last executing test programs: 4.910248043s ago: executing program 1 (id=4000): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 4.806395175s ago: executing program 1 (id=4003): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) 4.54549258s ago: executing program 1 (id=4009): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r2, &(0x7f0000000140)=ANY=[], 0xffdd) 4.293326855s ago: executing program 1 (id=4013): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd63"], 0xfdef) 3.238017696s ago: executing program 2 (id=4030): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], &(0x7f0000000240)=""/252, 0x37, 0xfc, 0x1}, 0x20) 3.098456589s ago: executing program 0 (id=4033): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000023ed0000180100002820702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) sendmsg$inet(r0, &(0x7f0000000d40)={0x0, 0x7000000, &(0x7f00000023c0)=[{&(0x7f0000000b40)='?', 0x1}, {0x0, 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x20001) 3.001376921s ago: executing program 2 (id=4034): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 3.001138831s ago: executing program 0 (id=4035): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000000040000090000000100"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 2.685462167s ago: executing program 2 (id=4038): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3}, {0x61}, {}, {}, {0x6}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000007000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='net_dev_xmit\x00', r2}, 0x18) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) 2.106456878s ago: executing program 3 (id=4044): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000280), 0x84, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 1.990106841s ago: executing program 3 (id=4045): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0x43451) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='memory.events\x00', 0x100002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='mm_lru_activate\x00', r3}, 0x10) write$cgroup_int(r1, &(0x7f0000000200), 0x43451) 1.860688033s ago: executing program 3 (id=4046): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[], &(0x7f0000000340)=""/142, 0x4e, 0x8e, 0x1}, 0x28) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000008c50000000f000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[], 0x20a) 436.850372ms ago: executing program 0 (id=4047): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x4, 0xa, 0x40}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x4, 0x12, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 411.462772ms ago: executing program 3 (id=4048): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r0}, 0x18) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) 337.460853ms ago: executing program 1 (id=4049): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00'}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{r0}, &(0x7f0000000680), &(0x7f00000006c0)='%-010d \x00'}, 0x20) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 334.398483ms ago: executing program 2 (id=4050): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0xf, &(0x7f0000000840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0xb, 0x100a, &(0x7f00000009c0)=""/4106, 0x41100, 0xd}, 0x94) 303.108214ms ago: executing program 0 (id=4051): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071121400000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x80) 219.907746ms ago: executing program 3 (id=4052): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000004440)={&(0x7f0000000ec0)=@id={0x1e, 0x3, 0x0, {0x4e21}}, 0x10, 0x0}, 0x0) 181.827216ms ago: executing program 2 (id=4053): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0) 157.005197ms ago: executing program 0 (id=4054): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x33}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 156.469467ms ago: executing program 1 (id=4055): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2aa40, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001860000000000000e9ff00000400000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 37.499289ms ago: executing program 3 (id=4056): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 37.29145ms ago: executing program 0 (id=4057): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000480)='mm_page_alloc\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001e80)={&(0x7f0000000180)=@abs={0x1, 0x5c, 0x1}, 0x6e, 0x0}, 0x20000) ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180)) 0s ago: executing program 2 (id=4058): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000380)={r0, &(0x7f0000000180), 0x0}, 0x20) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x48) kernel console output (not intermixed with test programs): [ 289.705246][ T28] audit: type=1326 audit(1757301339.797:2998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11358 comm="syz.3.2031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 289.752789][ T28] audit: type=1326 audit(1757301339.797:2999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11358 comm="syz.3.2031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 289.790846][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.236998][T11357] lo speed is unknown, defaulting to 1000 [ 292.742114][ C0] sched: RT throttling activated [ 293.274093][T11462] syz.3.2051[11462] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 293.274236][T11462] syz.3.2051[11462] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 293.705077][T11471] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2054'. [ 294.199116][T11486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2058'. [ 294.233235][T11499] syz.0.2064[11499] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 294.233378][T11499] syz.0.2064[11499] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 294.435078][T11507] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2068'. [ 295.051967][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 295.051982][ T28] audit: type=1326 audit(1757301345.217:3009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 295.122283][ T28] audit: type=1326 audit(1757301345.217:3010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 295.174740][ T28] audit: type=1326 audit(1757301345.227:3011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 295.206164][ T28] audit: type=1326 audit(1757301345.227:3012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f034978ec23 code=0x7ffc0000 [ 295.234914][ T28] audit: type=1326 audit(1757301345.257:3013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f034978d69f code=0x7ffc0000 [ 295.305772][ T28] audit: type=1326 audit(1757301345.257:3014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f034978ec77 code=0x7ffc0000 [ 295.329677][ T28] audit: type=1326 audit(1757301345.257:3015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f034978d550 code=0x7ffc0000 [ 295.359827][ T28] audit: type=1326 audit(1757301345.257:3016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f034978d84a code=0x7ffc0000 [ 295.384063][ T28] audit: type=1326 audit(1757301345.257:3017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 295.407677][ T28] audit: type=1326 audit(1757301345.277:3018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11536 comm="syz.1.2077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 296.414774][T11590] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2098'. [ 296.561008][T11590] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2098'. [ 296.609203][T11594] netlink: 'syz.1.2099': attribute type 10 has an invalid length. [ 296.642523][T11596] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2100'. [ 296.665138][T11594] bond0: (slave dummy0): Releasing backup interface [ 296.710436][T11599] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2100'. [ 296.722040][T11594] team0: Port device dummy0 added [ 296.759129][T11597] netlink: 'syz.1.2099': attribute type 10 has an invalid length. [ 296.855639][T11596] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2100'. [ 296.857996][T11597] team0: Port device dummy0 removed [ 296.912029][T11597] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 296.926658][T11590] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2098'. [ 296.941731][T11599] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2100'. [ 297.621338][T11638] syz.3.2109[11638] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 297.621485][T11638] syz.3.2109[11638] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 298.138412][T11655] loop2: detected capacity change from 0 to 1024 [ 298.173473][T11655] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 34359738371)! [ 298.186997][T11655] EXT4-fs (loop2): group descriptors corrupted! [ 299.738068][T11699] $H: renamed from bond0 (while UP) [ 299.757686][T11699] $H: entered promiscuous mode [ 299.779056][T11699] bond_slave_0: entered promiscuous mode [ 299.792554][T11699] bond_slave_1: entered promiscuous mode [ 300.113211][ T28] kauditd_printk_skb: 97 callbacks suppressed [ 300.113227][ T28] audit: type=1326 audit(1757301350.287:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.184177][ T28] audit: type=1326 audit(1757301350.287:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.239204][ T28] audit: type=1326 audit(1757301350.287:3118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.285535][ T28] audit: type=1326 audit(1757301350.287:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.342033][ T28] audit: type=1326 audit(1757301350.287:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.397458][ T28] audit: type=1326 audit(1757301350.287:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.468063][ T28] audit: type=1326 audit(1757301350.287:3122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.531099][ T28] audit: type=1326 audit(1757301350.287:3123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.570303][T11709] lo speed is unknown, defaulting to 1000 [ 300.589865][ T28] audit: type=1326 audit(1757301350.287:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 300.655548][ T28] audit: type=1326 audit(1757301350.287:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.3.2134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa04778ebe9 code=0x7ffc0000 [ 301.250014][T11754] __nla_validate_parse: 4 callbacks suppressed [ 301.250035][T11754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2139'. [ 301.919185][T11788] $H: renamed from bond0 (while UP) [ 301.944577][T11788] $H: entered promiscuous mode [ 301.962247][T11788] bond_slave_0: entered promiscuous mode [ 301.979344][T11788] bond_slave_1: entered promiscuous mode [ 301.992384][T11788] dummy0: entered promiscuous mode [ 302.340497][T11779] lo speed is unknown, defaulting to 1000 [ 302.485908][ T5793] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 302.499208][ T5793] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 302.518114][ T5793] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 302.528761][ T5793] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 302.539578][ T5793] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 302.549783][ T5793] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 303.242668][T11793] lo speed is unknown, defaulting to 1000 [ 304.261564][T11793] chnl_net:caif_netlink_parms(): no params data found [ 304.644576][ T5793] Bluetooth: hci4: command tx timeout [ 304.679827][T11793] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.687736][T11793] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.696477][T11793] bridge_slave_0: entered allmulticast mode [ 304.706028][T11793] bridge_slave_0: entered promiscuous mode [ 304.716056][T11793] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.724886][T11793] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.745380][T11793] bridge_slave_1: entered allmulticast mode [ 304.763269][T11793] bridge_slave_1: entered promiscuous mode [ 304.977968][T11793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.012421][T11793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 305.107254][T11793] team0: Port device team_slave_0 added [ 305.125906][T11793] team0: Port device team_slave_1 added [ 305.126145][T12077] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2160'. [ 305.344977][T11793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.351990][T11793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.418271][T11793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 305.470840][T11793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.481620][T11793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.569223][T11793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.709497][T12021] lo speed is unknown, defaulting to 1000 [ 305.857159][T11793] hsr_slave_0: entered promiscuous mode [ 305.873870][T11793] hsr_slave_1: entered promiscuous mode [ 305.901891][T12152] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2168'. [ 306.311536][T12198] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2170'. [ 306.490241][T12216] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2171'. [ 306.722312][ T5793] Bluetooth: hci4: command tx timeout [ 307.162346][ T5977] infiniband syz2: ib_query_port failed (-19) [ 307.887247][ T28] kauditd_printk_skb: 85 callbacks suppressed [ 307.887262][ T28] audit: type=1326 audit(1757301358.057:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12256 comm="syz.1.