last executing test programs: 16.760237377s ago: executing program 0 (id=89): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) write$P9_RMKNOD(r0, &(0x7f0000000280)={0x14, 0x13, 0x2, {0x4, 0x2}}, 0xfffffe5c) shutdown(r0, 0x1) 16.490162218s ago: executing program 0 (id=91): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) unshare(0x64000680) 5.006426686s ago: executing program 0 (id=113): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xd1}, 0x8044) 4.515978076s ago: executing program 0 (id=114): r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000007800)=0xffffffff0000003d, 0x8) bind$vsock_stream(r0, &(0x7f0000000940), 0x10) listen(r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='mm_page_free\x00', r1}, 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) 2.745740928s ago: executing program 0 (id=117): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x74, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r0, 0x0, 0x80000}, 0x18) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') sendfile(r1, r2, 0x0, 0x80000000) 2.476127859s ago: executing program 0 (id=118): r0 = gettid() seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x4, 0x7, 0x50000}]}) syz_clone(0xb44040, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000480)='kmem_cache_free\x00', r2}, 0x18) rt_sigaction(0x1b, &(0x7f0000000040)={0xffffffffffffffff, 0x4c000000, 0x0, {[0x8000000000005a]}}, 0x0, 0x8, &(0x7f00000001c0)) tkill(r0, 0x1b) 1.679070662s ago: executing program 1 (id=120): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f0000001440)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9abaeed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb704ee58e707d1e69b3c3a1c2c37f9c0402e14abdeb32086a49aff25e5c0f0131d59b4783316b9fa2c71c51ce76942d5f519145c9e3bf0d4182b4a62970b2ce81d35a7afc8384b387b8e21f2051d90d92323a710cabe5275d335b64453e759251a140de480541d8dd7662a14296a59eba99b95bfdf5b22992c323865b471d13ad79867e2692fd4eece299a81e2b33336b6801f51c2ae8d73e4df90c9bd70cd535b72cbdf67754acdc44b3780450308d9c5527c3314eb7b2cc96403a30a8ba0c8a357aa04d3c62bc51bcf55cf214f44a909b29c30c18c3a43c86472612086664a80f2aa8490e58352732acb96eb46deab42895d1957a6029ad86e7a5ced6bde89c158aaee721954beeebe5973059007f7dd5459029af6d3f1d73d35f07d19b7cedfc80d1d7ef37f8b113f564afd0f093202929fef43e788619ca522c7f679dd2f27949d879b4dab46581a0e054b4ed1db37e43f528748b56ec5a54b7af198d4ae551046f7814fe3a5cbc1cc7cb6655fc198939b049f3c02443148c588e34d6ebef81096b4e48f468016d2bde0828664c0874d71e2d88b3bc04079d4a504255a83c3f07a4f1c3e5a4c66f55f36e51e344392487c8299d8d1bfb568780c0d57df48990cb5d6b35c3f7445f80312186d8598faf61072d4eefc961fb5a7e72b971c8f94a8346effd27362cee8d72a98b55e317de280d2d63ee83ca7140b7913122d402c536d914c8510c81d08f0ad1c952f5b7ad5e7ef72d7c58cb4d5bafbea535b381df6ebe94c62cf782cf7ab81c017c296a88ca91d641b45748d230cf5e87e5dbee4764ea4d131ae022e6bbf3ffc3ea7b264736d9db44354bfffa63d79bc403d3ac23fb615edc382d18b0daf1bbb2fbd708d1830ddac1c3f098b8cb1ef9a0019d804bf5c553110f12f3b9a8b9b7e0c61cb5d34116add1fc9a92721ffa5fdc83e1488cf88aa6e56ad2dd55e0aadd827cc7b4e7242f01241f49e905e5e7451092c28c3f6560a6a0002e5d91fc253a5a8fd8f27e42f4f02f5849528b7d93df9b0c568022acaff410e797e88d2f8eeadbba62e423335b843df734d203fa62a861b712da8f33d5ea721767871aa2cd53e659e505507de9a54d7e6fa3c20bbfb28cd6dd2b314dabbb59e9ce15c0a94ec3b3efc54eaaa27bd7576a687dcaf58dc182662539943014a02e76dc89f48c9f83cc7199038418f965ad3dc866098b89cabcac8691b0f51ffb71902337e49293309c4480a8f1b32411cc1b55a0ec0fe2c2572fe9d488a25bfc12ba74048e1d7beee93321c7aa49ea17cb9728dc46e5272154b3b995feacbacb8885621b335274af4df9365f8c8121ff323b572d320c8fc46acd6218b9579d43005e7b0506ccb14d9a0dac4cc6efaf5366c44342eaea8b5a11457f5afbea4c64dec53db7713485bc46e714ca5741da38a7cceb9e85d77fd03f83f7a5ecc7241e69e2bda327f769b48ba5f13662585c72778d12bd0e9a62a3d0dbe376d1aee81e6845c2cf23f42c458ae5668c8d387bf9ab224bc9703f1c08347be810d2f19278fe8d97560b3c9f1816667d0461a25e778eb1404dcaac1ed0a6a0745f3a5d2dc1b6babf98f5135d531cb26334ef2fec4c78c95b7193935139664fc65f17b047eb3dc39e251ba52ce33f8099719f1a789db1690347355e7b02d4c522692b8e97fd31abb90f973ae4eb0bd0d900cdd887ff01d4845d7f0aee39b220a65a5aeee0fd386054070723c841c042d5339cc6325f07f0f733d124c6524f388ef7419f42c06278b8fceaa3a16b202dfb539b129762397e29cdd679ca6240272fa0c3e2e8c0a27aaa407f30b4024d0638dfca1bc9483db3ccc2880f000000d824c3106871274a1c37ff06bcb145fb9868158e1a35fe4caac682c9fe759b489323da422ddc2e16f9073809dd", 0x5ad, 0x6d91fb6102d8910c, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 1.422443222s ago: executing program 1 (id=121): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0) r0 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 1.075610836s ago: executing program 1 (id=122): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x58, 0x1, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x5}]}, @CTA_TUPLE_REPLY={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x58}, 0x1, 0x40000000000}, 0x0) 578.225026ms ago: executing program 1 (id=123): bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000280)={0x14, 0x13, 0x2, {0x4, 0x2}}, 