last executing test programs: 3.114231696s ago: executing program 3 (id=4): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0) 2.949179237s ago: executing program 3 (id=6): socket$netlink(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0x1}, &(0x7f0000000080), &(0x7f0000000100)='%-010d \x00'}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x25, 0x4, @val=@tcx}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00) 2.679996081s ago: executing program 3 (id=7): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x5400, 0x0) 2.462746836s ago: executing program 3 (id=8): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x4008032, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00'}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xc00) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 2.462415756s ago: executing program 2 (id=3): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000100000000000000", @ANYRES32=0x1], 0x50) r2 = socket$kcm(0xa, 0x5, 0x0) r3 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0xfffe, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000000080)='_', 0x1}], 0x1}, 0x865) setsockopt$sock_attach_bpf(r3, 0x84, 0x1e, &(0x7f0000000240), 0x4) r4 = socket$kcm(0xa, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8916, &(0x7f0000000000)={r4}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8936, &(0x7f0000000000)={r4}) 2.132042662s ago: executing program 2 (id=9): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000e00000000001c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0) 1.855980029s ago: executing program 1 (id=2): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f0000000380)='syzkaller\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/seq/clients\x00', 0x0, 0x0) read$char_usb(r1, &(0x7f0000000100)=""/50, 0x32) 1.814801933s ago: executing program 2 (id=10): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18efffffffffe04b00000000000088d924d8dac4", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) uname(&(0x7f0000000640)=""/4096) 1.508218231s ago: executing program 3 (id=11): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\r'], 0x50) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fec000/0x14000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x880) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xd8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x4, 0xc4}, 0x0) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x20) connect$unix(r0, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 1.488355381s ago: executing program 1 (id=12): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0) 1.488170319s ago: executing program 2 (id=13): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0a000000080000000100000040"], 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000240)={r0, 0x0, 0x0}, 0x20) 1.319666695s ago: executing program 3 (id=14): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000008000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00"/13], 0x50) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x18) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05d", 0x1b, 0xfffffffffffffffd) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000003140100c68f7bec9aff068609000200737962320000000008004100736977001400330062726964676530"], 0x38}, 0x1, 0x0, 0x0, 0x44805}, 0x50) syz_usbip_server_init(0x6) bind$tipc(r4, 0x0, 0x0) bind$tipc(r4, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r5, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x3, 0x3}}, 0x10) bind$tipc(r4, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x18) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0x7d, 0x0, &(0x7f0000000840)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) 1.152261882s ago: executing program 2 (id=15): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x492492492492846, 0x0) connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) 1.14730401s ago: executing program 4 (id=5): r0 = gettid() r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7c}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r2, 0x400, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000004000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)='%pI4 \x00'}, 0x20) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', 0x0}) r6 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x2000001, {0x0, 0x0, 0x0, r5, {0x7, 0xa}, {0xd, 0xffe0}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r8 = io_uring_setup(0xee4, &(0x7f00000002c0)={0x0, 0xe, 0x2, 0xffffffff, 0xfffffffe}) r9 = dup3(r7, r8, 0x0) ioctl$SG_SET_RESERVED_SIZE(r9, 0x4004550c, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f00000001c0), &(0x7f00000005c0)=r1}, 0x20) r10 = syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00') lseek(r10, 0x289e0cb5, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1}, 0x4) mq_open(&(0x7f0000000ac0)='eth0\x00\xdd\xad\xff=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9%\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xcfL\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe9XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xa2@\xeb\x18\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4\x80\x00\x00\x00a\xdf\xb5\xd9\xe4\x01\xea|.