last executing test programs: 2m5.063544364s ago: executing program 1 (id=965): syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000004, &(0x7f0000000c00)={[{@jqfmt_vfsold}, {@grpid}, {@debug}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xdf07}}, {@noauto_da_alloc}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@debug}, {@usrjquota}, {@nolazytime}, {@norecovery}]}, 0xfe, 0x477, &(0x7f0000000780)="$eJzs3M1vFOUfAPDvTLctLz9+rYgvIEgVjcSXlpYXOXjRaMJBExM9YDzVtpDKQg2tiRCi1QMeDYl3439hPOnFqBdNvOrdkBDDBdTLmtmZKUvZLVu67QL7+STTPs/M0z7Pd2ae2Wfm2d0AetZI9iOJ+F9E/B4RQ3n25gIj+a/rVy9M/X31wlQStdpbfyX1cteuXpgqi5Z/tzXP1GpFfrBJvRffjZisVmfOFvmxhdMfjM2fO//C7OnJkzMnZ85MHD166OCegSMThzsSZxbXtV0fz+3eeeydS29MHb/03k9JJfK4Y1kcnTKS792mnu50ZV22rSFd37FL9v5yI93sTKCb+iIiO1z99f4/FH2xeWnbULz2WVcbB6yrWq1WW+GqvFgD7mNJdLsFQHcUtwD1+99y2cDhR9ddeTm/Acrivl4s+ZZKpHlib/+y+9tOGomI44v/fJUtsU7PIQAAGn2XjX+ebzb+S+PhPDGQ/fh/MYcyHBEPRMT2iHgwInZExEMR9bKPRMSjq6x/+QzJreOf9PIdB9eGbPz3UjG3dfP4Ly2LDPcVuW31+PuTE7PVmQPFPtkf/YMnZpOZ8RXq+P7V375ota1x/JctWf3lWLBox+XK4Kab/mZ6cmFyTUE3uPJpxK5Ks/iTKKdxkojYGRG77rCO2WcrLbfdPv4VtP63bat9HfFMfvwXY1n8paTl/OT4i0cmDo9tiurMgbHyrLjVz79efLNV/WuKvwOy47+l6fm/FP9wsili/tz5U/X52vnV13Hxj89b3tO0d/4vZY5tK87/geTt+oqBYsNHkwsLZ8cjBpLXb10/ceO/lfmyfBb//n3N+//2uLEnHouI3RGxJyIez24Ki7Y/ERFPRsS+FeL/8ZWn3l99/BszV5rFP3274x+Nx3/1ib5TP3x7+/iza1yr43+ontpfrGnn+tduA9ey7wAAAOBekdbfA5+ko0mlSKfp6Gj+Hv4dsSWtzs0vPHdi7sMz0/l75YejPy2fdA01PA8dL54Nl/mJZfmDxXPjL/s21/OjU3PV6W4HDz1ua9n/l64Fef/P/NnX7dYB664D82jAPUr/h96l/0NvSvR/6Gn6P/SuZv3/k5alR79Z18YAG8rrP/SuNvr/Yv6r9agAuDd5/Yfepf9DT2r52fh0TR/53/DEv8X3Gd4t7bn/E5HeFc24/xOVtr/MYhWJ2lDe/7M1g03LdPvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA///T8uXN") creat(0x0, 0x19f) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r1 = fspick(r0, &(0x7f0000000000)='.\x00', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r2, 0x0, 0xb}, 0x18) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 2m4.881695178s ago: executing program 1 (id=974): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0\x00'}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b40)={r1, &(0x7f0000000a80), 0x0}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4000000010000304000000000000000100000000", @ANYRES32=0x0, @ANYBLOB="3502000081280000180012800e0001007769726567756172640000000400028008000a00fd62124b9b2469cf1fb065a60423dda5cb52c34c708cd55c3e2e6d669734958d47cd3e14d4b1c9534a28e0be1ed91cd44ce3760a97ff4bb5830873d1128a281c8db0b59cb2625c1c06ff713f9cceaa3e03524a4580bd93b15f5fdb301f650ecc54be018b95fca2a515", @ANYRES32, @ANYBLOB], 0x40}, 0x1, 0xba01, 0x0, 0x4000080}, 0x0) 2m4.645549182s ago: executing program 1 (id=982): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x6}, 0x18) socket(0x2, 0x80805, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r4}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0x0, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) 2m4.634525463s ago: executing program 1 (id=985): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2208c08, 0x0) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 2m4.615375913s ago: executing program 1 (id=986): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2400c09d}, 0x20) 2m4.320637559s ago: executing program 1 (id=991): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) 2m4.320475688s ago: executing program 32 (id=991): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) 1m11.577528368s ago: executing program 3 (id=2647): socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x70bd2b, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {}, {0xe, 0x12}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8b5}, 0x0) 1m11.330558892s ago: executing program 3 (id=2652): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x100003c}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1m11.073943287s ago: executing program 3 (id=2656): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) unshare(0x24020400) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x3) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000900)={0x7, 0x5f6, 0x401, 0x0, 0xb}) syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000000)="390000001000111867090707a640400f0021ff3f31000000170a001700000000040037000900030001372564b758b9a64411f6bb744dc48f57", 0x39}], 0x1) 1m10.93721351s ago: executing program 3 (id=2659): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x206d0d1, 0x0) umount2(&(0x7f0000000080)='./file0/file0\x00', 0x1) umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x0) 1m10.936759s ago: executing program 3 (id=2660): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) 1m9.308622201s ago: executing program 3 (id=2707): r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000540)='\x00', &(0x7f0000000740)='M', 0x1) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x101}, 0x18) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='syzkaller\x00', &(0x7f0000001140)='\xf1\x95\xb3>-\x8c\xd4\r\x01\xfa\xe2{eED\x0e\xaaPV\x11\xff\xb6j\xd4~6\x82^\x9b b', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000002c0)='\x04\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000940)="ad", 0x1) close(r0) 1m9.293531702s ago: executing program 33 (id=2707): r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000540)='\x00', &(0x7f0000000740)='M', 0x1) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x101}, 0x18) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='syzkaller\x00', &(0x7f0000001140)='\xf1\x95\xb3>-\x8c\xd4\r\x01\xfa\xe2{eED\x0e\xaaPV\x11\xff\xb6j\xd4~6\x82^\x9b b', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000002c0)='\x04\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000940)="ad", 0x1) close(r0) 43.627268888s ago: executing program 6 (id=3435): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000100000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4) r2 = dup2(r1, r1) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8}) 43.624256028s ago: executing program 6 (id=3438): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x3, 0x3b, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_local\x00', r2, 0x0, 0x80000001}, 0x18) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 43.574610819s ago: executing program 6 (id=3440): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x14) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) 43.574248399s ago: executing program 6 (id=3442): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x20c006, &(0x7f0000000480)={[{@debug}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@discard}, {@grpquota}], [{@seclabel}]}, 0x1, 0x446, &(0x7f0000000d40)="$eJzs28tvG8UfAPDv2kn6/P1qqvLoAwgURMQjadJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSd8QRib+AE1wQcELiCndUqUK5tMDFaOPdxHbttA5ONtSfj7TJzO44M1/vjj07kw2gbw2nP5KIvRHxa0Tsq2ebCwzXf91cXpz6c3lxKola7Y0/kpVyN5YXp/Ki+ev25JmBiNInSRxuU+/8pcvnJqvVmYtZfmzh/Ltj85cuPzN7fvLszNmZCxOnTp04Pv7cyYlnexJnGteNQx/MHTn4yltXX5s6ffXtH79O8vhb4uiR4fUOPl6r9bi6Yv2vIZ0MFNgQulKud9MYXOn/+6IcaydvX7z8caGNAzZVrVar3df58FINuIslUXQLgGLkX/Tp/W++bdHQY1u4/kL9BiiN+2a21Y8MRCkrM9hyf9tLwxFxeumvL9ItNmceAgCgybfp+OfpbPzXtPBTisZ5of9nayiViLgnIvZHxMmIOBAR90aslL0/Ih7osv7WRZJbxz+la13+ya6k47/ns7Wt5vFfPvqLSjni73y4XInB5MxsdeZY9p6MxOCOND++Th3fvfTLZ52ONY7/0i2tPx8LZu24NrCj+TXTkwuT/ybmRtc/ijg00C7+ZHUlIL0sDkbEoQ3WMfvkV0c6Hbt9/M2GGjM9WGeqfRnxRP38L0VL/Llk/fXJsZ1RnTk2ll8Vt/rp5yuvd6q/2/h7LT3/u9te/6vxV5LG9dr57uu48tunHe9pNnr9DyVvNu17f3Jh4eJ4xFDyar3RjfsnWspNrJVP4x852r7/74+1d+JwRKQX8YMR8VBEPJy1/ZGIeDQijq4T/w8vPvZO856ki/g3Vxr/dFfnfy0xFK172ifK577/pqnSSnQRf3r+T6ykRrI9d/L5dyft2tjVDAAAAP89pYjYG0lpdDVdKo2O1v+H/0DsLlXn5heeOjP33oXp+jMClRgs5TNd9fng+nzoeHZbn+cnWvLHs3njz8u7VvKjU3PV6aKDhz63p0P/T/1eLrp1wKbzvBb0L/0f+pf+D/1L/4f+1ab/7yqiHcDWa/f9/2EB7QC2Xkv/t+wHfcT9P/Qv/R/6l/4PfWl+V9z+Ifntmti5PZrRn4koFVd7PkNV+JtwFycK/mACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADokX8CAAD//2Ts5lU=") syz_clone3(&(0x7f0000000780)={0x1c3002480, 0x0, 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0xb}, 0x18) unshare(0xa000200) semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x40, 0x1800}], 0x1, 0x0) unshare(0x20060400) 43.382647372s ago: executing program 6 (id=3447): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000009180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01d90000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffffffffff130012800b00010062617461647600000400028008000a00", @ANYRES32=r2], 0x3c}}, 0x0) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 42.809394233s ago: executing program 6 (id=3458): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x71, 0x5, 0xc, 0x8, 0x0, 0x1f, 0x4204, 0x8, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0x1}, 0xb07, 0x3, 0x8, 0x1, 0x7f, 0x8802, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_clone(0xae12e400, 0x0, 0x0, 0x0, 0x0, 0x0) 42.789615504s ago: executing program 34 (id=3458): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x71, 0x5, 0xc, 0x8, 0x0, 0x1f, 0x4204, 0x8, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0x1}, 0xb07, 0x3, 0x8, 0x1, 0x7f, 0x8802, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_clone(0xae12e400, 0x0, 0x0, 0x0, 0x0, 0x0) 1.087953309s ago: executing program 0 (id=4700): syz_read_part_table(0x5c3, &(0x7f00000005c0)="$eJzs2z9I22kYB/A31lBohw7XqVPbocPRpaVjM7QlSVsqhKiL3KCgiJgpghC5gKAHmkExgzi6iJDFP5Mxg5Oi4Czi4CE4uNyhi+BiDvG97e7wUI8rfD7w48n75vu+T54h4y/wXWsJvzebzUQIofnwrxPNfzjdWUtnvjzPfch3xMvCfPWXH64+Jv48HW99GdeHcb0w/6gxefY5WTtoP3/VvVlpid+PxufxYr3zDsbjni2ltp6MjRezU6XUwH62fDyxt9u2fJrO179Vqitfk596Y2471tZYh0IpjITB0BMKoRD6QvGO+s/Vjt5cPsvW1vrfX2Qa0xtvYy53yzlv2n/4xUxXtfzx9erT2Xel9Z38yYPrXOFv/l0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy/LKW2noyNF7NTpdTAfrZ8PLG327Z8ms7Xv1WqK1+Tn3pjbjvW1liHQimMhMHQEwohEfpC8Y76z9WO3lw+y9bW+t9fZBrTG29jLnfLOW/af/jFTFe1/PH16tPZd6X1nfzJg+tc4eE9/QAAAAAAAAAAAAAAAAAAAAAIIaQzX57nPuQ7QkiEn0Jr+PG3n1uu9pvxffdEzL2M9TDuL8w/akyefU7WDtrPX3VvVn6N+6PxebxY7/zPh+Ff+yMAAP//17OV3g==") bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x0, 0x400, 0xb7, 0xc20022, r4}) sendto$packet(r3, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x9, r4, 0x1, 0xd, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) 1.014145481s ago: executing program 0 (id=4704): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x1e09aa98}], 0x1}, 0x1f00) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x40000000) 922.818523ms ago: executing program 5 (id=4710): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00') r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) write$tun(r0, &(0x7f0000001240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x2c, 0x66, 0x0, 0x40, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x4e20, 0x4e21, 0x18, 0x0, @wg=@data={0x4, 0x2, 0x8}}}}, 0x3a) 896.155613ms ago: executing program 4 (id=4711): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x6, 0x8, 0x8, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='percpu_create_chunk\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffa}, 0x50) 854.968494ms ago: executing program 5 (id=4713): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) shutdown(r3, 0x0) 779.650196ms ago: executing program 4 (id=4716): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x101}, 0x18) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x3e, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000003e000701fcf7fffffedbdf25017c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 778.925706ms ago: executing program 5 (id=4717): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x7, 0x4, 0x80, 0xe, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) recvmsg$unix(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 778.087196ms ago: executing program 4 (id=4719): socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) socket$vsock_stream(0x28, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x4, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 758.713236ms ago: executing program 2 (id=4721): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x52, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000000)) 741.449326ms ago: executing program 2 (id=4722): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x7}, 0x18) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f}) r1 = syz_io_uring_setup(0x17dc, &(0x7f0000000240)={0x0, 0x5bc4, 0x100, 0x80000ffc, 0x5cc}, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1}) io_uring_enter(r1, 0x3035, 0x100004, 0x20, 0x0, 0x0) 716.143106ms ago: executing program 7 (id=4723): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) 715.783916ms ago: executing program 4 (id=4724): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x800) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newqdisc={0x4c, 0x24, 0xe0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xfff3, 0xd064db0e491fa98f}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x842}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x3}]}}]}, 0x4c}}, 0x4044080) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 682.043607ms ago: executing program 7 (id=4725): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x6, 0x0, 0x6, 0x691}, 0x10) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x0, 0x7a}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x6, 0x171}, 0x8) 681.631937ms ago: executing program 5 (id=4726): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x84d03, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2}}, 0x26) close_range(r2, 0xffffffffffffffff, 0x0) 665.096538ms ago: executing program 7 (id=4727): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0xfffffffffffff001}, 0x18) r4 = fsmount(r1, 0x0, 0x0) fchdir(r4) open(&(0x7f00000003c0)='.