last executing test programs: 3.42748631s ago: executing program 3 (id=4): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000100)={0x0}, 0x7, 0x0, 0x0, 0x20040800}, 0x80) setsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f0000000000)=0x1, 0x4) recvmmsg(r0, &(0x7f000001d440)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f000001a240)=""/4096, 0x1000}, 0xfffffff8}], 0x1, 0x2060, 0x0) 3.283399082s ago: executing program 3 (id=6): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x4000c00) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r3, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600"], 0x5b0}, 0x20008001) sendmsg$inet6(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000022c0)="3b9eccc918ce8c50894cb802b04e9492b64a02d85d3ed05eac49318868ad13e4fa9e2f1b165dfcc79e43ed30bb0c212bebb71afc79347f2f1a90e936a487e1ce171789626d34ffa8e3b4415ad869955133f81fab7f450d7ef6df7bf6a16cc39fd78e88662ffd1c3b31ffe836682b1ad9c331a068a75d12fd346d77f5cdacee9fee2203a321c260b0b5fdc8b5d7d43148f4b0fb550dd9d8746f0a0444cfa52af90a966921f9cb48b0c99727166a2f59c12dae2fcc4d891258bd723b5fd1fcb4cb219c87fadebe2582802ef18165f5ff67ba0d4eb4d3ef1f80ba9dff1a74dd5874b3d8017ff61b5174d9660e54f2b5f94f29f6665567b2ca6d0549a500a428ce29b197f754f8e3b6c7dc21260ce97551074886667837db75c9a21cdf92b14dcb2e1f997bab3bf1902b8d8e9eb238c021fdbe48675473dac385e2fada25f767ce5e7576c2dc496841123c81314f100e0648405f0ca9b5aa012d9316f3945e613aba10d1fbc2917143ed606c5513394343c9fac6f95ee678031ba5f4a81d8c2ae0d31c5711c91845f07b0add2bb4bd0f700217044582adf1850b0af5f04b63906918b7312fc3a800d67d8293604321633c41153f83662b2cbec354cf9c33e9eaa8ab2c5e4d86f82d379e98ad8d749595829b548ad77596448bf718c5e52a7dac04f62fde8ab1cc55ee5b6fd57327c8e678c1c8f9b8c235c132faffc553d54253f67d40075d91b7abaa303e5844ee31871fcdded3d8de8df952ae53e60d73e57267117129a4b42df34faa3287bb1c475d9ef904b7a4d33f1f8014e59905c3dc145e3974d71487ce05c9149fb4f9788ef0f519151d82391d783df5753819a0d967d842e60d28257741fb8b794b18a4e2f2f4f10412aa580062d0ef3691f4bdc14d283d672ae10fbbe23fa15f9225642aad56cc8a36538afe97750a0bf313cf3b9fdd881aa067b3b6ad9a69c04b50c9b4f8e29c11d7dcaf08b57ecd5cfd8a01b0e50313d09ea6b3634867f0c23c06055e04c36bddcdc6f4e30b2b6c0b0fa25a20843570bd582df937f7f48cd8e07abcfeaef4f8a72b34978ba5c95d65731943cdf2df8357311bb28d7d72fb9226dcbd059b14242c6fd4ab1ac90367a27ab715ebe553416966ceb79db37cd2dc45687269e4dad3cf50211fbfdd77a44c730a4732a12ff99fd151d205379bee91935a7bf4eef879d564872fdb2d7c399972ce5d44b59ea05d19a6b00c717b1dd3401a169b4402152b6f21c84c865f00ed0a9da758decaf1ad20138b80bee54a918d5d7dd5432c7ee34ae786cf7f55ea7f67229c39b81cccf80ccb424d139df240a9b18b3c4223de42e71ee7264a1c5db8da2d7fb3dfae2befb2f26e0c996d204ba3df39b111c445f3affed9c9fc8c2b67630de56b5a922f3fd7e0c2ef97df3ad486354937c4606a91874c7403dadaeabd03fe82c92cde4d67c6ac2ad7eedc9761224bf0c6b73ba60934f5c2db9846de4c41c6cb2f5ac6a7ad47418279f6cdd951679c1530ee4dab6d81a8cb41db64fc28ab9598c26fe51f6ddb0900a971aacc92a7e2dfbb596a1571609a4b8bc86c5c218b9220ceca304b7052a58e8c6ce427e4c9b127a133e625c02bf77a89ebff746f829401230f2a757c3ce04a6d01b35350973d24637526278fa724cb3053fd04cba673f682992041dc1cbebe9b574e5ab39307d695b2470cc21122e9c587301630351eeaa5dc1c8bb685ce2b0f4cc25d584354799858c2a11fe1b70518659acff13ad9702e6fd3116d311628bbd9b86f6a09c2a00ad08440860b621716799576b0de92285d0700004719a1eddbb691878526c34ad392e1d72f04d7830686f792152e7e497bc76721aa1c0493698efb8f463d0403d134b9ca6b19240e496edad804be73acb88b0fd1e0de3f00f83a135cf1b58376137e6e93136682343440fd4f96f00d56f9ff265cf5f4b8cc663d56eace1c1eb9fc8bcfcc5f947f14633886ae2b4c6b2bdeb71fcc7802945e484188b3f0425fd96996780f4f9e5ba028e5a600c65bdf6fc6936fc5f9e1792a02", 0x5a5}], 0x1}, 0x20000044) preadv(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x1) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4040) syz_open_procfs(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3.141062567s ago: executing program 3 (id=7): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000008000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00"/13], 0x50) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x18) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05d", 0x1b, 0xfffffffffffffffd) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000003140100c68f7bec9aff068609000200737962320000000008004100736977001400330062726964676530"], 0x38}, 0x1, 0x0, 0x0, 0x44805}, 0x50) syz_usbip_server_init(0x6) bind$tipc(r4, 0x0, 0x0) bind$tipc(r4, &(0x7f0000000300)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r5, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x3, 0x3}}, 0x10) bind$tipc(r4, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x18) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0x7d, 0x0, &(0x7f0000000840)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) 2.347223941s ago: executing program 1 (id=2): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r3 = fcntl$getown(r2, 0x9) syz_pidfd_open(r3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r5 = socket$rds(0x15, 0x5, 0x0) bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r5, &(0x7f0000000580)={&(0x7f00000005c0)={0x2, 0x4, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000003a80)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x2}, {0x0}, &(0x7f0000003a00)=[{&(0x7f00000016c0)=""/96, 0x60}], 0x1, 0x39, 0x2}}], 0x48, 0x4000000}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x40}}, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netstat\x00') preadv(r9, &(0x7f0000000600)=[{&(0x7f0000000780)=""/219, 0xdb}], 0x1, 0x3b, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x8, '\x00', r7, r9, 0x2, 0x1, 0x2}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) sync() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000003c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@journal_dev={'journal_dev', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nouid32}]}, 0x1, 