\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9J\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x9e\xef\x9b\x97\xcb\xc6\x89\xba\x8e\xf2\xfb\xd5\a\xcb\xf6\xf7{\xec\xf0@\xc2\xb2\xbcAQx\xa4\x12\xf8\x9cji\"\xf7\x1a\xbd\xac\xde\xf4\x9b\xd7#\xab\\q\xd6\xdf#>}\x97\xd0U\xe4\x9e+|\xb1MT\xa0\x1bf\v9\xcdx\xab\x83\x87\xd3q3\xbeL\xd2\x1f6\x1ffL\x9eM\x0f?\'\xc3YB0\x80!\xe9Y\xf1:\xeeX\xf7G\x85K\xbb\xbdijaA\x00&\x0e\xb3\x99\xbc9\xee\x8f\aVy!d^\r\xd1\x9b\xd5\x06\xbc$\xc9[\x8e[', 0x1, 0x50, 0x0) 1.096626707s ago: executing program 1 (id=16): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x19, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0xb}, 0x18) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0) sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r1, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4000) 1.065987215s ago: executing program 0 (id=1): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x4}, 0x18) r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80006f, 0x81501) ioctl$USBDEVFS_ALLOC_STREAMS(r2, 0x8008551c, &(0x7f0000000080)={0xfe9c, 0x1, [{0xb}]}) 719.584353ms ago: executing program 1 (id=17): socket$kcm(0x11, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a0000000212", 0x6) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x4000050, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000080000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f28bd421850000008200000095"], 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x0, &(0x7f0000000780)}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4a, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = syz_open_procfs(0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000002, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r5, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) syncfs(r4) 719.396087ms ago: executing program 0 (id=18): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r2, 0x0, 0x29, 0x0, 0x1c) 283.131492ms ago: executing program 0 (id=19): mount$9p_fd(0x0, 0x0, 0x0, 0x1000800, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2, 0x0, 0x6}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) bind$rds(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5") syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 228.255572ms ago: executing program 2 (id=20): bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000004000000040000000a"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0) 0s ago: executing program 1 (id=21): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x8, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3000000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000640)='syzkaller\x00', 0x7}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. [ 83.991157][ T5812] cgroup: Unknown subsys name 'net' [ 84.138063][ T5812] cgroup: Unknown subsys name 'cpuset' [ 84.147569][ T5812] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.823359][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.215201][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.223705][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.231378][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.244894][ T5147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.254861][ T5147] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.297929][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.306163][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.313728][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.322205][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.330541][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.351805][ T5147] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.384200][ T5147] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.394183][ T5147] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.395580][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.410272][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.410320][ T5147] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.418271][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.432797][ T5147] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.433413][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.453106][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.529723][ T5830] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.537977][ T5830] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.546028][ T5830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.554651][ T5830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.562429][ T5830] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.067034][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 89.275342][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 89.371669][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 89.435450][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 