last executing test programs: 29m8.865385474s ago: executing program 1 (id=111): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) socket(0x2b, 0x1, 0x1) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x5) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) close_range(r3, 0xffffffffffffffff, 0x0) 28m59.56291644s ago: executing program 1 (id=113): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r3, 0x0) shutdown(r2, 0x0) connect$unix(r2, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = accept(r3, 0x0, 0x0) sendto$inet6(r4, &(0x7f0000000000)='\x00', 0x1, 0x11, 0x0, 0x0) 28m54.930995974s ago: executing program 1 (id=115): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) lseek(r0, 0x851, 0x0) 28m47.817448519s ago: executing program 1 (id=117): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) socket(0xa, 0x3, 0x2) setpgid(0x0, r0) bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)=@generic={&(0x7f0000000180)='./file1\x00', 0x0, 0x10}, 0x18) 28m39.52291628s ago: executing program 1 (id=119): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)) r2 = socket$packet(0x11, 0x3, 0x300) r3 = dup(r1) r4 = fcntl$dupfd(r0, 0x406, r2) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) 28m33.023215603s ago: executing program 1 (id=120): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2e, 0x100008, 0x0, 0x8, 0xf, 0x3, 0x3, 0xf8, 0x0, 0x1, 0x0, 0x4020000, 0xfffc, 0xfc, 0x0, 0xfffffeff, [0x0, 0xd257]}}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 28m27.286280195s ago: executing program 32 (id=120): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2e, 0x100008, 0x0, 0x8, 0xf, 0x3, 0x3, 0xf8, 0x0, 0x1, 0x0, 0x4020000, 0xfffc, 0xfc, 0x0, 0xfffffeff, [0x0, 0xd257]}}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 46.06479477s ago: executing program 2 (id=340): r0 = socket(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0xe64, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x202}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0xfff) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 41.310487143s ago: executing program 0 (id=341): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000d}, 0x20000004) r1 = userfaultfd(0x80001) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f5, &(0x7f0000000200)={'syztnl0\x00', 0x0}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00220f0000000b2e2b5aa40bf85edaca83"], 0x0}, 0x0) syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSFLAG(r4, 0x4004480f, &(0x7f0000000000)=0x3) ioctl$HIDIOCGUSAGE(r4, 0xc018480b, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) 38.8097013s ago: executing program 2 (id=342): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x4000000) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, @dev, @dev={0xfe, 0x80, '\x00', 0x37}, 0x0, 0x0, 0x3, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, @dev, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x0, 0x0, 0x4007}}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, r0) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8923, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x2, '\x00', r3, 0xffffffffffffffff, 0x9, 0x4, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) syz_genetlink_get_family_id$nl80211(0x0, r2) 27.808553505s ago: executing program 0 (id=343): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b4080000ec00000073114100000000008510000002000000b7000000000000009500c200000000009500001200000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x70) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r9, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x1c, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 25.521078415s ago: executing program 2 (id=344): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8) 20.11702808s ago: executing program 2 (id=345): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x50) syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001040)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000003010101"], 0x38}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x0) 15.493774846s ago: executing program 0 (id=346): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) 10.713430632s ago: executing program 0 (id=347): r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000f96000/0x1000)=nil, 0x7ffffffa, 0x0, 0x0, 0x6, 0x0, 0x2, 0x7, 0x18}) 10.287422916s ago: executing program 2 (id=348): socket$netlink(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305839, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x0, 0xfcc3}) r1 = socket(0xa, 0x3, 0x3a) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$inet6(r2, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) r3 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r4, &(0x7f00000004c0)=ANY=[@ANYBLOB="674466980100000000000400040000006d32ba03985140bbde9368624676db68516c87343ce088e4353705c784de7facd78deadfc649c2b517f8d531ca430100db58ee83e2d5e09f766813bd2ba80458ea2146ec47ee8c4802000e8b71f15a11e030f882d2557dc8c7ae60658afa99e96cca3a68fc27ebb35ecd9a1ea725188558f3e943a503c939108de9bea8562d96b9454a96f0ffb4af22c3880888914cc3c5336044ae72c42433e0bee9f62f47734cb86d50a26d80e391e8b862d9bbccf36fb107dda6f5e1cd4ad70e000000"], 