last executing test programs: 4.529154353s ago: executing program 2 (id=3): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef36"], &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = socket$inet(0x2, 0x801, 0x0) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0xe000202b}) epoll_pwait(r3, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffff3, 0x0, 0x1a) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000002c0)={0x60000002}) 4.437708024s ago: executing program 2 (id=8): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0xaa46}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c0007800a0001006c696d69740000001c0002800c00024000000000000000050c000140000000000000000414000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) 4.062849762s ago: executing program 2 (id=16): creat(&(0x7f00000000c0)='./file0\x00', 0x1d9) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b0000000500000001000100090000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000170000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='kmem_cache_free\x00', r1, 0x0, 0x4ee}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0x1, 0x550, &(0x7f0000001780)="$eJzs3c9vHFcdAPDvTHYTJ3G6LnCASi2FFiUVZDeuaWtxKEVCcKqEKJyDsTeWlbU3yq7b2KrA+QuQEAIkTnDhgsQfgFRF4sKxQqoEZ5CKQIimIMEBOmh3Z9dhM2uvy/pH1p+PNJ733uzM971dz483M5oJ4NR6OiJeiYgPsix7LiIqeXmaD7HTGzqfe//+m8udIYkse+1vSSR52fAyL+azzUTE178a8e3k4bitre2bS41GqZ+vtddv1Vpb21fX1pdW66v1jYWF+RcXX1p8YfFaxFv/fzsvRcTLX/7TD7/386+8/Nbn3vjj9b9c+U6nWrP59KJ2jKm018Re08vnZoZmuP0hg51EnfaU+5nz481z9xDrAwDAaJ1j/I9ExKcj4rmoxJm9D2cBAACAR1D2xdn4dxKRFTs7ohwAAAB4hKTde2CTtJrfCzAbaVqt9u7h/VhcSBvNVvuzN5qbGyu9e2XnopzeWGvUr+X3Cs9FOenk57vp3fzzQ/mFiHg8In5QOd/NV5ebjZXjPvkBAAAAp8TFof7/Pyq9/j8AAAAwZeb2nlw5qnoAAAAAh2ef/j8AAAAwBfT/AQAAYKp97dVXO0PWf//1yutbmzebr19dqbduVtc3l6vLzdu3qqvN5mr3mX3r+y2v0Wze+nxsbN6pteutdq21tX19vbm50b6+FjNH0iAAAADgIY9/8t7vk4jY+cL57tBx9rgrBRyJ0iCV5OOCtf8Pj/XG7x5RpYAjcWbklHSQevdc8SccJ8CjrTRcMGJdB6ZP+bgrABy7ZJ/pQzfvXBik3s7Hn5p8nQAAgMm6/Ini6/+jrwv07aRHUD3gEFmJ4fQa2s9n3vUDp0f3+v+4N/I4WICpUh6jpw9MtwNe/9/19rgRsuxAFQIAACZutjskaTU/vTcbaVqtRlzqvhagnNxYa9SvRcRjEfG7SvlcJz/fnTPZt88AAAAAAAAAAAAAAAAAAAAAAAAAAPRkWRIZAAAAMNUi0j8nv+49y/9y5dnZ4fMDZ5N/dV8JfDYi3vjJaz+6s9Ru357vlL83KG//OC9//jjOYAAAAADD+v307vifx10bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbN+/ffXO4PY3z8/KTi/vVLETFXFL8UM93xTJQj4sLfkyg9MF8SEWcmEH/nbkR8vCh+0qnWIGRR/El8CfvEj7n8WyiKf3EC8eE0u9fZ/rxStP6l8XR3XLz+lSL+J/9hjd7+xWD7d2bE+n9pzBhPvPPL2sj4dyOeKBVvf/rxkxHxnxkz/re+sb09alr204jL/f1Pd4s3iDDzYKxae/1WrbW1fXVtfWm1vlrfWFiYf3HxpcUXFq/Vbqw16vnfwhjff/JXH+zV/guF+78kr83o9j9bsLyifdJ/3rlz/6P9zM7D8a88UxD/Nz/LP5HHT3bnSfM4n8nTSSSD8mSn930+6Klf/Papvdq/stv+8kF+/yujFjrsoRXlyXH/dQCAQ9Da2r651GjUb09totNLPwHVOPREVun9oielPkOJb753Av/ZvjvRBWZZlnV+gYJJ9yJinOUkMeGWpsX12U2M/FGOecMEAABM3O5B/2SupwMAAAAAAAAAAAAAAAAAAAAHdxRPWRuOufsI5GQSj9AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJiI/wYAAP//in3QFg==") 3.760660068s ago: executing program 2 (id=27): r0 = io_uring_setup(0x7a79, &(0x7f0000001fc0)={0x0, 0xb3da, 0x2, 0x2, 0x104}) io_uring_register$IORING_REGISTER_MEM_REGION(r0, 0x22, &(0x7f0000002100)={&(0x7f00000020c0)={&(0x7f0000002040)="843c", 0x2, 0x1, 0x37075ebc, 0x8}}, 0x1) 3.723806369s ago: executing program 4 (id=29): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a2"], &(0x7f0000000100)='GPL\x00'}, 0x94) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==") syz_mount_image$vfat(&(0x7f0000000300), &(0x7f00000000c0)='./file0\x00', 0x204888, &(0x7f0000000380)=ANY=[@ANYBLOB="756e695f786c6174653d312c696f636861727365743d757466382c0097b75cbdde02821d0f899c2377ee9577397fc18b433d0c59e692b381740ca495e1c145c5922679338b5ff21c0653a98440a5725268a242c0263564f988d3c178704feaf8a412df818275708882ea9a4048c6e458a1f05b83f2e69b965b1df203b21de2b0ee375647f886a5310889982079aa7b1fb42e2382d40feefe7f768eec58b19cf50faaf129503175f4262df740183df51d3641ff78b86127c1db8ef165bfa3bd20797fde6ff91a0e45d3d7c1c6d1ce0a72be8c1fdb00000000"], 0x1, 0x336, &(0x7f0000000880)="$eJzs3cFrI1UcB/DfxrXdXe2mBxEUxIde9DK09R8wyC6IBaVuZfUgzNqphswmJRNWsoi7N/Hm37F49CaI4LkX79689eJxD4uRJm23ienBhTSWfD4Q3i/z8mXeJEz4XZJ3cPuHu63dKtvNe1F7N8XViKg9jliNWhy7dDTWhvVSnPYw3q7f/uO1jz/97IPG5uaNrZRuNm69s5FSuv76L19/8+Mbv/Ze+OSn6z8vx/7q5wd/bfy5//L+Kwd/3/qqWaVmldqdXsrTnU6nl98pi7TTrFpZSh+VRV4Vqdmuiu7Y/G7Z2dvrp7y9s3Jtr1tUVcrb/dQq+qnXSb1uP+Vf5s12yrIsrVyLxfIs17v9aGsrb8xgMZyj7ycPXB1/2u028sN7ePlfye1HM10YAPC/NNn/1+LK8Pic+v/jFuW/9/+XFr3/fxb6/0Vw2P8vHd2/4/T/AAAAAAAAAAAAAABwETweDOqDwaB+PE4+5r0+Zsvnv9hO/XDvSkT53b3te9ujcTTf2I1mlFHEWtTjScTgxKi++f7mjbU0tBordx+M8ofjc+P59ajH6vT8ekpp8CCl8fzzw3+0OMlvRD1emp7fGJ1/Ir8Ub715Kp9FPX7/IjpRxk4cZp/mv11P6b0PNyfyy8PXAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAYsnRi6v79WXbW/Ch/sr/+WtTjyfT9+dem7s9/OV69PN9rBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBjVf9+Ky/Lonv+xcM4Y2pwZF4LO/8iYman+O3FOOt9VijOLub9zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn7+mm3/NeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPNU9e+38rIsujMs5n2NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF8k/AQAA//8A7ioD") syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aa"], 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) 3.66280576s ago: executing program 2 (id=32): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, &(0x7f0000000000)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x4) 3.315024536s ago: executing program 4 (id=41): bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x40002100, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10) r2 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f0000000940)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac928636f424ecdb120000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158f8584ae12e1bf5d15a92548c819419ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4", 0x95, 0x2400c8c4, 0x0, 0x0) 3.13590554s ago: executing program 4 (id=42): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x2}}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x84}}, 0x0) 3.067066351s ago: executing program 4 (id=44): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="10030600e0ff020004004788aa96a13b", 0x10, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0xff}, 0x14) 3.064552672s ago: executing program 4 (id=45): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8ab8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_usb_connect(0x0, 0x64, &(0x7f0000001e00)=ANY=[], 0x0) 1.346196905s ago: executing program 1 (id=82): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000000380)=0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f0000000140)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 1.125640939s ago: executing program 1 (id=86): bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r1, &(0x7f00000000c0)="00008828", 0x59, 0x20008040, &(0x7f0000000000)={0x11, 0x8100, r2, 0x1, 0xfb, 0x6, @local}, 0x14) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, 0x0) 1.06301958s ago: executing program 1 (id=87): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x10, 0x10}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}}, 0x0) 1.0520925s ago: executing program 1 (id=90): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x924}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x9fc, 0x8000, 0xfffffc80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x24, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x7, 0x0, 0x2, 0xffffffff, 0x2, 0x810, 0x20000000, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0xbab, 0x0, 0x272, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x7, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40003, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x101, 0x3, 0xfffffffc, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x7, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x1, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x4000d79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0xfffc, 0x6}, {0xff}, 0x0, 0x7f}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x240040c4}, 0x0) 1.032450591s ago: executing program 1 (id=91): io_setup(0x5, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000140)={0x1d, r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) sendmsg$can_bcm(r0, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f0000003e80)=ANY=[@ANYBLOB="01000000020800000100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0300004001"], 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x200060d0) 974.994192ms ago: executing program 1 (id=92): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000407d1ef62c00000000000109022400010000000009040000010300020009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x0, 0xb, 0x6, {0x6, 0xd, "db2dc7b9"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000d00)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000c00)={0x20, 0x1, 0x3, "5bc095"}, 0x0}) 266.885516ms ago: executing program 0 (id=123): r0 = gettid() syz_clone3(&(0x7f0000000400)={0x100000400, 0x0, 0x0, 0x0, {0x24}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0], 0x1}, 0x58) 246.538906ms ago: executing program 0 (id=125): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) io_setup(0x8, &(0x7f0000000240)=0x0) io_destroy(r0) 194.856427ms ago: executing program 3 (id=127): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e24, 0xfffffffe, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000200)=@gcm_128={{0x303}, "f64d87da603fa09a", "ec9580400006000000ba6a6b247009d4", "be164209", '\x00\x00\x00\x00\x00\x00\b\x00'}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f00000013c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000140)=0x40) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000240)="ac", 0x1}], 0x1) 194.740917ms ago: executing program 3 (id=128): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000080)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fcdbdf251800000008000300", @ANYRES32=r2, @ANYBLOB="400030803c0001"], 0x5c}}, 0x20000000) 194.507197ms ago: executing program 3 (id=129): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_open_procfs(0x0, &(0x7f0000000240)='net/tcp\x00') r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 192.710317ms ago: executing program 0 (id=130): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018e58, &(0x7f00000001c0), 0x1, 0x61d, &(0x7f0000001680)="$eJzs3c9rHGUfAPDv7CZp0uZ90768iA2KAQ8tSNOkFqtebOvBHgoW7EHEQ0OT1NDtD5oUbC20BQ8KCiJei/TiP+BdevcmgnrzLFSRioKWrMzsbLtJZps07e4mnc8Hdnfmmdl5nu8+fTrPs5NnJ4DSGkufKhE7IxZPJBEjLduGo7FxLN/vzu9XTqaPJOr1t35LIsnTmvsv5q/b0qckYjAivjsc8b/qynznL10+PVWrN1yN2Ltw5vze+UuX98ydmTo1c2rm7OS+l/cfmHhlcv/kY4lzW/565Oibz3z64XsvzX5f25PEwTje/8F0LItjHepJQeJYjMViHmJrel9EHEgXCj6XzWZNIWzpfDlYn2r+77E/Ip6Kkahmaw0jMfdJTwsHdFS9GlEHSirR/qGkmv2A5th+bePg4x3ulXTP7UONAdDK+Psa343EYDY22nonaRkZNb7b2P4Y8k/zuHtl9Eb6iCXfQ/x1r3b6HkM+7Vy7HhFPF8WfZGXbnkWaxl9ZMtZPImIiIgby8r2+jqxbj9X0iN/DPHwhHiL+1nqoRMTB/DVNP7zO/MeWrXc7fgDK6dah/ESenY3vn//Svkez/xMF/Z/hgnPXevT6/Ne+/9c83w9m/Z7Ksn5Y2mc5VnzI/uUJP3985PN2+bf2/+5eSbJyNPuC3XD7esTosvg/SoPN+z9p/ElB/ae7nDi4tjze+OHXI+22LY1/9Ea346/fjNhVOP653ytNlx5wfXLv7FxtZqLxXJjHN9+++1W7/Hsdf1r/W9vE31L/leXvSz+T82vM4+tjN88MtNk2vGr8lV8GksZ4s3mM96cWFi5MRgwkR/NdWtL3PbgszX2ax0jj3/18cftf8u//+tLjDLUOYFZx/u3Td9ptW0/9t1xMXqyvsQztpPFPr17/K9p/mvbZGvP4852Lz7bbVhB/RB7/0KMEBgAAAAAAACVUya7BJpXxe8uVyvh4Y77s/2NrpXZufuGF2XMXz05H7M7+HrK/0rzSPdJYT9L1yfzvYZvr+5atvxgROyLii+pQtj5+8lxtutfBAwAAAAAAAAAAAAAAAAAAwAaxLZ//37xP9R/Vxvx/oCQ6eYM5YGPT/qG8sva/4hZPQBk4/0N5af9QXto/lJf2D+Wl/UN5af9QXto/lJf2DwAAAABPpB3P3fopiYhrrw5lj9RAvq3a05IBndZfkFa/2oOCAF3nHA/lde/Sv+n/UDpF/f8V/s5/HLDzxQF6IClKzDoH9Qc3/luF7wQAAAAAAAAAAAAAOmDXzvbz/9c0NwDYtEz7g/J6hPn/fjoANjk//Q/lZYwPrDaLf7DdBvP/AQAAAAAAAAAAAKBrhrNHUhnP5wIPR6UyPh7xn4jYHv3J7FxtZiIi/hsRP1b7t6Trk70uNAAAAAAAAAAAAAAAAAAAADxh5i9dPj1Vq81caF34Z0XKk73QvAtqF/J6LR7yXZF0/2MZioieV0rHFvpaUpKIa2nNb4iCXZiPjVGMbKHH/zEBAAAAAAAAAAAAAAAAAEAJtcw9Ljb6ZZdLBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdd//+/51b6HWMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDm9G8AAAD//yhFQh8=") 182.284957ms ago: executing program 3 (id=131): ftruncate(0xffffffffffffffff, 0x2007ffc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x20081e, &(0x7f0000000100), 0x1, 0x502, &(0x7f0000000a00)="$eJzs3c9vI1cdAPCvnV9OmjZp6QEQokspLGi1TuJto6oHKCeEUCVEjyBtQ+KNothxFDulCXvY/g9IVOIER/4Azj3xJyC4cYEDEj8iULMSSFPNeLzrzdob7yaxs/HnI41m3ryxv+/t7rzn+W7iF8DYuhYR9yJiOiI+iIiF/Hwh3+Ld9pZe99nR3fXjo7vrhUiS9/9VyOrTc9H1mtQL+XuWIuLH34/4WeHxuM2Dw+21Wq261y7OLrXqu0vNg8ObW/W1zepmdadSWV1ZXX771luVc+vra/Xp9sFE2sBv/yJt1nxe192Pc/T/JDP1IE5qMiJ+eAHBRmEi78/0qBvCMylGxCsR8Xp2/y/ERPa3CQBcZUmyEMlCdxkAuOqKWQ6sUCznuYD5KBbL5XYO79WYK9YazdaNO439nY12rmwxpop3tmrV5TxXuBhThbS8kh0/LFdOlG9FxMsR8cuZ2axcXm/UNkb5wQcAxtgLJ+b//860538A4IorjboBAMDQmf8BYPyY/wFg/Jj/AWD8mP8BYPyY/wFg/Jj/AWCs/Oi999ItOc6//3rjw4P97caHNzeqze1yfX+9vN7Y2y1vNhqb2Xf21E97v1qjsbvyZux/tPid3WZrqXlweLve2N9p3c6+1/t2dWoovQIAnuTl1z79cyEi7r0zm23RtZaDuRqutuJZXjx7fu0Ahm9i1A0ARsZqXzC+zvCMLz0AV0SPJXofUXrkcT+/OkmS5GKbBVyg61+S/4dx1ZX/91PAMGbk/2F8DZr/Py0/ADx/kqQw6Jr/MeiFAMDlJscP9Hm+fyXf/y7/z4Gfbpy84pOLbBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcbp31f8v5WuDzUSyWyxEvRsRiTBXubNWqyxHxUkT8aWZqJi2vjLjNAMBZFf9eyNf/ur7wxvzJ2unC/ZlsHxE///X7v/pordXa+2N6/t8Pzrc+yc9XRtF+AOA0nXk623c9yH92dHe9sw2zPf/4XkSU2vGPj6bj+EH8yZjM9qWYioi5/xTycluhK3dxFvc+jogv9up/IeazHEh75dOT8dPYLw41fvGR+MWsrr1P/yy+8NSRk4VzaD481z5Nx593e91/xbiW7Xvf/6VshDq7fPxL32r9OBsDH8bvjH8Tfca/a4PGePMPP2gfzT5e93HElycjOrGPu8afTvxCn/hvDBj/L1/56uv96pLfRFyP3vG7Yy216rtLzYPDm1v1tc3qZnWnUlldWV1++9ZblaUsR73Ufzb45zs3XupXl/Z/rk/80in9/8aA/f/t/z74ydeeEP9bX+8VvxivPiF+Oid+c8D4a3O/L/WrS+Nv9Ox/R//+3xgw/l//dvjYsuEAwOg0Dw6312q16t4wDzofJIYa1MEVOEj/1VyCZvQ8+O6wYk3HU70qSZ4pVr8R4zyybsBl0L7Xk+peRNwfdWMAAAAAAAAAAAAAAICehvEbS6PuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfX5wEAAP//90HVog==") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xfecc) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000e00)='./file0\x00', 0x9001) renameat2(r3, 0x0, r3, 0x0, 0x4) 156.766588ms ago: executing program 0 (id=132): bpf$MAP_CREATE(0x0, 0x0, 0x48) fsopen(0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB='-c'], 0x5) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f0000000140)={[{@acl}, {@barrier_val={'barrier', 0x3d, 0x1003}}, {@errors_remount}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x1, 0x4e4, &(0x7f0000002d40)="$eJzs3c9PXFsdAPDvHZgCLc/hqYvnS3w2+gxttDNQbEtcVEyMrppY68YVIgyEMDCEGdpCGkPjH2Bi/BVduXJj4tqYmP4JxqSJ7o0xmkbbunChjrnDHYu8AYaUYSjz+SSn95z763tO4R7m3HMzN4C+dTkiZiJiICKuRkQhW5/LUuzspnS/F88fzacpicbQvb8lkWTrWudKsuWl7LDhiPjaVyK+lXwwbm1re2WuUilvZOVSfXW9VNvavra8OrdUXiqvzUxN3py+NX1jeuLE2nr7S3/+4Xd//uXbv/nsgz/O/vXKt9NqjWbb9rajEzsd7rfb9Hzz/6JlMCI2jhPsDBvI2pPvdUUAAOhI+hn/wxHxyYh4+ZNe1wYAAADohsYXRuNfSUQDAAAAOLdyzWdgk1wxexZgNHK5YnH3Gd6PxsVcpVqrf2axurm2sPus7Fjkc4vLlfJE9qzwWOSTtDzZzL8qX99XnoqItyPi+4WRZrk4X60s9PrmBwAAAPSJS/vG//8o7I7/AQAAgHNmrNcVAAAAALrO+B8AAADOvwPH/8ng6VYEAAAA6Iav3rmTpkbr/dcL97c2V6r3ry2UayvF1c354nx1Y724VK0uNb+zb/Wo81Wq1fXPxdrmw1K9XKuXalvbs6vVzbX6bPO93rPlRuFUmgUAAADs8fYnnvwhiYidz480U+pCti1/9OEz3a0d0E254+2edKsewOkb6HUFgJ7xgC/0rw7G+MA5d8TA/gf7yse8bQAAAJwF4x97rfl/84HwBjOQh/5l/h/6l/l/6F/m/6HPDR29y/BBG357wnUBAAC6ZrSZklwxmwscjVyuWIx4q/lagHyyuFwpT0TEhyLi94X8UFqe7HWlAQAAAAAAAAAAAAAAAAAAAAAAAOAN02gk0QAAAADOtYjcX5LsRf7jhfdH998fuJD8s9BcRsSDn9770cO5en1jMl3/9/+tr/84W3+9tSb1jVO+kwEAAAC0tMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJykF88fzbfSacZ99sWIGGsXfzCGm8vhXxUi4uLLJAb3HJdExMAJxN95HBHvtIufpNWKsawW++PnImKkx/EvnUB86GdP0v5nJr3+8vuuv1xcbi7bX3+DWXpdzy4f1P/lWv1fs59r1/+9dfiph1uZd5/+snRg/McR7w62739a8ZN28S903sZvfn17+6BtjZ9FjB/x9yeNX6qvrpdqW9vXllfnlspL5bWpqcmb07emb0xPlBaXK+Xs37YxvvfxX//nsPZfbBt/t/89sP0R8X6H7f/304fPP3JI/Cufav/zf+eQ+OnvxKezvwPp9vFWfmc3v9d7v/jde4e1f+GA9h/684+IKx22/+rd7/ypw10BgFNQ29pematUyhtdyYx07cwyaaa6diaqIXN2M3ezC/3Yh/e4YwIAAE7cqw/9+7ccY4IHAAAAAAAAAAAAAAAAAAAAeC1d/xKyof//ZoHh3jUVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ/w0AAP//5w/Stg==") mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) 67.08068ms ago: executing program 0 (id=133): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r1, 0x0, 0x2000}, 0x18) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)=@generic={0x0, r2}, 0x18) 66.87579ms ago: executing program 3 (id=134): r0 = socket$nl_route(0x10, 0x3, 0x0) clock_gettime(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0x6611, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x20008010) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0x2}, 0x18) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8004) bpf$MAP_CREATE(0x0, 0x0, 0x48) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r7, 0x40286608, 0x0) r8 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(r8, &(0x7f0000000200)={0x1d, r9}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r9, {0x1}, {0xffff, 0xfff1}, {0x1}}}, 0x24}}, 0x0) 66.72568ms ago: executing program 0 (id=135): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = getpid() ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'gretap0\x00', &(0x7f00000003c0)={'syztnl2\x00', 0x0, 0x8000, 0x40, 0x5, 0xa, {{0x1c, 0x4, 0x1, 0x3f, 0x70, 0x66, 0x0, 0x9, 0x4, 0x0, @multicast2, @rand_addr=0x64010102, {[@rr={0x7, 0xf, 0xa, [@local, @local, @private=0xa010102]}, @end, @rr={0x7, 0x13, 0x2c, [@remote, @multicast1, @broadcast, @rand_addr=0x64010102]}, @timestamp_prespec={0x44, 0x24, 0x8e, 0x3, 0x3, [{@local, 0x3b83}, {@local, 0x8}, {@multicast2, 0xfff}, {@empty, 0x7}]}, @timestamp={0x44, 0x14, 0x8a, 0x0, 0x8, [0x9c7, 0x6, 0x6, 0x2]}]}}}}}) r3 = dup2(r0, r0) bind$xdp(0xffffffffffffffff, &(0x7f0000000040)={0x2c, 0x9, r2, 0x3, r3}, 0x10) socket$key(0xf, 0x3, 0x2) time(0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r9, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x33}, @void}}}, 0x1c}}, 0x4000054) 13.06954ms ago: executing program 4 (id=136): r0 = socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400000013) 0s ago: executing program 3 (id=137): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000940)=0x28, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) sendmmsg$inet6(r0, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a083d9b761b", 