0xfffffe5c) shutdown(0xffffffffffffffff, 0x1) 201.137992ms ago: executing program 1 (id=124): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000004c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500), r2, 0x0, 0x2, 0x4}}, 0x20) 0s ago: executing program 1 (id=125): bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0x3, 0x0, &(0x7f0000000200)="63eced", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025f2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da083e8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb5ff0f000002ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c22e46af480c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f98638009c142751518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c1b9a8a14604fe52837a19dd6952fe2724c0105ab158a54a4a23ff0f4bc43c0e0e426e51258e40bb4b68ff4e3a8fe314a0"], &(0x7f0000000140)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000780)=r2, 0x4) sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000200)="fa82", 0x3802}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:44170' (ED25519) to the list of known hosts. syzkaller login: [ 137.830629][ T3312] cgroup: Unknown subsys name 'net' [ 138.208511][ T3312] cgroup: Unknown subsys name 'cpuset' [ 138.262823][ T3312] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 139.062857][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 153.668701][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.699035][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.723075][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.856470][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.721608][ T3318] hsr_slave_0: entered promiscuous mode [ 155.736572][ T3318] hsr_slave_1: entered promiscuous mode [ 156.277827][ T3317] hsr_slave_0: entered promiscuous mode [ 156.287603][ T3317] hsr_slave_1: entered promiscuous mode [ 156.292257][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 156.296120][ T3317] Cannot create hsr debugfs directory [ 157.770836][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 157.849445][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 157.910431][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 157.949576][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 158.369797][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 158.452647][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 158.492701][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 158.554167][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 160.377208][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.590874][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.240847][ T3318] veth0_vlan: entered promiscuous mode [ 166.395516][ T3318] veth1_vlan: entered promiscuous mode [ 166.568723][ T3317] veth0_vlan: entered promiscuous mode [ 166.687480][ T3317] veth1_vlan: entered promiscuous mode [ 166.777122][ T3318] veth0_macvtap: entered promiscuous mode [ 166.852511][ T3318] veth1_macvtap: entered promiscuous mode [ 167.072947][ T3317] veth0_macvtap: entered promiscuous mode [ 167.136023][ T3317] veth1_macvtap: entered promiscuous mode [ 167.462558][ T607] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.465565][ T607] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.466078][ T607] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.466602][ T607] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.813156][ T54] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.914437][ T54] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.915386][ T54] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.915764][ T54] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.459201][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 171.792442][ T3473] netlink: 'syz.1.2': attribute type 12 has an invalid length. [ 175.863245][ T3477] capability: warning: `syz.0.5' uses deprecated v2 capabilities in a way that may be insecure [ 178.569276][ T3487] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9'. [ 178.581329][ T3487] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9'. [ 179.556161][ T30] audit: type=1326 audit(179.210:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.556957][ T30] audit: type=1326 audit(179.210:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.557309][ T30] audit: type=1326 audit(179.210:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.557615][ T30] audit: type=1326 audit(179.210:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.560427][ T30] audit: type=1326 audit(179.220:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.567935][ T30] audit: type=1326 audit(179.220:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.573267][ T30] audit: type=1326 audit(179.230:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.581617][ T30] audit: type=1326 audit(179.240:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=213 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.601443][ T30] audit: type=1326 audit(179.240:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 179.602244][ T30] audit: type=1326 