last executing test programs: 3.502678455s ago: executing program 1 (id=75): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x1e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 3.344166437s ago: executing program 1 (id=76): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @loopback, 0xfff}, 0x1b) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008380), 0x400000000000174, 0x4008890) 2.609215412s ago: executing program 1 (id=80): syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x401, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) modify_ldt$write(0x1, &(0x7f0000000340)={0x8, 0x20000000}, 0x10) bind$alg(r0, &(0x7f0000000a00)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 2.608530172s ago: executing program 2 (id=81): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="0002000000000000000600000000000010000000", @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000001900), 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10) r6 = dup(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001"], 0x1c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x775}, 0x18) r10 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r10) r11 = accept(r5, &(0x7f0000000580)=@isdn, &(0x7f0000000200)=0x80) sendmsg$TIPC_CMD_GET_MAX_PORTS(r11, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xffffffffffffff84, &(0x7f0000000380)={0x0}}, 0x400d5) sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r12 = syz_open_dev$tty1(0xc, 0x4, 0x1) setsockopt$inet_mreq(r6, 0x0, 0x24, 0x0, 0x0) ioctl$VT_ACTIVATE(r12, 0x5606, 0x4) gettid() ioctl$VT_RESIZEX(r0, 0x560a, 0x0) 2.369475114s ago: executing program 2 (id=82): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x14d9, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x3, 0x257}, &(0x7f00000001c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file1\x00'}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) 2.011798376s ago: executing program 3 (id=84): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x1e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 1.684590358s ago: executing program 3 (id=85): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xec0}, 0x0) 1.52504591s ago: executing program 3 (id=86): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, [@call={0x85, 0x0, 0x0, 0x4f}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3ff}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6ff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x7, 0x0, &(0x7f0000000100)="e0b9547ed387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.340005721s ago: executing program 0 (id=88): socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) socket$rds(0x15, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) socket$l2tp6(0xa, 0x2, 0x73) socket$l2tp6(0xa, 0x2, 0x73) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xe}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="00008000", @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb080003"], 0x2c}}, 0x4000) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r7, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r2], 0x4}}, 0x0) sendfile(r6, r5, 0x0, 0x100000002) 1.273076201s ago: executing program 3 (id=89): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001f80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x10) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {0x0, 0x1}, 0x0, 0x0, &(0x7f0000000240)={0xa2, 0xa, 0x0, 0x2001}, 0x8, 0x8, 0x0, 0x0, 0x2000, 0x200001, 0x0}) 1.132796862s ago: executing program 3 (id=90): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000840)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) timerfd_create(0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x538, 0xffffffff, 0x398, 0xe8, 0x398, 0xfeffffff, 0xffffffff, 0x468, 0x468, 0x468, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xff000000, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [0xff], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x0, 0x6}, 0x0, 0x270, 0x2b0, 0x0, {}, [@common=@srh1={{0x90}, {0x2, 0xe, 0x6, 0x5, 0x9, @remote, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0x0, 0xff, 0xffffff00, 0xffffff00], [0xff, 0xffffff00, 0xff, 0xffffff00], [0x0, 0xffffffff, 0x0, 0xff], 0x4000, 0x11}}, @common=@rt={{0x138}, {0x401, [0xfffffffe], 0x1, 0x2, 0x3, [@remote, @empty, @remote, @remote, @remote, @mcast1, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @remote, @rand_addr=' \x01\x00', @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}], 0x9}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x1, {0x2000010}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598) open_tree(0xffffffffffffff9c, &(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x88801) syz_read_part_table(0x1058, &(0x7f0000001080)="$eJzsz7GpAkEUBdA7O58vG9mCTViIghVYhKkGNmMXJlZgNyIrs+JiBWpwTvDgvnlcmPBVf8n5P8mqtlTu47KMs2bRvcVLTdeW5Rmzb2MY+sPUVafjsrv2x1abPrPX83Cr7WabZN7yetltTh/6JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8tEcAAAD//6rFDAs=") sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800000002060108000000bca3000000000000400500010006000000050005000200000005000400000000000900020073797a31000000000c000780080012400000000211000300686173683a69702c6d61726b"], 0x58}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x76eab42beba6fa74, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES8=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00'}, 0x10) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000540)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000200), &(0x7f00000003c0)=r4}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r3, &(0x7f0000000140), &(0x7f0000000240)=""/154}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) 1.032782413s ago: executing program 0 (id=91): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="0002000000000000000600000000000010000000", @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000001900), 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10) r6 = dup(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001"], 0x1c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x775}, 0x18) r10 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r10) r11 = accept(r5, &(0x7f0000000580)=@isdn, &(0x7f0000000200)=0x80) sendmsg$TIPC_CMD_GET_MAX_PORTS(r11, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xffffffffffffff84, &(0x7f0000000380)={0x0}}, 0x400d5) sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r12 = syz_open_dev$tty1(0xc, 0x4, 0x1) setsockopt$inet_mreq(r6, 0x0, 0x24, 0x0, 0x0) ioctl$VT_ACTIVATE(r12, 0x5606, 0x4) gettid() ioctl$VT_RESIZEX(r0, 0x560a, 0x0) 955.199643ms ago: executing program 1 (id=92): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000440)={[{@nouid32}, {@data_err_ignore}, {@bh}]}, 0x1, 0x528, &(0x7f0000000500)="$eJzs3c9vHFcdAPDvTLy2k7h1WnoABG1oCwFFWcebNqp6gHJCCFVC9AhSauyNZWXXa9nrUptIuGc4IlGJExz5Azj3xJ0LghuXckDihwWqkTgMmtmxs3F27U0T75rdz0cazbx54/2+l828N/N2d14AE+tqROxFxHREvBsR8+X+pFzirc6SH/fJ/v3lg/37y0lk2Tv/SIr8fF90/U3ucvmasxHxvW9F/DDpCvizcr2ze2+p0ahvlsmFdnNjYWtn98Zac2m1vlpfr9VuL96++cat12uPUZvZE3Nfak6XW1/8+Pd7X/txXqy5ck93PZ6mTtUrR3FyUxHxnbMINgIXyvpMj7ogfCppRDwfES8X5/98XCjeTQBgnGXZfGTz3WkAYNylxRhYklbLsYC5SNNqtTOG90JcShutrfb1u63t9ZXOWNmVqKR31xr1m+VY4ZWoJHl6sdh+kK4dS9+KiOci4uczF4t0dbnVWBnlhQ8ATLDLx/r/f890+n8AYMyd/LUZAGAc6f8BYPLo/wFg8uj/AWDydPr/i4/7Z1mW/eQsigMADIH7fwCYPA/3/x7lCABj7rtvv50v2UH5/OuV93a277Xeu7FS37pXbW4vV5dbmxvV1VZrtXhmT/O012u0WhuLr8X2+1e+vrHVXtja2b3TbG2vt+8Uz/W+U68UR+0NoWYAQD/PvfTRn5K8R37zYrFE1wBAZaQlA85aOuoCACNzYdQFAEbGbF8wuR7c4z/2lwAND8CYSE7Jn+31A6Esy7KzKxJwxq59zvg/TKqu8X+/AoIJc9r4fzE3sA8JYSwZ/4fJlWXJoHP+x6AHAgDn2wlj/FeGeR0CjE6fz/+fL9e/KT8c+MHK8SM+PMtSAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPl2OP9vtZzmdy7StFqNeKaYAKiS3F1r1G9GxLMR8ceZykyeXhxxmQGAJ5X+NSnn/7o2/+rcQ1kvXj7anI6IH/3ynV+8v9Rub/4hYjr558zh/vaH5f7aqcFmz6IGAMDJDvvpYt11I//J/v3lw2WY5fnbNztXBXncg/3pODiKPxVTxXo2KhFx6V9Jme5IusYunsTeBxHx2V71T2KuGAPpXLIcj5/Hfmao8dOH4qflBM1p+W/xmadQFpg0H+Xtz1u9zr80rhbr3uf/bNFCPbmy/ctfavmgaAMfxD9s/y70af+uDhrjtd99u1OLi4/mfRDx+amIw9gHXe3PYfykT/xXB4z/5y+8+HK/vOxXEdeid/zuWAvt5sbC1s7ujbXm0mp9tb5eq91evH3zjVuv1xburjWy+RPi//3N68/2y8vrf6lP/NlT6v/lAev/6/+++/0vnRD/q6/0ip/GCyfEz/vErwwYf+nSb/ved+fxVx6tfzLI+399wPgf/2X3kWnDAYDR2drZvbfUaNQ3bfw/bkydj2IMbSP/L3sOitFz4xvDijUdvbN++krnnD6WlWWfKla/FuNpjLoB58HRSR8R/xl1YQAAAAAAAAAAAAAAgJ6G8YulUdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA8fW/AAAA//+CMdPe") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x181242, 