0x441, &(0x7f00000011c0)="$eJzs28tvG8UfAPDv2kn66zP5VeXRBxAoiIpH0qSl9MAFBBIHkJDgUI4hSatQt0FNkGgVQUCoHFEl7ogjEv8AnOCCgBMSV7ijShXKpYWT0dq7ie3aaZI62RR/PtK2M7tjzXw9O/bMThxAzxpO/0ki9kTE7xExWM82Fxiu/3draWHy76WFySSq1Tf/Smrlbi4tTOZF89ftzjN9EaVPkzjcpt65y1fOT1Qq05ey/Oj8hfdG5y5feXbmwsS56XPTF8dPnz55Yuz5U+PPdSXONK6bhz6cPXLw1bevvT555to7P3+T5PG3xNElw6tdfKJa7XJ1xdrbkE76CmwI61KuD9Por43/wSjHSucNxiufFNo4YFNVq9Xq/Z0vL1aB/7Akim4BUIz8iz5d/+bHFk09toUbL9YXQGnct7KjfqUvSlmZ/pb1bTcNR8SZxX++TI/YnOcQAABNvk/nP8+0m/+VovG50L5sD2UoIv4fEfsj4lREHIiI+yJqZR+IiAfXWX/rJsnt85/S9Q0Ftkbp/O+FbG+ref6Xz/5iqJzl9tbi70/OzlSmj2fvybHo35Hmx1ap44eXf/u807XG+V96pPXnc8GsHdf7djS/ZmpifuJuYm504+OIQ33t4k+WdwKSiDgYEYc2WMfMU18f6XTtzvGvogv7TNWvIp6s9/9itMSfS1bfnxz9X1Smj4/md8Xtfvn16hud6r+r+Lsg7f9dbe//5fiHksb92rn113H1j8/ar2n2bfz+H0jeajr3wcT8/KWxiIHktXqjG8+Pt5QbXymfxn/saPvxvz9W3onDEZHexA9FxMMR8UjWd49GxGMRcXSV+H966fF3O13bDv0/ta7+X0kMROuZ9ony+R+/a6p0aD3xp/1/spY6lp1Zy+ffWtq1sbsZAAAA7j2liNgTSWlkOV0qjYzU/4b/QOwqVWbn5p8+O/v+xan6bwSGor+UP+kabHgeOpYt6/P8eEv+RPbc+Ivyzlp+ZHK2MlV08NDjdncY/6k/y0W3Dth0fq8Fvcv4h95l/EPvMv6hd7UZ/zuLaAew9dp9/39UQDuArdcy/m37QQ+x/ofe1Tj+kwLbAWw93//Qk+Z2xp1/JN8DiYHt0Yx7KBGltRf+Nrvbim6zxNoTBX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMm/AQAA//8iOuPQ") lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0) 1.82288208s ago: executing program 4 (id=5): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x1ffffdc1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000ff0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x28, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="0207090004"], 0x20}}, 0x4040014) 1.532366292s ago: executing program 2 (id=3): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) close_range(r0, 0xffffffffffffffff, 0x0) 1.338326804s ago: executing program 4 (id=8): r0 = gettid() r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7c}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r2, 0x400, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)='%pI4 \x00'}, 0x20) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', 0x0}) r6 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x2000001, {0x0, 0x0, 0x0, r5, {0x7, 0xa}, {0xd, 0xffe0}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r8 = io_uring_setup(0xee4, &(0x7f00000002c0)={0x0, 0xe, 0x2, 0xffffffff, 0xfffffffe}) r9 = dup3(r7, r8, 0x0) ioctl$SG_SET_RESERVED_SIZE(r9, 0x4004550c, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f00000001c0), &(0x7f00000005c0)=r1}, 0x20) r10 = syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00') lseek(r10, 0x289e0cb5, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1}, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x50) mq_open(&(0x7f0000000ac0)='eth0\x00\xdd\xad\xff=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9%\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xcfL\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe9XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xa2@\xeb\x18\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4\x80\x00\x00\x00a\xdf\xb5\xd9\xe4\x01\xea|.\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9J\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x9e\xef\x9b\x97\xcb\xc6\x89\xba\x8e\xf2\xfb\xd5\a\xcb\xf6\xf7{\xec\xf0@\xc2\xb2\xbcAQx\xa4\x12\xf8\x9cji\"\xf7\x1a\xbd\xac\xde\xf4\x9b\xd7#\xab\\q\xd6\xdf#>}\x97\xd0U\xe4\x9e+|\xb1MT\xa0\x1bf\v9\xcdx\xab\x83\x87\xd3q3\xbeL\xd2\x1f6\x1ffL\x9eM\x0f?\'\xc3YB0\x80!\xe9Y\xf1:\xeeX\xf7G\x85K\xbb\xbdijaA\x00&\x0e\xb3\x99\xbc9\xee\x8f\aVy!d^\r\xd1\x9b\xd5\x06\xbc$\xc9[\x8e[', 0x1, 0x50, 0x0) 1.21217027s ago: executing program 3 (id=9): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000201010100000000000000000200000004000180180002801400018008000100b04c94a708000a00ac03cdaa140019"], 0x44}, 0x1, 0x0, 0x0, 0x894}, 0x0) 1.206379495s ago: executing program 0 (id=1): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="18020000fffdffff0000000000000000850000004100000085000000d000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xfffffffffffffe1d, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 1.08932621s ago: executing program 1 (id=10): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r0, 0x402, 0x29) getdents64(0xffffffffffffffff, &(0x7f0000000fc0)=""/224, 0xe0) 987.591637ms ago: executing program 3 (id=11): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x6}, 0x10) 918.552716ms ago: executing program 0 (id=12): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) r1 = socket$kcm(0xa, 0x5, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r2, 0x400, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8936, &(0x7f0000000000)) syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1) 776.274354ms ago: executing program 1 (id=13): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000000040), 0x4) 600.980756ms ago: executing program 1 (id=14): bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) unshare(0x62040200) 359.812455ms ago: executing program 2 (id=15): bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1f, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x10000000, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x68, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x8}, 0x18) syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1818e58, &(0x7f00000003c0), 0x2a, 