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 307.951132][ T28] audit: type=1326 audit(1757301358.097:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12256 comm="syz.1.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 307.974485][ T28] audit: type=1326 audit(1757301358.097:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12256 comm="syz.1.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 307.997483][ T28] audit: type=1326 audit(1757301358.097:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12256 comm="syz.1.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 308.029275][ T28] audit: type=1326 audit(1757301358.097:3215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12256 comm="syz.1.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 308.068481][ T28] audit: type=1326 audit(1757301358.097:3216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12256 comm="syz.1.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 308.097238][ T28] audit: type=1326 audit(1757301358.097:3217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12256 comm="syz.1.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 308.233705][ T11] smc: removing ib device syz! [ 308.812744][ T5793] Bluetooth: hci4: command tx timeout [ 309.186522][ T1321] bond0 (unregistering): Released all slaves [ 309.834180][T11793] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 309.915340][T11793] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 309.943665][T11793] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 309.968734][T11793] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 310.084101][T11793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.135614][T11793] 8021q: adding VLAN 0 to HW filter on device team0 [ 310.170236][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.177561][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.242531][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.249717][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.604166][T11793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.659255][ T28] audit: type=1326 audit(1757301360.827:3218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12325 comm="syz.1.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 310.713123][ T28] audit: type=1326 audit(1757301360.857:3219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12325 comm="syz.1.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 310.740547][T11793] veth0_vlan: entered promiscuous mode [ 310.747525][ T28] audit: type=1326 audit(1757301360.857:3220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12325 comm="syz.1.2187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 310.799357][T11793] veth1_vlan: entered promiscuous mode [ 310.883382][ T5793] Bluetooth: hci4: command tx timeout [ 310.894781][T11793] veth0_macvtap: entered promiscuous mode [ 310.921343][T11793] veth1_macvtap: entered promiscuous mode [ 310.947315][T11793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.962017][T11793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.973735][T11793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.984516][T11793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.994689][T11793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 311.016883][T11793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.031940][T11793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 311.060092][T11793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 311.076011][T11793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.089258][T12330] 9pnet_fd: Insufficient options for proto=fd [ 311.095102][T11793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 311.116007][T11793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.131379][T11793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 311.144490][T11793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.156802][T11793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 311.178220][T11793] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.206411][T11793] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.215282][T11793] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.224421][T11793] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.243147][T12334] netlink: 'syz.0.2190': attribute type 10 has an invalid length. [ 311.255240][T12334] syz_tun: entered promiscuous mode [ 311.289803][T12334] $H: (slave syz_tun): Enslaving as an active interface with an up link [ 311.388911][T12343] loop2: detected capacity change from 0 to 1024 [ 311.422761][T12343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 311.457666][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.476855][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.511069][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.519750][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.632518][T12358] loop3: detected capacity change from 0 to 128 [ 311.843258][T12366] loop3: detected capacity change from 0 to 1024 [ 311.850547][T12366] EXT4-fs: Ignoring removed bh option [ 311.858323][T12366] EXT4-fs: inline encryption not supported [ 311.874551][T12366] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 311.914449][T12366] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 2: comm syz.3.2198: lblock 2 mapped to illegal pblock 2 (length 1) [ 311.958238][T12366] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 48: comm syz.3.2198: lblock 0 mapped to illegal pblock 48 (length 1) [ 312.007087][T12366] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.2198: Failed to acquire dquot type 0 [ 312.039668][T12366] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 312.066808][T12366] EXT4-fs error (device loop3): ext4_evict_inode:252: inode #11: comm syz.3.2198: mark_inode_dirty error [ 312.116033][T12366] EXT4-fs warning (device loop3): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 312.143956][T12366] EXT4-fs (loop3): 1 orphan inode deleted [ 312.163142][ T3465] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 312.165351][T12366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.204075][ T3465] EXT4-fs error (device loop3): ext4_release_dquot:6976: comm kworker/u4:9: Failed to release dquot type 0 [ 312.242041][T12366] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.257882][T12366] EXT4-fs error (device loop3): __ext4_get_inode_loc:4483: comm syz.3.2198: Invalid inode table block 1 in block_group 0 [ 312.273938][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.298128][T12366] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 312.359354][T12366] EXT4-fs error (device loop3): ext4_quota_off:7224: inode #3: comm syz.3.2198: mark_inode_dirty error [ 312.734479][T12399] netlink: 'syz.1.2207': attribute type 10 has an invalid length. [ 312.752962][T12399] syz_tun: entered promiscuous mode [ 312.783783][T12399] $H: (slave syz_tun): Enslaving as an active interface with an up link [ 313.579687][T12434] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6erspan0 [ 313.595225][T12434] ip6erspan0: entered promiscuous mode [ 313.705626][T12442] syz.1.2222[12442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 313.705769][T12442] syz.1.2222[12442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.235291][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 314.235306][ T28] audit: type=1326 audit(1757301364.407:3245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12455 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 314.291865][ T28] audit: type=1326 audit(1757301364.407:3246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12455 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 314.322029][ T28] audit: type=1326 audit(1757301364.407:3247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12455 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 314.322988][T12459] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2228'. [ 314.406939][ T28] audit: type=1326 audit(1757301364.407:3248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12455 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 314.431702][ T28] audit: type=1326 audit(1757301364.407:3249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12455 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 314.537386][ T28] audit: type=1326 audit(1757301364.707:3250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12462 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc9bb8ebe9 code=0x7ffc0000 [ 314.650746][ T28] audit: type=1326 audit(1757301364.707:3251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12462 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc9bb8ebe9 code=0x7ffc0000 [ 314.715433][ T28] audit: type=1326 audit(1757301364.737:3252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12462 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7fdc9bb8ebe9 code=0x7ffc0000 [ 315.329125][T12482] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2236'. [ 315.345534][ T28] audit: type=1326 audit(1757301365.517:3253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12462 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc9bb8ebe9 code=0x7ffc0000 [ 315.383098][T12482] sch_tbf: burst 511 is lower than device nlmon0 mtu (3776) ! [ 315.383842][ T28] audit: type=1326 audit(1757301365.517:3254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12462 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc9bb8ebe9 code=0x7ffc0000 [ 315.657003][T12495] netlink: 'syz.2.2239': attribute type 10 has an invalid length. [ 315.763750][T12494] loop3: detected capacity change from 0 to 8192 [ 316.445470][T12523] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2248'. [ 316.507206][T12523] sch_tbf: burst 511 is lower than device veth5 mtu (1514) ! [ 316.603110][T12539] IPv6: Can't replace route, no match found [ 317.367673][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.378046][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.609251][T12565] netlink: 'syz.2.2258': attribute type 10 has an invalid length. [ 317.675767][T12565] : (slave dummy0): Releasing backup interface [ 317.688394][T12565] team0: Device dummy0 is already a lower device of the team interface [ 317.705967][T12568] netlink: 'syz.2.2258': attribute type 10 has an invalid length. [ 317.721250][T12568] : (slave dummy0): Enslaving as an active interface with an up link [ 317.884013][T12572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2261'. [ 317.893872][T12572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2261'. [ 318.372815][T12593] pimreg: entered allmulticast mode [ 318.383068][T12593] pimreg: left allmulticast mode [ 320.060335][T12657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2280'. [ 320.240875][T12667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2285'. [ 320.302788][T12673] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2287'. [ 321.191206][T12727] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2304'. [ 321.356734][T12735] dummy0: entered allmulticast mode [ 321.357829][T12737] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2308'. [ 321.371831][T12735] dummy0: left allmulticast mode [ 321.476892][T12741] sch_tbf: burst 511 is lower than device netdevsim3 mtu (1514) ! [ 322.373651][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 322.400103][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 322.412397][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 322.423670][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 322.431485][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 322.450432][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 322.504849][ T5787] $H: (slave syz_tun): Releasing backup interface [ 322.528558][T12782] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2324'. [ 322.648919][T12782] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2324'. [ 322.697472][ T3465] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.830314][ T3465] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.934913][ T3465] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.978108][T12782] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2324'. [ 323.039963][ T3465] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.339700][T12789] netlink: 'syz.2.2326': attribute type 4 has an invalid length. [ 323.347778][T12789] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2326'. [ 323.971994][T12767] chnl_net:caif_netlink_parms(): no params data found [ 324.562374][ T50] Bluetooth: hci2: command tx timeout [ 324.651110][T12986] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2340'. [ 324.669160][T12961] netlink: 'syz.3.2338': attribute type 10 has an invalid length. [ 324.749737][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 324.749763][ T28] audit: type=1326 audit(1757301374.907:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 324.764263][T12961] team0: Port device dummy0 added [ 324.801621][ T28] audit: type=1326 audit(1757301374.907:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 324.861520][ T28] audit: type=1326 audit(1757301374.957:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 324.915960][ T28] audit: type=1326 audit(1757301374.957:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 324.960932][T12970] netlink: 'syz.3.2338': attribute type 10 has an invalid length. [ 324.986021][ T28] audit: type=1326 audit(1757301374.957:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 325.010614][ T28] audit: type=1326 audit(1757301374.957:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 325.121155][ T28] audit: type=1326 audit(1757301374.957:3268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 325.175973][T12970] team0: Port device dummy0 removed [ 325.182702][ T28] audit: type=1326 audit(1757301374.957:3269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 325.190735][T12970] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 325.208091][ T28] audit: type=1326 audit(1757301374.957:3270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 325.248223][ T28] audit: type=1326 audit(1757301374.957:3271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.1.