0x156) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x2007ffc) r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r3, 0x2007ffb) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 954.689653ms ago: executing program 2 (id=93): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180900000020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18) r1 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x400, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000500)={0x10001, 0x0, &(0x7f00000004c0)=[r0]}, 0x1) 703.505635ms ago: executing program 2 (id=94): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0xec0}, 0x0) 702.862325ms ago: executing program 0 (id=95): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x1e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 536.079706ms ago: executing program 0 (id=96): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xcb) bind$ax25(r0, &(0x7f0000000180)={{0x3, @bcast, 0x1}, [@bcast, @null, @default, @default, @null, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 440.916577ms ago: executing program 2 (id=97): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYRES32=r1], 0x3c}}, 0x20000810) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) r4 = openat$cgroup_type(r3, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r4, &(0x7f0000000280), 0x9) r5 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000c40), 0x12) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) openat$cgroup_ro(r6, &(0x7f00000003c0)='cgroup.freeze\x00', 0x275a, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r9, &(0x7f0000000080)=r7, 0x12) 384.739348ms ago: executing program 1 (id=98): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001f80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x10) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {0x0, 0x1}, 0x0, 0x0, &(0x7f0000000240)={0xa2, 0xa, 0x0, 0x2001}, 0x8, 0x8, 0x0, 0x0, 0x2000, 0x200001, 0x0}) 334.745798ms ago: executing program 0 (id=99): socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) socket$rds(0x15, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) socket$l2tp6(0xa, 0x2, 0x73) socket$l2tp6(0xa, 0x2, 0x73) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xe}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="00008000", @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb080003"], 0x2c}}, 0x4000) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r7, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r2], 0x4}}, 0x0) sendfile(r6, r5, 0x0, 0x100000002) 143.515299ms ago: executing program 2 (id=100): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) socket(0x10, 0x3, 0x0) timer_create(0x3, &(0x7f0000000140)={0x0, 0x3a, 0x2, @thr={&(0x7f0000000000), &(0x7f00000000c0)="f75c7baa39914f7177a5007e6e0781f2e62526fd09b87d715787bcd06fcbc754d5f559f50bb8b4774b82844a7c20161a9667e7308d4197f2d2b9544314"}}, &(0x7f0000000180)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x422, &(0x7f00000000c0)={0x0, 0x20079af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r7 = socket$kcm(0x2, 0x3, 0x2) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0xc, 0x0, r7, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0, 0x801}) io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x98}]}, 0x2c}}, 0x0) 96.858469ms ago: executing program 3 (id=101): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ec0), r0) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000000)={0x14, r1, 0x1, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4002) 18.26832ms ago: executing program 0 (id=102): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x14d9, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x3, 0x257}, &(0x7f00000001c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file1\x00'}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=103): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180900000020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18) r1 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x400, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000500)={0x10001, 0x0, &(0x7f00000004c0)=[r0]}, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.200' (ED25519) to the list of known hosts. syzkaller login: [ 64.181323][ T5770] cgroup: Unknown subsys name 'net' [ 64.342433][ T5770] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.706022][ T5770] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.220856][ T5782] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.237084][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.249234][ T5788] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.256822][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.257757][ T5788] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.271903][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.272628][ T5788] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.284265][ T5790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.289645][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.293616][ T5794] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.301496][ T5791] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.311192][ T5794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.314818][ T5791] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.329185][ T5788] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.338548][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.346678][ T5794] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.346824][ T5788] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.354689][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.366591][ T5788] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.368533][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.384676][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.393120][ T5790] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.400498][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.422195][ T5790] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.868903][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 67.970165][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 68.006416][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.013635][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.021459][ T5780] bridge_slave_0: entered allmulticast mode [ 68.029050][ T5780] bridge_slave_0: entered promiscuous mode [ 68.047330][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 68.072933][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.080291][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.087614][ T5780] bridge_slave_1: entered allmulticast mode [ 68.094321][ T5780] bridge_slave_1: entered promiscuous mode [ 68.108546][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 68.191530][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.228528][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.235819][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.243001][ T5783] bridge_slave_0: entered allmulticast mode [ 68.250302][ T5783] bridge_slave_0: entered promiscuous mode [ 68.260597][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.294636][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.302218][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.309474][ T5783] bridge_slave_1: entered allmulticast mode [ 68.316587][ T5783] bridge_slave_1: entered promiscuous mode [ 68.338986][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.346388][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.353564][ T5789] bridge_slave_0: entered allmulticast mode [ 68.360910][ T5789] bridge_slave_0: entered promiscuous mode [ 68.394458][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.401784][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.409264][ T5789] bridge_slave_1: entered allmulticast mode [ 68.417049][ T5789] bridge_slave_1: entered promiscuous mode [ 68.434957][ T5780] team0: Port device team_slave_0 added [ 68.444086][ T5780] team0: Port device team_slave_1 added [ 68.472891][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.484973][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.555398][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.562601][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.588991][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.603926][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.611021][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.637055][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.648795][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.656203][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.663360][ T5786] bridge_slave_0: entered allmulticast mode [ 68.670371][ T5786] bridge_slave_0: entered promiscuous mode [ 68.680860][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.693570][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.718485][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.726091][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.733354][ T5786] bridge_slave_1: entered allmulticast mode [ 68.740810][ T5786] bridge_slave_1: entered promiscuous mode [ 68.763804][ T5783] team0: Port device team_slave_0 added [ 68.772382][ T5783] team0: Port device team_slave_1 added [ 68.840230][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.852377][ T5789] team0: Port device team_slave_0 added [ 68.861855][ T5789] team0: Port device team_slave_1 added [ 68.887820][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.894839][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.920848][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.933956][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.966574][ T5780] hsr_slave_0: entered promiscuous mode [ 68.973074][ T5780] hsr_slave_1: entered promiscuous mode [ 68.981468][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.990697][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.017041][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.056267][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.063356][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.089958][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.102846][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.110492][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.136960][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.151282][ T5786] team0: Port device team_slave_0 added [ 69.191669][ T5786] team0: Port device team_slave_1 added [ 69.249975][ T5783] hsr_slave_0: entered promiscuous mode [ 69.257478][ T5783] hsr_slave_1: entered promiscuous mode [ 69.263683][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.272624][ T5783] Cannot create hsr debugfs directory [ 69.294378][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.301686][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.327891][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.372705][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.379800][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.406053][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.448294][ T5789] hsr_slave_0: entered promiscuous mode [ 69.454938][ T5789] hsr_slave_1: entered promiscuous mode [ 69.460124][ T5790] Bluetooth: hci0: command tx timeout [ 69.461721][ T5782] Bluetooth: hci2: command tx timeout [ 69.466921][ T5790] Bluetooth: hci3: command tx timeout [ 69.472024][ T5788] Bluetooth: hci1: command tx timeout [ 69.484307][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.492375][ T5789] Cannot create hsr debugfs directory [ 69.616843][ T5786] hsr_slave_0: entered promiscuous mode [ 69.623268][ T5786] hsr_slave_1: entered promiscuous mode [ 69.629898][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.637650][ T5786] Cannot create hsr debugfs directory [ 69.842968][ T5780] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 69.871336][ T5780] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 69.881164][ T5780] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 69.896907][ T5780] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 69.971283][ T5783] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 69.990185][ T5783] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.003219][ T5783] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.015389][ T5783] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.101235][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.112664][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.129996][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.157456][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.220004][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.242963][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.253322][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.264390][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.360085][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.418614][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.443263][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.476581][ T2114] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.484288][ T2114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.499151][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.526542][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.536104][ T2114] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.543254][ T2114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.573331][ T2114] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.580533][ T2114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.604953][ T991] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.612147][ T991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.665193][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.699133][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.709096][ T991] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.716314][ T991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.747197][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.754293][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.772212][ T5783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 70.853116][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.912949][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.920187][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.001870][ T991] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.009067][ T991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.085420][ T5789] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.105944][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.263481][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.274605][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.394980][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.411108][ T5780] veth0_vlan: entered promiscuous mode [ 71.424808][ T5783] veth0_vlan: entered promiscuous mode [ 71.461480][ T5780] veth1_vlan: entered promiscuous mode [ 71.473660][ T5783] veth1_vlan: entered promiscuous mode [ 71.539653][ T5788] Bluetooth: hci2: command tx timeout [ 71.542418][ T5782] Bluetooth: hci3: command tx timeout [ 71.545084][ T5788] Bluetooth: hci1: command tx timeout [ 71.551916][ T5790] Bluetooth: hci0: command tx timeout [ 71.587623][ T5783] veth0_macvtap: entered promiscuous mode [ 71.600968][ T5786] veth0_vlan: entered promiscuous mode [ 71.612130][ T5783] veth1_macvtap: entered promiscuous mode [ 71.621125][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.630085][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.646489][ T5786] veth1_vlan: entered promiscuous mode [ 71.668579][ T5780] veth0_macvtap: entered promiscuous mode [ 71.686275][ T5780] veth1_macvtap: entered promiscuous mode [ 71.712684][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.730459][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.741514][ T5786] veth0_macvtap: entered