last executing test programs: 3.309377081s ago: executing program 0 (id=155): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b0000000700000008000000a6ad6a1a05"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000400)='.\x00', 0xa4000021) close(r2) 3.176851118s ago: executing program 0 (id=156): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x0, 0xff, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) readv(r0, &(0x7f00000005c0)=[{&(0x7f00000000c0)=""/8, 0x8}], 0x1) 911.098525ms ago: executing program 1 (id=158): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a40)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x6}, 0x18) r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x1, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 850.458622ms ago: executing program 1 (id=159): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mbind(&(0x7f00004c9000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x20, 0x2) 738.642246ms ago: executing program 1 (id=160): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xd0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x200, 0x0, 0xfffd]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 660.890626ms ago: executing program 1 (id=161): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff040000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r1 = io_uring_setup(0x258d, &(0x7f0000000640)={0x0, 0x4008272, 0x1, 0x3, 0x288}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000400)=[{0x0}], 0x1) syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46) io_uring_register$IORING_REGISTER_FILES(r1, 0x1e, &(0x7f0000000000)=[r1], 0x1) 561.182709ms ago: executing program 0 (id=162): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a2) r2 = syz_open_dev$loop(&(0x7f0000000440), 0x5, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001600)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) 560.872679ms ago: executing program 1 (id=163): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18) r1 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000b40)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) 409.801878ms ago: executing program 0 (id=164): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) lgetxattr(0x0, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r1, &(0x7f0000000200)=ANY=[], 0xbb) 159.90941ms ago: executing program 0 (id=165): r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0x4}, 0x18) bind$rds(r0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x10, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x0) 326.56µs ago: executing program 1 (id=166): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x0, 0xff, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) readv(r0, &(0x7f00000005c0)=[{&(0x7f00000000c0)=""/8, 0x8}], 0x1) 0s ago: executing program 0 (id=167): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000003, 0x13, r2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:65039' (ED25519) to the list of known hosts. syzkaller login: [ 75.223392][ T3309] cgroup: Unknown subsys name 'net' [ 75.401863][ T3309] cgroup: Unknown subsys name 'cpuset' [ 75.426277][ T3309] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.900662][ T3309] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.311143][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.368996][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.503147][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.517968][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.405440][ T3314] hsr_slave_0: entered promiscuous mode [ 87.412308][ T3314] hsr_slave_1: entered promiscuous mode [ 87.568729][ T3315] hsr_slave_0: entered promiscuous mode [ 87.577405][ T3315] hsr_slave_1: entered promiscuous mode [ 87.583104][ T3315] debugfs: 'hsr0' already exists in 'hsr' [ 87.584916][ T3315] Cannot create hsr debugfs directory [ 88.465326][ T3314] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.493864][ T3314] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.520054][ T3314] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.558491][ T3314] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.720697][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.740618][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.772345][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.795548][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.718203][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.767388][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.933243][ T3315] veth0_vlan: entered promiscuous mode [ 92.977019][ T3315] veth1_vlan: entered promiscuous mode [ 93.154802][ T3314] veth0_vlan: entered promiscuous mode [ 93.206800][ T3315] veth0_macvtap: entered promiscuous mode [ 93.230489][ T3314] veth1_vlan: entered promiscuous mode [ 93.256244][ T3315] veth1_macvtap: entered promiscuous mode [ 93.499281][ T106] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.500159][ T2157] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.515958][ T3314] veth0_macvtap: entered promiscuous mode [ 93.524484][ T2157] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.526363][ T2157] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.548286][ T3314] veth1_macvtap: entered promiscuous mode [ 93.841093][ T185] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.842552][ T185] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.842700][ T185] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.842823][ T185] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.170430][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.268308][ T3470] random: crng reseeded on system resumption [ 95.746099][ T3465] ip6t_rpfilter: unknown options [ 96.430834][ T3488] bridge_slave_0: entered promiscuous mode [ 96.797877][ T3492] Illegal XDP return value 4294967274 on prog (id 1) dev syz_tun, expect packet loss! [ 97.084369][ T30] audit: type=1326 audit(96.870:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3499 comm="syz.1.18" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 97.093552][ T30] audit: type=1326 audit(96.890:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3499 comm="syz.1.18" exe="/syz-executor" sig=0 arch=c00000b7 syscall=208 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 97.101107][ T30] audit: type=1326 audit(96.890:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3499 comm="syz.1.18" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 97.107266][ T30] audit: type=1326 audit(96.890:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3499 comm="syz.1.18" exe="/syz-executor" sig=0 arch=c00000b7 syscall=4 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 97.113443][ T30] audit: type=1326 audit(96.890:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3499 comm="syz.1.18" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 97.116495][ T30] audit: type=1326 audit(96.890:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3499 comm="syz.1.18" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 97.277387][ T3505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 97.285670][ T3505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 97.422989][ T3505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.20'. [ 97.926815][ T3518] netlink: 24 bytes leftover after parsing attributes in process `syz.1.26'. [ 98.530128][ T3431] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 98.560010][ T3431] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 98.979890][ T3537] loop9: detected capacity change from 0 to 7 [ 98.987264][ T3537] Buffer I/O error on dev loop9, logical block 0, async page read [ 98.993795][ T3537] Buffer I/O error on dev loop9, logical block 0, async page read [ 98.997373][ T3537] loop9: unable to read partition table [ 99.006921][ T3537] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 99.006921][ T3537] ) failed (rc=-5) [ 99.204384][ T3534] fido_id[3534]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 100.179772][ T30] audit: type=1326 audit(99.970:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3559 comm="syz.1.44" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 100.184605][ T30] audit: type=1326 audit(99.980:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3559 comm="syz.1.44" exe="/syz-executor" sig=0 arch=c00000b7 syscall=20 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 100.190764][ T30] audit: type=1326 audit(99.980:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3559 comm="syz.1.44" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 100.197108][ T30] audit: type=1326 audit(99.980:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3559 comm="syz.1.44" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 100.634325][ T3569] Zero length message leads to an empty skb [ 100.834533][ T3574] IPv6: NLM_F_CREATE should be specified when creating new route [ 102.396935][ T3593] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.399606][ T3593] x_tables: duplicate underflow at hook 2 [ 103.571272][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 