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 325.330172][T12767] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.340618][T12767] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.360526][T12767] bridge_slave_0: entered allmulticast mode [ 325.391840][T12767] bridge_slave_0: entered promiscuous mode [ 325.414663][T12767] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.429741][T12767] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.442649][T12767] bridge_slave_1: entered allmulticast mode [ 325.451082][T12767] bridge_slave_1: entered promiscuous mode [ 325.727755][T12767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.740787][T12767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.901476][T12767] team0: Port device team_slave_0 added [ 325.994918][T12767] team0: Port device team_slave_1 added [ 326.150056][T12767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.169206][T12767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.196020][T12767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 326.209522][T12767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 326.216712][T12767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.243941][T12767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.321347][T13128] syz.2.2360[13128] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.321490][T13128] syz.2.2360[13128] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.434237][T13128] loop2: detected capacity change from 0 to 512 [ 326.556415][T13128] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 326.588353][T13128] ext4 filesystem being mounted at /551/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 326.619865][T12767] hsr_slave_0: entered promiscuous mode [ 326.642427][ T50] Bluetooth: hci2: command tx timeout [ 326.659033][T12767] hsr_slave_1: entered promiscuous mode [ 326.669611][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.713371][T12767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 326.721012][T12767] Cannot create hsr debugfs directory [ 326.772565][ T3465] hsr_slave_0: left promiscuous mode [ 326.799585][ T3465] hsr_slave_1: left promiscuous mode [ 326.811315][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 326.820511][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 326.834741][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 326.835539][T13179] 9pnet_fd: Insufficient options for proto=fd [ 326.843070][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 326.895224][ T3465] veth1_macvtap: left promiscuous mode [ 326.903331][ T3465] veth0_macvtap: left promiscuous mode [ 327.078945][ T3465] infiniband !yz!: set down [ 327.122646][ T5958] page_pool_release_retry() stalled pool shutdown 31 inflight 181 sec [ 327.240303][ T3465] pimreg (unregistering): left allmulticast mode [ 327.441498][T13200] loop2: detected capacity change from 0 to 2048 [ 327.471205][T13200] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 327.509452][T13200] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.596511][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.826171][ T3465] team0 (unregistering): Port device team_slave_1 removed [ 327.881371][ T3465] team0 (unregistering): Port device team_slave_0 removed [ 327.890842][ T1321] smc: removing ib device !yz! [ 327.945789][ T3465] $H (unregistering): (slave bond_slave_1): Releasing backup interface [ 327.956405][ T3465] bond_slave_1 (unregistering): left promiscuous mode [ 328.008202][ T3465] $H (unregistering): (slave bond_slave_0): Releasing backup interface [ 328.018096][ T3465] bond_slave_0 (unregistering): left promiscuous mode [ 328.297786][ T3465] team0 (unregistering): Port device dummy0 removed [ 328.596457][ T3465] $H (unregistering): Released all slaves [ 328.722492][ T50] Bluetooth: hci2: command tx timeout [ 329.061344][T13207] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.173011][T13247] tmpfs: Unknown parameter 'quot' [ 329.939606][T13248] lo speed is unknown, defaulting to 1000 [ 329.947454][T13248] lo speed is unknown, defaulting to 1000 [ 329.957291][T13248] lo speed is unknown, defaulting to 1000 [ 330.001749][T13248] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98 [ 330.156983][T13207] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.256589][T13248] lo speed is unknown, defaulting to 1000 [ 330.309703][T13248] lo speed is unknown, defaulting to 1000 [ 330.415076][T13207] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.505810][T13248] lo speed is unknown, defaulting to 1000 [ 330.615052][T13207] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.679110][T13248] lo speed is unknown, defaulting to 1000 [ 330.810903][ T50] Bluetooth: hci2: command tx timeout [ 331.100780][T13207] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.129046][T13318] binfmt_misc: register: failed to install interpreter file ./file2 [ 331.170756][T13207] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.239821][T13207] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.269837][T13207] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.324937][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 331.324953][ T28] audit: type=1326 audit(1757301381.497:3282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13328 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 331.382225][ T28] audit: type=1326 audit(1757301381.537:3283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13328 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 331.423708][ T28] audit: type=1326 audit(1757301381.537:3284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13328 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 331.459882][ T28] audit: type=1326 audit(1757301381.537:3285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13328 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 331.607152][ T28] audit: type=1326 audit(1757301381.777:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13349 comm="syz.1.2390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 331.699219][ T28] audit: type=1326 audit(1757301381.777:3287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13349 comm="syz.1.2390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 331.763745][ T28] audit: type=1326 audit(1757301381.777:3288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13349 comm="syz.1.2390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 331.767159][T12767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 331.792185][ T28] audit: type=1326 audit(1757301381.777:3289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13349 comm="syz.1.2390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 331.818347][ T28] audit: type=1326 audit(1757301381.777:3290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13349 comm="syz.1.2390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 331.866044][T12767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 331.916698][T12767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 331.945872][T12767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 332.016067][ T28] audit: type=1326 audit(1757301382.187:3291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13371 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034978ebe9 code=0x7ffc0000 [ 332.100716][T13382] __nla_validate_parse: 1 callbacks suppressed [ 332.100733][T13382] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2396'. [ 332.228613][T12767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.286172][T12767] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.331106][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.338347][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.368100][ T2986] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.376573][ T2986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.701001][T12767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.809566][T12767] veth0_vlan: entered promiscuous mode [ 332.841136][T12767] veth1_vlan: entered promiscuous mode [ 332.943033][T12767] veth0_macvtap: entered promiscuous mode [ 332.969519][T12767] veth1_macvtap: entered promiscuous mode [ 333.012780][T12767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 333.029128][T12767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.040629][T12767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 333.088380][T12767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.110751][T12767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 333.121705][T12767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.140397][T12767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 333.179168][T12767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.227030][T12767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.249921][T12767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.266466][T12767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.294371][T12767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.332840][T12767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.349925][T12767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.381200][T12767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.409607][T12767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.410793][T13359] syz.3.2391: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null) [ 333.418475][T12767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.428793][T13359] ,cpuset= [ 333.436034][T12767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.475286][T13359] syz3,mems_allowed=0-1 [ 333.479581][T13359] CPU: 0 PID: 13359 Comm: syz.3.2391 Not tainted syzkaller #0 [ 333.487088][T13359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 333.497273][T13359] Call Trace: [ 333.500657][T13359] [ 333.503642][T13359] dump_stack_lvl+0x16c/0x230 [ 333.508380][T13359] ? show_regs_print_info+0x20/0x20 [ 333.513723][T13359] ? load_image+0x3b0/0x3b0 [ 333.518277][T13359] ? __rcu_read_unlock+0x7c/0xd0 [ 333.523268][T13359] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 333.529734][T13359] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 333.536292][T13359] warn_alloc+0x210/0x300 [ 333.540697][T13359] ? zone_watermark_ok_safe+0x230/0x230 [ 333.546312][T13359] ? _raw_spin_unlock+0x28/0x40 [ 333.551231][T13359] __vmalloc_node_range+0x662/0x1320 [ 333.556596][T13359] ? free_vm_area+0x50/0x50 [ 333.561158][T13359] ? _raw_spin_unlock+0x28/0x40 [ 333.566072][T13359] ? __kasan_kmalloc+0x8f/0xa0 [ 333.570885][T13359] __vmalloc_node_range+0x568/0x1320 [ 333.576219][T13359] ? hash_netiface_create+0x361/0xff0 [ 333.581628][T13359] ? __asan_memset+0x22/0x40 [ 333.586293][T13359] ? free_vm_area+0x50/0x50 [ 333.590847][T13359] ? kvmalloc_node+0x70/0x180 [ 333.595655][T13359] ? rcu_is_watching+0x15/0xb0 [ 333.600469][T13359] ? kvmalloc_node+0x70/0x180 [ 333.605236][T13359] ? trace_kmalloc+0x1f/0xa0 [ 333.609880][T13359] kvmalloc_node+0x13f/0x180 [ 333.614526][T13359] ? hash_netiface_create+0x361/0xff0 [ 333.619941][T13359] hash_netiface_create+0x361/0xff0 [ 333.625192][T13359] ? __lock_acquire+0x7c80/0x7c80 [ 333.630269][T13359] ? __nla_parse+0x40/0x50 [ 333.634817][T13359] ? hash_netport6_gc+0x570/0x570 [ 333.639894][T13359] ip_set_create+0xa87/0x18e0 [ 333.644634][T13359] ? ip_set_create+0x4b2/0x18e0 [ 333.649552][T13359] ? ip_set_protocol+0x5d0/0x5d0 [ 333.654548][T13359] ? trace_contention_end+0x39/0xe0 [ 333.659840][T13359] nfnetlink_rcv_msg+0xb49/0x1130 [ 333.664917][T13359] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 333.670183][T13359] ? nfnetlink_unbind+0x160/0x160 [ 333.675251][T13359] ? kasan_set_track+0x5f/0x70 [ 333.680093][T13359] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 333.686221][T13359] netlink_rcv_skb+0x216/0x480 [ 333.691045][T13359] ? nfnetlink_unbind+0x160/0x160 [ 333.696127][T13359] ? netlink_ack+0x1110/0x1110 [ 333.700949][T13359] ? apparmor_capable+0x137/0x1a0 [ 333.706019][T13359] ? bpf_lsm_capable+0x9/0x10 [ 333.710751][T13359] ? security_capable+0x89/0xb0 [ 333.715656][T13359] nfnetlink_rcv+0x274/0x2180 [ 333.720390][T13359] ? __local_bh_enable_ip+0x12e/0x1c0 [ 333.725812][T13359] ? lockdep_hardirqs_on+0x98/0x150 [ 333.731066][T13359] ? __local_bh_enable_ip+0x12e/0x1c0 [ 333.736481][T13359] ? _local_bh_enable+0xa0/0xa0 [ 333.741381][T13359] ? __dev_queue_xmit+0x245/0x35a0 [ 333.746533][T13359] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 333.752139][T13359] ? __dev_queue_xmit+0x245/0x35a0 [ 333.757313][T13359] ? ref_tracker_free+0x634/0x7d0 [ 333.762390][T13359] ? refcount_inc+0x70/0x70 [ 333.766946][T13359] ? __skb_clone+0x63/0x790 [ 333.771664][T13359] ? __skb_clone+0x480/0x790 [ 333.776297][T13359] ? __netlink_deliver_tap+0x7e8/0x830 [ 333.781782][T13359] ? netlink_deliver_tap+0x2e/0x1b0 [ 333.787019][T13359] ? __lock_acquire+0x7c80/0x7c80 [ 333.792089][T13359] ? netlink_deliver_tap+0x2e/0x1b0 [ 333.797331][T13359] netlink_unicast+0x751/0x8d0 [ 333.802222][T13359] netlink_sendmsg+0x8c1/0xbe0 [ 333.807021][T13359] ? netlink_getsockopt+0x580/0x580 [ 333.812361][T13359] ? aa_sock_msg_perm+0x94/0x150 [ 333.817406][T13359] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 333.822717][T13359] ? security_socket_sendmsg+0x80/0xa0 [ 333.828211][T13359] ? netlink_getsockopt+0x580/0x580 [ 333.833444][T13359] ____sys_sendmsg+0x5bf/0x950 [ 333.838247][T13359] ? __asan_memset+0x22/0x40 [ 333.842865][T13359] ? __sys_sendmsg_sock+0x30/0x30 [ 333.847914][T13359] ? __import_iovec+0x5f2/0x860 [ 333.852807][T13359] ? import_iovec+0x73/0xa0 [ 333.857347][T13359] ___sys_sendmsg+0x220/0x290 [ 333.862056][T13359] ? __sys_sendmsg+0x270/0x270 [ 333.866897][T13359] __se_sys_sendmsg+0x1a5/0x270 [ 333.871782][T13359] ? __x64_sys_sendmsg+0x80/0x80 [ 333.876756][T13359] ? lockdep_hardirqs_on+0x98/0x150 [ 333.881982][T13359] do_syscall_64+0x55/0xb0 [ 333.886417][T13359] ? clear_bhb_loop+0x40/0x90 [ 333.891108][T13359] ? clear_bhb_loop+0x40/0x90 [ 333.895804][T13359] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 333.901809][T13359] RIP: 0033:0x7fa86d58ebe9 [ 333.906251][T13359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.925995][T13359] RSP: 002b:00007fa86e3d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 333.934430][T13359] RAX: ffffffffffffffda RBX: 00007fa86d7c5fa0 RCX: 00007fa86d58ebe9 [ 333.942423][T13359] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 333.950411][T13359] RBP: 00007fa86d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 333.958397][T13359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 333.966380][T13359] R13: 00007fa86d7c6038 R14: 00007fa86d7c5fa0 R15: 00007fff3f2f8b28 [ 333.974383][T13359] [ 334.053383][T13359] Mem-Info: [ 334.066415][T13359] active_anon:4268 inactive_anon:0 isolated_anon:0 [ 334.066415][T13359] active_file:7359 inactive_file:50213 isolated_file:0 [ 334.066415][T13359] unevictable:1131 dirty:85 writeback:0 [ 334.066415][T13359] slab_reclaimable:11123 slab_unreclaimable:91422 [ 334.066415][T13359] mapped:24075 shmem:1362 pagetables:525 [ 334.066415][T13359] sec_pagetables:0 bounce:0 [ 334.066415][T13359] kernel_misc_reclaimable:0 [ 334.066415][T13359] free:1314449 free_pcp:9263 free_cma:0 [ 334.236161][T13415] netlink: 'syz.1.2406': attribute type 13 has an invalid length. [ 334.270193][T13359] Node 0 active_anon:16996kB inactive_anon:0kB active_file:29436kB inactive_file:200652kB unevictable:2988kB isolated(anon):0kB isolated(file):0kB mapped:96324kB dirty:336kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12056kB pagetables:2088kB sec_pagetables:0kB all_unreclaimable? no [ 334.324119][T13359] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 334.359718][T13359] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 334.392627][T13359] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 334.398646][T13359] Node 0 DMA32 free:1326848kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:17152kB inactive_anon:0kB active_file:29436kB inactive_file:199328kB unevictable:2988kB writepending:332kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:16908kB local_pcp:5340kB free_cma:0kB [ 334.439218][T13359] lowmem_reserve[]: 0 0 1 1 1 [ 334.446787][T13359] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 334.475860][T13359] lowmem_reserve[]: 0 0 0 0 0 [ 334.480782][T13359] Node 1 Normal free:3902540kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20864kB local_pcp:16704kB free_cma:0kB [ 334.517879][T13359] lowmem_reserve[]: 0 0 0 0 0 [ 334.523864][T13359] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 334.537279][T13359] Node 0 DMA32: 1286*4kB (UME) 413*8kB (ME) 376*16kB (UME) 298*32kB (UME) 181*64kB (ME) 86*128kB (UME) 23*256kB (UME) 11*512kB (ME) 7*1024kB (M) 10*2048kB (M) 293*4096kB (M) = 1285888kB [ 334.546783][T13415] 8021q: adding VLAN 0 to HW filter on device $H [ 334.555947][T13359] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 334.556092][T13359] Node 1 Normal: 263*4kB (U) 54*8kB (UE) 38*16kB (UE) 119*32kB (UE) 37*64kB (UME) 6*128kB (UME) 1*256kB (E) 2*512kB (ME) 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3902540kB [ 334.556300][T13359] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 334.556319][T13359] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 334.556337][T13359] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 334.556354][T13359] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 334.556372][T13359] 59293 total pagecache pages [ 334.556381][T13359] 0 pages in swap cache [ 334.556388][T13359] Free swap = 124440kB [ 334.556397][T13359] Total swap = 124996kB [ 334.556405][T13359] 2097051 pages RAM [ 334.653645][T13359] 0 pages HighMem/MovableOnly [ 334.659587][T13359] 416139 pages reserved [ 334.663950][T13359] 0 pages cma reserved [ 334.678590][T13415] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 334.732568][ T2986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.740557][ T2986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.811646][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.823360][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.964473][T13439] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 335.921761][T13451] lo speed is unknown, defaulting to 1000 [ 336.059448][T13474] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2414'. [ 337.825381][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 337.825398][ T28] audit: type=1326 audit(1757301387.997:3319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 337.855960][T13514] loop3: detected capacity change from 0 to 128 [ 337.865220][ T28] audit: type=1326 audit(1757301387.997:3320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 337.890049][ T28] audit: type=1326 audit(1757301387.997:3321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 337.913798][ T28] audit: type=1326 audit(1757301387.997:3322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 337.940743][ T28] audit: type=1326 audit(1757301387.997:3323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 337.970698][ T28] audit: type=1326 audit(1757301388.137:3324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 337.995362][ T28] audit: type=1326 audit(1757301388.137:3325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 338.021464][ T28] audit: type=1326 audit(1757301388.137:3326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 338.044627][ T28] audit: type=1326 audit(1757301388.137:3327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 338.067862][ T28] audit: type=1326 audit(1757301388.137:3328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13507 comm="syz.2.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 338.499541][T13538] syz.2.2438[13538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 338.499767][T13538] syz.2.2438[13538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 338.538395][T13532] loop3: detected capacity change from 0 to 8192 [ 338.616033][T13532] loop3: p1 p2[DM] p4 [ 338.620967][T13532] loop3: p1 size 196608 extends beyond EOD, truncated [ 338.641822][T13547] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2435'. [ 338.656213][T13532] loop3: p2 start 4292936063 is beyond EOD, truncated [ 338.672821][T13532] loop3: p4 size 50331648 extends beyond EOD, truncated [ 338.680037][T13547] netlink: 212 bytes leftover after parsing attributes in process `syz.3.2435'. [ 338.723335][T13532] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 338.723335][T13532] program syz.3.2435 not setting count and/or reply_len properly [ 338.872847][T13554] sch_tbf: burst 511 is lower than device wg0 mtu (1420) ! [ 339.136006][T13560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2441'. [ 340.223661][T13564] lo speed is unknown, defaulting to 1000 [ 341.423364][T13621] sch_tbf: burst 511 is lower than device veth1_to_team mtu (1514) ! [ 341.678981][T13641] loop2: detected capacity change from 0 to 2048 [ 341.711833][T13641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 341.881572][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 342.061226][T13662] 9pnet: Could not find request transport: 0xffffffffffffffff [ 342.979843][T13681] lo speed is unknown, defaulting to 1000 [ 343.038713][T13675] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2466'. [ 343.166709][T13717] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2471'. [ 343.458913][ T28] kauditd_printk_skb: 58 callbacks suppressed [ 343.458929][ T28] audit: type=1326 audit(1757301393.627:3387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.515512][ T28] audit: type=1326 audit(1757301393.657:3388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.547238][ T28] audit: type=1326 audit(1757301393.657:3389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.561992][T13729] netlink: 'syz.3.2476': attribute type 4 has an invalid length. [ 343.600068][ T28] audit: type=1326 audit(1757301393.657:3390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.656918][ T28] audit: type=1326 audit(1757301393.657:3391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.715388][ T8] lo speed is unknown, defaulting to 1000 [ 343.732250][ T28] audit: type=1326 audit(1757301393.657:3392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.801921][ T28] audit: type=1326 audit(1757301393.657:3393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.874669][ T28] audit: type=1326 audit(1757301393.657:3394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 343.933698][T13730] lo speed is unknown, defaulting to 1000 [ 343.977786][ T28] audit: type=1326 audit(1757301393.657:3395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 344.072807][ T28] audit: type=1326 audit(1757301393.657:3396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13725 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 344.721052][T13776] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2487'. [ 344.899854][T13780] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 345.289869][T13270] $H: (slave syz_tun): Releasing backup interface [ 345.331157][T13791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2490'. [ 345.413888][ T5793] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 345.428076][ T5793] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 345.438646][ T5793] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 345.455109][ T5793] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 345.464750][ T5793] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 345.489626][ T5793] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 345.577705][ T1074] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.790010][T13801] lo speed is unknown, defaulting to 1000 [ 345.840153][ T1074] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.414541][ T1074] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.814166][ T1074] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.276522][T13801] chnl_net:caif_netlink_parms(): no params data found [ 347.522989][ T5793] Bluetooth: hci0: command tx timeout [ 347.583360][ T1074] tipc: Disabling bearer [ 347.598578][ T1074] tipc: Left network mode [ 347.854250][T13801] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.861446][T13801] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.902962][T13801] bridge_slave_0: entered allmulticast mode [ 347.910474][T13801] bridge_slave_0: entered promiscuous mode [ 348.062963][T13801] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.070173][T13801] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.107940][T13801] bridge_slave_1: entered allmulticast mode [ 348.129394][T13801] bridge_slave_1: entered promiscuous mode [ 348.393543][T13801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 348.415424][T13801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.419316][T14058] loop2: detected capacity change from 0 to 512 [ 348.437865][T14058] EXT4-fs: old and new quota format mixing [ 348.531460][T14058] loop2: detected capacity change from 0 to 1024 [ 348.544194][T14058] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 348.582100][T14058] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000e11d, mo2=0002] [ 348.590634][T14058] EXT4-fs (loop2): failed to initialize system zone (-117) [ 348.599653][T14058] EXT4-fs (loop2): mount failed [ 348.640107][T13801] team0: Port device team_slave_0 added [ 348.651282][T13801] team0: Port device team_slave_1 added [ 348.850598][T13801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 