audit(179.250:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3496 comm="syz.1.12" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 180.580862][ T3510] netlink: 24 bytes leftover after parsing attributes in process `syz.0.18'. [ 180.649737][ T3510] netlink: 'syz.0.18': attribute type 21 has an invalid length. [ 180.651511][ T3510] netlink: 'syz.0.18': attribute type 1 has an invalid length. [ 180.651794][ T3510] netlink: 132 bytes leftover after parsing attributes in process `syz.0.18'. [ 185.251429][ T3528] netlink: 14 bytes leftover after parsing attributes in process `syz.1.25'. [ 202.646039][ T3557] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37'. [ 202.667532][ T3557] netlink: 32 bytes leftover after parsing attributes in process `syz.1.37'. [ 207.135542][ T3578] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 209.516850][ T3588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.49'. [ 210.833310][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 210.842880][ T30] audit: type=1326 audit(210.490:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3597 comm="syz.0.54" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 210.852039][ T30] audit: type=1326 audit(210.510:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3597 comm="syz.0.54" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 210.869633][ T30] audit: type=1326 audit(210.510:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3597 comm="syz.0.54" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 210.881821][ T30] audit: type=1326 audit(210.510:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3597 comm="syz.0.54" exe="/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 210.898138][ T30] audit: type=1326 audit(210.510:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3597 comm="syz.0.54" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 210.912044][ T30] audit: type=1326 audit(210.520:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3597 comm="syz.0.54" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 212.023423][ T3605] Driver unsupported XDP return value 0 on prog (id 1) dev N/A, expect packet loss! [ 212.246046][ T3607] veth0: entered promiscuous mode [ 212.296687][ T3607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.58'. [ 217.004380][ T30] audit: type=1326 audit(216.660:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3625 comm="syz.0.67" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 217.012845][ T30] audit: type=1326 audit(216.670:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3625 comm="syz.0.67" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 217.024713][ T30] audit: type=1326 audit(216.670:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3625 comm="syz.0.67" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 217.033394][ T30] audit: type=1326 audit(216.680:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3625 comm="syz.0.67" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 217.044989][ T30] audit: type=1326 audit(216.680:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3625 comm="syz.0.67" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 217.054601][ T30] audit: type=1326 audit(216.680:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3625 comm="syz.0.67" exe="/syz-executor" sig=0 arch=c00000b7 syscall=143 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 217.062514][ T30] audit: type=1326 audit(216.690:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3625 comm="syz.0.67" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 218.157801][ T30] audit: type=1326 audit(217.820:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3640 comm="syz.0.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 218.175205][ T30] audit: type=1326 audit(217.820:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3640 comm="syz.0.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 218.179766][ T30] audit: type=1326 audit(217.820:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3640 comm="syz.0.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x7ffc0000 [ 218.771008][ T3647] Zero length message leads to an empty skb [ 219.306051][ T3653] netlink: 16 bytes leftover after parsing attributes in process `syz.1.80'. [ 219.894586][ T3659] syzkaller1: tun_chr_ioctl cmd 1074025678 [ 219.895238][ T3659] syzkaller1: group set to 0 [ 221.547208][ C0] hrtimer: interrupt took 5359949 ns [ 224.494658][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 224.495313][ T30] audit: type=1326 audit(224.140:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.528657][ T30] audit: type=1326 audit(224.190:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.575150][ T30] audit: type=1326 audit(224.220:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.587585][ T30] audit: type=1326 audit(224.240:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.614947][ T30] audit: type=1326 audit(224.270:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.648810][ T30] audit: type=1326 audit(224.290:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.649483][ T30] audit: type=1326 audit(224.310:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.674586][ T30] audit: type=1326 audit(224.330:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=220 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.762213][ T30] audit: type=1326 audit(224.420:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3680 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ad5b3a8 code=0x7ffc0000 [ 224.778027][ T30] audit: type=1326 audit(224.400:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3682 comm="syz.1.92" exe="/syz-executor" sig=0 arch=c00000b7 syscall=115 compat=0 ip=0xffff9ad85ac8 code=0x7ffc0000 [ 229.748895][ T3701] atomic_op 00000000573f6544 conn xmit_atomic 0000000000000000 [ 230.011208][ T3703] netlink: 'syz.1.101': attribute type 6 has an invalid length. [ 232.205884][ T3713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.104'. [ 233.766312][ T3722] IPv6: NLM_F_CREATE should be specified when creating new route [ 234.229031][ T3726] process 'syz.1.110' launched '/dev/fd/3' with NULL argv: empty string added [ 234.376080][ T3728] netlink: 44 bytes leftover after parsing attributes in process `syz.1.111'. [ 235.353057][ T3734] bond1: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 235.396246][ T3734] bond1 (unregistering): Released all slaves [ 237.859539][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 237.860239][ T30] audit: type=1326 audit(237.520:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.860727][ T30] audit: type=1326 audit(237.520:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.885667][ T30] audit: type=1326 audit(237.520:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.896768][ T30] audit: type=1326 audit(237.550:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.909869][ T30] audit: type=1326 audit(237.550:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.928143][ T30] audit: type=1326 audit(237.550:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.935036][ T30] audit: type=1326 audit(237.550:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.935332][ T30] audit: type=1326 audit(237.550:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.935583][ T30] audit: type=1326 audit(237.550:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 237.935848][ T30] audit: type=1326 audit(237.550:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3747 comm="syz.0.118" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb5b3a8 code=0x50000 [ 240.268156][ T3763] ================================================================== [ 240.271631][ T3763] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 240.274072][ T3763] Write at addr faff80008359d268 by task syz.1.125/3763 [ 240.274664][ T3763] Pointer tag: [fa], memory tag: [fe] [ 240.274822][ T3763] [ 240.275599][ T3763] CPU: 1 UID: 0 PID: 3763 Comm: syz.1.125 Not tainted syzkaller #0 PREEMPT [ 240.276126][ T3763] Hardware name: linux,dummy-virt (DT) [ 240.276617][ T3763] Call trace: [ 240.277104][ T3763] show_stack+0x18/0x24 (C) [ 240.277618][ T3763] dump_stack_lvl+0x78/0x90 [ 240.277904][ T3763] print_report+0x108/0x61c [ 240.278135][ T3763] kasan_report+0x88/0xac [ 240.278386][ T3763] __do_kernel_fault+0x170/0x1c8 [ 240.278614][ T3763] do_bad_area+0x68/0x78 [ 240.278835][ T3763] do_tag_check_fault+0x34/0x44 [ 240.279102][ T3763] do_mem_abort+0x44/0x94 [ 240.279318][ T3763] el1_abort+0x44/0x68 [ 240.279520][ T3763] el1h_64_sync_handler+0x50/0xac [ 240.279736][ T3763] el1h_64_sync+0x6c/0x70 [ 240.280072][ T3763] __memcpy+0xc/0x54 (P) [ 240.280312][ T3763] do_misc_fixups+0x174/0x1aac [ 240.280531][ T3763] bpf_check+0x1348/0x2a24 [ 240.280755][ T3763] bpf_prog_load+0x63c/0xcd4 [ 240.280979][ T3763] __sys_bpf+0x2e0/0x1a88 [ 240.281200][ T3763] __arm64_sys_bpf+0x24/0x34 [ 240.281431][ T3763] invoke_syscall+0x48/0x110 [ 240.281653][ T3763] el0_svc_common.constprop.0+0x40/0xe0 [ 240.281876][ T3763] do_el0_svc+0x1c/0x28 [ 240.282092][ T3763] el0_svc+0x34/0x10c [ 240.282334][ T3763] el0t_64_sync_handler+0xa0/0xe4 [ 240.282556][ T3763] el0t_64_sync+0x1a4/0x1a8 [ 240.282983][ T3763] [ 240.283283][ T3763] The buggy address belongs to a 1-page vmalloc region starting at 0xfaff80008359d000 allocated at bpf_check+0x8c/0x2a24 [ 240.285077][ T3763] The buggy address belongs to the physical page: [ 240.285531][ T3763] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xfbf0000000000000 pfn:0x4b2bc [ 240.286226][ T3763] flags: 0x1ffd40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x5) [ 240.287348][ T3763] raw: 01ffd40000000000 0000000000000000 dead000000000122 0000000000000000 [ 240.287539][ T3763] raw: fbf0000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 240.287759][ T3763] page dumped because: kasan: bad access detected [ 240.287877][ T3763] [ 240.287968][ T3763] Memory state around the buggy address: [ 240.288318][ T3763] ffff80008359d000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [ 240.288524][ T3763] ffff80008359d100: fa fa fa fa fa fa fa fa fa fa fa fa fe fe fe fe [ 240.288692][ T3763] >ffff80008359d200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 240.288846][ T3763] ^ [ 240.289184][ T3763] ffff80008359d300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 240.289328][ T3763] ffff80008359d400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 240.289497][ T3763] ================================================================== [ 240.291120][ T3763] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 241.797582][ T3471] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.065768][ T3471] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.240733][ T3471] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.339251][ T3471] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.190897][ T3471] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 244.225984][ T3471] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 244.271888][ T3471] bond0 (unregistering): Released all slaves [ 244.545015][ T3471] hsr_slave_0: left promiscuous mode [ 244.552629][ T3471] hsr_slave_1: left promiscuous mode [ 244.587940][ T3471] veth1_macvtap: left promiscuous mode [ 244.588667][ T3471] veth0_macvtap: left promiscuous mode [ 244.589346][ T3471] veth1_vlan: left promiscuous mode [ 244.589991][ T3471] veth0_vlan: left promiscuous mode [ 247.376159][ T3471] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.477777][ T3471] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.590665][ T3471] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.766078][ T3471] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.219940][ T3471] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 249.264726][ T3471] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 249.307443][ T3471] bond0 (unregistering): Released all slaves [ 249.516081][ T3471] hsr_slave_0: left promiscuous mode [ 249.529528][ T3471] hsr_slave_1: left promiscuous mode [ 249.597677][ T3471] veth1_macvtap: left promiscuous mode [ 249.600629][ T3471] veth0_macvtap: left promiscuous mode [ 249.604930][ T3471] veth1_vlan: left promiscuous mode [ 249.607739][ T3471] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 19:02:15 Registers: info registers vcpu 0 CPU#0 PC=ffff800081b1f16c X00=ffff800081b1f168 X01=f3f0000006644b00 X02=0000000000000000 X03=0000000000000010 X04=000000000000b742 X05=0000000000000001 X06=00000000000876c3 X07=f9f00000069e8e00 X08=f9f00000069e8e80 X09=0000000000000000 X10=00000000000000c4 X11=0000000000000000 X12=0000000000000038 X13=0000000000000000 X14=ffff800081b74330 X15=ffff800081b74330 X16=ffff800082cf8000 X17=fff07ffffcfc3000 X18=0000000000000000 X19=0000000000000000 X20=ffff800082a41788 X21=ffff800082a41780 X22=0000000000000409 X23=0000000000000004 X24=ffff800082a41788 X25=0000000000000028 X26=0000000000000000 X27=ffff80008290fac0 X28=ffff800082934000 X29=ffff800082cfb450 X30=ffff800080181910 SP=ffff800082cfb450 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000065676e616863:00746e657665752f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff000000000000:ff00000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff000000f0000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000ff00000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3303330333033303:3303330333033303 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0003fc00fc0000fc:0003fc00fc0000fc Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaae8de6c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaae8de3f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff65b0710:0000fffff65b0710 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000fffff65b06e0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800080902f40 X00=0000000000000002 X01=0000000000000018 X02=ffff800082d25018 X03=ffff800082acf018 X04=f8f00000032e4880 X05=0000000000000057 X06=0000000000000033 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082acf048 X10=0000000000000001 X11=ffff800083103e20 X12=ffff800082a0f4c0 X13=ffff800083103b8d X14=ffff800083103b98 X15=ffff800083103a00 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=f9f0000003043018 X20=ffff8000809030e4 X21=f8f00000032e4880 X22=f9f0000003043018 X23=ffff8000809030e4 X24=000000000000004d X25=0000000000000001 X26=fcf00000032bb840 X27=0000000000000000 X28=0000000000000000 X29=ffff800083103ca0 X30=ffff80008090310c SP=ffff800083103ca0 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6572207265767265:730073250a0d0a0d Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:5f6e6173616b2020:5d3336373354205b Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff00ff00000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000f0f0000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4e203532312e312e:7a7973203a6d6d6f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:646e657065642065:646f6d203a797261 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:746f6e202c64656c:6961662079636e65 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc9d5eae0:0000ffffc9d5eae0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffc9d5eab0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000