0x63f, &(0x7f0000000d80)="$eJzs3c9rXFsdAPDvvZPkJWl86RMRX1AMuHgP5KVJfVh1Y1sXdlGwYBciLhqapIZOf5CkYGvBBFwoKIi4LdKN/4B76d6dCOrOtVBFKha0dB73zp1mMplfaTIzSe7nA5M599wzOeebOyf33HvnzA2gtOazH2nE+xGvbyQRs03rZqK+cr4o9+Lfj29mjyRqte/+K4mkyGuUT4rnM8XCZET86XLEpyv76918+Oj2crVW95OIc1t37p/bfPjoo/U7y7dWb63eXTr/tY8vLH596eOlpoa+vTPF85Wr3/n8L3/6w6+u/bn6URIX4/r4j1eiJY6jMh/z8boIsTl/LCIuZIk2f5eT5hSEUGqV4v04HhGfjdmo5Et1s7H+i5E2DhioWiWi1l3SqwBwUuneUFaNcUDj2L6/4+DrAx6VDM/zS/UDoP3xjxWnHCbzY6PpF0nTkVH93MbZI6g/q+PV48knrx7PPYk95yFevtk6Y0dQTyfbOxHxuXbxJ3nbzuaRZvGne47104hYjIiJon3fOkQbkqb0IM7DdHOQ+Ju3Qxb/xeI5y7/8lvW3ntYadvwAlNOzS8WOfDtb2t3/ZWOPxvgn2ox/Zg5/SSY36v1f5/FfY38/mY970pZxWDZmudb+V463Zvz951d+3an++vhv7knjkdXfGAsOw/OdiLmW+H+WBVuMf7L4kzbbPyty42J/dXz7L/+80mndqOOvPY34oO3xz+6oNEt1uT55bm29urpY/9m2jj/88Qe/61R/+/jfGUCk7WXbf7pD/E3bP219XfY3ud/+V+60Zvz+2tM7neqf6bn9039MJPXjzYki50c7W1sbSxETydWiSJG/vLW1cb57vPUyL2v581I9/g+/1L7/73n/t0Q11fiX2Yf737v9otO6t3n/N11Mfl3rsw2dZPGv9N7++/p/lverPuv47/cffKHTum7xTx0mMAAAAAAAACihNL8Gm6QLb9JpurBQny/7mZhOq/c2t768du/B3ZWID/PPQ46nkSb5R0Zm68vJ2np1dan4PGxj+XzL8lci4r2I+E1lKl9euHmvujLq4AEAAAAAAAAAAAAAAAAAAOCYOFPM/2/cp/o/lfr8f6Aket9gbt/9H4BTYpA3mASOt7z/d9vFvzu8tgDDZf8P5aX/Q3np/1Be+j+Ul/4P5aX/Q3np/1Be+j8AAAAAnErvffHZ35KI2P7GVP7ITBTrTPqF0238QKUrA2sHMHx6NJTXm0v/BvtQOn2N//9XfDng4JsDjEDSLjMfHNS6d/5nbV+5a+fwbQMAAAAAAAAAAAAA6j54v/P8/4PNDQZOGtP+oLwOMf/fVwfACeer/6G8HOMDPWbxx2SnFb3m/wMAAAAAAAAAAAAAR2YmfyTpQjEXeCbSdGEh4lMRcTbGk7X16upiRLwbEX+tjL+TLS+NutEAAAAAAAAAAAAAAAAAAABwymw+fHR7uVpd3WhO/H9fzulONO6C2rtwrY8yXRPfjAO+KpLh/1mmImLkG2VgibGmnCRiO9vyx6JhG5txPJqRJ0b8jwkAAAAAAAAAAAAAAAAAAEqoae5xe3O/HXKLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD4du//3yOxMl1/QV+F9yZGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcDJ9EgAA//+YYDw3") 0s ago: executing program 3 (id=16): sched_setscheduler(0x0, 0x2, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="010000000000000000001000000018000180140002007665746830000000000000000000000008"], 0x34}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x3) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000280)={[{@user_xattr}]}, 0x9, 0x537, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCgtarb3xtlHVC90LCFWVEIgD4rANiTcKseMQO1UTIpH+DXDgCn8CByQOSD1x4MYRiQNCKgekBSLQBgkkoxlPUm/idL2Nf0D8+UijmTfPM9/3ksy8mefJvAAm1o2IOIiIYkS8FREL+fpCPsXrnSn93KPD/ZWjw/2VQrTb3/pbIctP10XXNqln833ORcQ3vxbxvcLZuM3dvY3lWq26nafLrfpWubm7d3u9vrxWXatuVipLi0t3Xr37SmVgdb1e/8XDr66/8e1f/+rT7//u4Ms/TIs1n+d112OQOlWfOYmTmo6IN4YRbAym8nlxzOXgo0ki4mMR8bns+F+IqeyvEwC4zNrthWgvdKcBgMsuyfrACkkp7wuYjyQplTp9eC/ElaTWaLZuPWjsbK52+squxkzyYL1WvXNt9g8/yK4YZgppejHLy/KzdOVU+m5EXIuIn8w+k6VLK43a6vguewBgoj17qv3/52yn/e9Dj2/1AID/G3PjLgAAMHLafwCYPNp/AJg8fbT/+Zf9B0MvCwAwGk9x/58MsxwAwOjo/weAyaP9B4CJ8o0330yn9lH+/uvVt3d3Nhpv316tNjdK9Z2V0kpje6u01misZe/sqT9pf7VGY2vx5dh5p9yqNlvl5u7e/XpjZ7N1P3uv9/3qzEhqBQB8mGvX3/t9ISIOXnsmm6JrLAdtNVxunueByeUlfjC5jPYFk6v/e/zfDrUcwPj0vA+Y67n4uJ8+RRDPGcH/lJuf7L//3xjPcLno/4fJNfWRtpodeDmA0dP/D5Or3S6cHvO/eJIFAFxKF3jGv/2jQV2EAGP1pOeAB/L9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwy8xHx/SgkpXws8PlIklIp4rmIuBozhQfrteqdiHg+rkfEzGyaXhx3oQGAC0r+UsjH/7q58NL86dxi4V/ZYP/FtPXP120vpuv/frJ+9nj4sMoH211gXEEAYMDeWW61tiv5vOtG/tHh/srxNMryPLwX/8mHIl45OtzPpk7OdExn87nsWuLKPwp5ujMW6YsRMTWA+AfvRsQnetW/kPWNXM1HPu2OH3ns50YaP3ksfpLldebpxdfHB1AWmDTv3YuI13sdf0ncyOa9j/+57Ax1cQ/vdXZ2fO47OtwvHsc/Pv9N9YifHvM3+o3x8m++fmZle6GT927Ei9OPxT85/xzHL5wT/6U+4//xU5/58VfOyWv/LOJm9I7fHavcqm+Vm7t7t9fry2vVtepmpbK0uHTn1buvVMpZH3X5uKf6rL++duv588qW1v/KOfHneta/eLLtF/qs/8///dZ3P/sh8b/0+V7xk3ihZ/yOtE38Yp/xl6/88tzhu9P4q+fU/0m//1t9xn//z3urfX4UABiB5u7exnKtVt2+0EJ6FzqI/ZxZSIs40B32WCh2Ff5PMdxYT7UwM6yf6tAXpk+uFQe75++kexxxdZKB1+JCC49GFWu85yVg+D446MddEgAAAAAAAAAAAAAA4Dyj+NelcdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+u/AQAA//9xkcaD") r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) write(0xffffffffffffffff, &(0x7f0000004200)='t', 0x1) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0xc0a81, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\b', @ANYRES16=r3, @ANYBLOB="01002dbd7000fedbdf250700000008000400000800000c000180060005004e220000"], 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x40) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0xb4, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x40, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xd}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x17}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0xfe, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x80}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x10}]}, 0xb4}, 0x1, 0x0, 0x0, 0xc885}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x800002, 0x800) ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000200)=0x7ffffffc) ioctl$EVIOCGRAB(r4, 0x40044590, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.20' (ED25519) to the list of known hosts. [ 84.906440][ T5812] cgroup: Unknown subsys name 'net' [ 85.056565][ T5812] cgroup: Unknown subsys name 'cpuset' [ 85.065836][ T5812] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.651950][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.239029][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.248151][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.255715][ T5147] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.264646][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.272082][ T5147] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.287723][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.295090][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.303131][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.311584][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.318224][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.322883][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.333418][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.338230][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.341408][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.349439][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.356344][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.363298][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.369581][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.378047][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.383609][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.393825][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.408398][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.416212][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.417416][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.435614][ T5824] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.194545][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 90.298615][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 