last executing test programs: 55.377446484s ago: executing program 0 (id=3989): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r3, 0x9c3fa077fa966179, 0x4000000, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x4000054) 55.258570396s ago: executing program 0 (id=3995): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r2, 0x1, 0x70bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}]}, 0x34}}, 0x20000084) 55.235806556s ago: executing program 0 (id=3997): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 55.01977831s ago: executing program 0 (id=4005): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(&(0x7f0000000580)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x1b5008, 0x0) mount$bind(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x84000, 0x0) 55.012713251s ago: executing program 0 (id=4007): prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 54.708542537s ago: executing program 0 (id=4013): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000004000000000000000300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000020085000000700000009500000000000000b47df0de31dd32058e5d3aacd7cb3deb8c67597720c8beeca070b3473934f04c448551709bedeb9c7c69c66a00c13351f49fcb3540d653e2a6db5f615377d58415c376da90922da71605fd2f37fe8a4a57288c9905c9b050561f637da396afadc5fcacdf3643f368826151c847ba37eec79989ebdc5825f12131be7324fa3d22e9225d31e241f5c2dafd024afca48b23722d88c6fc6e991deff27464738f581e2a9e1d3e0a48798d260bcbc5b6df09036a2870bdf0c524c3e2dfd8036e92456da2c1a4b1a4f8b97bdbb45194402b893b3a7849ae9082f2dd"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x10, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 54.689434567s ago: executing program 32 (id=4013): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000004000000000000000300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000020085000000700000009500000000000000b47df0de31dd32058e5d3aacd7cb3deb8c67597720c8beeca070b3473934f04c448551709bedeb9c7c69c66a00c13351f49fcb3540d653e2a6db5f615377d58415c376da90922da71605fd2f37fe8a4a57288c9905c9b050561f637da396afadc5fcacdf3643f368826151c847ba37eec79989ebdc5825f12131be7324fa3d22e9225d31e241f5c2dafd024afca48b23722d88c6fc6e991deff27464738f581e2a9e1d3e0a48798d260bcbc5b6df09036a2870bdf0c524c3e2dfd8036e92456da2c1a4b1a4f8b97bdbb45194402b893b3a7849ae9082f2dd"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x10, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.08312219s ago: executing program 1 (id=5867): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x59, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) 2.05653695s ago: executing program 1 (id=5870): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x800000000006}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000040)) 2.05596748s ago: executing program 2 (id=5871): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000101000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 1.976645552s ago: executing program 2 (id=5873): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0xfffffff8, 0x401, 0xfffffffd, 0xc4cf, 0x7, "0441d3e189e87fe30600000000000f000200", 0x4, 0x200}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000340)=0x2) r1 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x29cc, 0x10100}, &(0x7f0000000380)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000340)=[{&(0x7f0000000480)=""/158, 0x9e}], 0x1}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) 1.976513592s ago: executing program 1 (id=5874): fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f0000000440)=@v2={0x3, 0x3, 0x11, 0x2, 0x7c, "95afa1e626fa7d310529fabf49770185ecd6eb11adcbc16df59e4a13740f289dd97c7ae11ff165d9fa7b0ea120b282a9cfd34819e13b3bebb4d109be4104c4c7ea8d639009e003d473308828e39ae4ca7a40a941e4fe62ccc0c1c64236131b7f4c9133b5f90457324daf288d2eb447776bea8222931736f596c828f0"}, 0x85, 0x3) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x29c500a, 0x0, 0x4, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="530000000700004600f531"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 1.976435522s ago: executing program 2 (id=5875): socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket(0x18, 0x0, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @random="45e3f364e554", 'sit0\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xc, @remote, 'ip6tnl0\x00'}}, 0x1e) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 1.832613765s ago: executing program 1 (id=5879): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRES16], 0x1, 0x2c2, &(0x7f00000006c0)="$eJzs3T+LI2UYAPBndpNJ7iySwkoEB7SwOm6vtckiOThMpaRQC128O5AkCHew4CkGK1sbSz+BINj5JWwEP4DgB7DzioNXJpkh2btJsoHLrX9+vyL77Lzv877POzPZPyzz7sevziZ3i7j/9Ze/R7ebxdEgBvE4i34cRS2llGJl8G0AAP9mj1OKP9PSJVMG5UsWEd3DlgYAHMje3/9/OnhJAMCBvff+B++cjkbDd4uiG7dn35yPy9/sy4/L9tP78WlM417cjF48Wf4toP5poXy9nVKat4pSP96Yzc/HZebso1+q8U/riU6iF/1FdDH/zmh4Uiyt5c/LOq5X8w/K+W9FL15umP/OaHirIT/Gebz5+lr9N6IXv34Sn8U07i6KWOV/dVIUb6fv/vriw7K8Mj+bn487i34r6fjFXRUAAAAAAAAAAAAAAAAAAAAAAP7rblR753RisX9Peajaf+f4SflJO4pa/+L+PMv8rB7oqf2B5im+T6nTihgNbxZFkaqOq/xWvNKK1tWsGgAAAAAAAAAAAAAAAAAAAP5ZHn7+aHI2nd570BD8dj1iQ9OGoN4NoH6sf0fW8aamwdqR1+LR5KyzecC1pqMq3DJpHNd9soity4lWux65v9dJ2D+4tqnmH37cd8Du7j7tbefn+QT13TU5y6KxTyfqI936mv683iePS86Vb2pKu2+/tSBvbOrtvfb8pUUw39Insm2FvfXH8sxVR7KnV5EvzmpjenttN47me6P5Wmx6pzwjW7yt8+f3xQcAAAAAAAAAAAAAAAAAALhg9dDvM03XdqQepc7BygIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2r1///3COZV8iU65/Hg4RUvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwMAAP//QSRWPA==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r2, &(0x7f00000009c0)=';', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) 1.832400685s ago: executing program 2 (id=5880): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x6000, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}}, 0x40) 1.832084325s ago: executing program 2 (id=5882): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000000914e73f"], 0x30}, 0x1, 0x0, 0x0, 0xbe9b70533f0d9e1}, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x200001, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1}) io_uring_enter(r1, 0x847ba, 0x79c, 0xe, 0x0, 0x0) 1.758927636s ago: executing program 4 (id=5883): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r3 = dup(r2) ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000440)={0x80, 0x6, 0x300, 0x1, 0x0, 0x5, 0x0}) 1.733857037s ago: executing program 2 (id=5884): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect(0x2, 0x64, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x2, 0x0, 0x70bd2d, 0x25dfdbfe}, 0x10}}, 0x4040014) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) 1.713506987s ago: executing program 4 (id=5885): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0) ppoll(&(0x7f0000000100)=[{r0, 0x1004}], 0x1, 0x0, 0x0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000600)=0x14) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x3}, 0x18) 953.378552ms ago: executing program 1 (id=5895): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'}) close_range(r2, 0xffffffffffffffff, 0x0) 886.580753ms ago: executing program 1 (id=5896): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r2}, 0x10) 792.555045ms ago: executing program 4 (id=5898): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$key(0xf, 0x3, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18) syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) pwritev2(r1, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e489bcdd", 0x4}], 0x1, 0xfffffffc, 0xb, 0x2) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r1, @ANYBLOB="10100000000000000800200005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0) 648.816418ms ago: executing program 3 (id=5905): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @random="4c38b92175b0", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe}}}}}}, 0x0) 496.568671ms ago: executing program 3 (id=5907): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x6}, 0x18) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118) 496.308531ms ago: executing program 3 (id=5909): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) 471.707661ms ago: executing program 3 (id=5911): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10) r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r2}) keyctl$KEYCTL_MOVE(0x1e, r2, 0xffffffffffffffff, r3, 0x0) 429.466292ms ago: executing program 3 (id=5913): socket$inet6(0xa, 0x80001, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x0, 0x0, 0x7fffffff}}}}]}, 0x4c}}, 0x0) 429.216442ms ago: executing program 5 (id=5914): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x88c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_route={{0xa}, {0x854, 0x2, [@TCA_ROUTE4_POLICE={0x850, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x6, 0x3, 0xfffffffe, 0x8, {0x9, 0x3, 0x1, 0x2, 0x8, 0x6}, {0x4, 0x2, 0x6, 0x2, 0x7, 0x6}, 0xfff, 0x9, 0xa8}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x4}, @TCA_POLICE_RATE={0x404, 0x2, [0x1c000000, 0x0, 0x3, 0x7, 0x2, 0x78bd, 0x9, 0x81, 0xe, 0xffff, 0x4, 0xff, 0xfffffff9, 0x3, 0x8, 0x9, 0x7, 0xa0d, 0x2, 0x0, 0xffff, 0x2, 0x3ff, 0x6d81, 0x4, 0x4, 0x2, 0xc, 0x1ca0, 0x6, 0x8001, 0x200, 0x0, 0x7, 0x0, 0x7ff, 0xff, 0x100000, 0x6, 0x2, 0x81, 0x6, 0x400, 0xbbc, 0x6, 0x6, 0x80, 0xb94, 0x8, 0x0, 0x3, 0xffffffff, 0x2, 0x1, 0xa91cf25, 0x24, 0x4, 0xffff8000, 0x0, 0xa346, 0x2, 0x4, 0x5, 0xffffffff, 0x2, 0x800, 0x8c3f, 0x8, 0x4, 0xfffffffb, 0xd3a7, 0xfffff001, 0x3, 0x1, 0xc52c, 0x2, 0x1, 0xfff, 0x1, 0x8, 0x2, 0xffffffff, 0x8, 0x10, 0x3e9, 0xff, 0x5, 0x3, 0x0, 0x4, 0x80, 0xffff, 0x9, 0x800, 0x6, 0x5, 0x7, 0x6, 0xfffffffe, 0xa3, 0xfffffffc, 0x8, 0x0, 0x8, 0xffffffe3, 0x10000, 0x9, 0x7ff, 0xac9, 0x7, 0x8, 0x9, 0x9, 0x1298, 0x2, 0x2, 0x8001, 0x0, 0x8, 0x5, 0x8, 0x75, 0xc, 0x10000, 0xfffffff4, 0x2, 0x10, 0x3, 0x4, 0x5, 0x2, 0xf18, 0x4, 0xfffffffb, 0x5, 0x4, 0xe97d, 0x1, 0x6d60, 0x5, 0x4, 0x2, 0x4, 0xfffffffa, 0x2, 0xd, 0x6, 0x5, 0xc, 0xffffffff, 0x4, 0x7, 0x6, 0x2, 0x532, 0xdf2, 0xebc4, 0xfffffffa, 0x10, 0x549, 0x6e39d18, 0x9, 0xffffffff, 0x4, 0x4, 0x579a, 0x6, 0x2, 0x7, 0x98, 0x7f, 0x4, 0x2, 0x10000000, 0xe0d, 0x9, 0x4, 0x1, 0x8, 0x5c9, 0x9, 0x1, 0x3, 0x5, 0x0, 0x10001, 0x1, 0x8, 0x9a2, 0x8, 0x5, 0x200, 0x0, 0x9, 0x9, 0x7f, 0x3, 0x3, 0x200, 0x14000000, 0x2, 0x2, 0x5e5c, 0x9, 0x401, 0x0, 0x6, 0x72d3eb6a, 0x9, 0x3, 0x7, 0xc, 0x7, 0xa2f, 0xd3, 0x0, 0x10001, 0x6, 0x3, 0xfffffff8, 0x2, 0x3, 0x9, 0x5, 0x8, 0x40, 0x8001, 0x5, 0x457b, 0x1, 0x28, 0x4, 0x6bc2, 0xfffff801, 0x9, 0x74e63179, 0x4, 0x672c30b6, 0x3, 0x0, 0x20b14f7c, 0xe826, 0x8, 0xffffb1e4, 0x2, 0x5, 0x9, 0x8, 0xfffffffd, 0xffffffff, 0x499, 0x55b, 0x83, 0x284, 0x1, 0xffffffff]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x2, 0x84, 0x1, 0x9, 0x40, 0x6, 0x2, 0x2, 0xa7, 0x5, 0x35b, 0x401, 0xaf9, 0x80, 0x8001, 0x2, 0xf, 0x74, 0x7, 0x8, 0x9, 0x4, 0xfffffede, 0x0, 0x3, 0x7, 0x25, 0x5, 0xb, 0x0, 0x38, 0x0, 0x9, 0x9, 0x0, 0x400, 0x2, 0xc, 0x0, 0x9, 0x4, 0x7, 0x6, 0x10001, 0x8a46, 0x200, 0x5, 0x9, 0x2, 0x6, 0x1, 0xae85, 0x5, 0x0, 0x81, 0xffffffff, 0xffb6, 0x1, 0x153, 0x100, 0x6f3b, 0x5, 0xd, 0x8001, 0x2, 0x9, 0x6, 0xfffeffff, 0x7, 0x5, 0x101, 0x6, 0x2, 0x4, 0x80000001, 0x4c, 0x7fff, 0x486b7097, 0xb8a, 0x3, 0xfffffffa, 0x9308, 0x0, 0x80000000, 0x4, 0x4, 0x8, 0x8, 0x2922003e, 0x0, 0xffffffff, 0x0, 0x8001, 0x80, 0x3, 0x5, 0x8, 0xffffffff, 0xf66e, 0x40, 0x4, 0x1, 0x8001, 0x0, 0x4, 0x5, 0xaa3, 0x0, 0x343d008d, 0x6, 0x101, 0x0, 0xc, 0x7, 0x24, 0x5, 0x9, 0x2, 0x2, 0x3, 0x1, 0xa4, 0x3ff, 0xffffffff, 0x3ff, 0x7, 0xb424, 0x7, 0x3, 0x4, 0x3, 0x3, 0x7, 0x9de2, 0xb, 0xd, 0x4, 0x5, 0x0, 0x6, 0xcf, 0x6, 0x4, 0x13, 0x2, 0x656, 0xfffffffa, 0x401, 0x8000, 0x8, 0x5, 0x9d29, 0x1, 0x0, 0x7, 0x28b341a2, 0x4, 0x4, 0x5, 0xfffffff5, 0x7, 0x7, 0x3, 0x3, 0x6, 0x10001, 0x7ff, 0x8000, 0x2, 0x788c, 0x200, 0x3ff, 0x8, 0x463, 0x80000001, 0x5, 0x4, 0x3ff, 0xa, 0x44, 0x30, 0x6, 0x0, 0x0, 0x2, 0xfffff368, 0x0, 0x5, 0x1, 0xeb90, 0x80000000, 0xfffffffc, 0x5, 0x1, 0x8001, 0x7, 0x9, 0x5, 0x9, 0x6, 0x8, 0x7, 0x80, 0x7, 0x4, 0x8, 0xfffffe01, 0x7ff, 0x5, 0x24000000, 0x3, 0x2, 0x4, 0xc0f8, 0x40, 0xfffffffe, 0x2, 0x40, 0x4, 0xffffffff, 0xe, 0x800, 0x3, 0x9, 0x5, 0x1, 0xa8c, 0x9, 0x1, 0x8, 0x2, 0x4, 0x9, 0x7, 0x9, 0x5, 0x7, 0xfffffffe, 0x80000001, 0x6, 0x6, 0xfffffffc, 0x4, 0x1, 0x6, 0x9, 0x7f, 0xd7f, 0x4, 0xf, 0x6, 0x6, 0x7, 0x7fffffff, 0xf]}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}]}, 0x88c}, 0x1, 0x0, 0x0, 0x1}, 0x800) 387.221163ms ago: executing program 3 (id=5915): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r0, 0x0, 0x2}, 0x18) write$P9_RREAD(r1, &(0x7f0000000580)=ANY=[], 0xa0) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 268.646575ms ago: executing program 5 (id=5916): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x3}, {0x0}, &(0x7f0000000440)=[{&(0x7f0000000a00)=""/4096, 0x1000}], 0x1, 0x60, 0x4}}], 0x48, 0x8004}, 0x0) 268.496355ms ago: executing program 5 (id=5917): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r1}, 0x10) syz_io_uring_setup(0x2704, &(0x7f00000003c0)={0x0, 0x19, 0x2c84, 0x0, 0x1fe}, &(0x7f0000ff0000), 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 239.208206ms ago: executing program 5 (id=5918): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r2, r3, 0x4, 0x0, @void}, 0x10) 206.988976ms ago: executing program 5 (id=5919): perf_event_open(&(0x7f0000000580)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_io_uring_setup(0xa4d, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x1, 0x24f}, &(0x7f00000000c0)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, {0x2}}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 128.606318ms ago: executing program 4 (id=5920): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001a80)="d8", 0x1}], 0x1}, 0x894) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 117.733928ms ago: executing program 4 (id=5921): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000a40)={0x8, 0x80, 0x0, 0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x2, 0x0, 0x2, 0x0, 0x8000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 98.517738ms ago: executing program 4 (id=5922): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYBLOB="000327bd7000fedbdf251300000008000100706369303a30303a31302e3000000000080003000000000008000b00d009000006"], 0x7c}, 0x1, 0x0, 0x0, 0x4004000}, 0x48050) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800) 0s ago: executing program 5 (id=5923): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) getrusage(0x1, &(0x7f0000000280)) kernel console output (not intermixed with test programs): 1411 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 151.664921][ T29] audit: type=1326 audit(1759196684.477:4210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11411 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefa5e35d67 code=0x7ffc0000 [ 151.689584][ T29] audit: type=1326 audit(1759196684.477:4211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11411 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fefa5ddaf79 code=0x7ffc0000 [ 151.713564][ T29] audit: type=1326 audit(1759196684.477:4212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11411 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 151.766867][ T29] audit: type=1326 audit(1759196684.717:4213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11411 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefa5e35d67 code=0x7ffc0000 [ 151.844597][ T3378] IPVS: starting estimator thread 0... [ 151.942674][T11415] IPVS: using max 2304 ests per chain, 115200 per kthread [ 152.012246][T11439] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3218'. [ 152.059789][T11441] SELinux: security_context_str_to_sid (-Xܘ7.H\ %u@) failed with errno=-22 [ 152.140878][T11450] sch_tbf: burst 2976 is lower than device lo mtu (11337746) ! [ 152.342133][T11453] hsr0 speed is unknown, defaulting to 1000 [ 152.831879][T11471] loop3: detected capacity change from 0 to 512 [ 152.846197][T11471] EXT4-fs: Ignoring removed oldalloc option [ 152.864688][T11471] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 153.033398][T11471] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.3231: invalid indirect mapped block 4294967295 (level 0) [ 153.055749][T11471] EXT4-fs (loop3): Remounting filesystem read-only [ 153.066827][T11471] EXT4-fs (loop3): 1 orphan inode deleted [ 153.072746][T11471] EXT4-fs (loop3): 1 truncate cleaned up [ 153.080785][T11471] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.137501][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.251744][T11506] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3245'. [ 153.279990][T11509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3246'. [ 153.302229][T11509] team0 (unregistering): Port device team_slave_0 removed [ 153.321371][T11509] team0 (unregistering): Port device team_slave_1 removed [ 153.351853][T11513] hsr0 speed is unknown, defaulting to 1000 [ 153.603421][T11526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3252'. [ 153.824011][T11540] geneve0: entered allmulticast mode [ 154.065380][T11565] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 154.183002][T11583] netlink: 'syz.0.3279': attribute type 1 has an invalid length. [ 154.261183][T11583] bond2: (slave gretap2): making interface the new active one [ 154.300955][T11583] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 154.545855][T11611] loop3: detected capacity change from 0 to 2048 [ 154.546721][T11612] hsr0 speed is unknown, defaulting to 1000 [ 154.603064][T11611] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.684721][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.870398][T11631] __nla_validate_parse: 2 callbacks suppressed [ 154.870422][T11631] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3296'. [ 155.064266][T11645] bond1: entered promiscuous mode [ 155.069692][T11645] bond1: entered allmulticast mode [ 155.092231][T11645] 8021q: adding VLAN 0 to HW filter on device bond1 [ 155.111365][T11645] bond1 (unregistering): Released all slaves [ 155.285945][T11662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3312'. [ 155.698817][T11692] loop3: detected capacity change from 0 to 1024 [ 155.777542][T11692] EXT4-fs: Ignoring removed bh option [ 155.801461][T11692] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 155.946085][T11692] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.989876][T11692] EXT4-fs error (device loop3): ext4_check_all_de:659: inode #12: block 7: comm syz.3.3325: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 156.080708][T11692] EXT4-fs (loop3): Remounting filesystem read-only [ 156.253786][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.603887][T11717] netlink: 'syz.3.3334': attribute type 3 has an invalid length. [ 156.776068][T11730] bridge_slave_0: left promiscuous mode [ 156.781916][T11730] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.803461][T11736] netlink: 'syz.0.3340': attribute type 10 has an invalid length. [ 156.811927][T11736] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3340'. [ 156.854034][T11730] bridge_slave_1: left allmulticast mode [ 156.859847][T11730] bridge_slave_1: left promiscuous mode [ 156.865985][T11730] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.894400][T11730] team0: Port device team_slave_0 removed [ 156.910920][T11749] netlink: 'syz.3.3348': attribute type 1 has an invalid length. [ 156.932936][T11730] team0: Port device team_slave_1 removed [ 156.947273][T11730] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.954886][T11730] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.979507][T11730] bond1: (slave geneve2): Releasing active interface [ 157.006696][T11730] bond0: (slave gretap1): Releasing active interface [ 157.029717][T11730] bond2: (slave gretap2): Releasing active interface [ 157.054247][T11736] batman_adv: batadv0: Adding interface: veth1_vlan [ 157.061148][T11736] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.091043][T11736] batman_adv: batadv0: Interface activated: veth1_vlan [ 157.108927][ T936] hsr0 speed is unknown, defaulting to 1000 [ 157.133369][T11751] bond1: (slave gretap1): making interface the new active one [ 157.142006][T11751] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 157.357376][ T29] kauditd_printk_skb: 505 callbacks suppressed [ 157.357397][ T29] audit: type=1400 audit(1759196690.327:4719): avc: denied { accept } for pid=11776 comm="syz.3.3360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 157.423583][T11783] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3363'. [ 157.435966][T11783] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3363'. [ 157.445213][T11783] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3363'. [ 157.479695][T11783] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3363'. [ 157.491242][T11783] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3363'. [ 157.500992][T11783] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3363'. [ 157.521618][T11792] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 157.530106][T11783] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3363'. [ 157.669366][ T29] audit: type=1326 audit(1759196690.637:4720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11804 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 157.713645][ T29] audit: type=1326 audit(1759196690.677:4721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11804 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 157.739148][ T29] audit: type=1326 audit(1759196690.677:4722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11804 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 157.763687][ T29] audit: type=1326 audit(1759196690.677:4723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11804 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 157.789288][ T29] audit: type=1326 audit(1759196690.677:4724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11804 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 157.813546][ T29] audit: type=1326 audit(1759196690.677:4725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11806 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9e10ab1785 code=0x7ffc0000 [ 157.867195][ T29] audit: type=1326 audit(1759196690.827:4726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11806 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 157.891825][ T29] audit: type=1326 audit(1759196690.837:4727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11804 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 157.916102][ T29] audit: type=1326 audit(1759196690.837:4728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11804 comm="syz.0.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 158.097652][T11831] IPv4: Oversized IP packet from 127.202.26.0 [ 158.271509][T11849] atomic_op ffff888104a50928 conn xmit_atomic 0000000000000000 [ 158.305260][T11847] bridge_slave_0: left promiscuous mode [ 158.311027][T11847] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.320680][T11851] 9pnet: p9_errstr2errno: server reported unknown error [ 158.328701][T11854] netlink: 'syz.2.3391': attribute type 10 has an invalid length. [ 158.338614][T11847] bridge_slave_1: left allmulticast mode [ 158.344657][T11847] bridge_slave_1: left promiscuous mode [ 158.350793][T11847] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.371539][T11847] team0: Port device team_slave_0 removed [ 158.384817][T11847] team0: Port device team_slave_1 removed [ 158.409206][T11847] bond0: (slave bridge1): Releasing active interface [ 158.416700][T11847] bridge1: left promiscuous mode [ 158.444747][T11854] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 158.470135][T11860] IPv4: Oversized IP packet from 127.202.26.0 [ 158.841790][T11889] batadv1: entered promiscuous mode [ 158.847452][T11889] batadv1: entered allmulticast mode [ 160.195721][T11943] SELinux: security policydb version 17 (MLS) not backwards compatible [ 160.206984][T11943] SELinux: failed to load policy [ 161.181984][T12026] netlink: 'syz.1.3470': attribute type 13 has an invalid length. [ 161.190191][T12026] netlink: 'syz.1.3470': attribute type 17 has an invalid length. [ 161.249489][T12026] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.269230][T12026] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 161.305999][T12032] random: crng reseeded on system resumption [ 161.480009][T12041] SELinux: failed to load policy [ 161.820239][T12097] loop3: detected capacity change from 0 to 1024 [ 161.835548][T12099] __nla_validate_parse: 7 callbacks suppressed [ 161.835618][T12099] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3500'. [ 161.856136][T12097] EXT4-fs: Ignoring removed orlov option [ 161.878769][T12097] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.160242][T12118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3509'. [ 162.282918][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.292133][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.316768][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.336750][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.345756][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.379698][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.433072][ T29] kauditd_printk_skb: 315 callbacks suppressed [ 162.433111][ T29] audit: type=1326 audit(1759196695.407:5044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.473048][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.482116][T12126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3512'. [ 162.503713][ T29] audit: type=1326 audit(1759196695.407:5045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.527615][ T29] audit: type=1326 audit(1759196695.407:5046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.551272][ T29] audit: type=1326 audit(1759196695.407:5047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.575300][ T29] audit: type=1326 audit(1759196695.407:5048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.599063][ T29] audit: type=1326 audit(1759196695.407:5049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.623153][ T29] audit: type=1326 audit(1759196695.407:5050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.647336][ T29] audit: type=1326 audit(1759196695.407:5051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.671032][ T29] audit: type=1326 audit(1759196695.407:5052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.694997][ T29] audit: type=1326 audit(1759196695.407:5053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12133 comm="syz.2.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 162.777643][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.787068][T12138] netlink: 'syz.0.3516': attribute type 13 has an invalid length. [ 162.795064][T12138] netlink: 'syz.0.3516': attribute type 17 has an invalid length. [ 162.859916][T12138] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.938166][T12138] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 164.079707][T12193] netlink: 'syz.1.3550': attribute type 1 has an invalid length. [ 164.357516][T12219] netlink: 'syz.3.3553': attribute type 1 has an invalid length. [ 164.402652][T12219] 8021q: adding VLAN 0 to HW filter on device bond2 [ 164.597298][T12240] netdevsim netdevsim1: Direct firmware load for failed with error -2 [ 164.985899][T12289] veth0: entered promiscuous mode [ 165.495923][T12343] program syz.0.3607 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 165.506612][T12341] SELinux: Context @ is not valid (left unmapped). [ 165.739137][T12380] netlink: 'syz.2.3623': attribute type 83 has an invalid length. [ 167.125565][T12506] loop3: detected capacity change from 0 to 1024 [ 167.132517][T12506] EXT4-fs: inline encryption not supported [ 167.144023][T12506] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.189377][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.544329][ T29] kauditd_printk_skb: 202 callbacks suppressed [ 167.544345][ T29] audit: type=1400 audit(1759196700.517:5256): avc: denied { ioctl } for pid=12541 comm="syz.4.3690" path="socket:[39025]" dev="sockfs" ino=39025 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 167.577719][ T29] audit: type=1400 audit(1759196700.557:5257): avc: denied { write } for pid=12541 comm="syz.4.3690" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 167.598986][ T29] audit: type=1400 audit(1759196700.557:5258): avc: denied { read } for pid=12541 comm="syz.4.3690" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 167.620454][ T29] audit: type=1326 audit(1759196700.557:5259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12549 comm="syz.0.