\x00', 0x800, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 648.199138ms ago: executing program 5 (id=4728): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xa, 0x4, 0xc, 0xb}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast}) 648.025728ms ago: executing program 4 (id=4729): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00', 0x800}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x80400, 0x0) ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f00000002c0)={'bond0\x00', 0x4000}) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432}) 609.577988ms ago: executing program 5 (id=4730): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x99, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2aa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb3ff, 0x0, @perf_config_ext={0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 609.424099ms ago: executing program 7 (id=4731): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) 609.337328ms ago: executing program 4 (id=4732): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1b0) fcntl$setlease(r2, 0x400, 0x1) r3 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0) write$binfmt_script(r3, &(0x7f0000000340)={'#! ', './file0'}, 0xb) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 577.179199ms ago: executing program 7 (id=4733): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4}, 0x10) sendmsg$tipc(r4, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x0, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8811}, 0x8054) 577.007829ms ago: executing program 2 (id=4734): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) mmap(&(0x7f0000167000/0x1000)=nil, 0x1000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x6000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r3}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a0b0400000000000000000200000034000480200001800e000100636f6e6e6c696d69740000000c000280080001400000000010000180090001006c617374000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x88}}, 0x0) close(r0) 576.715319ms ago: executing program 7 (id=4735): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000a40)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf5", 0x2) sendfile(r1, r0, 0x0, 0x3ffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) sendfile(r1, r0, 0x0, 0x7fffeffd) 518.753001ms ago: executing program 2 (id=4736): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2(0x0, 0x80000) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x8000000000004}, 0x18) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00') writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x178}, 0x18) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 463.777141ms ago: executing program 2 (id=4737): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 463.584311ms ago: executing program 2 (id=4738): openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r0 = gettid() ptrace$setregset(0x4205, 0xffffffffffffffff, 0x4, &(0x7f0000000400)={&(0x7f0000000680)="5bbf0ae3184dfad29921277905263568ea763505fb3f4654f0bf15d71f1f27e6b7e2d5b3890fe83bf8de826c819529dd5d7af602e673e27f81cea6d9a2ca3556a27e45c6036804f61d5e8ea8a4453828d8d6b8244db4767abc97806f6be4eb437710b5a1eacfe23d8e3243dfe4252a909177892c73ea451314e6d22be9956b50e2a84fc7aa7832b7b8953b350dceeddc31305018771aae63b1bca96d969507a00e6fb473d08b1f229423808843d3250b58d8ef7b6f45f3eb64d53bff5a23192fa8ffd65c7f32d6d2d169f4ecfdc379e2d5b9b9dd42a82a494084a2ceab979071658a064157dca16359fb1a6ac1642f0026dbe3935f160649cdb0cfdc9b9846", 0xff}) r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = timerfd_create(0x0, 0x0) readv(r2, &(0x7f0000000380)=[{&(0x7f0000000d00)=""/161, 0xa1}], 0x1) 136.413438ms ago: executing program 0 (id=4739): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r2, 0x0, 0x8000002}, 0x18) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x13}]}}, 0x0, 0x26}, 0x20) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r3, 0x1, 0x1}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xd, 0x4, 0x4, 0xffffffff, 0x0, r4, 0x7, '\x00', 0x0, r3, 0x0, 0x3}, 0x50) 121.878218ms ago: executing program 0 (id=4740): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x84d03, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2}}, 0x26) close_range(r2, 0xffffffffffffffff, 0x0) 103.735838ms ago: executing program 0 (id=4741): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x6, 0x4) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 0s ago: executing program 0 (id=4742): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x18) r5 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) kernel console output (not intermixed with test programs): _u:object_r:cgroup_t tclass=filesystem permissive=1 [ 109.845311][ T9951] SELinux: failed to load policy [ 109.884593][ T29] audit: type=1400 audit(112.968:4465): avc: denied { load_policy } for pid=9950 comm="syz.3.2567" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 110.156064][ T29] audit: type=1400 audit(113.293:4466): avc: denied { connect } for pid=9961 comm="syz.0.2573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 110.175958][ T9962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2573'. [ 110.456968][ T9973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2578'. [ 110.466241][ T9973] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2578'. [ 110.475213][ T9973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2578'. [ 110.494500][ T9973] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2578'. [ 110.503738][ T9973] netlink: 'syz.2.2578': attribute type 6 has an invalid length. [ 110.566879][ T9981] tipc: Enabling of bearer rejected, failed to enable media [ 110.627695][ T9992] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2587'. [ 110.698687][ T9999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9999 comm=syz.5.2590 [ 110.822682][T10008] loop4: detected capacity change from 0 to 512 [ 110.850644][T10008] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.883035][ T29] audit: type=1400 audit(114.060:4467): avc: denied { write } for pid=10006 comm="syz.4.2593" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 110.936050][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.020666][T10021] ref_ctr_offset mismatch. inode: 0x696 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 111.221209][ T29] audit: type=1326 audit(114.406:4468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10047 comm="syz.0.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 111.244584][ T29] audit: type=1326 audit(114.406:4469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10047 comm="syz.0.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 111.267663][ T29] audit: type=1326 audit(114.406:4470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10047 comm="syz.0.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 112.039220][T10097] netlink: 'syz.3.2629': attribute type 10 has an invalid length. [ 112.179959][T10104] loop0: detected capacity change from 0 to 8192 [ 112.219326][T10104] loop0: p1 p2 p3 p4 [ 112.224213][T10104] loop0: p2 start 151000334 is beyond EOD, truncated [ 112.231095][T10104] loop0: p3 start 331777 is beyond EOD, truncated [ 112.237524][T10104] loop0: p4 size 263168 extends beyond EOD, truncated [ 112.689038][T10139] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2647'. [ 112.717542][T10139] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.724772][T10139] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.816705][T10139] veth5: left promiscuous mode [ 112.830265][T10141] loop0: detected capacity change from 0 to 164 [ 112.849080][T10141] rock: directory entry would overflow storage [ 112.855440][T10141] rock: sig=0x66, size=4, remaining=3 [ 112.861840][ T2743] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.879906][ T2743] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.893353][T10145] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2650'. [ 112.912702][ T2743] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.932244][ T2743] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.217480][T10156] 0·: renamed from hsr0 [ 113.230452][T10156] 0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 113.240876][T10156] 0·: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 113.251838][T10156] 0·: entered allmulticast mode [ 113.256757][T10156] hsr_slave_0: entered allmulticast mode [ 113.262498][T10156] hsr_slave_1: entered allmulticast mode [ 113.269112][T10156] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 113.290166][T10163] team2: entered promiscuous mode [ 113.295222][T10163] team2: entered allmulticast mode [ 113.510972][T10177] loop0: detected capacity change from 0 to 512 [ 113.518851][T10177] EXT4-fs: Ignoring removed oldalloc option [ 113.543652][T10182] veth0: entered promiscuous mode [ 113.550118][T10182] __nla_validate_parse: 2 callbacks suppressed [ 113.550135][T10182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2668'. [ 113.695455][T10196] syzkaller0: refused to change device tx_queue_len [ 113.788210][T10199] loop0: detected capacity change from 0 to 2048 [ 113.799456][T10199] EXT4-fs: inline encryption not supported [ 113.862973][T10206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2679'. [ 113.921026][T10206] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.661198][ T29] kauditd_printk_skb: 419 callbacks suppressed [ 114.661215][ T29] audit: type=1326 audit(118.017:4890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.690385][ T29] audit: type=1326 audit(118.017:4891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.713355][ T29] audit: type=1326 audit(118.017:4892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.736491][ T29] audit: type=1326 audit(118.017:4893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.759370][ T29] audit: type=1326 audit(118.017:4894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.782413][ T29] audit: type=1326 audit(118.017:4895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.805263][ T29] audit: type=1326 audit(118.017:4896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.828355][ T29] audit: type=1326 audit(118.017:4897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.851320][ T29] audit: type=1326 audit(118.017:4898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 114.874196][ T29] audit: type=1326 audit(118.017:4899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10260 comm="syz.5.2701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 115.053039][ T2248] bridge_slave_1: left allmulticast mode [ 115.058822][ T2248] bridge_slave_1: left promiscuous mode [ 115.065068][ T2248] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.072944][ T2248] bridge_slave_0: left allmulticast mode [ 115.078679][ T2248] bridge_slave_0: left promiscuous mode [ 115.084386][ T2248] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.127856][ T2248] bridge0 (unregistering): left allmulticast mode [ 115.250457][ T2248] bond0 (unregistering): (slave ªªªªªª): Releasing backup interface [ 115.268328][ T2248] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.278157][ T2248] bond0 (unregistering): (slave team0): Releasing backup interface [ 115.288328][ T2248] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 115.308744][ T2248] bond0 (unregistering): Released all slaves [ 115.324551][ T2248] bond1 (unregistering): (slave veth5): Releasing backup interface [ 115.333313][ T2248] bond1 (unregistering): Released all slaves [ 115.393542][ T2248] tipc: Disabling bearer [ 115.398798][ T2248] tipc: Left network mode [ 115.431288][ T2248] hsr_slave_0: left promiscuous mode [ 115.440529][ T2248] hsr_slave_1: left promiscuous mode [ 115.455565][ T2248] pim6reg (unregistering): left allmulticast mode [ 115.502693][ T2248] team0 (unregistering): Port device team_slave_1 removed [ 115.513208][ T2248] team0 (unregistering): Port device team_slave_0 removed [ 115.563392][T10301] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.668171][T10301] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.744938][T10282] chnl_net:caif_netlink_parms(): no params data found [ 115.774433][T10305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2715'. [ 115.796171][T10301] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.847775][T10305] team2: entered promiscuous mode [ 115.852912][T10305] team2: entered allmulticast mode [ 115.912639][T10301] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.984375][T10317] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2720'. [ 116.008527][ T2248] IPVS: stop unused estimator thread 0... [ 116.164463][T10324] netlink: zone id is out of range [ 116.179191][T10324] netlink: zone id is out of range [ 116.184470][T10324] netlink: zone id is out of range [ 116.306639][T10317] veth3: left promiscuous mode [ 116.350051][T10317] team1: left promiscuous mode [ 116.354978][T10317] team1: left allmulticast mode [ 116.410619][T10317] team2: left promiscuous mode [ 116.415417][T10317] team2: left allmulticast mode [ 116.431327][T10282] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.438578][T10282] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.457995][T10282] bridge_slave_0: entered allmulticast mode [ 116.475772][T10282] bridge_slave_0: entered promiscuous mode [ 116.486349][T10282] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.493610][T10282] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.511125][T10282] bridge_slave_1: entered allmulticast mode [ 116.525195][T10282] bridge_slave_1: entered promiscuous mode [ 116.540269][ T165] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.573886][T10282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.594959][ T165] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.604810][T10282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.614012][ T165] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.649063][T10282] team0: Port device team_slave_0 added [ 116.663921][ T165] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.673420][T10282] team0: Port device team_slave_1 added [ 116.716421][T10282] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.723430][T10282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.749682][T10282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.800460][T10348] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2732'. [ 116.819760][T10348] netem: change failed [ 116.824309][T10282] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.831287][T10282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.857315][T10282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.984513][T10282] hsr_slave_0: entered promiscuous mode [ 116.990594][T10282] hsr_slave_1: entered promiscuous mode [ 116.996668][T10282] debugfs: 'hsr0' already exists in 'hsr' [ 117.002420][T10282] Cannot create hsr debugfs directory [ 117.011754][T10366] wg2: entered promiscuous mode [ 117.016633][T10366] wg2: entered allmulticast mode [ 117.098000][T10370] netlink: 'syz.5.2744': attribute type 10 has an invalid length. [ 117.123656][T10370] bridge0: port 3(dummy0) entered disabled state [ 117.151011][T10370] dummy0: left allmulticast mode [ 117.168370][T10373] netlink: 'syz.5.2744': attribute type 10 has an invalid length. [ 117.176457][T10370] dummy0: left promiscuous mode [ 117.181466][T10370] bridge0: port 3(dummy0) entered disabled state [ 117.199211][T10370] team0: Port device dummy0 added [ 117.247051][T10373] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 117.262342][T10373] team0: Failed to send options change via netlink (err -105) [ 117.275998][T10373] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 117.285230][T10373] team0: Port device dummy0 removed [ 117.292747][T10373] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 117.350395][T10282] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 117.359730][T10282] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 117.368595][T10282] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 