90.312323][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.401880][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 90.458082][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 90.590491][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.599061][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.608041][ T5828] bridge_slave_0: entered allmulticast mode [ 90.615515][ T5828] bridge_slave_0: entered promiscuous mode [ 90.689956][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.697659][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.704927][ T5828] bridge_slave_1: entered allmulticast mode [ 90.712265][ T5828] bridge_slave_1: entered promiscuous mode [ 90.748217][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.756065][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.763338][ T5827] bridge_slave_0: entered allmulticast mode [ 90.770620][ T5827] bridge_slave_0: entered promiscuous mode [ 90.808730][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.816188][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.824157][ T5829] bridge_slave_0: entered allmulticast mode [ 90.831457][ T5829] bridge_slave_0: entered promiscuous mode [ 90.839126][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.846492][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.854195][ T5827] bridge_slave_1: entered allmulticast mode [ 90.861457][ T5827] bridge_slave_1: entered promiscuous mode [ 90.868803][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.876128][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.883374][ T5823] bridge_slave_0: entered allmulticast mode [ 90.890845][ T5823] bridge_slave_0: entered promiscuous mode [ 90.945827][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.953619][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.960805][ T5829] bridge_slave_1: entered allmulticast mode [ 90.968991][ T5829] bridge_slave_1: entered promiscuous mode [ 90.988091][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.995787][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.003285][ T5823] bridge_slave_1: entered allmulticast mode [ 91.010665][ T5823] bridge_slave_1: entered promiscuous mode [ 91.021558][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.084621][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.094586][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.101776][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.109387][ T5822] bridge_slave_0: entered allmulticast mode [ 91.116885][ T5822] bridge_slave_0: entered promiscuous mode [ 91.140558][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.175897][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.183200][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.190353][ T5822] bridge_slave_1: entered allmulticast mode [ 91.198265][ T5822] bridge_slave_1: entered promiscuous mode [ 91.208768][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.220960][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.233186][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.270307][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.295058][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.307505][ T5828] team0: Port device team_slave_0 added [ 91.384802][ T5828] team0: Port device team_slave_1 added [ 91.393730][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.417769][ T5827] team0: Port device team_slave_0 added [ 91.450951][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.462230][ T5829] team0: Port device team_slave_0 added [ 91.471329][ T5827] team0: Port device team_slave_1 added [ 91.479395][ T5823] team0: Port device team_slave_0 added [ 91.512486][ T5829] team0: Port device team_slave_1 added [ 91.513791][ T5831] Bluetooth: hci4: command tx timeout [ 91.518215][ T5838] Bluetooth: hci1: command tx timeout [ 91.524164][ T5839] Bluetooth: hci2: command tx timeout [ 91.535090][ T5824] Bluetooth: hci0: command tx timeout [ 91.540856][ T52] Bluetooth: hci3: command tx timeout [ 91.551614][ T5823] team0: Port device team_slave_1 added [ 91.558404][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.565500][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.591489][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.654275][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.661259][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.687851][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.701689][ T5822] team0: Port device team_slave_0 added [ 91.720846][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.727964][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.754173][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.788481][ T5822] team0: Port device team_slave_1 added [ 91.795228][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.802182][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.828463][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.840657][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.848261][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.874288][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.886301][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.893370][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.919432][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.932258][ T796] cfg80211: failed to load regulatory.db [ 91.953744][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.960729][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.987251][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.007228][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.014224][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.040313][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.120298][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.127813][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.153903][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.167206][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.174317][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.200455][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.220038][ T5828] hsr_slave_0: entered promiscuous mode [ 92.229150][ T5828] hsr_slave_1: entered promiscuous mode [ 92.343911][ T5829] hsr_slave_0: entered promiscuous mode [ 92.350612][ T5829] hsr_slave_1: entered promiscuous mode [ 92.357566][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 92.363590][ T5829] Cannot create hsr debugfs directory [ 92.375278][ T5827] hsr_slave_0: entered promiscuous mode [ 92.381910][ T5827] hsr_slave_1: entered promiscuous mode [ 92.388984][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 92.394991][ T5827] Cannot create hsr debugfs directory [ 92.406550][ T5822] hsr_slave_0: entered promiscuous mode [ 92.413609][ T5822] hsr_slave_1: entered promiscuous mode [ 92.420000][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 92.425850][ T5822] Cannot create hsr debugfs directory [ 92.470697][ T5823] hsr_slave_0: entered promiscuous mode [ 92.477426][ T5823] hsr_slave_1: entered promiscuous mode [ 92.483998][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 92.489757][ T5823] Cannot create hsr debugfs directory [ 93.104679][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.126452][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.137453][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.168070][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.258000][ T5829] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.269195][ T5829] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.302175][ T5829] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.335571][ T5829] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.397349][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.424374][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.444060][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.456230][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.585596][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.594759][ T5839] Bluetooth: hci1: command tx timeout [ 93.594837][ T52] Bluetooth: hci2: command tx timeout [ 93.600495][ T5839] Bluetooth: hci4: command tx timeout [ 93.606247][ T5824] Bluetooth: hci0: command tx timeout [ 93.611286][ T5831] Bluetooth: hci3: command tx timeout [ 93.639321][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.651369][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.686439][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.799565][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.825975][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.838696][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.855241][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.870774][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.932016][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.966491][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.973782][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.004669][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.039044][ T145] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.046277][ T145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.092611][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.104763][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.156567][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.163738][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.191464][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.211969][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.219173][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.245177][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.252350][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.286344][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.293517][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.377117][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.437565][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.530962][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.563756][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.585050][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.592302][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.624022][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.631242][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.645433][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.652679][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.690029][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.697287][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.778140][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.930884][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.041980][ T5828] veth0_vlan: entered promiscuous mode [ 95.126179][ T5828] veth1_vlan: entered promiscuous mode [ 95.195817][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.311024][ T5828] veth0_macvtap: entered promiscuous mode [ 95.347947][ T5828] veth1_macvtap: entered promiscuous mode [ 95.460580][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.490080][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.534507][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.547623][ T5822] veth0_vlan: entered promiscuous mode [ 95.554583][ T3429] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.566765][ T3429] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.578275][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.595099][ T3429] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.604532][ T3429] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.648765][ T5822] veth1_vlan: entered promiscuous mode [ 95.673068][ T5831] Bluetooth: hci0: command tx timeout [ 95.673107][ T52] Bluetooth: hci1: command tx timeout [ 95.679274][ T5839] Bluetooth: hci3: command tx timeout [ 95.684193][ T5838] Bluetooth: hci4: command tx timeout [ 95.695546][ T5824] Bluetooth: hci2: command tx timeout [ 95.786513][ T3429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.796169][ T3429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.846715][ T5829] veth0_vlan: entered promiscuous mode [ 95.867776][ T5827] veth0_vlan: entered promiscuous mode [ 95.894292][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.898676][ T5823] veth0_vlan: entered promiscuous mode [ 95.908137][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.920297][ T5829] veth1_vlan: entered promiscuous mode [ 95.966588][ T5827] veth1_vlan: entered promiscuous mode [ 95.977795][ T5823] veth1_vlan: entered promiscuous mode [ 95.987952][ T5822] veth0_macvtap: entered promiscuous mode [ 96.007286][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.029886][ T5822] veth1_macvtap: entered promiscuous mode [ 96.135823][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.155704][ T5829] veth0_macvtap: entered promiscuous mode [ 96.177885][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.197233][ T5829] veth1_macvtap: entered promiscuous mode [ 96.207274][ T5827] veth0_macvtap: entered promiscuous mode [ 96.236271][ T5827] veth1_macvtap: entered promiscuous mode [ 96.259840][ T74] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.272274][ T5945] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.285038][ T5823] veth0_macvtap: entered promiscuous mode [ 96.301000][ T74] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.327258][ T5823] veth1_macvtap: entered promiscuous mode [ 96.347048][ T74] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.372528][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.405923][ T74] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.419777][ T5947] mmap: syz.3.7 (5947) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 96.447515][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.471205][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.520895][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.531251][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.574744][ T34] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.586493][ T34] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.604759][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.637066][ T34] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.657376][ T34] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.678895][ T34] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.689245][ T34] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.713061][ T1966] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.725522][ T1966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.742397][ T34] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.811950][ T34] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.820867][ T34] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.838976][ T34] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.862040][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.871532][ T5948] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 96.878303][ T5948] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 96.889829][ T5948] vhci_hcd vhci_hcd.0: Device attached [ 96.898651][ T34] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.907546][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.924092][ T30] audit: type=1326 audit(1764344393.755:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5946 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63a3b8f749 code=0x7ffc0000 [ 96.933933][ T5947] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 96.950927][ T30] audit: type=1326 audit(1764344393.765:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5946 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63a3b8f749 code=0x7ffc0000 [ 96.977870][ T5947] infiniband syb2: RDMA CMA: cma_listen_on_dev, error -98 [ 96.987751][ T34] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.097729][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.106122][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.165768][ T5950] vhci_hcd: connection closed [ 97.167335][ T34] vhci_hcd vhci_hcd.3: stop threads [ 97.183027][ T5949] usb 40-1: SetAddress Request (2) to port 0 [ 97.195405][ T34] vhci_hcd vhci_hcd.3: release socket [ 97.201065][ T5949] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 97.210607][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.220062][ T34] vhci_hcd vhci_hcd.3: disconnect device [ 97.226373][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.279542][ T30] audit: type=1326 audit(1764344394.115:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.313955][ T5953] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.326381][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.334747][ T30] audit: type=1326 audit(1764344394.115:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.357904][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.373905][ T30] audit: type=1326 audit(1764344394.115:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.398565][ T30] audit: type=1326 audit(1764344394.115:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.428054][ T30] audit: type=1326 audit(1764344394.115:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.451336][ T30] audit: type=1326 audit(1764344394.115:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.473521][ T5954] wireguard0: entered promiscuous mode [ 97.479037][ T5954] wireguard0: entered allmulticast mode [ 97.484845][ T30] audit: type=1326 audit(1764344394.115:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.484894][ T30] audit: type=1326 audit(1764344394.115:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5952 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f423798f749 code=0x7ffc0000 [ 97.563086][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.570952][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.639226][ T5954] loop1: detected capacity change from 0 to 512 [ 