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 167.645756][ T29] audit: type=1326 audit(1759196700.557:5260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12549 comm="syz.0.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 167.691443][ T29] audit: type=1326 audit(1759196700.647:5261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12549 comm="syz.0.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 167.715493][ T29] audit: type=1326 audit(1759196700.647:5262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12549 comm="syz.0.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 167.739493][ T29] audit: type=1326 audit(1759196700.647:5263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12549 comm="syz.0.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 167.763921][ T29] audit: type=1326 audit(1759196700.647:5264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12549 comm="syz.0.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 167.788261][ T29] audit: type=1326 audit(1759196700.647:5265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12549 comm="syz.0.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e10a7eec9 code=0x7ffc0000 [ 168.034702][T12572] netlink: 'syz.1.3704': attribute type 3 has an invalid length. [ 168.688123][T12604] __nla_validate_parse: 21 callbacks suppressed [ 168.688141][T12604] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3718'. [ 168.735097][T12606] 9p: Unknown Cache mode or invalid value fL [ 168.856384][T12616] 9pnet_fd: Insufficient options for proto=fd [ 168.866408][T12618] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3725'. [ 168.942145][T12630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.961641][T12630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.081419][T12647] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 169.154704][T12653] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3741'. [ 169.182707][T12656] vxcan1: entered allmulticast mode [ 169.496679][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3757'. [ 169.512533][T12691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3758'. [ 169.549114][T12693] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=12693 comm=syz.4.3759 [ 169.578705][T12697] 9p: Unknown Cache mode or invalid value fL [ 169.669246][T12708] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3767'. [ 169.821974][T12731] SELinux: ebitmap: truncated map [ 169.833321][T12731] SELinux: failed to load policy [ 169.844625][T12735] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3779'. [ 169.890198][T12742] 9p: Unknown Cache mode or invalid value fL [ 170.209315][T12756] hsr0 speed is unknown, defaulting to 1000 [ 171.415822][T12773] 9pnet_fd: Insufficient options for proto=fd [ 171.620412][T12781] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3799'. [ 171.638237][T12783] loop3: detected capacity change from 0 to 1024 [ 171.654530][T12783] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 171.665963][T12783] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 171.700421][T12783] JBD2: no valid journal superblock found [ 171.706600][T12783] EXT4-fs (loop3): Could not load journal inode [ 171.727438][T12783] SELinux: security_context_str_to_sid (-Xܘ7.H\ %u@) failed with errno=-22 [ 171.937730][T12800] loop3: detected capacity change from 0 to 164 [ 171.960278][T12800] syz.3.3807: attempt to access beyond end of device [ 171.960278][T12800] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 171.975481][T12800] syz.3.3807: attempt to access beyond end of device [ 171.975481][T12800] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 172.113505][T12812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3813'. [ 172.245133][ T3378] IPVS: starting estimator thread 0... [ 172.270730][T12831] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3821'. [ 172.287811][T12831] IPVS: Error connecting to the multicast addr [ 172.332926][T12832] IPVS: using max 2304 ests per chain, 115200 per kthread [ 172.508805][T12868] IPVS: Error connecting to the multicast addr [ 172.604404][T12886] loop3: detected capacity change from 0 to 512 [ 172.611312][T12886] EXT4-fs: Ignoring removed nobh option [ 172.622398][T12886] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.3848: iget: bad i_size value: 38620345925642 [ 172.636219][T12886] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.3848: couldn't read orphan inode 15 (err -117) [ 172.651397][T12886] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.668186][T12886] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.3848: bg 0: block 5: invalid block bitmap [ 172.691854][T12886] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 17 with error 28 [ 172.704853][T12886] EXT4-fs (loop3): This should not happen!! Data will be lost [ 172.704853][T12886] [ 172.714841][T12886] EXT4-fs (loop3): Total free blocks count 0 [ 172.721133][T12886] EXT4-fs (loop3): Free/Dirty block details [ 172.727187][T12886] EXT4-fs (loop3): free_blocks=0 [ 172.732161][T12886] EXT4-fs (loop3): dirty_blocks=17 [ 172.737429][T12886] EXT4-fs (loop3): Block reservation details [ 172.743579][T12886] EXT4-fs (loop3): i_reserved_data_blocks=17 [ 172.855749][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.022952][T12913] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.030497][T12913] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.200369][T12913] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.328898][ T3779] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.347371][ T3779] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.373921][ T3779] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.503110][ T3779] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.624430][T12965] netlink: 'syz.1.3872': attribute type 18 has an invalid length. [ 173.637002][ T3801] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.637644][T12965] netlink: 'syz.1.3872': attribute type 18 has an invalid length. [ 173.646712][ T3801] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.663384][ T3779] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.672220][ T3779] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.717555][ T29] kauditd_printk_skb: 123 callbacks suppressed [ 173.717574][ T29] audit: type=1326 audit(1759196706.687:5389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.748728][ T29] audit: type=1326 audit(1759196706.697:5390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.772948][ T29] audit: type=1326 audit(1759196706.697:5391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.797301][ T29] audit: type=1326 audit(1759196706.697:5392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.821214][ T29] audit: type=1326 audit(1759196706.697:5393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.845351][ T29] audit: type=1326 audit(1759196706.697:5394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.870174][ T29] audit: type=1326 audit(1759196706.697:5395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.894086][ T29] audit: type=1326 audit(1759196706.697:5396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.919186][ T29] audit: type=1326 audit(1759196706.697:5397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 173.944066][ T29] audit: type=1326 audit(1759196706.697:5398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12973 comm="syz.3.3876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 174.175347][T13000] __nla_validate_parse: 4 callbacks suppressed [ 174.175364][T13000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3886'. [ 174.191264][T13000] netlink: 'syz.3.3886': attribute type 18 has an invalid length. [ 174.214777][T12999] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3887'. [ 174.235425][T12985] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 174.305447][T13002] hsr0 speed is unknown, defaulting to 1000 [ 174.310956][T13000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3886'. [ 174.311518][T13002] syz1: Port: 1 Link DOWN [ 174.320751][T13000] netlink: 'syz.3.3886': attribute type 18 has an invalid length. [ 174.334751][T12999] erspan0: entered promiscuous mode [ 174.340189][T12999] macvtap1: entered promiscuous mode [ 174.346345][T12999] macvtap1: entered allmulticast mode [ 174.352039][T12999] erspan0: entered allmulticast mode [ 174.368438][ T3801] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 174.377787][ T3801] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.388220][T13008] erspan0: left allmulticast mode [ 174.393859][T13008] erspan0: left promiscuous mode [ 174.408922][ T3801] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 174.418357][ T3801] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.461700][ T3801] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 174.470870][ T3801] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.497057][ T3801] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 174.506936][ T3801] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.530123][T13010] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13010 comm=syz.2.3888 [ 174.596624][ T3801] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 174.608146][ T3801] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 174.619554][ T3801] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 174.629514][ T3801] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 175.126354][T13059] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 175.137881][T13058] IPVS: stopping master sync thread 13059 ... [ 175.573060][T13087] hsr0 speed is unknown, defaulting to 1000 [ 175.828120][T13113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3931'. [ 175.900495][T13113] macvtap1: entered promiscuous mode [ 175.906042][T13113] erspan0: entered promiscuous mode [ 175.911536][T13113] macvtap1: entered allmulticast mode [ 175.917043][T13113] erspan0: entered allmulticast mode [ 175.937000][T13120] erspan0: left allmulticast mode [ 175.942348][T13120] erspan0: left promiscuous mode [ 176.490412][T13171] loop3: detected capacity change from 0 to 1024 [ 176.499074][T13171] EXT4-fs: Ignoring removed bh option [ 176.506320][T13171] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 176.529477][T13171] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.620646][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.671693][T13190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3964'. [ 176.686875][T13194] : renamed from bond0 (while UP) [ 176.725813][T13190] erspan0: entered promiscuous mode [ 176.731612][T13190] macvtap1: entered promiscuous mode [ 176.737170][T13190] macvtap1: entered allmulticast mode [ 176.742737][T13190] erspan0: entered allmulticast mode [ 176.758695][T13190] erspan0: left allmulticast mode [ 176.764117][T13190] erspan0: left promiscuous mode [ 176.779987][T13199] netlink: 35468 bytes leftover after parsing attributes in process `syz.3.3968'. [ 176.792561][T13199] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3968'. [ 176.955635][T13227] loop3: detected capacity change from 0 to 1024 [ 176.983640][T13227] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.036818][T13227] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 177.083416][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.203614][T13256] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3993'. [ 177.212982][T13256] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3993'. [ 177.222784][T13256] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3993'. [ 177.232791][T13256] netlink: 'syz.1.3993': attribute type 6 has an invalid length. [ 177.330958][T13273] netlink: 'syz.1.4000': attribute type 4 has an invalid length. [ 177.377989][T13262] loop3: detected capacity change from 0 to 8192 [ 177.423732][T13262] loop3: p1 p2 p4 < > [ 177.428044][T13262] loop3: partition table partially beyond EOD, truncated [ 177.441481][T13262] loop3: p1 start 16777216 is beyond EOD, truncated [ 177.448553][T13262] loop3: p2 size 515840 extends beyond EOD, truncated [ 177.457816][T13262] loop3: p4 start 16777216 is beyond EOD, truncated [ 177.797434][T13301] netlink: 'syz.1.4014': attribute type 10 has an invalid length. [ 177.976125][T13306] hsr0 speed is unknown, defaulting to 1000 [ 178.032845][T13306] chnl_net:caif_netlink_parms(): no params data found [ 178.099425][T13306] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.106851][T13306] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.120744][T13306] bridge_slave_0: entered allmulticast mode [ 178.133248][T13306] bridge_slave_0: entered promiscuous mode [ 178.144385][T13306] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.151752][T13306] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.163875][T13306] bridge_slave_1: entered allmulticast mode [ 178.170475][T13306] bridge_slave_1: entered promiscuous mode [ 178.211859][T13306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.239649][T13306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.265990][T13306] team0: Port device team_slave_0 added [ 178.274594][T13306] team0: Port device team_slave_1 added [ 178.297377][T13306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.305039][T13306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.332014][T13306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.343341][T13347] hsr0 speed is unknown, defaulting to 1000 [ 178.344003][T13306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.356717][T13306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.383344][T13306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.434379][T13306] hsr_slave_0: entered promiscuous mode [ 178.440695][T13306] hsr_slave_1: entered promiscuous mode [ 178.446722][T13306] debugfs: 'hsr0' already exists in 'hsr' [ 178.452682][T13306] Cannot create hsr debugfs directory [ 178.481411][T13353] hsr0 speed is unknown, defaulting to 1000 [ 178.689279][T13306] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 178.709859][T13306] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 178.728229][T13306] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 178.746667][T13306] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 178.764687][T13385] hsr0 speed is unknown, defaulting to 1000 [ 178.770551][T13306] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.777911][T13306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.785392][T13306] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.792643][T13306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.801046][T13395] netlink: 'syz.2.4047': attribute type 13 has an invalid length. [ 178.809100][T13395] netlink: 'syz.2.4047': attribute type 17 has an invalid length. [ 178.867242][ T29] kauditd_printk_skb: 144 callbacks suppressed [ 178.867326][ T29] audit: type=1326 audit(1759196711.827:5543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 178.902828][ T29] audit: type=1326 audit(1759196711.837:5544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 178.918720][T13398] loop3: detected capacity change from 0 to 512 [ 178.926956][ T29] audit: type=1326 audit(1759196711.837:5545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 178.957611][ T29] audit: type=1326 audit(1759196711.837:5546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 178.962024][T13395] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.981564][ T29] audit: type=1326 audit(1759196711.837:5547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 178.981605][ T29] audit: type=1326 audit(1759196711.837:5548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 179.036484][ T29] audit: type=1326 audit(1759196711.837:5549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 179.060633][ T29] audit: type=1326 audit(1759196711.837:5550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 179.084575][ T29] audit: type=1326 audit(1759196711.837:5551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 179.092116][T13398] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.4050: bad orphan inode 11862016 [ 179.108572][ T29] audit: type=1326 audit(1759196711.877:5552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13396 comm="syz.3.