117.377494][T10282] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 117.443099][T10391] loop4: detected capacity change from 0 to 512 [ 117.469225][T10282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.491223][T10391] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.506260][T10282] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.554460][ T2248] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.561706][ T2248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.572715][T10391] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 117.581400][ T2248] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.588520][ T2248] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.607728][T10282] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 117.618161][T10282] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 117.628957][T10404] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.2754'. [ 117.638260][T10404] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2754'. [ 117.647714][T10403] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.708341][T10282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.824912][T10433] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2763'. [ 117.890453][T10282] veth0_vlan: entered promiscuous mode [ 117.900085][T10442] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.912424][T10282] veth1_vlan: entered promiscuous mode [ 117.927117][T10282] veth0_macvtap: entered promiscuous mode [ 117.934392][T10282] veth1_macvtap: entered promiscuous mode [ 117.941600][T10442] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.962719][T10282] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.975328][T10282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.986392][ T31] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.003363][T10450] netlink: 'syz.2.2770': attribute type 13 has an invalid length. [ 118.004507][T10442] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.026418][ T31] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.061747][ T31] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.074834][T10442] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.104607][ T31] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.478575][T10470] loop0: detected capacity change from 0 to 1024 [ 118.514867][T10478] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 118.528749][T10477] wireguard0: entered promiscuous mode [ 118.534267][T10477] wireguard0: entered allmulticast mode [ 118.635521][T10486] loop0: detected capacity change from 0 to 512 [ 118.731919][T10494] can0: slcan on ttyS3. [ 118.801834][T10493] can0 (unregistered): slcan off ttyS3. [ 118.860408][T10504] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2792'. [ 119.215666][T10536] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2805'. [ 119.224705][T10536] netlink: 21 bytes leftover after parsing attributes in process `syz.2.2805'. [ 119.234217][T10536] netlink: 'syz.2.2805': attribute type 2 has an invalid length. [ 119.241984][T10536] netlink: 21 bytes leftover after parsing attributes in process `syz.2.2805'. [ 119.345924][T10545] netlink: 'syz.0.2810': attribute type 1 has an invalid length. [ 119.361023][T10545] 8021q: adding VLAN 0 to HW filter on device bond3 [ 119.385512][T10545] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2810'. [ 119.403842][T10545] bond3 (unregistering): Released all slaves [ 119.504272][T10567] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2819'. [ 119.531383][ T29] kauditd_printk_skb: 189 callbacks suppressed [ 119.531398][ T29] audit: type=1326 audit(123.130:5089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.561155][ T29] audit: type=1326 audit(123.130:5090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.584109][ T29] audit: type=1326 audit(123.130:5091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.606796][ T29] audit: type=1326 audit(123.130:5092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.629939][ T29] audit: type=1326 audit(123.130:5093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.653540][ T29] audit: type=1326 audit(123.130:5094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.676613][ T29] audit: type=1326 audit(123.130:5095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.699521][ T29] audit: type=1326 audit(123.151:5096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.722510][ T29] audit: type=1326 audit(123.151:5097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.745544][ T29] audit: type=1326 audit(123.151:5098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10570 comm="syz.2.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 119.774341][T10577] lo speed is unknown, defaulting to 1000 [ 119.780115][T10577] lo speed is unknown, defaulting to 1000 [ 119.786089][T10577] lo speed is unknown, defaulting to 1000 [ 119.793997][T10577] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 119.806112][T10577] lo speed is unknown, defaulting to 1000 [ 119.812601][T10577] lo speed is unknown, defaulting to 1000 [ 119.818621][T10577] lo speed is unknown, defaulting to 1000 [ 119.824855][T10577] lo speed is unknown, defaulting to 1000 [ 119.830939][T10577] lo speed is unknown, defaulting to 1000 [ 119.958833][T10585] loop6: detected capacity change from 0 to 1764 [ 120.068436][T10595] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.331790][ T2248] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.360172][ T2248] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.380587][ T2248] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.395202][ T2248] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.758017][T10622] netlink: 404 bytes leftover after parsing attributes in process `syz.0.2843'. [ 120.848219][T10628] bridge_slave_1: entered promiscuous mode [ 121.045933][T10644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2854'. [ 121.084901][T10650] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2856'. [ 121.399472][T10685] netlink: 360 bytes leftover after parsing attributes in process `syz.4.2870'. [ 121.583236][T10595] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.708020][T10595] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.771662][T10699] tipc: Enabling of bearer rejected, failed to enable media [ 121.911555][T10694] Set syz1 is full, maxelem 65536 reached [ 121.932397][T10595] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.005776][ T41] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.026455][ T41] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.046728][ T41] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.056781][ T41] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.178918][T10717] netlink: 'syz.2.2885': attribute type 1 has an invalid length. [ 122.237554][T10717] 8021q: adding VLAN 0 to HW filter on device bond2 [ 122.291483][T10724] netlink: 'syz.6.2887': attribute type 2 has an invalid length. [ 122.299270][T10724] netlink: 'syz.6.2887': attribute type 1 has an invalid length. [ 122.340560][T10717] bond2 (unregistering): Released all slaves [ 122.481159][T10739] veth0_vlan: entered allmulticast mode [ 122.507232][T10739] ÿÿÿÿÿÿ: renamed from vlan1 [ 123.177616][T10807] netlink: 'syz.4.2925': attribute type 1 has an invalid length. [ 123.211103][T10807] 8021q: adding VLAN 0 to HW filter on device bond4 [ 123.231330][T10807] bond4 (unregistering): Released all slaves [ 123.641236][T10835] __nla_validate_parse: 7 callbacks suppressed [ 123.641253][T10835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2938'. [ 123.677418][T10835] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2938'. [ 123.822545][T10846] loop6: detected capacity change from 0 to 1024 [ 123.843500][T10846] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.891274][T10846] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4183: comm syz.6.2943: Allocating blocks 449-513 which overlap fs metadata [ 123.940794][T10846] EXT4-fs (loop6): pa ffff8881072a8460: logic 48, phys. 177, len 21 [ 123.948915][T10846] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 124.022235][T10282] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.116572][T10885] syzkaller0: entered allmulticast mode [ 124.123703][T10885] syzkaller0: entered promiscuous mode [ 124.140979][T10885] syzkaller0 (unregistering): left allmulticast mode [ 124.147947][T10885] syzkaller0 (unregistering): left promiscuous mode [ 124.204152][T10892] netlink: 240 bytes leftover after parsing attributes in process `syz.6.2954'. [ 124.366340][ T29] kauditd_printk_skb: 494 callbacks suppressed [ 124.366403][ T29] audit: type=1326 audit(128.211:5593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.421444][ T29] audit: type=1326 audit(128.242:5594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.445547][ T29] audit: type=1326 audit(128.242:5595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.468493][ T29] audit: type=1326 audit(128.242:5596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.491626][ T29] audit: type=1326 audit(128.242:5597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.514623][ T29] audit: type=1326 audit(128.242:5598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.537621][ T29] audit: type=1326 audit(128.242:5599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.560575][ T29] audit: type=1326 audit(128.242:5600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.583484][ T29] audit: type=1326 audit(128.242:5601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.606480][ T29] audit: type=1326 audit(128.242:5602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10901 comm="syz.6.2966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 124.630781][T10913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2970'. [ 124.640847][T10913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2970'. [ 124.650879][T10908] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2968'. [ 124.660048][T10908] bridge_slave_1: left allmulticast mode [ 124.665689][T10908] bridge_slave_1: left promiscuous mode [ 124.671421][T10908] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.690574][T10908] bridge_slave_0: left allmulticast mode [ 124.696235][T10908] bridge_slave_0: left promiscuous mode [ 124.701957][T10908] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.798161][T10925] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2975'. [ 125.300692][T10969] syz.2.2995: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 125.315445][T10969] CPU: 1 UID: 0 PID: 10969 Comm: syz.2.2995 Not tainted syzkaller #0 PREEMPT(voluntary) [ 125.315476][T10969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 125.315488][T10969] Call Trace: [ 125.315494][T10969] [ 125.315500][T10969] __dump_stack+0x1d/0x30 [ 125.315527][T10969] dump_stack_lvl+0xe8/0x140 [ 125.315545][T10969] dump_stack+0x15/0x1b [ 125.315690][T10969] warn_alloc+0x12b/0x1a0 [ 125.315766][T10969] __vmalloc_node_range_noprof+0x9c/0xe00 [ 125.315836][T10969] ? __futex_wait+0x1ff/0x260 [ 125.315865][T10969] ? __pfx_futex_wake_mark+0x10/0x10 [ 125.315947][T10969] ? __rcu_read_unlock+0x4f/0x70 [ 125.315966][T10969] ? avc_has_perm_noaudit+0x1b1/0x200 [ 125.316093][T10969] ? should_fail_ex+0x30/0x280 [ 125.316159][T10969] ? xskq_create+0x36/0xe0 [ 125.316190][T10969] vmalloc_user_noprof+0x7d/0xb0 [ 125.316282][T10969] ? xskq_create+0x80/0xe0 [ 125.316310][T10969] xskq_create+0x80/0xe0 [ 125.316398][T10969] xsk_init_queue+0x95/0xf0 [ 125.316426][T10969] xsk_setsockopt+0x477/0x640 [ 125.316454][T10969] ? __pfx_xsk_setsockopt+0x10/0x10 [ 125.316508][T10969] __sys_setsockopt+0x181/0x200 [ 125.316530][T10969] __x64_sys_setsockopt+0x64/0x80 [ 125.316550][T10969] x64_sys_call+0x20ec/0x2ff0 [ 125.316569][T10969] do_syscall_64+0xd2/0x200 [ 125.316650][T10969] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 125.316674][T10969] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 125.316703][T10969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.316792][T10969] RIP: 0033:0x7f2eaf23ebe9 [ 125.316880][T10969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.316896][T10969] RSP: 002b:00007f2eadc9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 125.316914][T10969] RAX: ffffffffffffffda RBX: 00007f2eaf475fa0 RCX: 00007f2eaf23ebe9 [ 125.316925][T10969] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000007 [ 125.316936][T10969] RBP: 00007f2eaf2c1e19 R08: 0000000000000004 R09: 0000000000000000 [ 125.316947][T10969] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 125.316958][T10969] R13: 00007f2eaf476038 R14: 00007f2eaf475fa0 R15: 00007ffee4b6e8a8 [ 125.316977][T10969] [ 125.536038][T10969] Mem-Info: [ 125.539136][T10969] active_anon:6092 inactive_anon:15 isolated_anon:0 [ 125.539136][T10969] active_file:25306 inactive_file:2428 isolated_file:0 [ 125.539136][T10969] unevictable:11 dirty:335 writeback:0 [ 125.539136][T10969] slab_reclaimable:3440 slab_unreclaimable:52193 [ 125.539136][T10969] mapped:28977 shmem:2320 pagetables:1172 [ 125.539136][T10969] sec_pagetables:0 bounce:0 [ 125.539136][T10969] kernel_misc_reclaimable:0 [ 125.539136][T10969] free:1806938 free_pcp:30962 free_cma:0 [ 125.584729][T10969] Node 0 active_anon:24368kB inactive_anon:60kB active_file:101224kB inactive_file:9712kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:115908kB dirty:1340kB writeback:0kB shmem:9280kB kernel_stack:3408kB pagetables:4688kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 125.612413][T10969] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 125.641142][T10969] lowmem_reserve[]: 0 2883 7862 7862 [ 125.646474][T10969] Node 0 DMA32 free:2949292kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952824kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB [ 125.676612][T10969] lowmem_reserve[]: 0 0 4978 4978 [ 125.681676][T10969] Node 0 Normal free:4263100kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24344kB inactive_anon:60kB active_file:101224kB inactive_file:9712kB unevictable:44kB writepending:1340kB present:5242880kB managed:5098240kB mlocked:44kB bounce:0kB free_pcp:120316kB local_pcp:67548kB free_cma:0kB [ 125.714187][T10969] lowmem_reserve[]: 0 0 0 0 [ 125.718729][T10969] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 125.731511][T10969] Node 0 DMA32: 3*4kB (M) 4*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949292kB [ 125.747713][T10969] Node 0 Normal: 71*4kB (UM) 26*8kB (UME) 292*16kB (UME) 223*32kB (ME) 99*64kB (UME) 20*128kB (UME) 8*256kB (UE) 17*512kB (UE) 90*1024kB (UM) 71*2048kB (UM) 975*4096kB (UM) = 4263116kB [ 125.766338][T10969] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 125.775670][T10969] 30056 total pagecache pages [ 125.780401][T10969] 15 pages in swap cache [ 125.784663][T10969] Free swap = 124936kB [ 125.788907][T10969] Total swap = 124996kB [ 125.793063][T10969] 2097051 pages RAM [ 125.796909][T10969] 