97.662318][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.684766][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.725068][ T5954] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 97.773649][ T52] Bluetooth: hci0: command tx timeout [ 97.779106][ T52] Bluetooth: hci1: command tx timeout [ 97.782793][ T5838] Bluetooth: hci2: command tx timeout [ 97.785044][ T52] Bluetooth: hci4: command tx timeout [ 97.789935][ T5824] Bluetooth: hci3: command tx timeout [ 97.805758][ T5954] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 97.871585][ T5954] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 97.946181][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.959509][ T5954] EXT4-fs (loop1): 1 truncate cleaned up [ 97.992368][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.015019][ T5954] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.364565][ T5965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8'. [ 98.407361][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.884926][ T5975] vlan2: entered allmulticast mode [ 100.218041][ T5986] loop2: detected capacity change from 0 to 1024 [ 100.263796][ T5986] ======================================================= [ 100.263796][ T5986] WARNING: The mand mount option has been deprecated and [ 100.263796][ T5986] and is ignored by this kernel. Remove the mand [ 100.263796][ T5986] option from the mount to silence this warning. [ 100.263796][ T5986] ======================================================= [ 100.365076][ T5964] ================================================================== [ 100.373197][ T5964] BUG: KASAN: slab-use-after-free in locks_remove_posix+0x10f/0x630 [ 100.381219][ T5964] Read of size 8 at addr ffff888032248b50 by task syz.4.8/5964 [ 100.388866][ T5964] [ 100.391221][ T5964] CPU: 0 UID: 0 PID: 5964 Comm: syz.4.8 Not tainted syzkaller #0 PREEMPT(full) [ 100.391247][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 100.391268][ T5964] Call Trace: [ 100.391279][ T5964] [ 100.391290][ T5964] dump_stack_lvl+0x189/0x250 [ 100.391319][ T5964] ? __kasan_check_byte+0x12/0x40 [ 100.391347][ T5964] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.391379][ T5964] ? lock_release+0x4b/0x3b0 [ 100.391405][ T5964] ? __virt_addr_valid+0x4a5/0x5c0 [ 100.391437][ T5964] print_report+0xca/0x240 [ 100.391459][ T5964] ? locks_remove_posix+0x10f/0x630 [ 100.391486][ T5964] kasan_report+0x118/0x150 [ 100.391512][ T5964] ? locks_remove_posix+0x10f/0x630 [ 100.391544][ T5964] locks_remove_posix+0x10f/0x630 [ 100.391573][ T5964] ? __pfx_locks_remove_posix+0x10/0x10 [ 100.391614][ T5964] ? do_raw_spin_unlock+0x122/0x240 [ 100.391645][ T5964] ? dnotify_flush+0x1db/0x5e0 [ 100.391668][ T5964] ? mqueue_flush_file+0x21c/0x270 [ 100.391694][ T5964] ? filp_flush+0xae/0x190 [ 100.391727][ T5964] filp_flush+0x113/0x190 [ 100.391758][ T5964] filp_close+0x1d/0x40 [ 100.391787][ T5964] put_files_struct+0x1ba/0x350 [ 100.391818][ T5964] do_exit+0x67f/0x2310 [ 100.391846][ T5964] ? preempt_schedule+0xae/0xc0 [ 100.391870][ T5964] ? preempt_schedule_common+0x83/0xd0 [ 100.391894][ T5964] ? preempt_schedule+0xae/0xc0 [ 100.391916][ T5964] ? __pfx_preempt_schedule+0x10/0x10 [ 100.391939][ T5964] ? __pfx_do_exit+0x10/0x10 [ 100.391970][ T5964] ? preempt_schedule_thunk+0x16/0x30 [ 100.392008][ T5964] do_group_exit+0x21c/0x2d0 [ 100.392041][ T5964] __x64_sys_exit_group+0x3f/0x40 [ 100.392071][ T5964] x64_sys_call+0x2210/0x2210 [ 100.392100][ T5964] do_syscall_64+0xfa/0xf80 [ 100.392126][ T5964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.392148][ T5964] ? clear_bhb_loop+0x60/0xb0 [ 100.392173][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.392195][ T5964] RIP: 0033:0x7fa06058f749 [ 100.392218][ T5964] Code: Unable to access opcode bytes at 0x7fa06058f71f. [ 100.392229][ T5964] RSP: 002b:00007fff5ce2e778 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 100.392252][ T5964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa06058f749 [ 100.392267][ T5964] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 100.392279][ T5964] RBP: 00007fff5ce2e7dc R08: 000000185ce2e86f R09: 00000000000927c0 [ 100.392294][ T5964] R10: 00000000000001c8 R11: 0000000000000246 R12: 0000000000000001 [ 100.392307][ T5964] R13: 00000000000927c0 R14: 0000000000017eb5 R15: 00007fff5ce2e830 [ 100.392333][ T5964] [ 100.392340][ T5964] [ 100.639959][ T5964] Allocated by task 5965: [ 100.644300][ T5964] kasan_save_track+0x3e/0x80 [ 100.649006][ T5964] __kasan_slab_alloc+0x6c/0x80 [ 100.653871][ T5964] kmem_cache_alloc_noprof+0x37d/0x710 [ 100.659378][ T5964] locks_get_lock_context+0x134/0x3b0 [ 100.664774][ T5964] generic_setlease+0x528/0x1280 [ 100.669735][ T5964] do_fcntl_add_lease+0x34d/0x460 [ 100.674785][ T5964] fcntl_setlease+0x123/0x180 [ 100.679489][ T5964] do_fcntl+0x867/0x1a50 [ 100.683758][ T5964] __se_sys_fcntl+0xc8/0x150 [ 100.688376][ T5964] do_syscall_64+0xfa/0xf80 [ 100.692896][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.698805][ T5964] [ 100.701138][ T5964] Freed by task 5964: [ 100.705126][ T5964] kasan_save_track+0x3e/0x80 [ 100.709821][ T5964] kasan_save_free_info+0x46/0x50 [ 100.714875][ T5964] __kasan_slab_free+0x5c/0x80 [ 100.719665][ T5964] kmem_cache_free+0x197/0x620 [ 100.724460][ T5964] __destroy_inode+0x2ea/0x670 [ 100.729247][ T5964] evict+0x87d/0xae0 [ 100.733155][ T5964] __dentry_kill+0x209/0x660 [ 100.737775][ T5964] finish_dput+0xc9/0x480 [ 100.742134][ T5964] __fput+0x68e/0xa70 [ 100.746140][ T5964] task_work_run+0x1d4/0x260 [ 100.750756][ T5964] exit_to_user_mode_loop+0xff/0x4f0 [ 100.756148][ T5964] do_syscall_64+0x2e3/0xf80 [ 100.760761][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.766673][ T5964] [ 100.769006][ T5964] The buggy address belongs to the object at ffff888032248b00 [ 100.769006][ T5964] which belongs to the cache file_lock_ctx of size 112 [ 100.783248][ T5964] The buggy address is located 80 bytes inside of [ 100.783248][ T5964] freed 112-byte region [ffff888032248b00, ffff888032248b70) [ 