0xce) socket$netlink(0x10, 0x3, 0x0) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x2, 0x4) bind$inet(r5, &(0x7f0000000280)={0x2, 0x5e21, @empty}, 0x10) r6 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x3, 0x80}, {0x94, 0x0, 0x0, 0xffffff81}, {0x6}]}, 0x10) r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r7, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4) 5.070161908s ago: executing program 0 (id=349): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8) 4.610253695s ago: executing program 2 (id=350): unshare(0x20000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file1/file2\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file1/file2/file3\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1/file2/file3/file4\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file1/file2/file3/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file6\x00', 0x1c0) mount$bind(&(0x7f0000000280)='./file0/file1/file2/file3\x00', &(0x7f00000002c0)='./file0/file1/file2/file3\x00', 0x0, 0x1000, 0x0) mount$bind(&(0x7f0000000300)='./file0/file1\x00', &(0x7f0000000340)='./file0/file6\x00', 0x0, 0x5000, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file6/file2\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file1/file2\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file2\x00', 0x0) r1 = landlock_create_ruleset(&(0x7f0000000440)={0x2004}, 0x18, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0/file2/file3/file4\x00', 0x0, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f00000004c0)={0x4, r2}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r1, 0x0) openat(r0, &(0x7f0000000500)='file3/file5\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000540)='file3/file5\x00', r0, &(0x7f0000000580)='file3/file4/file5\x00', 0x0) 0s ago: executing program 0 (id=351): socket$netlink(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305839, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x0, 0xfcc3}) socket(0xa, 0x3, 0x3a) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$inet6(r1, &(0x7f0000002d40)={0xa, 0x4e23, 0x1, @private0, 0x6}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r3, &(0x7f00000004c0)=ANY=[@ANYBLOB="674466980100000000000400040000006d32ba03985140bbde9368624676db68516c87343ce088e4353705c784de7facd78deadfc649c2b517f8d531ca430100db58ee83e2d5e09f766813bd2ba80458ea2146ec47ee8c4802000e8b71f15a11e030f882d2557dc8c7ae60658afa99e96cca3a68fc27ebb35ecd9a1ea725188558f3e943a503c939108de9bea8562d96b9454a96f0ffb4af22c3880888914cc3c5336044ae72c42433e0bee9f62f47734cb86d50a26d80e391e8b862d9bbccf36fb107dda6f5e1cd4ad70e000000"], 0xce) socket$netlink(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x2, 0x4) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x3, 0x80}, {0x94, 0x0, 0x0, 0xffffff81}, {0x6}]}, 0x10) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:24098' (ED25519) to the list of known hosts. syzkaller login: [ 477.213129][ T3189] cgroup: Unknown subsys name 'net' [ 477.961682][ T3189] cgroup: Unknown subsys name 'cpuset' [ 478.139171][ T3189] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 555.796222][ T3189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 669.554252][ T3204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 670.656761][ T3204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 670.771993][ T3202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 671.502596][ T3202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 685.116430][ T3204] hsr_slave_0: entered promiscuous mode [ 685.195931][ T3204] hsr_slave_1: entered promiscuous mode [ 685.495382][ T3202] hsr_slave_0: entered promiscuous mode [ 685.518222][ T3202] hsr_slave_1: entered promiscuous mode [ 685.542906][ T3202] debugfs: 'hsr0' already exists in 'hsr' [ 685.546051][ T3202] Cannot create hsr debugfs directory [ 695.702551][ T3204] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 696.038000][ T3204] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 696.298715][ T3204] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 696.545198][ T3204] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 698.545638][ T3202] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 698.637163][ T3202] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 698.815245][ T3202] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 698.906755][ T3202] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 715.693855][ T3204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 717.401796][ T3202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 775.523871][ T3204] veth0_vlan: entered promiscuous mode [ 776.985264][ T3204] veth1_vlan: entered promiscuous mode [ 777.911982][ T3202] veth0_vlan: entered promiscuous mode [ 778.983744][ T3204] veth0_macvtap: entered promiscuous mode [ 779.303586][ T3202] veth1_vlan: entered promiscuous mode [ 779.847804][ T3204] veth1_macvtap: entered promiscuous mode [ 783.099133][ T3202] veth0_macvtap: entered promiscuous