promiscuous mode [ 71.752633][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.764381][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.777318][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.789032][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.801623][ T5786] veth1_macvtap: entered promiscuous mode [ 71.820130][ T5780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.829853][ T5780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.839098][ T5780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.848020][ T5780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.862671][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.873782][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.888611][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.929947][ T5783] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.944819][ T5783] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.956662][ T5783] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.965390][ T5783] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.982300][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.993497][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.004628][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.015324][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.028244][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.079967][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.091545][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.109543][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.120219][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.131675][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.171434][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.181398][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.214421][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.224846][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.239686][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.249228][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.274725][ T5789] veth0_vlan: entered promiscuous mode [ 72.291053][ T991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.300234][ T991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.320637][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.332206][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.379407][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.400395][ T5789] veth1_vlan: entered promiscuous mode [ 72.409638][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.514019][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.539287][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.610445][ T5789] veth0_macvtap: entered promiscuous mode [ 72.648402][ T5872] Zero length message leads to an empty skb [ 72.654951][ T5789] veth1_macvtap: entered promiscuous mode [ 72.671733][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.702720][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.705220][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.725309][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.747703][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.761033][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.773013][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.813407][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.837748][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.862355][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.862397][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.862406][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.862417][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.862427][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.862437][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.863826][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.878487][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.878544][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.878568][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.878591][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.102139][ T3489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.102161][ T3489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.184736][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.184757][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.509013][ T5891] usb usb1: check_ctrlrecip: process 5891 (syz.3.9) requesting ep 01 but needs 81 [ 73.538376][ T5891] usb usb1: usbfs: process 5891 (syz.3.9) did not claim interface 0 before use [ 73.622297][ T5782] Bluetooth: hci3: command tx timeout [ 73.627822][ T5790] Bluetooth: hci0: command tx timeout [ 73.633243][ T5782] Bluetooth: hci1: command tx timeout [ 73.640115][ T5790] Bluetooth: hci2: command tx timeout [ 73.782288][ T5892] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 74.505926][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.865219][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.967574][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 75.069933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 75.274805][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 75.506182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.697394][ T5788] Bluetooth: hci1: command tx timeout [ 75.698387][ T5782] Bluetooth: hci2: command tx timeout [ 75.702923][ T5788] Bluetooth: hci0: command tx timeout [ 75.708431][ T5790] Bluetooth: hci3: command tx timeout [ 75.720956][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.112193][ T5924] 9pnet_fd: p9_fd_create_tcp (5924): problem connecting socket to 127.0.0.1 [ 76.705971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.715538][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 76.725940][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.901163][ T27] audit: type=1326 audit(1762520611.291:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 76.946823][ T5932] ip6t_srh: unknown srh match flags 4000 [ 76.985822][ T5932] syz.3.17[5932]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.025880][ T27] audit: type=1326 audit(1762520611.341:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.110895][ T27] audit: type=1326 audit(1762520611.341:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.179453][ T27] audit: type=1326 audit(1762520611.341:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.253519][ T27] audit: type=1326 audit(1762520611.341:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.293018][ T5936] syzkaller1: entered promiscuous mode [ 77.357904][ T27] audit: type=1326 audit(1762520611.341:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.374776][ T5936] syzkaller1: entered allmulticast mode [ 77.401162][ T5932] loop3: detected capacity change from 0 to 8192 [ 77.409364][ T5938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.19'. [ 77.436323][ T27] audit: type=1326 audit(1762520611.341:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.482472][ T5932] loop3: p1 p2 p3 p4 [ 77.482472][ T5932] p1: [ 77.496183][ T5932] loop3: p1 size 196608 extends beyond EOD, truncated [ 77.528238][ T5936] loop0: detected capacity change from 0 to 512 [ 77.533847][ T5932] loop3: p2 start 164919041 is beyond EOD, truncated [ 77.539776][ T5940] usb usb1: check_ctrlrecip: process 5940 (syz.2.20) requesting ep 01 but needs 81 [ 77.545708][ T27] audit: type=1326 audit(1762520611.341:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.585086][ T5940] usb usb1: usbfs: process 5940 (syz.2.20) did not claim interface 0 before use [ 77.598684][ T5932] loop3: p3 size 66846464 extends beyond EOD, truncated [ 77.609765][ T5936] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.627041][ T27] audit: type=1326 audit(1762520611.341:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.650023][ T27] audit: type=1326 audit(1762520611.341:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 77.660088][ T5932] loop3: p4 size 37048832 extends beyond EOD, [ 77.716610][ T5936] EXT4-fs warning (device loop0): ext4_xattr_inode_get:563: inode #11: comm syz.0.19: EA inode hash validation failed [ 77.742029][ T5932] truncated [ 77.757335][ T5932] loop3: p5 size 196608 extends beyond EOD, truncated [ 77.812748][ T5936] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 77.885684][ T5936] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #15: comm syz.0.19: corrupted inode contents [ 77.935230][ T5936] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #15: comm syz.0.19: mark_inode_dirty error [ 77.991975][ T5936] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #15: comm syz.0.19: corrupted inode contents [ 78.029048][ T5936] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3017: inode #15: comm syz.0.19: mark_inode_dirty error [ 78.069887][ T5936] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3020: inode #15: comm syz.0.19: mark inode dirty (error -117) [ 78.109028][ T5936] EXT4-fs warning (device loop0): ext4_evict_inode:272: xattr delete (err -117) [ 78.124598][ T5775] udevd[5775]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 78.129765][ T5773] udevd[5773]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 78.137763][ T5936] EXT4-fs (loop0): 1 orphan inode deleted [ 78.159276][ T5936] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 78.167591][ T5795] udevd[5795]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 78.185027][ T5947] udevd[5947]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory [ 78.374444][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.650224][ T5954] loop0: detected capacity change from 0 to 512 [ 78.687056][ T5954] EXT4-fs: Ignoring removed bh option [ 78.759696][ T5954] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-008c-000000000000 r/w without journal. Quota mode: writeback. [ 78.799498][ T5954] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 79.022909][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-008c-000000000000. [ 79.415067][ T5968] usb usb1: check_ctrlrecip: process 5968 (syz.2.29) requesting ep 01 but needs 81 [ 79.541758][ T5968] usb usb1: usbfs: process 5968 (syz.2.29) did not claim interface 0 before use [ 79.912709][ T5971] ip6t_srh: unknown srh match flags 4000 [ 80.002025][ T5971] loop0: detected capacity change from 0 to 8192 [ 80.098683][ T5971] loop0: p1 p2 p3 p4 [ 80.098683][ T5971] p1: [ 80.116406][ T5971] loop0: p1 size 196608 extends beyond EOD, truncated [ 80.146974][ T5971] loop0: p2 start 164919041 is beyond EOD, truncated [ 80.168351][ T5971] loop0: p3 size 66846464 extends beyond EOD, truncated [ 80.186850][ T5975] syzkaller1: entered promiscuous mode [ 80.205788][ T5975] syzkaller1: entered allmulticast mode [ 80.223895][ T5971] loop0: p4 size 37048832 extends beyond EOD, truncated [ 80.260624][ T5975] netlink: 24 bytes leftover after parsing attributes in process `syz.2.32'. [ 80.266990][ T5971] loop0: p5 size 196608 extends beyond EOD, truncated [ 80.309450][ T5975] loop2: detected capacity change from 0 to 512 [ 80.390397][ T5975] EXT4-fs (loop2): orphan cleanup on readonly fs [ 80.458274][ T5975] EXT4-fs warning (device loop2): ext4_xattr_inode_get:563: inode #11: comm syz.2.32: EA inode hash validation failed [ 80.529977][ T5975] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #15: comm syz.2.32: corrupted inode contents [ 80.543463][ T5975] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #15: comm syz.2.32: mark_inode_dirty error [ 80.569117][ T5975] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #15: comm syz.2.32: corrupted inode contents [ 80.612913][ T5975] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3017: inode #15: comm syz.2.32: mark_inode_dirty error [ 80.652380][ T5975] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3020: inode #15: comm syz.2.32: mark inode dirty (error -117) [ 80.679307][ T5948] udevd[5948]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 80.680381][ T5773] udevd[5773]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 80.697474][ T5775] udevd[5775]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 80.711156][ T5947] udevd[5947]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 80.738712][ T5975] EXT4-fs warning (device loop2): ext4_evict_inode:272: xattr delete (err -117) [ 80.758636][ T5975] EXT4-fs (loop2): 1 orphan inode deleted [ 80.776003][ T5975] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 80.927537][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.192925][ T5990] loop2: detected capacity change from 0 to 512 [ 81.228545][ T5990] EXT4-fs: Ignoring removed bh option [ 81.387081][ T5990] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-008c-000000000000 r/w without journal. Quota mode: writeback. [ 81.584086][ T5990] ext4 filesystem being mounted at /13/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 81.985472][ T1188] cfg80211: failed to load regulatory.db [ 82.211901][ T27] kauditd_printk_skb: 54 callbacks suppressed [ 82.211917][ T27] audit: type=1800 audit(1762520616.611:66): pid=5990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.38" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 82.294189][ T6003] usb usb1: check_ctrlrecip: process 6003 (syz.0.40) requesting ep 01 but needs 81 [ 82.312157][ T6003] usb usb1: usbfs: process 6003 (syz.0.40) did not claim interface 0 before use [ 82.370084][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-008c-000000000000. [ 82.491621][ T27] audit: type=1326 audit(1762520616.891:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 82.532207][ T6007] ip6t_srh: unknown srh match flags 4000 [ 82.593249][ T6011] syzkaller1: entered promiscuous mode [ 82.598936][ T27] audit: type=1326 audit(1762520616.921:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 82.633439][ T6011] syzkaller1: entered allmulticast mode [ 82.667448][ T27] audit: type=1326 audit(1762520616.921:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 82.694223][ T6011] netlink: 24 bytes leftover after parsing attributes in process `syz.0.45'. [ 82.742229][ T6011] loop0: detected capacity change from 0 to 512 [ 82.755878][ T27] audit: type=1326 audit(1762520616.921:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 82.792600][ T6007] loop2: detected capacity change from 0 to 8192 [ 82.803151][ T6011] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.803620][ T27] audit: type=1326 audit(1762520616.921:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 82.832016][ T27] audit: type=1326 audit(1762520616.921:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 82.863945][ T6011] EXT4-fs warning (device loop0): ext4_xattr_inode_get:563: inode #11: comm syz.0.45: EA inode hash validation failed [ 82.891196][ T27] audit: type=1326 audit(1762520616.921:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 82.976814][ T6011] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #15: comm syz.0.45: corrupted inode contents [ 82.996341][ T6007] loop2: p1 p2 p3 p4 [ 82.996341][ T6007] p1: [ 83.007889][ T27] audit: type=1326 audit(1762520616.921:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 83.040085][ T6007] loop2: p1 size 196608 extends beyond EOD, truncated [ 83.050085][ T6011] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #15: comm syz.0.45: mark_inode_dirty error [ 83.063935][ T27] audit: type=1326 audit(1762520616.921:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f020478f6c9 code=0x7ffc0000 [ 83.087723][ T6007] loop2: p2 start 164919041 is beyond EOD, truncated [ 83.101087][ T6011] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #15: comm syz.0.45: corrupted inode contents [ 83.119312][ T6007] loop2: p3 size 66846464 extends beyond EOD, truncated [ 83.152273][ T6007] loop2: p4 size 37048832 extends beyond EOD, truncated [ 83.175740][ T6011] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3017: inode #15: comm syz.0.45: mark_inode_dirty error [ 83.188879][ T6007] loop2: p5 size 196608 extends beyond EOD, truncated [ 83.200867][ T6011] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3020: inode #15: comm syz.0.45: mark inode dirty (error -117) [ 83.264465][ T6011] EXT4-fs warning (device loop0): ext4_evict_inode:272: xattr delete (err -117) [ 83.295781][ T6011] EXT4-fs (loop0): 1 orphan inode deleted [ 83.303156][ T6011] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 83.499281][ T5947] udevd[5947]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 83.508781][ T5948] udevd[5948]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 83.512772][ T5775] udevd[5775]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 83.533541][ T5773] udevd[5773]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 83.594975][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.773171][ T6034] loop2: detected capacity change from 0 to 512 [ 84.816859][ T6034] EXT4-fs: Ignoring removed bh option [ 84.872605][ T6034] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-008c-000000000000 r/w without journal. Quota mode: writeback. [ 84.959625][ T6034] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 85.157576][ T6041] usb usb1: check_ctrlrecip: process 6041 (syz.0.53) requesting ep 01 but needs 81 [ 85.204433][ T6041] usb usb1: usbfs: process 6041 (syz.0.53) did not claim interface 0 before use [ 85.216695][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-008c-000000000000. [ 85.566850][ T6051] syzkaller1: entered promiscuous mode [ 85.576785][ T6051] syzkaller1: entered allmulticast mode [ 85.601967][ T6051] netlink: 24 bytes leftover after parsing attributes in process `syz.1.57'. [ 85.629353][ T6051] loop1: detected capacity change from 0 to 512 [ 85.662875][ T6051] EXT4-fs (loop1): orphan cleanup on readonly fs [ 85.680119][ T6051] EXT4-fs warning (device loop1): ext4_xattr_inode_get:563: inode #11: comm syz.1.57: EA inode hash validation failed [ 85.694106][ T6051] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #15: comm syz.1.57: corrupted inode contents [ 85.725889][ T6051] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #15: comm syz.1.57: mark_inode_dirty error [ 85.745418][ T6051] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #15: comm syz.1.57: corrupted inode contents [ 85.762207][ T6051] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3017: inode #15: comm syz.1.57: mark_inode_dirty error [ 85.774582][ T6051] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3020: inode #15: comm syz.1.57: mark inode dirty (error -117) [ 85.795313][ T6051] EXT4-fs warning (device loop1): ext4_evict_inode:272: xattr delete (err -117) [ 85.808120][ T6051] EXT4-fs (loop1): 1 orphan inode deleted [ 85.819419][ T6051] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 86.040119][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.950430][ T6064] loop1: detected capacity change from 0 to 512 [ 86.962940][ T6064] EXT4-fs: Ignoring removed bh option [ 87.034766][ T6064] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-008c-000000000000 r/w without journal. Quota mode: writeback. [ 87.063123][ T6064] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.079977][ T6068] usb usb1: check_ctrlrecip: process 6068 (syz.0.64) requesting ep 01 but needs 81 [ 87.102398][ T6068] usb usb1: usbfs: process 6068 (syz.0.64) did not claim interface 0 before use [ 87.269673][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-008c-000000000000. [ 87.325094][ T6074] tipc: Failed to remove unknown binding: 66,1,1/0:3626893781/3626893783 [ 87.386318][ T6074] tipc: Failed to remove unknown binding: 66,1,1/0:3626893781/3626893783 [ 87.410812][ T6074] tipc: Failed to remove unknown binding: 66,1,1/0:3626893781/3626893783 [ 87.464568][ T6083] syzkaller1: entered promiscuous mode [ 87.475916][ T6083] syzkaller1: entered allmulticast mode [ 87.502173][ T6083] netlink: 24 bytes leftover after parsing attributes in process `syz.1.69'. [ 87.527054][ T6083] loop1: detected capacity change from 0 to 512 [ 87.544042][ T6083] EXT4-fs (loop1): orphan cleanup on readonly fs [ 87.577509][ T6083] EXT4-fs warning (device loop1): ext4_xattr_inode_get:563: inode #11: comm syz.1.69: EA inode hash validation failed [ 87.592936][ T6083] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #15: comm syz.1.69: corrupted inode contents [ 87.607139][ T6083] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #15: comm syz.1.69: mark_inode_dirty error [ 87.624197][ T6083] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #15: comm syz.1.69: corrupted inode contents [ 87.637780][ T6083] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3017: inode #15: comm syz.1.69: mark_inode_dirty error [ 87.652255][ T6074] loop2: detected capacity change from 0 to 7 [ 87.657691][ T6083] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3020: inode #15: comm syz.1.69: mark inode dirty (error -117) [ 87.674278][ T6083] EXT4-fs warning (device loop1): ext4_evict_inode:272: xattr delete (err -117) [ 87.684874][ T6083] EXT4-fs (loop1): 1 orphan inode deleted [ 87.690035][ T6074] Dev loop2: unable to read RDB block 7 [ 87.691897][ T6083] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 87.711043][ T6074] loop2: unable to read partition table [ 87.719358][ T6074] loop2: partition table beyond EOD, truncated [ 87.727001][ T6074] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 87.913966][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.485725][ T6101] usb usb1: check_ctrlrecip: process 6101 (syz.2.77) requesting ep 01 but needs 81 [ 89.515912][ T6101] usb usb1: usbfs: process 6101 (syz.2.77) did not claim interface 0 before use [ 89.706030][ T6102] loop0: detected capacity change from 0 to 512 [ 89.841984][ T6102] EXT4-fs: Ignoring removed bh option [ 89.899124][ T6105] netlink: 24 bytes leftover after parsing attributes in process `syz.3.79'. [ 89.930210][ T6102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-008c-000000000000 r/w without journal. Quota mode: writeback. [ 89.973806][ T6102] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 89.994652][ T6105] loop3: detected capacity change from 0 to 512 [ 90.026785][ T6105] EXT4-fs (loop3): orphan cleanup on readonly fs [ 90.037252][ T6105] EXT4-fs warning (device loop3): ext4_xattr_inode_get:563: inode #11: comm syz.3.79: EA inode hash validation failed [ 90.055412][ T27] kauditd_printk_skb: 34 callbacks suppressed [ 90.055429][ T27] audit: type=1800 audit(1762520624.451:110): pid=6102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.78" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 90.106609][ T6105] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #15: comm syz.3.79: corrupted inode contents [ 90.178169][ T6105] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #15: comm syz.3.79: mark_inode_dirty error [ 90.189311][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-008c-000000000000. [ 90.200658][ T6105] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #15: comm syz.3.79: corrupted inode contents [ 90.255169][ T6105] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3017: inode #15: comm syz.3.79: mark_inode_dirty error [ 90.279782][ T6105] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3020: inode #15: comm syz.3.79: mark inode dirty (error -117) [ 90.308255][ T6105] EXT4-fs warning (device loop3): ext4_evict_inode:272: xattr delete (err -117) [ 90.332451][ T6105] EXT4-fs (loop3): 1 orphan inode deleted [ 90.358013][ T6105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 90.490703][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.271543][ T6132] usb usb1: check_ctrlrecip: process 6132 (syz.3.89) requesting ep 01 but needs 81 [ 91.285492][ T6132] usb usb1: usbfs: process 6132 (syz.3.89) did not claim interface 0 before use [ 91.483630][ T27] audit: type=1326 audit(1762520625.881:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.511658][ T6136] ip6t_srh: unknown srh match flags 4000 [ 91.538697][ T27] audit: type=1326 audit(1762520625.881:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.563110][ T27] audit: type=1326 audit(1762520625.911:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.615987][ T27] audit: type=1326 audit(1762520625.911:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.697742][ T6142] loop1: detected capacity change from 0 to 512 [ 91.713132][ T27] audit: type=1326 audit(1762520625.911:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.726633][ T6142] EXT4-fs: Ignoring removed bh