348.860368][T13801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.895887][T13801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 348.979508][T13801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 349.000276][T13801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 349.051580][T13801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 349.228284][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 349.228298][ T28] audit: type=1326 audit(1757301399.397:3439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14121 comm="syz.2.2522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 349.334133][ T28] audit: type=1326 audit(1757301399.437:3440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14121 comm="syz.2.2522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 349.412386][ T28] audit: type=1326 audit(1757301399.437:3441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14121 comm="syz.2.2522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 349.449184][ T28] audit: type=1326 audit(1757301399.437:3442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14121 comm="syz.2.2522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 349.476430][ T28] audit: type=1326 audit(1757301399.447:3443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14121 comm="syz.2.2522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 349.610978][ T5793] Bluetooth: hci0: command tx timeout [ 349.722850][T13801] hsr_slave_0: entered promiscuous mode [ 349.730655][T13801] hsr_slave_1: entered promiscuous mode [ 349.770225][T13801] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 349.800913][T13801] Cannot create hsr debugfs directory [ 349.872604][T14170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2527'. [ 350.265195][ T1074] hsr_slave_0: left promiscuous mode [ 350.282511][ T1074] hsr_slave_1: left promiscuous mode [ 350.293313][ T1074] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 350.311046][ T1074] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 350.340987][ T1074] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 350.355040][ T1074] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.363986][ T1074] batadv1: left allmulticast mode [ 350.369078][ T1074] batadv1: left promiscuous mode [ 350.378845][ T1074] bridge0: port 3(batadv1) entered disabled state [ 350.398468][ T1074] bridge_slave_1: left allmulticast mode [ 350.405131][T14213] loop2: detected capacity change from 0 to 1024 [ 350.412665][ T1074] bridge_slave_1: left promiscuous mode [ 350.422844][ T1074] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.439239][T14213] EXT4-fs: Ignoring removed oldalloc option [ 350.445348][T14213] EXT4-fs: Ignoring removed bh option [ 350.451480][T14213] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 350.451640][ T1074] bridge_slave_0: left allmulticast mode [ 350.476338][ T1074] bridge_slave_0: left promiscuous mode [ 350.491377][ T1074] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.503640][T14213] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 350.585210][ T1074] veth1_macvtap: left promiscuous mode [ 350.590829][ T1074] veth0_macvtap: left promiscuous mode [ 350.731292][ T1321] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 350.788944][ T1074] bond4 (unregistering): (slave bridge2): Releasing active interface [ 350.829731][ T1074] bond4 (unregistering): Released all slaves [ 350.848446][ T1074] bond3 (unregistering): Released all slaves [ 350.869308][ T1074] bond2 (unregistering): Released all slaves [ 350.891731][T14224] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2534'. [ 350.988055][ T1074] bond1 (unregistering): Released all slaves [ 351.012973][ T1074] pimreg (unregistering): left allmulticast mode [ 351.510832][ T1074] team0 (unregistering): Port device team_slave_1 removed [ 351.568917][ T1074] team0 (unregistering): Port device team_slave_0 removed [ 351.634321][ T1074] $H (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.643861][ T1074] bond_slave_1 (unregistering): left promiscuous mode [ 351.687222][ T5793] Bluetooth: hci0: command tx timeout [ 351.705855][ T1074] $H (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.714984][ T1074] bond_slave_0 (unregistering): left promiscuous mode [ 351.923571][ T1074] $H (unregistering): (slave dummy0): Releasing backup interface [ 351.935965][ T1074] dummy0 (unregistering): left promiscuous mode [ 352.236175][ T1074] $H (unregistering): Released all slaves [ 352.321554][T14215] tipc: Enabling of bearer rejected, failed to enable media [ 352.392016][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.639671][T14248] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2536'. [ 353.499786][T13801] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 353.514939][T13801] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 353.546683][T13801] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 353.607554][T13801] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 353.732946][T14327] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2546'. [ 353.760341][T13801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 353.772658][ T5793] Bluetooth: hci0: command tx timeout [ 353.797560][T13801] 8021q: adding VLAN 0 to HW filter on device team0 [ 353.802473][ T28] audit: type=1326 audit(1757301403.957:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.2546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 353.875018][ T3465] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.882294][ T3465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 353.900643][ T28] audit: type=1326 audit(1757301403.957:3445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.2546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 353.929185][ T3465] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.936443][ T3465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.943993][ T28] audit: type=1326 audit(1757301403.957:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.2546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 354.014809][ T28] audit: type=1326 audit(1757301403.957:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.2546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 354.082314][ T28] audit: type=1326 audit(1757301403.957:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.2546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 354.566879][T13801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.638993][T14348] netlink: 'syz.2.2554': attribute type 3 has an invalid length. [ 354.717144][T13801] veth0_vlan: entered promiscuous mode [ 354.736262][T13801] veth1_vlan: entered promiscuous mode [ 354.812707][T14354] loop2: detected capacity change from 0 to 512 [ 354.815785][T13801] veth0_macvtap: entered promiscuous mode [ 354.841629][T14354] journal_path: Lookup failure for './file1' [ 354.846985][T13801] veth1_macvtap: entered promiscuous mode [ 354.858041][T14354] EXT4-fs: error: could not find journal device path [ 354.880977][T13801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.895466][T13801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.910777][T13801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.921721][T13801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.938655][T13801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.950756][T13801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.963696][T13801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.022859][T13801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.072390][T13801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.091648][T13801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.107469][T13801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.138492][T13801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.146727][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 355.146745][ T28] audit: type=1326 audit(1757301405.317:3466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.151717][T13801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.176443][ T28] audit: type=1326 audit(1757301405.317:3467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.180663][T13801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.225424][ T28] audit: type=1326 audit(1757301405.317:3468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.249050][ T28] audit: type=1326 audit(1757301405.337:3469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.296443][T13801] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.316308][T13801] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.326797][ T28] audit: type=1326 audit(1757301405.337:3470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.354897][T13801] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.364176][T13801] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.381483][ T28] audit: type=1326 audit(1757301405.337:3471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.455552][ T28] audit: type=1326 audit(1757301405.337:3472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.548046][ T28] audit: type=1326 audit(1757301405.337:3473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.598050][ T28] audit: type=1326 audit(1757301405.337:3474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.628684][ T28] audit: type=1326 audit(1757301405.337:3475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.2.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7f58e918ebe9 code=0x7ffc0000 [ 355.640350][T14386] loop2: detected capacity change from 0 to 512 [ 355.652014][ T1028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.678042][ T1028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.679417][T14386] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 355.754506][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.780994][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.515232][ T1028] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.647306][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 357.663900][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 357.663911][ T1028] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.684176][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 357.694102][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 357.703445][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 357.708966][T14438] netlink: 'syz.0.2581': attribute type 1 has an invalid length. [ 357.718889][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 357.728621][T14438] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2581'. [ 357.788991][ T1028] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.830873][T14432] lo speed is unknown, defaulting to 1000 [ 357.880963][ T1028] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.256368][T14486] netlink: 'syz.3.2585': attribute type 21 has an invalid length. [ 358.354945][T14432] chnl_net:caif_netlink_parms(): no params data found [ 358.449542][ T1028] tipc: Disabling bearer [ 358.458284][ T1028] tipc: Left network mode [ 358.614030][T14432] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.627431][T14432] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.637240][T14432] bridge_slave_0: entered allmulticast mode [ 358.650135][T14432] bridge_slave_0: entered promiscuous mode [ 358.683671][T14432] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.695098][T14432] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.705750][T14432] bridge_slave_1: entered allmulticast mode [ 358.718824][T14432] bridge_slave_1: entered promiscuous mode [ 358.944891][T14432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 359.007470][T14432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 359.218475][T14432] team0: Port device team_slave_0 added [ 359.239773][ T1028] bridge0: port 3(gretap0) entered disabled state [ 359.272142][ T1028] gretap0 (unregistering): left allmulticast mode [ 359.278831][ T1028] gretap0 (unregistering): left promiscuous mode [ 359.307158][ T1028] bridge0: port 3(gretap0) entered disabled state [ 359.324791][T14432] team0: Port device team_slave_1 added [ 359.435230][T14432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 359.454213][T14432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.504908][T14432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 359.566130][T14432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 359.573746][T14432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.604827][T14432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 359.773981][ T5793] Bluetooth: hci1: command tx timeout [ 359.779658][T14432] hsr_slave_0: entered promiscuous mode [ 359.788036][T14432] hsr_slave_1: entered promiscuous mode [ 359.798352][T14432] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 359.806891][T14432] Cannot create hsr debugfs directory [ 359.936411][ T1028] hsr_slave_0: left promiscuous mode [ 359.946751][ T1028] hsr_slave_1: left promiscuous mode [ 359.953255][ T1028] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 359.960850][ T1028] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 359.972976][ T1028] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 359.980555][ T1028] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.988878][ T1028] bridge_slave_1: left allmulticast mode [ 359.994959][ T1028] bridge_slave_1: left promiscuous mode [ 360.000883][ T1028] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.010780][ T1028] bridge_slave_0: left allmulticast mode [ 360.016732][ T1028] bridge_slave_0: left promiscuous mode [ 360.026485][ T1028] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.091246][ T1028] veth1_macvtap: left promiscuous mode [ 360.105880][ T1028] veth0_macvtap: left promiscuous mode [ 360.107057][T14691] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 360.127182][T14691] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 360.149172][T14691] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 360.167181][T14691] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 360.192878][T14691] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 360.201168][T14691] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 360.215172][T14691] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 360.221941][T14691] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 360.238697][T14691] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 360.269568][T14691] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 360.277964][T14691] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 360.296162][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 360.296177][ T28] audit: type=1326 audit(1757301410.467:3478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.332770][T14691] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 360.341056][ T28] audit: type=1326 audit(1757301410.467:3479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.370104][ T28] audit: type=1326 audit(1757301410.467:3480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.432013][ T1028] bond1 (unregistering): Released all slaves [ 360.439848][ T28] audit: type=1326 audit(1757301410.467:3481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.527334][ T28] audit: type=1326 audit(1757301410.467:3482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.553868][ T1028] bond0 (unregistering): (slave bridge2): Releasing active interface [ 360.587181][ T28] audit: type=1326 audit(1757301410.477:3483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.626046][ T28] audit: type=1326 audit(1757301410.477:3484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.660992][ T28] audit: type=1326 audit(1757301410.507:3485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14779 comm="syz.3.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa86d58ebe9 code=0x7ffc0000 [ 360.694728][ T1028] bond0 (unregistering): Released all slaves [ 360.756128][ T28] audit: type=1326 audit(1757301410.927:3486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14790 comm="syz.0.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 360.780661][ T1028] team0 (unregistering): Port device vlan1 removed [ 360.794634][ T28] audit: type=1326 audit(1757301410.927:3487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14790 comm="syz.0.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 361.452555][ T5793] Bluetooth: hci4: command 0x0c1a tx timeout [ 361.501126][ T1028] team0 (unregistering): Port device team_slave_1 removed [ 361.636457][ T1028] team0 (unregistering): Port device team_slave_0 removed [ 361.738112][ T1028]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 361.819990][ T1028]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 362.012056][T14795] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 362.026172][T14795] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 362.037690][T14795] vhci_hcd vhci_hcd.0: Device attached [ 362.057587][T14796] vhci_hcd: connection closed [ 362.077506][ T11] vhci_hcd: stop threads [ 362.088614][ T11] vhci_hcd: release socket [ 362.094344][ T11] vhci_hcd: disconnect device [ 362.157101][ T1028]  (unregistering): (slave batadv0): Releasing backup interface [ 362.215250][ T1028]  (unregistering): (slave dummy0): Releasing backup interface [ 362.252412][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 362.259448][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout [ 362.332364][ T5793] Bluetooth: hci1: command 0x040f tx timeout [ 362.536701][ T1028]  (unregistering): Released all slaves [ 363.229878][T14853] loop1: detected capacity change from 0 to 8192 [ 363.289013][T14853] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 363.337628][T14873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2616'. [ 363.522308][ T5793] Bluetooth: hci4: command 0x0c1a tx timeout [ 363.799422][T14432] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 363.837380][T14432] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 363.867969][T14432] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 363.885467][T14432] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 363.922187][T14916] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2623'. [ 364.186317][T14934] syz.3.2628[14934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 364.186452][T14934] syz.3.2628[14934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 364.235345][T14432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.322373][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 364.328204][T14432] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.332700][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout [ 364.353147][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.360353][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.401368][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.408623][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.413716][ T5793] Bluetooth: hci1: command 0x040f tx timeout [ 364.981105][T14432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 365.116408][T14432] veth0_vlan: entered promiscuous mode [ 365.141638][T14432] veth1_vlan: entered promiscuous mode [ 365.236524][T14432] veth0_macvtap: entered promiscuous mode [ 365.287197][T14432] veth1_macvtap: entered promiscuous mode [ 365.338770][T14432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 365.359748][T14432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.382300][T14432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 365.397687][T14432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.409098][T14432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 365.433662][T14432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.454496][T14432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 365.477600][T14977] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 365.498010][T14432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.528522][T14432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.539765][T14432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.551545][T14432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.561781][T14432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.573470][T14432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.594343][T14432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 365.602440][ T5793] Bluetooth: hci4: command 0x0c1a tx timeout [ 365.658272][T14432] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.707499][T14432] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.732155][T14432] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.754593][T14432] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.780378][ T28] kauditd_printk_skb: 110 callbacks suppressed [ 365.780392][ T28] audit: type=1326 audit(1757301415.947:3598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 365.895042][ T28] audit: type=1326 audit(1757301415.977:3599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 365.943044][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.967792][ T28] audit: type=1326 audit(1757301415.987:3600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 365.972535][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.998452][ T28] audit: type=1326 audit(1757301415.987:3601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 366.102418][ T28] audit: type=1326 audit(1757301415.987:3602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 366.132824][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.140798][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.192228][ T28] audit: type=1326 audit(1757301416.017:3603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 366.258662][ T28] audit: type=1326 audit(1757301416.017:3604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 366.323718][ T28] audit: type=1326 audit(1757301416.017:3605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 366.412847][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout [ 366.412903][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 366.421575][ T28] audit: type=1326 audit(1757301416.017:3606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 366.421641][ T28] audit: type=1326 audit(1757301416.017:3607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.2650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9ebf8ebe9 code=0x7ffc0000 [ 366.487566][ T50] Bluetooth: hci1: command 0x040f tx timeout [ 367.117215][T15033] loop2: detected capacity change from 0 to 128 [ 367.218719][T15035] syz.2.2664: attempt to access beyond end of device [ 367.218719][T15035] loop2: rw=2049, sector=145, nr_sectors = 480 limit=128 [ 367.409139][ T42] kworker/u4:2: attempt to access beyond end of device [ 367.409139][ T42] loop2: rw=1, sector=625, nr_sectors = 416 limit=128 [ 367.530686][T15047] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 367.643262][T15051] loop2: detected capacity change from 0 to 512 [ 367.689551][T15051] EXT4-fs (loop2): failed to initialize system zone (-117) [ 367.698556][T15051] EXT4-fs (loop2): mount failed [ 367.944876][T15069] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 368.186706][T15079] loop2: detected capacity change from 0 to 1024 [ 368.251122][T15084] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 368.258913][T15079] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 368.301504][T15079] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 368.435473][T14432] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 368.563954][ T50] Bluetooth: hci1: command 0x040f tx timeout [ 368.643080][T15103] netlink: 'syz.2.2686': attribute type 10 has an invalid length. [ 368.651114][T15103] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2686'. [ 368.668982][T15103] dummy0: entered promiscuous mode [ 368.676241][T15103] bridge0: port 3(dummy0) entered blocking state [ 368.687769][T15103] bridge0: port 3(dummy0) entered disabled state [ 368.708034][T15103] dummy0: entered allmulticast mode [ 368.718876][T15109] loop1: detected capacity change from 0 to 1024 [ 368.735508][T15103] bridge0: port 3(dummy0) entered blocking state [ 368.742262][T15103] bridge0: port 3(dummy0) entered forwarding state [ 368.773072][T15109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 368.832713][T15109] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.2689: Allocating blocks 385-513 which overlap fs metadata [ 368.896545][T15109] EXT4-fs (loop1): pa ffff888076e13570: logic 16, phys. 129, len 24 [ 368.905432][T15109] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 368.997816][T15124] loop7: detected capacity change from 0 to 7 [ 369.016540][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.026051][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.042299][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.051536][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.061209][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.070774][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.078884][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.088141][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.103859][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.113113][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.121719][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.131091][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.141726][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.150999][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.158948][T15124] ldm_validate_partition_table(): Disk read failed. [ 369.167549][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.176919][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.186184][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.195459][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.203619][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 369.212992][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 369.226714][T15124] Dev loop7: unable to read RDB block 0 [ 369.244324][T15124] loop7: unable to read partition table [ 369.253723][T15124] loop7: partition table beyond EOD, truncated [ 369.260682][T15124] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր0֐ȵ4FLQk݊) failed (rc=-5) [ 369.262906][T13801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 370.233544][T15154] loop2: detected capacity change from 0 to 256 [ 370.539144][T15163] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2709'. [ 370.618716][T15171] 9pnet_fd: Insufficient options for proto=fd [ 370.648134][ T50] Bluetooth: hci1: command 0x040f