last executing test programs: 3.781666463s ago: executing program 0 (id=9): r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x498, 0x1c8, 0x1c8, 0x1c8, 0x98, 0x360, 0x400, 0x400, 0x400, 0x400, 0x400, 0x6, 0x0, {[{{@ip={@dev={0xac, 0x14, 0x14, 0x2c}, @rand_addr=0x64010101, 0x11000000, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x50, 0x80, 0x1}}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x3, 0x3}}}, {{@ip={@broadcast, @multicast2, 0xff, 0x0, 'lo\x00', 'nr0\x00', {}, {}, 0x84}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x14}}}, {{@ip={@loopback, @empty, 0x0, 0xffffff00, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xa, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4f8) bind$unix(r0, &(0x7f00000005c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$unix(r0, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x45f1, 0x4) recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/57, 0x39}, 0x8}], 0x3ffffffffffff2e, 0x1000400000de, 0x0) 3.661511678s ago: executing program 0 (id=10): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x11e) renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x5, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x0) 3.418444809s ago: executing program 0 (id=11): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4) bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x28040041, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x193a, 0x4) recvmmsg(r0, &(0x7f0000006800)=[{{&(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, 0x0, 0x0, &(0x7f00000015c0)=""/250, 0xfa}, 0x3}, {{0x0, 0x0, &(0x7f0000002a40)=[{0x0}], 0x1}}, {{0x0, 0x0, 0x0}, 0xffffffff}], 0x3, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xce3d, 0x400, 0x1, 0x2}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 840.538234ms ago: executing program 1 (id=22): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8c}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000d00)='kfree\x00', r0}, 0x18) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="5400000010000305000000000307000000000000", @ANYRES32=0x0, @ANYBLOB="20020400061000002c0012800b000100697036746e6c00001c00028014000200fe80005787eeae9326e0cf000000000e0400130008000a002b"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) 805.854198ms ago: executing program 0 (id=23): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=@updpolicy={0x17c, 0x13, 0x1, 0x70bd2b, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x2b, 0x0, 0xee01}, {0x0, 0x0, 0x6}, {0x0, 0x0, 0x7}, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3}, [@tmpl={0xc4, 0x5, [{{@in6=@mcast2, 0x4d6, 0x33}, 0xa, @in=@broadcast, 0x3501, 0x3, 0x3, 0x2, 0x4, 0x9, 0x9}, {{@in=@empty, 0x4d4, 0x32}, 0xa, @in=@multicast2, 0x3503, 0x4, 0x1, 0x59, 0x5, 0x8, 0x8000000}, {{@in6=@loopback, 0x4d6, 0x32}, 0xa, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x1, 0x2, 0xf8, 0x8, 0x2, 0x1}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4010}, 0x4000) 551.32738ms ago: executing program 1 (id=24): r0 = socket$unix(0x1, 0x2, 0x0) ppoll(&(0x7f0000000300)=[{r0, 0x448e}], 0x2e, 0x0, 0x0, 0x0) 550.85792ms ago: executing program 0 (id=25): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fedbdf251800000008000300", @ANYRES32=r3, @ANYBLOB="1800308014000180080001000200e8ff070004"], 0x34}}, 0x8000) 