mode [ 783.920331][ T3202] veth1_macvtap: entered promiscuous mode [ 784.418070][ T21] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.434623][ T21] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.437397][ T21] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.608434][ T21] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.997240][ T3292] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 789.014830][ T3292] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 789.066373][ T3292] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 789.091509][ T3292] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.556196][ T3204] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 813.993786][ T3824] syz_tun: entered allmulticast mode [ 814.326964][ T3824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3'. [ 815.155501][ T3824] syz_tun (unregistering): left allmulticast mode [ 816.662262][ T3830] ip6t_REJECT: ECHOREPLY is not supported [ 837.638359][ T3832] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 871.594263][ T3853] IPv6: sit1: Disabled Multicast RS [ 978.586061][ T3924] syzkaller0: entered promiscuous mode [ 978.631289][ T3924] syzkaller0: entered allmulticast mode [ 1050.217630][ T3965] lo: entered allmulticast mode [ 1051.196494][ T3968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.33'. [ 1052.712469][ T3964] lo: left allmulticast mode [ 1059.888889][ T3977] netlink: 28 bytes leftover after parsing attributes in process `syz.1.35'. [ 1059.896585][ T3977] netlink: 'syz.1.35': attribute type 7 has an invalid length. [ 1059.915051][ T3977] netlink: 'syz.1.35': attribute type 8 has an invalid length. [ 1059.917146][ T3977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35'. [ 1081.133548][ T3987] netlink: 'syz.1.40': attribute type 3 has an invalid length. [ 1081.271614][ T3987] netlink: 'syz.1.40': attribute type 3 has an invalid length. [ 1082.134229][ T3989] syzkaller0: entered promiscuous mode [ 1082.136323][ T3989] syzkaller0: entered allmulticast mode [ 1109.344402][ T4010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.46'. [ 1117.264736][ T4018] syzkaller0: entered promiscuous mode [ 1117.266159][ T4018] syzkaller0: entered allmulticast mode [ 1129.541641][ T4035] netlink: 24 bytes leftover after parsing attributes in process `syz.1.52'. [ 1148.882780][ T31] audit: type=1326 audit(1147.580:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1148.981765][ T31] audit: type=1326 audit(1147.680:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1149.201943][ T31] audit: type=1326 audit(1147.940:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1149.205751][ T31] audit: type=1326 audit(1147.950:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1149.257065][ T31] audit: type=1326 audit(1147.950:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1149.296123][ T31] audit: type=1326 audit(1148.040:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1149.382105][ T31] audit: type=1326 audit(1148.050:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1149.432734][ T31] audit: type=1326 audit(1148.130:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4055 comm="syz.1.55" exe="/syz-executor" sig=0 arch=c00000f3 syscall=81 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1168.227741][ T4072] capability: warning: `syz.1.60' uses deprecated v2 capabilities in a way that may be insecure [ 1172.542746][ T4076] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1175.242512][ T4078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.63'. [ 1202.789099][ T31] audit: type=1326 audit(1201.490:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4092 comm="syz.1.66" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x0 [ 1217.194854][ T4096] syzkaller0: entered promiscuous mode [ 1217.196396][ T4096] syzkaller0: entered allmulticast mode [ 1219.678788][ T4100] process 'syz.0.68' launched '/dev/fd/4' with NULL argv: empty string added [ 1254.145965][ T4123] netlink: 44 bytes leftover after parsing attributes in process `syz.1.75'. [ 1272.302330][ T4133] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1303.020929][ T31] audit: type=1326 audit(1301.750:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1303.026527][ T31] audit: type=1326 audit(1301.770:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1303.121292][ T31] audit: type=1326 audit(1301.830:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1303.403875][ T31] audit: type=1326 audit(1302.140:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1303.406470][ T31] audit: type=1326 audit(1302.160:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1303.866004][ T31] audit: type=1326 audit(1302.610:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1303.931129][ T31] audit: type=1326 audit(1302.680:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1304.001508][ T31] audit: type=1326 audit(1302.750:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=102 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1304.062829][ T31] audit: type=1326 