tx timeout [ 370.919501][ T28] kauditd_printk_skb: 49 callbacks suppressed [ 370.919517][ T28] audit: type=1326 audit(1757302189.088:3657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 370.982483][ T28] audit: type=1326 audit(1757302189.088:3658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 371.024254][ T28] audit: type=1326 audit(1757302189.128:3659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 371.051078][T15193] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2720'. [ 371.051556][ T28] audit: type=1326 audit(1757302189.128:3660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f124c98ec23 code=0x7ffc0000 [ 371.085133][ T28] audit: type=1326 audit(1757302189.128:3661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f124c98d69f code=0x7ffc0000 [ 371.119364][ T28] audit: type=1326 audit(1757302189.128:3662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f124c98ec77 code=0x7ffc0000 [ 371.179467][ T28] audit: type=1326 audit(1757302189.128:3663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f124c98d550 code=0x7ffc0000 [ 371.219419][ T28] audit: type=1326 audit(1757302189.128:3664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f124c98d84a code=0x7ffc0000 [ 371.250048][ T28] audit: type=1326 audit(1757302189.128:3665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 371.277452][ T28] audit: type=1326 audit(1757302189.138:3666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15184 comm="syz.0.2718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 371.482908][T15205] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2725'. [ 371.737737][T15216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2731'. [ 372.176843][T15229] 9pnet_virtio: no channels available for device syz [ 373.004040][T15207] warn_alloc: 3 callbacks suppressed [ 373.004058][T15207] syz.1.2726: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 373.033566][T15207] CPU: 0 PID: 15207 Comm: syz.1.2726 Not tainted syzkaller #0 [ 373.041103][T15207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 373.051197][T15207] Call Trace: [ 373.054500][T15207] [ 373.057460][T15207] dump_stack_lvl+0x16c/0x230 [ 373.062177][T15207] ? show_regs_print_info+0x20/0x20 [ 373.067392][T15207] ? load_image+0x3b0/0x3b0 [ 373.071911][T15207] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 373.078342][T15207] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 373.084865][T15207] warn_alloc+0x210/0x300 [ 373.089269][T15207] ? zone_watermark_ok_safe+0x230/0x230 [ 373.094935][T15207] ? _raw_spin_unlock+0x28/0x40 [ 373.099939][T15207] __vmalloc_node_range+0x662/0x1320 [ 373.105272][T15207] ? free_vm_area+0x50/0x50 [ 373.109823][T15207] ? _raw_spin_unlock+0x28/0x40 [ 373.114706][T15207] ? __kasan_kmalloc+0x8f/0xa0 [ 373.119493][T15207] __vmalloc_node_range+0x568/0x1320 [ 373.124813][T15207] ? hash_netiface_create+0x361/0xff0 [ 373.130209][T15207] ? __asan_memset+0x22/0x40 [ 373.134847][T15207] ? free_vm_area+0x50/0x50 [ 373.139376][T15207] ? kvmalloc_node+0x70/0x180 [ 373.144075][T15207] ? rcu_is_watching+0x15/0xb0 [ 373.148863][T15207] ? kvmalloc_node+0x70/0x180 [ 373.153565][T15207] ? trace_kmalloc+0x1f/0xa0 [ 373.158224][T15207] kvmalloc_node+0x13f/0x180 [ 373.162841][T15207] ? hash_netiface_create+0x361/0xff0 [ 373.168322][T15207] hash_netiface_create+0x361/0xff0 [ 373.173653][T15207] ? __lock_acquire+0x7c80/0x7c80 [ 373.178788][T15207] ? __nla_parse+0x40/0x50 [ 373.183233][T15207] ? hash_netport6_gc+0x570/0x570 [ 373.188284][T15207] ip_set_create+0xa87/0x18e0 [ 373.192990][T15207] ? ip_set_create+0x4b2/0x18e0 [ 373.197875][T15207] ? ip_set_protocol+0x5d0/0x5d0 [ 373.202836][T15207] ? trace_contention_end+0x39/0xe0 [ 373.208088][T15207] nfnetlink_rcv_msg+0xb49/0x1130 [ 373.213156][T15207] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 373.219284][T15207] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 373.224520][T15207] ? nfnetlink_unbind+0x160/0x160 [ 373.229587][T15207] ? __dev_queue_xmit+0x1a64/0x35a0 [ 373.234808][T15207] ? __netlink_deliver_tap+0x5ab/0x830 [ 373.240289][T15207] ? netlink_deliver_tap+0x19c/0x1b0 [ 373.245596][T15207] ? netlink_unicast+0x72c/0x8d0 [ 373.250554][T15207] ? netlink_sendmsg+0x8c1/0xbe0 [ 373.255515][T15207] ? ____sys_sendmsg+0x5bf/0x950 [ 373.260476][T15207] ? ___sys_sendmsg+0x220/0x290 [ 373.265355][T15207] ? __se_sys_sendmsg+0x1a5/0x270 [ 373.270404][T15207] ? do_syscall_64+0x55/0xb0 [ 373.275032][T15207] netlink_rcv_skb+0x216/0x480 [ 373.279819][T15207] ? nfnetlink_unbind+0x160/0x160 [ 373.284887][T15207] ? netlink_ack+0x1110/0x1110 [ 373.289682][T15207] ? apparmor_capable+0x137/0x1a0 [ 373.294729][T15207] ? bpf_lsm_capable+0x9/0x10 [ 373.299472][T15207] ? security_capable+0x89/0xb0 [ 373.304372][T15207] nfnetlink_rcv+0x274/0x2180 [ 373.309075][T15207] ? __local_bh_enable_ip+0x12e/0x1c0 [ 373.314464][T15207] ? lockdep_hardirqs_on+0x98/0x150 [ 373.319702][T15207] ? __local_bh_enable_ip+0x12e/0x1c0 [ 373.325087][T15207] ? _local_bh_enable+0xa0/0xa0 [ 373.329959][T15207] ? __dev_queue_xmit+0x245/0x35a0 [ 373.335093][T15207] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 373.340673][T15207] ? __dev_queue_xmit+0x245/0x35a0 [ 373.345813][T15207] ? ref_tracker_free+0x634/0x7d0 [ 373.350856][T15207] ? __copy_skb_header+0xa7/0x550 [ 373.355911][T15207] ? refcount_inc+0x70/0x70 [ 373.360433][T15207] ? __skb_clone+0x63/0x790 [ 373.364970][T15207] ? __skb_clone+0x480/0x790 [ 373.369601][T15207] ? __netlink_deliver_tap+0x7e8/0x830 [ 373.375082][T15207] ? netlink_deliver_tap+0x2e/0x1b0 [ 373.380304][T15207] ? __lock_acquire+0x7c80/0x7c80 [ 373.385354][T15207] ? netlink_deliver_tap+0x2e/0x1b0 [ 373.390575][T15207] netlink_unicast+0x751/0x8d0 [ 373.395373][T15207] netlink_sendmsg+0x8c1/0xbe0 [ 373.400168][T15207] ? netlink_getsockopt+0x580/0x580 [ 373.405410][T15207] ? aa_sock_msg_perm+0x94/0x150 [ 373.410366][T15207] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 373.415759][T15207] ? security_socket_sendmsg+0x80/0xa0 [ 373.421233][T15207] ? netlink_getsockopt+0x580/0x580 [ 373.426490][T15207] ____sys_sendmsg+0x5bf/0x950 [ 373.431312][T15207] ? __asan_memset+0x22/0x40 [ 373.435930][T15207] ? __sys_sendmsg_sock+0x30/0x30 [ 373.440981][T15207] ? __import_iovec+0x5f2/0x860 [ 373.445866][T15207] ? import_iovec+0x73/0xa0 [ 373.450403][T15207] ___sys_sendmsg+0x220/0x290 [ 373.455109][T15207] ? __sys_sendmsg+0x270/0x270 [ 373.459937][T15207] __se_sys_sendmsg+0x1a5/0x270 [ 373.464813][T15207] ? __x64_sys_sendmsg+0x80/0x80 [ 373.469785][T15207] ? lockdep_hardirqs_on+0x98/0x150 [ 373.475017][T15207] do_syscall_64+0x55/0xb0 [ 373.479452][T15207] ? clear_bhb_loop+0x40/0x90 [ 373.484147][T15207] ? clear_bhb_loop+0x40/0x90 [ 373.488841][T15207] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 373.494764][T15207] RIP: 0033:0x7fc9ebf8ebe9 [ 373.499225][T15207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.518852][T15207] RSP: 002b:00007fc9ecd94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 373.527284][T15207] RAX: ffffffffffffffda RBX: 00007fc9ec1c5fa0 RCX: 00007fc9ebf8ebe9 [ 373.535280][T15207] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 373.543374][T15207] RBP: 00007fc9ec011e19 R08: 0000000000000000 R09: 0000000000000000 [ 373.551387][T15207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 373.559374][T15207] R13: 00007fc9ec1c6038 R14: 00007fc9ec1c5fa0 R15: 00007ffe59fe6328 [ 373.567374][T15207] [ 373.601618][T15207] Mem-Info: [ 373.612909][T15207] active_anon:7157 inactive_anon:0 isolated_anon:0 [ 373.612909][T15207] active_file:7359 inactive_file:50235 isolated_file:0 [ 373.612909][T15207] unevictable:1131 dirty:59 writeback:0 [ 373.612909][T15207] slab_reclaimable:11130 slab_unreclaimable:94149 [ 373.612909][T15207] mapped:26950 shmem:4232 pagetables:548 [ 373.612909][T15207] sec_pagetables:0 bounce:0 [ 373.612909][T15207] kernel_misc_reclaimable:0 [ 373.612909][T15207] free:1305483 free_pcp:13349 free_cma:0 [ 373.661575][T15207] Node 0 active_anon:28628kB inactive_anon:0kB active_file:29436kB inactive_file:200740kB unevictable:2988kB isolated(anon):0kB isolated(file):0kB mapped:106700kB dirty:236kB writeback:0kB shmem:15392kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11860kB pagetables:2192kB sec_pagetables:0kB all_unreclaimable? no [ 373.706404][T15207] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 373.742432][T15207] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 373.771214][T15207] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 373.777157][T15207] Node 0 DMA32 free:1303516kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:27284kB inactive_anon:0kB active_file:29436kB inactive_file:199416kB unevictable:2988kB writepending:236kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:34400kB local_pcp:21496kB free_cma:0kB [ 373.808659][T15207] lowmem_reserve[]: 0 0 1 1 1 [ 373.813616][T15207] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 373.866202][T15207] lowmem_reserve[]: 0 0 0 0 0 [ 373.871036][T15207] Node 1 Normal free:3903052kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20400kB local_pcp:16496kB free_cma:0kB [ 373.905768][T15207] lowmem_reserve[]: 0 0 0 0 0 [ 373.910852][T15207] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 373.934032][T15207] Node 0 DMA32: 3*4kB (UME) 36*8kB (UME) 17*16kB (UE) 11*32kB (UME) 181*64kB (ME) 86*128kB (ME) 24*256kB (UME) 12*512kB (UME) 8*1024kB (UM) 5*2048kB (M) 305*4096kB (UM) = 1303516kB [ 373.958453][T15207] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 373.972138][T15207] Node 1 Normal: 263*4kB (U) 54*8kB (UE) 38*16kB (UE) 131*32kB (UE) 39*64kB (UME) 6*128kB (UME) 1*256kB (E) 2*512kB (ME) 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3903052kB [ 374.001138][T15207] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 374.027946][T15207] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 374.061340][T15207] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 374.080827][T15207] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 374.107745][T15207] 59315 total pagecache pages [ 374.112513][T15207] 0 pages in swap cache [ 374.127075][T15207] Free swap = 124696kB [ 374.131307][T15207] Total swap = 124996kB [ 374.141656][T15207] 2097051 pages RAM [ 374.151907][T15207] 0 pages HighMem/MovableOnly [ 374.161027][T15207] 416139 pages reserved [ 374.170089][T15207] 0 pages cma reserved [ 374.223299][T15253] syz.2.2743[15253] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 374.223453][T15253] syz.2.2743[15253] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 374.270259][T15253] autofs4:pid:15253:autofs_fill_super: called with bogus options [ 375.256191][T15263] IPv6: Can't replace route, no match found [ 375.451906][T15267] sch_tbf: burst 511 is lower than device veth0_virt_wifi mtu (1514) ! [ 376.183630][ T28] kauditd_printk_skb: 52 callbacks suppressed [ 376.183669][ T28] audit: type=1326 audit(1757302194.357:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 376.365875][T15280] lo speed is unknown, defaulting to 1000 [ 377.703987][ T28] audit: type=1326 audit(1757302194.387:3720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 377.877298][ T28] audit: type=1326 audit(1757302194.387:3721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 377.938468][ T28] audit: type=1326 audit(1757302194.387:3722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 377.979273][ T28] audit: type=1326 audit(1757302194.387:3723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 378.034053][ T28] audit: type=1326 audit(1757302194.387:3724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 378.067076][ T28] audit: type=1326 audit(1757302194.387:3725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 378.100786][ T28] audit: type=1326 audit(1757302194.397:3726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15277 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac52f8ebe9 code=0x7ffc0000 [ 378.199902][T15311] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2757'. [ 378.597358][T15324] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2761'. [ 378.819186][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.825626][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.378737][T15339] lo speed is unknown, defaulting to 1000 [ 380.139983][T15343] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 380.146577][T15343] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 380.154206][T15343] vhci_hcd vhci_hcd.0: Device attached [ 380.160063][T15345] vhci_hcd: connection closed [ 380.170522][T15301] vhci_hcd: stop threads [ 380.193514][T15301] vhci_hcd: release socket [ 380.208239][T15301] vhci_hcd: disconnect device [ 381.738065][T15394] hub 6-0:1.0: USB hub found [ 381.743119][T15394] hub 6-0:1.0: 1 port detected [ 381.827119][ T28] audit: type=1326 audit(1757302199.986:3727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 381.914388][ T28] audit: type=1326 audit(1757302199.986:3728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 381.974673][T15402] tun0: tun_chr_ioctl cmd 2147767521 [ 381.983847][ T28] audit: type=1326 audit(1757302199.986:3729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 382.033988][ T28] audit: type=1326 audit(1757302199.996:3730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 