0 pages HighMem/MovableOnly [ 125.801748][T10969] 80445 pages reserved [ 125.826704][T10971] tmpfs: Unsupported parameter 'huge' [ 125.852854][T10973] netlink: 'syz.2.2997': attribute type 1 has an invalid length. [ 125.881270][T10973] 8021q: adding VLAN 0 to HW filter on device bond2 [ 125.907807][T10973] 8021q: adding VLAN 0 to HW filter on device bond2 [ 125.915332][T10973] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 125.927837][T10973] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 126.000065][T10981] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3000'. [ 126.078270][T10991] bridge3: entered allmulticast mode [ 126.335205][T11023] lo speed is unknown, defaulting to 1000 [ 126.907199][T11063] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3031'. [ 126.916888][T11063] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3031'. [ 126.946298][T11065] loop6: detected capacity change from 0 to 512 [ 126.953007][T11065] EXT4-fs: Ignoring removed nomblk_io_submit option [ 126.959962][T11065] EXT4-fs: Ignoring removed nomblk_io_submit option [ 126.967123][T11065] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 126.976646][T11065] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2 [ 126.985493][T11065] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -2 [ 126.994055][T11065] EXT4-fs (loop6): 1 truncate cleaned up [ 127.000187][T11065] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.018592][T11065] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 127.037123][T10282] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.122322][T11077] netlink: 'syz.5.3037': attribute type 1 has an invalid length. [ 127.136434][T11077] 8021q: adding VLAN 0 to HW filter on device bond2 [ 127.157663][T11077] bond2 (unregistering): Released all slaves [ 127.584558][T11109] tmpfs: Unsupported parameter 'huge' [ 127.870362][T11119] netlink: 'syz.5.3055': attribute type 3 has an invalid length. [ 128.087646][T11150] wg2: entered promiscuous mode [ 128.088514][T11147] netlink: 'syz.5.3066': attribute type 1 has an invalid length. [ 128.092704][T11150] wg2: entered allmulticast mode [ 128.113780][T11147] 8021q: adding VLAN 0 to HW filter on device bond2 [ 128.157958][T11147] 8021q: adding VLAN 0 to HW filter on device bond2 [ 128.193407][T11147] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address [ 128.237650][T11147] bond2: (slave vxcan1): Error -95 calling set_mac_address [ 128.384821][T11167] bond0: left promiscuous mode [ 128.389617][T11167] ªªªªªª: left promiscuous mode [ 128.394674][T11167] bond_slave_1: left promiscuous mode [ 128.409591][T11167] dummy0: left promiscuous mode [ 128.434394][T11167] wg2: left promiscuous mode [ 128.440717][T11167] bridge_slave_1: left promiscuous mode [ 128.449489][T11167] team1: left promiscuous mode [ 128.481675][T11167] team2: left promiscuous mode [ 128.486799][ T3382] lo speed is unknown, defaulting to 1000 [ 128.492706][ T3382] syz2: Port: 1 Link DOWN [ 128.625264][T11187] tmpfs: Unsupported parameter 'huge' [ 128.731412][T11188] lo speed is unknown, defaulting to 1000 [ 128.770562][T11193] __nla_validate_parse: 4 callbacks suppressed [ 128.770589][T11193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3087'. [ 128.884514][T11200] netlink: 'syz.0.3089': attribute type 1 has an invalid length. [ 129.214786][ T29] kauditd_printk_skb: 171 callbacks suppressed [ 129.214923][ T29] audit: type=1400 audit(133.302:5774): avc: denied { create } for pid=11244 comm="syz.2.3109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 129.278326][ T29] audit: type=1400 audit(133.302:5775): avc: denied { ioctl } for pid=11244 comm="syz.2.3109" path="socket:[31374]" dev="sockfs" ino=31374 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 129.307605][T11252] netlink: 360 bytes leftover after parsing attributes in process `syz.6.3111'. [ 129.375026][T11259] lo speed is unknown, defaulting to 1000 [ 129.426486][T11262] loop6: detected capacity change from 0 to 8192 [ 129.433399][T11262] msdos: Unknown parameter 'A' [ 129.645946][T11271] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.658434][ T29] audit: type=1326 audit(133.743:5776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 129.681355][ T29] audit: type=1326 audit(133.743:5777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 129.704429][ T29] audit: type=1326 audit(133.764:5778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 129.728366][ T29] audit: type=1326 audit(133.764:5779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 129.751626][ T29] audit: type=1326 audit(133.764:5780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 129.859715][ T29] audit: type=1326 audit(133.848:5781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 129.865544][T11271] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.882750][ T29] audit: type=1326 audit(133.848:5782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 129.882782][ T29] audit: type=1326 audit(133.869:5783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11268 comm="syz.6.3119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 130.035801][T11271] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.075235][T11281] wg2: entered promiscuous mode [ 130.080769][T11281] wg2: entered allmulticast mode [ 130.115871][T11256] 9pnet_fd: p9_fd_create_tcp (11256): problem connecting socket to 127.0.0.1 [ 130.116996][T11271] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.147466][T11284] netlink: 'syz.0.3126': attribute type 10 has an invalid length. [ 130.166039][T11286] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3127'. [ 130.166211][T11284] dummy0: entered allmulticast mode [ 130.181146][T11284] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 130.196148][T11286] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3127'. [ 130.284276][T11292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3130'. [ 130.294248][ T165] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.369500][ T165] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.454422][ T165] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.505078][ T165] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.537773][T11305] netlink: 'syz.5.3136': attribute type 30 has an invalid length. [ 130.562917][T11307] loop6: detected capacity change from 0 to 1024 [ 130.613458][T11307] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.664040][T10282] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.691213][T11316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3140'. [ 130.779665][T11329] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3146'. [ 130.946383][T11347] netlink: 'syz.5.3151': attribute type 30 has an invalid length. [ 131.038248][T11353] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.081653][T11353] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.138633][T11353] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.195480][T11353] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.227856][T11357] bond0: (slave bond_slave_0): Releasing backup interface [ 131.238237][T11357] bond0: (slave bond_slave_1): Releasing backup interface [ 131.252913][T11357] team0: Port device team_slave_0 removed [ 131.273524][T11357] team0: Port device team_slave_1 removed [ 131.282140][T11357] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.289743][T11357] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 131.301716][T11357] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.309278][T11357] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 131.485826][T11373] bridge0: entered promiscuous mode [ 131.491323][T11373] macvtap1: entered allmulticast mode [ 131.496920][T11373] bridge0: entered allmulticast mode [ 131.503831][T11373] bridge0: port 1(macvtap1) entered blocking state [ 131.510569][T11373] bridge0: port 1(macvtap1) entered disabled state [ 131.518913][T11373] bridge0: left allmulticast mode [ 131.523952][T11373] bridge0: left promiscuous mode [ 131.643213][T11394] tipc: Started in network mode [ 131.648159][T11394] tipc: Node identity 86673937ab7f, cluster identity 4711 [ 131.655410][T11394] tipc: Enabled bearer , priority 0 [ 131.673747][T11394] tipc: Disabling bearer [ 131.795445][T11409] loop6: detected capacity change from 0 to 256 [ 131.808317][T11409] FAT-fs (loop6): Directory bread(block 64) failed [ 131.815012][T11409] FAT-fs (loop6): Directory bread(block 65) failed [ 131.821655][T11409] FAT-fs (loop6): Directory bread(block 66) failed [ 131.831682][T11409] FAT-fs (loop6): Directory bread(block 67) failed [ 131.838296][T11409] FAT-fs (loop6): Directory bread(block 68) failed [ 131.844855][T11409] FAT-fs (loop6): Directory bread(block 69) failed [ 131.851728][T11409] FAT-fs (loop6): Directory bread(block 70) failed [ 131.858321][T11409] FAT-fs (loop6): Directory bread(block 71) failed [ 131.864945][T11409] FAT-fs (loop6): Directory bread(block 72) failed [ 131.871700][T11409] FAT-fs (loop6): Directory bread(block 73) failed [ 132.044309][T11430] loop6: detected capacity change from 0 to 512 [ 132.065600][T11430] EXT4-fs: Ignoring removed oldalloc option [ 132.072262][T11430] ext4: Unknown parameter 'smackfsfloor' [ 132.549380][T11453] loop6: detected capacity change from 0 to 1024 [ 132.567506][T11453] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.591674][T11453] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.668093][T11468] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3201'. [ 132.816077][T11479] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3206'. [ 132.855528][T11481] loop6: detected capacity change from 0 to 1024 [ 132.884111][T11481] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.917862][T11481] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4183: comm syz.6.3207: Allocating blocks 449-513 which overlap fs metadata [ 132.954327][T11480] EXT4-fs (loop6): pa ffff888107267850: logic 48, phys. 177, len 21 [ 132.962517][T11480] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 132.986869][T10282] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.357454][T11514] tipc: New replicast peer: 255.255.255.83 [ 133.363382][T11514] tipc: Enabled bearer , priority 10 [ 133.395054][T11518] $Hÿ: (slave dummy0): Releasing backup interface [ 133.402154][T11518] bridge_slave_0: left promiscuous mode [ 133.407961][T11518] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.415874][T11518] bridge_slave_1: left allmulticast mode [ 133.421536][T11518] bridge_slave_1: left promiscuous mode [ 133.427339][T11518] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.435390][T11518] $Hÿ: (slave bond_slave_0): Releasing backup interface [ 133.443664][T11518] $Hÿ: (slave bond_slave_1): Releasing backup interface [ 133.450948][T11519] netlink: 'syz.2.3223': attribute type 10 has an invalid length. [ 133.458823][T11519] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3223'. [ 133.468081][T11518] team0: Port device team_slave_0 removed [ 133.474794][T11518] team0: Port device team_slave_1 removed [ 133.481012][T11518] bond0: (slave veth3): Releasing backup interface [ 133.553389][T11531] syz_tun: entered allmulticast mode [ 133.561615][T11531] pimreg: entered allmulticast mode [ 133.568750][T11530] syz_tun: left allmulticast mode [ 133.581797][ T2248] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.593351][ T2248] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.605457][ T2248] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.622196][ T2248] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.713310][T11547] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3234'. [ 133.814884][T11489] 9pnet_fd: p9_fd_create_tcp (11489): problem connecting socket to 127.0.0.1 [ 133.947209][T11583] 0ªî{X¹¦: left allmulticast mode [ 134.044224][T11583] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.051591][T11583] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.081730][ T29] kauditd_printk_skb: 343 callbacks suppressed [ 134.081788][ T29] audit: type=1400 audit(138.415:6127): avc: denied { compute_member } for pid=11608 comm="syz.6.3256" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 134.127888][T11583] $Hÿ: left promiscuous mode [ 134.132776][T11583] bond_slave_0: left promiscuous mode [ 134.138315][T11583] bond_slave_1: left promiscuous mode [ 134.146614][T11583] dummy0: left promiscuous mode [ 134.163005][ T29] audit: type=1326 audit(138.499:6128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.186110][ T29] audit: type=1326 audit(138.499:6129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.186236][T11614] loop6: detected capacity change from 0 to 1024 [ 134.228666][ T29] audit: type=1326 audit(138.499:6130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.232282][T11614] EXT4-fs: Invalid want_extra_isize -2147483648 [ 134.252473][ T29] audit: type=1326 audit(138.499:6131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.281634][ T29] audit: type=1326 audit(138.499:6132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.304569][ T29] audit: type=1326 audit(138.499:6133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.327643][ T29] audit: type=1326 audit(138.499:6134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.350498][ T29] audit: type=1326 audit(138.499:6135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.373420][ T29] audit: type=1326 audit(138.499:6136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.6.3258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4b727aebe9 code=0x7ffc0000 [ 134.454525][ T9] tipc: Node number set to 1753616649 [ 134.676895][T11583] ip6gre1: left allmulticast mode [ 134.696895][T11583] ip6gre2: left allmulticast mode [ 134.741190][T11587] tipc: Enabling of bearer rejected, failed to enable media [ 134.755194][ T31] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.773783][ T31] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.782805][ T31] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.791553][ T31] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.868022][T11635] netlink: 204 bytes leftover after parsing attributes in process `syz.4.3263'. [ 135.124253][ T1040] IPVS: starting estimator thread 0... [ 135.214271][T11650] IPVS: using max 2688 ests per chain, 134400 per kthread [ 135.332249][T11668] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 135.674241][T11676] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3278'. [ 135.738635][T11677] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3278'. [ 136.048503][T11689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3284'. [ 136.217073][T11702] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 136.305512][T11715] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3295'. [ 136.324610][T11715] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3295'. [ 136.394640][T11722] ref_ctr_offset