89.557416][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.565177][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.572508][ T5834] bridge_slave_0: entered allmulticast mode [ 89.580359][ T5834] bridge_slave_0: entered promiscuous mode [ 89.607752][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 89.632563][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.639851][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.647100][ T5834] bridge_slave_1: entered allmulticast mode [ 89.655466][ T5834] bridge_slave_1: entered promiscuous mode [ 89.679176][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.686380][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.693780][ T5837] bridge_slave_0: entered allmulticast mode [ 89.701239][ T5837] bridge_slave_0: entered promiscuous mode [ 89.741571][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.749682][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.757192][ T5837] bridge_slave_1: entered allmulticast mode [ 89.764807][ T5837] bridge_slave_1: entered promiscuous mode [ 89.835522][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.891878][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.901348][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.909129][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.916630][ T5827] bridge_slave_0: entered allmulticast mode [ 89.924554][ T5827] bridge_slave_0: entered promiscuous mode [ 89.952327][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.974489][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.981709][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.989159][ T5827] bridge_slave_1: entered allmulticast mode [ 89.997305][ T5827] bridge_slave_1: entered promiscuous mode [ 90.006845][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.014132][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.021340][ T5823] bridge_slave_0: entered allmulticast mode [ 90.028876][ T5823] bridge_slave_0: entered promiscuous mode [ 90.051801][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.089617][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.096917][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.104833][ T5823] bridge_slave_1: entered allmulticast mode [ 90.112087][ T5823] bridge_slave_1: entered promiscuous mode [ 90.145530][ T5834] team0: Port device team_slave_0 added [ 90.177798][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.185088][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.192275][ T5831] bridge_slave_0: entered allmulticast mode [ 90.200104][ T5831] bridge_slave_0: entered promiscuous mode [ 90.222934][ T5834] team0: Port device team_slave_1 added [ 90.231448][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.263599][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.271438][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.278806][ T5831] bridge_slave_1: entered allmulticast mode [ 90.286383][ T5831] bridge_slave_1: entered promiscuous mode [ 90.295613][ T5837] team0: Port device team_slave_0 added [ 90.315071][ T5830] Bluetooth: hci0: command tx timeout [ 90.334549][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.347158][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.372082][ T5837] team0: Port device team_slave_1 added [ 90.379169][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.386607][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.412885][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.413137][ T5830] Bluetooth: hci1: command tx timeout [ 90.442359][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.474575][ T52] Bluetooth: hci2: command tx timeout [ 90.480334][ T5830] Bluetooth: hci3: command tx timeout [ 90.487967][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.495605][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.521902][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.560821][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.595704][ T5827] team0: Port device team_slave_0 added [ 90.617145][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.627288][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.635002][ T5830] Bluetooth: hci4: command tx timeout [ 90.640550][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.667035][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.680004][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.687089][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.713114][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.726876][ T5827] team0: Port device team_slave_1 added [ 90.734606][ T5823] team0: Port device team_slave_0 added [ 90.774753][ T5823] team0: Port device team_slave_1 added [ 90.834655][ T5831] team0: Port device team_slave_0 added [ 90.858813][ T5834] hsr_slave_0: entered promiscuous mode [ 90.865845][ T5834] hsr_slave_1: entered promiscuous mode [ 90.874663][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.881626][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.908428][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.934628][ T5831] team0: Port device team_slave_1 