audit(1302.790:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1304.111660][ T31] audit: type=1326 audit(1302.790:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.0.85" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdc02e code=0x7ffc0000 [ 1307.912519][ T4173] syz.1.86 uses obsolete (PF_INET,SOCK_PACKET) [ 1332.490099][ T4186] xt_TCPMSS: Only works on TCP SYN packets [ 1486.678571][ T4244] binder: 4242:4244 ioctl c0306201 0 returned -14 [ 1502.775814][ T4255] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1507.618208][ T4257] binder_alloc: 4256: pid 4256 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1598.538467][ T4333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.125'. [ 1631.425261][ T4271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1631.778403][ T4271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1659.747451][ T4473] netlink: 'syz.0.130': attribute type 4 has an invalid length. [ 1662.561530][ T4271] hsr_slave_0: entered promiscuous mode [ 1662.602360][ T4271] hsr_slave_1: entered promiscuous mode [ 1662.660986][ T4271] debugfs: 'hsr0' already exists in 'hsr' [ 1662.663769][ T4271] Cannot create hsr debugfs directory [ 1677.838051][ T4271] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1678.586712][ T4271] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1679.124228][ T4271] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1679.518042][ T4271] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1697.334847][ T4593] netlink: 'syz.0.132': attribute type 10 has an invalid length. [ 1697.877726][ T4593] bond0: (slave bond_slave_1): Releasing backup interface [ 1712.991990][ T4599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.134'. [ 1713.022262][ T4599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.134'. [ 1713.146663][ T4271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1816.370171][ T4271] veth0_vlan: entered promiscuous mode [ 1818.098760][ T4665] xt_l2tp: missing protocol rule (udp|l2tpip) [ 1818.695648][ T4271] veth1_vlan: entered promiscuous mode [ 1822.653853][ T4271] veth0_macvtap: entered promiscuous mode [ 1823.125321][ T4271] veth1_macvtap: entered promiscuous mode [ 1827.457194][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1827.486056][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1827.632022][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1827.694584][ T4637] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1895.502585][ T4700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.151'. [ 2017.228679][ T4737] ip6gre1: entered promiscuous mode [ 2017.231123][ T4737] ip6gre1: entered allmulticast mode [ 2101.195066][ T4774] syzkaller0: entered promiscuous mode [ 2101.197202][ T4774] syzkaller0: entered allmulticast mode [ 2105.117504][ T4779] netlink: 'syz.0.171': attribute type 4 has an invalid length. [ 2115.226427][ T4785] netlink: 20 bytes leftover after parsing attributes in process `syz.0.173'. [ 2143.256473][ T4805] Zero length message leads to an empty skb [ 2247.986725][ T4855] netlink: 'syz.2.191': attribute type 12 has an invalid length. [ 2263.556545][ T4857] binder: BINDER_SET_CONTEXT_MGR already set [ 2263.558621][ T4857] binder: 4856:4857 ioctl 4018620d 200000000040 returned -16 [ 2263.995631][ T4857] binder: 4856:4857 ioctl c0306201 200000000240 returned -11 [ 2271.562619][ T4859] netlink: 8 bytes leftover after parsing attributes in process `syz.2.193'. [ 2271.593527][ T4859] netlink: 8 bytes leftover after parsing attributes in process `syz.2.193'. [ 2271.596184][ T4859] netlink: 8 bytes leftover after parsing attributes in process `syz.2.193'. [ 2356.918406][ T4884] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2363.694789][ T4887] ip6t_REJECT: ECHOREPLY is not supported [ 2420.529107][ T4899] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 2440.708084][ T4907] syz_tun: entered allmulticast mode [ 2444.211450][ T4907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.208'. [ 2446.607525][ T4907] syz_tun (unregistering): left allmulticast mode [ 2496.866607][ T4938] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 2509.582668][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf802c557400: rx timeout, send abort [ 2509.600485][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffffaf802c557400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 2509.832865][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf801fcb6000: rx timeout, send abort [ 2510.335894][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf801fcb6000: abort rx timeout. Force session deactivation [ 2555.007664][ T4977] lo: entered allmulticast mode [ 2555.303288][ T4976] lo: left allmulticast mode [ 2569.801779][ T4986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.228'. [ 2572.540609][ T4986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.228'. [ 2583.452648][ T5000] input: syz0 as /devices/virtual/input/input0 [ 2598.512470][ T5013] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2699.884654][ T5052] netlink: 8 bytes leftover after parsing attributes in process `syz.0.246'. [ 