0xfff7}], 0x1}, 0xb00}], 0x1, 0x0) 0s ago: executing program 4 (id=138): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close(r0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.175' (ED25519) to the list of known hosts. [ 21.446433][ T30] audit: type=1400 audit(1757192220.938:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.447960][ T273] cgroup: Unknown subsys name 'net' [ 21.469538][ T30] audit: type=1400 audit(1757192220.938:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.497882][ T30] audit: type=1400 audit(1757192220.968:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.498133][ T273] cgroup: Unknown subsys name 'devices' [ 21.643303][ T273] cgroup: Unknown subsys name 'hugetlb' [ 21.649225][ T273] cgroup: Unknown subsys name 'rlimit' [ 21.819786][ T30] audit: type=1400 audit(1757192221.308:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.847740][ T30] audit: type=1400 audit(1757192221.308:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.870130][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.873661][ T30] audit: type=1400 audit(1757192221.308:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.908804][ T30] audit: type=1400 audit(1757192221.378:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.935494][ T30] audit: type=1400 audit(1757192221.378:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.970210][ T30] audit: type=1400 audit(1757192221.458:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.970796][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.997166][ T30] audit: type=1400 audit(1757192221.458:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.217803][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.225360][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.234336][ T281] device bridge_slave_0 entered promiscuous mode [ 23.245522][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.253300][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.261427][ T281] device bridge_slave_1 entered promiscuous mode [ 23.330862][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.338169][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.345795][ T282] device bridge_slave_0 entered promiscuous mode [ 23.367066][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.374182][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.381782][ T282] device bridge_slave_1 entered promiscuous mode [ 23.404665][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.412435][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.420159][ T285] device bridge_slave_0 entered promiscuous mode [ 23.438371][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.446173][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.456064][ T285] device bridge_slave_1 entered promiscuous mode [ 23.516835][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.524528][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.532346][ T284] device bridge_slave_0 entered promiscuous mode [ 23.540974][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.548163][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.555675][ T284] device bridge_slave_1 entered promiscuous mode [ 23.568906][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.576035][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.583808][ T283] device bridge_slave_0 entered promiscuous mode [ 23.602378][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.609535][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.617078][ T283] device bridge_slave_1 entered promiscuous mode [ 23.773529][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.780688][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.788191][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.795227][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.823263][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.830312][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.838214][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.845324][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.854304][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.861384][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.868651][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.875723][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.889741][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.897460][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.905097][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.912449][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.919997][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.927392][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.935810][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.943358][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.973012][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.981384][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.989734][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.996800][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.004593][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.013306][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.022009][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.029163][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.036628][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.069663][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.077520][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.085286][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.093402][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.102053][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.109085][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.117570][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.126570][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.134055][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.141983][