added [ 90.954602][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.961564][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.987832][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.000749][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.008155][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.034597][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.080971][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.088247][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.114838][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.156365][ T5837] hsr_slave_0: entered promiscuous mode [ 91.162788][ T5837] hsr_slave_1: entered promiscuous mode [ 91.169921][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 91.175958][ T5837] Cannot create hsr debugfs directory [ 91.199457][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.206587][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.232714][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.255668][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.262713][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.289201][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.411524][ T5823] hsr_slave_0: entered promiscuous mode [ 91.418083][ T5823] hsr_slave_1: entered promiscuous mode [ 91.425368][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 91.431299][ T5823] Cannot create hsr debugfs directory [ 91.456961][ T5827] hsr_slave_0: entered promiscuous mode [ 91.463625][ T5827] hsr_slave_1: entered promiscuous mode [ 91.470431][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 91.476227][ T5827] Cannot create hsr debugfs directory [ 91.587219][ T5831] hsr_slave_0: entered promiscuous mode [ 91.593698][ T5831] hsr_slave_1: entered promiscuous mode [ 91.601074][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 91.607355][ T5831] Cannot create hsr debugfs directory [ 91.928793][ T24] cfg80211: failed to load regulatory.db [ 92.136127][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.151662][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.179870][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.191774][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.289605][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.305017][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.318113][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.350001][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.394444][ T5830] Bluetooth: hci0: command tx timeout [ 92.451928][ T5827] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.467423][ T5827] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.483707][ T5827] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.490615][ T5830] Bluetooth: hci1: command tx timeout [ 92.500180][ T5827] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.554025][ T52] Bluetooth: hci2: command tx timeout [ 92.559776][ T5830] Bluetooth: hci3: command tx timeout [ 92.657446][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.673627][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.693430][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.714044][ T5830] Bluetooth: hci4: command tx timeout [ 92.736019][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.835993][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.865175][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.877707][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.888883][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.902118][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.979165][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.028140][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.035452][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.047512][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.054696][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.093685][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.132798][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.191011][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.202345][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.230921][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.238158][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.265077][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.272223][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.297447][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.304612][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.333471][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.340799][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.378672][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.476163][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.523485][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.569800][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.603769][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.611048][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.642501][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.649676][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.662156][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.669314][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.680008][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.687173][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.789700][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.082628][ T5834] veth0_vlan: entered promiscuous mode [ 94.111402][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.176189][ T5834] veth1_vlan: entered promiscuous mode [ 94.323025][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.371846][ T5834] veth0_macvtap: entered promiscuous mode [ 94.397177][ T5834] veth1_macvtap: entered promiscuous mode [ 94.417484][ T5837] veth0_vlan: entered promiscuous mode [ 94.441777][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.475003][ T5830] Bluetooth: hci0: command tx timeout [ 94.499021][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.519383][ T5837] veth1_vlan: entered promiscuous mode [ 94.538813][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.559519][ T5830] Bluetooth: hci1: command tx timeout [ 94.588893][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.598516][ T34] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.614528][ T34] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.635538][ T5830] Bluetooth: hci3: command tx timeout [ 94.635668][ T52] Bluetooth: hci2: command tx timeout [ 94.644742][ T34] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.673386][ T34] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.782583][ T5837] veth0_macvtap: entered promiscuous mode [ 94.794311][ T52] Bluetooth: hci4: command tx timeout [ 94.817863][ T5831] veth0_vlan: entered promiscuous mode [ 94.829705][ T5837] veth1_macvtap: entered promiscuous mode [ 94.886552][ T5831] veth1_vlan: entered promiscuous mode [ 94.886935][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.906546][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.958212][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.989676][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.995959][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.998288][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.013681][ T5827] veth0_vlan: entered promiscuous mode [ 95.037881][ T5823] veth0_vlan: entered promiscuous mode [ 95.067220][ T5831] veth0_macvtap: entered promiscuous mode [ 95.075455][ T146] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.103767][ T146] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.106733][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.115375][ T146] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.144943][ T5827] veth1_vlan: entered promiscuous mode [ 95.158365][ T146] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.168058][ T5831] veth1_macvtap: entered promiscuous mode [ 95.224780][ T5823] veth1_vlan: entered promiscuous mode [ 95.340462][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.401759][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.411056][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.426662][ T5827] veth0_macvtap: entered promiscuous mode [ 95.439084][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.463651][ T5944] netlink: 'syz.3.6': attribute type 13 has an invalid length. [ 95.463740][ T60] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.482890][ T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.555848][ T5827] veth1_macvtap: entered promiscuous mode [ 95.569439][ T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.579067][ T60] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.612582][ T5823] veth0_macvtap: entered promiscuous mode [ 95.663733][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.673255][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.687997][ T5823] veth1_macvtap: entered promiscuous mode [ 95.736978][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.750971][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.821530][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.881948][ T146] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.905154][ T146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.956609][ T146] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.968922][ T146] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.981743][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.030717][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.055281][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.085206][ T1315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.116398][ T1315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.207224][ T1315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.218473][ T1315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.280428][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.297636][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.464806][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.472772][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.554482][ T52] Bluetooth: hci0: command tx timeout [ 96.587876][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.634258][ T52] Bluetooth: hci1: command tx timeout [ 96.642940][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.652270][ T30] audit: type=1326 audit(1764344395.860:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5959 comm="syz.2.