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 179.144876][T13398] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 179.157576][T13398] ext4 filesystem being mounted at /785/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.214472][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 179.225352][T13395] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 179.251575][ T3798] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.263499][ T3798] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.310588][T13306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.327474][T13306] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.339083][ T3798] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.346385][ T3798] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.357052][ T3798] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.364806][ T3798] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.400964][T13306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.520316][T13306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.628821][T13445] vlan2: entered allmulticast mode [ 179.838559][T13306] veth0_vlan: entered promiscuous mode [ 179.861236][T13306] veth1_vlan: entered promiscuous mode [ 179.888851][T13306] veth0_macvtap: entered promiscuous mode [ 179.900607][T13306] veth1_macvtap: entered promiscuous mode [ 179.926505][T13306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.940549][T13306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.949782][T13478] macvtap0: refused to change device tx_queue_len [ 179.959455][T13481] __nla_validate_parse: 4 callbacks suppressed [ 179.959472][T13481] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4064'. [ 179.978185][ T3798] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.994677][ T3798] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.004055][ T3798] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.019869][ T3798] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.237867][T13518] netlink: 'syz.1.4073': attribute type 1 has an invalid length. [ 180.383580][T13547] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4090'. [ 180.392896][T13547] netlink: 'syz.3.4090': attribute type 14 has an invalid length. [ 180.410932][T13547] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4090'. [ 180.420168][T13547] netlink: 'syz.3.4090': attribute type 14 has an invalid length. [ 180.509308][T13564] netlink: 'syz.3.4084': attribute type 1 has an invalid length. [ 180.517448][T13564] netlink: 'syz.3.4084': attribute type 4 has an invalid length. [ 180.525365][T13564] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.4084'. [ 180.631917][T13580] netlink: 19 bytes leftover after parsing attributes in process `syz.1.4088'. [ 181.489545][T13713] hsr0 speed is unknown, defaulting to 1000 [ 181.643467][T13735] hsr0 speed is unknown, defaulting to 1000 [ 181.679415][T13739] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4139'. [ 181.688716][T13739] netlink: 'syz.4.4139': attribute type 14 has an invalid length. [ 181.729448][T13739] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4139'. [ 181.739365][T13739] netlink: 'syz.4.4139': attribute type 14 has an invalid length. [ 182.175782][T13783] hsr0 speed is unknown, defaulting to 1000 [ 182.432324][T13817] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4158'. [ 182.445229][T13817] bridge0: entered promiscuous mode [ 182.454130][T13817] bridge0: port 3(macvlan2) entered blocking state [ 182.456531][T13819] loop3: detected capacity change from 0 to 2048 [ 182.461151][T13817] bridge0: port 3(macvlan2) entered disabled state [ 182.489306][T13819] EXT4-fs (loop3): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.493060][T13817] macvlan2: entered allmulticast mode [ 182.507648][T13817] bridge0: entered allmulticast mode [ 182.528483][T13817] macvlan2: left allmulticast mode [ 182.534713][T13817] bridge0: left allmulticast mode [ 182.544048][T13817] bridge0: left promiscuous mode [ 182.555022][T13819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4159'. [ 182.576501][T13784] hsr0 speed is unknown, defaulting to 1000 [ 182.596319][ T3313] EXT4-fs (loop3): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 182.812134][T13862] macvtap0: refused to change device tx_queue_len [ 183.288917][T13970] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4184'. [ 183.899334][ T29] kauditd_printk_skb: 218 callbacks suppressed [ 183.899349][ T29] audit: type=1326 audit(1759196716.867:5771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14010 comm="syz.5.4202" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f10c5cdeec9 code=0x0 [ 183.956347][T14019] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 183.990550][ T29] audit: type=1326 audit(1759196716.947:5772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.015148][ T29] audit: type=1326 audit(1759196716.947:5773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.039065][ T29] audit: type=1326 audit(1759196716.957:5774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.063465][ T29] audit: type=1326 audit(1759196716.957:5775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.087250][ T29] audit: type=1326 audit(1759196716.957:5776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.111695][ T29] audit: type=1326 audit(1759196716.957:5777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.135882][ T29] audit: type=1326 audit(1759196716.957:5778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.159770][ T29] audit: type=1326 audit(1759196716.957:5779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.183674][ T29] audit: type=1326 audit(1759196716.957:5780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14020 comm="syz.1.4206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 184.292277][T14016] hsr0 speed is unknown, defaulting to 1000 [ 184.620357][T14068] netlink: 'syz.4.4234': attribute type 10 has an invalid length. [ 185.091904][T14093] hsr0 speed is unknown, defaulting to 1000 [ 185.419245][T14155] __nla_validate_parse: 5 callbacks suppressed [ 185.419313][T14155] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4262'. [ 185.434953][T14155] netlink: 'syz.4.4262': attribute type 30 has an invalid length. [ 185.877006][T14218] netlink: 228 bytes leftover after parsing attributes in process `syz.5.4292'. [ 185.939414][T14227] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4295'. [ 186.018127][T14231] netlink: 'syz.3.4298': attribute type 10 has an invalid length. [ 186.163487][T14245] syz.3.4304: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 186.178281][T14245] CPU: 1 UID: 0 PID: 14245 Comm: syz.3.4304 Not tainted syzkaller #0 PREEMPT(voluntary) [ 186.178351][T14245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 186.178392][T14245] Call Trace: [ 186.178399][T14245] [ 186.178409][T14245] __dump_stack+0x1d/0x30 [ 186.178435][T14245] dump_stack_lvl+0xe8/0x140 [ 186.178459][T14245] dump_stack+0x15/0x1b [ 186.178475][T14245] warn_alloc+0x12b/0x1a0 [ 186.178573][T14245] ? __pfx_min_vruntime_cb_rotate+0x10/0x10 [ 186.178679][T14245] __vmalloc_node_range_noprof+0x9c/0xe00 [ 186.178717][T14245] ? probe_sched_wakeup+0x85/0xa0 [ 186.178745][T14245] ? ttwu_do_activate+0x1d0/0x210 [ 186.178790][T14245] ? __rcu_read_unlock+0x4f/0x70 [ 186.178817][T14245] ? avc_has_perm_noaudit+0x1b1/0x200 [ 186.178856][T14245] ? should_fail_ex+0x30/0x280 [ 186.178942][T14245] ? xskq_create+0x36/0xe0 [ 186.178972][T14245] vmalloc_user_noprof+0x7d/0xb0 [ 186.179012][T14245] ? xskq_create+0x80/0xe0 [ 186.179097][T14245] xskq_create+0x80/0xe0 [ 186.179128][T14245] xsk_init_queue+0x95/0xf0 [ 186.179155][T14245] xsk_setsockopt+0x3f5/0x640 [ 186.179177][T14245] ? __pfx_xsk_setsockopt+0x10/0x10 [ 186.179201][T14245] __sys_setsockopt+0x184/0x200 [ 186.179309][T14245] __x64_sys_setsockopt+0x64/0x80 [ 186.179353][T14245] x64_sys_call+0x20ec/0x2ff0 [ 186.179381][T14245] do_syscall_64+0xd2/0x200 [ 186.179454][T14245] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 186.179544][T14245] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 186.179618][T14245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.179648][T14245] RIP: 0033:0x7fefa5e3eec9 [ 186.179682][T14245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.179707][T14245] RSP: 002b:00007fefa489f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 186.179786][T14245] RAX: ffffffffffffffda RBX: 00007fefa6095fa0 RCX: 00007fefa5e3eec9 [ 186.179804][T14245] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006 [ 186.179820][T14245] RBP: 00007fefa5ec1f91 R08: 0000000000000004 R09: 0000000000000000 [ 186.179837][T14245] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 186.179854][T14245] R13: 00007fefa6096038 R14: 00007fefa6095fa0 R15: 00007fff202b7d88 [ 186.179879][T14245] [ 186.179893][T14245] Mem-Info: [ 186.418441][T14245] active_anon:5741 inactive_anon:14034 isolated_anon:0 [ 186.418441][T14245] active_file:10290 inactive_file:2318 isolated_file:0 [ 186.418441][T14245] unevictable:29 dirty:353 writeback:0 [ 186.418441][T14245] slab_reclaimable:3537 slab_unreclaimable:133879 [ 186.418441][T14245] mapped:30654 shmem:16198 pagetables:1155 [ 186.418441][T14245] sec_pagetables:0 bounce:0 [ 186.418441][T14245] kernel_misc_reclaimable:0 [ 186.418441][T14245] free:1719848 free_pcp:49261 free_cma:0 [ 186.466178][T14245] Node 0 active_anon:26444kB inactive_anon:56136kB active_file:44756kB inactive_file:9272kB unevictable:116kB isolated(anon):0kB isolated(file):0kB mapped:126096kB dirty:1412kB writeback:0kB shmem:68272kB kernel_stack:4784kB pagetables:4620kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 186.495065][T14245] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 186.530465][T14245] lowmem_reserve[]: 0 2883 7862 7862 [ 186.536242][T14245] Node 0 DMA32 free:2949288kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952820kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB [ 186.567099][T14245] lowmem_reserve[]: 0 0 4978 4978 [ 186.572360][T14245] Node 0 Normal free:3914744kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34100kB inactive_anon:56136kB active_file:52296kB inactive_file:9272kB unevictable:116kB writepending:1412kB present:5242880kB managed:5098240kB mlocked:116kB bounce:0kB free_pcp:171180kB local_pcp:82728kB free_cma:0kB [ 186.607642][T14245] lowmem_reserve[]: 0 0 0 0 [ 186.612617][T14245] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 186.627475][T14245] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949288kB [ 186.645488][T14245] Node 0 Normal: 2*4kB (ME) 2*8kB (ME) 538*16kB (M) 634*32kB (UME) 522*64kB (UME) 339*128kB (UME) 249*256kB (UME) 175*512kB (UME) 122*1024kB (UM) 38*2048kB (UM) 843*4096kB (UM) = 3914744kB [ 186.665178][T14245] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 186.674925][T14245] 38128 total pagecache pages [ 186.679622][T14245] 143 pages in swap cache [ 186.684086][T14245] Free swap = 44348kB [ 186.688256][T14245] Total swap = 124996kB [ 186.692655][T14245] 2097051 pages RAM [ 186.696490][T14245] 0 pages HighMem/MovableOnly [ 186.701180][T14245] 80446 pages reserved [ 187.353660][T14316] netlink: 288 bytes leftover after parsing attributes in process `syz.5.4335'. [ 187.463971][T14330] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 187.473424][T14330] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 187.502702][T14334] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4344'. [ 187.919935][T14384] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4365'. [ 188.054876][T14399] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4371'. [ 188.064048][T14399] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4371'. [ 188.096946][T14401] netlink: 'syz.3.4372': attribute type 29 has an invalid length. [ 188.133540][T14401] netlink: 'syz.3.4372': attribute type 29 has an invalid length. [ 188.188808][T14412] loop3: detected capacity change from 0 to 512 [ 188.225420][T14412] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.263516][T14412] ext4 filesystem being mounted at /858/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 188.294425][T14406] loop5: detected capacity change from 0 to 128 [ 188.303744][T14412] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.4379: corrupted inode contents [ 188.322856][T14412] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.4379: mark_inode_dirty error [ 188.342075][T14412] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.4379: corrupted inode contents [ 188.373947][T14412] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.4379: mark_inode_dirty error [ 188.415663][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.433015][T14434] netlink: 'syz.4.4387': attribute type 3 has an invalid length. [ 188.739776][T14462] Falling back ldisc for ptm0. [ 188.866495][T14452] hsr0 speed is unknown, defaulting to 1000 [ 189.007331][T14474] loop3: detected capacity change from 0 to 512 [ 189.019774][T14474] EXT4-fs: Ignoring removed bh option [ 189.040835][T14474] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.053628][T14474] ext4 filesystem being mounted at /863/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 189.064123][ T29] kauditd_printk_skb: 112 callbacks suppressed [ 189.064141][ T29] audit: type=1326 audit(1759196722.027:5893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.094084][ T29] audit: type=1326 audit(1759196722.027:5894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.117978][ T29] audit: type=1326 audit(1759196722.027:5895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.141683][ T29] audit: type=1326 audit(1759196722.027:5896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.166049][ T29] audit: type=1326 audit(1759196722.027:5897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.190006][ T29] audit: type=1326 audit(1759196722.037:5898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.214410][ T29] audit: type=1326 audit(1759196722.037:5899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.238154][ T29] audit: type=1326 audit(1759196722.037:5900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.262312][ T29] audit: type=1326 audit(1759196722.037:5901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.286184][ T29] audit: type=1326 audit(1759196722.037:5902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14483 comm="syz.5.