100.796974][ T5964] [ 100.799343][ T5964] The buggy address belongs to the physical page: [ 100.805781][ T5964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32248 [ 100.814571][ T5964] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 100.821720][ T5964] page_type: f5(slab) [ 100.825722][ T5964] raw: 00fff00000000000 ffff888140ae9140 dead000000000122 0000000000000000 [ 100.834331][ T5964] raw: 0000000000000000 0000000080170017 00000000f5000000 0000000000000000 [ 100.843013][ T5964] page dumped because: kasan: bad access detected [ 100.849462][ T5964] page_owner tracks the page as allocated [ 100.855192][ T5964] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5207, tgid 5207 (udevd), ts 52737635288, free_ts 52716531449 [ 100.873891][ T5964] post_alloc_hook+0x234/0x290 [ 100.878687][ T5964] get_page_from_freelist+0x2365/0x2440 [ 100.884261][ T5964] __alloc_frozen_pages_noprof+0x181/0x370 [ 100.890084][ T5964] alloc_pages_mpol+0x232/0x4a0 [ 100.894954][ T5964] allocate_slab+0x86/0x3b0 [ 100.899479][ T5964] ___slab_alloc+0xf2b/0x1960 [ 100.904190][ T5964] __slab_alloc+0x65/0x100 [ 100.908638][ T5964] kmem_cache_alloc_noprof+0x40f/0x710 [ 100.914121][ T5964] locks_get_lock_context+0x134/0x3b0 [ 100.919512][ T5964] flock_lock_inode+0xf2/0x1410 [ 100.924398][ T5964] locks_lock_inode_wait+0x107/0x410 [ 100.929708][ T5964] __se_sys_flock+0x467/0x5b0 [ 100.934412][ T5964] do_syscall_64+0xfa/0xf80 [ 100.939029][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.944944][ T5964] page last free pid 5201 tgid 5201 stack trace: [ 100.951304][ T5964] __free_frozen_pages+0xbc8/0xd30 [ 100.956435][ T5964] __slab_free+0x21b/0x2a0 [ 100.960878][ T5964] qlist_free_all+0x97/0x100 [ 100.965485][ T5964] kasan_quarantine_reduce+0x148/0x160 [ 100.970960][ T5964] __kasan_slab_alloc+0x22/0x80 [ 100.975827][ T5964] kmem_cache_alloc_noprof+0x37d/0x710 [ 100.981303][ T5964] getname_flags+0xb8/0x540 [ 100.985816][ T5964] vfs_fstatat+0x43/0x170 [ 100.990158][ T5964] __x64_sys_newfstatat+0x116/0x190 [ 100.995375][ T5964] do_syscall_64+0xfa/0xf80 [ 100.999897][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.005800][ T5964] [ 101.008140][ T5964] Memory state around the buggy address: [ 101.013795][ T5964] ffff888032248a00: 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 00 00 [ 101.021867][ T5964] ffff888032248a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 101.029933][ T5964] >ffff888032248b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 101.037999][ T5964] ^ [ 101.044674][ T5964] ffff888032248b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.052736][ T5964] ffff888032248c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.060790][ T5964] ================================================================== [ 101.103922][ T5986] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 101.256884][ T5964] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 101.264135][ T5964] CPU: 0 UID: 0 PID: 5964 Comm: syz.4.8 Not tainted syzkaller #0 PREEMPT(full) [ 101.273183][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 101.283262][ T5964] Call Trace: [ 101.286563][ T5964] [ 101.289512][ T5964] dump_stack_lvl+0x99/0x250 [ 101.294132][ T5964] ? __asan_memcpy+0x40/0x70 [ 101.298753][ T5964] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.303980][ T5964] ? __pfx__printk+0x10/0x10 [ 101.308607][ T5964] vpanic+0x237/0x6d0 [ 101.312615][ T5964] ? __pfx_vpanic+0x10/0x10 [ 101.317138][ T5964] ? preempt_schedule+0xae/0xc0 [ 101.322014][ T5964] ? __pfx_preempt_schedule+0x10/0x10 [ 101.327420][ T5964] panic+0xb9/0xc0 [ 101.331166][ T5964] ? __pfx_panic+0x10/0x10 [ 101.335609][ T5964] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 101.341532][ T5964] ? locks_remove_posix+0x10f/0x630 [ 101.346777][ T5964] check_panic_on_warn+0x89/0xb0 [ 101.351748][ T5964] ? locks_remove_posix+0x10f/0x630 [ 101.356982][ T5964] end_report+0x6f/0x140 [ 101.361255][ T5964] kasan_report+0x129/0x150 [ 101.365794][ T5964] ? locks_remove_posix+0x10f/0x630 [ 101.371025][ T5964] locks_remove_posix+0x10f/0x630 [ 101.376083][ T5964] ? __pfx_locks_remove_posix+0x10/0x10 [ 101.381671][ T5964] ? do_raw_spin_unlock+0x122/0x240 [ 101.386899][ T5964] ? dnotify_flush+0x1db/0x5e0 [ 101.391690][ T5964] ? mqueue_flush_file+0x21c/0x270 [ 101.396828][ T5964] ? filp_flush+0xae/0x190 [ 101.401279][ T5964] filp_flush+0x113/0x190 [ 101.405658][ T5964] filp_close+0x1d/0x40 [ 101.409842][ T5964] put_files_struct+0x1ba/0x350 [ 101.414741][ T5964] do_exit+0x67f/0x2310 [ 101.418925][ T5964] ? preempt_schedule+0xae/0xc0 [ 101.423888][ T5964] ? preempt_schedule_common+0x83/0xd0 [ 101.429379][ T5964] ? preempt_schedule+0xae/0xc0 [ 101.434258][ T5964] ? __pfx_preempt_schedule+0x10/0x10 [ 101.439652][ T5964] ? __pfx_do_exit+0x10/0x10 [ 101.444273][ T5964] ? preempt_schedule_thunk+0x16/0x30 [ 101.449686][ T5964] do_group_exit+0x21c/0x2d0 [ 101.454311][ T5964] __x64_sys_exit_group+0x3f/0x40 [ 101.459385][ T5964] x64_sys_call+0x2210/0x2210 [ 101.464093][ T5964] do_syscall_64+0xfa/0xf80 [ 101.468624][ T5964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.474710][ T5964] ? clear_bhb_loop+0x60/0xb0 [ 101.479417][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.485335][ T5964] RIP: 0033:0x7fa06058f749 [ 101.489779][ T5964] Code: Unable to access opcode bytes at 0x7fa06058f71f. [ 101.496813][ T5964] RSP: 002b:00007fff5ce2e778 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 101.505251][ T5964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa06058f749 [ 101.513248][ T5964] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.521235][ T5964] RBP: 00007fff5ce2e7dc R08: 000000185ce2e86f R09: 00000000000927c0 [ 101.529318][ T5964] R10: 00000000000001c8 R11: 0000000000000246 R12: 0000000000000001 [ 101.537314][ T5964] R13: 00000000000927c0 R14: 0000000000017eb5 R15: 00007fff5ce2e830 [ 101.545322][ T5964] [ 101.548527][ T5964] Kernel Offset: disabled [ 101.552856][ T5964] Rebooting in 86400 seconds..