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.150838][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.159600][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.194878][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.203901][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.211498][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.219696][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.228350][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.235595][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.243750][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.251811][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.259701][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.267879][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.276004][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.284076][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.292334][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.299534][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.308156][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.331171][ T283] device veth0_vlan entered promiscuous mode [ 24.339403][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.347585][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.356263][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.363747][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.372033][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.380249][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.387290][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.394803][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.403304][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.411517][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.418536][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.426568][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.435145][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.443627][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.452003][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.460311][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.468331][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.476508][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.484179][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.492573][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.500659][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.521446][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.529708][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.537843][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.547107][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.555363][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.564275][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.579191][ T283] device veth1_macvtap entered promiscuous mode [ 24.588257][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.596623][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.605035][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.613442][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.621947][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.629803][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.638079][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.645678][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.655428][ T282] device veth0_vlan entered promiscuous mode [ 24.662682][ T281] device veth0_vlan entered promiscuous mode [ 24.671211][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.679124][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.687308][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.694842][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.709177][ T281] device veth1_macvtap entered promiscuous mode [ 24.716046][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.724386][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.732967][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.741052][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.749315][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.765641][ T282] device veth1_macvtap entered promiscuous mode [ 24.773150][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.781703][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.790049][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.798591][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.807405][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.815575][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.823785][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.833903][ T284] device veth0_vlan entered promiscuous mode [ 24.848607][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.857210][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.865801][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.874003][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.882111][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.890282][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.898687][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.907038][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.915550][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.923134][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.935007][ T285] device veth0_vlan entered promiscuous mode [ 24.942638][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.950565][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.958729][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.967101][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.975862][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.983469][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.999387][ T283] request_module fs-gadgetfs succeeded, but still no fs? [ 