2723.997614][ T5069] syzkaller0: entered promiscuous mode [ 2724.010206][ T5069] syzkaller0: entered allmulticast mode [ 2726.717794][ T5077] syz_tun: entered allmulticast mode [ 2728.202696][ T5074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.250'. [ 2729.213986][ T5074] syz_tun (unregistering): left allmulticast mode [ 2746.363231][ T5088] netlink: 24 bytes leftover after parsing attributes in process `syz.0.254'. [ 2763.514495][ T5095] netlink: 'syz.0.256': attribute type 4 has an invalid length. [ 2780.387240][ T5108] syzkaller1: entered promiscuous mode [ 2780.400803][ T5108] syzkaller1: entered allmulticast mode [ 2813.786080][ T5131] veth0_to_team: entered promiscuous mode [ 2826.534663][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf801c475c00: rx timeout, send abort [ 2826.545414][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffffaf801c475c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 2856.388579][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf802d38ac00: rx timeout, send abort [ 2856.396208][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffffaf802d38ac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 2872.714237][ T5172] mmap: syz.2.278 (5172) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 2919.277420][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf801fcc6400: rx timeout, send abort [ 2919.291978][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffffaf801fcc6400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 2919.537384][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf802ccea000: rx timeout, send abort [ 2920.051602][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf802ccea000: abort rx timeout. Force session deactivation [ 2957.807958][ T5229] vlan2: entered promiscuous mode [ 2957.836771][ T5229] vlan2: entered allmulticast mode [ 2957.837782][ T5229] veth1_vlan: entered allmulticast mode [ 3104.474746][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf802e41a000: rx timeout, send abort [ 3104.484294][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffffaf802e41a000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 3127.483888][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 3129.351933][ T5353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.329'. [ 3146.154794][ T5375] netlink: 'syz.2.331': attribute type 3 has an invalid length. [ 3146.188258][ T5375] netlink: 'syz.2.331': attribute type 3 has an invalid length. [ 3188.268208][ T5407] netlink: 4 bytes leftover after parsing attributes in process `syz.0.338'. [ 3223.016628][ T5435] netlink: 36 bytes leftover after parsing attributes in process `syz.2.345'. [ 3240.213655][ T5446] BUG: sleeping function called from invalid context at fs/inode.c:1928 [ 3240.217035][ T5446] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5446, name: syz.2.350 [ 3240.218807][ T5446] preempt_count: 1, expected: 0 [ 3240.222339][ T5446] RCU nest depth: 0, expected: 0 [ 3240.223795][ T5446] 2 locks held by syz.2.350/5446: [ 3240.225277][ T5446] #0: ffffaf80300e20e0 (&type->s_umount_key#56){++++}-{4:4}, at: deactivate_super+0x7e/0x98 [ 3240.234878][ T5446] #1: ffffaf80300e2998 (&s->s_inode_list_lock){+.+.}-{3:3}, at: hook_sb_delete+0x12e/0xbde [ 3240.240859][ T5446] Preemption disabled at: [ 3240.241420][ T5446] [] hook_sb_delete+0x12e/0xbde [ 3240.245300][ T5446] CPU: 1 UID: 0 PID: 5446 Comm: syz.2.350 Not tainted syzkaller #0 PREEMPT [ 3240.246364][ T5446] Hardware name: riscv-virtio,qemu (DT) [ 3240.246996][ T5446] Call Trace: [ 3240.247432][ T5446] [] dump_backtrace+0x2e/0x3c [ 3240.248113][ T5446] [] show_stack+0x30/0x3c [ 3240.248580][ T5446] [] dump_stack_lvl+0x12a/0x1a2 [ 3240.249324][ T5446] [] dump_stack+0x1c/0x24 [ 3240.250002][ T5446] [] __might_resched+0x59c/0x5f8 [ 3240.250590][ T5446] [] __might_sleep+0x86/0xca [ 3240.251216][ T5446] [] iput+0x3c/0xb22 [ 3240.251884][ T5446] [] hook_sb_delete+0x86e/0xbde [ 3240.252509][ T5446] [] security_sb_delete+0xac/0x184 [ 3240.253212][ T5446] [] generic_shutdown_super+0xba/0x37c [ 3240.253923][ T5446] [] kill_litter_super+0x74/0xb0 [ 3240.254618][ T5446] [] deactivate_locked_super+0xd8/0x19c [ 3240.255347][ T5446] [] deactivate_super+0x84/0x98 [ 3240.256040][ T5446] [] cleanup_mnt+0x1dc/0x3e6 [ 3240.256657][ T5446] [] __cleanup_mnt+0x1c/0x26 [ 3240.257287][ T5446] [] task_work_run+0x16a/0x25e [ 3240.257797][ T5446] [] do_exit+0x84c/0x28e4 [ 3240.258411][ T5446] [] do_group_exit+0xd4/0x26c [ 3240.259004][ T5446] [] get_signal+0x2076/0x22f8 [ 3240.259660][ T5446] [] arch_do_signal_or_restart+0x738/0x1c4e [ 3240.260271][ T5446] [] exit_to_user_mode_loop+0x8a/0x142 [ 3240.260799][ T5446] [] do_trap_ecall_u+0x3f8/0x53a [ 3240.261450][ T5446] [] handle_exception+0x15e/0x16a SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 3264.082367][ T58] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3266.382686][ T58] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3268.197641][ T58] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3270.086429][ T58] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0