last executing test programs: 4.354202601s ago: executing program 2 (id=3): r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x1, @buffer={0x300, 0x0, 0x0}, &(0x7f0000000380)="259374c96ee3", 0x0, 0xffffffff, 0x30, 0x0, 0x0}) 3.522230664s ago: executing program 3 (id=4): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000c00)=@filter={'filter\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x160, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@remote, @private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0xffffffff, 0xff], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'gre0\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x3c, 0x9, 0x0, 0x50}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "978888d6ee9e7a5e4bc76ccf4228733e737d402fc4a91c346e4f9a692f63"}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ipv6={@private2, @private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0xffffff00, 0x0, 0xfffffefe], [0xffffff00, 0xff, 0xff, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x1, 0x2, 0x2, 0x1}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) 3.297923657s ago: executing program 2 (id=6): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18) request_key(0x0, 0x0, 0x0, 0x0) 3.150413738s ago: executing program 1 (id=2): prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x1, @thr={0x0, 0x0}}, &(0x7f0000bbdffc)) 3.072456811s ago: executing program 0 (id=1): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000240)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000400)) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000001c0)={r2}) 2.801439146s ago: executing program 3 (id=7): r0 = socket$inet6(0xa, 0x80002, 0x0) unshare(0x6c000200) r1 = msgget$private(0x0, 0x0) msgsnd(r1, &(0x7f0000000480)=ANY=[@ANYRESDEC], 0x2000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYRES64, @ANYRES32=r0], 0x0, 0x7a, 0x0, 0x20001}, 0x28) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x8, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), r3) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r4 = syz_io_uring_setup(0x5c6, &(0x7f0000000140)={0x0, 0x1001, 0x0, 0x8}, 0x0, &(0x7f0000000580)=0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0xe0}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(0x0, r5, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, 0x0, 0x1, 0x40, 0x1}) io_uring_enter(r4, 0x6e2, 0x3900, 0x1, 0x0, 0xe00) pause() bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x3c, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000"], 0x48) 2.495035433s ago: executing program 2 (id=8): getgroups(0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) close(0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000001200)='./file0\x00', 0x21081e, &(0x7f0000000100)={[{@sysvgroups}, {@oldalloc}, {@nodiscard}]}, 0x1, 0x4f8, &(0x7f00000015c0)="$eJzs3U1vG1sZAODXzpeTpje5l7sABNxyuVBQVSdx26jqAsoKIVQJ0SVIbUjcKIodR7FTmtBF+h+QqMQKlvwA1l2xZ4Ngx6YskPiIQE0lFkYznqRuYjcp+XAUP480mjlnnHnPSTznxK9lnwD61pWI2IqI4Yh4GBETWX0u2+Jua0se92r76fzO9tP5XDSb9/+ZS88nddH2M4lL2TULEfGj70X8NHcwbn1jc3muUimvZeWpRnV1qr6xeX2pOrdYXiyvlEqzM7PTt2/cKp1YXz+pDmdHX375h61v/Txp1nhW096Pk9Tq+tBenMh+5z84jWA9MBARg9nzJ3O5l+3h/eQj4qOI+DS9/ydiIP1rAgAXWbM5Ec2J9jIAcNHl0xxYLl/McgHjkc8Xi60c3scxlq/U6o1rj2rrKwutXNlkDOUfLVXK01mucDKGckl5Jj1+Uy7tK9+IiA8j4hcjo2m5OF+rLPTyHx8A6GOX9s3//xlpzf8AwAVX6HUDAIAzZ/4HgP5j/geA/mP+B4D+Y/4HgP5j/geA/vM+8/+lU2wHAHAmfnjvXrI1d7Lvv154vLG+XHt8faFcXy5W1+eL87W11eJirbaYfmdP9bDrVWq11Zmbsf5k8tur9cZUfWPzQbW2vtJ4kH6v94Py0Jn0CgB4lw8/efHnXERs3RlNt2hby8FcDRdbvtcNAHpmoNcNAHrGal/Qv47xGl96AC6IDkv0vqUQEaP7K5vNZvP0mgScsqtfkP+HftWW//cpIOgz8v/Qv7rm/w+82AcummYzd9Q1/+OoDwQAzjc5fqDL+/8fZfvfZm8O/GRh/yOe76/wiQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6x+76v8Vs5Y7xyOeLxYjLETEZQ7lHS5XydER8EBF/GhkaScozPW4zAHBc+b/lsvW/rk58Nr7/7HDu9Ui6j4if/er+L5/MNRprf0zq/7VX33ie1Zd60X4A4DC783S6b3sh/2r76fzudpbt+ft3I6LQir+zPRw7e/EHYzDdF2IoIsb+ncvKLbm23MVxbD2LiM936n8uxtMcSGvl0/3xk9iXzzR+/q34+fRca5/8Lj53Am2BfvMiGX/udrr/8nEl3Xe+/wvpCHV82fiXXGp+Jx0D38TfHf8Guox/V44a4+bvv986Gj147lnEFwcjdmPvtI0/u/FzXeJ/dvByHf3lS1/5tNu55q8jrkbn+O2xphrV1an6xub1percYnmxvFIqzc7MTt++cas0leaop7rPBv+4c+2DbueS/o91iV84pP9fP1r34zf/ffjjr74j/je/1il+Pj5+R/xkTvzGEePPjf2u0O1cEn+hS/8P+/tfO2L8l3/dPLBsOADQO/WNzeW5SqW85sDB+T9InrLnoBkdD75zVrGG471+qtn8v2J1GzFOIusGnAd7N31EvO51YwAAAAAAAAAAAAAAgI7O4hNLve4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9f/AgAA//9o9dKA") 2.154797153s ago: executing program 1 (id=9): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) lsm_set_self_attr(0x69, 0x0, 0x20, 0x0) 1.530187095s ago: executing program 2 (id=10): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000840000"], 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20002) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) 1.5299802s ago: executing program 4 (id=5): socket$packet(0x11, 0x3, 0x300) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x1, 0x800001, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00'}, 0x18) move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) 1.522634751s ago: executing program 1 (id=11): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000"], 0x48) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021) read(r0, 0x0, 0x20) close(r0) open(&(0x7f0000000040)='./file0\x00', 0x40, 0x0) 1.357795247s ago: executing program 0 (id=12): sync_file_range(0xffffffffffffffff, 0x2, 0x4d6, 0x2) 849.588412ms ago: executing program 0 (id=13): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000004d00000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xb65822d9e75ce031, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r1, 0x0, 0x9}, 0x18) socket$kcm(0x2, 0x200000000000001, 0x106) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 767.804462ms ago: executing program 1 (id=14): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x64141, 0x0) 739.969093ms ago: executing program 2 (id=15): unshare(0x22020600) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='cgroup\x00') lseek(r2, 0x339, 0x0) 62.146588ms ago: executing program 1 (id=16): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000000)=""/152) 21.902249ms ago: executing program 0 (id=17): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffff0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[], 0x0) 0s ago: executing program 2 (id=18): creat(0x0, 0xecf86c37d53049cc) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4000, 0xffffffff, @mcast2}, {0xa, 0x0, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x800086}, r3}}, 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. [ 170.856625][ T5784] cgroup: Unknown subsys name 'net' [ 170.977957][ T5784] cgroup: Unknown subsys name 'cpuset' [ 170.991894][ T5784] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 176.499377][ T5784] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 182.091040][ T5810] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 182.094706][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 182.099606][ T5810] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 182.108748][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 182.119951][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 182.121976][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 182.129187][ T5810] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 182.140177][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 182.147046][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 182.152409][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 182.159067][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 182.167995][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 182.173768][ T5810] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 182.185293][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 182.195237][ T5810] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 182.206430][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 182.236188][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 182.247518][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 182.261016][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 182.279744][ T5809] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 182.362849][ T5809] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 182.424878][ T5809] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 182.468338][ T5809] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 182.508817][ T5809] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 182.698163][ T5809] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 183.393956][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 183.672720][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 184.259988][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 184.299797][ T5809] Bluetooth: hci0: command tx timeout [ 184.305014][ T5097] Bluetooth: hci1: command tx timeout [ 184.362720][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 184.384571][ T5097] Bluetooth: hci2: command tx timeout [ 184.385107][ T5809] Bluetooth: hci3: command tx timeout [ 184.586409][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.594172][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.603851][ T5802] bridge_slave_0: entered allmulticast mode [ 184.613628][ T5802] bridge_slave_0: entered promiscuous mode [ 184.738329][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.746076][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.754270][ T5802] bridge_slave_1: entered allmulticast mode [ 184.763703][ T5802] bridge_slave_1: entered promiscuous mode [ 184.833969][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 184.879481][ T5809] Bluetooth: hci4: command tx timeout [ 184.951090][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.958704][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.966323][ T5800] bridge_slave_0: entered allmulticast mode [ 184.975523][ T5800] bridge_slave_0: entered promiscuous mode [ 185.059198][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.066688][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.076057][ T5800] bridge_slave_1: entered allmulticast mode [ 185.085308][ T5800] bridge_slave_1: entered promiscuous mode [ 185.106774][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.218683][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.412327][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.492536][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.500211][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.507731][ T5816] bridge_slave_0: entered allmulticast mode [ 185.524141][ T5816] bridge_slave_0: entered promiscuous mode [ 185.543926][ T5802] team0: Port device team_slave_0 added [ 185.551691][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.561109][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.568603][ T5816] bridge_slave_1: entered allmulticast mode [ 185.577905][ T5816] bridge_slave_1: entered promiscuous mode [ 185.594462][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.730579][ T5802] team0: Port device team_slave_1 added [ 185.912304][ T5800] team0: Port device team_slave_0 added [ 185.920880][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.928342][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.936231][ T5808] bridge_slave_0: entered allmulticast mode [ 185.945494][ T5808] bridge_slave_0: entered promiscuous mode [ 185.964397][ T5800] team0: Port device team_slave_1 added [ 186.012294][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.057978][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.065217][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.091474][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.240522][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.248009][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.259143][ T5808] bridge_slave_1: entered allmulticast mode [ 186.268420][ T5808] bridge_slave_1: entered promiscuous mode [ 186.286308][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.336819][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.344254][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.351705][ T5801] bridge_slave_0: entered allmulticast mode [ 186.360195][ T5801] bridge_slave_0: entered promiscuous mode [ 186.373031][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.380317][ T5809] Bluetooth: hci0: command tx timeout [ 186.380334][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.393649][ T5809] Bluetooth: hci1: command tx timeout [ 186.411917][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.434212][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.441496][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.467904][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.467959][ T5809] Bluetooth: hci3: command tx timeout [ 186.469334][ T5809] Bluetooth: hci2: command tx timeout [ 186.550827][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.558319][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.568221][ T5801] bridge_slave_1: entered allmulticast mode [ 186.577475][ T5801] bridge_slave_1: entered promiscuous mode [ 186.597370][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.612906][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.621352][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.648690][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.698286][ T5816] team0: Port device team_slave_0 added [ 186.743410][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.837323][ T5816] team0: Port device team_slave_1 added [ 186.939416][ T5809] Bluetooth: hci4: command tx timeout [ 186.986895][ T5802] hsr_slave_0: entered promiscuous mode [ 186.996745][ T5802] hsr_slave_1: entered promiscuous mode [ 187.052964][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.070300][ T5808] team0: Port device team_slave_0 added [ 187.087238][ T5808] team0: Port device team_slave_1 added [ 187.134575][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.141760][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.167977][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.189688][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.201954][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.210442][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.236981][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.329268][ T5800] hsr_slave_0: entered promiscuous mode [ 187.340099][ T5800] hsr_slave_1: entered promiscuous mode [ 187.348528][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 187.354508][ T5800] Cannot create hsr debugfs directory [ 187.520494][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.527604][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.555067][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.572713][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.580171][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.606442][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.627903][ T5801] team0: Port device team_slave_0 added [ 187.788468][ T5801] team0: Port device team_slave_1 added [ 188.036380][ T5816] hsr_slave_0: entered promiscuous mode [ 188.044919][ T5816] hsr_slave_1: entered promiscuous mode [ 188.052537][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 188.058389][ T5816] Cannot create hsr debugfs directory [ 188.136920][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.144147][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.170384][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.196150][ T5808] hsr_slave_0: entered promiscuous mode [ 188.206169][ T5808] hsr_slave_1: entered promiscuous mode [ 188.214566][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 188.220556][ T5808] Cannot create hsr debugfs directory [ 188.353775][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.361078][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.387532][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.459239][ T5809] Bluetooth: hci1: command tx timeout [ 188.464853][ T5097] Bluetooth: hci0: command tx timeout [ 188.539247][ T5809] Bluetooth: hci2: command tx timeout [ 188.544876][ T5097] Bluetooth: hci3: command tx timeout [ 189.039440][ T5097] Bluetooth: hci4: command tx timeout [ 189.076427][ T5801] hsr_slave_0: entered promiscuous mode [ 189.086268][ T5801] hsr_slave_1: entered promiscuous