25.014624][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.023269][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.032637][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.040754][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.053247][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.062842][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.072319][ T285] device veth1_macvtap entered promiscuous mode [ 25.088379][ T284] device veth1_macvtap entered promiscuous mode [ 25.098273][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.110075][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.119416][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.162457][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.178874][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.188027][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.197487][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.217061][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.233083][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.271916][ T352] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1'. [ 25.569376][ T372] loop2: detected capacity change from 0 to 512 [ 25.586302][ T373] loop1: detected capacity change from 0 to 2048 [ 25.604121][ T377] loop0: detected capacity change from 0 to 1024 [ 25.623698][ T373] loop1: p1 < > p4 [ 25.628735][ T373] loop1: p4 size 8388608 extends beyond EOD, truncated [ 25.639807][ T372] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 25.649408][ T377] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 25.667985][ T377] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 25.689250][ T377] EXT4-fs error (device loop0): ext4_get_journal_inode:5149: inode #5: comm syz.0.18: unexpected bad inode w/o EXT4_IGET_BAD [ 25.709191][ T101] loop1: p1 < > p4 [ 25.714179][ T372] EXT4-fs error (device loop2): ext4_acquire_dquot:6198: comm syz.2.16: Failed to acquire dquot type 1 [ 25.731860][ T101] loop1: p4 size 8388608 extends beyond EOD, truncated [ 25.742941][ T377] EXT4-fs (loop0): no journal found [ 25.748195][ T377] EXT4-fs (loop0): can't get journal size [ 25.754610][ T372] EXT4-fs (loop2): 1 truncate cleaned up [ 25.760407][ T372] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.776023][ T377] EXT4-fs (loop0): too many log groups per flexible block group [ 25.790270][ T377] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 25.799106][ T377] EXT4-fs (loop0): mount failed [ 25.863793][ T379] udevd[379]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 25.874583][ T346] udevd[346]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 25.888256][ T395] loop9: detected capacity change from 0 to 7 [ 25.917545][ T379] udevd[379]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 25.928699][ T335] udevd[335]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 26.049344][ T403] loop4: detected capacity change from 0 to 8192 [ 26.056846][ T414] netlink: 12 bytes leftover after parsing attributes in process `syz.0.31'. [ 26.072045][ T403] ======================================================= [ 26.072045][ T403] WARNING: The mand mount option has been deprecated and [ 26.072045][ T403] and is ignored by this kernel. Remove the mand [ 26.072045][ T403] option from the mount to silence this warning. [ 26.072045][ T403] ======================================================= [ 26.144100][ T403] FAT-fs (loop4): Unrecognized mount option "¢" or missing value [ 26.202761][ T403] loop4: detected capacity change from 0 to 512 [ 26.223206][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 26.231651][ T403] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 26.267478][ T435] loop3: detected capacity change from 0 to 512 [ 26.282312][ T432] loop0: detected capacity change from 0 to 8192 [ 26.331030][ T435] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.352234][ T435] ext4 filesystem being mounted at /5/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 26.373313][ T432] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.386181][ T439] netlink: 96 bytes leftover after parsing attributes in process `syz.4.41'. [ 26.474929][ T30] kauditd_printk_skb: 78 callbacks suppressed [ 26.474944][ T30] audit: type=1400 audit(1757192225.968:150): avc: denied { mounton } for pid=431 comm="syz.0.39" path="/syzcgroup/unified/syz0/file2/bus" dev="loop0" ino=1048595 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 26.514930][ T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.541697][ T432] loop_set_status: loop0 () has still dirty pages (nrpages=2) [ 26.564706][ T30] audit: type=1400 audit(1757192226.058:151): avc: denied { ioctl } for pid=444 comm="syz.4.44" path="socket:[15240]" dev="sockfs" ino=15240 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.658552][ T30] audit: type=1400 audit(1757192226.058:152): avc: denied { write } for pid=444 comm="syz.4.44" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.729237][ T30] audit: type=1326 audit(1757192226.178:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=451 comm="syz.3.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea71ce7be9 code=0x7ffc0000 [ 26.814773][ T30] audit: type=1326 audit(1757192226.178:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=451 comm="syz.3.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea71ce7be9 code=0x7ffc0000 [ 26.901049][ T30] audit: type=1326 audit(1757192226.178:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=451 comm="syz.3.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea71ce7be9 code=0x7ffc0000 [ 26.941229][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.951288][ T286] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 26.964514][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.981179][ T6] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 26.990648][ T30] audit: type=1326 audit(1757192226.178:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=451 comm="syz.3.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea71ce7be9 code=0x7ffc0000 [ 27.036110][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.050323][ T6] usb 2-1: config 0 descriptor?? [ 27.055504][ T30] audit: type=1326 audit(1757192226.178:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=451 comm="syz.3.