449.303153ms ago: executing program 1 (id=26): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000024d00)={0x0, 0x0, &(0x7f0000024cc0)={&(0x7f0000006dc0)=@newchain={0xf40, 0x64, 0x300, 0x70bd2e, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x7, 0x1}, {0x5, 0x10}, {0xf, 0x2}}, [@f_rsvp={{0x9}, {0xf10, 0x2, [@TCA_RSVP_ACT={0xf0c, 0x6, [@m_connmark={0x88, 0xe, 0x0, 0x0, {{0xd}, {0x58, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x5, 0x0, 0x76, 0x5}, 0x9}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x1ff, 0xffffffffffffffff, 0x0, 0x6}, 0x1cb1}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xc60, 0x7, 0x4, 0x7, 0x8}, 0x9}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_pedit={0xe80, 0x3, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x2, 0x7, 0x7, 0x9, 0x1}, 0xf1, 0x2, [{0x5, 0xaf, 0x1, 0x6, 0x4, 0x7}, {0x1, 0x7fff, 0x0, 0x4, 0x4}]}, [{0x2, 0xffffffff, 0x752b, 0x9, 0x5, 0x2}, {0x6507b03b, 0x1, 0x7, 0xfffffffe, 0x6, 0x5}, {0x4, 0x1, 0x3, 0x8a, 0x6, 0x2}, {0x7, 0x1200000, 0x88d, 0x2, 0x4, 0x2}, {0xffff5cff, 0x4, 0x0, 0x1, 0x40, 0x8001}, {0x6, 0x9, 0x400003, 0x0, 0x8, 0xf}, {0x5, 0x6, 0x2, 0x2, 0x3, 0x3}, {0x3, 0x7fffffff, 0x39cbefbf, 0x3, 0x3, 0x8}, {0x6, 0x0, 0xf, 0x1, 0x9, 0x1000}, {0x80000000, 0xffff, 0x4, 0x4, 0x80}, {0x3ff, 0x4, 0x3a14, 0x56d5, 0x2, 0x2}, {0x2, 0x2, 0x8, 0x7, 0xffffff81}, {0x3, 0xc9d, 0x3, 0x13ee, 0x4, 0x6}, {0x7fffffff, 0x1, 0x8, 0x4e80000, 0xf950, 0x9873}, {0x3772, 0x1182, 0x7, 0x6ae9, 0x79, 0xfb28}, {0x8, 0x6962, 0x0, 0x6, 0x4, 0x157}, {0x12968238, 0x0, 0xffffffff, 0x101, 0x0, 0x6}, {0x8, 0x9, 0xa68c, 0x2, 0x1, 0x80000000}, {0x1, 0x80000001, 0x8, 0x1000, 0x7, 0xa}, {0x6, 0x7, 0x9, 0x7fff, 0x6ffb, 0x7}, {0x2, 0x7bb, 0x10, 0xb6c, 0x9, 0x9}, {0x6, 0x5, 0x80000000, 0x5, 0x40}, {0xfffff2e7, 0x7, 0x3, 0x7, 0xa2, 0xfffffff9}, {0x7, 0x2, 0xd, 0x5, 0x6, 0x7fffffff}, {0xb30, 0xfffffff8, 0xc767, 0x2, 0x3, 0x805a0}, {0xffff3594, 0x7, 0x8, 0x2, 0xfffff1f2, 0x4}, {0x4, 0x1, 0x3, 0x1ff, 0x3, 0x3ff}, {0xa0d0, 0xffffff30, 0x0, 0x1, 0x5, 0x5}, {0x0, 0x8, 0x3d, 0x4, 0xfffffffd, 0xde0}, {0x6, 0x8, 0xfffffffc, 0x4, 0x80009, 0x10000}, {0x0, 0x80000000, 0x20000085, 0x9, 0x30ba, 0xfc}, {0x6, 0xffffffff, 0xf, 0x7, 0x7f, 0x1efb}, {0xfffffbff, 0x0, 0x3, 0xe8f6, 0x4, 0x98d}, {0x8, 0x7d0, 0x8, 0xff, 0x7, 0x1}, {0x5, 0x3, 0x7ff, 0x0, 0x2, 0x613}, {0x4, 0xfff, 0x4c3c, 0x5, 0x2, 0x2}, {0x8, 0x2, 0x0, 0xfffffffd, 0xdb1c, 0x3ff}, {0x5, 0xfffffffd, 0x8001, 0x81, 0x9, 0x1}, {0x3, 0x4175, 0x0, 0x2, 0x9, 0x5}, {0x1, 0x3, 0x4, 0x9, 0x100, 0x2}, {0x7, 0x10, 0x0, 0x9, 0xdc}, {0xfffffffb, 0x8, 0xff, 0x6, 0x3, 0x8}, {0x5, 0xff, 0x401, 0x6, 0x7, 0x3}, {0x18, 0x1, 0x4, 0xfff, 0xa, 0x2}, {0x6, 0x9, 0xfffd, 0x3f, 0xab9, 0xfffffff5}, {0x7fffffff, 0x2, 0x94c, 0x9dee, 0xffff1483, 0x8}, {0x6fce8c73, 0x81, 0x7, 0x3ff, 0x0, 0x1}, {0x7fff, 0xad, 0x4, 0x0, 0x4, 0x7ff}, {0x1, 0xe364, 0x100, 0x9, 0x3, 0x2}, {0x5, 0x4, 0x80000000, 0x6, 0xb, 0x8}, {0xb95c, 0x80000001, 0x9, 0x6, 0xc, 0xb}, {0x3, 0x3, 0xc1, 0x0, 0x7f7, 0xfffff530}, {0x1, 0x0, 0x40, 0x2, 0x5}, {0x0, 0x3, 0x7, 0x82b, 0x0, 0x5}, {0xfff, 0x98, 0x6a4c, 0x101, 0x9, 0x40}, {0xffff, 0x7, 0x38, 0xb, 0x8, 0x8000}, {0x1, 0x0, 0x0, 0x6, 0x5, 0xf8}, {0x1, 0x6, 0xef0, 0x0, 0x101, 0x2}, {0x8, 0x7, 0x6f, 0x7, 0x6, 0x3}, {0x3f, 0x5, 0x3, 0x8, 0x9, 0x1}, {0x80000001, 0xfffffff9, 0x5, 0x800, 0x543, 