mode [ 189.094444][ T5801] debugfs: 'hsr0' already exists in 'hsr' [ 189.100353][ T5801] Cannot create hsr debugfs directory [ 189.450330][ T5802] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 189.469892][ T5802] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 189.545018][ T5802] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 189.565491][ T5802] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 189.743367][ T5808] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 189.762397][ T5808] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 189.847317][ T5808] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 189.881418][ T5808] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 190.062227][ T5800] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 190.122804][ T5800] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 190.206272][ T5800] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 190.236687][ T5800] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 190.320499][ T5816] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 190.355247][ T5816] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 190.404598][ T5816] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 190.434765][ T5816] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 190.540374][ T5097] Bluetooth: hci1: command tx timeout [ 190.545982][ T5097] Bluetooth: hci0: command tx timeout [ 190.621128][ T5809] Bluetooth: hci3: command tx timeout [ 190.626712][ T5809] Bluetooth: hci2: command tx timeout [ 190.695433][ T5801] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 190.742617][ T5801] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 190.771221][ T5801] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 190.792531][ T5801] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 191.004352][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.075319][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.107884][ T5809] Bluetooth: hci4: command tx timeout [ 191.291665][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.372616][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.430114][ T4407] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.437608][ T4407] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.505612][ T4407] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.513187][ T4407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.528310][ T4407] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.535877][ T4407] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.597503][ T4407] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.605213][ T4407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.871685][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.995322][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.016017][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.093715][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.196422][ T3705] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.204012][ T3705] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.242645][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.284234][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.326881][ T3705] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.334452][ T3705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.561387][ T3705] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.569070][ T3705] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.587365][ T3705] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.594926][ T3705] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.615381][ T3705] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.622948][ T3705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.638716][ T3705] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.646405][ T3705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.856529][ T5816] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.061246][ T5801] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.072064][ T5801] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.785608][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.071651][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.313448][ T5808] veth0_vlan: entered promiscuous mode [ 194.411445][ T5808] veth1_vlan: entered promiscuous mode [ 194.756372][ T5808] veth0_macvtap: entered promiscuous mode [ 194.810753][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.867973][ T5808] veth1_macvtap: entered promiscuous mode [ 195.017684][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.044850][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.141791][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.219469][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.358663][ T4244] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.421417][ T4244] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.471373][ T4244] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.496480][ T5816] veth0_vlan: entered promiscuous mode [ 195.526071][ T4244] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.637326][ T5801] veth0_vlan: entered promiscuous mode [ 195.658231][ T5816] veth1_vlan: entered promiscuous mode [ 195.725774][ T5801] veth1_vlan: entered promiscuous mode [ 195.775298][ T5800] veth0_vlan: entered promiscuous mode [ 195.965686][ T5800] veth1_vlan: entered promiscuous mode [ 196.025238][ T5816] veth0_macvtap: entered promiscuous