103.577220][ T30] audit: type=1326 audit(103.360:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.585255][ T30] audit: type=1326 audit(103.360:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.592975][ T30] audit: type=1326 audit(103.380:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.597867][ T30] audit: type=1326 audit(103.390:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.603499][ T30] audit: type=1326 audit(103.400:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.608778][ T30] audit: type=1326 audit(103.400:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.616342][ T30] audit: type=1326 audit(103.410:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.618753][ T30] audit: type=1326 audit(103.410:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=135 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 103.620028][ T30] audit: type=1326 audit(103.410:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3604 comm="syz.0.64" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb175c3e8 code=0x7ffc0000 [ 105.571908][ T30] audit: type=1326 audit(105.360:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3619 comm="syz.1.71" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 106.163203][ T3631] netlink: 16 bytes leftover after parsing attributes in process `syz.1.76'. [ 106.432833][ T3635] smc: net device bond0 applied user defined pnetid SYZ0 [ 106.436468][ T3635] smc: net device bond0 erased user defined pnetid SYZ0 [ 111.022236][ T3662] netlink: 'syz.0.88': attribute type 4 has an invalid length. [ 114.233076][ T3685] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.235620][ T3685] xt_CONNSECMARK: invalid mode: 0 [ 117.048736][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 117.050069][ T30] audit: type=1326 audit(116.840:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="syz.1.111" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.054715][ T30] audit: type=1326 audit(116.850:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="syz.1.111" exe="/syz-executor" sig=0 arch=c00000b7 syscall=167 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.056124][ T30] audit: type=1326 audit(116.850:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="gtp" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.061867][ T30] audit: type=1326 audit(116.850:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="gtp" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.064800][ T30] audit: type=1326 audit(116.860:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="gtp" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.066651][ T30] audit: type=1326 audit(116.860:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="gtp" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.069400][ T30] audit: type=1326 audit(116.860:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="gtp" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.074561][ T30] audit: type=1326 audit(116.870:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="gtp" exe="/syz-executor" sig=0 arch=c00000b7 syscall=205 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.078220][ T30] audit: type=1326 audit(116.870:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3709 comm="gtp" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 117.438964][ T3717] netlink: 20 bytes leftover after parsing attributes in process `syz.0.114'. [ 118.195033][ T3735] netlink: 36 bytes leftover after parsing attributes in process `syz.0.123'. [ 119.277770][ T3752] netlink: 12 bytes leftover after parsing attributes in process `syz.0.131'. [ 119.278559][ T3752] netlink: 12 bytes leftover after parsing attributes in process `syz.0.131'. [ 121.055621][ T30] audit: type=1326 audit(120.850:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3787 comm="syz.1.149" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa835c3e8 code=0x7ffc0000 [ 121.380727][ T3796] netlink: 8 bytes leftover after parsing attributes in process `syz.0.152'. [ 121.390871][ T3796] netlink: 32 bytes leftover after parsing attributes in process `syz.0.152'. [ 122.337256][ T3808] netlink: 'syz.1.157': attribute type 13 has an invalid length. [ 123.858203][ T2157] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.858735][ T2157] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.861098][ T2157] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.863377][ T2157] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.354231][ T3819] loop5: detected capacity change from 0 to 7 [ 124.355971][ T3819] Buffer I/O error on dev loop5, logical block 0, async page read [ 124.367588][ T3819] Buffer I/O error on dev loop5, logical block 0, async page read [ 124.369230][ T3819] loop5: unable to read partition table [ 124.369696][ T3819] loop_reread_partitions: partition scan of loop5 (被xڬdGݡ [ 124.369696][ T3819] ) failed (rc=-5) [ 124.934173][ T2157] ================================================================== [ 124.936707][ T2157] BUG: KASAN: slab-use-after-free in defer_free+0x3c/0xbc [ 124.938083][ T2157] Write at addr f6f000000bc0cb60 by task kworker/u8:9/2157 [ 124.938364][ T2157] Pointer tag: [f6], memory tag: [fe] [ 124.938465][ T2157] [ 124.938973][ T2157] CPU: 0 UID: 0 PID: 2157 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT [ 124.939180][ T2157] Hardware name: linux,dummy-virt (DT) [ 124.939435][ T2157] Workqueue: events_unbound bpf_map_free_deferred [ 124.940137][ T2157] Call trace: [ 124.940319][ T2157] show_stack+0x18/0x24 (C) [ 124.940503][ T2157] dump_stack_lvl+0x78/0x90 [ 124.940565][ T2157] print_report+0x108/0x61c [ 124.940591][ T2157] kasan_report+0x88/0xac [ 124.940614][ T2157] __do_kernel_fault+0x170/0x1c8 [ 124.940639][ T2157] do_bad_area+0x68/0x78 [ 124.940663][ T2157] do_tag_check_fault+0x34/0x44 [ 124.940688][ T2157] do_mem_abort+0x44/0x94 [ 124.940711][ T2157] el1_abort+0x44/0x68 [ 124.940735][ T2157] el1h_64_sync_handler+0x50/0xac [ 124.940759][ T2157] el1h_64_sync+0x6c/0x70 [ 124.940840][ T2157] defer_free+0x3c/0xbc (P) [ 124.940876][ T2157] kfree_nolock+0x1a0/0x1d4 [ 124.940900][ T2157] range_tree_destroy+0x74/0x90 [ 124.940925][ T2157] arena_map_free+0x64/0x90 [ 124.940948][ T2157] bpf_map_free_deferred+0x70/0x180 [ 124.940973][ T2157] process_one_work+0x178/0x2cc [ 124.940999][ T2157] worker_thread+0x24c/0x354 [ 124.941022][ T2157] kthread+0x130/0x1fc [ 124.941045][ T2157] ret_from_fork+0x10/0x20 [ 124.941243][ T2157] [ 124.941312][ T2157] Allocated by task 3828: [ 124.941435][ T2157] kasan_save_stack+0x3c/0x64 [ 124.941641][ T2157] save_stack_info+0x40/0x158 [ 124.941661][ T2157] kasan_save_alloc_info+0x14/0x20 [ 124.941684][ T2157] __kasan_kmalloc+0xb4/0xb8 [ 124.941718][ T2157] kmalloc_nolock_noprof+0x1dc/0x4fc [ 124.941756][ T2157] range_tree_set+0x644/0x778 [ 124.941783][ T2157] arena_map_alloc+0x11c/0x17c [ 124.941801][ T2157] map_create+0x19c/0xa98 [ 124.941820][ T2157] __sys_bpf+0x348/0x1a88 [ 124.941836][ T2157] __arm64_sys_bpf+0x24/0x34 [ 124.941859][ T2157] invoke_syscall+0x48/0x110 [ 124.941879][ T2157] el0_svc_common.constprop.0+0x40/0xe0 [ 124.941899][ T2157] do_el0_svc+0x1c/0x28 [ 124.941918][ T2157] el0_svc+0x34/0x128 [ 124.941936][ T2157] el0t_64_sync_handler+0xa0/0xe4 [ 124.941954][ T2157] el0t_64_sync+0x1a4/0x1a8 [ 124.941997][ T2157] [ 124.942026][ T2157] Freed by task 2157: [ 124.942054][ T2157] kasan_save_stack+0x3c/0x64 [ 124.942072][ T2157] save_stack_info+0x40/0x158 [ 124.942088][ T2157] kasan_save_free_info+0x18/0x24 [ 124.942104][ T2157] __kasan_slab_free+0x7c/0x8c [ 124.942120][ T2157] kfree_nolock+0xcc/0x1d4 [ 124.942137][ T2157] range_tree_destroy+0x74/0x90 [ 124.942155][ T2157] arena_map_free+0x64/0x90 [ 124.942172][ T2157] bpf_map_free_deferred+0x70/0x180 [ 124.942191][ T2157] process_one_work+0x178/0x2cc [ 124.942209][ T2157] worker_thread+0x24c/0x354 [ 124.942226][ T2157] kthread+0x130/0x1fc [ 124.942242][ T2157] ret_from_fork+0x10/0x20 [ 124.942263][ T2157] [ 124.942284][ T2157] The buggy address belongs to the object at fff000000bc0cb40 [ 124.942284][ T2157] which belongs to the cache kmalloc-64 of size 64 [ 124.942344][ T2157] The buggy address is located 32 bytes inside of [ 124.942344][ T2157] 64-byte region [fff000000bc0cb40, fff000000bc0cb80) [ 124.942369][ T2157] [ 124.942544][ T2157] The buggy address belongs to the physical page: [ 124.942839][ T2157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfbf000000bc0ca40 pfn:0x4bc0c [ 124.943077][ T2157] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 124.943328][ T2157] page_type: f5(slab) [ 124.943653][ T2157] raw: 01ffc00000000000 fbf0000003001600 dead000000000122 0000000000000000 [ 124.943683][ T2157] raw: fbf000000bc0ca40 0000000080400037 00000000f5000000 0000000000000000 [ 124.943750][ T2157] page dumped because: kasan: bad access detected [ 124.943771][ T2157] [ 124.943789][ T2157] Memory state around the buggy address: [ 124.943973][ T2157] fff000000bc0c900: fe fe fe fe f8 f8 f8 fe fd fd fd fe fd fd fd fe [ 124.944052][ T2157] fff000000bc0ca00: fe fe fe fe fe fe fe fe f7 f7 f7 fe f1 f1 f1 f1 [ 