0x1}, {0x22a, 0x201, 0x3, 0x0, 0x4, 0x7}, {0xad, 0x7, 0xfffffffa, 0x7b9, 0x164, 0x9}, {0x4, 0x7, 0x9, 0x7, 0x5, 0xc66}, {0x9, 0x3, 0x5, 0x3, 0x54, 0x6}, {0xf, 0x5, 0x9, 0x9, 0xe, 0x7}, {0x2a0d, 0x5, 0x4, 0x7, 0x9, 0x4}, {0x17, 0x200, 0xffff8001, 0x6, 0x62a, 0x4}, {0xc, 0x24000, 0x7f, 0x6b, 0x4, 0xd}, {0x7329e723, 0x4, 0x2, 0x1, 0x2, 0x5}, {0x10000, 0x80, 0x5821, 0x0, 0x5, 0x4}, {0x6, 0x3, 0x2, 0x7, 0x3, 0xcb14}, {0x7, 0x25b, 0x2, 0x6, 0x4, 0x9}, {0x8, 0x7, 0x4, 0xfffffffe, 0x7, 0x9}, {0x7, 0x7, 0x0, 0x648, 0x5, 0x100}, {0x1, 0x0, 0x59a0, 0x1, 0x7, 0x401}, {0x10000, 0x7ff, 0xfffffcca, 0xff, 0x8, 0x3}, {0x1, 0x4, 0x5, 0x7, 0x5}, {0x4, 0x2, 0x6, 0xd, 0x7, 0xb152}, {0x47, 0x9, 0x5, 0xfffffff9, 0x7fffffff, 0xa00000}, {0x4, 0x26c, 0x9, 0x8bab, 0xbc5d}, {0x1, 0x7, 0x5, 0x7, 0x8000, 0x40009}, {0x5f, 0x8, 0x5, 0x200, 0x8, 0x10001}, {0x8, 0x2, 0x80000000, 0x6, 0x101, 0x8}, {0x80000003, 0xfff, 0x10, 0xfffffff3, 0x8, 0x4}, {0x800, 0xffff, 0x5, 0x7, 0x344, 0x2b25}, {0x8, 0x7, 0x6, 0x1, 0x3, 0x8e02}, {0x1, 0x9e6, 0x8, 0x400, 0x6, 0x3}, {0x8, 0x0, 0x1, 0x7, 0x1, 0x3}, {0x9, 0x2, 0x2, 0x8, 0x3, 0x4}, {0x6, 0xfffffec4, 0x200, 0x8, 0x8, 0x9}, {0x1, 0x8, 0x500, 0x400, 0xc52b, 0x4}, {0x9, 0x1, 0x100, 0xb6a, 0x9, 0x32b5}, {0x8, 0x1, 0x4, 0x0, 0xd73, 0x870}, {0xe08c, 0x7ff, 0x2, 0x6, 0x40, 0x9}, {0xffff, 0x4428, 0x3, 0x6, 0x8, 0x9}, {0x1000, 0x10001, 0x5, 0x4, 0x3, 0xb}, {0xfffff0aa, 0x9, 0xfffffffa, 0x5, 0x2, 0x4}, {0xd, 0xfffffff0, 0x4, 0x0, 0x8, 0x101}, {0xd, 0x2, 0x686, 0xfffffffa, 0x4, 0x4}, {0x7fff, 0x6, 0x200, 0x6, 0x4, 0x8}, {0x96, 0x6, 0x7, 0x7, 0x226, 0x8}, {0x6, 0x3, 0x5, 0x6, 0x7, 0xfff}, {0x3, 0xffffffff, 0x2, 0x568, 0x4, 0xffffffeb}, {0x2, 0x200, 0x2, 0x7, 0x6, 0x6}, {0x4, 0x566, 0x10001, 0xb, 0x4, 0x5594fdf3}, {0x423303a3, 0x9, 0x6, 0x3, 0x6, 0x3}, {0x100, 0x3, 0x0, 0x9, 0x8, 0x25}, {0x8, 0xd47, 0x0, 0x0, 0x6, 0x8f6d}, {0xff, 0x0, 0x0, 0x1, 0x7, 0xe}, {0xce1, 0x9, 0x0, 0x4, 0xffffffff, 0x200}, {0x4, 0xe, 0x3, 0x5e0, 0x8, 0x1}, {0x0, 0x1, 0x1, 0x1, 0x4, 0x8}, {0x4f75, 0x8, 0x3c, 0xb, 0x4, 0x5}, {0x3, 0xd64, 0x1, 0x6, 0x8, 0x6}, {0x5, 0x401, 0x6, 0x4, 0x80, 0x640a525a}, {0x5, 0x0, 0x8, 0xfffffffe, 0xe, 0x6cd4}, {0x9, 0x0, 0x8, 0xa9ba, 0x100, 0x5}, {0x15, 0xfffffeff, 0x2, 0x5, 0x5fc0, 0xfffffff1}, {0x39d, 0x9, 0x1, 0x0, 0xfc, 0x7}, {0x6, 0xe69, 0xe, 0xffffff81, 0xbe7e, 0x401}, {0xfffffffa, 0x4, 0x0, 0x0, 0x6, 0xfffff001}, {0xcf2d, 0x8, 0x9176, 0x0, 0x4f, 0x1}, {0x0, 0x9, 0x5, 0xfff, 0x9030}, {0x4, 0x4, 0x800, 0x41e, 0x8000}, {0x6, 0xfffffffa, 0x0, 0x9a, 0x6, 0x8}, {0x3, 0xb, 0xf079, 0x7fffffff, 0x200, 0x1000007}, {0x65f, 0x100, 0x8, 0x1, 0x400, 0x2}], [{0x3}, {0x1, 0x1}, {0x5, 0x1}, {}, {}, {0x5}, {0x4}, {}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x4}, {0x3}, {0x4, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x3}, {0x2}, {0x3}, {0x3}, {0x1}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {}, {0x5, 0x1}, {0x5}, {}, {0x4, 0x1}, {0x2}, {}, {0x2}, {0x2, 0x1}, {0x6, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {}, {}, {0x5, 0x649fb4c58d4cf3cc}, {0x0, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x3}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x2}, {0x1}, {0x3}, {0x3, 0x1}, {0x2}, {0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x2}, {0x3}, {0x3, 0x1}, {0x4, 0x1}, {0x7, 0x1}, {0x3}, {0x1}, {0x2, 0xd2cd4f2f2bcaea07}, {0x5, 