mismatch. inode: 0x234 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4 [ 136.485277][T11731] netlink: 'syz.6.3303': attribute type 10 has an invalid length. [ 136.495463][T11731] team0: Device hsr_slave_0 failed to register rx_handler [ 136.602769][T11736] loop6: detected capacity change from 0 to 128 [ 136.664198][T11737] syz.6.3305: attempt to access beyond end of device [ 136.664198][T11737] loop6: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 136.678238][T11737] syz.6.3305: attempt to access beyond end of device [ 136.678238][T11737] loop6: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 136.691758][T11737] syz.6.3305: attempt to access beyond end of device [ 136.691758][T11737] loop6: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 136.705184][T11737] syz.6.3305: attempt to access beyond end of device [ 136.705184][T11737] loop6: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 136.728953][T11737] syz.6.3305: attempt to access beyond end of device [ 136.728953][T11737] loop6: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 136.747682][T11737] syz.6.3305: attempt to access beyond end of device [ 136.747682][T11737] loop6: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 136.764326][T11739] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3306'. [ 136.776597][T11737] syz.6.3305: attempt to access beyond end of device [ 136.776597][T11737] loop6: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 136.798973][T11737] syz.6.3305: attempt to access beyond end of device [ 136.798973][T11737] loop6: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 136.800872][T11741] wireguard0: entered promiscuous mode [ 136.812966][T11737] syz.6.3305: attempt to access beyond end of device [ 136.812966][T11737] loop6: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 136.817998][T11741] wireguard0: entered allmulticast mode [ 136.831489][T11737] syz.6.3305: attempt to access beyond end of device [ 136.831489][T11737] loop6: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 136.912708][T11746] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3309'. [ 136.921775][T11746] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3309'. [ 136.931081][T11746] netlink: 'syz.0.3309': attribute type 6 has an invalid length. [ 137.084223][T11767] siw: device registration error -23 [ 137.141798][T11774] loop6: detected capacity change from 0 to 2048 [ 137.165398][T11774] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 137.331265][T10282] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.456633][T11812] syzkaller0: entered allmulticast mode [ 137.465556][T11812] syzkaller0 (unregistering): left allmulticast mode [ 137.702455][T11831] syzkaller0: entered promiscuous mode [ 137.708027][T11831] syzkaller0: entered allmulticast mode [ 137.797309][T11836] syzkaller0: entered allmulticast mode [ 137.808046][T11836] syzkaller0: entered promiscuous mode [ 137.825228][T11836] syzkaller0 (unregistering): left allmulticast mode [ 137.832005][T11836] syzkaller0 (unregistering): left promiscuous mode [ 137.837965][T11839] loop6: detected capacity change from 0 to 128 [ 137.942746][T11855] netlink: 'syz.0.3356': attribute type 1 has an invalid length. [ 137.961713][T11859] netlink: 'syz.6.3357': attribute type 1 has an invalid length. [ 137.972367][T11855] bond4: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 137.984806][T11855] bond4: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 137.995082][T11855] bond4: (slave ipvlan0): Setting fail_over_mac to active for active-backup mode [ 138.018959][T11861] loop6: detected capacity change from 0 to 8192 [ 138.231487][T11894] netlink: 'syz.5.3371': attribute type 1 has an invalid length. [ 138.651169][T11916] lo speed is unknown, defaulting to 1000 [ 138.767356][T11927] __nla_validate_parse: 14 callbacks suppressed [ 138.767374][T11927] netlink: 96 bytes leftover after parsing attributes in process `syz.5.3384'. [ 138.945874][T11931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11931 comm=syz.2.3386 [ 139.141469][T11941] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3390'. [ 139.151586][T11941] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3390'. [ 139.181428][ T29] kauditd_printk_skb: 422 callbacks suppressed [ 139.181469][ T29] audit: type=1326 audit(143.769:6559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="syz.2.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.194965][T11945] loop6: detected capacity change from 0 to 1024 [ 139.210795][ T29] audit: type=1326 audit(143.769:6560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="syz.2.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.210827][ T29] audit: type=1326 audit(143.769:6561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="syz.2.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.210850][ T29] audit: type=1326 audit(143.769:6562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="syz.2.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.218062][T11945] EXT4-fs: Ignoring removed orlov option [ 139.240156][ T29] audit: type=1326 audit(143.769:6563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="syz.2.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.240187][ T29] audit: type=1326 audit(143.769:6564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.240209][ T29] audit: type=1326 audit(143.769:6565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.240276][ T29] audit: type=1326 audit(143.769:6566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.265535][T11945] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.286171][ T29] audit: type=1326 audit(143.769:6567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.286232][ T29] audit: type=1326 audit(143.769:6568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 139.573035][T10282] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.609941][T12047] blktrace: Concurrent blktraces are not allowed on loop13 [ 140.689671][T12065] loop6: detected capacity change from 0 to 512 [ 140.696763][T12065] EXT4-fs: Ignoring removed mblk_io_submit option [ 140.703829][T12065] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 140.715054][T12065] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002] [ 140.723833][T12065] System zones: 1-12 [ 140.728608][T12065] EXT4-fs (loop6): 1 truncate cleaned up [ 140.734944][T12065] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.802880][T12065] lo speed is unknown, defaulting to 1000 [ 140.874953][T10282] EXT4-fs error (device loop6): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /138/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 140.897052][T10282] EXT4-fs error (device loop6): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 140.917375][T10282] EXT4-fs error (device loop6): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /138/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 140.940320][T10282] EXT4-fs error (device loop6): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 140.963055][T10282] EXT4-fs error (device loop6): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /138/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 141.001997][T10282] EXT4-fs error (device loop6): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 141.059930][T10282] EXT4-fs error (device loop6): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /138/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 141.088363][T10282] EXT4-fs error (device loop6): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 141.111091][T12092] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3451'. [ 141.112105][T10282] EXT4-fs error (device loop6): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /138/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 141.120343][T12092] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3451'. [ 141.144014][T10282] EXT4-fs error (device loop6): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 141.431905][T12104] lo speed is unknown, defaulting to 1000 [ 141.436074][T10282] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.448683][ T31] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.488086][ T31] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.569442][ T31] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.598041][ T31] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.616849][T12109] lo speed is unknown, defaulting to 1000 [ 141.697144][T12109] chnl_net:caif_netlink_parms(): no params data found [ 141.874149][ T31] bond0 (unregistering): Released all slaves [ 141.904992][T12109] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.912120][T12109] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.921428][T12109] bridge_slave_0: entered allmulticast mode [ 141.927902][T12109] bridge_slave_0: entered promiscuous mode [ 141.935356][ T31] tipc: Left network mode [ 141.941467][T12109] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.948611][T12109] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.958746][T12109] bridge_slave_1: entered allmulticast mode [ 141.978625][T12109] bridge_slave_1: entered promiscuous mode [ 141.997242][ T31] hsr_slave_0: left promiscuous mode [ 142.003243][ T31] hsr_slave_1: left promiscuous mode [ 142.013294][ T31] veth1_macvtap: left promiscuous mode [ 142.019045][ T31] veth0_macvtap: left promiscuous mode [ 142.024635][ T31] veth1_vlan: left promiscuous mode [ 142.116019][T12109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.128160][T12109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.154595][T12109] team0: Port device team_slave_0 added [ 142.161444][T12109] team0: Port device team_slave_1 added [ 142.178959][T12109] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.185928][T12109] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.212149][T12109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.244684][T12109] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 142.251640][T12109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.277759][T12109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 142.310355][T12109] hsr_slave_0: entered promiscuous mode [ 142.316799][T12109] hsr_slave_1: entered promiscuous mode [ 142.323234][T12109] debugfs: 'hsr0' already exists in 'hsr' [ 142.328965][T12109] Cannot create hsr debugfs directory [ 142.440233][T12109] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 142.453481][T12109] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 142.466408][T12109] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 142.485351][T12109] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 142.575691][T12109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.607088][T12109] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.626762][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.633962][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.658962][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.666335][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.806593][T12109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.881025][T12197] unsupported nla_type 52263 [ 142.885297][T12194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3483'. [ 143.003047][T12109] veth0_vlan: entered promiscuous mode [ 143.010878][T12109] veth1_vlan: entered promiscuous mode [ 143.028695][T12109] veth0_macvtap: entered promiscuous mode [ 143.060119][T12109] veth1_macvtap: entered promiscuous mode [ 143.071768][T12109] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.082967][T12109] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.114730][ T41] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.127790][ T41] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.142401][ T41] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.152209][ T41] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.179964][T12213] loop7: detected capacity change from 0 to 512 [ 143.194201][T12213] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 143.207418][T12213] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.3459: bad orphan inode 131083 [ 143.218485][T12213] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.398445][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.521540][T12240] lo speed is unknown, defaulting to 1000 [ 143.730163][T12263] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 649 [ 144.026877][ T29] kauditd_printk_skb: 264 callbacks suppressed [ 144.026891][ T29] audit: type=1326 audit(148.850:6833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 144.081805][ T29] audit: type=1326 audit(148.850:6834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 144.104959][ T29] audit: type=1326 audit(148.850:6835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9ffd1a0b07 code=0x7ffc0000 [ 144.127736][ T29] audit: type=1326 audit(148.850:6836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f9ffd1a0a7c code=0x7ffc0000 [ 144.150954][ T29] audit: type=1326 audit(148.850:6837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f9ffd1a09b4 code=0x7ffc0000 [ 144.174978][ T29] audit: type=1326 audit(148.850:6838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f9ffd1a09b4 code=0x7ffc0000 [ 144.198269][ T29] audit: type=1326 audit(148.850:6839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9ffd19d84a code=0x7ffc0000 [ 144.220970][ T29] audit: type=1326 audit(148.850:6840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 144.243939][ T29] audit: type=1326 audit(148.850:6841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 144.266977][ T29] audit: type=1326 audit(148.850:6842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12289 comm="syz.7.