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.745787][ T5825] veth0_vlan: entered promiscuous mode [ 94.758979][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.769325][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.785967][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.801256][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.839006][ T5825] veth1_vlan: entered promiscuous mode [ 94.863116][ T5827] veth0_macvtap: entered promiscuous mode [ 94.885820][ T5827] veth1_macvtap: entered promiscuous mode [ 94.979894][ T1537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.993849][ T1537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.998209][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.045333][ T5834] veth0_vlan: entered promiscuous mode [ 95.056973][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.065800][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.079178][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.093221][ T5834] veth1_vlan: entered promiscuous mode [ 95.113737][ T5825] veth0_macvtap: entered promiscuous mode [ 95.137824][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.152897][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.166003][ T5825] veth1_macvtap: entered promiscuous mode [ 95.175081][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.184505][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.187453][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.308302][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.343751][ T5834] veth0_macvtap: entered promiscuous mode [ 95.364180][ T5914] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.383849][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.425269][ T1537] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.437987][ T5834] veth1_macvtap: entered promiscuous mode [ 95.445758][ T1537] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.463891][ T3465] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.485842][ T1537] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.489192][ T3465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.498556][ T1537] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.572914][ T201] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.577473][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.585777][ T201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.608386][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.643089][ T4980] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.673905][ T4980] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.694640][ T4980] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.706432][ T5824] Bluetooth: hci0: command tx timeout [ 95.743660][ T4980] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.777056][ T5824] Bluetooth: hci1: command tx timeout [ 95.856531][ T5824] Bluetooth: hci2: command tx timeout [ 95.869406][ T201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.914012][ T201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.938722][ T5824] Bluetooth: hci3: command tx timeout [ 96.059611][ T201] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.074366][ T201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.119810][ T201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.150785][ T201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.268978][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.286516][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.010279][ T30] audit: type=1326 audit(1764471641.233:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.046896][ T5938] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 97.070997][ T30] audit: type=1326 audit(1764471641.243:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.109858][ T30] audit: type=1326 audit(1764471641.243:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.176278][ T30] audit: type=1326 audit(1764471641.243:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.202041][ T30] audit: type=1326 audit(1764471641.263:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.221941][ T130] cfg80211: failed to load regulatory.db [ 97.241217][ T30] audit: type=1326 audit(1764471641.263:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.272244][ T30] audit: type=1326 audit(1764471641.263:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.295472][ T30] audit: type=1326 audit(1764471641.263:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.403525][ T30] audit: type=1326 audit(1764471641.263:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.1.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ffadd18f749 code=0x7ffc0000 [ 97.777837][ T5824] Bluetooth: hci0: command tx timeout [ 97.857029][ T5824] Bluetooth: hci1: command tx timeout [ 97.936796][ T5824] Bluetooth: hci2: command tx timeout [ 98.016833][ T5824] Bluetooth: hci3: command tx timeout [ 101.655997][ T6031] syz.1.39 (6031): /proc/6029/oom_adj is deprecated, please use /proc/6029/oom_score_adj instead. [ 102.777357][ T6078] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.058641][ T6089] kvm: kvm [6088]: vcpu2, guest rIP: 0x9133 Unhandled WRMSR(0x11e) = 0xbe702111 [ 104.218705][ T6127] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 104.218705][ T6127] The task syz.2.79 (6127) triggered the difference, watch for misbehavior. [ 104.810999][ T6133] sctp: [Deprecated]: syz.3.82 (pid 6133) Use of int in maxseg socket option. [ 104.810999][ T6133] Use struct sctp_assoc_value instead [ 106.209983][ T6153] kvm: kvm [6152]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0x0 [ 110.551161][ T6232] ================================================================== [ 110.559817][ T6232] BUG: KASAN: slab-use-after-free in locks_remove_posix+0x10f/0x630 [ 110.567860][ T6232] Read of size 8 at addr ffff88802cbc4d60 by task syz.3.117/6232 [ 110.576047][ T6232] [ 110.578980][ T6232] CPU: 0 UID: 0 PID: 6232 Comm: syz.3.117 Not tainted syzkaller #0 PREEMPT(full) [ 110.579006][ T6232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 110.579028][ T6232] Call Trace: [ 110.579037][ T6232] [ 110.579046][ T6232] dump_stack_lvl+0x189/0x250 [ 110.579069][ T6232] ? __kasan_check_byte+0x12/0x40 [ 110.579103][ T6232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.579121][ T6232] ? lock_release+0x4b/0x3b0 [ 110.579154][ T6232] ? __virt_addr_valid+0x4a5/0x5c0 [ 110.579178][ T6232] print_report+0xca/0x240 [ 110.579200][ T6232] ? locks_remove_posix+0x10f/0x630 [ 110.579219][ T6232] kasan_report+0x118/0x150 [ 110.579239][ T6232] ? locks_remove_posix+0x10f/0x630 [ 110.579263][ T6232] locks_remove_posix+0x10f/0x630 [ 110.579285][ T6232] ? __pfx_locks_remove_posix+0x10/0x10 [ 110.579318][ T6232] ? do_raw_spin_unlock+0x122/0x240 [ 110.579342][ T6232] ? dnotify_flush+0x1db/0x5e0 [ 110.579371][ T6232] ? mqueue_flush_file+0x21c/0x270 [ 110.579391][ T6232] ? filp_flush+0xae/0x190 [ 110.579416][ T6232] filp_flush+0x113/0x190 [ 110.579440][ T6232] filp_close+0x1d/0x40 [ 110.579462][ T6232] __se_sys_close_range+0x359/0x650 [ 110.579488][ T6232] ? __pfx___se_sys_close_range+0x10/0x10 [ 110.579511][ T6232] ? do_syscall_64+0xbe/0xf80 [ 110.579544][ T6232] do_syscall_64+0xfa/0xf80 [ 110.579574][ T6232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.579594][ T6232] ? clear_bhb_loop+0x60/0xb0 [ 110.579618][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.579639][ T6232] RIP: 0033:0x7f822bf8f749 [ 110.579662][ T6232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.579680][ T6232] RSP: 002b:00007fffbdde6bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 110.579701][ T6232] RAX: ffffffffffffffda RBX: 000000000001af8f RCX: 00007f822bf8f749 [ 110.579715][ T6232] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 110.579733][ T6232] RBP: 00007f822c1e7da0 R08: 0000000000000001 R09: 00000003bdde6eaf [ 110.579747][ T6232] R10: 0000001b2fc20000 R11: 0000000000000246 R12: 00007f822c1e5fac [ 110.579761][ T6232] R13: 00007f822c1e5fa0 R14: ffffffffffffffff R15: 00007fffbdde6cd0 [ 110.579786][ T6232] [ 110.579793][ T6232] [ 110.812099][ T6232] Allocated by task 6233: [ 110.816537][ T6232] kasan_save_track+0x3e/0x80 [ 110.821409][ T6232] __kasan_slab_alloc+0x6c/0x80 [ 110.826538][ T6232] kmem_cache_alloc_noprof+0x37d/0x710 [ 110.832454][ T6232] locks_get_lock_context+0x134/0x3b0 [ 110.838182][ T6232] generic_setlease+0x528/0x1280 [ 110.843137][ T6232] do_fcntl_add_lease+0x34d/0x460 [ 110.848426][ T6232] fcntl_setlease+0x123/0x180 [ 110.853106][ T6232] do_fcntl+0x867/0x1a50 [ 110.857366][ T6232] __se_sys_fcntl+0xc8/0x150 [ 110.863121][ T6232] do_syscall_64+0xfa/0xf80 [ 110.867751][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.873758][ T6232] [ 110.876192][ T6232] Freed by task 6233: [ 110.880401][ T6232] kasan_save_track+0x3e/0x80 [ 110.885413][ T6232] kasan_save_free_info+0x46/0x50 [ 110.890646][ T6232] __kasan_slab_free+0x5c/0x80 [ 110.895705][ T6232] kmem_cache_free+0x197/0x620 [ 110.900626][ T6232] __destroy_inode+0x2ea/0x670 [ 110.905404][ T6232] evict+0x87d/0xae0 [ 110.909318][ T6232] __se_sys_mq_unlink+0x2c5/0x360 [ 110.914361][ T6232] do_syscall_64+0xfa/0xf80 [ 110.919247][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.925691][ T6232] [ 110.928306][ T6232] The buggy address belongs to the object at ffff88802cbc4d10 [ 110.928306][ T6232] which belongs to the cache file_lock_ctx of size 112 [ 110.942743][ T6232] The buggy address is located 80 bytes inside of [ 110.942743][ T6232] freed 112-byte region [ffff88802cbc4d10, ffff88802cbc4d80) [ 110.957451][ T6232] [ 110.959791][ T6232] The buggy address belongs to the physical page: [ 110.967202][ T6232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cbc4 [ 110.977929][ T6232] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 110.985536][ T6232] page_type: f5(slab) [ 110.989883][ T6232] raw: 00fff00000000000 ffff888140eca140 dead000000000122 0000000000000000 [ 110.998833][ T6232] raw: 0000000000000000 0000000080170017 00000000f5000000 0000000000000000 [ 111.008297][ T6232] page dumped because: kasan: bad access detected [ 111.015605][ T6232] page_owner tracks the page as allocated [ 111.021715][ T6232] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5199, tgid 5199 (udevd), ts 54837812558, free_ts 54832844894 [ 111.041357][ T6232] post_alloc_hook+0x234/0x290 [ 111.046514][ T6232] get_page_from_freelist+0x2365/0x2440 [ 111.052099][ T6232] __alloc_frozen_pages_noprof+0x181/0x370 [ 111.057944][ T6232] alloc_pages_mpol+0x232/0x4a0 [ 111.063073][ T6232] allocate_slab+0x86/0x3b0 [ 111.067877][ T6232] ___slab_alloc+0xf2b/0x1960 [ 111.072595][ T6232] __slab_alloc+0x65/0x100 [ 111.077027][ T6232] kmem_cache_alloc_noprof+0x40f/0x710 [ 111.082510][ T6232] locks_get_lock_context+0x134/0x3b0 [ 111.087990][ T6232] flock_lock_inode+0xf2/0x1410 [ 111.092860][ T6232] locks_lock_inode_wait+0x107/0x410 [ 111.098347][ T6232] __se_sys_flock+0x467/0x5b0 [ 111.103142][ T6232] do_syscall_64+0xfa/0xf80 [ 111.108053][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.113990][ T6232] page last free pid 5200 tgid 5200 stack trace: [ 111.120332][ T6232] __free_frozen_pages+0xbc8/0xd30 [ 111.125458][ T6232] __slab_free+0x21b/0x2a0 [ 111.129888][ T6232] qlist_free_all+0x97/0x100 [ 111.134490][ T6232] kasan_quarantine_reduce+0x148/0x160 [ 111.139970][ T6232] __kasan_slab_alloc+0x22/0x80 [ 111.144835][ T6232] kmem_cache_alloc_noprof+0x37d/0x710 [ 111.150304][ T6232] getname_flags+0xb8/0x540 [ 111.154816][ T6232] vfs_fstatat+0x43/0x170 [ 111.159151][ T6232] __x64_sys_newfstatat+0x116/0x190 [ 111.164382][ T6232] do_syscall_64+0xfa/0xf80 [ 111.168918][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.174825][ T6232] [ 111.177172][ T6232] Memory state around the buggy address: [ 111.182910][ T6232] ffff88802cbc4c00: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 [ 111.191271][ T6232] ffff88802cbc4c80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 111.199725][ T6232] >ffff88802cbc4d00: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.209130][ T6232] ^ [ 111.216427][ T6232] ffff88802cbc4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.225139][ T6232] ffff88802cbc4e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.233669][ T6232] ================================================================== [ 111.306943][ T6232] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 111.314298][ T6232] CPU: 1 UID: 0 PID: 6232 Comm: syz.3.117 Not tainted syzkaller #0 PREEMPT(full) [ 111.323875][ T6232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 111.334149][ T6232] Call Trace: [ 111.338281][ T6232] [ 111.341240][ T6232] dump_stack_lvl+0x99/0x250 [ 111.346034][ T6232] ? __asan_memcpy+0x40/0x70 [ 111.351018][ T6232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.356254][ T6232] ? __pfx__printk+0x10/0x10 [ 111.361156][ T6232] vpanic+0x237/0x6d0 [ 111.365292][ T6232] ? __pfx_vpanic+0x10/0x10 [ 111.370187][ T6232] ? preempt_schedule+0xae/0xc0 [ 111.375083][ T6232] ? __pfx_preempt_schedule+0x10/0x10 [ 111.381309][ T6232] panic+0xb9/0xc0 [ 111.385244][ T6232] ? __pfx_panic+0x10/0x10 [ 111.389703][ T6232] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 111.395642][ T6232] ? locks_remove_posix+0x10f/0x630 [ 111.400875][ T6232] check_panic_on_warn+0x89/0xb0 [ 111.405849][ T6232] ? locks_remove_posix+0x10f/0x630 [ 111.411091][ T6232] end_report+0x6f/0x140 [ 111.415357][ T6232] kasan_report+0x129/0x150 [ 111.419917][ T6232] ? locks_remove_posix+0x10f/0x630 [ 111.425290][ T6232] locks_remove_posix+0x10f/0x630 [ 111.430887][ T6232] ? __pfx_locks_remove_posix+0x10/0x10 [ 111.436488][ T6232] ? do_raw_spin_unlock+0x122/0x240 [ 111.441728][ T6232] ? dnotify_flush+0x1db/0x5e0 [ 111.446592][ T6232] ? mqueue_flush_file+0x21c/0x270 [ 111.451721][ T6232] ? filp_flush+0xae/0x190 [ 111.456242][ T6232] filp_flush+0x113/0x190 [ 111.460588][ T6232] filp_close+0x1d/0x40 [ 111.464848][ T6232] __se_sys_close_range+0x359/0x650 [ 111.470349][ T6232] ? __pfx___se_sys_close_range+0x10/0x10 [ 111.476372][ T6232] ? do_syscall_64+0xbe/0xf80 [ 111.481086][ T6232] do_syscall_64+0xfa/0xf80 [ 111.485698][ T6232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.492385][ T6232] ? clear_bhb_loop+0x60/0xb0 [ 111.497197][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.503201][ T6232] RIP: 0033:0x7f822bf8f749 [ 111.507828][ T6232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.528580][ T6232] RSP: 002b:00007fffbdde6bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 111.537651][ T6232] RAX: ffffffffffffffda RBX: 000000000001af8f RCX: 00007f822bf8f749 [ 111.546341][ T6232] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 111.555608][ T6232] RBP: 00007f822c1e7da0 R08: 0000000000000001 R09: 00000003bdde6eaf [ 111.565123][ T6232] R10: 0000001b2fc20000 R11: 0000000000000246 R12: 00007f822c1e5fac [ 111.574366][ T6232] R13: 00007f822c1e5fa0 R14: ffffffffffffffff R15: 00007fffbdde6cd0 [ 111.582636][ T6232] [ 111.586070][ T6232] Kernel Offset: disabled [ 111.590699][ T6232] Rebooting in 86400 seconds..