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 189.312659][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.975257][T14545] hsr0 speed is unknown, defaulting to 1000 [ 190.429302][T14589] netlink: 'syz.3.4454': attribute type 298 has an invalid length. [ 190.735379][T14614] loop5: detected capacity change from 0 to 128 [ 190.754270][T14614] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 190.780763][T14614] ext4 filesystem being mounted at /104/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 190.837051][T13306] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 190.893975][T14629] __nla_validate_parse: 1 callbacks suppressed [ 190.893996][T14629] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4471'. [ 190.923748][T14631] sch_tbf: peakrate 7 is lower than or equals to rate 19 ! [ 191.054023][T14641] netlink: 'syz.3.4477': attribute type 1 has an invalid length. [ 191.072601][T14646] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 37748736, id = 0 [ 191.088112][T14643] IPVS: stopping master sync thread 14646 ... [ 191.135920][T14650] loop3: detected capacity change from 0 to 128 [ 191.146107][T14650] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 191.159308][T14650] ext4 filesystem being mounted at /882/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 191.216221][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 191.246450][T14658] netlink: 'syz.3.4485': attribute type 4 has an invalid length. [ 191.254489][T14658] netlink: 120 bytes leftover after parsing attributes in process `syz.3.4485'. [ 191.276725][T14660] netlink: 'syz.1.4486': attribute type 4 has an invalid length. [ 191.491811][T14682] netdevsim netdevsim5: Direct firmware load for .. failed with error -2 [ 192.048561][T14728] netlink: 'syz.2.4514': attribute type 4 has an invalid length. [ 192.226311][T14740] netlink: 'syz.4.4520': attribute type 1 has an invalid length. [ 192.292826][T14743] vlan2: entered allmulticast mode [ 192.333637][T14744] bond1: (slave geneve2): making interface the new active one [ 192.352669][T14751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4525'. [ 192.363389][T14744] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 192.372547][ T3798] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 192.381834][ T3787] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 192.397755][ T3787] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 192.409764][ T3787] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 192.452973][T14756] netlink: 'syz.5.4527': attribute type 4 has an invalid length. [ 192.461375][T14756] netlink: 120 bytes leftover after parsing attributes in process `syz.5.4527'. [ 192.489049][T14763] loop3: detected capacity change from 0 to 512 [ 192.509673][T14763] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 192.519313][T14763] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4530: invalid indirect mapped block 8 (level 2) [ 192.551876][T14763] EXT4-fs (loop3): Remounting filesystem read-only [ 192.567168][T14763] EXT4-fs (loop3): 1 truncate cleaned up [ 192.573753][T14763] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.659961][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.733779][T14786] hsr0 speed is unknown, defaulting to 1000 [ 192.893143][T14782] hsr0 speed is unknown, defaulting to 1000 [ 193.085211][T14810] ipvlan2: entered promiscuous mode [ 193.092180][T14810] bridge0: port 3(ipvlan2) entered blocking state [ 193.099525][T14810] bridge0: port 3(ipvlan2) entered disabled state [ 193.120322][T14810] ipvlan2: entered allmulticast mode [ 193.125994][T14810] bridge0: entered allmulticast mode [ 193.144417][T14810] ipvlan2: left allmulticast mode [ 193.149956][T14810] bridge0: left allmulticast mode [ 193.180425][T14821] netlink: 'syz.2.4554': attribute type 13 has an invalid length. [ 193.378077][T14830] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4567'. [ 193.409442][T14830] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4567'. [ 193.868082][ T3801] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.877569][ T3801] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.887622][T14846] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4560'. [ 193.897433][ T3801] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.906765][ T3801] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.086515][ T3801] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.096455][ T3801] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.109571][ T3801] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.119022][ T3801] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.227209][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 194.227226][ T29] audit: type=1400 audit(1759196727.197:5963): avc: denied { write } for pid=14873 comm="syz.5.4575" name="usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 194.433683][T14895] netlink: 'syz.2.4585': attribute type 1 has an invalid length. [ 194.483637][T14895] bond2: (slave geneve3): making interface the new active one [ 194.495917][T14895] bond2: (slave geneve3): Enslaving as an active interface with an up link [ 194.511376][ T3787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.545274][ T3787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.583496][ T3787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.602117][ T3787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.638118][T14905] vlan2: entered allmulticast mode [ 194.689419][ T29] audit: type=1326 audit(1759196727.657:5964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.715356][ T29] audit: type=1326 audit(1759196727.687:5965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.753958][ T29] audit: type=1326 audit(1759196727.707:5966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.778300][ T29] audit: type=1326 audit(1759196727.707:5967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.802282][ T29] audit: type=1326 audit(1759196727.707:5968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.826239][ T29] audit: type=1326 audit(1759196727.707:5969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.850377][ T29] audit: type=1326 audit(1759196727.707:5970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.874446][ T29] audit: type=1326 audit(1759196727.707:5971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.898120][ T29] audit: type=1326 audit(1759196727.707:5972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14910 comm="syz.1.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 194.949256][T14924] loop3: detected capacity change from 0 to 256 [ 194.960104][T14924] /dev/loop3: Can't open blockdev [ 196.994714][T15043] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4647'. [ 197.009024][T15043] IPVS: Error connecting to the multicast addr [ 197.116598][T15061] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4666'. [ 197.177477][T15068] netlink: 19 bytes leftover after parsing attributes in process `syz.5.4659'. [ 197.396690][T15081] loop5: detected capacity change from 0 to 4096 [ 197.411755][T15081] EXT4-fs: Ignoring removed nomblk_io_submit option [ 197.444009][T15081] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.556653][T15099] lo speed is unknown, defaulting to 1000 [ 197.579850][T15099] lo speed is unknown, defaulting to 1000 [ 197.594886][T15099] lo speed is unknown, defaulting to 1000 [ 197.622462][T15099] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 197.655647][T15099] lo speed is unknown, defaulting to 1000 [ 197.692868][T15099] lo speed is unknown, defaulting to 1000 [ 197.710173][T15099] lo speed is unknown, defaulting to 1000 [ 197.735878][T15099] lo speed is unknown, defaulting to 1000 [ 197.742456][T15099] lo speed is unknown, defaulting to 1000 [ 197.749498][T15099] lo speed is unknown, defaulting to 1000 [ 197.760523][T13306] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.228797][T15106] Set syz1 is full, maxelem 65536 reached [ 198.798619][T15155] hsr0 speed is unknown, defaulting to 1000 [ 198.805431][T15155] lo speed is unknown, defaulting to 1000 [ 199.115576][T15176] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4702'. [ 199.125307][T15179] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 199.194979][T15187] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4707'. [ 199.211357][T15187] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4707'. [ 199.285023][T15200] netlink: 360 bytes leftover after parsing attributes in process `syz.2.4713'. [ 199.317899][T15206] netlink: 272 bytes leftover after parsing attributes in process `syz.5.4716'. [ 199.492429][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 199.492523][ T29] audit: type=1400 audit(1759196732.457:5993): avc: denied { setcurrent } for pid=15217 comm="syz.3.4721" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 199.550033][T15224] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4724'. [ 199.566990][T15225] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 199.590406][ T29] audit: type=1326 audit(1759196732.557:5994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.615490][ T29] audit: type=1326 audit(1759196732.557:5995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.639741][ T29] audit: type=1326 audit(1759196732.557:5996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.664370][ T29] audit: type=1326 audit(1759196732.557:5997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.688622][ T29] audit: type=1326 audit(1759196732.557:5998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.712796][ T29] audit: type=1326 audit(1759196732.557:5999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.736653][ T29] audit: type=1326 audit(1759196732.557:6000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.760485][ T29] audit: type=1326 audit(1759196732.557:6001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.784255][ T29] audit: type=1326 audit(1759196732.557:6002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.2.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f606d77eec9 code=0x7ffc0000 [ 199.978518][T15261] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 200.027314][T15267] netlink: 'syz.1.4744': attribute type 13 has an invalid length. [ 200.165509][T15271] wireguard0: entered promiscuous mode [ 200.171134][T15271] wireguard0: entered allmulticast mode [ 200.188765][ T3801] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.197838][ T3801] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.207000][ T3801] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.216791][ T3801] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.226374][ T3801] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.235734][ T3801] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.245083][ T3801] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.254211][ T3801] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.297782][T15287] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4753'. [ 200.422883][T15298] futex_wake_op: +}[@ tries to shift op by -1; fix this program [ 200.506100][T15314] netlink: 'syz.4.4763': attribute type 13 has an invalid length. [ 200.720791][T15306] hsr0 speed is unknown, defaulting to 1000 [ 200.727890][ T3798] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.737216][ T3798] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.746612][ T3798] netdevsim netdevsim4 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 200.769537][T15306] lo speed is unknown, defaulting to 1000 [ 200.788813][ T3798] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.797931][ T3798] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.807353][ T3798] netdevsim netdevsim4 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 200.872417][ T3798] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.881696][ T3798] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.890971][ T3798] netdevsim netdevsim4 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 200.902696][ T3798] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.911834][ T3798] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.920790][ T3798] netdevsim netdevsim4 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 201.236647][T15356] netlink: 'syz.1.4782': attribute type 30 has an invalid length. [ 201.251968][ T3779] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 201.263715][ T3779] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 201.272759][ T3779] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 201.281733][ T3779] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 201.329231][T15358] loop5: detected capacity change from 0 to 1024 [ 201.348338][T15358] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities [ 201.583047][T15391] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 201.733238][T15414] loop5: detected capacity change from 0 to 128 [ 201.743279][T15414] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 201.751602][T15414] FAT-fs (loop5): Filesystem has been set read-only [ 201.758728][T15414] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 201.767436][T15414] syz.5.4807: attempt to access beyond end of device [ 201.767436][T15414] loop5: rw=2049, sector=2065, nr_sectors = 8 limit=128 [ 202.029857][T15440] __nla_validate_parse: 9 callbacks suppressed [ 202.029877][T15440] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4820'. [ 202.063857][T15442] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4821'. [ 202.092089][T15445] sd 0:0:1:0: device reset [ 202.529874][T15512] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=15512 comm=syz.5.4849 [ 202.985609][T15558] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5131 sclass=netlink_route_socket pid=15558 comm=syz.4.4871 [ 203.225446][T15569] hsr0 speed is unknown, defaulting to 1000 [ 203.242227][T15569] lo speed is unknown, defaulting to 1000 [ 203.681427][T15594] ALSA: seq fatal error: cannot create timer (-19) [ 203.767372][T15609] loop5: detected capacity change from 0 to 1024 [ 203.775211][T15609] EXT4-fs: Ignoring removed nobh option [ 203.780934][T15609] EXT4-fs: Ignoring removed bh option [ 203.786962][T15609] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 203.812686][T15609] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.954001][T13306] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.040165][T15633] sch_tbf: burst 2976 is lower than device lo mtu (65550) ! [ 204.174643][T15643] netlink: 'syz.4.4905': attribute type 10 has an invalid length. [ 204.183744][T15643] netlink: 'syz.4.4905': attribute type 10 has an invalid length. [ 204.192507][T15643] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4905'. [ 204.380196][T15664] wireguard0: entered promiscuous mode [ 204.386249][T15664] wireguard0: entered allmulticast mode [ 204.506409][ T29] kauditd_printk_skb: 107 callbacks suppressed [ 204.506429][ T29] audit: type=1326 audit(1759196737.477:6110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 204.536568][ T29] audit: type=1326 audit(1759196737.477:6111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 204.558321][T15672] loop3: detected capacity change from 0 to 1024 [ 204.591227][ T29] audit: type=1326 audit(1759196737.477:6112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 204.616227][ T29] audit: type=1326 audit(1759196737.477:6113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fefa5e3ef03 code=0x7ffc0000 [ 204.640242][ T29] audit: type=1326 audit(1759196737.477:6114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fefa5e3d97f code=0x7ffc0000 [ 204.663947][ T29] audit: type=1326 audit(1759196737.487:6115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fefa5e3ef57 code=0x7ffc0000 [ 204.687973][ T29] audit: type=1326 audit(1759196737.517:6116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fefa5e3d710 code=0x7ffc0000 [ 204.690059][T15672] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.711970][ T29] audit: type=1326 audit(1759196737.517:6117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fefa5e3eacb code=0x7ffc0000 [ 204.747940][ T29] audit: type=1326 audit(1759196737.547:6118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fefa5e3db2a code=0x7ffc0000 [ 204.771690][ T29] audit: type=1326 audit(1759196737.547:6119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15671 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fefa5e3db2a code=0x7ffc0000 [ 204.885743][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.103762][T15706] tipc: Started in network mode [ 205.108994][T15706] tipc: Node identity fffeffff, cluster identity 6 [ 205.115724][T15706] tipc: Node number set to 4294901759 [ 205.333473][T15724] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4935'. [ 205.398660][T15730] openvswitch: netlink: Message has 6 unknown bytes. [ 205.467263][T15741] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4946'. [ 205.477062][T15741] netlink: 'syz.3.4946': attribute type 1 has an invalid length. [ 205.484839][T15741] netlink: 'syz.3.4946': attribute type 2 has an invalid length. [ 205.688968][T15749] netlink: 'syz.1.4950': attribute type 10 has an invalid length. [ 205.697474][T15749] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4950'. [ 205.712620][T15749] veth1_vlan: left promiscuous mode [ 205.719140][T15749] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 205.912386][T15774] wireguard0: entered promiscuous mode [ 205.918037][T15774] wireguard0: entered allmulticast mode [ 206.150447][T15792] loop5: detected capacity change from 0 to 512 [ 206.166203][T15793] ipip0: entered promiscuous mode [ 206.179806][T15792] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 206.191013][T15792] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 206.201224][T15792] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.4967: corrupted in-inode xattr: e_value size too large [ 206.218106][T15792] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.4967: couldn't read orphan inode 15 (err -117) [ 206.233364][T15792] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 206.385058][T13306] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.668126][T15829] netlink: 'syz.2.4983': attribute type 10 has an invalid length. [ 206.677733][T15829] netlink: 'syz.2.4983': attribute type 10 has an invalid length. [ 206.685966][T15829] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4983'. [ 206.869546][T15858] tipc: Cannot configure node identity twice [ 207.005380][T15878] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5006'. [ 207.081788][T15890] loop5: detected capacity change from 0 to 1024 [ 207.104351][T15890] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.154237][T13306] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.257804][T15904] wireguard0: entered promiscuous mode [ 207.263416][T15904] wireguard0: entered allmulticast mode [ 207.287163][T15903] netdevsim netdevsim1: Direct firmware load for ./file0/file1 failed with error -2 [ 207.421635][T15915] loop3: detected capacity change from 0 to 512 [ 207.428632][T15915] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 207.441255][T15915] EXT4-fs (loop3): 1 truncate cleaned up [ 207.449125][T15915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.538570][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.573037][T15933] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 207.818921][T15979] program syz.5.5048 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 207.831196][T15980] veth5: entered promiscuous mode [ 207.847257][T15976] hsr0 speed is unknown, defaulting to 1000 [ 207.856223][T15976] lo speed is unknown, defaulting to 1000 [ 208.113978][T16018] pim6reg: entered allmulticast mode [ 208.121798][T16018] pim6reg: left allmulticast mode [ 208.225994][T16032] atomic_op ffff88811b6e6928 conn xmit_atomic 0000000000000000 [ 208.275126][T16039] wireguard0: entered promiscuous mode [ 208.280863][T16039] wireguard0: entered allmulticast mode [ 208.295844][T16045] netlink: 'syz.3.5078': attribute type 1 has an invalid length. [ 208.303829][T16045] netlink: 'syz.3.5078': attribute type 4 has an invalid length. [ 208.311825][T16045] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.5078'. [ 208.518512][T16076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5090'. [ 208.585168][T16081] atomic_op ffff88811b6e7d28 conn xmit_atomic 0000000000000000 [ 208.640548][T16088] wireguard0: entered promiscuous mode [ 208.646275][T16088] wireguard0: entered allmulticast mode [ 208.770543][T16101] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 208.819932][T16107] netlink: 4436 bytes leftover after parsing attributes in process `syz.1.5105'. [ 208.829760][T16107] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 208.844163][T16105] vhci_hcd: invalid port number 96 [ 208.849409][T16105] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 208.893217][T16112] pim6reg: entered allmulticast mode [ 208.902889][T13002] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x4 [ 208.910793][T13002] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x2 [ 208.921431][T16112] pim6reg: left allmulticast mode [ 208.922318][T13002] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x3 [ 208.935734][T13002] hid-generic 0000:3000000:0000.0009: hidraw0: HID v0.00 Device [sy] on syz0 [ 208.967805][T16118] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 208.976213][T16118] vhci_hcd: default hub control req: 2314 v0008 i0002 l0 [ 209.003193][T16124] loop5: detected capacity change from 0 to 256 [ 209.030632][T16124] FAT-fs (loop5): Directory bread(block 64) failed [ 209.047507][T16124] FAT-fs (loop5): Directory bread(block 65) failed [ 209.062510][T16124] FAT-fs (loop5): Directory bread(block 66) failed [ 209.073630][T16124] FAT-fs (loop5): Directory bread(block 67) failed [ 209.090336][T16124] FAT-fs (loop5): Directory bread(block 68) failed [ 209.101924][T16124] FAT-fs (loop5): Directory bread(block 69) failed [ 209.110963][T16135] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5118'. [ 209.121037][T16124] FAT-fs (loop5): Directory bread(block 70) failed [ 209.129603][T16124] FAT-fs (loop5): Directory bread(block 71) failed [ 209.137173][T16124] FAT-fs (loop5): Directory bread(block 72) failed [ 209.144615][T16124] FAT-fs (loop5): Directory bread(block 73) failed [ 209.297946][T16151] netlink: 19 bytes leftover after parsing attributes in process `syz.1.5125'. [ 209.630302][T16198] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5146'. [ 209.649984][T16198] 0{X: renamed from gretap0 [ 209.658397][T16198] 0{X: entered allmulticast mode [ 209.664864][T16198] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 209.810533][ T29] kauditd_printk_skb: 315 callbacks suppressed [ 209.810552][ T29] audit: type=1400 audit(1759196742.777:6435): avc: denied { associate } for pid=16212 comm="syz.1.5150" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 210.075183][ T29] audit: type=1400 audit(1759196743.047:6436): avc: denied { watch watch_reads } for pid=16223 comm="syz.5.5157" path="/" dev="configfs" ino=1836 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 210.170136][ T29] audit: type=1326 audit(1759196743.137:6437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 210.198995][T16229] loop5: detected capacity change from 0 to 512 [ 210.214315][T16229] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 210.252464][ T29] audit: type=1326 audit(1759196743.167:6438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 210.266108][T16229] EXT4-fs (loop5): 1 truncate cleaned up [ 210.276567][ T29] audit: type=1326 audit(1759196743.167:6439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f10c5cdef03 code=0x7ffc0000 [ 210.293500][T16229] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.306444][ T29] audit: type=1326 audit(1759196743.167:6440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f10c5cdd97f code=0x7ffc0000 [ 210.306484][ T29] audit: type=1326 audit(1759196743.167:6441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f10c5cdef57 code=0x7ffc0000 [ 210.306517][ T29] audit: type=1326 audit(1759196743.167:6442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f10c5cdd710 code=0x7ffc0000 [ 210.391185][ T29] audit: type=1326 audit(1759196743.167:6443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f10c5cdeacb code=0x7ffc0000 [ 210.415050][ T29] audit: type=1326 audit(1759196743.187:6444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.5.5159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f10c5cddb2a code=0x7ffc0000 [ 210.417937][T16239] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5163'. [ 210.532775][T13306] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.704698][T16256] lo speed is unknown, defaulting to 1000 [ 210.736110][T16256] lo speed is unknown, defaulting to 1000 [ 210.775614][T16256] lo speed is unknown, defaulting to 1000 [ 210.809363][T16256] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 210.861832][T16270] veth1: entered promiscuous mode [ 210.879553][T16256] lo speed is unknown, defaulting to 1000 [ 210.909412][T16256] lo speed is unknown, defaulting to 1000 [ 210.916029][T16256] lo speed is unknown, defaulting to 1000 [ 210.968201][T16256] lo speed is unknown, defaulting to 1000 [ 210.988864][T16256] lo speed is unknown, defaulting to 1000 [ 211.017769][T16256] lo speed is unknown, defaulting to 1000 [ 211.223761][T16300] netlink: 'syz.4.5192': attribute type 13 has an invalid length. [ 211.259660][T16300] gretap0: refused to change device tx_queue_len [ 211.293290][T16300] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 211.397799][T12916] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x4 [ 211.406048][T12916] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x2 [ 211.432620][T12916] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x0 [ 211.440406][T12916] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x0 [ 211.448381][T12916] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x0 [ 211.456648][T12916] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x0 [ 211.464401][T12916] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x0 [ 211.522857][T12916] hid-generic 0000:3000000:0000.000A: hidraw0: HID v0.00 Device [sy] on syz0 [ 211.741393][T16340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5209'. [ 211.792297][T16347] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5209'. [ 211.851270][T16332] hsr0 speed is unknown, defaulting to 1000 [ 211.863633][T16332] lo speed is unknown, defaulting to 1000 [ 211.874679][T16332] lo speed is unknown, defaulting to 1000 [ 213.155850][T16397] hsr0 speed is unknown, defaulting to 1000 [ 213.225801][T16397] lo speed is unknown, defaulting to 1000 [ 213.245099][T16397] lo speed is unknown, defaulting to 1000 [ 213.803955][ T936] IPVS: starting estimator thread 0... [ 213.912566][T16422] IPVS: using max 2208 ests per chain, 110400 per kthread [ 214.004731][ T3779] IPVS: stop unused estimator thread 0... [ 214.211580][T16444] ip6tnl1: entered promiscuous mode [ 214.239272][T16424] hsr0 speed is unknown, defaulting to 1000 [ 214.260527][T16424] lo speed is unknown, defaulting to 1000 [ 214.276319][T16424] lo speed is unknown, defaulting to 1000 [ 214.293820][T16446] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5251'. [ 214.356062][T16448] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5252'. [ 214.532919][T16450] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.652698][T16450] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.759919][T16450] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 215.024022][T16450] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 215.075181][T16485] netlink: 'syz.4.5267': attribute type 10 has an invalid length. [ 215.085023][T16487] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5268'. [ 215.097940][ T3798] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.106887][ T3798] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.116322][ T3798] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.180533][ T3798] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.193758][T16491] IPv6: NLM_F_CREATE should be specified when creating new route [ 215.336500][T16503] hsr0 speed is unknown, defaulting to 1000 [ 215.343163][T16503] lo speed is unknown, defaulting to 1000 [ 215.349324][T16503] lo speed is unknown, defaulting to 1000 [ 215.457455][ T29] kauditd_printk_skb: 101 callbacks suppressed [ 215.457474][ T29] audit: type=1326 audit(1759196748.427:6546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16510 comm="syz.1.5280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 215.508162][ T29] audit: type=1326 audit(1759196748.467:6547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16510 comm="syz.1.5280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 215.532139][ T29] audit: type=1326 audit(1759196748.467:6548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16510 comm="syz.1.5280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 215.556115][ T29] audit: type=1326 audit(1759196748.467:6549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16510 comm="syz.1.5280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 215.647504][ T29] audit: type=1400 audit(1759196748.617:6550): avc: denied { remount } for pid=16519 comm="syz.1.5282" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 215.743324][T16533] netlink: 96 bytes leftover after parsing attributes in process `syz.4.5288'. [ 215.890787][ T29] audit: type=1400 audit(1759196748.857:6551): avc: denied { read } for pid=16547 comm="syz.5.5296" name="file0" dev="tmpfs" ino=1404 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 215.941955][T16557] netem: change failed [ 216.024596][ T29] audit: type=1326 audit(1759196748.997:6552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16564 comm="syz.1.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 216.060396][ T29] audit: type=1326 audit(1759196748.997:6553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16564 comm="syz.1.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 216.084789][ T29] audit: type=1326 audit(1759196748.997:6554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16564 comm="syz.1.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 216.109340][ T29] audit: type=1326 audit(1759196749.027:6555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16564 comm="syz.1.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 216.353718][T16585] warn_alloc: 1 callbacks suppressed [ 216.353737][T16585] syz.2.5312: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 216.373749][T16585] CPU: 1 UID: 0 PID: 16585 Comm: syz.2.5312 Not tainted syzkaller #0 PREEMPT(voluntary) [ 216.373789][T16585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 216.373803][T16585] Call Trace: [ 216.373844][T16585] [ 216.373854][T16585] __dump_stack+0x1d/0x30 [ 216.373876][T16585] dump_stack_lvl+0xe8/0x140 [ 216.373938][T16585] dump_stack+0x15/0x1b [ 216.373961][T16585] warn_alloc+0x12b/0x1a0 [ 216.374005][T16585] __vmalloc_node_range_noprof+0x9c/0xe00 [ 216.374052][T16585] ? __futex_wait+0x1ff/0x260 [ 216.374095][T16585] ? __pfx_futex_wake_mark+0x10/0x10 [ 216.374136][T16585] ? __rcu_read_unlock+0x4f/0x70 [ 216.374226][T16585] ? avc_has_perm_noaudit+0x1b1/0x200 [ 216.374256][T16585] ? should_fail_ex+0x30/0x280 [ 216.374290][T16585] ? xskq_create+0x36/0xe0 [ 216.374322][T16585] vmalloc_user_noprof+0x7d/0xb0 [ 216.374366][T16585] ? xskq_create+0x80/0xe0 [ 216.374388][T16585] xskq_create+0x80/0xe0 [ 216.374411][T16585] xsk_init_queue+0x95/0xf0 [ 216.374437][T16585] xsk_setsockopt+0x477/0x640 [ 216.374480][T16585] ? __pfx_xsk_setsockopt+0x10/0x10 [ 216.374508][T16585] __sys_setsockopt+0x184/0x200 [ 216.374580][T16585] __x64_sys_setsockopt+0x64/0x80 [ 216.374616][T16585] x64_sys_call+0x20ec/0x2ff0 [ 216.374639][T16585] do_syscall_64+0xd2/0x200 [ 216.374663][T16585] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 216.374713][T16585] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 216.374757][T16585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.374786][T16585] RIP: 0033:0x7f606d77eec9 [ 216.374803][T16585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.374891][T16585] RSP: 002b:00007f606c1e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 216.374915][T16585] RAX: ffffffffffffffda RBX: 00007f606d9d5fa0 RCX: 00007f606d77eec9 [ 216.374931][T16585] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 216.374984][T16585] RBP: 00007f606d801f91 R08: 0000000000000004 R09: 0000000000000000 [ 216.374998][T16585] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 216.375010][T16585] R13: 00007f606d9d6038 R14: 00007f606d9d5fa0 R15: 00007ffda4bfbdc8 [ 216.375033][T16585] [ 216.375056][T16585] Mem-Info: [ 216.606166][T16585] active_anon:42968 inactive_anon:13995 isolated_anon:0 [ 216.606166][T16585] active_file:27215 inactive_file:2330 isolated_file:0 [ 216.606166][T16585] unevictable:9209 dirty:345 writeback:0 [ 216.606166][T16585] slab_reclaimable:3642 slab_unreclaimable:212569 [ 216.606166][T16585] mapped:37722 shmem:53272 pagetables:1238 [ 216.606166][T16585] sec_pagetables:0 bounce:0 [ 216.606166][T16585] kernel_misc_reclaimable:0 [ 216.606166][T16585] free:1598086 free_pcp:33632 free_cma:0 [ 216.653623][T16585] Node 0 active_anon:166536kB inactive_anon:55980kB active_file:108860kB inactive_file:9320kB unevictable:38228kB isolated(anon):0kB isolated(file):0kB mapped:152280kB dirty:1380kB writeback:0kB shmem:207868kB kernel_stack:4944kB pagetables:5068kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 216.682526][T16585] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 216.712737][T16585] lowmem_reserve[]: 0 2883 7862 7862 [ 216.718399][T16585] Node 0 DMA32 free:2949288kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952820kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB [ 216.749796][T16585] lowmem_reserve[]: 0 0 4978 4978 [ 216.755746][T16585] Node 0 Normal free:3427696kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:166628kB inactive_anon:55980kB active_file:109324kB inactive_file:9320kB unevictable:41028kB writepending:1380kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:131124kB local_pcp:11796kB free_cma:0kB [ 216.790523][T16585] lowmem_reserve[]: 0 0 0 0 [ 216.793167][T16592] loop5: detected capacity change from 0 to 512 [ 216.795261][T16585] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 216.815322][T16585] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949288kB [ 216.832268][T16585] Node 0 Normal: 2*4kB (ME) 1*8kB (M) 3*16kB (UME) 65*32kB (UE) 139*64kB (UE) 6*128kB (U) 9*256kB (UME) 101*512kB (UME) 121*1024kB (UM) 47*2048kB (UM) 767*4096kB (UM) = 3427616kB [ 216.837013][T16589] sd 0:0:1:0: device reset [ 216.851276][T16585] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 216.865851][T16585] 93166 total pagecache pages [ 216.870652][T16585] 154 pages in swap cache [ 216.875338][T16585] Free swap = 44324kB [ 216.879531][T16585] Total swap = 124996kB [ 216.883905][T16585] 2097051 pages RAM [ 216.888011][T16585] 0 pages HighMem/MovableOnly [ 216.892848][T16585] 80446 pages reserved [ 216.902750][T16592] EXT4-fs warning (device loop5): ext4_enable_quotas:7178: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 216.924837][T16592] EXT4-fs (loop5): mount failed [ 217.437963][T16672] hsr0 speed is unknown, defaulting to 1000 [ 217.445605][T16672] lo speed is unknown, defaulting to 1000 [ 217.452521][T16672] lo speed is unknown, defaulting to 1000 [ 217.557756][T16672] netlink: 'syz.3.5352': attribute type 13 has an invalid length. [ 217.565867][T16672] netlink: 'syz.3.5352': attribute type 17 has an invalid length. [ 217.583147][T16672] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 217.722967][T16704] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5376'. [ 217.806599][T16705] hsr0 speed is unknown, defaulting to 1000 [ 217.878159][T16705] lo speed is unknown, defaulting to 1000 [ 217.913067][T16705] lo speed is unknown, defaulting to 1000 [ 217.915152][T16723] all: renamed from lo [ 217.988426][T16729] loop5: detected capacity change from 0 to 128 [ 218.005733][T16729] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 218.032878][T16729] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 218.085162][ T3820] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 218.186442][T13002] IPVS: starting estimator thread 0... [ 218.261685][T16760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5389'. [ 218.270988][T16760] netlink: 'syz.3.5389': attribute type 5 has an invalid length. [ 218.342265][T16765] loop3: detected capacity change from 0 to 512 [ 218.350093][ T3779] IPVS: stop unused estimator thread 0... [ 218.357503][T16765] EXT4-fs warning (device loop3): ext4_enable_quotas:7178: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 218.372888][T16765] EXT4-fs (loop3): mount failed [ 218.862690][T16800] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5405'. [ 218.893387][T16803] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 219.039748][T16809] hsr0 speed is unknown, defaulting to 1000 [ 219.049979][T16809] lo speed is unknown, defaulting to 1000 [ 219.077717][T16809] lo speed is unknown, defaulting to 1000 [ 219.329283][T16847] smc: net device bond0 applied user defined pnetid SYZ0 [ 219.337088][T16847] smc: net device bond0 erased user defined pnetid SYZ0 [ 219.368160][T16850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5426'. [ 219.744305][T16890] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 219.753116][T16890] netlink: 28 bytes leftover after parsing attributes in process `+}[@'. [ 219.762029][T16890] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 219.776838][T16890] netlink: 28 bytes leftover after parsing attributes in process `+}[@'. [ 219.785624][T16890] netlink: '+}[@': attribute type 6 has an invalid length. [ 219.945307][T16907] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5450'. [ 220.045685][T16913] loop3: detected capacity change from 0 to 128 [ 220.059329][T16913] EXT4-fs: test_dummy_encryption option not supported [ 220.444298][T16952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5471'. [ 220.520559][T16965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5477'. [ 220.575896][ T29] kauditd_printk_skb: 197 callbacks suppressed [ 220.575915][ T29] audit: type=1326 audit(1759196753.547:6751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.610627][ T29] audit: type=1326 audit(1759196753.547:6752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.636853][ T29] audit: type=1326 audit(1759196753.547:6753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.662038][ T29] audit: type=1326 audit(1759196753.547:6754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.687024][ T29] audit: type=1326 audit(1759196753.547:6755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.712748][ T29] audit: type=1326 audit(1759196753.547:6756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.749810][ T29] audit: type=1326 audit(1759196753.547:6757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.776051][ T29] audit: type=1326 audit(1759196753.547:6758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.800105][ T29] audit: type=1326 audit(1759196753.547:6759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.824363][ T29] audit: type=1326 audit(1759196753.547:6760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16971 comm="syz.1.5479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ec737eec9 code=0x7ffc0000 [ 220.921039][T16985] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5485'. [ 221.026062][T16990] hsr0 speed is unknown, defaulting to 1000 [ 221.039147][T16996] netlink: 'syz.4.5489': attribute type 39 has an invalid length. [ 221.060911][T16990] lo speed is unknown, defaulting to 1000 [ 221.092956][T16990] lo speed is unknown, defaulting to 1000 [ 221.239858][T17019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5500'. [ 221.963610][T17078] loop3: detected capacity change from 0 to 128 [ 222.354815][T17100] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17100 comm=syz.2.5546 [ 222.368210][T17100] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=17100 comm=syz.2.5546 [ 222.454365][T17108] netlink: 'syz.2.5540': attribute type 1 has an invalid length. [ 222.632835][T17139] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 222.714243][T17139] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 222.814014][T17139] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 222.895738][T17139] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 223.031490][T17176] hsr0 speed is unknown, defaulting to 1000 [ 223.038309][T17182] batman_adv: batadv0: Adding interface: dummy0 [ 223.044834][T17182] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.071395][T17182] batman_adv: batadv0: Interface activated: dummy0 [ 223.082322][T17190] batadv0: mtu less than device minimum [ 