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 144.402894][T12297] lo speed is unknown, defaulting to 1000 [ 144.599886][T12310] lo speed is unknown, defaulting to 1000 [ 144.751880][T12320] netlink: 7 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.778122][T12320] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.787335][T12320] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.811773][T12320] netlink: 7 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.825398][T12320] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.834470][T12320] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.873815][T12320] netlink: 7 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.883349][T12320] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3528'. [ 144.892397][T12320] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3528'. [ 145.076735][T12345] macvlan1: entered promiscuous mode [ 145.083086][T12345] ipvlan0: entered promiscuous mode [ 145.088727][T12345] ipvlan0: left promiscuous mode [ 145.094236][T12345] macvlan1: left promiscuous mode [ 145.147405][T12349] sch_fq: defrate 0 ignored. [ 145.184031][T12353] vlan2: entered allmulticast mode [ 145.189593][T12353] dummy0: entered allmulticast mode [ 145.307530][T12361] lo speed is unknown, defaulting to 1000 [ 145.314081][T12361] lo speed is unknown, defaulting to 1000 [ 145.321327][T12361] lo speed is unknown, defaulting to 1000 [ 145.327786][T12361] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 145.337846][T12361] lo speed is unknown, defaulting to 1000 [ 145.343993][T12361] lo speed is unknown, defaulting to 1000 [ 145.364564][T12361] lo speed is unknown, defaulting to 1000 [ 145.383940][T12361] lo speed is unknown, defaulting to 1000 [ 145.396270][T12361] lo speed is unknown, defaulting to 1000 [ 145.694418][T12400] tipc: Enabled bearer , priority 0 [ 145.766644][T12437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3557'. [ 146.039846][T12473] vlan0: entered allmulticast mode [ 146.080896][T12475] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.173604][T12475] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.291867][T12475] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.381810][T12475] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.634939][T12396] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.730523][T12402] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.854441][T12402] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.909971][ T386] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.995315][T12545] netlink: 'syz.5.3599': attribute type 21 has an invalid length. [ 147.010714][T12545] netlink: 'syz.5.3599': attribute type 5 has an invalid length. [ 147.018895][T12545] netlink: 'syz.5.3599': attribute type 6 has an invalid length. [ 147.161136][T12565] netlink: 'syz.7.3603': attribute type 4 has an invalid length. [ 147.277132][T12571] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.375998][T12571] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.507304][T12571] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.600889][T12571] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.785295][T12381] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.878620][ T386] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.945980][ T386] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.024011][T12415] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.273636][T12675] netlink: 'syz.4.3652': attribute type 4 has an invalid length. [ 148.834990][ T29] kauditd_printk_skb: 189 callbacks suppressed [ 148.835004][ T29] audit: type=1400 audit(153.889:7032): avc: denied { bind } for pid=12694 comm="syz.5.3661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 148.861725][ T29] audit: type=1400 audit(153.889:7033): avc: denied { listen } for pid=12694 comm="syz.5.3661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 149.056919][T12715] sch_fq: defrate 4294967295 ignored. [ 149.272290][T12721] netlink: 'syz.2.3672': attribute type 1 has an invalid length. [ 149.502582][ T29] audit: type=1326 audit(154.592:7034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 149.525614][ T29] audit: type=1326 audit(154.592:7035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 149.548618][ T29] audit: type=1326 audit(154.592:7036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 149.571638][ T29] audit: type=1326 audit(154.592:7037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 149.594805][ T29] audit: type=1326 audit(154.592:7038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 149.617825][ T29] audit: type=1326 audit(154.592:7039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 149.640796][ T29] audit: type=1326 audit(154.592:7040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2eaf23ec23 code=0x7ffc0000 [ 149.663821][ T29] audit: type=1326 audit(154.655:7041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12749 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2eaf23ec23 code=0x7ffc0000 [ 150.438015][T12784] __nla_validate_parse: 17 callbacks suppressed [ 150.438031][T12784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3698'. [ 150.480969][T12784] ip6gre2: entered allmulticast mode [ 150.574969][T12797] loop7: detected capacity change from 0 to 512 [ 150.639766][T12797] EXT4-fs (loop7): revision level too high, forcing read-only mode [ 150.647988][T12797] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 150.674915][T12797] System zones: 0-1, 15-15, 18-18, 34-34 [ 150.697047][T12797] EXT4-fs (loop7): orphan cleanup on readonly fs [ 150.734074][T12797] EXT4-fs warning (device loop7): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 150.748814][T12797] EXT4-fs (loop7): Cannot turn on quotas: error -22 [ 150.790125][T12797] EXT4-fs (loop7): 1 truncate cleaned up [ 150.801398][T12797] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 150.857171][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.875711][T12816] tipc: Enabling of bearer rejected, failed to enable media [ 150.964312][T12835] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3715'. [ 151.003738][T12837] netlink: 'syz.2.3720': attribute type 1 has an invalid length. [ 151.012042][T12835] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3715'. [ 151.032962][T12837] 8021q: adding VLAN 0 to HW filter on device bond3 [ 151.064572][T12837] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3720'. [ 151.085309][T12837] bond3 (unregistering): Released all slaves [ 151.139568][T12846] tipc: Enabling of bearer rejected, failed to enable media [ 151.389459][T12886] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3742'. [ 151.852760][T12922] lo speed is unknown, defaulting to 1000 [ 151.859669][T12922] lo speed is unknown, defaulting to 1000 [ 152.006468][T12957] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3771'. [ 152.725745][T13037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3807'. [ 152.776791][T13047] : renamed from bond0 (while UP) [ 152.844796][T13060] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3817'. [ 152.885772][T13060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.910977][T13066] vlan2: entered allmulticast mode [ 152.916189][T13066] bond0: entered allmulticast mode [ 152.933630][T13069] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3821'. [ 152.955180][T13069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3821'. [ 153.065742][T13090] Set syz1 is full, maxelem 65536 reached [ 153.212692][T13104] loop7: detected capacity change from 0 to 128 [ 153.220993][T13104] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 153.261687][T12109] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 153.349045][T13120] netlink: 'syz.5.3841': attribute type 4 has an invalid length. [ 153.360863][T13120] netlink: 'syz.5.3841': attribute type 4 has an invalid length. [ 153.930890][ T29] kauditd_printk_skb: 599 callbacks suppressed [ 153.930904][ T29] audit: type=1326 audit(159.243:7640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 153.968030][T13164] loop7: detected capacity change from 0 to 512 [ 153.985053][ T29] audit: type=1326 audit(159.285:7641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.008644][ T29] audit: type=1326 audit(159.285:7642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.031660][ T29] audit: type=1326 audit(159.285:7643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.055015][ T29] audit: type=1326 audit(159.285:7644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.078543][ T29] audit: type=1326 audit(159.285:7645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.101434][ T29] audit: type=1326 audit(159.285:7646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.124339][ T29] audit: type=1326 audit(159.285:7647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.147216][ T29] audit: type=1326 audit(159.285:7648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.170300][ T29] audit: type=1326 audit(159.285:7649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13163 comm="syz.7.3858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 154.218338][T13164] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.290757][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.442087][T13214] veth0: entered promiscuous mode [ 154.448197][T13214] veth0 (unregistering): left promiscuous mode [ 154.613711][T13237] netlink: 'syz.4.3889': attribute type 4 has an invalid length. [ 154.703457][T13261] SELinux: Context system_u:object_r:iptables_unit_file_t:s0 is not valid (left unmapped). [ 154.777331][T13277] netlink: 'syz.5.3910': attribute type 10 has an invalid length. [ 154.787373][T13277] bond0: (slave dummy0): Releasing backup interface [ 154.796505][T13277] team0: Port device dummy0 added [ 154.830576][T13281] netlink: 'syz.4.3912': attribute type 4 has an invalid length. [ 155.231944][T13349] __nla_validate_parse: 8 callbacks suppressed [ 155.231958][T13349] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3937'. [ 155.254292][T13349] 8021q: adding VLAN 0 to HW filter on device bond3 [ 155.272611][T13349] vlan0: entered allmulticast mode [ 155.277801][T13349] bond3: entered allmulticast mode [ 155.843387][T13394] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3943'. [ 155.852579][T13394] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3943'. [ 155.861728][T13394] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3943'. [ 155.879216][T13394] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3943'. [ 155.888292][T13394] netlink: 'syz.2.3943': attribute type 6 has an invalid length. [ 156.237662][T13442] netlink: zone id is out of range [ 156.244335][T13442] netlink: zone id is out of range [ 156.282709][T13430] lo speed is unknown, defaulting to 1000 [ 156.297594][T13430] lo speed is unknown, defaulting to 1000 [ 156.470466][T13463] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3954'. [ 156.532711][T13463] 8021q: adding VLAN 0 to HW filter on device bond4 [ 156.572641][T13476] loop7: detected capacity change from 0 to 1024 [ 156.604992][T13476] EXT4-fs: Ignoring removed orlov option [ 156.610737][T13476] EXT4-fs: Ignoring removed nomblk_io_submit option [ 156.611483][T13473] vlan2: entered allmulticast mode [ 156.622765][T13473] bond4: entered allmulticast mode [ 156.641100][T13476] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.831335][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.019435][T13533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3965'. [ 157.028431][T13533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3965'. [ 157.040927][T13533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3965'. [ 157.053267][T13533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3965'. [ 157.159681][T13552] loop7: detected capacity change from 0 to 1764 [ 157.166793][T13552] iso9660: Bad value for 'gid' [ 157.171632][T13552] iso9660: Bad value for 'gid' [ 157.682862][T13639] team0 (unregistering): Port device team_slave_0 removed [ 157.704819][T13639] team0 (unregistering): Port device team_slave_1 removed [ 157.893341][T13672] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.900597][T13672] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.014788][ T386] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.025024][ T386] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.040564][ T386] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.050096][ T386] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.095266][T13689] lo speed is unknown, defaulting to 1000 [ 158.102462][T13689] lo speed is unknown, defaulting to 1000 [ 158.290639][T13732] geneve2: entered promiscuous mode [ 158.296732][T12415] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.317821][T12415] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.329964][T12415] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.339235][T12415] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.469899][T13761] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=13761 comm=syz.0.4012 [ 158.482494][T13761] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13761 comm=syz.0.4012 [ 158.489025][T13753] lo speed is unknown, defaulting to 1000 [ 158.501884][T13753] lo speed is unknown, defaulting to 1000 [ 158.560525][T13774] syz_tun: entered allmulticast mode [ 158.567098][T13774] syz_tun: left allmulticast mode [ 159.051486][T13831] lo speed is unknown, defaulting to 1000 [ 159.057881][T13831] lo speed is unknown, defaulting to 1000 [ 159.304440][T13837] vlan2: entered allmulticast mode [ 159.513784][T13853] vlan0: entered allmulticast mode [ 159.548369][T13855] uprobe: syz.4.4051:13855 failed to unregister, leaking uprobe [ 159.641571][T13862] lo speed is unknown, defaulting to 1000 [ 159.647628][T13862] lo speed is unknown, defaulting to 1000 [ 159.688664][T13873] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13873 comm=syz.5.4059 [ 159.702380][ T29] kauditd_printk_skb: 391 callbacks suppressed [ 159.702468][ T29] audit: type=1107 audit(165.311:8041): pid=13871 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 159.738505][T13868] loop7: detected capacity change from 0 to 8192 [ 159.747590][T13868] msdos: Unknown parameter 'A' [ 160.177024][ T29] audit: type=1326 audit(165.804:8042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.0.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 160.200059][ T29] audit: type=1326 audit(165.804:8043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.0.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 160.223013][ T29] audit: type=1326 audit(165.804:8044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.0.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 160.245908][ T29] audit: type=1326 audit(165.804:8045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.0.