0x1}, {0x2, 0x1}, {0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x2}, {0x1, 0x1}, {0x2, 0x8dafc58315d2bbb3}, {0x2}, {}, {0x0, 0x1}, {0x3, 0x1}, {0x3}, {0x5, 0x1}, {0x5}, {0x5}, {0x3}, {0x4, 0x9889dd74d1bcf2ee}, {0x1, 0x1}, {}, {0x3}, {0x4}, {}, {0x3}, {0x3}, {0x1}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0xf40}, 0x1, 0x0, 0x0, 0x810}, 0x1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 278.675965ms ago: executing program 1 (id=27): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000ff1f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0) 159.89469ms ago: executing program 1 (id=28): r0 = socket$inet6(0xa, 0x2, 0x0) close(0x3) socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000100)={0xa, 0x4e20, 0x80000, @dev={0xfe, 0x80, '\x00', 0x20}, 0xfffffffe}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1400000090"], 0x18}, 0x0) 292.02µs ago: executing program 0 (id=29): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) listen(r2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) connect$unix(r3, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e) setsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f00000000c0)={0x0, 0xea60}, 0x10) connect$unix(r1, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=30): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000003, 0x13, r0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:59610' (ED25519) to the list of known hosts. syzkaller login: [ 72.781237][ T3313] cgroup: Unknown subsys name 'net' [ 72.999392][ T3313] cgroup: Unknown subsys name 'cpuset' [ 73.028096][ T3313] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.459541][ T3313] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.888810][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.910150][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.104410][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.119610][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.895251][ T3320] hsr_slave_0: entered promiscuous mode [ 82.901593][ T3320] hsr_slave_1: entered promiscuous mode [ 83.161452][ T3322] hsr_slave_0: entered promiscuous mode [ 83.166189][ T3322] hsr_slave_1: entered promiscuous mode [ 83.168730][ T3322] debugfs: 'hsr0' already exists in 'hsr' [ 83.169475][ T3322] Cannot create hsr debugfs directory [ 83.965078][ T3320] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.992175][ T3320] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.056200][ T3320] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.081302][ T3320] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.231290][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.269299][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.286516][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.306096][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.880968][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.244326][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.960765][ T3320] veth0_vlan: entered promiscuous mode [ 88.037219][ T3320] veth1_vlan: entered promiscuous mode [ 88.197381][ T3320] veth0_macvtap: entered promiscuous mode [ 88.219992][ T3320] veth1_macvtap: entered promiscuous mode [ 88.414793][ T94] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.421839][ T106] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.428041][ T106] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.428368][ T106] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.841283][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.872313][ T3322] veth0_vlan: entered promiscuous mode [ 88.926496][ T3322] veth1_vlan: entered promiscuous mode [ 89.187656][ T3322] veth0_macvtap: entered promiscuous mode [ 89.238342][ T3322] veth1_macvtap: entered promiscuous mode [ 89.387203][ T30] audit: type=1326 audit(89.210:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.407716][ T30] audit: type=1326 audit(89.240:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=0 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.419218][ T30] audit: type=1326 audit(89.250:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.428382][ T30] audit: type=1326 audit(89.250:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.428592][ T30] audit: type=1326 audit(89.250:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.428770][ T30] audit: type=1326 audit(89.260:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.437388][ T30] audit: type=1326 audit(89.270:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.437854][ T30] audit: type=1326 audit(89.270:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.451942][ T30] audit: type=1326 audit(89.280:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.452372][ T30] audit: type=1326 audit(89.280:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3468 comm="syz.0.1" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff83d5c3e8 code=0x7ffc0000 [ 89.481389][ T1980] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.481750][ T1980] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.489558][ T1980] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.489946][ T1980] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.304298][ T3476] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.387277][ T3476] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.458260][ T3476] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.532582][ T3476] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.795572][ T1249] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.831152][ T1249] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.867091][ T1980] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.901996][ T1980] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.365394][ T3513] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.444909][ T3513] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.551612][ T3513] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.639474][ T3513] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.876429][ T3515] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 94.893703][ T1980] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.930331][ T1980] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.971589][ T1980] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.017060][ T1980] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.770164][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 95.770721][ T30] audit: type=1326 audit(95.600:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 95.771076][ T30] audit: type=1326 audit(95.600:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 