option [ 91.805852][ T27] audit: type=1326 audit(1762520625.911:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.865122][ T6142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-008c-000000000000 r/w without journal. Quota mode: writeback. [ 91.879324][ T27] audit: type=1326 audit(1762520625.911:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.902566][ T27] audit: type=1326 audit(1762520625.911:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.925744][ T27] audit: type=1326 audit(1762520625.911:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c0218f6c9 code=0x7ffc0000 [ 91.945823][ T6142] ext4 filesystem being mounted at /13/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 92.010484][ T6136] loop3: detected capacity change from 0 to 8192 [ 92.099482][ T6136] loop3: p1 p2 p3 p4 [ 92.099482][ T6136] p1: [ 92.117591][ T6136] loop3: p1 size 196608 extends beyond EOD, truncated [ 92.134161][ T6136] loop3: p2 start 164919041 is beyond EOD, truncated [ 92.135331][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-008c-000000000000. [ 92.145051][ T6136] loop3: p3 size 66846464 extends beyond EOD, truncated [ 92.186589][ T6136] loop3: p4 size 37048832 extends beyond EOD, truncated [ 92.234963][ T6136] loop3: p5 size 196608 extends beyond EOD, truncated [ 92.341384][ T6159] usb usb1: check_ctrlrecip: process 6159 (syz.1.98) requesting ep 01 but needs 81 [ 92.365731][ T6159] usb usb1: usbfs: process 6159 (syz.1.98) did not claim interface 0 before use [ 92.683104][ C1] ------------[ cut here ]------------ [ 92.688959][ C1] WARNING: CPU: 1 PID: 6163 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600 [ 92.699146][ C1] Modules linked in: [ 92.701096][ T12] ------------[ cut here ]------------ [ 92.703064][ C1] CPU: 1 PID: 6163 Comm: syz.3.101 Not tainted syzkaller #0 [ 92.708742][ T12] WARNING: CPU: 0 PID: 12 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 92.715991][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 92.716006][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 92.716027][ C1] Code: 24 4c 89 e7 e8 9e cc d3 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 c9 a3 96 f7 0f 0b e9 f6 f7 ff ff e8 bd a3 96 f7 <0f> 0b e9 48 fb ff ff e8 b1 a3 96 f7 48 c7 c7 60 07 24 8e 4c 89 e6 [ 92.716042][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 92.716060][ C1] RAX: ffffffff89eeebd3 RBX: ffffffff89eed9d6 RCX: ffff888027cd8000 [ 92.716075][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 92.727039][ T12] Modules linked in: [ 92.737087][ C1] RBP: 0000000000000000 R08: ffff888027cd8000 R09: 0000000000000003 [ 92.737101][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805c09e3c0 [ 92.737113][ C1] R13: dffffc0000000000 R14: ffff88805c09e8b0 R15: ffff888025494024 [ 92.737127][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 92.737144][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.743444][ T12] [ 92.743455][ T12] CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 92.763072][ C1] CR2: 00007f1e581e7dac CR3: 0000000061f01000 CR4: 00000000003506e0 [ 92.763090][ C1] Call Trace: [ 92.763098][ C1] [ 92.763120][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 92.763153][ C1] ieee80211_beacon_get_tim+0xb8/0x560 [ 92.763174][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 92.763199][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 92.763226][ C1] __iterate_interfaces+0x243/0x500 [ 92.763247][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 92.763266][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 92.763290][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 92.769398][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 92.777399][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 92.777433][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 92.777461][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 92.777488][ C1] ? hw_scan_work+0xf40/0xf40 [ 92.777518][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 92.786463][ T12] Workqueue: phy5 ieee80211_csa_finalize_work [ 92.789483][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 92.797636][ T12] [ 92.805412][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 92.813734][ T12] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 92.822564][ C1] handle_softirqs+0x280/0x820 [ 92.822592][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 92.829191][ T12] Code: 48 89 df e8 da 59 e9 f7 e9 dc fc ff ff e8 a0 fe 91 f7 eb 24 e8 99 fe 91 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 88 fe 91 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 7a fe 91 f7 48 8b 7c 24 08 4c 8b 7c [ 92.831506][ C1] ? do_softirq+0x180/0x180 [ 92.839003][ T12] RSP: 0018:ffffc900001179c0 EFLAGS: 00010293 [ 92.847171][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 92.850444][ T12] [ 92.850453][ T12] RAX: ffffffff89f38d0e RBX: 0000000000000001 RCX: ffff888019e7da00 [ 92.853285][ C1] __irq_exit_rcu+0xc7/0x190 [ 92.858879][ T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 92.864276][ C1] ? irq_exit_rcu+0x20/0x20 [ 92.871263][ T12] RBP: dffffc0000000000 R08: ffff88805c09d5af R09: 1ffff1100b813ab5 [ 92.876823][ C1] irq_exit_rcu+0x9/0x20 [ 92.876845][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 92.882037][ T12] R10: dffffc0000000000 R11: ffffed100b813ab6 R12: 0000000000000001 [ 92.888286][ C1] [ 92.888294][ C1] [ 92.888303][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 92.888323][ C1] RIP: 0010:rcu_is_watching+0x55/0xb0 [ 92.888346][ C1] Code: 3a 7d 8c 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 4c 51 6d 00 48 c7 c3 28 6b 03 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 2f 8b 03 65 ff 0d 11 1e 94 7e 74 0c 83 e0 [ 92.888361][ C1] RSP: 0018:ffffc9000b8573f8 EFLAGS: 00000a06 [ 92.888381][ C1] RAX: 1ffff110171e6d65 RBX: ffff8880b8f36b28 RCX: e02f26ddefe74900 [ 92.888395][ C1] RDX: 0000000000000000 RSI: ffffffff8afc6ae0 RDI: ffffffff8afc6aa0 [ 92.888409][ C1] RBP: 0000000000000001 R08: dffffc0000000000 R09: 1ffffffff21b50a0 [ 92.888423][ C1] R10: dffffc0000000000 R11: fffffbfff21b50a1 R12: dffffc0000000000 [ 92.888437][ C1] R13: 00000000000001a0 R14: ffffffff8c7d3a38 R15: dffffc0000000000 [ 92.888473][ C1] ? rcu_is_watching+0x15/0xb0 [ 92.888498][ C1] rcu_read_lock_held+0x15/0x40 [ 92.888516][ C1] ? page_ext_get+0x22/0x2b0 [ 92.888537][ C1] page_ext_get+0x193/0x2b0 [ 92.888562][ C1] page_table_check_clear+0x4a/0x6a0 [ 92.888585][ C1] ? __page_table_check_pte_clear+0x43/0x70 [ 92.888611][ C1] unmap_page_range+0x1ad1/0x2fe0 [ 92.888682][ C1] ? copy_page_range+0x3600/0x3600 [ 92.888713][ C1] ? unmap_single_vma+0x1b0/0x2a0 [ 92.888747][ C1] unmap_vmas+0x25e/0x3a0 [ 92.888780][ C1] ? unmap_page_range+0x2fe0/0x2fe0 [ 92.888811][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 92.888855][ C1] exit_mmap+0x200/0xb50 [ 92.888881][ C1] ? exit_mm_release+0x1a/0x30 [ 92.888905][ C1] ? vm_brk+0x30/0x30 [ 92.888927][ C1] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 92.888981][ C1] ? uprobe_clear_state+0x278/0x290 [ 92.889002][ C1] ? mm_update_next_owner+0x562/0x6c0 [ 92.889034][ C1] __mmput+0x118/0x3c0 [ 92.889056][ C1] exit_mm+0x1da/0x2c0 [ 92.889086][ C1] ? do_exit+0x23c0/0x23c0 [ 92.889113][ C1] ? taskstats_exit+0x35e/0x9e0 [ 92.889149][ C1] do_exit+0x88e/0x23c0 [ 92.889184][ C1] ? put_task_struct+0xc0/0xc0 [ 92.896530][ T12] R13: ffff88805c09e5d9 R14: ffff88807b4eac70 R15: ffff88807b4eace8 [ 92.902621][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 92.912697][ T12] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 92.919831][ C1] ? get_signal+0x1068/0x1400 [ 92.919865][ C1] ? lock_chain_count+0x20/0x20 [ 92.919884][ C1] ? _raw_spin_lock_irq+0xaf/0xe0 [ 92.925068][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.930497][ C1] do_group_exit+0x21b/0x2d0 [ 92.930532][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 92.935208][ T12] CR2: 00005555808ff808 CR3: 000000000cb30000 CR4: 00000000003506f0 [ 92.940345][ C1] get_signal+0x12fc/0x1400 [ 92.946607][ T12] Call Trace: [ 92.952755][ C1] arch_do_signal_or_restart+0x9c/0x7b0 [ 92.952789][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 