mode [ 196.047310][ T5801] veth0_macvtap: entered promiscuous mode [ 196.100207][ T5816] veth1_macvtap: entered promiscuous mode [ 196.197378][ T5801] veth1_macvtap: entered promiscuous mode [ 196.320194][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.382126][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.442306][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.494997][ T3794] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.529930][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.542751][ T5800] veth0_macvtap: entered promiscuous mode [ 196.554850][ T3794] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.574939][ T4591] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.629642][ T4591] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.645235][ T5800] veth1_macvtap: entered promiscuous mode [ 196.692184][ T4591] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.752572][ T4008] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.799740][ T4008] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.808714][ T4008] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.883606][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.004838][ T5802] veth0_vlan: entered promiscuous mode [ 197.027491][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.142079][ T1332] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.161450][ T5802] veth1_vlan: entered promiscuous mode [ 197.199963][ T1332] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.220108][ T1332] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.278181][ T1332] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.496908][ T5802] veth0_macvtap: entered promiscuous mode [ 197.622017][ T5802] veth1_macvtap: entered promiscuous mode [ 197.836237][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.968585][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.079818][ T4960] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.099212][ T4407] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.114412][ T1332] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.157938][ T1332] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.755031][ T4154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.763161][ T4154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.956711][ T4008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.966642][ T4008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.363578][ T5808] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 202.402931][ T4960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.411002][ T4960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.667990][ T4960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.676227][ T4960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.739332][ T4960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.747341][ T4960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.113395][ T4154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.121655][ T4154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.148166][ T3649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.156439][ T3649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.441473][ T3794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.449845][ T3794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.969309][ T30] audit: type=1326 audit(1763021936.500:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.149458][ T30] audit: type=1326 audit(1763021936.550:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.172277][ T30] audit: type=1326 audit(1763021936.550:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.194625][ T30] audit: type=1326 audit(1763021936.550:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.221495][ T30] audit: type=1326 audit(1763021936.580:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.245681][ T30] audit: type=1326 audit(1763021936.630:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.267965][ T30] audit: type=1326 audit(1763021936.630:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.290284][ T30] audit: type=1326 audit(1763021936.650:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.317563][ T30] audit: type=1326 audit(1763021936.650:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.342755][ T30] audit: type=1326 audit(1763021936.670:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.2.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f0d9178f6c9 code=0x7ffc0000 [ 204.673536][ T4154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.681747][ T4154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.750197][ T6003] loop2: detected capacity change from 0 to 512 [ 204.773578][ T6003] EXT4-fs: Ignoring removed oldalloc option [ 204.842063][ T6003] EXT4-fs (loop2): too many log groups per flexible block group [ 204.850918][ T6003] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 204.859843][ T6003] EXT4-fs (loop2): mount failed [ 204.901494][ T3649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.910289][ T3649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.244444][ T6032] ===================================================== [ 207.244638][ T6032] BUG: KMSAN: uninit-value in bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 207.244809][ T6032] bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 207.244970][ T6032] do_xdp_generic+0xd52/0x1690 [ 207.245114][ T6032] tun_get_user+0x45c0/0x6d70 [ 