95.775853][ T30] audit: type=1326 audit(95.610:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=85 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 95.781216][ T30] audit: type=1326 audit(95.610:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 95.781586][ T30] audit: type=1326 audit(95.610:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 95.786306][ T30] audit: type=1326 audit(95.620:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=86 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 95.789343][ T30] audit: type=1326 audit(95.620:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 95.799021][ T30] audit: type=1326 audit(95.630:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3518 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c3e8 code=0x7ffc0000 [ 96.471426][ T3533] netlink: 'syz.1.27': attribute type 10 has an invalid length. [ 96.471824][ T3533] netlink: 40 bytes leftover after parsing attributes in process `syz.1.27'. [ 96.781595][ T1249] ================================================================== [ 96.785663][ T1249] BUG: KASAN: slab-use-after-free in defer_free+0x3c/0xbc [ 96.788243][ T1249] Write at addr faf000000aee5260 by task kworker/u8:7/1249 [ 96.788739][ T1249] Pointer tag: [fa], memory tag: [fe] [ 96.788817][ T1249] [ 96.789613][ T1249] CPU: 1 UID: 0 PID: 1249 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT [ 96.789961][ T1249] Hardware name: linux,dummy-virt (DT) [ 96.790363][ T1249] Workqueue: events_unbound bpf_map_free_deferred [ 96.791486][ T1249] Call trace: [ 96.791783][ T1249] show_stack+0x18/0x24 (C) [ 96.792101][ T1249] dump_stack_lvl+0x78/0x90 [ 96.792217][ T1249] print_report+0x108/0x61c [ 96.792276][ T1249] kasan_report+0x88/0xac [ 96.792324][ T1249] __do_kernel_fault+0x170/0x1c8 [ 96.792372][ T1249] do_bad_area+0x68/0x78 [ 96.792419][ T1249] do_tag_check_fault+0x34/0x44 [ 96.792467][ T1249] do_mem_abort+0x44/0x94 [ 96.792517][ T1249] el1_abort+0x44/0x68 [ 96.792619][ T1249] el1h_64_sync_handler+0x50/0xac [ 96.792705][ T1249] el1h_64_sync+0x6c/0x70 [ 96.792904][ T1249] defer_free+0x3c/0xbc (P) [ 96.792965][ T1249] kfree_nolock+0x1a0/0x1d4 [ 96.793007][ T1249] range_tree_destroy+0x74/0x90 [ 96.793054][ T1249] arena_map_free+0x64/0x90 [ 96.793096][ T1249] bpf_map_free_deferred+0x70/0x180 [ 96.793139][ T1249] process_one_work+0x178/0x2cc [ 96.793187][ T1249] worker_thread+0x24c/0x354 [ 96.793229][ T1249] kthread+0x130/0x1fc [ 96.793274][ T1249] ret_from_fork+0x10/0x20 [ 96.793512][ T1249] [ 96.793577][ T1249] Allocated by task 3538: [ 96.793775][ T1249] kasan_save_stack+0x3c/0x64 [ 96.794026][ T1249] save_stack_info+0x40/0x158 [ 96.794070][ T1249] kasan_save_alloc_info+0x14/0x20 [ 96.794110][ T1249] __kasan_kmalloc+0xb4/0xb8 [ 96.794147][ T1249] kmalloc_nolock_noprof+0x1dc/0x4fc [ 96.794186][ T1249] range_tree_set+0x644/0x778 [ 96.794221][ T1249] arena_map_alloc+0x11c/0x17c [ 96.794254][ T1249] map_create+0x19c/0xa98 [ 96.794291][ T1249] __sys_bpf+0x348/0x1a88 [ 96.794328][ T1249] __arm64_sys_bpf+0x24/0x34 [ 96.794366][ T1249] invoke_syscall+0x48/0x110 [ 96.794404][ T1249] el0_svc_common.constprop.0+0x40/0xe0 [ 96.794442][ T1249] do_el0_svc+0x1c/0x28 [ 96.794479][ T1249] el0_svc+0x34/0x128 [ 96.794514][ T1249] el0t_64_sync_handler+0xa0/0xe4 [ 96.794548][ T1249] el0t_64_sync+0x1a4/0x1a8 [ 96.794619][ T1249] [ 96.794664][ T1249] Freed by task 1249: [ 96.794712][ T1249] kasan_save_stack+0x3c/0x64 [ 96.794755][ T1249] save_stack_info+0x40/0x158 [ 96.794792][ T1249] __kasan_save_free_info+0x18/0x24 [ 96.794839][ T1249] __kasan_slab_free+0x80/0x84 [ 96.794877][ T1249] kfree_nolock+0xcc/0x1d4 [ 96.794912][ T1249] range_tree_destroy+0x74/0x90 [ 96.794946][ T1249] arena_map_free+0x64/0x90 [ 96.794978][ T1249] bpf_map_free_deferred+0x70/0x180 [ 96.795014][ T1249] process_one_work+0x178/0x2cc [ 96.795048][ T1249] worker_thread+0x24c/0x354 [ 96.795083][ T1249] kthread+0x130/0x1fc [ 96.795115][ T1249] ret_from_fork+0x10/0x20 [ 96.795162][ T1249] [ 96.795203][ T1249] The buggy address belongs to the object at fff000000aee5240 [ 96.795203][ T1249] which belongs to the cache kmalloc-64 of size 64 [ 96.795302][ T1249] The buggy address is located 32 bytes inside of [ 96.795302][ T1249] 64-byte region [fff000000aee5240, fff000000aee5280) [ 96.795347][ T1249] [ 96.795613][ T1249] The buggy address belongs to the physical page: [ 96.796138][ T1249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xf8f000000aee51c0 pfn:0x4aee5 [ 96.796521][ T1249] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 96.796994][ T1249] page_type: f5(slab) [ 96.797533][ T1249] raw: 01ffc00000000000 f5f0000003001600 dead000000000122 0000000000000000 [ 96.797597][ T1249] raw: f8f000000aee51c0 000000008040003d 00000000f5000000 0000000000000000 [ 96.797723][ T1249] page dumped because: kasan: bad access detected [ 96.797769][ T1249] [ 96.797802][ T1249] Memory state around the buggy address: [ 96.798067][ T1249] fff000000aee5000: fe fe fe fe fe fe fe fe f6 f6 f6 f6 f0 f0 f0 f0 [ 96.798164][ T1249] fff000000aee5100: f8 f8 f8 f8 f0 f0 f0 f0 fc fc fc fc fe fe fe fe [ 96.798220][ T1249] >fff000000aee5200: f0 f0 f0 fe fe fe fe fe f8 f8 f8 fe f0 f0 f0 fe [ 96.798272][ T1249] ^ [ 96.798381][ T1249] fff000000aee5300: f3 f3 f3 f3 fa fa fa fa f4 f4 f4 f4 f4 f4 f4 f4 [ 96.798408][ T1249] fff000000aee5400: f7 f7 f7 f7 f3 f3 f3 f3 fd fd fd fd fc fc fc fc [ 96.798478][ T1249] ================================================================== [ 96.799642][ T1249] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 97.437331][ T106] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.494724][ T106] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.547675][ T106] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.603172][ T106] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.248799][ T106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.285940][ T106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.330338][ T106] bond0 (unregistering): Released all slaves [ 98.431995][ T106] hsr_slave_0: left promiscuous mode [ 98.436490][ T106] hsr_slave_1: left promiscuous mode [ 98.450782][ T106] veth1_macvtap: left promiscuous mode [ 98.451223][ T106] veth0_macvtap: left promiscuous mode [ 98.451610][ T106] veth1_vlan: left promiscuous mode [ 98.451990][ T106] veth0_vlan: left promiscuous mode [ 99.494345][ T106] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.547684][ T106] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.603491][ T106] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.655113][ T106] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.119731][ T106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.163465][ T106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 100.196888][ T106] bond0 (unregistering): Released all slaves [ 100.274266][ T106] hsr_slave_0: left promiscuous mode [ 100.276836][ T106] hsr_slave_1: left promiscuous mode [ 100.301015][ T106] veth1_macvtap: left promiscuous mode [ 100.301345][ T106] veth0_macvtap: left promiscuous mode [ 100.301818][ T106] veth1_vlan: left promiscuous mode [ 100.302041][ T106] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 00:41:54 Registers: info registers vcpu 0 CPU#0 PC=ffff80008033eb50 X00=faf0000003f76a80 X01=0000000000000003 X02=0000000000000200 X03=0000000000000000 X04=f6f00000032bb180 X05=ffff800082ddaf68 X06=ffff800082ddaf80 X07=ffff800082ddafb0 X08=ffff800082ddaf08 X09=0000000000000820 X10=0000000000000000 X11=0000000000155cc0 X12=0000000000000001 X13=0000000000000001 X14=0000000000000318 X15=ffff800081bd4230 X16=ffff800082dd8000 X17=fff07ffffcf04000 X18=00000000ffffffff X19=ffff800080171c30 X20=ffff800082ddaf80 X21=f6f00000032bb180 X22=0000000000000000 X23=60bf800080171e28 X24=0000000000000000 X25=0000000000000001 X26=ffff8000829f1000 X27=f3f000000332d500 X28=000000000000d128 X29=ffff800082ddae70 X30=ffff800081b7b334 SP=ffff800082ddae70 PSTATE=00402009 ---- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000aa006b736964 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffffffff:ffff00ff00000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffff0f0000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ff0000ff0000:ffff000000ff0000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00f00f00ff000f00 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000cccccc00 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaadadbbc90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaadadb8f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc0f112b0:0000ffffc0f112b0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc0f11280 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800081b7b304 X00=ffff8000831e38d8 X01=ffff8000831e3940 X02=ffff8000831e3970 X03=ffff8000833ffd74 X04=ffff8000831e4000 X05=ffff8000831e3938 X06=ffff8000831e3950 X07=ffff8000831e3940 X08=ffff8000831e38d8 X09=faf0000003001400 X10=b17c748467ba15a1 X11=00000000000000c0 X12=ffff8000829f1290 X13=0000000000000000 X14=0000000000000374 X15=ffff800081bd4230 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=ffff800080171c30 X20=ffff8000831e3950 X21=f1f00000032bc200 X22=0000000000000000 X23=3cff800080171e28 X24=0000000000000001 X25=0000000000081008 X26=ffff8000829f1000 X27=faf0000003001400 X28=fcf000000a824468 X29=ffff8000831e3840 X30=ffff800081b7b334 SP=ffff8000831e3840 PSTATE=81402009 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00d000a800000000:0000000030303031 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff00ff00ffffffff:ffffffff00000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f0f0ffffffff0000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000000:ff00000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff0000f0000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd3d88d60:0000ffffd3d88d60 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd3d88d30 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000