92.952806][ C1] ? get_sigframe_size+0x20/0x20 [ 92.952848][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 92.955132][ T12] [ 92.960261][ C1] exit_to_user_mode_loop+0x70/0x110 [ 92.967600][ T12] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 92.972355][ C1] exit_to_user_mode_prepare+0xf6/0x180 [ 92.977245][ T12] ieee80211_csa_finalize+0x59a/0xf00 [ 92.996933][ C1] syscall_exit_to_user_mode+0x1a/0x50 [ 92.996958][ C1] do_syscall_64+0x61/0xb0 [ 92.996978][ C1] ? clear_bhb_loop+0x40/0x90 [ 92.996997][ C1] ? clear_bhb_loop+0x40/0x90 [ 92.997018][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 92.997037][ C1] RIP: 0033:0x7f3c0218f6c9 [ 92.997065][ C1] Code: Unable to access opcode bytes at 0x7f3c0218f69f. [ 92.997075][ C1] RSP: 002b:00007f3c030ac0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 92.997097][ C1] RAX: fffffffffffffe00 RBX: 00007f3c023e5fa8 RCX: 00007f3c0218f6c9 [ 92.997112][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3c023e5fa8 [ 92.997124][ C1] RBP: 00007f3c023e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 92.997137][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.997149][ C1] R13: 00007f3c023e6038 R14: 00007ffe53a6e410 R15: 00007ffe53a6e4f8 [ 92.997180][ C1] [ 92.997189][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 92.997199][ C1] CPU: 1 PID: 6163 Comm: syz.3.101 Not tainted syzkaller #0 [ 92.997216][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 92.997226][ C1] Call Trace: [ 92.997233][ C1] [ 92.997239][ C1] dump_stack_lvl+0x16c/0x230 [ 92.997266][ C1] ? show_regs_print_info+0x20/0x20 [ 92.997290][ C1] ? load_image+0x3b0/0x3b0 [ 92.997322][ C1] panic+0x2c0/0x710 [ 92.997346][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 92.997380][ C1] __warn+0x2e0/0x470 [ 92.997395][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 92.997417][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 92.997443][ C1] report_bug+0x2be/0x4f0 [ 92.997467][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 92.997486][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 92.997505][ C1] ? __ieee80211_beacon_get+0x1235/0x1600 [ 92.997524][ C1] handle_bug+0xcf/0x120 [ 92.997549][ C1] exc_invalid_op+0x1a/0x50 [ 92.997572][ C1] asm_exc_invalid_op+0x1a/0x20 [ 92.997590][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 92.997610][ C1] Code: 24 4c 89 e7 e8 9e cc d3 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 c9 a3 96 f7 0f 0b e9 f6 f7 ff ff e8 bd a3 96 f7 <0f> 0b e9 48 fb ff ff e8 b1 a3 96 f7 48 c7 c7 60 07 24 8e 4c 89 e6 [ 92.997624][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 92.997640][ C1] RAX: ffffffff89eeebd3 RBX: ffffffff89eed9d6 RCX: ffff888027cd8000 [ 92.997653][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 92.997664][ C1] RBP: 0000000000000000 R08: ffff888027cd8000 R09: 0000000000000003 [ 92.997675][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805c09e3c0 [ 92.997687][ C1] R13: dffffc0000000000 R14: ffff88805c09e8b0 R15: ffff888025494024 [ 92.997704][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 92.997725][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 92.997750][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 92.997771][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 92.997794][ C1] ieee80211_beacon_get_tim+0xb8/0x560 [ 92.997813][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 92.997842][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 92.997872][ C1] __iterate_interfaces+0x243/0x500 [ 92.997894][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 92.997915][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 92.997940][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 92.997961][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 92.997988][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 92.998011][ C1] __hrtimer_run_queues+0x51e/0xc40 [ 92.998036][ C1] ? hw_scan_work+0xf40/0xf40 [ 92.998063][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 92.998081][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 92.998110][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 92.998133][ C1] handle_softirqs+0x280/0x820 [ 92.998153][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 92.998175][ C1] ? do_softirq+0x180/0x180 [ 92.998194][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 92.998220][ C1] __irq_exit_rcu+0xc7/0x190 [ 92.998236][ C1] ? irq_exit_rcu+0x20/0x20 [ 92.998260][ C1] irq_exit_rcu+0x9/0x20 [ 92.998274][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 92.998300][ C1] [ 92.998306][ C1] [ 92.998312][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 92.998331][ C1] RIP: 0010:rcu_is_watching+0x55/0xb0 [ 92.998352][ C1] Code: 3a 7d 8c 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 4c 51 6d 00 48 c7 c3 28 6b 03 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 2f 8b 03 65 ff 0d 11 1e 94 7e 74 0c 83 e0 [ 92.998366][ C1] RSP: 0018:ffffc9000b8573f8 EFLAGS: 00000a06 [ 92.998380][ C1] RAX: 1ffff110171e6d65 RBX: ffff8880b8f36b28 RCX: e02f26ddefe74900 [ 92.998393][ C1] RDX: 0000000000000000 RSI: ffffffff8afc6ae0 RDI: ffffffff8afc6aa0 [ 92.998405][ C1] RBP: 0000000000000001 R08: dffffc0000000000 R09: 1ffffffff21b50a0 [ 92.998417][ C1] R10: dffffc0000000000 R11: fffffbfff21b50a1 R12: dffffc0000000000 [ 92.998429][ C1] R13: 00000000000001a0 R14: ffffffff8c7d3a38 R15: dffffc0000000000 [ 92.998462][ C1] ? rcu_is_watching+0x15/0xb0 [ 92.998484][ C1] rcu_read_lock_held+0x15/0x40 [ 92.998501][ C1] ? page_ext_get+0x22/0x2b0 [ 92.998519][ C1] page_ext_get+0x193/0x2b0 [ 92.998541][ C1] page_table_check_clear+0x4a/0x6a0 [ 92.998560][ C1] ? __page_table_check_pte_clear+0x43/0x70 [ 92.998584][ C1] unmap_page_range+0x1ad1/0x2fe0 [ 92.998639][ C1] ? copy_page_range+0x3600/0x3600 [ 92.998666][ C1] ? unmap_single_vma+0x1b0/0x2a0 [ 92.998696][ C1] unmap_vmas+0x25e/0x3a0 [ 92.998726][ C1] ? unmap_page_range+0x2fe0/0x2fe0 [ 92.998752][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 92.998790][ C1] exit_mmap+0x200/0xb50 [ 92.998811][ C1] ? exit_mm_release+0x1a/0x30 [ 92.998832][ C1] ? vm_brk+0x30/0x30 [ 92.998850][ C1] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 92.998898][ C1] ? uprobe_clear_state+0x278/0x290 [ 92.998916][ C1] ? mm_update_next_owner+0x562/0x6c0 [ 92.998944][ C1] __mmput+0x118/0x3c0 [ 92.998962][ C1] exit_mm+0x1da/0x2c0 [ 92.998989][ C1] ? do_exit+0x23c0/0x23c0 [ 92.999013][ C1] ? taskstats_exit+0x35e/0x9e0 [ 92.999046][ C1] do_exit+0x88e/0x23c0 [ 92.999078][ C1] ? put_task_struct+0xc0/0xc0 [ 92.999105][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 92.999124][ C1] ? get_signal+0x1068/0x1400 [ 92.999150][ C1] ? lock_chain_count+0x20/0x20 [ 92.999169][ C1] ? _raw_spin_lock_irq+0xaf/0xe0 [ 92.999189][ C1] do_group_exit+0x21b/0x2d0 [ 92.999214][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 92.999234][ C1] get_signal+0x12fc/0x1400 [ 92.999279][ C1] arch_do_signal_or_restart+0x9c/0x7b0 [ 92.999306][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 92.999323][ C1] ? get_sigframe_size+0x20/0x20 [ 92.999365][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 92.999392][ C1] exit_to_user_mode_loop+0x70/0x110 [ 92.999416][ C1] exit_to_user_mode_prepare+0xf6/0x180 [ 92.999445][ C1] syscall_exit_to_user_mode+0x1a/0x50 [ 92.999462][ C1] do_syscall_64+0x61/0xb0 [ 92.999482][ C1] ? clear_bhb_loop+0x40/0x90 [ 92.999500][ C1] ? clear_bhb_loop+0x40/0x90 [ 92.999520][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 92.999537][ C1] RIP: 0033:0x7f3c0218f6c9 [ 92.999550][ C1] Code: Unable to access opcode bytes at 0x7f3c0218f69f. [ 92.999559][ C1] RSP: 002b:00007f3c030ac0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 92.999575][ C1] RAX: fffffffffffffe00 RBX: 00007f3c023e5fa8 RCX: 00007f3c0218f6c9 [ 92.999587][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3c023e5fa8 [ 92.999598][ C1] RBP: 00007f3c023e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 92.999609][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.999618][ C1] R13: 00007f3c023e6038 R14: 00007ffe53a6e410 R15: 00007ffe53a6e4f8 [ 92.999645][ C1] [ 93.002439][ C1] Kernel Offset: disabled