207.245246][ T6032] tun_chr_write_iter+0x3e9/0x5c0 [ 207.245385][ T6032] vfs_write+0xbe2/0x15d0 [ 207.245478][ T6032] __x64_sys_write+0x1fb/0x4d0 [ 207.245576][ T6032] x64_sys_call+0x3014/0x3e30 [ 207.245722][ T6032] do_syscall_64+0xd9/0xfa0 [ 207.245865][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.245984][ T6032] [ 207.246010][ T6032] Uninit was stored to memory at: [ 207.246257][ T6032] pskb_expand_head+0x310/0x1610 [ 207.246417][ T6032] do_xdp_generic+0xa79/0x1690 [ 207.246564][ T6032] tun_get_user+0x45c0/0x6d70 [ 207.246698][ T6032] tun_chr_write_iter+0x3e9/0x5c0 [ 207.246832][ T6032] vfs_write+0xbe2/0x15d0 [ 207.246921][ T6032] __x64_sys_write+0x1fb/0x4d0 [ 207.247019][ T6032] x64_sys_call+0x3014/0x3e30 [ 207.247161][ T6032] do_syscall_64+0xd9/0xfa0 [ 207.247311][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.247430][ T6032] [ 207.247454][ T6032] Uninit was created at: [ 207.247637][ T6032] __kmalloc_node_track_caller_noprof+0xb4b/0x1ba0 [ 207.373480][ T6032] kmalloc_reserve+0x22f/0x4b0 [ 207.378423][ T6032] __alloc_skb+0x347/0x7d0 [ 207.383226][ T6032] alloc_skb_with_frags+0xc5/0xa60 [ 207.388631][ T6032] sock_alloc_send_pskb+0xacc/0xc60 [ 207.388802][ T6032] tun_get_user+0x1142/0x6d70 [ 207.389062][ T6032] tun_chr_write_iter+0x3e9/0x5c0 [ 207.389197][ T6032] vfs_write+0xbe2/0x15d0 [ 207.389295][ T6032] __x64_sys_write+0x1fb/0x4d0 [ 207.389394][ T6032] x64_sys_call+0x3014/0x3e30 [ 207.389540][ T6032] do_syscall_64+0xd9/0xfa0 [ 207.389681][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.389799][ T6032] [ 207.389867][ T6032] CPU: 0 UID: 0 PID: 6032 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) [ 207.389986][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 207.390051][ T6032] ===================================================== [ 207.390088][ T6032] Disabling lock debugging due to kernel taint [ 207.390134][ T6032] Kernel panic - not syncing: kmsan.panic set ... [ 207.390209][ T6032] CPU: 0 UID: 0 PID: 6032 Comm: syz.0.17 Tainted: G B syzkaller #0 PREEMPT(none) [ 207.390355][ T6032] Tainted: [B]=BAD_PAGE [ 207.390396][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 207.390466][ T6032] Call Trace: [ 207.390514][ T6032] [ 207.390553][ T6032] __dump_stack+0x26/0x30 [ 207.390687][ T6032] dump_stack_lvl+0x53/0x270 [ 207.390823][ T6032] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 207.390965][ T6032] dump_stack+0x1e/0x25 [ 207.391089][ T6032] vpanic+0x435/0xd30 [ 207.391240][ T6032] panic+0x15d/0x160 [ 207.391427][ T6032] kmsan_report+0x31c/0x320 [ 207.391550][ T6032] ? __msan_warning+0x1b/0x30 [ 207.391651][ T6032] ? bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 207.391818][ T6032] ? do_xdp_generic+0xd52/0x1690 [ 207.391969][ T6032] ? tun_get_user+0x45c0/0x6d70 [ 207.392104][ T6032] ? tun_chr_write_iter+0x3e9/0x5c0 [ 207.392240][ T6032] ? vfs_write+0xbe2/0x15d0 [ 207.392337][ T6032] ? __x64_sys_write+0x1fb/0x4d0 [ 207.392439][ T6032] ? x64_sys_call+0x3014/0x3e30 [ 207.392583][ T6032] ? do_syscall_64+0xd9/0xfa0 [ 207.392724][ T6032] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.392849][ T6032] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 207.392992][ T6032] ? ___bpf_prog_run+0xea65/0xeba0 [ 207.393137][ T6032] ? kmsan_get_metadata+0xfb/0x160 [ 207.393268][ T6032] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 207.393444][ T6032] ? kmsan_get_metadata+0x150/0x160 [ 207.393571][ T6032] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 207.393748][ T6032] ? kmsan_get_metadata+0xfb/0x160 [ 207.393883][ T6032] __msan_warning+0x1b/0x30 [ 207.393988][ T6032] bpf_prog_run_generic_xdp+0x1a5a/0x2000 [ 207.394222][ T6032] do_xdp_generic+0xd52/0x1690 [ 207.394379][ T6032] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 207.394577][ T6032] ? kmsan_get_metadata+0xfb/0x160 [ 207.394728][ T6032] ? tun_get_user+0x453f/0x6d70 [ 207.394870][ T6032] tun_get_user+0x45c0/0x6d70 [ 207.395016][ T6032] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 207.395155][ T6032] ? stack_depot_save_flags+0x615/0x7b0 [ 207.395288][ T6032] ? kmsan_get_metadata+0xfb/0x160 [ 207.395412][ T6032] ? kmsan_get_metadata+0xfb/0x160 [ 207.395538][ T6032] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 207.395724][ T6032] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 207.395967][ T6032] tun_chr_write_iter+0x3e9/0x5c0 [ 207.396134][ T6032] vfs_write+0xbe2/0x15d0 [ 207.396269][ T6032] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 207.396429][ T6032] __x64_sys_write+0x1fb/0x4d0 [ 207.396559][ T6032] x64_sys_call+0x3014/0x3e30 [ 207.396712][ T6032] do_syscall_64+0xd9/0xfa0 [ 207.396863][ T6032] ? clear_bhb_loop+0x40/0x90 [ 207.396989][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.397111][ T6032] RIP: 0033:0x7fa23698e17f [ 207.397193][ T6032] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 207.397302][ T6032] RSP: 002b:00007fa2377e1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 207.397405][ T6032] RAX: ffffffffffffffda RBX: 00007fa236be5fa0 RCX: 00007fa23698e17f [ 207.397489][ T6032] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 00000000000000c8 [ 207.397561][ T6032] RBP: 00007fa236a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 207.397632][ T6032] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 207.397699][ T6032] R13: 00007fa236be6038 R14: 00007fa236be5fa0 R15: 00007ffc05cc7808 [ 207.397815][ T6032] [ 207.398134][ T6032] Kernel Offset: disabled