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 160.338442][T13910] netlink: 'syz.4.4076': attribute type 21 has an invalid length. [ 160.346348][T13910] __nla_validate_parse: 4 callbacks suppressed [ 160.346361][T13910] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4076'. [ 160.431019][T13921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4080'. [ 161.185307][T13967] loop7: detected capacity change from 0 to 1024 [ 161.192025][T13967] EXT4-fs: Ignoring removed orlov option [ 161.202789][T13967] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.218677][T13966] lo speed is unknown, defaulting to 1000 [ 161.224776][T13966] lo speed is unknown, defaulting to 1000 [ 161.405314][T13980] netlink: 'syz.0.4100': attribute type 10 has an invalid length. [ 161.414263][T13980] bond0: (slave dummy0): Releasing backup interface [ 161.422578][T13980] team0: Port device dummy0 added [ 161.461420][T13984] netlink: 'syz.0.4102': attribute type 1 has an invalid length. [ 161.483837][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.495587][T13984] bond5: (slave veth3): Enslaving as an active interface with a down link [ 161.510014][T13984] bond5: entered promiscuous mode [ 161.515201][T13984] bond5: entered allmulticast mode [ 161.520812][T13984] 8021q: adding VLAN 0 to HW filter on device bond5 [ 161.548500][ T29] audit: type=1400 audit(167.243:8046): avc: denied { mounton } for pid=13990 comm="syz.0.4106" path="/880/file0" dev="tmpfs" ino=4606 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 161.634525][ T29] audit: type=1326 audit(167.337:8047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13999 comm="syz.0.4110" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x0 [ 161.683270][ T29] audit: type=1400 audit(167.379:8048): avc: denied { accept } for pid=14003 comm="syz.5.4112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 161.732107][ T29] audit: type=1400 audit(167.431:8049): avc: denied { read write } for pid=13999 comm="syz.0.4110" path="socket:[42285]" dev="sockfs" ino=42285 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 162.442861][T14105] IPVS: Error connecting to the multicast addr [ 162.610553][T14128] loop7: detected capacity change from 0 to 512 [ 162.623975][T14128] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 162.643675][T14128] EXT4-fs (loop7): 1 orphan inode deleted [ 162.649528][T14128] EXT4-fs (loop7): 1 truncate cleaned up [ 162.665751][T14128] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.723043][T14128] EXT4-fs error (device loop7): ext4_lookup:1787: inode #15: comm syz.7.4123: iget: bad extra_isize 46 (inode size 256) [ 162.723811][ T29] audit: type=1400 audit(168.471:8050): avc: denied { watch_reads } for pid=14127 comm="syz.7.4123" path="/121/file0" dev="loop7" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 162.758555][T14128] EXT4-fs (loop7): Remounting filesystem read-only [ 162.798898][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.892301][T14188] Set syz1 is full, maxelem 65536 reached [ 164.179498][T14216] netlink: 'syz.0.4152': attribute type 10 has an invalid length. [ 164.231077][T14216] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 164.256108][T14224] netlink: 'syz.0.4152': attribute type 298 has an invalid length. [ 164.487024][ T29] kauditd_printk_skb: 103 callbacks suppressed [ 164.487075][ T29] audit: type=1326 audit(170.339:8154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.555548][ T29] audit: type=1326 audit(170.360:8155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.578615][ T29] audit: type=1326 audit(170.360:8156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.601474][ T29] audit: type=1326 audit(170.360:8157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.624485][ T29] audit: type=1326 audit(170.360:8158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.647341][ T29] audit: type=1326 audit(170.360:8159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.670560][ T29] audit: type=1326 audit(170.360:8160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.693526][ T29] audit: type=1326 audit(170.371:8161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.716461][ T29] audit: type=1326 audit(170.371:8162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.739453][ T29] audit: type=1326 audit(170.371:8163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.7.4156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ffd19ebe9 code=0x7ffc0000 [ 164.767814][T14246] wireguard: wg2: Could not create IPv4 socket [ 164.923086][T14264] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4163'. [ 165.049360][T14268] loop7: detected capacity change from 0 to 1024 [ 165.096211][T14268] EXT4-fs: Ignoring removed oldalloc option [ 165.096959][T14270] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4167'. [ 165.102321][T14268] EXT4-fs: Ignoring removed nomblk_io_submit option [ 165.151426][T14268] EXT4-fs: Mount option(s) incompatible with ext3 [ 165.161357][T14273] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000008 [ 165.216549][T14268] loop7: detected capacity change from 0 to 1024 [ 165.236176][T14268] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 165.248241][T14268] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002] [ 165.267772][T14268] EXT4-fs (loop7): failed to initialize system zone (-117) [ 165.275008][T14268] EXT4-fs (loop7): mount failed [ 165.425645][T14293] capability: warning: `syz.0.4177' uses 32-bit capabilities (legacy support in use) [ 165.430146][T14298] loop7: detected capacity change from 0 to 512 [ 165.473450][T14298] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.523597][T14298] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #2: comm syz.7.4179: corrupted inode contents [ 165.550943][T14298] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #2: comm syz.7.4179: mark_inode_dirty error [ 165.582169][T14298] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #2: comm syz.7.4179: corrupted inode contents [ 165.609140][T14298] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #2: comm syz.7.4179: mark_inode_dirty error [ 165.659037][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.844983][T14340] loop7: detected capacity change from 0 to 512 [ 165.871349][T14340] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 165.911015][T14340] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 165.942695][T14340] EXT4-fs (loop7): 1 truncate cleaned up [ 165.953590][T14340] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.036707][T14340] lo speed is unknown, defaulting to 1000 [ 166.043024][T14340] lo speed is unknown, defaulting to 1000 [ 166.209329][T14367] netlink: 'syz.4.4205': attribute type 49 has an invalid length. [ 166.294951][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.369033][T14383] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4208'. [ 166.379349][T14383] netlink: 'syz.7.4208': attribute type 10 has an invalid length. [ 166.390858][T14383] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.398090][T14383] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.407812][T14383] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.414893][T14383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.422230][T14383] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.429367][T14383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.438682][T14383] : (slave bridge0): Enslaving as an active interface with an up link [ 166.552945][T14382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14382 comm=syz.4.4211 [ 166.831633][ T386] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.861207][ T386] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.870201][ T386] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.879223][ T386] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.956067][T14415] syzkaller0: entered allmulticast mode [ 166.963211][T14413] Set syz1 is full, maxelem 65536 reached [ 166.979305][T14415] syzkaller0 (unregistering): left allmulticast mode [ 167.139158][T14417] lo speed is unknown, defaulting to 1000 [ 167.139876][T14440] netlink: 'syz.5.4236': attribute type 1 has an invalid length. [ 167.148520][T14417] lo speed is unknown, defaulting to 1000 [ 167.204088][T14440] bond5: (slave veth1): Enslaving as an active interface with a down link [ 167.265967][T14440] bond5: entered promiscuous mode [ 167.271097][T14440] bond5: entered allmulticast mode [ 167.278078][T14440] 8021q: adding VLAN 0 to HW filter on device bond5 [ 167.306872][T14453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4241'. [ 167.365493][T14462] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4246'. [ 167.394809][T14462] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4246'. [ 167.414587][T14469] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4249'. [ 167.541786][T14483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4254'. [ 167.590570][T14500] wg2: left allmulticast mode [ 167.601802][T14500] wg2: entered promiscuous mode [ 167.606724][T14500] wg2: entered allmulticast mode [ 167.624301][T14501] loop7: detected capacity change from 0 to 512 [ 167.647841][T14501] EXT4-fs error (device loop7): ext4_xattr_inode_iget:442: comm syz.7.4258: error while reading EA inode 32 err=-116 [ 167.660924][T14501] EXT4-fs (loop7): Remounting filesystem read-only [ 167.667456][T14501] EXT4-fs warning (device loop7): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 167.678537][T14501] EXT4-fs (loop7): 1 orphan inode deleted [ 167.693007][T14501] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.790340][T14503] lo speed is unknown, defaulting to 1000 [ 167.801430][T14503] lo speed is unknown, defaulting to 1000 [ 168.236920][T14544] lo speed is unknown, defaulting to 1000 [ 168.243807][T14544] lo speed is unknown, defaulting to 1000 [ 168.367875][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.421713][T14558] tipc: Enabling of bearer rejected, failed to enable media [ 168.697053][T14577] loop7: detected capacity change from 0 to 1024 [ 168.803212][T14582] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4294'. [ 168.830107][T14577] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.897652][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.001750][T14606] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4305'. [ 169.864638][ T29] kauditd_printk_skb: 395 callbacks suppressed [ 169.864661][ T29] audit: type=1326 audit(175.977:8559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 169.893971][ T29] audit: type=1326 audit(175.977:8560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 169.916852][ T29] audit: type=1326 audit(175.977:8561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 169.939749][ T29] audit: type=1326 audit(175.977:8562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 169.962656][ T29] audit: type=1326 audit(175.977:8563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 169.985702][ T29] audit: type=1326 audit(175.977:8564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 170.008468][ T29] audit: type=1326 audit(175.977:8565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 170.031353][ T29] audit: type=1326 audit(175.977:8566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 170.054146][ T29] audit: type=1326 audit(175.977:8567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14654 comm="syz.0.4324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 170.077549][ T29] audit: type=1326 audit(176.050:8568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14656 comm="syz.5.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f444eebe9 code=0x7ffc0000 [ 170.167453][T14658] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.174576][T14658] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.236348][T14667] netlink: 'syz.5.4329': attribute type 1 has an invalid length. [ 170.270514][T14658] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.284582][T14658] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.557333][T14669] bond6: entered promiscuous mode [ 170.562397][T14669] bond6: entered allmulticast mode [ 170.569498][T14669] 8021q: adding VLAN 0 to HW filter on device bond6 [ 170.583004][T14670] ip6gretap1: entered promiscuous mode [ 170.588774][T14670] ip6gretap1: entered allmulticast mode [ 170.595526][T14670] bond6: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 170.606108][ T386] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.626277][ T386] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.650248][ T386] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.658929][T12381] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 170.669631][T14690] 9pnet_fd: Insufficient options for proto=fd [ 170.682339][ T386] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.770842][T14693] pim6reg1: entered promiscuous mode [ 170.776374][T14693] pim6reg1: entered allmulticast mode [ 170.782895][T12389] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 171.332688][T14711] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4346'. [ 171.396828][T14713] ref_ctr_offset mismatch. inode: 0x1203 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 171.531187][T14723] netlink: 'syz.2.4352': attribute type 1 has an invalid length. [ 171.640503][T14726] bond4: entered promiscuous mode [ 171.645624][T14726] bond4: entered allmulticast mode [ 171.655108][T14726] 8021q: adding VLAN 0 to HW filter on device bond4 [ 171.675080][T14731] bond7: entered promiscuous mode [ 171.680260][T14731] bond7: entered allmulticast mode [ 171.685767][T14731] 8021q: adding VLAN 0 to HW filter on device bond7 [ 171.722321][T14723] bridge11: entered promiscuous mode [ 171.727792][T14723] bridge11: entered allmulticast mode [ 171.733561][T14723] bond4: (slave bridge11): Enslaving as a backup interface with an up link [ 171.767041][T14707] Set syz1 is full, maxelem 65536 reached [ 171.773070][ T386] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 171.898005][ T386] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 171.939546][T14749] bond0: left allmulticast mode [ 171.944456][T14749] ªªªªªª: left allmulticast mode [ 171.949565][T14749] bond_slave_1: left allmulticast mode [ 171.963369][T14747] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4361'. [ 172.013747][T14749] wg2: left promiscuous mode [ 172.018369][T14749] wg2: left allmulticast mode [ 172.042247][T14749] team1: left allmulticast mode [ 172.047477][T14749] ip6gre1: left allmulticast mode [ 172.053226][T14749] team2: left allmulticast mode [ 172.058306][T14749] bridge3: left allmulticast mode [ 172.063574][T14749] ip6gre2: left allmulticast mode [ 172.068881][T14749] geneve2: left promiscuous mode [ 172.073962][T14749] bond5: left promiscuous mode [ 172.079274][T14749] bond5: left allmulticast mode [ 172.088148][T14747] hsr_slave_0: left promiscuous mode [ 172.112202][T14747] hsr_slave_1: left promiscuous mode [ 172.380700][T14760] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4367'. [ 172.475802][T14775] veth9: entered promiscuous mode [ 172.547708][T14780] netlink: zone id is out of range [ 172.553244][T14780] netlink: zone id is out of range [ 172.568748][T14775] lo speed is unknown, defaulting to 1000 [ 172.580607][T14775] lo speed is unknown, defaulting to 1000 [ 172.592045][T14783] netlink: 'syz.2.4376': attribute type 13 has an invalid length. [ 172.749730][T14788] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4378'. [ 172.762766][T14788] ip6gre1: entered allmulticast mode [ 172.795460][T14791] netlink: 'syz.2.4380': attribute type 13 has an invalid length. [ 172.819195][T14791] gretap0: refused to change device tx_queue_len [ 172.825906][T14791] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 172.841632][ T3407] lo speed is unknown, defaulting to 1000 [ 172.847459][ T3407] syz0: Port: 1 Link ACTIVE [ 173.198517][T14815] bond4: left promiscuous mode [ 173.203436][T14815] bridge11: left promiscuous mode [ 173.208634][T14815] bond4: left allmulticast mode [ 