124.944085][ T2157] >fff000000bc0cb00: fd fd fd fe fe fe fe fe fe fe fe fe fe fe fe fe [ 124.944119][ T2157] ^ [ 124.944183][ T2157] fff000000bc0cc00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 124.944198][ T2157] fff000000bc0cd00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 124.944238][ T2157] ================================================================== [ 124.944994][ T2157] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 126.276752][ T185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.316094][ T185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.355705][ T185] bond0 (unregistering): Released all slaves [ 126.445108][ T185] hsr_slave_0: left promiscuous mode [ 126.453245][ T185] hsr_slave_1: left promiscuous mode [ 127.373730][ T185] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.423719][ T185] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.486478][ T185] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.550057][ T185] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.052232][ T185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.102437][ T185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.144192][ T185] bond0 (unregistering): Released all slaves [ 128.283910][ T185] hsr_slave_0: left promiscuous mode [ 128.286538][ T185] hsr_slave_1: left promiscuous mode [ 128.305782][ T185] veth1_macvtap: left promiscuous mode [ 128.306214][ T185] veth0_macvtap: left promiscuous mode [ 128.307272][ T185] veth1_vlan: left promiscuous mode [ 128.310010][ T185] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 06:17:35 Registers: info registers vcpu 0 CPU#0 PC=ffff800080179c94 X00=00165a0bc0000000 X01=0000000000000017 X02=0000000000800000 X03=0000000000800000 X04=0000000000000000 X05=0000001d31b0acc4 X06=00004c4b40000000 X07=ffff800082cc38c8 X08=0000000000000080 X09=ffff8000829e8000 X10=1205bcb4c3a1f1ef X11=ffff800082cc3000 X12=000000000000000b X13=0000000000000000 X14=00000000000000e9 X15=0000000000000000 X16=ffff800082dd8000 X17=fff07ffffcf04000 X18=0000000000000000 X19=ffff800082d07de0 X20=00000000ffffffff X21=0000000000477a0d X22=0000000000000000 X23=0000000000e0108d X24=ffff800082d07cc0 X25=000000003b9aca00 X26=001dcd6500000000 X27=ffff80008018a4d0 X28=0000000000000000 X29=ffff800082ddbd40 X30=ffff800080179b9c SP=ffff800082ddbd40 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000000a2bf:00000000fff88a7b Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b700000008000003:b7fffffff8000002 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:9500000057000000:8500000000000004 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000008000003b7:fffffff800000207 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000005700000085:00000000000004b7 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb1976478:0000ffffb1976470 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb1976488:0000ffffb1976480 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffed3c6f30:0000ffffed3c6f30 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffed3c6f00 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008092e57c X00=ffff800082e05000 X01=0000000000000002 X02=0000000000000000 X03=ffff800082b9de30 X04=f1f00000030e5880 X05=0000000000000032 X06=0000000000000020 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082b9de60 X10=0000000000000001 X11=ffff8000831dbe20 X12=ffff800082acf208 X13=ffff8000831dbb8d X14=ffff8000831dbb98 X15=ffff8000831dba00 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=f8f0000003043012 X20=ffff80008092e534 X21=f1f00000030e5880 X22=f8f0000003043012 X23=ffff80008092e534 X24=0000000000000064 X25=f3f000000323b180 X26=0000000000000001 X27=0000000000000000 X28=0000000000000000 X29=ffff8000831dbca0 X30=ffff80008092e55c SP=ffff8000831dbca0 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6572207265767265:730073250a0d0a0d Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:65725f746e697270:20205d3735313254 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff00ff00000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000f0f0000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:65645f656572665f:70616d5f66706220 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6d6d6f4320373531:32203a4449502030 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4e20393a38752f72:656b726f776b203a Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc8022240:0000ffffc8022240 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffc8022210 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000