382.085066][ T28] audit: type=1326 audit(1757302199.996:3731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 382.133821][ T28] audit: type=1326 audit(1757302199.996:3732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 382.209399][ T28] audit: type=1326 audit(1757302199.996:3733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 382.281910][ T28] audit: type=1326 audit(1757302199.996:3734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 382.421380][ T28] audit: type=1326 audit(1757302199.996:3735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 382.513370][ T28] audit: type=1326 audit(1757302199.996:3736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15398 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124c98ebe9 code=0x7ffc0000 [ 384.402465][T15453] lo speed is unknown, defaulting to 1000 [ 385.098818][T15497] wg2: entered promiscuous mode [ 385.103857][T15497] wg2: entered allmulticast mode [ 386.246956][T15541] syz.3.2824[15541] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 386.247094][T15541] syz.3.2824[15541] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 390.379512][T15746] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 391.595308][T15791] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2932'. [ 391.825637][T15804] netlink: 'syz.1.2937': attribute type 27 has an invalid length. [ 391.833547][T15804] netlink: 'syz.1.2937': attribute type 1 has an invalid length. [ 391.834379][T15806] netlink: 26 bytes leftover after parsing attributes in process `syz.3.2938'. [ 391.886041][T15804] bridge0: port 1(bridge_slave_0) entered learning state [ 391.992700][T15811] warning: `syz.0.2941' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 392.441935][T15834] netlink: 'syz.1.2951': attribute type 29 has an invalid length. [ 392.468112][T15834] netlink: 'syz.1.2951': attribute type 29 has an invalid length. [ 392.486227][T15834] netlink: 'syz.1.2951': attribute type 29 has an invalid length. [ 393.339679][T15864] netlink: 207508 bytes leftover after parsing attributes in process `syz.3.2967'. [ 393.357994][T15865] netlink: 64535 bytes leftover after parsing attributes in process `syz.1.2966'. [ 393.567314][T15871] netlink: 64535 bytes leftover after parsing attributes in process `syz.1.2970'. [ 394.815039][T15902] netlink: 'syz.3.2985': attribute type 29 has an invalid length. [ 394.839872][T15902] netlink: 'syz.3.2985': attribute type 29 has an invalid length. [ 394.867587][T15902] netlink: 'syz.3.2985': attribute type 29 has an invalid length. [ 395.094687][T15908] netlink: 'syz.0.2987': attribute type 2 has an invalid length. [ 395.105831][T15908] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2987'. [ 395.179031][T15913] netlink: 'syz.2.2990': attribute type 29 has an invalid length. [ 395.863549][T15943] pim6reg1: entered promiscuous mode [ 395.869668][T15943] pim6reg1: entered allmulticast mode [ 397.325053][T15996] lo speed is unknown, defaulting to 1000 [ 398.709879][T16068] lo speed is unknown, defaulting to 1000 [ 400.106300][T16130] lo speed is unknown, defaulting to 1000 [ 403.267745][T16211] syzkaller0: entered promiscuous mode [ 403.281898][T16211] syzkaller0: entered allmulticast mode [ 406.644610][T16264] pim6reg1: entered promiscuous mode [ 406.665451][T16264] pim6reg1: entered allmulticast mode [ 407.086153][T16291] pim6reg1: entered promiscuous mode [ 407.101818][T16291] pim6reg1: entered allmulticast mode [ 409.851947][T16400] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 410.229054][T16422] pim6reg1: entered promiscuous mode [ 410.234521][T16422] pim6reg1: entered allmulticast mode [ 410.836676][T16446] pim6reg1: entered promiscuous mode [ 410.853155][T16446] pim6reg1: entered allmulticast mode [ 412.847182][T16523] lo speed is unknown, defaulting to 1000 [ 414.175127][T16595] pim6reg1: entered promiscuous mode [ 414.202222][T16595] pim6reg1: entered allmulticast mode [ 417.986494][T16622] veth1_macvtap: left promiscuous mode [ 417.992077][T16622] macsec0: entered allmulticast mode [ 418.731561][T16680] wg2: entered promiscuous mode [ 418.748376][T16680] wg2: entered allmulticast mode [ 420.054689][T16744] pim6reg1: entered promiscuous mode [ 420.062531][T16744] pim6reg1: entered allmulticast mode [ 422.546616][T16856] pim6reg1: entered promiscuous mode [ 422.569721][T16856] pim6reg1: entered allmulticast mode [ 423.402417][T16899] pim6reg1: entered promiscuous mode [ 423.420224][T16899] pim6reg1: entered allmulticast mode [ 424.034033][T16931] wg2: left promiscuous mode [ 424.039032][T16931] wg2: left allmulticast mode [ 424.089212][T16931] wg2: entered promiscuous mode [ 424.099172][T16931] wg2: entered allmulticast mode [ 424.895368][T16973] pim6reg1: entered promiscuous mode [ 424.906439][T16973] pim6reg1: entered allmulticast mode [ 425.231760][T16992] wg2: entered promiscuous mode [ 425.236699][T16992] wg2: entered allmulticast mode [ 425.920053][T17023] wg2: left promiscuous mode [ 425.925847][T17023] wg2: left allmulticast mode [ 425.998348][T17023] wg2: entered promiscuous mode [ 426.009352][T17023] wg2: entered allmulticast mode [ 427.679393][T17084] wg2: entered promiscuous mode [ 427.684422][T17084] wg2: entered allmulticast mode [ 428.922785][T17132] lo speed is unknown, defaulting to 1000 [ 429.266996][T17180] syz.3.3377[17180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 429.267142][T17180] syz.3.3377[17180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 431.842269][T17182] pim6reg1: entered promiscuous mode [ 431.859487][T17182] pim6reg1: entered allmulticast mode [ 432.420792][T17236] 7: renamed from syzkaller0 [ 433.903644][T17292] syz.3.3416[17292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 433.903894][T17292] syz.3.3416[17292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.975524][T17326] veth0_vlan: entered allmulticast mode [ 435.179653][T17335] : renamed from vlan1 [ 435.334845][T17338] pim6reg1: entered promiscuous mode [ 435.343765][T17338] pim6reg1: entered allmulticast mode [ 435.726441][T17357] wg2: left promiscuous mode [ 435.731499][T17357] wg2: left allmulticast mode [ 435.797186][T17357] wg2: entered promiscuous mode [ 435.810075][T17357] wg2: entered allmulticast mode [ 437.384981][T17424] lo speed is unknown, defaulting to 1000 [ 437.648000][T17464] pim6reg1: entered promiscuous mode [ 437.653810][T17464] pim6reg1: entered allmulticast mode [ 438.291392][T17480] pim6reg1: entered promiscuous mode [ 438.296766][T17480] pim6reg1: entered allmulticast mode [ 440.255321][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.261924][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.430459][T17661] lo speed is unknown, defaulting to 1000 [ 446.034237][T17744] veth0_vlan: left promiscuous mode [ 446.042307][T17744] veth0_vlan: entered promiscuous mode [ 447.507728][T17833] pim6reg1: entered promiscuous mode [ 447.517651][T17833] pim6reg1: entered allmulticast mode [ 448.764372][T17883] lo speed is unknown, defaulting to 1000 [ 450.363079][T17982] 9pnet_fd: Insufficient options for proto=fd [ 451.281813][T18008] 9pnet_fd: Insufficient options for proto=fd [ 451.964465][T18037] 9pnet_fd: Insufficient options for proto=fd [ 454.892932][T18094] pim6reg1: entered promiscuous mode [ 454.898827][T18094] pim6reg1: entered allmulticast mode [ 462.368559][T18189] wg2: left promiscuous mode [ 462.385679][T18189] wg2: left allmulticast mode [ 462.418900][T18190] wg2: entered promiscuous mode [ 462.443719][T18190] wg2: entered allmulticast mode [ 463.219264][T18262] lo speed is unknown, defaulting to 1000 [ 466.512089][T18375] syz.2.3747[18375] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 466.512246][T18375] syz.2.3747[18375] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 466.807484][T18395] pim6reg1: entered allmulticast mode [ 467.203229][T18414] wg2: left promiscuous mode [ 467.212809][T18414] wg2: left allmulticast mode [ 467.258262][T18414] wg2: entered promiscuous mode [ 467.263207][T18414] wg2: entered allmulticast mode [ 467.834513][T18444] syz.0.3771[18444] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 467.834655][T18444] syz.0.3771[18444] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 467.915178][T18444] syz.0.3771[18444] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 467.951565][T18444] syz.0.3771[18444] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 471.842886][T18527] lo speed is unknown, defaulting to 1000 [ 472.369751][T18569] pim6reg1: entered promiscuous mode [ 472.380533][T18569] pim6reg1: entered allmulticast mode [ 472.675139][T18582] pim6reg1: entered promiscuous mode [ 472.680667][T18582] pim6reg1: entered allmulticast mode [ 475.698273][T18629] pim6reg1: entered promiscuous mode [ 475.703632][T18629] pim6reg1: entered allmulticast mode [ 477.506947][T18710] A6: renamed from team_slave_1 (while UP) [ 477.971193][T18732] syz.0.3858[18732] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 477.971334][T18732] syz.0.3858[18732] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 478.003439][T18722] syzkaller0: entered promiscuous mode [ 478.029196][T18722] syzkaller0: entered allmulticast mode [ 482.423628][T18840] pim6reg1: entered promiscuous mode [ 482.441689][T18840] pim6reg1: entered allmulticast mode [ 482.667800][T18849] pim6reg1: entered promiscuous mode [ 482.683398][T18849] pim6reg1: entered allmulticast mode [ 482.767135][T18859] pim6reg1: entered promiscuous mode [ 482.772699][T18859] pim6reg1: entered allmulticast mode [ 487.905887][T19016] syz.3.3967[19016] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 487.906138][T19016] syz.3.3967[19016] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 489.711507][T19089] pim6reg1: entered promiscuous mode [ 489.734459][T19089] pim6reg1: entered allmulticast mode [ 494.674755][T19236] pim6reg1: entered promiscuous mode [ 494.688402][T19236] pim6reg1: entered allmulticast mode [ 494.729437][T19240] [ 494.732301][T19240] ============================= [ 494.737655][T19240] WARNING: suspicious RCU usage [ 494.742553][T19240] syzkaller #0 Not tainted [ 494.747444][T19240] ----------------------------- [ 494.752334][T19240] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage! [ 494.761282][T19240] [ 494.761282][T19240] other info that might help us debug this: [ 494.761282][T19240] [ 494.771866][T19240] [ 494.771866][T19240] rcu_scheduler_active = 2, debug_locks = 1 [ 494.780042][T19240] 1 lock held by syz.3.4056/19240: [ 494.785197][T19240] #0: ffffffff8cd2fdc0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 [ 494.795969][T19240] [ 494.795969][T19240] stack backtrace: [ 494.802159][T19240] CPU: 0 PID: 19240 Comm: syz.3.4056 Not tainted syzkaller #0 [ 494.809659][T19240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 494.819761][T19240] Call Trace: [ 494.823081][T19240] [ 494.826055][T19240] dump_stack_lvl+0x16c/0x230 [ 494.830774][T19240] ? show_regs_print_info+0x20/0x20 [ 494.836000][T19240] ? load_image+0x3b0/0x3b0 [ 494.840538][T19240] lockdep_rcu_suspicious+0x1e1/0x300 [ 494.845942][T19240] get_callchain_entry+0x2a9/0x3c0 [ 494.851076][T19240] get_perf_callchain+0xa3/0x4b0 [ 494.856041][T19240] ? put_callchain_entry+0xb0/0xb0 [ 494.861177][T19240] ? preempt_schedule_common+0x82/0xc0 [ 494.866661][T19240] ? preempt_schedule+0xab/0xc0 [ 494.871551][T19240] ? schedule_preempt_disabled+0x20/0x20 [ 494.877293][T19240] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 494.883214][T19240] __bpf_get_stack+0x2d7/0x510 [ 494.888112][T19240] ? stack_map_get_build_id_offset+0x720/0x720 [ 494.894489][T19240] ? __cant_sleep+0x210/0x210 [ 494.899238][T19240] ? bpf_prog_d43750871481577d+0x45/0x49 [ 494.904902][T19240] bpf_get_stack_raw_tp+0x1a9/0x210 [ 494.910141][T19240] bpf_prog_d43750871481577d+0x45/0x49 [ 494.915633][T19240] bpf_prog_run_pin_on_cpu+0x63/0x140 [ 494.921041][T19240] bpf_prog_test_run_syscall+0x311/0x490 [ 494.926710][T19240] ? sock_gen_cookie+0x60/0x60 [ 494.931506][T19240] ? sock_gen_cookie+0x60/0x60 [ 494.936296][T19240] bpf_prog_test_run+0x321/0x390 [ 494.941258][T19240] __sys_bpf+0x440/0x800 [ 494.945522][T19240] ? bpf_link_show_fdinfo+0x350/0x350 [ 494.950925][T19240] ? lock_chain_count+0x20/0x20 [ 494.955807][T19240] __x64_sys_bpf+0x7c/0x90 [ 494.960247][T19240] do_syscall_64+0x55/0xb0 [ 494.964684][T19240] ? clear_bhb_loop+0x40/0x90 [ 494.969383][T19240] ? clear_bhb_loop+0x40/0x90 [ 494.974079][T19240] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 494.980004][T19240] RIP: 0033:0x7fa86d58ebe9 [ 494.984467][T19240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 495.004107][T19240] RSP: 002b:00007fa86e3d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 495.012573][T19240] RAX: ffffffffffffffda RBX: 00007fa86d7c5fa0 RCX: 00007fa86d58ebe9 [ 495.020594][T19240] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a [ 495.028594][T19240] RBP: 00007fa86d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 495.036584][T19240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 495.044567][T19240] R13: 00007fa86d7c6038 R14: 00007fa86d7c5fa0 R15: 00007fff3f2f8b28 [ 495.052576][T19240] [ 501.700913][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.707289][ T1286] ieee802154 phy1 wpan1: encryption failed: -22