173.213639][T14815] bridge11: left allmulticast mode [ 173.239965][T14815] ip6gre1: left allmulticast mode [ 173.262962][ T3382] lo speed is unknown, defaulting to 1000 [ 173.268850][ T3382] syz0: Port: 1 Link DOWN [ 173.296622][ T3382] IPVS: starting estimator thread 0... [ 173.317358][T14828] netlink: 'syz.2.4396': attribute type 30 has an invalid length. [ 173.383109][T14826] IPVS: using max 2880 ests per chain, 144000 per kthread [ 173.693015][T14857] netlink: 'syz.2.4408': attribute type 1 has an invalid length. [ 173.712333][T14857] bond5: entered promiscuous mode [ 173.717811][T14857] bond5: entered allmulticast mode [ 173.730505][T14857] 8021q: adding VLAN 0 to HW filter on device bond5 [ 173.768850][T14857] ip6gretap1: entered promiscuous mode [ 173.774463][T14857] ip6gretap1: entered allmulticast mode [ 173.797779][T14857] bond5: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 173.821923][T12415] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 173.935692][T12415] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 173.946938][T14873] netlink: 'syz.2.4415': attribute type 1 has an invalid length. [ 173.961010][T14873] 8021q: adding VLAN 0 to HW filter on device bond6 [ 173.978846][T14873] bond6: (slave veth11): Enslaving as an active interface with a down link [ 173.997097][T14873] bridge12: entered promiscuous mode [ 174.002452][T14873] bridge12: entered allmulticast mode [ 174.009894][T14873] bond6: (slave bridge12): Enslaving as an active interface with a down link [ 174.035388][T14878] netlink: 'syz.2.4416': attribute type 1 has an invalid length. [ 174.051585][T14879] veth9: left promiscuous mode [ 174.064759][T14878] 8021q: adding VLAN 0 to HW filter on device bond7 [ 174.079528][T14878] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4416'. [ 174.097368][T14878] bond7 (unregistering): Released all slaves [ 174.161067][T14884] netlink: 'syz.7.4419': attribute type 10 has an invalid length. [ 174.170147][T14888] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4421'. [ 174.179463][T14888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4421'. [ 174.180720][T14884] team0: Port device dummy0 added [ 174.188602][T14888] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4421'. [ 174.215778][T14884] netlink: 'syz.7.4419': attribute type 10 has an invalid length. [ 174.224616][T14884] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 174.237388][T14884] team0: Failed to send options change via netlink (err -105) [ 174.245457][T14884] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 174.254861][T14884] team0: Port device dummy0 removed [ 174.260461][T14892] netlink: 'syz.4.4422': attribute type 1 has an invalid length. [ 174.261895][T14884] : (slave dummy0): Enslaving as an active interface with an up link [ 174.307909][T14892] bond5: entered promiscuous mode [ 174.313087][T14892] bond5: entered allmulticast mode [ 174.319498][T14892] 8021q: adding VLAN 0 to HW filter on device bond5 [ 174.364143][T14892] ip6gretap0: entered promiscuous mode [ 174.369807][T14892] ip6gretap0: entered allmulticast mode [ 174.383838][T14892] bond5: (slave ip6gretap0): Enslaving as a backup interface with an up link [ 174.676102][T14924] bridge0: entered allmulticast mode [ 174.683607][T14924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4438'. [ 174.840328][ T29] kauditd_printk_skb: 113 callbacks suppressed [ 174.840343][ T29] audit: type=1400 audit(181.194:8682): avc: denied { getattr } for pid=14938 comm="syz.4.4445" name="/" dev="secretmem" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 175.357288][T14964] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4454'. [ 175.564497][ T29] audit: type=1326 audit(181.950:8683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.587425][ T29] audit: type=1326 audit(181.961:8684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.620243][ T29] audit: type=1326 audit(182.003:8685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.643245][ T29] audit: type=1326 audit(182.003:8686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.666243][ T29] audit: type=1326 audit(182.003:8687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.689405][ T29] audit: type=1326 audit(182.013:8688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.712485][ T29] audit: type=1326 audit(182.013:8689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.735527][ T29] audit: type=1326 audit(182.013:8690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.758547][ T29] audit: type=1326 audit(182.013:8691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.0.4460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f73ed65ebe9 code=0x7ffc0000 [ 175.986457][T14996] $Hÿ: (slave dummy0): Releasing backup interface [ 176.026386][T15005] syzkaller0: entered allmulticast mode [ 176.039155][T15005] syzkaller0 (unregistering): left allmulticast mode [ 176.077904][T15009] 8021q: adding VLAN 0 to HW filter on device bond6 [ 176.100386][T15009] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4473'. [ 176.118049][T15009] bond6 (unregistering): Released all slaves [ 176.601972][T15045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4488'. [ 177.337752][T15082] validate_nla: 1 callbacks suppressed [ 177.337769][T15082] netlink: 'syz.5.4501': attribute type 1 has an invalid length. [ 177.425745][T15088] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4501'. [ 177.438066][T15082] 8021q: adding VLAN 0 to HW filter on device bond8 [ 177.464909][T15088] bond8 (unregistering): Released all slaves [ 177.597725][T15096] netlink: 'syz.2.4507': attribute type 12 has an invalid length. [ 177.607894][T15098] syz_tun: entered allmulticast mode [ 177.616977][T15098] dvmrp6: entered allmulticast mode [ 177.623733][T15097] syz_tun: left allmulticast mode [ 177.629137][T15097] dvmrp6: left allmulticast mode [ 177.705640][T15115] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4516'. [ 177.749836][T15120] netlink: 'syz.2.4518': attribute type 1 has an invalid length. [ 177.763692][T15120] 8021q: adding VLAN 0 to HW filter on device bond7 [ 177.777279][T15120] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4518'. [ 177.793639][T15120] bond7 (unregistering): Released all slaves [ 177.872468][T15133] loop7: detected capacity change from 0 to 512 [ 177.879263][T15133] EXT4-fs: Ignoring removed nobh option [ 177.887672][T15133] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.914847][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.005444][T15146] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15146 comm=syz.0.4528 [ 178.096688][T15158] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4534'. [ 178.105851][T15157] netlink: 'syz.0.4532': attribute type 1 has an invalid length. [ 178.122403][T15157] 8021q: adding VLAN 0 to HW filter on device bond6 [ 178.130573][T15160] ref_ctr increment failed for inode: 0x133d offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff88811afebf40 [ 178.146573][T15157] bond6: (slave veth5): Enslaving as an active interface with a down link [ 178.155644][T15159] uprobe: syz.2.4535:15159 failed to unregister, leaking uprobe [ 178.184938][T15157] bridge5: entered promiscuous mode [ 178.190185][T15157] bridge5: entered allmulticast mode [ 178.197263][T15157] bond6: (slave bridge5): Enslaving as an active interface with a down link [ 178.239620][T15173] netlink: 'syz.0.4541': attribute type 7 has an invalid length. [ 178.247409][T15173] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4541'. [ 178.380222][T15187] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4547'. [ 178.389571][T15187] bridge_slave_1: left allmulticast mode [ 178.395329][T15187] bridge_slave_1: left promiscuous mode [ 178.401132][T15187] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.416002][T15187] bridge_slave_0: left promiscuous mode [ 178.421795][T15187] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.445861][T15187] : (slave bridge0): Releasing backup interface [ 178.586591][T15208] tipc: Enabling of bearer rejected, failed to enable media [ 178.625759][T15214] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.4559'. [ 178.735572][T15231] delete_channel: no stack [ 178.746603][T15234] ref_ctr increment failed for inode: 0xeb1 offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff88811ac32840 [ 178.759052][T15234] ref_ctr increment failed for inode: 0xeb1 offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff88811ac32840 [ 178.795759][T15233] uprobe: syz.5.4567:15233 failed to unregister, leaking uprobe [ 178.869594][T15246] lo speed is unknown, defaulting to 1000 [ 178.876021][T15246] lo speed is unknown, defaulting to 1000 [ 178.876166][T15233] uprobe: syz.5.4567:15233 failed to unregister, leaking uprobe [ 178.986589][T15265] netlink: 'syz.5.4581': attribute type 21 has an invalid length. [ 178.995777][T15265] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4581'. [ 179.223234][T15289] ref_ctr increment failed for inode: 0x130f offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff88811ac35c00 [ 179.262991][T15288] uprobe: syz.4.4593:15288 failed to unregister, leaking uprobe [ 180.194049][T15336] tipc: Enabling of bearer rejected, failed to enable media [ 180.552128][ T29] kauditd_printk_skb: 244 callbacks suppressed [ 180.552142][ T29] audit: type=1326 audit(187.199:8936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.584912][ T29] audit: type=1326 audit(187.231:8937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.607868][ T29] audit: type=1326 audit(187.231:8938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2eaf23ec23 code=0x7ffc0000 [ 180.630818][ T29] audit: type=1326 audit(187.231:8939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2eaf23ec23 code=0x7ffc0000 [ 180.653636][ T29] audit: type=1326 audit(187.231:8940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.676614][ T29] audit: type=1326 audit(187.231:8941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.699815][ T29] audit: type=1326 audit(187.231:8942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.723279][ T29] audit: type=1326 audit(187.231:8943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.746266][ T29] audit: type=1326 audit(187.231:8944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.769171][ T29] audit: type=1326 audit(187.231:8945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15371 comm="syz.2.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eaf23ebe9 code=0x7ffc0000 [ 180.970375][T15391] netlink: 'syz.5.4634': attribute type 83 has an invalid length. [ 181.687219][T15437] __nla_validate_parse: 3 callbacks suppressed [ 181.687260][T15437] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4653'. [ 181.710825][T15437] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4653'. [ 181.756518][T15451] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.4656'. [ 181.765820][T15451] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4656'. [ 181.787416][T15450] bridge: RTM_NEWNEIGH with invalid ether address [ 181.963725][T15463] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4664'. [ 182.713582][T15502] vlan0: entered allmulticast mode [ 182.718791][T15502] dummy0: entered allmulticast mode [ 182.891680][T15522] syzkaller0: refused to change device tx_queue_len [ 183.031104][T15530] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4692'. [ 183.182406][T15537] loop7: detected capacity change from 0 to 8192 [ 183.199227][T15537] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 183.207138][T15537] FAT-fs (loop7): Filesystem has been set read-only [ 183.259679][T15557] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4705'. [ 183.558405][T15600] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4724'. [ 183.622925][T15611] ÿÿÿÿÿÿ: renamed from vlan1 [ 183.686700][T15623] loop7: detected capacity change from 0 to 512 [ 183.694312][T15623] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 183.706384][T15623] EXT4-fs (loop7): 1 truncate cleaned up [ 183.712606][T15623] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.269578][T15623] ================================================================== [ 184.277687][T15623] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping [ 184.285600][T15623] [ 184.287938][T15623] write to 0xffffea0004240f98 of 8 bytes by task 15632 on cpu 0: [ 184.295653][T15623] __filemap_remove_folio+0x1a5/0x2a0 [ 184.301038][T15623] folio_unmap_invalidate+0x1dd/0x360 [ 184.306432][T15623] invalidate_inode_pages2_range+0x27c/0x3d0 [ 184.312430][T15623] filemap_invalidate_pages+0x16d/0x1a0 [ 184.317980][T15623] kiocb_invalidate_pages+0x6e/0x80 [ 184.323200][T15623] __iomap_dio_rw+0x5d4/0x1250 [ 184.327979][T15623] iomap_dio_rw+0x40/0x90 [ 184.332495][T15623] ext4_file_write_iter+0xad9/0xf00 [ 184.337715][T15623] iter_file_splice_write+0x666/0xa60 [ 184.343093][T15623] direct_splice_actor+0x156/0x2a0 [ 184.348354][T15623] splice_direct_to_actor+0x312/0x680 [ 184.353819][T15623] do_splice_direct+0xda/0x150 [ 184.358593][T15623] do_sendfile+0x380/0x650 [ 184.363022][T15623] __x64_sys_sendfile64+0x105/0x150 [ 184.368234][T15623] x64_sys_call+0x2bb0/0x2ff0 [ 184.372917][T15623] do_syscall_64+0xd2/0x200 [ 184.377425][T15623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.383322][T15623] [ 184.385647][T15623] read to 0xffffea0004240f98 of 8 bytes by task 15623 on cpu 1: [ 184.393273][T15623] folio_mapping+0xa1/0x120 [ 184.397964][T15623] folio_wait_writeback+0x43/0x140 [ 184.403143][T15623] file_write_and_wait_range+0x20b/0x2c0 [ 184.408790][T15623] generic_buffers_fsync_noflush+0x45/0x120 [ 184.414696][T15623] ext4_sync_file+0x1ab/0x690 [ 184.419376][T15623] vfs_fsync_range+0x10a/0x130 [ 184.424142][T15623] ext4_buffered_write_iter+0x34f/0x3c0 [ 184.429706][T15623] ext4_file_write_iter+0xdbf/0xf00 [ 184.435103][T15623] iter_file_splice_write+0x666/0xa60 [ 184.440482][T15623] direct_splice_actor+0x156/0x2a0 [ 184.445590][T15623] splice_direct_to_actor+0x312/0x680 [ 184.451053][T15623] do_splice_direct+0xda/0x150 [ 184.455853][T15623] do_sendfile+0x380/0x650 [ 184.460283][T15623] __x64_sys_sendfile64+0x105/0x150 [ 184.465588][T15623] x64_sys_call+0x2bb0/0x2ff0 [ 184.470274][T15623] do_syscall_64+0xd2/0x200 [ 184.474821][T15623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.480810][T15623] [ 184.483129][T15623] value changed: 0xffff88811a5613e0 -> 0x0000000000000000 [ 184.490219][T15623] [ 184.492523][T15623] Reported by Kernel Concurrency Sanitizer on: [ 184.498661][T15623] CPU: 1 UID: 0 PID: 15623 Comm: syz.7.4735 Not tainted syzkaller #0 PREEMPT(voluntary) [ 184.508449][T15623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 184.518496][T15623] ================================================================== [ 184.547193][T12109] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.