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37ae38f749 code=0x7ffc0000 [ 96.706786][ T30] audit: type=1326 audit(1764344395.890:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5959 comm="syz.2.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f37ae38f749 code=0x7ffc0000 [ 96.736921][ T5830] Bluetooth: hci3: command tx timeout [ 96.742387][ T52] Bluetooth: hci2: command tx timeout [ 96.772630][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.862401][ T30] audit: type=1326 audit(1764344395.890:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5959 comm="syz.2.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37ae38f749 code=0x7ffc0000 [ 96.884649][ T52] Bluetooth: hci4: command tx timeout [ 96.890534][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.937930][ T30] audit: type=1326 audit(1764344395.910:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5959 comm="syz.2.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37ae38f749 code=0x7ffc0000 [ 96.989390][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.014645][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.275589][ T5972] mmap: syz.3.14 (5972) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 97.415704][ T5980] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5'. [ 97.434281][ T5982] smc: net device bond0 applied user defined pnetid SYZ0 [ 97.458584][ T5982] smc: net device bond0 erased user defined pnetid SYZ0 [ 97.720806][ T30] audit: type=1326 audit(1764344396.940:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5986 comm="syz.1.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0598f749 code=0x7ffc0000 [ 97.778637][ T30] audit: type=1326 audit(1764344396.940:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5986 comm="syz.1.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0a0598df90 code=0x7ffc0000 [ 97.815248][ T30] audit: type=1326 audit(1764344396.940:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5986 comm="syz.1.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0a0598df90 code=0x7ffc0000 [ 97.853617][ T30] audit: type=1326 audit(1764344396.940:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5986 comm="syz.1.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0598f749 code=0x7ffc0000 [ 97.894469][ T30] audit: type=1326 audit(1764344396.940:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5986 comm="syz.1.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f0a0598f749 code=0x7ffc0000 [ 97.937528][ T30] audit: type=1326 audit(1764344396.940:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5986 comm="syz.1.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0598f749 code=0x7ffc0000 [ 98.226148][ T5993] loop0: detected capacity change from 0 to 512 [ 98.275561][ T5976] ================================================================== [ 98.283699][ T5976] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40 [ 98.291190][ T5976] Read of size 1 at addr ffff888032b91458 by task syz.4.5/5976 [ 98.298752][ T5976] [ 98.301116][ T5976] CPU: 0 UID: 0 PID: 5976 Comm: syz.4.5 Not tainted syzkaller #0 PREEMPT(full) [ 98.301141][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 98.301162][ T5976] Call Trace: [ 98.301170][ T5976] [ 98.301179][ T5976] dump_stack_lvl+0x189/0x250 [ 98.301207][ T5976] ? __virt_addr_valid+0x1c8/0x5c0 [ 98.301235][ T5976] ? rcu_is_watching+0x15/0xb0 [ 98.301259][ T5976] ? __kasan_check_byte+0x12/0x40 [ 98.301283][ T5976] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.301306][ T5976] ? rcu_is_watching+0x15/0xb0 [ 98.301330][ T5976] ? lock_release+0x4b/0x3b0 [ 98.301353][ T5976] ? __virt_addr_valid+0x1c8/0x5c0 [ 98.301379][ T5976] ? __virt_addr_valid+0x4a5/0x5c0 [ 98.301408][ T5976] print_report+0xca/0x240 [ 98.301440][ T5976] ? _raw_spin_lock+0x2e/0x40 [ 98.301459][ T5976] kasan_report+0x118/0x150 [ 98.301484][ T5976] ? _raw_spin_lock+0x2e/0x40 [ 98.301506][ T5976] ? mqueue_flush_file+0x49/0x270 [ 98.301531][ T5976] __kasan_check_byte+0x2a/0x40 [ 98.301554][ T5976] lock_acquire+0x84/0x340 [ 98.301580][ T5976] ? __pfx_mqueue_flush_file+0x10/0x10 [ 98.301604][ T5976] _raw_spin_lock+0x2e/0x40 [ 98.301623][ T5976] ? mqueue_flush_file+0x49/0x270 [ 98.301646][ T5976] mqueue_flush_file+0x49/0x270 [ 98.301670][ T5976] ? filp_flush+0xae/0x190 [ 98.301699][ T5976] ? __pfx_mqueue_flush_file+0x10/0x10 [ 98.301723][ T5976] filp_flush+0xbd/0x190 [ 98.301752][ T5976] filp_close+0x1d/0x40 [ 98.301779][ T5976] put_files_struct+0x1ba/0x350 [ 98.301808][ T5976] do_exit+0x67f/0x2310 [ 98.301834][ T5976] ? preempt_schedule+0xae/0xc0 [ 98.301856][ T5976] ? preempt_schedule_common+0x83/0xd0 [ 98.301878][ T5976] ? preempt_schedule+0xae/0xc0 [ 98.301898][ T5976] ? __pfx_preempt_schedule+0x10/0x10 [ 98.301919][ T5976] ? __pfx_do_exit+0x10/0x10 [ 98.301948][ T5976] ? preempt_schedule_thunk+0x16/0x30 [ 98.301984][ T5976] do_group_exit+0x21c/0x2d0 [ 98.302014][ T5976] __x64_sys_exit_group+0x3f/0x40 [ 98.302042][ T5976] x64_sys_call+0x2210/0x2210 [ 98.302087][ T5976] do_syscall_64+0xfa/0xf80 [ 98.302112][ T5976] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.302133][ T5976] ? clear_bhb_loop+0x60/0xb0 [ 98.302157][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.302178][ T5976] RIP: 0033:0x7f688518f749 [ 98.302202][ T5976] Code: Unable to access opcode bytes at 0x7f688518f71f. [ 98.302213][ T5976] RSP: 002b:00007ffdff9bbca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 98.302235][ T5976] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f688518f749 [ 98.302250][ T5976] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.302263][ T5976] RBP: 0000000000000003 R08: 00000017ff9bbd9f R09: 00007f68853b4280 [ 98.302277][ T5976] R10: 00000000000001ac R11: 0000000000000246 R12: 0000000000000000 [ 98.302289][ T5976] R13: 00007f68853b4280 R14: 0000000000000003 R15: 00007ffdff9bbd60 [ 98.302312][ T5976] [ 98.302319][ T5976] [ 98.583134][ T5976] Allocated by task 5980: [ 98.587465][ T5976] kasan_save_track+0x3e/0x80 [ 98.592159][ T5976] __kasan_slab_alloc+0x6c/0x80 [ 98.597015][ T5976] kmem_cache_alloc_lru_noprof+0x36c/0x6e0 [ 98.602836][ T5976] mqueue_alloc_inode+0x28/0x40 [ 98.607696][ T5976] alloc_inode+0x6a/0x1b0 [ 98.612037][ T5976] new_inode+0x22/0x170 [ 98.616199][ T5976] mqueue_get_inode+0x27/0xb50 [ 98.620981][ T5976] mqueue_create_attr+0x1ac/0x2e0 [ 98.626011][ T5976] vfs_mkobj+0xcf/0x290 [ 98.630181][ T5976] do_mq_open+0x60d/0x7c0 [ 98.634520][ T5976] __x64_sys_mq_open+0x16a/0x1c0 [ 98.639463][ T5976] do_syscall_64+0xfa/0xf80 [ 98.643977][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.649892][ T5976] [ 98.652214][ T5976] Freed by task 5976: [ 98.656194][ T5976] kasan_save_track+0x3e/0x80 [ 98.660873][ T5976] kasan_save_free_info+0x46/0x50 [ 98.665903][ T5976] __kasan_slab_free+0x5c/0x80 [ 98.670682][ T5976] kmem_cache_free+0x197/0x620 [ 98.675492][ T5976] rcu_core+0xd70/0x1870 [ 98.679759][ T5976] handle_softirqs+0x27d/0x850 [ 98.684531][ T5976] __irq_exit_rcu+0xca/0x1f0 [ 98.689134][ T5976] irq_exit_rcu+0x9/0x30 [ 98.693382][ T5976] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 98.699027][ T5976] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 98.705020][ T5976] [ 98.707347][ T5976] Last potentially related work creation: [ 98.713061][ T5976] kasan_save_stack+0x3e/0x60 [ 98.717745][ T5976] kasan_record_aux_stack+0xbd/0xd0 [ 98.722953][ T5976] call_rcu+0x157/0x9c0 [ 98.727124][ T5976] evict+0x931/0xae0 [ 98.731045][ T5976] __dentry_kill+0x209/0x660 [ 98.735682][ T5976] finish_dput+0xc9/0x480 [ 98.740020][ T5976] __fput+0x68e/0xa70 [ 98.744006][ T5976] task_work_run+0x1d4/0x260 [ 98.748606][ T5976] exit_to_user_mode_loop+0xff/0x4f0 [ 98.753900][ T5976] do_syscall_64+0x2e3/0xf80 [ 98.758498][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.764393][ T5976] [ 98.766777][ T5976] The buggy address belongs to the object at ffff888032b91440 [ 98.766777][ T5976] which belongs to the cache mqueue_inode_cache of size 1576 [ 98.781537][ T5976] The buggy address is located 24 bytes inside of [ 98.781537][ T5976] freed 1576-byte region [ffff888032b91440, ffff888032b91a68) [ 98.795342][ T5976] [ 98.797670][ T5976] The buggy address belongs to the physical page: [ 98.804110][ T5976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32b90 [ 98.812884][ T5976] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 98.821380][ T5976] memcg:ffff888027889101 [ 98.825625][ T5976] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 98.833181][ T5976] page_type: f5(slab) [ 98.837169][ T5976] raw: 00fff00000000040 ffff888144ad4a00 dead000000000122 0000000000000000 [ 98.845757][ T5976] raw: 0000000000000000 0000000080120012 00000000f5000000 ffff888027889101 [ 98.854351][ T5976] head: 00fff00000000040 ffff888144ad4a00 dead000000000122 0000000000000000 [ 98.863021][ T5976] head: 0000000000000000 0000000080120012 00000000f5000000 ffff888027889101 [ 98.871695][ T5976] head: 00fff00000000003 ffffea0000cae401 00000000ffffffff 00000000ffffffff [ 98.880365][ T5976] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 98.889038][ T5976] page dumped because: kasan: bad access detected [ 98.895459][ T5976] page_owner tracks the page as allocated [ 98.901172][ T5976] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5823, tgid 5823 (syz-executor), ts 88273696303, free_ts 88196266368 [ 98.922569][ T5976] post_alloc_hook+0x234/0x290 [ 98.927344][ T5976] get_page_from_freelist+0x2365/0x2440 [ 98.932898][ T5976] __alloc_frozen_pages_noprof+0x181/0x370 [ 98.938707][ T5976] alloc_pages_mpol+0x232/0x4a0 [ 98.943564][ T5976] allocate_slab+0x86/0x3b0 [ 98.948072][ T5976] ___slab_alloc+0xf2b/0x1960 [ 98.952756][ T5976] __slab_alloc+0x65/0x100 [ 98.957178][ T5976] kmem_cache_alloc_lru_noprof+0x3fe/0x6e0 [ 98.963001][ T5976] mqueue_alloc_inode+0x28/0x40 [ 98.967865][ T5976] alloc_inode+0x6a/0x1b0 [ 98.972200][ T5976] new_inode+0x22/0x170 [ 98.976369][ T5976] mqueue_fill_super+0xdc/0x380 [ 98.981232][ T5976] get_tree_nodev+0xbb/0x150 [ 98.985823][ T5976] vfs_get_tree+0x92/0x2a0 [ 98.990250][ T5976] fc_mount_longterm+0x1c/0x100 [ 98.995105][ T5976] mq_init_ns+0x275/0x360 [ 98.999438][ T5976] page last free pid 5824 tgid 5824 stack trace: [ 99.005761][ T5976] __free_frozen_pages+0xbc8/0xd30 [ 99.010876][ T5976] __put_partials+0x146/0x170 [ 99.015580][ T5976] put_cpu_partial+0x1f2/0x2d0 [ 99.020356][ T5976] __slab_free+0x288/0x2a0 [ 99.024781][ T5976] qlist_free_all+0x97/0x100 [ 99.029370][ T5976] kasan_quarantine_reduce+0x148/0x160 [ 99.035046][ T5976] __kasan_slab_alloc+0x22/0x80 [ 99.039904][ T5976] kmem_cache_alloc_node_noprof+0x43c/0x720 [ 99.045812][ T5976] __alloc_skb+0x255/0x430 [ 99.050237][ T5976] alloc_skb_with_frags+0xca/0x890 [ 99.055356][ T5976] sock_alloc_send_pskb+0x84d/0x980 [ 99.060574][ T5976] unix_dgram_sendmsg+0x454/0x1840 [ 99.065688][ T5976] sock_sendmsg_nosec+0x18f/0x1d0 [ 99.070728][ T5976] sock_write_iter+0x2d9/0x3d0 [ 99.075508][ T5976] vfs_write+0x5c9/0xb30 [ 99.079752][ T5976] ksys_write+0x145/0x250 [ 99.084090][ T5976] [ 99.086423][ T5976] Memory state around the buggy address: [ 99.092053][ T5976] ffff888032b91300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 99.100124][ T5976] ffff888032b91380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 99.108190][ T5976] >ffff888032b91400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 99.116254][ T5976] ^ [ 99.123186][ T5976] ffff888032b91480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.131252][ T5976] ffff888032b91500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.139322][ T5976] ================================================================== [ 99.149968][ T5976] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 99.157206][ T5976] CPU: 0 UID: 0 PID: 5976 Comm: syz.4.5 Not tainted syzkaller #0 PREEMPT(full) [ 99.166249][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 99.176342][ T5976] Call Trace: [ 99.179668][ T5976] [ 99.182617][ T5976] dump_stack_lvl+0x99/0x250 [ 99.187232][ T5976] ? __asan_memcpy+0x40/0x70 [ 99.191850][ T5976] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.197071][ T5976] ? __pfx__printk+0x10/0x10 [ 99.201703][ T5976] vpanic+0x237/0x6d0 [ 99.205716][ T5976] ? __pfx_vpanic+0x10/0x10 [ 99.210251][ T5976] ? irqentry_exit+0x5dd/0x660 [ 99.215037][ T5976] ? trace_irq_disable+0x37/0x100 [ 99.220085][ T5976] panic+0xb9/0xc0 [ 99.223817][ T5976] ? __pfx_panic+0x10/0x10 [ 99.228254][ T5976] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 99.234156][ T5976] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 99.240495][ T5976] ? _raw_spin_lock+0x2e/0x40 [ 99.245176][ T5976] check_panic_on_warn+0x89/0xb0 [ 99.250131][ T5976] ? _raw_spin_lock+0x2e/0x40 [ 99.254812][ T5976] end_report+0x6f/0x140 [ 99.259062][ T5976] kasan_report+0x129/0x150 [ 99.263584][ T5976] ? _raw_spin_lock+0x2e/0x40 [ 99.268291][ T5976] ? mqueue_flush_file+0x49/0x270 [ 99.273496][ T5976] __kasan_check_byte+0x2a/0x40 [ 99.278353][ T5976] lock_acquire+0x84/0x340 [ 99.282781][ T5976] ? __pfx_mqueue_flush_file+0x10/0x10 [ 99.288257][ T5976] _raw_spin_lock+0x2e/0x40 [ 99.292763][ T5976] ? mqueue_flush_file+0x49/0x270 [ 99.297808][ T5976] mqueue_flush_file+0x49/0x270 [ 99.302694][ T5976] ? filp_flush+0xae/0x190 [ 99.307142][ T5976] ? __pfx_mqueue_flush_file+0x10/0x10 [ 99.312700][ T5976] filp_flush+0xbd/0x190 [ 99.316959][ T5976] filp_close+0x1d/0x40 [ 99.321130][ T5976] put_files_struct+0x1ba/0x350 [ 99.325995][ T5976] do_exit+0x67f/0x2310 [ 99.330255][ T5976] ? preempt_schedule+0xae/0xc0 [ 99.335117][ T5976] ? preempt_schedule_common+0x83/0xd0 [ 99.340581][ T5976] ? preempt_schedule+0xae/0xc0 [ 99.345455][ T5976] ? __pfx_preempt_schedule+0x10/0x10 [ 99.350833][ T5976] ? __pfx_do_exit+0x10/0x10 [ 99.355439][ T5976] ? preempt_schedule_thunk+0x16/0x30 [ 99.360830][ T5976] do_group_exit+0x21c/0x2d0 [ 99.365604][ T5976] __x64_sys_exit_group+0x3f/0x40 [ 99.370648][ T5976] x64_sys_call+0x2210/0x2210 [ 99.375338][ T5976] do_syscall_64+0xfa/0xf80 [ 99.379853][ T5976] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.385924][ T5976] ? clear_bhb_loop+0x60/0xb0 [ 99.390607][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.396507][ T5976] RIP: 0033:0x7f688518f749 [ 99.400931][ T5976] Code: Unable to access opcode bytes at 0x7f688518f71f. [ 99.407983][ T5976] RSP: 002b:00007ffdff9bbca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 99.416413][ T5976] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f688518f749 [ 99.424398][ T5976] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.432413][ T5976] RBP: 0000000000000003 R08: 00000017ff9bbd9f R09: 00007f68853b4280 [ 99.440402][ T5976] R10: 00000000000001ac R11: 0000000000000246 R12: 0000000000000000 [ 99.448380][ T5976] R13: 00007f68853b4280 R14: 0000000000000003 R15: 00007ffdff9bbd60 [ 99.456372][ T5976] [ 99.459548][ T5976] Kernel Offset: disabled [ 99.463881][ T5976] Rebooting in 86400 seconds..