223.088642][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.099680][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.110766][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.122185][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.133539][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.144628][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.155555][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.166509][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.177698][T17190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 223.202544][T17176] lo speed is unknown, defaulting to 1000 [ 223.214275][T17176] lo speed is unknown, defaulting to 1000 [ 223.250303][ T3820] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.318978][T17206] siw: device registration error -23 [ 223.335010][ T3801] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.352185][ T3801] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.364619][ T3801] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.832068][T17246] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.934323][T17246] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.025782][T17246] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.095836][T17246] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.261879][ T3829] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.309875][ T3829] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.338975][ T3829] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.368878][ T3820] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.454532][T17294] loop5: detected capacity change from 0 to 128 [ 224.482078][T17294] EXT4-fs: Ignoring removed nobh option [ 224.520225][T17297] hsr0 speed is unknown, defaulting to 1000 [ 224.532477][T17297] lo speed is unknown, defaulting to 1000 [ 224.548829][T17297] lo speed is unknown, defaulting to 1000 [ 224.559090][T17294] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 224.581714][T17294] ext4 filesystem being mounted at /335/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 224.641756][T13306] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 224.763691][T17327] __nla_validate_parse: 5 callbacks suppressed [ 224.763714][T17327] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5633'. [ 224.779162][T17327] netlink: 108 bytes leftover after parsing attributes in process `syz.4.5633'. [ 224.788568][T17329] loop3: detected capacity change from 0 to 128 [ 224.792028][T17327] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5633'. [ 224.810126][T17327] netlink: 108 bytes leftover after parsing attributes in process `syz.4.5633'. [ 224.819407][T17327] netlink: 84 bytes leftover after parsing attributes in process `syz.4.5633'. [ 225.034201][T17351] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5643'. [ 225.051901][T17354] siw: device registration error -23 [ 225.139386][T17372] loop3: detected capacity change from 0 to 128 [ 225.155444][T17374] loop5: detected capacity change from 0 to 2048 [ 225.196252][T17374] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.219744][T17374] ext4 filesystem being mounted at /342/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 225.220339][T17381] rdma_op ffff88812389d580 conn xmit_rdma 0000000000000000 [ 225.412042][T13306] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.438336][T17394] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5660'. [ 225.620827][T17418] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5671'. [ 225.638061][T17414] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 225.667402][ T29] kauditd_printk_skb: 149 callbacks suppressed [ 225.667488][ T29] audit: type=1326 audit(1759196758.637:6910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.715741][T17414] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 225.737210][ T29] audit: type=1326 audit(1759196758.637:6911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.761174][ T29] audit: type=1326 audit(1759196758.667:6912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.785116][ T29] audit: type=1326 audit(1759196758.667:6913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.808705][ T29] audit: type=1326 audit(1759196758.687:6914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.832468][ T29] audit: type=1326 audit(1759196758.687:6915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.853552][T17422] loop3: detected capacity change from 0 to 2048 [ 225.856444][ T29] audit: type=1326 audit(1759196758.687:6916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.886984][ T29] audit: type=1326 audit(1759196758.687:6917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.910869][ T29] audit: type=1326 audit(1759196758.687:6918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.935361][ T29] audit: type=1326 audit(1759196758.687:6919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17421 comm="syz.3.5673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa5e3eec9 code=0x7ffc0000 [ 225.984192][T17422] Alternate GPT is invalid, using primary GPT. [ 225.990860][T17422] loop3: p1 p2 p3 [ 225.994717][T17422] loop3: partition table partially beyond EOD, truncated [ 226.064086][T17414] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 226.134473][T17414] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 226.193295][T17461] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5688'. [ 226.252833][ T3795] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 226.257257][T17465] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5689'. [ 226.263023][ T3795] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 226.311427][ T3795] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 226.327785][ T3795] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 226.458727][T17486] rdma_op ffff88815cfc0580 conn xmit_rdma 0000000000000000 [ 226.737114][T17518] rdma_op ffff88812389e580 conn xmit_rdma 0000000000000000 [ 226.801193][T17496] hsr0 speed is unknown, defaulting to 1000 [ 226.825614][T17513] hsr0 speed is unknown, defaulting to 1000 [ 226.836617][T17496] lo speed is unknown, defaulting to 1000 [ 226.847409][T17513] lo speed is unknown, defaulting to 1000 [ 226.867141][T17496] lo speed is unknown, defaulting to 1000 [ 226.886124][T17513] lo speed is unknown, defaulting to 1000 [ 227.132344][T17541] netlink: 'syz.4.5722': attribute type 3 has an invalid length. [ 227.456648][T17579] 9pnet_fd: Insufficient options for proto=fd [ 228.033149][T17635] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 228.093186][T17638] hsr0 speed is unknown, defaulting to 1000 [ 228.111916][T17638] lo speed is unknown, defaulting to 1000 [ 228.133757][T17638] lo speed is unknown, defaulting to 1000 [ 228.271738][T17662] loop9: detected capacity change from 0 to 7 [ 228.279198][T17662] Buffer I/O error on dev loop9, logical block 0, async page read [ 228.287701][T17662] Buffer I/O error on dev loop9, logical block 0, async page read [ 228.296088][T17662] loop9: unable to read partition table [ 228.302376][T17662] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 228.302376][T17662] ) failed (rc=-5) [ 228.355086][T17670] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17670 comm=syz.1.5775 [ 228.368249][T17670] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=17670 comm=syz.1.5775 [ 228.502143][T17682] netlink: 'syz.1.5780': attribute type 1 has an invalid length. [ 228.510961][T17682] netlink: 'syz.1.5780': attribute type 2 has an invalid length. [ 228.615092][T17680] SELinux: failed to load policy [ 228.980766][T17724] Invalid ELF header magic: != ELF [ 229.075781][T17735] hsr0 speed is unknown, defaulting to 1000 [ 229.082274][T17735] lo speed is unknown, defaulting to 1000 [ 229.104508][T17735] lo speed is unknown, defaulting to 1000 [ 229.510836][T17786] netlink: 'syz.2.5826': attribute type 1 has an invalid length. [ 229.705370][T17803] netlink: 'syz.5.5833': attribute type 10 has an invalid length. [ 229.724523][T17803] team0 (unregistering): Port device team_slave_0 removed [ 229.735211][T17803] team0 (unregistering): Port device team_slave_1 removed [ 230.329688][T17867] sch_tbf: burst 2976 is lower than device lo mtu (11337746) ! [ 230.339842][T17868] __nla_validate_parse: 9 callbacks suppressed [ 230.339864][T17868] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5862'. [ 230.459661][T17890] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5872'. [ 230.491605][T17895] 9pnet: p9_errstr2errno: server reported unknown error 1c s0(z@AbB6L3W2M(.Gwk"6( [ 230.533813][ T3795] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 230.566457][T17903] netlink: 'syz.4.5878': attribute type 3 has an invalid length. [ 230.567006][ T3795] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 230.574724][T17903] netlink: 'syz.4.5878': attribute type 1 has an invalid length. [ 230.588572][ T3795] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 230.592198][T17903] netlink: 60387 bytes leftover after parsing attributes in process `syz.4.5878'. [ 230.603632][ T3795] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 231.270751][T17979] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5889'. [ 231.278597][T17974] hsr0 speed is unknown, defaulting to 1000 [ 231.292844][T17974] lo speed is unknown, defaulting to 1000 [ 231.309562][T17974] lo speed is unknown, defaulting to 1000 [ 231.413275][T17989] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5890'. [ 231.502490][ T29] kauditd_printk_skb: 199 callbacks suppressed [ 231.502507][ T29] audit: type=1326 audit(1759196764.467:7119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18000 comm="syz.5.5893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 231.551721][ T29] audit: type=1326 audit(1759196764.507:7120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18000 comm="syz.5.5893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 231.575707][ T29] audit: type=1326 audit(1759196764.507:7121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18000 comm="syz.5.5893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 231.602114][ T29] audit: type=1326 audit(1759196764.507:7122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18000 comm="syz.5.5893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 231.725209][T18028] netlink: 136 bytes leftover after parsing attributes in process `syz.4.5898'. [ 232.109927][T18092] loop3: detected capacity change from 0 to 512 [ 232.117120][T18092] EXT4-fs: Ignoring removed mblk_io_submit option [ 232.125228][T18092] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 232.137058][T18092] EXT4-fs (loop3): 1 truncate cleaned up [ 232.144246][T18092] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.412733][ T29] audit: type=1326 audit(1759196765.377:7123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18123 comm="syz.5.5923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 232.436943][ T29] audit: type=1326 audit(1759196765.377:7124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18123 comm="syz.5.5923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 232.462615][ T29] audit: type=1326 audit(1759196765.387:7125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18123 comm="syz.5.5923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 232.493026][T18110] ================================================================== [ 232.501595][T18110] BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark [ 232.509798][T18110] [ 232.512135][T18110] write to 0xffff88811a05bb04 of 4 bytes by task 18092 on cpu 0: [ 232.520148][T18110] xas_set_mark+0x12b/0x140 [ 232.524760][T18110] tag_pages_for_writeback+0xc2/0x290 [ 232.530605][T18110] ext4_do_writepages+0x6b2/0x2750 [ 232.535761][T18110] ext4_writepages+0x176/0x300 [ 232.540549][T18110] do_writepages+0x1c3/0x310 [ 232.545186][T18110] filemap_write_and_wait_range+0x144/0x340 [ 232.551217][T18110] ext4_file_write_iter+0xe04/0xf00 [ 232.556560][T18110] iter_file_splice_write+0x663/0xa60 [ 232.562034][T18110] direct_splice_actor+0x153/0x2a0 [ 232.567267][T18110] splice_direct_to_actor+0x30f/0x680 [ 232.572901][T18110] do_splice_direct+0xda/0x150 [ 232.577693][T18110] do_sendfile+0x380/0x650 [ 232.582325][T18110] __x64_sys_sendfile64+0x105/0x150 [ 232.587850][T18110] x64_sys_call+0x2bb0/0x2ff0 [ 232.592911][T18110] do_syscall_64+0xd2/0x200 [ 232.597811][T18110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.603944][T18110] [ 232.606454][T18110] read to 0xffff88811a05bb04 of 4 bytes by task 18110 on cpu 1: [ 232.614196][T18110] file_write_and_wait_range+0x10e/0x2c0 [ 232.619945][T18110] generic_buffers_fsync_noflush+0x45/0x120 [ 232.626033][T18110] ext4_sync_file+0x1ab/0x690 [ 232.630745][T18110] vfs_fsync_range+0x10d/0x130 [ 232.635662][T18110] ext4_buffered_write_iter+0x34f/0x3c0 [ 232.641771][T18110] ext4_file_write_iter+0xdbf/0xf00 [ 232.647020][T18110] iter_file_splice_write+0x663/0xa60 [ 232.652858][T18110] direct_splice_actor+0x153/0x2a0 [ 232.658540][T18110] splice_direct_to_actor+0x30f/0x680 [ 232.664113][T18110] do_splice_direct+0xda/0x150 [ 232.669085][T18110] do_sendfile+0x380/0x650 [ 232.673821][T18110] __x64_sys_sendfile64+0x105/0x150 [ 232.679058][T18110] x64_sys_call+0x2bb0/0x2ff0 [ 232.684109][T18110] do_syscall_64+0xd2/0x200 [ 232.688736][T18110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.694676][T18110] [ 232.697023][T18110] value changed: 0x02000021 -> 0x04000021 [ 232.702836][T18110] [ 232.705166][T18110] Reported by Kernel Concurrency Sanitizer on: [ 232.711680][T18110] CPU: 1 UID: 0 PID: 18110 Comm: syz.3.5915 Not tainted syzkaller #0 PREEMPT(voluntary) [ 232.721758][T18110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 232.732743][T18110] ================================================================== [ 232.746700][ T29] audit: type=1326 audit(1759196765.437:7126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18123 comm="syz.5.5923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 232.771353][ T29] audit: type=1326 audit(1759196765.437:7127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18123 comm="syz.5.5923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 232.795442][ T29] audit: type=1326 audit(1759196765.437:7128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18123 comm="syz.5.5923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10c5cdeec9 code=0x7ffc0000 [ 232.963027][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.