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea71ce7be9 code=0x7ffc0000 [ 27.086389][ T30] audit: type=1326 audit(1757192226.178:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=451 comm="syz.3.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fea71ce7be9 code=0x7ffc0000 [ 27.128889][ T30] audit: type=1326 audit(1757192226.188:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=451 comm="syz.3.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea71ce7be9 code=0x7ffc0000 [ 27.257056][ T470] netlink: 12 bytes leftover after parsing attributes in process `syz.3.54'. [ 27.281232][ T470] netlink: 36 bytes leftover after parsing attributes in process `syz.3.54'. [ 27.307196][ T470] bridge0: port 3(vlan2) entered blocking state [ 27.313740][ T286] usb 5-1: device descriptor read/64, error -71 [ 27.324552][ T470] bridge0: port 3(vlan2) entered disabled state [ 27.721134][ T286] usb 5-1: device descriptor read/64, error -71 [ 27.728221][ T504] Zero length message leads to an empty skb [ 27.791270][ T6] usbhid 2-1:0.0: can't add hid device: -71 [ 27.797379][ T6] usbhid: probe of 2-1:0.0 failed with error -71 [ 27.814435][ T6] usb 2-1: USB disconnect, device number 2 [ 27.828739][ T512] mmap: syz.3.74 (512) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 27.906071][ T521] loop3: detected capacity change from 0 to 1024 [ 27.945995][ T521] EXT4-fs (loop3): Ignoring removed nobh option [ 27.954619][ T521] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.972447][ T521] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=continue,data_err=abort,init_itable,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b0,noblock_validity,grpquota,nobh,user_xattr,inode_readahead_blks=0x0000000000000004,dioread_nolock,,errors=continue. Quota mode: writeback. [ 28.011127][ T286] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 28.094398][ T525] loop3: detected capacity change from 0 to 1024 [ 28.121732][ T525] EXT4-fs (loop3): Ignoring removed orlov option [ 28.130702][ T525] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 28.261320][ T6] Bluetooth: hci0: command 0x1003 tx timeout [ 28.267379][ T430] Bluetooth: hci0: sending frame failed (-49) [ 28.291141][ T286] usb 5-1: device descriptor read/64, error -71 [ 28.337142][ T536] capability: warning: `syz.3.83' uses deprecated v2 capabilities in a way that may be insecure [ 28.488048][ T539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.84'. [ 28.599876][ T551] serio: Serial port ptm1 [ 28.616407][ T553] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 28.681169][ T286] usb 5-1: device descriptor read/64, error -71 [ 28.801778][ T286] usb usb5-port1: attempt power cycle [ 28.805032][ T564] syz.0.95 (564) used greatest stack depth: 21472 bytes left [ 28.921136][ T39] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 29.211128][ T286] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 29.281876][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.299287][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.310168][ T39] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 29.322879][ T615] bridge0: port 3(gretap0) entered blocking state [ 29.329522][ T615] bridge0: port 3(gretap0) entered disabled state [ 29.337417][ T615] device gretap0 entered promiscuous mode [ 29.343440][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.352036][ T615] bridge0: port 3(gretap0) entered blocking state [ 29.358483][ T615] bridge0: port 3(gretap0) entered forwarding state [ 29.366307][ T39] usb 2-1: config 0 descriptor?? [ 29.381426][ T286] usb 5-1: device descriptor read/8, error -71 [ 29.489254][ T641] loop3: detected capacity change from 0 to 512 [ 29.514731][ T641] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.526127][ T641] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.539160][ T641] EXT4-fs error (device loop3): ext4_lookup:1858: inode #12: comm syz.3.131: iget: bad i_size value: 2533274857506816 [ 29.640436][ T652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.134'. [ 29.651281][ T286] usb 5-1: device descriptor read/8, error -71 [ 29.681403][ T658] ================================================================== [ 29.689508][ T658] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 29.698843][ T658] Read of size 1 at addr ffff88811a2cebf8 by task syz.4.138/658 [ 29.706497][ T658] [ 29.708848][ T658] CPU: 1 PID: 658 Comm: syz.4.138 Not tainted syzkaller #0 [ 29.716051][ T658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 29.726125][ T658] Call Trace: [ 29.729413][ T658] [ 29.732355][ T658] __dump_stack+0x21/0x30 [ 29.736785][ T658] dump_stack_lvl+0xee/0x150 [ 29.741386][ T658] ? show_regs_print_info+0x20/0x20 [ 29.746593][ T658] ? load_image+0x3a0/0x3a0 [ 29.751106][ T658] ? unwind_get_return_address+0x4d/0x90 [ 29.756758][ T658] print_address_description+0x7f/0x2c0 [ 29.762315][ T658] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 29.768830][ T658] kasan_report+0xf1/0x140 [ 29.773254][ T658] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 29.779767][ T658] __asan_report_load1_noabort+0x14/0x20 [ 29.785428][ T658] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 29.791768][ T658] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 29.797929][ T658] ? xfrm_netlink_rcv+0x72/0x90 [ 29.802784][ T658] ? netlink_unicast+0x876/0xa40 [ 29.807723][ T658] ? netlink_sendmsg+0x86a/0xb70 [ 29.812664][ T658] ? ____sys_sendmsg+0x5a2/0x8c0 [ 29.817604][ T658] ? ___sys_sendmsg+0x1f0/0x260 [ 29.822459][ T658] ? x64_sys_call+0x4b/0x9a0 [ 29.827061][ T658] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 29.833151][ T658] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 29.839330][ T658] xfrm_policy_inexact_insert+0x70/0x1130 [ 29.845080][ T658] ? __get_hash_thresh+0x10c/0x420 [ 29.850226][ T658] ? policy_hash_bysel+0x110/0x4f0 [ 29.855343][ T658] xfrm_policy_insert+0x126/0x9a0 [ 29.860376][ T658] ? xfrm_policy_construct+0x54f/0x1f00 [ 29.865936][ T658] xfrm_add_policy+0x4d1/0x830 [ 29.870731][ T658] ? xfrm_dump_sa_done+0xc0/0xc0 [ 29.875682][ T658] xfrm_user_rcv_msg+0x45c/0x6e0 [ 29.880622][ T658] ? xfrm_netlink_rcv+0x90/0x90 [ 29.885481][ T658] ? avc_has_perm_noaudit+0x460/0x460 [ 29.890862][ T658] ? x64_sys_call+0x4b/0x9a0 [ 29.895453][ T658] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 29.900837][ T658] netlink_rcv_skb+0x1e0/0x430 [ 29.905599][ T658] ? xfrm_netlink_rcv+0x90/0x90 [ 29.910473][ T658] ? netlink_ack+0xb60/0xb60 [ 29.915065][ T658] ? wait_for_completion_killable_timeout+0x10/0x10 [ 29.921665][ T658] ? __netlink_lookup+0x387/0x3b0 [ 29.926722][ T658] xfrm_netlink_rcv+0x72/0x90 [ 29.931406][ T658] netlink_unicast+0x876/0xa40 [ 29.936170][ T658] netlink_sendmsg+0x86a/0xb70 [ 29.940931][ T658] ? netlink_getsockopt+0x530/0x530 [ 29.946130][ T658] ? sock_alloc_file+0xba/0x260 [ 29.950986][ T658] ? security_socket_sendmsg+0x82/0xa0 [ 29.956582][ T658] ? netlink_getsockopt+0x530/0x530 [ 29.961792][ T658] ____sys_sendmsg+0x5a2/0x8c0 [ 29.966569][ T658] ? __sys_sendmsg_sock+0x40/0x40 [ 29.971599][ T658] ? import_iovec+0x7c/0xb0 [ 29.976204][ T658] ___sys_sendmsg+0x1f0/0x260 [ 29.980898][ T658] ? __sys_sendmsg+0x250/0x250 [ 29.985675][ T658] ? __fdget+0x1a1/0x230 [ 29.989921][ T658] __x64_sys_sendmsg+0x1e2/0x2a0 [ 29.994861][ T658] ? ___sys_sendmsg+0x260/0x260 [ 29.999806][ T658] ? __kasan_check_write+0x14/0x20 [ 30.005003][ T658] ? switch_fpu_return+0x15d/0x2c0 [ 30.010124][ T658] x64_sys_call+0x4b/0x9a0 [ 30.014644][ T658] do_syscall_64+0x4c/0xa0 [ 30.019060][ T658] ? clear_bhb_loop+0x50/0xa0 [ 30.023743][ T658] ? clear_bhb_loop+0x50/0xa0 [ 30.028440][ T658] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.034333][ T658] RIP: 0033:0x7f74ff82cbe9 [ 30.038746][ T658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 30.058373][ T658] RSP: 002b:00007f74fe295038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 30.066815][ T658] RAX: ffffffffffffffda RBX: 00007f74ffa63fa0 RCX: 00007f74ff82cbe9 [ 30.074782][ T658] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 30.082756][ T658] RBP: 00007f74ff8afe19 R08: 0000000000000000 R09: 0000000000000000 [ 30.090818][ T658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 30.098795][ T658] R13: 00007f74ffa64038 R14: 00007f74ffa63fa0 R15: 00007ffe9f5fd068 [ 30.106780][ T658] [ 30.109801][ T658] [ 30.112118][ T658] Allocated by task 658: [ 30.116349][ T658] __kasan_kmalloc+0xda/0x110 [ 30.121033][ T658] __kmalloc+0x13d/0x2c0 [ 30.125278][ T658] sk_prot_alloc+0xed/0x320 [ 30.129773][ T658] sk_alloc+0x38/0x430 [ 30.133836][ T658] pfkey_create+0x12a/0x660 [ 30.138338][ T658] __sock_create+0x38d/0x7a0 [ 30.142924][ T658] __sys_socket+0xec/0x190 [ 30.147343][ T658] __x64_sys_socket+0x7a/0x90 [ 30.152018][ T658] x64_sys_call+0x8c5/0x9a0 [ 30.156517][ T658] do_syscall_64+0x4c/0xa0 [ 30.160933][ T658] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.166829][ T658] [ 30.169147][ T658] The buggy address belongs to the object at ffff88811a2ce800 [ 30.169147][ T658] which belongs to the cache kmalloc-1k of size 1024 [ 30.183210][ T658] The buggy address is located 1016 bytes inside of [ 30.183210][ T658] 1024-byte region [ffff88811a2ce800, ffff88811a2cec00) [ 30.196787][ T658] The buggy address belongs to the page: [ 30.202431][ T658] page:ffffea000468b200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a2c8 [ 30.212766][ T658] head:ffffea000468b200 order:3 compound_mapcount:0 compound_pincount:0 [ 30.221092][ T658] flags: 0x4000000000010200(slab|head|zone=1) [ 30.227171][ T658] raw: 4000000000010200 ffffea0004680600 0000000500000005 ffff888100043080 [ 30.235751][ T658] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 30.244320][ T658] page dumped because: kasan: bad access detected [ 30.250725][ T658] page_owner tracks the page as allocated [ 30.256432][ T658] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 90, ts 6731286821, free_ts 0 [ 30.275091][ T658] post_alloc_hook+0x192/0x1b0 [ 30.279851][ T658] prep_new_page+0x1c/0x110 [ 30.284357][ T658] get_page_from_freelist+0x2cc5/0x2d50 [ 30.289895][ T658] __alloc_pages+0x18f/0x440 [ 30.294479][ T658] new_slab+0xa1/0x4d0 [ 30.298565][ T658] ___slab_alloc+0x381/0x810 [ 30.303150][ T658] __slab_alloc+0x49/0x90 [ 30.307475][ T658] __kmalloc_track_caller+0x169/0x2c0 [ 30.312842][ T658] __alloc_skb+0x21a/0x740 [ 30.317255][ T658] alloc_skb_with_frags+0xa8/0x620 [ 30.322361][ T658] sock_alloc_send_pskb+0x853/0x980 [ 30.327556][ T658] unix_dgram_sendmsg+0x5ea/0x1880 [ 30.332672][ T658] __sys_sendto+0x423/0x580 [ 30.337170][ T658] __x64_sys_sendto+0xe5/0x100 [ 30.341934][ T658] x64_sys_call+0x178/0x9a0 [ 30.346451][ T658] do_syscall_64+0x4c/0xa0 [ 30.351047][ T658] page_owner free stack trace missing [ 30.356422][ T658] [ 30.358750][ T658] Memory state around the buggy address: [ 30.364377][ T658] ffff88811a2cea80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.372442][ T658] ffff88811a2ceb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.380507][ T658] >ffff88811a2ceb80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 30.388647][ T658] ^ [ 30.396792][ T658] ffff88811a2cec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.404861][ T658] ffff88811a2cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.412933][ T658] ================================================================== [ 30.421078][ T658] Disabling lock debugging due to kernel taint [ 30.428425][ T20] Bluetooth: hci0: command 0x1001 tx timeout [ 30.436044][ T661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.135'. [ 30.473750][ T430] Bluetooth: hci0: sending frame failed (-49) [ 30.761228][ T39] usbhid 2-1:0.0: can't add hid device: -71 [ 30.767263][ T39] usbhid: probe of 2-1:0.0 failed with error -71 [ 30.775228][ T39] usb 2-1: USB disconnect, device number 3 [ 32.501180][ T664] Bluetooth: hci0: command 0x1009 tx timeout